Update to 5.2.14
This commit is contained in:
robert
parent
70338a3b8f
commit
084394cf13
@ -1,10 +1,10 @@
|
||||
# $OpenBSD: Makefile.inc,v 1.33 2010/07/21 17:04:30 steven Exp $
|
||||
# $OpenBSD: Makefile.inc,v 1.34 2010/08/24 09:14:43 robert Exp $
|
||||
|
||||
# This port currently only works with archs supporting dynamic loading
|
||||
# and has Apache that supports DSO's.
|
||||
NOT_FOR_ARCHS= ${NO_SHARED_ARCHS}
|
||||
|
||||
V= 5.2.13
|
||||
V= 5.2.14
|
||||
SUHOSIN_V= 0.9.29
|
||||
SUHOSIN_P_V= 0.9.7
|
||||
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.58 2010/08/08 10:46:34 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.59 2010/08/24 09:14:43 robert Exp $
|
||||
|
||||
# doesn't set USE_LIBTOOL but use the bundled one because it needs some
|
||||
# specific options we don't have.
|
||||
@ -9,7 +9,6 @@ COMMENT-fastcgi=stand-alone FastCGI version of PHP
|
||||
PKGNAME= php5-core-${V}
|
||||
PKGNAME-main= php5-core-${V}
|
||||
PKGNAME-fastcgi=php5-fastcgi-${V}
|
||||
REVISION= 0
|
||||
|
||||
DISTFILES= php-${V}.tar.gz
|
||||
|
||||
@ -51,7 +50,7 @@ PHP_VERSION= ${V}
|
||||
PHPXS_SUBST+= -e 's,${i},${${i}},'
|
||||
.endfor
|
||||
|
||||
WANTLIB= c crypto m ssl stdc++ z pthread
|
||||
WANTLIB= c crypto m ssl z pthread
|
||||
LIB_DEPENDS= xml2.>=8::textproc/libxml
|
||||
|
||||
pre-fake:
|
||||
|
||||
@ -1,69 +0,0 @@
|
||||
$OpenBSD: patch-ext_spl_spl_observer_c,v 1.1 2010/08/08 10:46:34 sthen Exp $
|
||||
|
||||
CVE-2010-2225: fix SplObjectStorage unserialization, upstream r300843
|
||||
|
||||
--- ext/spl/spl_observer.c.orig Sun Jan 3 09:23:27 2010
|
||||
+++ ext/spl/spl_observer.c Sat Aug 7 21:22:09 2010
|
||||
@@ -182,6 +182,21 @@ SPL_METHOD(SplObjectStorage, detach)
|
||||
intern->index = 0;
|
||||
} /* }}} */
|
||||
|
||||
+int spl_object_storage_contains(spl_SplObjectStorage *intern, zval *obj TSRMLS_DC) /* {{{ */
|
||||
+{
|
||||
+#if HAVE_PACKED_OBJECT_VALUE
|
||||
+ return zend_hash_exists(&intern->storage, (char*)&Z_OBJVAL_P(obj), sizeof(zend_object_value));
|
||||
+#else
|
||||
+ {
|
||||
+ zend_object_value zvalue;
|
||||
+ memset(&zvalue, 0, sizeof(zend_object_value));
|
||||
+ zvalue.handle = Z_OBJ_HANDLE_P(obj);
|
||||
+ zvalue.handlers = Z_OBJ_HT_P(obj);
|
||||
+ return zend_hash_exists(&intern->storage, (char*)&zvalue, sizeof(zend_object_value));
|
||||
+ }
|
||||
+#endif
|
||||
+} /* }}} */
|
||||
+
|
||||
/* {{{ proto bool SplObjectStorage::contains($obj)
|
||||
Determine whethe an object is contained in the storage */
|
||||
SPL_METHOD(SplObjectStorage, contains)
|
||||
@@ -193,17 +208,7 @@ SPL_METHOD(SplObjectStorage, contains)
|
||||
return;
|
||||
}
|
||||
|
||||
-#if HAVE_PACKED_OBJECT_VALUE
|
||||
- RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&Z_OBJVAL_P(obj), sizeof(zend_object_value)));
|
||||
-#else
|
||||
- {
|
||||
- zend_object_value zvalue;
|
||||
- memset(&zvalue, 0, sizeof(zend_object_value));
|
||||
- zvalue.handle = Z_OBJ_HANDLE_P(obj);
|
||||
- zvalue.handlers = Z_OBJ_HT_P(obj);
|
||||
- RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&zvalue, sizeof(zend_object_value)));
|
||||
- }
|
||||
-#endif
|
||||
+ RETURN_BOOL(spl_object_storage_contains(intern, obj TSRMLS_CC));
|
||||
} /* }}} */
|
||||
|
||||
/* {{{ proto int SplObjectStorage::count()
|
||||
@@ -362,10 +367,21 @@ SPL_METHOD(SplObjectStorage, unserialize)
|
||||
goto outexcept;
|
||||
}
|
||||
++p;
|
||||
+ if(*p != 'O' && *p != 'C' && *p != 'r') {
|
||||
+ goto outexcept;
|
||||
+ }
|
||||
ALLOC_INIT_ZVAL(pentry);
|
||||
if (!php_var_unserialize(&pentry, &p, s + buf_len, &var_hash TSRMLS_CC)) {
|
||||
zval_ptr_dtor(&pentry);
|
||||
goto outexcept;
|
||||
+ }
|
||||
+ if(Z_TYPE_P(pentry) != IS_OBJECT) {
|
||||
+ zval_ptr_dtor(&pentry);
|
||||
+ goto outexcept;
|
||||
+ }
|
||||
+ if(spl_object_storage_contains(intern, pentry TSRMLS_CC)) {
|
||||
+ zval_ptr_dtor(&pentry);
|
||||
+ continue;
|
||||
}
|
||||
spl_object_storage_attach(intern, pentry TSRMLS_CC);
|
||||
zval_ptr_dtor(&pentry);
|
||||
@ -1,4 +1,4 @@
|
||||
@comment $OpenBSD: PLIST-main,v 1.14 2010/03/21 09:05:55 robert Exp $
|
||||
@comment $OpenBSD: PLIST-main,v 1.15 2010/08/24 09:14:43 robert Exp $
|
||||
@conflict php4-core-*
|
||||
@pkgpath www/php5/core
|
||||
@pkgpath www/php5/core,hardened
|
||||
@ -127,6 +127,7 @@ share/php5/include/ext/iconv/php_have_ibm_iconv.h
|
||||
share/php5/include/ext/iconv/php_have_iconv.h
|
||||
share/php5/include/ext/iconv/php_have_libiconv.h
|
||||
share/php5/include/ext/iconv/php_iconv.h
|
||||
share/php5/include/ext/iconv/php_iconv_aliased_libiconv.h
|
||||
share/php5/include/ext/iconv/php_iconv_supports_errno.h
|
||||
share/php5/include/ext/iconv/php_php_iconv_h_path.h
|
||||
share/php5/include/ext/iconv/php_php_iconv_impl.h
|
||||
|
||||
@ -1,15 +1,15 @@
|
||||
MD5 (php-5.2.13.tar.gz) = zflc3B68zMzpyWZT/Vk91A==
|
||||
MD5 (php-5.2.14.tar.gz) = bf90KaG0OqHHakPpCSFWCA==
|
||||
MD5 (suhosin-0.9.29.tgz) = 48WZ5+NE6YH5NbLauQWSwQ==
|
||||
MD5 (suhosin-patch-5.2.13-0.9.7.patch.gz) = gYjhGc56vOmLjwBN5G+6xQ==
|
||||
RMD160 (php-5.2.13.tar.gz) = K9IDDA7FgHfUnH/WW6fqBPMI+mg=
|
||||
MD5 (suhosin-patch-5.2.14-0.9.7.patch.gz) = hM8BQrijY3uHhLXuHmy8Bw==
|
||||
RMD160 (php-5.2.14.tar.gz) = iUgWEqwmHUoF1nmAfQdL/cahkr4=
|
||||
RMD160 (suhosin-0.9.29.tgz) = P7Hyka93d4WMoAkeXqbaQA9QabU=
|
||||
RMD160 (suhosin-patch-5.2.13-0.9.7.patch.gz) = Y6Aipb8PuMZoj0wOvPqopDfqaTU=
|
||||
SHA1 (php-5.2.13.tar.gz) = I4387crPDbkdoKNru086gLJaHMk=
|
||||
RMD160 (suhosin-patch-5.2.14-0.9.7.patch.gz) = vHeQzTbcQQEyJoS3VNs8otQ4W6Y=
|
||||
SHA1 (php-5.2.14.tar.gz) = LPIRslJor3zBRgAcSgmcILrXLPY=
|
||||
SHA1 (suhosin-0.9.29.tgz) = L6fHFqMucfu1d/w6n+r0bXg6UBs=
|
||||
SHA1 (suhosin-patch-5.2.13-0.9.7.patch.gz) = 4vr42y1/rL1EzuL3N86Hcyg100E=
|
||||
SHA256 (php-5.2.13.tar.gz) = N4TI4OzsrnyI2SUcHxJzdM9eaiu5clMGdeM//kOzNPc=
|
||||
SHA1 (suhosin-patch-5.2.14-0.9.7.patch.gz) = ChLTWJ+cJtx9a2RS73mHsuZSejA=
|
||||
SHA256 (php-5.2.14.tar.gz) = zjPG7Rq8iPC+/mMpRi8wLVOMz9hPqTjB06VFUdCtHRg=
|
||||
SHA256 (suhosin-0.9.29.tgz) = OsOn0updwnGJ+tt5RdoMrxj+IshzaUBLwy18+ArpU3k=
|
||||
SHA256 (suhosin-patch-5.2.13-0.9.7.patch.gz) = eHdD5dIBqyzj/MPyUu7dfxZ0cPofVa8GRtfwOquJ0YQ=
|
||||
SIZE (php-5.2.13.tar.gz) = 11719620
|
||||
SHA256 (suhosin-patch-5.2.14-0.9.7.patch.gz) = vQOt5EZz9+b6EW10Y1DxbGC+cXDWxBgWotUfqutaMa4=
|
||||
SIZE (php-5.2.14.tar.gz) = 11783970
|
||||
SIZE (suhosin-0.9.29.tgz) = 116137
|
||||
SIZE (suhosin-patch-5.2.13-0.9.7.patch.gz) = 22989
|
||||
SIZE (suhosin-patch-5.2.14-0.9.7.patch.gz) = 23057
|
||||
|
||||
@ -1,10 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.60 2010/08/08 10:46:34 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.61 2010/08/24 09:14:43 robert Exp $
|
||||
|
||||
FULLPKGNAME-main= php5-extensions-${V}
|
||||
FULLPKGPATH-main= www/php5/extensions,-main
|
||||
COMMENT-main= informational package about PHP5 extensions
|
||||
REVISION= 0
|
||||
REVISION-xmlrpc= 1
|
||||
|
||||
MULTI_PACKAGES= -main
|
||||
|
||||
@ -16,7 +14,7 @@ PREFIX?= ${CHROOT_DIR}
|
||||
FLAVORS= no_x11
|
||||
FLAVOR?=
|
||||
|
||||
WANTLIB= stdc++ m
|
||||
#WANTLIB= stdc++ m
|
||||
|
||||
MODULES= devel/gettext
|
||||
|
||||
@ -198,7 +196,7 @@ MULTI_PACKAGES+= -mysqli
|
||||
COMMENT-mysqli= mysql database access extensions for php5
|
||||
CONFIGURE_ARGS+= --with-mysqli=shared,${LOCALBASE}/bin/mysql_config
|
||||
LIB_DEPENDS-mysqli= lib/mysql/mysqlclient.>=10::databases/mysql
|
||||
WANTLIB-mysqli= ${WANTLIB} crypto ssl z
|
||||
WANTLIB-mysqli= ${WANTLIB} crypto m ssl z
|
||||
.endif
|
||||
|
||||
# ncurses
|
||||
@ -233,7 +231,7 @@ MULTI_PACKAGES+= -pdo_mysql
|
||||
COMMENT-pdo_mysql= PDO mysql database access extensions for php5
|
||||
CONFIGURE_ARGS+= --with-pdo-mysql=shared,${LOCALBASE}
|
||||
LIB_DEPENDS-pdo_mysql= lib/mysql/mysqlclient.>=10::databases/mysql
|
||||
WANTLIB-pdo_mysql= ${WANTLIB} crypto ssl z
|
||||
WANTLIB-pdo_mysql= ${WANTLIB} crypto m ssl z
|
||||
.endif
|
||||
|
||||
# pdo-pgsql
|
||||
@ -300,7 +298,7 @@ MULTI_PACKAGES+= -soap
|
||||
COMMENT-soap= SOAP functions for php5
|
||||
CONFIGURE_ARGS+= --enable-soap=shared
|
||||
LIB_DEPENDS-soap=
|
||||
WANTLIB-soap= ${WANTLIB} xml2 z iconv
|
||||
WANTLIB-soap= ${WANTLIB} m xml2 z iconv
|
||||
.endif
|
||||
|
||||
# snmp
|
||||
@ -378,7 +376,7 @@ MULTI_PACKAGES+= -xmlrpc
|
||||
COMMENT-xmlrpc= XML RPC functions for php5
|
||||
CONFIGURE_ARGS+= --with-xmlrpc=shared
|
||||
LIB_DEPENDS-xmlrpc=
|
||||
WANTLIB-xmlrpc= ${WANTLIB} iconv xml2 z
|
||||
WANTLIB-xmlrpc= ${WANTLIB} iconv m xml2 z
|
||||
.endif
|
||||
|
||||
# xsl
|
||||
@ -390,7 +388,7 @@ MULTI_PACKAGES+= -xsl
|
||||
COMMENT-xsl= XSL functions for php5
|
||||
CONFIGURE_ARGS+= --with-xsl=shared --enable-dom
|
||||
LIB_DEPENDS-xsl= xslt.>=3,exslt::textproc/libxslt
|
||||
WANTLIB-xsl= ${WANTLIB} iconv xml2 z
|
||||
WANTLIB-xsl= ${WANTLIB} iconv m xml2 z
|
||||
.endif
|
||||
|
||||
.for i in ${MULTI_PACKAGES}
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-ext_sybase_ct_config_m4,v 1.1 2009/08/01 14:13:00 sthen Exp $
|
||||
--- ext/sybase_ct/config.m4.orig Mon Jul 27 14:35:31 2009
|
||||
+++ ext/sybase_ct/config.m4 Mon Jul 27 14:35:56 2009
|
||||
@@ -31,7 +31,7 @@ if test "$PHP_SYBASE_CT" != "no"; then
|
||||
fi
|
||||
|
||||
PHP_ADD_LIBPATH($SYBASE_CT_LIBDIR, SYBASE_CT_SHARED_LIBADD)
|
||||
- if test -f $SYBASE_CT_INCDIR/tds.h; then
|
||||
+ if test -f $SYBASE_CT_INCDIR/sybdb.h; then
|
||||
PHP_ADD_LIBRARY(ct,, SYBASE_CT_SHARED_LIBADD)
|
||||
SYBASE_CT_LIBS="-L$SYBASE_CT_LIBDIR -lct"
|
||||
else
|
||||
@ -1,35 +0,0 @@
|
||||
$OpenBSD: patch-ext_xmlrpc_xmlrpc-epi-php_c,v 1.1 2010/08/08 10:46:34 sthen Exp $
|
||||
|
||||
CVE-2010-0397: null pointer dereference when processing invalid XML-RPC
|
||||
requests, upstream r296152
|
||||
|
||||
--- ext/xmlrpc/xmlrpc-epi-php.c.orig Sun Jan 17 17:19:38 2010
|
||||
+++ ext/xmlrpc/xmlrpc-epi-php.c Sat Aug 7 21:18:29 2010
|
||||
@@ -723,6 +723,7 @@ zval* decode_request_worker (zval* xml_in, zval* encod
|
||||
zval* retval = NULL;
|
||||
XMLRPC_REQUEST response;
|
||||
STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
|
||||
+ const char *method_name;
|
||||
opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(Z_STRVAL_P(encoding_in)) : ENCODING_DEFAULT;
|
||||
|
||||
/* generate XMLRPC_REQUEST from raw xml */
|
||||
@@ -733,10 +734,15 @@ zval* decode_request_worker (zval* xml_in, zval* encod
|
||||
|
||||
if(XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
|
||||
if(method_name_out) {
|
||||
- zval_dtor(method_name_out);
|
||||
- Z_TYPE_P(method_name_out) = IS_STRING;
|
||||
- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
|
||||
- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
|
||||
+ method_name = XMLRPC_RequestGetMethodName(response);
|
||||
+ if (method_name) {
|
||||
+ zval_dtor(method_name_out);
|
||||
+ Z_TYPE_P(method_name_out) = IS_STRING;
|
||||
+ Z_STRVAL_P(method_name_out) = estrdup(method_name);
|
||||
+ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
|
||||
+ } else {
|
||||
+ retval = NULL;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user