diff --git a/www/php5/Makefile.inc b/www/php5/Makefile.inc index 7b3ffca59ed..f016dff9bc4 100644 --- a/www/php5/Makefile.inc +++ b/www/php5/Makefile.inc @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile.inc,v 1.33 2010/07/21 17:04:30 steven Exp $ +# $OpenBSD: Makefile.inc,v 1.34 2010/08/24 09:14:43 robert Exp $ # This port currently only works with archs supporting dynamic loading # and has Apache that supports DSO's. NOT_FOR_ARCHS= ${NO_SHARED_ARCHS} -V= 5.2.13 +V= 5.2.14 SUHOSIN_V= 0.9.29 SUHOSIN_P_V= 0.9.7 diff --git a/www/php5/core/Makefile b/www/php5/core/Makefile index 391ae5a5f5b..d8cd07d74a4 100644 --- a/www/php5/core/Makefile +++ b/www/php5/core/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.58 2010/08/08 10:46:34 sthen Exp $ +# $OpenBSD: Makefile,v 1.59 2010/08/24 09:14:43 robert Exp $ # doesn't set USE_LIBTOOL but use the bundled one because it needs some # specific options we don't have. @@ -9,7 +9,6 @@ COMMENT-fastcgi=stand-alone FastCGI version of PHP PKGNAME= php5-core-${V} PKGNAME-main= php5-core-${V} PKGNAME-fastcgi=php5-fastcgi-${V} -REVISION= 0 DISTFILES= php-${V}.tar.gz @@ -51,7 +50,7 @@ PHP_VERSION= ${V} PHPXS_SUBST+= -e 's,${i},${${i}},' .endfor -WANTLIB= c crypto m ssl stdc++ z pthread +WANTLIB= c crypto m ssl z pthread LIB_DEPENDS= xml2.>=8::textproc/libxml pre-fake: diff --git a/www/php5/core/patches/patch-ext_spl_spl_observer_c b/www/php5/core/patches/patch-ext_spl_spl_observer_c deleted file mode 100644 index 5ffdec3930f..00000000000 --- a/www/php5/core/patches/patch-ext_spl_spl_observer_c +++ /dev/null @@ -1,69 +0,0 @@ -$OpenBSD: patch-ext_spl_spl_observer_c,v 1.1 2010/08/08 10:46:34 sthen Exp $ - -CVE-2010-2225: fix SplObjectStorage unserialization, upstream r300843 - ---- ext/spl/spl_observer.c.orig Sun Jan 3 09:23:27 2010 -+++ ext/spl/spl_observer.c Sat Aug 7 21:22:09 2010 -@@ -182,6 +182,21 @@ SPL_METHOD(SplObjectStorage, detach) - intern->index = 0; - } /* }}} */ - -+int spl_object_storage_contains(spl_SplObjectStorage *intern, zval *obj TSRMLS_DC) /* {{{ */ -+{ -+#if HAVE_PACKED_OBJECT_VALUE -+ return zend_hash_exists(&intern->storage, (char*)&Z_OBJVAL_P(obj), sizeof(zend_object_value)); -+#else -+ { -+ zend_object_value zvalue; -+ memset(&zvalue, 0, sizeof(zend_object_value)); -+ zvalue.handle = Z_OBJ_HANDLE_P(obj); -+ zvalue.handlers = Z_OBJ_HT_P(obj); -+ return zend_hash_exists(&intern->storage, (char*)&zvalue, sizeof(zend_object_value)); -+ } -+#endif -+} /* }}} */ -+ - /* {{{ proto bool SplObjectStorage::contains($obj) - Determine whethe an object is contained in the storage */ - SPL_METHOD(SplObjectStorage, contains) -@@ -193,17 +208,7 @@ SPL_METHOD(SplObjectStorage, contains) - return; - } - --#if HAVE_PACKED_OBJECT_VALUE -- RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&Z_OBJVAL_P(obj), sizeof(zend_object_value))); --#else -- { -- zend_object_value zvalue; -- memset(&zvalue, 0, sizeof(zend_object_value)); -- zvalue.handle = Z_OBJ_HANDLE_P(obj); -- zvalue.handlers = Z_OBJ_HT_P(obj); -- RETURN_BOOL(zend_hash_exists(&intern->storage, (char*)&zvalue, sizeof(zend_object_value))); -- } --#endif -+ RETURN_BOOL(spl_object_storage_contains(intern, obj TSRMLS_CC)); - } /* }}} */ - - /* {{{ proto int SplObjectStorage::count() -@@ -362,10 +367,21 @@ SPL_METHOD(SplObjectStorage, unserialize) - goto outexcept; - } - ++p; -+ if(*p != 'O' && *p != 'C' && *p != 'r') { -+ goto outexcept; -+ } - ALLOC_INIT_ZVAL(pentry); - if (!php_var_unserialize(&pentry, &p, s + buf_len, &var_hash TSRMLS_CC)) { - zval_ptr_dtor(&pentry); - goto outexcept; -+ } -+ if(Z_TYPE_P(pentry) != IS_OBJECT) { -+ zval_ptr_dtor(&pentry); -+ goto outexcept; -+ } -+ if(spl_object_storage_contains(intern, pentry TSRMLS_CC)) { -+ zval_ptr_dtor(&pentry); -+ continue; - } - spl_object_storage_attach(intern, pentry TSRMLS_CC); - zval_ptr_dtor(&pentry); diff --git a/www/php5/core/pkg/PLIST-main b/www/php5/core/pkg/PLIST-main index 344a1b1d2c2..db1fc6568c4 100644 --- a/www/php5/core/pkg/PLIST-main +++ b/www/php5/core/pkg/PLIST-main @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST-main,v 1.14 2010/03/21 09:05:55 robert Exp $ +@comment $OpenBSD: PLIST-main,v 1.15 2010/08/24 09:14:43 robert Exp $ @conflict php4-core-* @pkgpath www/php5/core @pkgpath www/php5/core,hardened @@ -127,6 +127,7 @@ share/php5/include/ext/iconv/php_have_ibm_iconv.h share/php5/include/ext/iconv/php_have_iconv.h share/php5/include/ext/iconv/php_have_libiconv.h share/php5/include/ext/iconv/php_iconv.h +share/php5/include/ext/iconv/php_iconv_aliased_libiconv.h share/php5/include/ext/iconv/php_iconv_supports_errno.h share/php5/include/ext/iconv/php_php_iconv_h_path.h share/php5/include/ext/iconv/php_php_iconv_impl.h diff --git a/www/php5/distinfo b/www/php5/distinfo index 12e34d5405c..7b4deffb3eb 100644 --- a/www/php5/distinfo +++ b/www/php5/distinfo @@ -1,15 +1,15 @@ -MD5 (php-5.2.13.tar.gz) = zflc3B68zMzpyWZT/Vk91A== +MD5 (php-5.2.14.tar.gz) = bf90KaG0OqHHakPpCSFWCA== MD5 (suhosin-0.9.29.tgz) = 48WZ5+NE6YH5NbLauQWSwQ== -MD5 (suhosin-patch-5.2.13-0.9.7.patch.gz) = gYjhGc56vOmLjwBN5G+6xQ== -RMD160 (php-5.2.13.tar.gz) = K9IDDA7FgHfUnH/WW6fqBPMI+mg= +MD5 (suhosin-patch-5.2.14-0.9.7.patch.gz) = hM8BQrijY3uHhLXuHmy8Bw== +RMD160 (php-5.2.14.tar.gz) = iUgWEqwmHUoF1nmAfQdL/cahkr4= RMD160 (suhosin-0.9.29.tgz) = P7Hyka93d4WMoAkeXqbaQA9QabU= -RMD160 (suhosin-patch-5.2.13-0.9.7.patch.gz) = Y6Aipb8PuMZoj0wOvPqopDfqaTU= -SHA1 (php-5.2.13.tar.gz) = I4387crPDbkdoKNru086gLJaHMk= +RMD160 (suhosin-patch-5.2.14-0.9.7.patch.gz) = vHeQzTbcQQEyJoS3VNs8otQ4W6Y= +SHA1 (php-5.2.14.tar.gz) = LPIRslJor3zBRgAcSgmcILrXLPY= SHA1 (suhosin-0.9.29.tgz) = L6fHFqMucfu1d/w6n+r0bXg6UBs= -SHA1 (suhosin-patch-5.2.13-0.9.7.patch.gz) = 4vr42y1/rL1EzuL3N86Hcyg100E= -SHA256 (php-5.2.13.tar.gz) = N4TI4OzsrnyI2SUcHxJzdM9eaiu5clMGdeM//kOzNPc= +SHA1 (suhosin-patch-5.2.14-0.9.7.patch.gz) = ChLTWJ+cJtx9a2RS73mHsuZSejA= +SHA256 (php-5.2.14.tar.gz) = zjPG7Rq8iPC+/mMpRi8wLVOMz9hPqTjB06VFUdCtHRg= SHA256 (suhosin-0.9.29.tgz) = OsOn0updwnGJ+tt5RdoMrxj+IshzaUBLwy18+ArpU3k= -SHA256 (suhosin-patch-5.2.13-0.9.7.patch.gz) = eHdD5dIBqyzj/MPyUu7dfxZ0cPofVa8GRtfwOquJ0YQ= -SIZE (php-5.2.13.tar.gz) = 11719620 +SHA256 (suhosin-patch-5.2.14-0.9.7.patch.gz) = vQOt5EZz9+b6EW10Y1DxbGC+cXDWxBgWotUfqutaMa4= +SIZE (php-5.2.14.tar.gz) = 11783970 SIZE (suhosin-0.9.29.tgz) = 116137 -SIZE (suhosin-patch-5.2.13-0.9.7.patch.gz) = 22989 +SIZE (suhosin-patch-5.2.14-0.9.7.patch.gz) = 23057 diff --git a/www/php5/extensions/Makefile b/www/php5/extensions/Makefile index 49d7c7dbeee..43f7846f055 100644 --- a/www/php5/extensions/Makefile +++ b/www/php5/extensions/Makefile @@ -1,10 +1,8 @@ -# $OpenBSD: Makefile,v 1.60 2010/08/08 10:46:34 sthen Exp $ +# $OpenBSD: Makefile,v 1.61 2010/08/24 09:14:43 robert Exp $ FULLPKGNAME-main= php5-extensions-${V} FULLPKGPATH-main= www/php5/extensions,-main COMMENT-main= informational package about PHP5 extensions -REVISION= 0 -REVISION-xmlrpc= 1 MULTI_PACKAGES= -main @@ -16,7 +14,7 @@ PREFIX?= ${CHROOT_DIR} FLAVORS= no_x11 FLAVOR?= -WANTLIB= stdc++ m +#WANTLIB= stdc++ m MODULES= devel/gettext @@ -198,7 +196,7 @@ MULTI_PACKAGES+= -mysqli COMMENT-mysqli= mysql database access extensions for php5 CONFIGURE_ARGS+= --with-mysqli=shared,${LOCALBASE}/bin/mysql_config LIB_DEPENDS-mysqli= lib/mysql/mysqlclient.>=10::databases/mysql -WANTLIB-mysqli= ${WANTLIB} crypto ssl z +WANTLIB-mysqli= ${WANTLIB} crypto m ssl z .endif # ncurses @@ -233,7 +231,7 @@ MULTI_PACKAGES+= -pdo_mysql COMMENT-pdo_mysql= PDO mysql database access extensions for php5 CONFIGURE_ARGS+= --with-pdo-mysql=shared,${LOCALBASE} LIB_DEPENDS-pdo_mysql= lib/mysql/mysqlclient.>=10::databases/mysql -WANTLIB-pdo_mysql= ${WANTLIB} crypto ssl z +WANTLIB-pdo_mysql= ${WANTLIB} crypto m ssl z .endif # pdo-pgsql @@ -300,7 +298,7 @@ MULTI_PACKAGES+= -soap COMMENT-soap= SOAP functions for php5 CONFIGURE_ARGS+= --enable-soap=shared LIB_DEPENDS-soap= -WANTLIB-soap= ${WANTLIB} xml2 z iconv +WANTLIB-soap= ${WANTLIB} m xml2 z iconv .endif # snmp @@ -378,7 +376,7 @@ MULTI_PACKAGES+= -xmlrpc COMMENT-xmlrpc= XML RPC functions for php5 CONFIGURE_ARGS+= --with-xmlrpc=shared LIB_DEPENDS-xmlrpc= -WANTLIB-xmlrpc= ${WANTLIB} iconv xml2 z +WANTLIB-xmlrpc= ${WANTLIB} iconv m xml2 z .endif # xsl @@ -390,7 +388,7 @@ MULTI_PACKAGES+= -xsl COMMENT-xsl= XSL functions for php5 CONFIGURE_ARGS+= --with-xsl=shared --enable-dom LIB_DEPENDS-xsl= xslt.>=3,exslt::textproc/libxslt -WANTLIB-xsl= ${WANTLIB} iconv xml2 z +WANTLIB-xsl= ${WANTLIB} iconv m xml2 z .endif .for i in ${MULTI_PACKAGES} diff --git a/www/php5/extensions/patches/patch-ext_sybase_ct_config_m4 b/www/php5/extensions/patches/patch-ext_sybase_ct_config_m4 deleted file mode 100644 index 367d11b0cbe..00000000000 --- a/www/php5/extensions/patches/patch-ext_sybase_ct_config_m4 +++ /dev/null @@ -1,12 +0,0 @@ -$OpenBSD: patch-ext_sybase_ct_config_m4,v 1.1 2009/08/01 14:13:00 sthen Exp $ ---- ext/sybase_ct/config.m4.orig Mon Jul 27 14:35:31 2009 -+++ ext/sybase_ct/config.m4 Mon Jul 27 14:35:56 2009 -@@ -31,7 +31,7 @@ if test "$PHP_SYBASE_CT" != "no"; then - fi - - PHP_ADD_LIBPATH($SYBASE_CT_LIBDIR, SYBASE_CT_SHARED_LIBADD) -- if test -f $SYBASE_CT_INCDIR/tds.h; then -+ if test -f $SYBASE_CT_INCDIR/sybdb.h; then - PHP_ADD_LIBRARY(ct,, SYBASE_CT_SHARED_LIBADD) - SYBASE_CT_LIBS="-L$SYBASE_CT_LIBDIR -lct" - else diff --git a/www/php5/extensions/patches/patch-ext_xmlrpc_xmlrpc-epi-php_c b/www/php5/extensions/patches/patch-ext_xmlrpc_xmlrpc-epi-php_c deleted file mode 100644 index 7f4ab3ac48f..00000000000 --- a/www/php5/extensions/patches/patch-ext_xmlrpc_xmlrpc-epi-php_c +++ /dev/null @@ -1,35 +0,0 @@ -$OpenBSD: patch-ext_xmlrpc_xmlrpc-epi-php_c,v 1.1 2010/08/08 10:46:34 sthen Exp $ - -CVE-2010-0397: null pointer dereference when processing invalid XML-RPC -requests, upstream r296152 - ---- ext/xmlrpc/xmlrpc-epi-php.c.orig Sun Jan 17 17:19:38 2010 -+++ ext/xmlrpc/xmlrpc-epi-php.c Sat Aug 7 21:18:29 2010 -@@ -723,6 +723,7 @@ zval* decode_request_worker (zval* xml_in, zval* encod - zval* retval = NULL; - XMLRPC_REQUEST response; - STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; -+ const char *method_name; - opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(Z_STRVAL_P(encoding_in)) : ENCODING_DEFAULT; - - /* generate XMLRPC_REQUEST from raw xml */ -@@ -733,10 +734,15 @@ zval* decode_request_worker (zval* xml_in, zval* encod - - if(XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { - if(method_name_out) { -- zval_dtor(method_name_out); -- Z_TYPE_P(method_name_out) = IS_STRING; -- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); -- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); -+ method_name = XMLRPC_RequestGetMethodName(response); -+ if (method_name) { -+ zval_dtor(method_name_out); -+ Z_TYPE_P(method_name_out) = IS_STRING; -+ Z_STRVAL_P(method_name_out) = estrdup(method_name); -+ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); -+ } else { -+ retval = NULL; -+ } - } - } -