The actual patches for PHP4/5.

6 files changed, 230 insertions, 0 deletions

diff --git a/lang/php5/patches/patch-ap b/lang/php5/patches/patch-ap
new file mode 100644
index 00000000000..f348b58d60f
--- /dev/null
+++ b/lang/php5/patches/patch-ap
@@ -0,0 +1,13 @@
+$NetBSD: patch-ap,v 1.1 2006/04/14 13:48:33 cube Exp $
+
+--- ext/standard/html.c.orig	2006-01-01 13:50:14.000000000 +0100
++++ ext/standard/html.c
+@@ -884,7 +884,7 @@ PHPAPI char *php_unescape_html_entities(
+ 	unsigned char replacement[15];
+ 	int replacement_len;
+ 
+-	ret = estrdup(old);
++	ret = estrndup(old, oldlen);
+ 	retlen = oldlen;
+ 	if (!retlen) {
+ 		goto empty_source;
diff --git a/lang/php5/patches/patch-aq b/lang/php5/patches/patch-aq
new file mode 100644
index 00000000000..42b7ac1712a
--- /dev/null
+++ b/lang/php5/patches/patch-aq
@@ -0,0 +1,45 @@
+$NetBSD: patch-aq,v 1.1 2006/04/14 13:48:33 cube Exp $
+
+--- ext/standard/file.c.orig	2006-01-01 13:50:14.000000000 +0100
++++ ext/standard/file.c
+@@ -773,8 +773,9 @@ PHP_FUNCTION(tempnam)
+ 	zval **arg1, **arg2;
+ 	char *d;
+ 	char *opened_path;
+-	char p[64];
++	char *p;
+ 	int fd;
++	size_t p_len;
+ 
+ 	if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) {
+ 		WRONG_PARAM_COUNT;
+@@ -787,7 +788,11 @@ PHP_FUNCTION(tempnam)
+ 	}
+ 	
+ 	d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1));
+-	strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p));
++
++	php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0, &p, &p_len TSRMLS_CC);
++	if (p_len > 64) {
++		p[63] = '\0';
++	}
+ 
+ 	if ((fd = php_open_temporary_fd(d, p, &opened_path TSRMLS_CC)) >= 0) {
+ 		close(fd);
+@@ -795,6 +800,7 @@ PHP_FUNCTION(tempnam)
+ 	} else {
+ 		RETVAL_FALSE;
+ 	}
++	efree(p);
+ 	efree(d);
+ }
+ /* }}} */
+@@ -1756,7 +1762,7 @@ no_stat:
+ 	}
+ safe_to_copy:
+ 
+-	srcstream = php_stream_open_wrapper(src, "rb", STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS, NULL);
++	srcstream = php_stream_open_wrapper(src, "rb", ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
+ 	
+ 	if (!srcstream) {
+ 		return ret;
diff --git a/lang/php5/patches/patch-ar b/lang/php5/patches/patch-ar
new file mode 100644
index 00000000000..ffced9e3fb6
--- /dev/null
+++ b/lang/php5/patches/patch-ar
@@ -0,0 +1,61 @@
+$NetBSD: patch-ar,v 1.1 2006/04/14 13:48:33 cube Exp $
+
+--- ext/standard/info.c.orig	2006-04-14 14:03:22.000000000 +0200
++++ ext/standard/info.c
+@@ -58,6 +58,23 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv)
+ 
+ PHPAPI extern char *php_ini_opened_path;
+ PHPAPI extern char *php_ini_scanned_files;
++	
++static int php_info_write_wrapper(const char *str, uint str_length)
++{
++	int new_len, written;
++	char *elem_esc;
++
++	TSRMLS_FETCH();
++
++	elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
++
++	written = php_body_write(elem_esc, new_len TSRMLS_CC);
++
++	efree(elem_esc);
++
++	return written;
++}
++
+ 
+ /* {{{ _display_module_info
+  */
+@@ -135,30 +152,13 @@ static void php_print_gpcse_array(char *
+ 				PUTS(" => ");
+ 			}
+ 			if (Z_TYPE_PP(tmp) == IS_ARRAY) {
+-				zval *tmp3;
+-
+-				MAKE_STD_ZVAL(tmp3);
+-
+ 				if (!sapi_module.phpinfo_as_text) {
+ 					PUTS("<pre>");
+-				}
+-				php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+-				
+-				zend_print_zval_r(*tmp, 0 TSRMLS_CC);
+-				
+-				php_ob_get_buffer(tmp3 TSRMLS_CC);
+-				php_end_ob_buffer(0, 0 TSRMLS_CC);
+-				
+-				if (!sapi_module.phpinfo_as_text) {
+-					elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
+-					PUTS(elem_esc);
+-					efree(elem_esc);
++					zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
+ 					PUTS("</pre>");
+ 				} else {
+-					PUTS(Z_STRVAL_P(tmp3));
++					zend_print_zval_r(*tmp, 0 TSRMLS_CC);
+ 				}
+-				zval_ptr_dtor(&tmp3);
+-
+ 			} else if (Z_TYPE_PP(tmp) != IS_STRING) {
+ 				tmp2 = **tmp;
+ 				zval_copy_ctor(&tmp2);
diff --git a/www/php4/patches/patch-aq b/www/php4/patches/patch-aq
new file mode 100644
index 00000000000..f173fc82dc2
--- /dev/null
+++ b/www/php4/patches/patch-aq
@@ -0,0 +1,13 @@
+$NetBSD: patch-aq,v 1.1 2006/04/14 13:48:33 cube Exp $
+
+--- ext/standard/html.c.orig	2006-01-01 14:46:57.000000000 +0100
++++ ext/standard/html.c
+@@ -793,7 +793,7 @@ PHPAPI char *php_unescape_html_entities(
+ 	enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
+ 	unsigned char replacement[15];
+ 	
+-	ret = estrdup(old);
++	ret = estrndup(old, oldlen);
+ 	retlen = oldlen;
+ 	if (!retlen) {
+ 		goto empty_source;
diff --git a/www/php4/patches/patch-ar b/www/php4/patches/patch-ar
new file mode 100644
index 00000000000..bfdc845b1b0
--- /dev/null
+++ b/www/php4/patches/patch-ar
@@ -0,0 +1,55 @@
+$NetBSD: patch-ar,v 1.1 2006/04/14 13:48:33 cube Exp $
+
+--- ext/standard/info.c.orig	2006-01-01 14:46:57.000000000 +0100
++++ ext/standard/info.c
+@@ -58,6 +58,23 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv)
+ 
+ PHPAPI extern char *php_ini_opened_path;
+ PHPAPI extern char *php_ini_scanned_files;
++	
++static int php_info_write_wrapper(const char *str, uint str_length)
++{
++	int new_len, written;
++	char *elem_esc;
++
++	TSRMLS_FETCH();
++
++	elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
++
++	written = php_body_write(elem_esc, new_len TSRMLS_CC);
++
++	efree(elem_esc);
++
++	return written;
++}
++
+ 
+ /* {{{ _display_module_info
+  */
+@@ -133,23 +150,12 @@ static void php_print_gpcse_array(char *
+ 				PUTS(" => ");
+ 			}
+ 			if (Z_TYPE_PP(tmp) == IS_ARRAY) {
+-				zval *tmp3;
+-				MAKE_STD_ZVAL(tmp3);
+ 				if (!sapi_module.phpinfo_as_text) {
+ 					PUTS("<pre>");
+-				}
+-				php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
+-				zend_print_zval_r(*tmp, 0);
+-				php_ob_get_buffer(tmp3 TSRMLS_CC);
+-				php_end_ob_buffer(0, 0 TSRMLS_CC);
+-				
+-				elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
+-				PUTS(elem_esc);
+-				efree(elem_esc);
+-				zval_ptr_dtor(&tmp3);
+-
+-				if (!sapi_module.phpinfo_as_text) {
++ 					zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
+ 					PUTS("</pre>");
++				} else {
++ 					zend_print_zval_r(*tmp, 0 TSRMLS_CC);
+ 				}
+ 			} else if (Z_TYPE_PP(tmp) != IS_STRING) {
+ 				tmp2 = **tmp;
diff --git a/www/php4/patches/patch-as b/www/php4/patches/patch-as
new file mode 100644
index 00000000000..984a8a3b7aa
--- /dev/null
+++ b/www/php4/patches/patch-as
@@ -0,0 +1,43 @@
+$NetBSD: patch-as,v 1.1 2006/04/14 13:48:33 cube Exp $
+
+--- ext/standard/file.c.orig	2006-01-01 14:46:57.000000000 +0100
++++ ext/standard/file.c
+@@ -552,7 +552,7 @@ PHP_FUNCTION(tempnam)
+ 	pval **arg1, **arg2;
+ 	char *d;
+ 	char *opened_path;
+-	char p[64];
++	char *p;
+ 	FILE *fp;
+ 
+ 	if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) {
+@@ -566,7 +566,11 @@ PHP_FUNCTION(tempnam)
+ 	}
+ 
+ 	d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1));
+-	strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p));
++
++	p = php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0);
++	if (strlen(p) > 64) {
++		p[63] = '\0';
++	}
+ 
+ 	if ((fp = php_open_temporary_file(d, p, &opened_path TSRMLS_CC))) {
+ 		fclose(fp);
+@@ -574,6 +578,7 @@ PHP_FUNCTION(tempnam)
+ 	} else {
+ 		RETVAL_FALSE;
+ 	}
++	efree(p);
+ 	efree(d);
+ }
+ /* }}} */
+@@ -2196,7 +2201,7 @@ no_stat:
+ safe_to_copy:
+ 
+ 	srcstream = php_stream_open_wrapper(src, "rb",
+-				STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS,
++				ENFORCE_SAFE_MODE | REPORT_ERRORS,
+ 				NULL);
+ 
+ 	if (!srcstream)