Update php5 package to 5.2.15 (PHP 5.2.15):

The PHP development team would like to announce the immediate availability of PHP 5.2.15. This release marks the end of support for PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3. This release focuses on improving the security and stability of the PHP 5.2.x branch with a small number, of predominatly security fixes. Security Enhancements and Fixes in PHP 5.2.15: * Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. * Fixed crash in zip extract method (possible CWE-170). * Fixed a possible double free in imap extension. * Fixed possible flaw in open_basedir (CVE-2010-3436). * Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). Key enhancements in PHP 5.2.15 include: * Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). * Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). * To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a migration guide available on http://php.net/migration53, details the changes between PHP 5.2 and PHP 5.3. For a full list of changes in PHP 5.2.15 see the ChangeLog at http://www.php.net/ChangeLog-5.php#5.2.15.
author: taca <taca> 2010-12-13 13:15:45 +0000
committer: taca <taca> 2010-12-13 13:15:45 +0000
commit: 72c04f76d736e7d398d92bee8192f5ae65234982 (patch)
tree: 20ca7ded49c6b104435b976185f9609c26319f84 /lang/php5
parent: e46c5e6fe976b034561fa222d6955ec78541fae0 (diff)
download: pkgsrc-72c04f76d736e7d398d92bee8192f5ae65234982.tar.gz
6 files changed, 7 insertions, 220 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index 70fdeff2fc1..6af89b7142c 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.80 2010/11/25 03:44:16 taca Exp $
+# $NetBSD: Makefile,v 1.81 2010/12/13 13:15:45 taca Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
diff --git a/lang/php5/Makefile.common b/lang/php5/Makefile.common
index 8b05c9261cd..c2c6b84d964 100644
--- a/lang/php5/Makefile.common
+++ b/lang/php5/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.42 2010/07/24 22:23:15 tron Exp $
+# $NetBSD: Makefile.common,v 1.43 2010/12/13 13:15:45 taca Exp $
 # used by lang/php5/Makefile.php
 # used by lang/php/ext.mk
 # used by meta-pkgs/php5-extensions/Makefile
@@ -41,7 +41,7 @@ EXTRACT_SUFX?=		.tar.bz2
 MAINTAINER?=		jdolecek@NetBSD.org
 HOMEPAGE?=		http://www.php.net/
 
-PHP_BASE_VERS=		5.2.14
+PHP_BASE_VERS=		5.2.15
 
 PHP_EXTENSION_DIR=	lib/php/20040412
 PLIST_SUBST+=		PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 8475f1da7a0..9da73436068 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,22 +1,16 @@
-$NetBSD: distinfo,v 1.80 2010/11/25 03:44:16 taca Exp $
+$NetBSD: distinfo,v 1.81 2010/12/13 13:15:45 taca Exp $
 
-SHA1 (php-5.2.14/php-5.2.14.tar.bz2) = 311b44b2c0f2eea8ab8dab876d2a6b6e7a55632e
-RMD160 (php-5.2.14/php-5.2.14.tar.bz2) = f699488f5b266a1c5e36df570c4d5896dc4e0aea
-Size (php-5.2.14/php-5.2.14.tar.bz2) = 9055945 bytes
-SHA1 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 0a12d3589f9c26dc7d6b6452ef7987b2e6527a30
-RMD160 (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = bc7790cd36dc4101322684b754db3ca2d4385ba6
-Size (php-5.2.14/suhosin-patch-5.2.14-0.9.7.patch.gz) = 23057 bytes
+SHA1 (php-5.2.15/php-5.2.15.tar.bz2) = 91e6488a39a80e533f5d792fb8857cf10b0326ad
+RMD160 (php-5.2.15/php-5.2.15.tar.bz2) = cae061990527216e1d50352a22875807fdb79109
+Size (php-5.2.15/php-5.2.15.tar.bz2) = 9089791 bytes
 SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
 SHA1 (patch-af) = 68c5a31dccf1854ba1aff653e4c524767d6a64f6
 SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94
 SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
-SHA1 (patch-ak) = d2b84d8b4b9014602d63cbeac7be63cd6da6f057
 SHA1 (patch-al) = 3945eef039ed285e623273cdde4c51c4c6bc978b
 SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602
 SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
 SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df
 SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
 SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
-SHA1 (patch-bf) = 97f5c544e5aa87cf8caff090b57efb02c8acc944
-SHA1 (patch-bg) = 57b57e795463ae374687e5565899dffe2d5d4a01
diff --git a/lang/php5/patches/patch-ak b/lang/php5/patches/patch-ak
deleted file mode 100644
index a7e07c739a1..00000000000
--- a/lang/php5/patches/patch-ak
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: patch-ak,v 1.8 2010/11/25 03:44:16 taca Exp $
-
-Fix for CVE-2010-4150:
-	http://svn.php.net/viewvc?view=revision&revision=305032
-
---- ext/imap/php_imap.c.orig	2010-02-07 13:06:54.000000000 +0000
-+++ ext/imap/php_imap.c
-@@ -794,10 +794,12 @@ static void php_imap_do_open(INTERNAL_FU
- 
- 	if (IMAPG(imap_user)) {
- 		efree(IMAPG(imap_user));
-+		IMAPG(imap_user) = 0;
- 	}
- 
- 	if (IMAPG(imap_password)) {
- 		efree(IMAPG(imap_password));
-+		IMAPG(imap_password) = 0;
- 	}
- 
- 	/* local filename, need to perform open_basedir and safe_mode checks */
diff --git a/lang/php5/patches/patch-bf b/lang/php5/patches/patch-bf
deleted file mode 100644
index 9d1252c2e2c..00000000000
--- a/lang/php5/patches/patch-bf
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: patch-bf,v 1.1 2010/11/25 03:44:16 taca Exp $
-
-Fix for CVE-2010-3710 (a part of http://secunia.com/advisories/41724/):
-
-	http://svn.php.net/viewvc?view=revision&revision=303885
-
---- ext/filter/logical_filters.c.orig	2010-04-02 18:27:48.000000000 +0000
-+++ ext/filter/logical_filters.c
-@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT
- 	int         matches;
- 
- 
-+	/* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
-+	if (Z_STRLEN_P(value) > 320) {
-+		RETURN_VALIDATION_FAILED
-+	}
-+
- 	re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
- 	if (!re) {
- 		RETURN_VALIDATION_FAILED
diff --git a/lang/php5/patches/patch-bg b/lang/php5/patches/patch-bg
deleted file mode 100644
index 1f495e15882..00000000000
--- a/lang/php5/patches/patch-bg
+++ /dev/null
@@ -1,166 +0,0 @@
-$NetBSD: patch-bg,v 1.1 2010/11/25 03:44:16 taca Exp $
-
-Fix for CVE-2010-3870 (a part of http://secunia.com/advisories/41724/):
-
-	http://svn.php.net/viewvc?view=revision&revision=305055
-
---- ext/xml/xml.c.orig	2010-01-05 13:03:40.000000000 +0000
-+++ ext/xml/xml.c
-@@ -554,10 +554,111 @@ PHPAPI char *xml_utf8_encode(const char 
- }
- /* }}} */
- 
-+/* copied from trunk's implementation of get_next_char in ext/standard/html.c */
-+#define MB_FAILURE(pos, advance) do { \
-+	*cursor = pos + (advance); \
-+	*status = FAILURE; \
-+	return 0; \
-+} while (0)
-+
-+#define CHECK_LEN(pos, chars_need) ((str_len - (pos)) >= (chars_need))
-+#define utf8_lead(c)  ((c) < 0x80 || ((c) >= 0xC2 && (c) <= 0xF4))
-+#define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF)
-+
-+/* {{{ php_next_utf8_char
-+ */
-+static inline unsigned int php_next_utf8_char(
-+		const unsigned char *str,
-+		size_t str_len,
-+		size_t *cursor,
-+		int *status)
-+{
-+	size_t pos = *cursor;
-+	unsigned int this_char = 0;
-+	unsigned char c;
-+
-+	*status = SUCCESS;
-+
-+	if (!CHECK_LEN(pos, 1))
-+		MB_FAILURE(pos, 1);
-+
-+	/* We'll follow strategy 2. from section 3.6.1 of UTR #36:
-+		* "In a reported illegal byte sequence, do not include any
-+		*  non-initial byte that encodes a valid character or is a leading
-+		*  byte for a valid sequence. */
-+	c = str[pos];
-+	if (c < 0x80) {
-+		this_char = c;
-+		pos++;
-+	} else if (c < 0xc2) {
-+		MB_FAILURE(pos, 1);
-+	} else if (c < 0xe0) {
-+		if (!CHECK_LEN(pos, 2))
-+			MB_FAILURE(pos, 1);
-+
-+		if (!utf8_trail(str[pos + 1])) {
-+			MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2);
-+		}
-+		this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f);
-+		if (this_char < 0x80) { /* non-shortest form */
-+			MB_FAILURE(pos, 2);
-+		}
-+		pos += 2;
-+	} else if (c < 0xf0) {
-+		size_t avail = str_len - pos;
-+
-+		if (avail < 3 ||
-+				!utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) {
-+			if (avail < 2 || utf8_lead(str[pos + 1]))
-+				MB_FAILURE(pos, 1);
-+			else if (avail < 3 || utf8_lead(str[pos + 2]))
-+				MB_FAILURE(pos, 2);
-+			else
-+				MB_FAILURE(pos, 3);
-+		}
-+
-+		this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f);
-+		if (this_char < 0x800) { /* non-shortest form */
-+			MB_FAILURE(pos, 3);
-+		} else if (this_char >= 0xd800 && this_char <= 0xdfff) { /* surrogate */
-+			MB_FAILURE(pos, 3);
-+		}
-+		pos += 3;
-+	} else if (c < 0xf5) {
-+		size_t avail = str_len - pos;
-+
-+		if (avail < 4 ||
-+				!utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2]) ||
-+				!utf8_trail(str[pos + 3])) {
-+			if (avail < 2 || utf8_lead(str[pos + 1]))
-+				MB_FAILURE(pos, 1);
-+			else if (avail < 3 || utf8_lead(str[pos + 2]))
-+				MB_FAILURE(pos, 2);
-+			else if (avail < 4 || utf8_lead(str[pos + 3]))
-+				MB_FAILURE(pos, 3);
-+			else
-+				MB_FAILURE(pos, 4);
-+		}
-+
-+		this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f);
-+		if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */
-+			MB_FAILURE(pos, 4);
-+		}
-+		pos += 4;
-+	} else {
-+		MB_FAILURE(pos, 1);
-+	}
-+
-+	*cursor = pos;
-+	return this_char;
-+}
-+/* }}} */
-+
-+
- /* {{{ xml_utf8_decode */
- PHPAPI char *xml_utf8_decode(const XML_Char *s, int len, int *newlen, const XML_Char *encoding)
- {
--	int pos = len;
-+	size_t pos = 0;
- 	char *newbuf = emalloc(len + 1);
- 	unsigned int c;
- 	char (*decoder)(unsigned short) = NULL;
-@@ -576,36 +677,15 @@ PHPAPI char *xml_utf8_decode(const XML_C
- 		newbuf[*newlen] = '\0';
- 		return newbuf;
- 	}
--	while (pos > 0) {
--		c = (unsigned char)(*s);
--		if (c >= 0xf0) { /* four bytes encoded, 21 bits */
--			if(pos-4 >= 0) {
--				c = ((s[0]&7)<<18) | ((s[1]&63)<<12) | ((s[2]&63)<<6) | (s[3]&63);
--			} else {
--				c = '?';	
--			}
--			s += 4;
--			pos -= 4;
--		} else if (c >= 0xe0) { /* three bytes encoded, 16 bits */
--			if(pos-3 >= 0) {
--				c = ((s[0]&63)<<12) | ((s[1]&63)<<6) | (s[2]&63);
--			} else {
--				c = '?';
--			}
--			s += 3;
--			pos -= 3;
--		} else if (c >= 0xc0) { /* two bytes encoded, 11 bits */
--			if(pos-2 >= 0) {
--				c = ((s[0]&63)<<6) | (s[1]&63);
--			} else {
--				c = '?';
--			}
--			s += 2;
--			pos -= 2;
--		} else {
--			s++;
--			pos--;
-+
-+	while (pos < (size_t)len) {
-+		int status = FAILURE;
-+		c = php_next_utf8_char((const unsigned char*)s, (size_t) len, &pos, &status);
-+
-+		if (status == FAILURE || c > 0xFFU) {
-+			c = '?';
- 		}
-+
- 		newbuf[*newlen] = decoder ? decoder(c) : c;
- 		++*newlen;
- 	}
author	taca <taca>	2010-12-13 13:15:45 +0000
committer	taca <taca>	2010-12-13 13:15:45 +0000
commit	72c04f76d736e7d398d92bee8192f5ae65234982 (patch)
tree	20ca7ded49c6b104435b976185f9609c26319f84 /lang/php5
parent	e46c5e6fe976b034561fa222d6955ec78541fae0 (diff)
download	pkgsrc-72c04f76d736e7d398d92bee8192f5ae65234982.tar.gz