diff options
Diffstat (limited to 'lang/php53/patches')
-rw-r--r-- | lang/php53/patches/patch-Zend_zend__builtin__functions.c | 29 | ||||
-rw-r--r-- | lang/php53/patches/patch-as | 14 | ||||
-rw-r--r-- | lang/php53/patches/patch-main_main.c | 15 | ||||
-rw-r--r-- | lang/php53/patches/patch-main_php__globals.h | 16 | ||||
-rw-r--r-- | lang/php53/patches/patch-main_php__variables.c | 27 |
5 files changed, 0 insertions, 101 deletions
diff --git a/lang/php53/patches/patch-Zend_zend__builtin__functions.c b/lang/php53/patches/patch-Zend_zend__builtin__functions.c deleted file mode 100644 index ea337b2115a..00000000000 --- a/lang/php53/patches/patch-Zend_zend__builtin__functions.c +++ /dev/null @@ -1,29 +0,0 @@ -$NetBSD: patch-Zend_zend__builtin__functions.c,v 1.2 2011/10/20 14:30:55 taca Exp $ - -* Fix for CVE-2011-3379 from r317183 from PHP's repository. - ---- Zend/zend_builtin_functions.c.orig 2011-08-08 14:54:50.000000000 +0000 -+++ Zend/zend_builtin_functions.c -@@ -816,13 +816,19 @@ static void is_a_impl(INTERNAL_FUNCTION_ - int class_name_len; - zend_class_entry *instance_ce; - zend_class_entry **ce; -+ zend_bool allow_string = only_subclass; - zend_bool retval; - -- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs", &obj, &class_name, &class_name_len) == FAILURE) { -+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|b", &obj, &class_name, &class_name_len, &allow_string) == FAILURE) { - return; - } -- -- if (Z_TYPE_P(obj) == IS_STRING) { -+ /* -+ allow_string - is_a default is no, is_subclass_of is yes. -+ if it's allowed, then the autoloader will be called if the class does not exist. -+ default behaviour is different, as 'is_a' usage is normally to test mixed return values -+ */ -+ -+ if (allow_string && Z_TYPE_P(obj) == IS_STRING) { - zend_class_entry **the_ce; - if (zend_lookup_class(Z_STRVAL_P(obj), Z_STRLEN_P(obj), &the_ce TSRMLS_CC) == FAILURE) { - RETURN_FALSE; diff --git a/lang/php53/patches/patch-as b/lang/php53/patches/patch-as deleted file mode 100644 index c037a728a70..00000000000 --- a/lang/php53/patches/patch-as +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-as,v 1.1 2011/10/06 05:34:00 jklos Exp $ - ---- ext/standard/php_crypt_r.c.orig 2011-10-06 05:25:16.000000000 +0000 -+++ ext/standard/php_crypt_r.c -@@ -94,7 +94,8 @@ void _crypt_extended_init_r(void) - if (!initialized) { - #ifdef PHP_WIN32 - InterlockedIncrement(&initialized); --#elif (defined(__GNUC__) && !defined(__hpux) && (__GNUC__ > 4 || \ -+#elif (defined(__GNUC__) && (defined(__amd64__) || defined(__alpha__) || \ -+ defined(__i386__) || defined(__powerpc__)) && (__GNUC__ > 4 || \ - (__GNUC__ == 4 && (__GNUC_MINOR__ > 1 || (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ > 1))))) - __sync_fetch_and_add(&initialized, 1); - #elif defined(HAVE_ATOMIC_H) /* Solaris 10 defines atomic API within */ diff --git a/lang/php53/patches/patch-main_main.c b/lang/php53/patches/patch-main_main.c deleted file mode 100644 index 75ed38ee3c2..00000000000 --- a/lang/php53/patches/patch-main_main.c +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-main_main.c,v 1.1 2012/01/03 16:23:14 taca Exp $ - -* Fix for http://www.ocert.org/advisories/ocert-2011-003.html - from r321038 from PHP's repository. - ---- main/main.c.orig 2012-01-03 02:28:53.000000000 +0000 -+++ main/main.c -@@ -504,6 +504,7 @@ PHP_INI_BEGIN() - STD_PHP_INI_ENTRY("post_max_size", "8M", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLong, post_max_size, sapi_globals_struct,sapi_globals) - STD_PHP_INI_ENTRY("upload_tmp_dir", NULL, PHP_INI_SYSTEM, OnUpdateStringUnempty, upload_tmp_dir, php_core_globals, core_globals) - STD_PHP_INI_ENTRY("max_input_nesting_level", "64", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_nesting_level, php_core_globals, core_globals) -+ STD_PHP_INI_ENTRY("max_input_vars", "1000", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateLongGEZero, max_input_vars, php_core_globals, core_globals) - - STD_PHP_INI_ENTRY("user_dir", NULL, PHP_INI_SYSTEM, OnUpdateString, user_dir, php_core_globals, core_globals) - STD_PHP_INI_ENTRY("variables_order", "EGPCS", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateStringUnempty, variables_order, php_core_globals, core_globals) diff --git a/lang/php53/patches/patch-main_php__globals.h b/lang/php53/patches/patch-main_php__globals.h deleted file mode 100644 index 9950417c1ef..00000000000 --- a/lang/php53/patches/patch-main_php__globals.h +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-main_php__globals.h,v 1.1 2012/01/03 16:23:14 taca Exp $ - -* Fix for http://www.ocert.org/advisories/ocert-2011-003.html - from r321038 from PHP's repository. - ---- main/php_globals.h.orig 2011-01-01 02:19:59.000000000 +0000 -+++ main/php_globals.h -@@ -170,6 +170,8 @@ struct _php_core_globals { - char *mail_log; - - zend_bool in_error_log; -+ -+ long max_input_vars; - }; - - diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c deleted file mode 100644 index d970b8a202d..00000000000 --- a/lang/php53/patches/patch-main_php__variables.c +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-main_php__variables.c,v 1.1 2012/01/03 16:23:14 taca Exp $ - -* Fix for http://www.ocert.org/advisories/ocert-2011-003.html - from r321038 from PHP's repository. - ---- main/php_variables.c.orig 2011-01-01 02:19:59.000000000 +0000 -+++ main/php_variables.c -@@ -191,6 +191,9 @@ PHPAPI void php_register_variable_ex(cha - } - if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE - || Z_TYPE_PP(gpc_element_p) != IS_ARRAY) { -+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { -+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); -+ } - MAKE_STD_ZVAL(gpc_element); - array_init(gpc_element); - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); -@@ -236,6 +239,9 @@ plain_var: - zend_symtable_exists(symtable1, escaped_index, index_len + 1)) { - zval_ptr_dtor(&gpc_element); - } else { -+ if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) { -+ php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); -+ } - zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); - } - if (escaped_index != index) { |