From e16f057b55d74570b0d52149bf07a27c871bf100 Mon Sep 17 00:00:00 2001 From: jdolecek Date: Mon, 6 Nov 2006 22:06:35 +0000 Subject: Update lang/php5 to 5.2.0. Changes since 5.1.6: The key features of PHP 5.2.0 include: * New memory manager for the Zend Engine with improved performance and a more accurate memory usage tracking. * Input filtering extension was added and enabled by default. * JSON extension was added and enabled by default. * ZIP extension for creating and editing zip files was introduced. * Hooks for tracking file upload progress were introduced. * Introduced E_RECOVERABLE_ERROR error mode. * Introduced DateTime and DateTimeZone objects with methods to manipulate date/time information. * Upgraded bundled SQLite, PCRE libraries. * Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows installations. * Many performance improvements. * Over 200 bug fixes. Security Enhancements and Fixes in PHP 5.2.0: * Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible. * Added allow_url_include, set to Off by default to disallow use of URLs for include and require. * Disable realpath cache when open_basedir and safe_mode are being used. * Improved safe_mode enforcement for error_log() function. * Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions. * Added missing safe_mode and open_basedir checks for the cURL extension. * Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines. * Fixed handling of long paths inside the tempnam() function. * Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters. * Fixed ini setting overload in the ini_restore() function. For a full list of changes in PHP 5.2.0, see the ChangeLog: http://www.php.net/ChangeLog-5.php#5.2.0 Also other notable extensions changes: * filePRO extension removed (not in PECL yet, php-filepro disabled for PHP5) * JSON added (not enabled by default, packaged in php-json) * filter added (enabled by default) * wddx rewritten to native libxml2, fixing several encoding bugs --- lang/php5/Makefile | 3 +-- lang/php5/Makefile.common | 4 ++-- lang/php5/distinfo | 15 +++++---------- lang/php5/patches/patch-aa | 21 --------------------- lang/php5/patches/patch-ab | 17 ----------------- lang/php5/patches/patch-ak | 14 +++++++------- lang/php5/patches/patch-as | 25 ------------------------- lang/php5/patches/patch-au | 14 -------------- lang/php5/patches/patch-av | 32 -------------------------------- 9 files changed, 15 insertions(+), 130 deletions(-) delete mode 100644 lang/php5/patches/patch-aa delete mode 100644 lang/php5/patches/patch-ab delete mode 100644 lang/php5/patches/patch-as delete mode 100644 lang/php5/patches/patch-au delete mode 100644 lang/php5/patches/patch-av (limited to 'lang') diff --git a/lang/php5/Makefile b/lang/php5/Makefile index e35a7dade9b..655a3d5a21d 100644 --- a/lang/php5/Makefile +++ b/lang/php5/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.46 2006/11/04 11:27:55 adrianp Exp $ +# $NetBSD: Makefile,v 1.47 2006/11/06 22:06:35 jdolecek Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 3 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php5/Makefile.common b/lang/php5/Makefile.common index 5507ce0e4fb..b0d94ef0b34 100644 --- a/lang/php5/Makefile.common +++ b/lang/php5/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.20 2006/08/28 12:17:10 taca Exp $ +# $NetBSD: Makefile.common,v 1.21 2006/11/06 22:06:35 jdolecek Exp $ .if !defined(DISTNAME) DISTNAME= php-${PHP_BASE_VERS} @@ -16,7 +16,7 @@ EXTRACT_SUFX?= .tar.bz2 MAINTAINER?= jdolecek@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.1.6 +PHP_BASE_VERS= 5.2.0 PHP_EXTENSION_DIR= lib/php/20040412 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q} diff --git a/lang/php5/distinfo b/lang/php5/distinfo index 227e39fada7..4b6ae76e405 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,15 +1,10 @@ -$NetBSD: distinfo,v 1.32 2006/11/04 11:27:55 adrianp Exp $ +$NetBSD: distinfo,v 1.33 2006/11/06 22:06:35 jdolecek Exp $ -SHA1 (php-5.1.6/php-5.1.6.tar.bz2) = a20b946f1de0a8a35a8a6bf437adbba4e5448d27 -RMD160 (php-5.1.6/php-5.1.6.tar.bz2) = 7ac52f4674532397c982f6ced594b70dd17522af -Size (php-5.1.6/php-5.1.6.tar.bz2) = 6454408 bytes -SHA1 (patch-aa) = c1ba60ea1e8df9242b1f3c5078808c7968cf0de8 -SHA1 (patch-ab) = e91b34cd6cfadcc7f39e5832241ea711f1c0f827 +SHA1 (php-5.2.0/php-5.2.0.tar.bz2) = 6306829b1b252156ca3a936ec809aba89a71d9e1 +RMD160 (php-5.2.0/php-5.2.0.tar.bz2) = baabe854ac219935ed9f58d348ebf08fb84853de +Size (php-5.2.0/php-5.2.0.tar.bz2) = 6789838 bytes SHA1 (patch-ac) = 4f8714134977e6cef25df23b60ceea50c2aee6d0 SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc -SHA1 (patch-ak) = 2d5264d33ebef631d4a2d0cdf8a2ed365bdbeb7e -SHA1 (patch-as) = 4fc74c8e8d0a7a152a7bbe1672ad0834021db16c -SHA1 (patch-au) = 90264101db6c2f000c30d1f513392acec781202b -SHA1 (patch-av) = b14aed514e801e58deec95ecdda107a1c6b5457d +SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab diff --git a/lang/php5/patches/patch-aa b/lang/php5/patches/patch-aa deleted file mode 100644 index 050db59148a..00000000000 --- a/lang/php5/patches/patch-aa +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-aa,v 1.1 2006/10/22 13:19:19 adrianp Exp $ - -# CVE-2006-4812 - ---- Zend/zend_alloc.c.orig 2006-08-10 18:16:24.000000000 +0100 -+++ Zend/zend_alloc.c -@@ -331,12 +331,12 @@ ZEND_API void *_ecalloc(size_t nmemb, si - int final_size = size*nmemb; - - HANDLE_BLOCK_INTERRUPTIONS(); -- p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); -+ p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); - if (!p) { - HANDLE_UNBLOCK_INTERRUPTIONS(); - return (void *) p; - } -- memset(p, 0, final_size); -+ memset(p, 0, size * nmemb); - HANDLE_UNBLOCK_INTERRUPTIONS(); - return p; - } diff --git a/lang/php5/patches/patch-ab b/lang/php5/patches/patch-ab deleted file mode 100644 index 4a10646122e..00000000000 --- a/lang/php5/patches/patch-ab +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-ab,v 1.1 2006/10/22 13:19:19 adrianp Exp $ - -# CVE-2006-4625 - ---- Zend/zend_ini.c.orig 2006-01-04 23:53:04.000000000 +0000 -+++ Zend/zend_ini.c -@@ -256,8 +256,8 @@ ZEND_API int zend_restore_ini_entry(char - zend_ini_entry *ini_entry; - TSRMLS_FETCH(); - -- if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) { -- return FAILURE; -+ if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE || -+ (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifiable & ZEND_INI_USER) == 0)) { return FAILURE; - } - - zend_restore_ini_entry_cb(ini_entry, stage TSRMLS_CC); diff --git a/lang/php5/patches/patch-ak b/lang/php5/patches/patch-ak index 33684428a2c..246b8b4cfa5 100644 --- a/lang/php5/patches/patch-ak +++ b/lang/php5/patches/patch-ak @@ -1,10 +1,10 @@ -$NetBSD: patch-ak,v 1.2 2006/02/06 06:39:59 martti Exp $ +$NetBSD: patch-ak,v 1.3 2006/11/06 22:06:35 jdolecek Exp $ ---- ext/imap/php_imap.c.orig 2006-01-05 02:47:16.000000000 +0200 -+++ ext/imap/php_imap.c 2006-02-05 15:37:19.000000000 +0200 -@@ -429,6 +429,11 @@ - - ZEND_INIT_MODULE_GLOBALS(imap, php_imap_init_globals, NULL) +--- ext/imap/php_imap.c.orig 2006-10-05 16:25:41.000000000 +0200 ++++ ext/imap/php_imap.c +@@ -441,6 +441,11 @@ PHP_MINIT_FUNCTION(imap) + { + unsigned long sa_all = SA_MESSAGES | SA_RECENT | SA_UNSEEN | SA_UIDNEXT | SA_UIDVALIDITY; +/* + * Optionally use the installed c-client linkage.c to determine which drivers @@ -14,7 +14,7 @@ $NetBSD: patch-ak,v 1.2 2006/02/06 06:39:59 martti Exp $ #ifndef PHP_WIN32 mail_link(&unixdriver); /* link in the unix driver */ mail_link(&mhdriver); /* link in the mh driver */ -@@ -444,6 +449,10 @@ +@@ -456,6 +461,10 @@ PHP_MINIT_FUNCTION(imap) mail_link(&tenexdriver); /* link in the tenex driver */ mail_link(&mtxdriver); /* link in the mtx driver */ mail_link(&dummydriver); /* link in the dummy driver */ diff --git a/lang/php5/patches/patch-as b/lang/php5/patches/patch-as deleted file mode 100644 index 2dd299ff4e2..00000000000 --- a/lang/php5/patches/patch-as +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-as,v 1.2 2006/08/19 16:44:15 taca Exp $ - ---- ext/date/lib/timelib_structs.h.orig 2006-04-12 03:03:52.000000000 +0900 -+++ ext/date/lib/timelib_structs.h -@@ -21,7 +21,7 @@ - #ifndef __TIMELIB_STRUCTS_H__ - #define __TIMELIB_STRUCTS_H__ - --#include -+#include "timelib_config.h" - - #ifdef HAVE_SYS_TYPES_H - #include -@@ -183,7 +183,11 @@ typedef struct _timelib_tzdb { - #define TIMELIB_ZONETYPE_ABBR 2 - #define TIMELIB_ZONETYPE_ID 3 - -+#if defined(SIZEOF_LONG_LONG_INT) && (SIZEOF_LONG_LONG_INT == 8) -+#define SECS_PER_ERA 12622780800LL -+#else - #define SECS_PER_ERA 12622780800L -+#endif - #define SECS_PER_DAY 86400 - #define DAYS_PER_YEAR 365 - #define DAYS_PER_LYEAR 366 diff --git a/lang/php5/patches/patch-au b/lang/php5/patches/patch-au deleted file mode 100644 index 682945a693c..00000000000 --- a/lang/php5/patches/patch-au +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-au,v 1.1 2006/05/23 22:55:23 jdolecek Exp $ - ---- ext/wddx/wddx.c.orig 2006-05-24 00:39:34.000000000 +0200 -+++ ext/wddx/wddx.c -@@ -399,7 +399,8 @@ static void php_wddx_serialize_string(wd - break; - - default: -- if (iscntrl((int)*(unsigned char *)p)) { -+ if (iscntrl((int)*(unsigned char *)p) -+ && isascii((int)*(unsigned char *)p)) { - FLUSH_BUF(); - sprintf(control_buf, WDDX_CHAR, *p); - php_wddx_add_chunk(packet, control_buf); diff --git a/lang/php5/patches/patch-av b/lang/php5/patches/patch-av deleted file mode 100644 index 58397c04b98..00000000000 --- a/lang/php5/patches/patch-av +++ /dev/null @@ -1,32 +0,0 @@ -$NetBSD: patch-av,v 1.3 2006/11/04 11:27:55 adrianp Exp $ - -# CVE-2006-5465 - ---- ext/standard/html.c.orig 2006-02-25 21:32:11.000000000 +0000 -+++ ext/standard/html.c -@@ -1096,7 +1096,7 @@ PHPAPI char *php_escape_html_entities(un - - matches_map = 0; - -- if (len + 9 > maxlen) -+ if (len + 16 > maxlen) - replaced = erealloc (replaced, maxlen += 128); - - if (all) { -@@ -1121,9 +1121,15 @@ PHPAPI char *php_escape_html_entities(un - } - - if (matches_map) { -+ int l = strlen(rep); -+ /* increase the buffer size */ -+ if (len + 2 + l >= maxlen) { -+ replaced = erealloc(replaced, maxlen += 128); -+ } -+ - replaced[len++] = '&'; - strcpy(replaced + len, rep); -- len += strlen(rep); -+ len += l; - replaced[len++] = ';'; - } - } -- cgit v1.2.3