diff options
| author | sean finney <seanius@debian.org> | 2007-06-04 22:02:10 +0200 |
|---|---|---|
| committer | Mark A. Hershberger <mah@debian.(none)> | 2009-03-25 00:37:56 -0400 |
| commit | 4ba200bf67475701d10b8c6d55a49759f98e767a (patch) | |
| tree | 6248bee707cc0da08438b3afd70116a162610f0c | |
| parent | 78dd326c412c616f8022ada6fac3844cf7eb3162 (diff) | |
| download | php-debian/5.2.3-1.tar.gz | |
Imported Debian patch 5.2.3-1debian/5.2.3-1
| -rw-r--r-- | debian/NEWS | 25 | ||||
| -rw-r--r-- | debian/changelog | 13 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | debian/patches/001-libtool_fixes.patch | 14 | ||||
| -rw-r--r-- | debian/patches/006-debian_quirks.patch | 88 | ||||
| -rw-r--r-- | debian/patches/013-force_getaddrinfo.patch | 8 | ||||
| -rw-r--r-- | debian/patches/036-fd_setsize_fix.patch | 14 | ||||
| -rw-r--r-- | debian/patches/044-strtod_arm_fix.patch | 6 | ||||
| -rw-r--r-- | debian/patches/053-extension_api.patch | 16 | ||||
| -rw-r--r-- | debian/patches/057-no_apache_installed.patch | 73 | ||||
| -rw-r--r-- | debian/patches/113-php.ini_securitynotes.patch | 8 | ||||
| -rw-r--r-- | debian/patches/119-CVE-2007-1887-1888-MOPB-41.patch | 39 | ||||
| -rw-r--r-- | debian/patches/119-CVE-2007-1900-MOPB-45.patch | 13 | ||||
| -rw-r--r-- | debian/patches/series | 2 | ||||
| -rw-r--r-- | debian/patches/suhosin.patch | 2633 | ||||
| -rwxr-xr-x | debian/rules | 26 |
16 files changed, 2833 insertions, 147 deletions
diff --git a/debian/NEWS b/debian/NEWS index b6df86c2e..e15746000 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,13 +1,20 @@ -php5 (5.1.6-5) unstable; urgency=low +php5 (5.2.3-1) unstable; urgency=low - the debian php packages now support a modular configuration layout. + in addition to this new upstream release, we are now moving towards + having the suhosin patch (http://www.hardened-php.net/suhosin/index.html) + enabled by default. we're not yet ready to enable it, but the packages + can be built with the patch enabled with very little effort. if you + are interested in trying this out, just do: - if you have previously installed modules that have put entries in - your php.ini file, you will probably be getting various warning - messages about duplicate modules if you have error reporting enabled - with a mask including E_WARN. + apt-get install build-essential fakeroot + apt-get build-dep php5 + cd php5-5.2.3 + export DEB_BUILD_OPTIONS=suhosin + dpkg-buildpackage -rfakeroot - no attempt will be made to muck further with your php.ini file, so you - should remove those lines yourself. + or something similar, preferably on your development box :) - -- sean finney <seanius@debian.org> Thu, 19 Oct 2006 22:47:19 +0200 + if you try this out, please report successes and/or failures to us at + pkg-php-maint@lists.alioth.debian.org. + + -- sean finney <seanius@debian.org> Mon, 04 Jun 2007 22:02:52 +0200 diff --git a/debian/changelog b/debian/changelog index 4250682df..860800075 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +php5 (5.2.3-1) unstable; urgency=low + + * new upstream release. + * upstream has incorporated the last of the recent CVE fixes, so + the patches have been removed. + * change build dependencies for firebird2-dev -> firebird1.5-dev, + as the firebird maintainer has changed names in order to provide + more clarity since there's also a firebird2.0 now (closes: #427181). + * now include, but do not apply by default, the suhosin patch. see + NEWS.Debian for more information. + + -- sean finney <seanius@debian.org> Mon, 04 Jun 2007 22:02:10 +0200 + php5 (5.2.2-2) unstable; urgency=low [sean finney] diff --git a/debian/control b/debian/control index ea642cb8c..ab6ec5ef3 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: web Priority: optional Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Uploaders: Adam Conrad <adconrad@0c3.net>, Steve Langasek <vorlon@debian.org>, Jeroen van Wolffelaar <jeroen@wolffelaar.nl>, Ondřej Surý <ondrej@debian.org>, sean finney <seanius@debian.org> -Build-Depends: apache2-prefork-dev (>= 2.0.53-3), autoconf, automake1.4, bison, chrpath, debhelper (>= 3), firebird2-dev [i386 amd64], flex (>= 2.5.4), freetds-dev, libapr1-dev (>= 1.2.7-8), libbz2-dev (>= 1.0.0), libc-client-dev, libcurl3-openssl-dev | libcurl3-dev, libdb4.4-dev, libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd2-xpm-dev (>= 2.0.28-3), libjpeg62-dev, libkrb5-dev, libldap2-dev, libmcrypt-dev, libmhash-dev (>= 0.8.8), libmysqlclient15-dev, libncurses5-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng12-dev, libpq-dev | postgresql-dev, libpspell-dev, librecode-dev, libsasl2-dev, libsnmp10-dev | libsnmp-dev, libsqlite0-dev, libssl-dev (>= 0.9.6), libt1-dev, libtidy-dev, libtool (>= 1.4.2-4), libwrap0-dev, libxmltok1-dev, libxml2-dev (>= 2.4.14), libxslt1-dev (>= 1.0.18), quilt, re2c, unixodbc-dev, zlib1g-dev (>= 1.0.9) +Build-Depends: apache2-prefork-dev (>= 2.0.53-3), autoconf, automake1.4, bison, chrpath, debhelper (>= 3), firebird1.5-dev [i386 amd64], flex (>= 2.5.4), freetds-dev, libapr1-dev (>= 1.2.7-8), libbz2-dev (>= 1.0.0), libc-client-dev, libcurl3-openssl-dev | libcurl3-dev, libdb4.4-dev, libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd2-xpm-dev (>= 2.0.28-3), libjpeg62-dev, libkrb5-dev, libldap2-dev, libmcrypt-dev, libmhash-dev (>= 0.8.8), libmysqlclient15-dev, libncurses5-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng12-dev, libpq-dev | postgresql-dev, libpspell-dev, librecode-dev, libsasl2-dev, libsnmp10-dev | libsnmp-dev, libsqlite0-dev, libssl-dev (>= 0.9.6), libt1-dev, libtidy-dev, libtool (>= 1.4.2-4), libwrap0-dev, libxmltok1-dev, libxml2-dev (>= 2.4.14), libxslt1-dev (>= 1.0.18), quilt, re2c, unixodbc-dev, zlib1g-dev (>= 1.0.9) Build-Conflicts: bind-dev Standards-Version: 3.7.2 diff --git a/debian/patches/001-libtool_fixes.patch b/debian/patches/001-libtool_fixes.patch index f29df69fa..7f489e460 100644 --- a/debian/patches/001-libtool_fixes.patch +++ b/debian/patches/001-libtool_fixes.patch @@ -1,7 +1,7 @@ -Index: php5-5.2.2/TSRM/configure.in +Index: php5-5.2.3/TSRM/configure.in =================================================================== ---- php5-5.2.2.orig/TSRM/configure.in 2007-05-04 17:08:09.000000000 +0200 -+++ php5-5.2.2/TSRM/configure.in 2007-05-04 17:08:11.000000000 +0200 +--- php5-5.2.3.orig/TSRM/configure.in 2007-06-02 13:59:06.000000000 +0200 ++++ php5-5.2.3/TSRM/configure.in 2007-06-02 13:59:09.000000000 +0200 @@ -13,9 +13,6 @@ TSRM_THREADS_CHECKS @@ -12,11 +12,11 @@ Index: php5-5.2.2/TSRM/configure.in dnl TSRM_PTHREAD -Index: php5-5.2.2/configure.in +Index: php5-5.2.3/configure.in =================================================================== ---- php5-5.2.2.orig/configure.in 2007-05-04 17:08:09.000000000 +0200 -+++ php5-5.2.2/configure.in 2007-05-04 17:08:11.000000000 +0200 -@@ -1279,9 +1279,6 @@ +--- php5-5.2.3.orig/configure.in 2007-06-02 13:59:06.000000000 +0200 ++++ php5-5.2.3/configure.in 2007-06-02 13:59:09.000000000 +0200 +@@ -1273,9 +1273,6 @@ LDFLAGS="$LDFLAGS $PHP_AIX_LDFLAGS" AC_PROG_LIBTOOL diff --git a/debian/patches/006-debian_quirks.patch b/debian/patches/006-debian_quirks.patch index d144bb237..7a95ab9db 100644 --- a/debian/patches/006-debian_quirks.patch +++ b/debian/patches/006-debian_quirks.patch @@ -1,8 +1,8 @@ -Index: php5-5.2.2/configure.in +Index: php5-5.2.3/configure.in =================================================================== ---- php5-5.2.2.orig/configure.in 2007-05-20 21:13:15.000000000 +0200 -+++ php5-5.2.2/configure.in 2007-05-20 21:13:26.000000000 +0200 -@@ -968,7 +968,7 @@ +--- php5-5.2.3.orig/configure.in 2007-06-02 13:59:09.000000000 +0200 ++++ php5-5.2.3/configure.in 2007-06-02 13:59:19.000000000 +0200 +@@ -962,7 +962,7 @@ fi PHP_ARG_WITH(pear, [whether to install PEAR], @@ -11,7 +11,7 @@ Index: php5-5.2.2/configure.in --without-pear Do not install PEAR], DEFAULT, yes) if test "$PHP_PEAR" != "no"; then -@@ -1002,7 +1002,7 @@ +@@ -996,7 +996,7 @@ if test "$PHP_PEAR" = "DEFAULT" || test "$PHP_PEAR" = "yes"; then case $PHP_LAYOUT in GNU) PEAR_INSTALLDIR=$datadir/pear;; @@ -20,7 +20,7 @@ Index: php5-5.2.2/configure.in esac fi -@@ -1057,12 +1057,12 @@ +@@ -1051,12 +1051,12 @@ case $libdir in '${exec_prefix}/lib') @@ -35,7 +35,7 @@ Index: php5-5.2.2/configure.in ;; *) ;; esac -@@ -1128,7 +1128,7 @@ +@@ -1122,7 +1122,7 @@ EXPANDED_DATADIR=$datadir EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` @@ -44,10 +44,10 @@ Index: php5-5.2.2/configure.in exec_prefix=$old_exec_prefix libdir=$old_libdir -Index: php5-5.2.2/ext/ext_skel +Index: php5-5.2.3/ext/ext_skel =================================================================== ---- php5-5.2.2.orig/ext/ext_skel 2004-05-16 14:10:35.000000000 +0200 -+++ php5-5.2.2/ext/ext_skel 2007-05-20 21:13:26.000000000 +0200 +--- php5-5.2.3.orig/ext/ext_skel 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/ext/ext_skel 2007-06-02 13:59:19.000000000 +0200 @@ -70,7 +70,7 @@ fi @@ -57,10 +57,10 @@ Index: php5-5.2.2/ext/ext_skel fi ## convert skel_dir to full path -Index: php5-5.2.2/ext/session/session.c +Index: php5-5.2.3/ext/session/session.c =================================================================== ---- php5-5.2.2.orig/ext/session/session.c 2007-04-04 21:52:19.000000000 +0200 -+++ php5-5.2.2/ext/session/session.c 2007-05-20 21:13:26.000000000 +0200 +--- php5-5.2.3.orig/ext/session/session.c 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/ext/session/session.c 2007-06-02 13:59:19.000000000 +0200 @@ -180,11 +180,11 @@ PHP_INI_BEGIN() STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals) @@ -75,11 +75,11 @@ Index: php5-5.2.2/ext/session/session.c STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals) PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer) -Index: php5-5.2.2/php.ini-dist +Index: php5-5.2.3/php.ini-dist =================================================================== ---- php5-5.2.2.orig/php.ini-dist 2007-04-12 14:31:39.000000000 +0200 -+++ php5-5.2.2/php.ini-dist 2007-05-20 21:13:26.000000000 +0200 -@@ -455,7 +455,7 @@ +--- php5-5.2.3.orig/php.ini-dist 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/php.ini-dist 2007-06-02 13:59:19.000000000 +0200 +@@ -456,7 +456,7 @@ ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" @@ -88,7 +88,7 @@ Index: php5-5.2.2/php.ini-dist ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" -@@ -472,7 +472,7 @@ +@@ -473,7 +473,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. @@ -97,7 +97,7 @@ Index: php5-5.2.2/php.ini-dist ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically -@@ -577,58 +577,6 @@ +@@ -586,58 +586,6 @@ ; extension_dir directive above. @@ -156,7 +156,7 @@ Index: php5-5.2.2/php.ini-dist ;;;;;;;;;;;;;;;;;;; ; Module Settings ; ;;;;;;;;;;;;;;;;;;; -@@ -969,7 +917,7 @@ +@@ -978,7 +926,7 @@ ; ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. @@ -165,7 +165,7 @@ Index: php5-5.2.2/php.ini-dist ; Whether to use cookies. session.use_cookies = 1 -@@ -1007,7 +955,10 @@ +@@ -1016,7 +964,10 @@ ; e.g. 1/100 means there is a 1% chance that the GC process starts ; on each request. @@ -177,11 +177,11 @@ Index: php5-5.2.2/php.ini-dist session.gc_divisor = 100 ; After this number of seconds, stored data will be seen as 'garbage' and -Index: php5-5.2.2/php.ini-recommended +Index: php5-5.2.3/php.ini-recommended =================================================================== ---- php5-5.2.2.orig/php.ini-recommended 2007-04-12 14:31:39.000000000 +0200 -+++ php5-5.2.2/php.ini-recommended 2007-05-20 21:13:26.000000000 +0200 -@@ -500,7 +500,7 @@ +--- php5-5.2.3.orig/php.ini-recommended 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/php.ini-recommended 2007-06-02 13:59:19.000000000 +0200 +@@ -504,7 +504,7 @@ ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" @@ -190,7 +190,7 @@ Index: php5-5.2.2/php.ini-recommended ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" -@@ -517,7 +517,7 @@ +@@ -521,7 +521,7 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. @@ -199,7 +199,7 @@ Index: php5-5.2.2/php.ini-recommended ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically -@@ -622,58 +622,6 @@ +@@ -634,58 +634,6 @@ ; extension_dir directive above. @@ -258,7 +258,7 @@ Index: php5-5.2.2/php.ini-recommended ;;;;;;;;;;;;;;;;;;; ; Module Settings ; ;;;;;;;;;;;;;;;;;;; -@@ -1014,7 +962,7 @@ +@@ -1026,7 +974,7 @@ ; ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. @@ -267,7 +267,7 @@ Index: php5-5.2.2/php.ini-recommended ; Whether to use cookies. session.use_cookies = 1 -@@ -1052,7 +1000,10 @@ +@@ -1064,7 +1012,10 @@ ; e.g. 1/100 means there is a 1% chance that the GC process starts ; on each request. @@ -279,10 +279,10 @@ Index: php5-5.2.2/php.ini-recommended session.gc_divisor = 1000 ; After this number of seconds, stored data will be seen as 'garbage' and -Index: php5-5.2.2/sapi/caudium/config.m4 +Index: php5-5.2.3/sapi/caudium/config.m4 =================================================================== ---- php5-5.2.2.orig/sapi/caudium/config.m4 2005-11-29 19:26:02.000000000 +0100 -+++ php5-5.2.2/sapi/caudium/config.m4 2007-05-20 21:13:26.000000000 +0200 +--- php5-5.2.3.orig/sapi/caudium/config.m4 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/sapi/caudium/config.m4 2007-06-02 13:59:19.000000000 +0200 @@ -24,8 +24,8 @@ AC_MSG_ERROR(Couldn't find a pike in $withval/bin/) fi @@ -305,10 +305,10 @@ Index: php5-5.2.2/sapi/caudium/config.m4 RESULT=" *** Pike binary used: $PIKE *** Pike include dir(s) used: $PIKE_INCLUDE_DIR *** Pike version: $PIKE_VERSION" -Index: php5-5.2.2/sapi/cli/php.1.in +Index: php5-5.2.3/sapi/cli/php.1.in =================================================================== ---- php5-5.2.2.orig/sapi/cli/php.1.in 2007-04-23 22:54:22.000000000 +0200 -+++ php5-5.2.2/sapi/cli/php.1.in 2007-05-20 21:13:49.000000000 +0200 +--- php5-5.2.3.orig/sapi/cli/php.1.in 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/sapi/cli/php.1.in 2007-06-02 13:59:19.000000000 +0200 @@ -306,13 +306,14 @@ .B name .SH FILES @@ -329,10 +329,10 @@ Index: php5-5.2.2/sapi/cli/php.1.in .SH EXAMPLES .TP 5 \fIphp -r 'echo "Hello World\\n";'\fP -Index: php5-5.2.2/scripts/Makefile.frag +Index: php5-5.2.3/scripts/Makefile.frag =================================================================== ---- php5-5.2.2.orig/scripts/Makefile.frag 2005-11-22 00:08:02.000000000 +0100 -+++ php5-5.2.2/scripts/Makefile.frag 2007-05-20 21:13:26.000000000 +0200 +--- php5-5.2.3.orig/scripts/Makefile.frag 2007-06-02 13:59:06.000000000 +0200 ++++ php5-5.2.3/scripts/Makefile.frag 2007-06-02 13:59:19.000000000 +0200 @@ -3,8 +3,8 @@ # Build environment install # @@ -344,10 +344,10 @@ Index: php5-5.2.2/scripts/Makefile.frag BUILD_FILES = \ scripts/phpize.m4 \ -Index: php5-5.2.2/scripts/php-config.in +Index: php5-5.2.3/scripts/php-config.in =================================================================== ---- php5-5.2.2.orig/scripts/php-config.in 2006-07-27 10:53:16.000000000 +0200 -+++ php5-5.2.2/scripts/php-config.in 2007-05-20 21:13:26.000000000 +0200 +--- php5-5.2.3.orig/scripts/php-config.in 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/scripts/php-config.in 2007-06-02 13:59:19.000000000 +0200 @@ -4,8 +4,8 @@ exec_prefix="@exec_prefix@" version="@PHP_VERSION@" @@ -359,10 +359,10 @@ Index: php5-5.2.2/scripts/php-config.in ldflags="@PHP_LDFLAGS@" libs="@EXTRA_LIBS@" extension_dir='@EXTENSION_DIR@' -Index: php5-5.2.2/scripts/phpize.in +Index: php5-5.2.3/scripts/phpize.in =================================================================== ---- php5-5.2.2.orig/scripts/phpize.in 2005-12-12 12:51:45.000000000 +0100 -+++ php5-5.2.2/scripts/phpize.in 2007-05-20 21:13:26.000000000 +0200 +--- php5-5.2.3.orig/scripts/phpize.in 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/scripts/phpize.in 2007-06-02 13:59:19.000000000 +0200 @@ -3,8 +3,8 @@ # Variable declaration prefix='@prefix@' diff --git a/debian/patches/013-force_getaddrinfo.patch b/debian/patches/013-force_getaddrinfo.patch index c6290ea90..b7778fc48 100644 --- a/debian/patches/013-force_getaddrinfo.patch +++ b/debian/patches/013-force_getaddrinfo.patch @@ -1,8 +1,8 @@ -Index: php5-5.2.2/configure.in +Index: php5-5.2.3/configure.in =================================================================== ---- php5-5.2.2.orig/configure.in 2007-05-04 17:08:28.000000000 +0200 -+++ php5-5.2.2/configure.in 2007-05-04 17:08:32.000000000 +0200 -@@ -553,50 +553,50 @@ +--- php5-5.2.3.orig/configure.in 2007-06-02 13:59:19.000000000 +0200 ++++ php5-5.2.3/configure.in 2007-06-02 13:59:25.000000000 +0200 +@@ -547,50 +547,50 @@ dnl Check for getaddrinfo, should be a better way, but... dnl Also check for working getaddrinfo diff --git a/debian/patches/036-fd_setsize_fix.patch b/debian/patches/036-fd_setsize_fix.patch index 9a5debff7..fb7c3e9af 100644 --- a/debian/patches/036-fd_setsize_fix.patch +++ b/debian/patches/036-fd_setsize_fix.patch @@ -1,8 +1,8 @@ -Index: php5-5.2.2/ext/sockets/sockets.c +Index: php5-5.2.3/ext/sockets/sockets.c =================================================================== ---- php5-5.2.2.orig/ext/sockets/sockets.c 2007-02-25 23:59:32.000000000 +0100 -+++ php5-5.2.2/ext/sockets/sockets.c 2007-05-04 17:12:55.000000000 +0200 -@@ -548,6 +548,7 @@ +--- php5-5.2.3.orig/ext/sockets/sockets.c 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/ext/sockets/sockets.c 2007-06-02 13:59:40.000000000 +0200 +@@ -541,6 +541,7 @@ php_sock = (php_socket*) zend_fetch_resource(element TSRMLS_CC, -1, le_socket_name, NULL, 1, le_socket); if (!php_sock) continue; /* If element is not a resource, skip it */ @@ -10,10 +10,10 @@ Index: php5-5.2.2/ext/sockets/sockets.c PHP_SAFE_FD_SET(php_sock->bsd_socket, fds); if (php_sock->bsd_socket > *max_fd) { -Index: php5-5.2.2/ext/standard/streamsfuncs.c +Index: php5-5.2.3/ext/standard/streamsfuncs.c =================================================================== ---- php5-5.2.2.orig/ext/standard/streamsfuncs.c 2007-04-09 17:38:58.000000000 +0200 -+++ php5-5.2.2/ext/standard/streamsfuncs.c 2007-05-04 17:12:55.000000000 +0200 +--- php5-5.2.3.orig/ext/standard/streamsfuncs.c 2007-06-02 13:59:05.000000000 +0200 ++++ php5-5.2.3/ext/standard/streamsfuncs.c 2007-06-02 13:59:40.000000000 +0200 @@ -592,6 +592,9 @@ * is not displayed. * */ diff --git a/debian/patches/044-strtod_arm_fix.patch b/debian/patches/044-strtod_arm_fix.patch index f0c7b8e28..e9a795453 100644 --- a/debian/patches/044-strtod_arm_fix.patch +++ b/debian/patches/044-strtod_arm_fix.patch @@ -46,9 +46,9 @@ Index: php5-5.2.2/Zend/zend_strtod.c typedef union { @@ -276,7 +286,7 @@ - * * An alternative that might be better on some machines is - * * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff) - * */ + * An alternative that might be better on some machines is + * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff) + */ -#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm__) +#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(IEEE_BYTES_LITTLE_ENDIAN) #define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \ diff --git a/debian/patches/053-extension_api.patch b/debian/patches/053-extension_api.patch index a02f2b8d2..927a5b5e3 100644 --- a/debian/patches/053-extension_api.patch +++ b/debian/patches/053-extension_api.patch @@ -1,8 +1,8 @@ -Index: php5-5.2.2/configure.in +Index: php5-5.2.3/configure.in =================================================================== ---- php5-5.2.2.orig/configure.in 2007-05-04 17:08:32.000000000 +0200 -+++ php5-5.2.2/configure.in 2007-05-04 17:42:39.000000000 +0200 -@@ -1082,8 +1082,13 @@ +--- php5-5.2.3.orig/configure.in 2007-06-02 13:59:25.000000000 +0200 ++++ php5-5.2.3/configure.in 2007-06-02 13:59:50.000000000 +0200 +@@ -1076,8 +1076,13 @@ ZEND_MODULE_API_NO=`$EGREP '#define ZEND_MODULE_API_NO ' $srcdir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO //'` @@ -17,7 +17,7 @@ Index: php5-5.2.2/configure.in if test "$oldstyleextdir" = "yes"; then if test "$PHP_DEBUG" = "1"; then part1=debug -@@ -1222,6 +1227,7 @@ +@@ -1216,6 +1221,7 @@ PHP_SUBST(CXXFLAGS) PHP_SUBST(CXXFLAGS_CLEAN) PHP_SUBST_OLD(DEBUG_CFLAGS) @@ -25,10 +25,10 @@ Index: php5-5.2.2/configure.in PHP_SUBST_OLD(EXTENSION_DIR) PHP_SUBST_OLD(EXTRA_LDFLAGS) PHP_SUBST_OLD(EXTRA_LDFLAGS_PROGRAM) -Index: php5-5.2.2/scripts/php-config.in +Index: php5-5.2.3/scripts/php-config.in =================================================================== ---- php5-5.2.2.orig/scripts/php-config.in 2007-05-04 17:08:28.000000000 +0200 -+++ php5-5.2.2/scripts/php-config.in 2007-05-04 17:42:39.000000000 +0200 +--- php5-5.2.3.orig/scripts/php-config.in 2007-06-02 13:59:19.000000000 +0200 ++++ php5-5.2.3/scripts/php-config.in 2007-06-02 13:59:50.000000000 +0200 @@ -13,6 +13,7 @@ program_suffix="@program_suffix@" exe_extension="@EXEEXT@" diff --git a/debian/patches/057-no_apache_installed.patch b/debian/patches/057-no_apache_installed.patch index 2e35bcf7f..966cd091d 100644 --- a/debian/patches/057-no_apache_installed.patch +++ b/debian/patches/057-no_apache_installed.patch @@ -1,7 +1,7 @@ -Index: php5-5.2.0/sapi/apache2handler/config.m4 +Index: php5-5.2.3/sapi/apache2handler/config.m4 =================================================================== ---- php5-5.2.0.orig/sapi/apache2handler/config.m4 2007-03-18 22:56:59.000000000 +0100 -+++ php5-5.2.0/sapi/apache2handler/config.m4 2007-03-18 22:58:44.000000000 +0100 +--- php5-5.2.3.orig/sapi/apache2handler/config.m4 2005-09-01 16:33:47.000000000 +0200 ++++ php5-5.2.3/sapi/apache2handler/config.m4 2007-06-04 00:28:02.000000000 +0200 @@ -56,13 +56,13 @@ APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" @@ -23,3 +23,70 @@ Index: php5-5.2.0/sapi/apache2handler/config.m4 APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` if test -z `$APXS -q SYSCONFDIR`; then +Index: php5-5.2.3/sapi/apache/config.m4 +=================================================================== +--- php5-5.2.3.orig/sapi/apache/config.m4 2007-06-04 00:29:29.000000000 +0200 ++++ php5-5.2.3/sapi/apache/config.m4 2007-06-04 00:30:22.000000000 +0200 +@@ -52,11 +52,11 @@ + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in +Index: php5-5.2.3/sapi/apache2filter/config.m4 +=================================================================== +--- php5-5.2.3.orig/sapi/apache2filter/config.m4 2007-06-04 00:29:29.000000000 +0200 ++++ php5-5.2.3/sapi/apache2filter/config.m4 2007-06-04 00:31:08.000000000 +0200 +@@ -57,13 +57,13 @@ + + APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS" + +- # Test that we're trying to configure with apache 2.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -le 2000000; then +- AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) +- elif test "$APACHE_VERSION" -lt 2000040; then +- AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) +- fi ++dnl # Test that we're trying to configure with apache 2.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -le 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)]) ++dnl elif test "$APACHE_VERSION" -lt 2000040; then ++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required]) ++dnl fi + + APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR` + if test -z `$APXS -q SYSCONFDIR`; then +Index: php5-5.2.3/sapi/apache_hooks/config.m4 +=================================================================== +--- php5-5.2.3.orig/sapi/apache_hooks/config.m4 2007-06-04 00:29:29.000000000 +0200 ++++ php5-5.2.3/sapi/apache_hooks/config.m4 2007-06-04 00:29:55.000000000 +0200 +@@ -53,11 +53,11 @@ + APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET` + APACHE_INCLUDE=-I$APXS_INCLUDEDIR + +- # Test that we're trying to configure with apache 1.x +- PHP_AP_EXTRACT_VERSION($APXS_HTTPD) +- if test "$APACHE_VERSION" -ge 2000000; then +- AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) +- fi ++dnl # Test that we're trying to configure with apache 1.x ++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD) ++dnl if test "$APACHE_VERSION" -ge 2000000; then ++dnl AC_MSG_ERROR([You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2]) ++dnl fi + + for flag in $APXS_CFLAGS; do + case $flag in diff --git a/debian/patches/113-php.ini_securitynotes.patch b/debian/patches/113-php.ini_securitynotes.patch index f0989a26f..610d3593a 100644 --- a/debian/patches/113-php.ini_securitynotes.patch +++ b/debian/patches/113-php.ini_securitynotes.patch @@ -1,7 +1,7 @@ -Index: php5-5.2.0/php.ini-dist +Index: php5-5.2.3/php.ini-dist =================================================================== ---- php5-5.2.0.orig/php.ini-dist 2007-03-18 22:58:39.000000000 +0100 -+++ php5-5.2.0/php.ini-dist 2007-03-18 22:58:45.000000000 +0100 +--- php5-5.2.3.orig/php.ini-dist 2007-06-02 14:00:07.000000000 +0200 ++++ php5-5.2.3/php.ini-dist 2007-06-02 14:00:08.000000000 +0200 @@ -166,6 +166,11 @@ ; ; Safe Mode @@ -28,7 +28,7 @@ Index: php5-5.2.0/php.ini-dist ;open_basedir = ; This directive allows you to disable certain functions for security reasons. -@@ -400,6 +412,11 @@ +@@ -401,6 +413,11 @@ ; You should do your best to write your scripts so that they do not require ; register_globals to be on; Using form variables as globals can easily lead ; to possible security problems, if the code is not very well thought of. diff --git a/debian/patches/119-CVE-2007-1887-1888-MOPB-41.patch b/debian/patches/119-CVE-2007-1887-1888-MOPB-41.patch deleted file mode 100644 index 3d8be749f..000000000 --- a/debian/patches/119-CVE-2007-1887-1888-MOPB-41.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -uNrp php5-5.2.1/ext/sqlite/sess_sqlite.c php5-5.2.1-kees/ext/sqlite/sess_sqlite.c ---- php5-5.2.1/ext/sqlite/sess_sqlite.c 2007-01-01 01:36:07.000000000 -0800 -+++ php5-5.2.1-kees/ext/sqlite/sess_sqlite.c 2007-04-18 17:05:57.000000000 -0700 -@@ -31,6 +31,11 @@ - extern int sqlite_encode_binary(const unsigned char *in, int n, unsigned char *out); - extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out); - -+#define php_sqlite_decode_binary(in, out) ( \ -+ (!in || !*in) ? 0 : \ -+ sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) \ -+) -+ - PS_FUNCS(sqlite); - - ps_module ps_mod_sqlite = { -@@ -111,7 +116,7 @@ PS_READ_FUNC(sqlite) - if (rowdata[0] != NULL) { - *vallen = strlen(rowdata[0]); - *val = emalloc(*vallen); -- *vallen = sqlite_decode_binary(rowdata[0], *val); -+ *vallen = php_sqlite_decode_binary(rowdata[0], *val); - (*val)[*vallen] = '\0'; - } - break; -diff -uNrp php5-5.2.1/ext/sqlite/sqlite.c php5-5.2.1-kees/ext/sqlite/sqlite.c ---- php5-5.2.1/ext/sqlite/sqlite.c 2007-01-01 01:36:07.000000000 -0800 -+++ php5-5.2.1-kees/ext/sqlite/sqlite.c 2007-04-18 17:04:43.000000000 -0700 -@@ -73,7 +73,10 @@ extern int sqlite_encode_binary(const un - extern int sqlite_decode_binary(const unsigned char *in, unsigned char *out); - - #define php_sqlite_encode_binary(in, n, out) sqlite_encode_binary((const unsigned char *)in, n, (unsigned char *)out) --#define php_sqlite_decode_binary(in, out) sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) -+#define php_sqlite_decode_binary(in, out) ( \ -+ (!in || !*in) ? 0 : \ -+ sqlite_decode_binary((const unsigned char *)in, (unsigned char *)out) \ -+) - - static int sqlite_count_elements(zval *object, long *count TSRMLS_DC); - diff --git a/debian/patches/119-CVE-2007-1900-MOPB-45.patch b/debian/patches/119-CVE-2007-1900-MOPB-45.patch deleted file mode 100644 index 113edb381..000000000 --- a/debian/patches/119-CVE-2007-1900-MOPB-45.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: php5-5.2.2/ext/filter/logical_filters.c -=================================================================== ---- php5-5.2.2.orig/ext/filter/logical_filters.c 2007-01-01 10:36:00.000000000 +0100 -+++ php5-5.2.2/ext/filter/logical_filters.c 2007-05-04 19:07:01.000000000 +0200 -@@ -469,7 +469,7 @@ - void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ - { - /* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */ -- const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/"; -+ const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/D"; - - pcre *re = NULL; - pcre_extra *pcre_extra = NULL; diff --git a/debian/patches/series b/debian/patches/series index 791b781c4..85e0aabc9 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -24,5 +24,3 @@ 108-64_bit_datetime.patch 112-proc_open.patch 113-php.ini_securitynotes.patch -119-CVE-2007-1887-1888-MOPB-41.patch -119-CVE-2007-1900-MOPB-45.patch diff --git a/debian/patches/suhosin.patch b/debian/patches/suhosin.patch new file mode 100644 index 000000000..8a4619539 --- /dev/null +++ b/debian/patches/suhosin.patch @@ -0,0 +1,2633 @@ +diff -Nura php-5.2.3/configure suhosin-patch-5.2.3-0.9.6.2/configure +--- php-5.2.3/configure 2007-05-30 20:50:52.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/configure 2007-06-01 11:07:20.000000000 +0200 +@@ -17925,6 +17925,9 @@ + + fi + ++cat >> confdefs.h <<\EOF ++#define SUHOSIN_PATCH 1 ++EOF + + echo $ac_n "checking for declared timezone""... $ac_c" 1>&6 + echo "configure:17931: checking for declared timezone" >&5 +@@ -114937,7 +114940,7 @@ + php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ + strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ + network.c php_open_temporary_file.c php_logos.c \ +- output.c ; do ++ output.c suhosin_patch.c ; do + + IFS=. + set $ac_src +@@ -115139,7 +115142,7 @@ + zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \ + zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ + zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \ +- zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c; do ++ zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_canary.c; do + + IFS=. + set $ac_src +diff -Nura php-5.2.3/configure.in suhosin-patch-5.2.3-0.9.6.2/configure.in +--- php-5.2.3/configure.in 2007-05-30 20:45:59.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/configure.in 2007-06-01 11:03:54.000000000 +0200 +@@ -220,6 +220,7 @@ + sinclude(TSRM/threads.m4) + sinclude(TSRM/tsrm.m4) + ++sinclude(main/suhosin_patch.m4) + + divert(2) + +@@ -1318,7 +1319,7 @@ + php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ + strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \ + network.c php_open_temporary_file.c php_logos.c \ +- output.c ) ++ output.c suhosin_patch.c ) + + PHP_ADD_SOURCES(main/streams, streams.c cast.c memory.c filter.c \ + plain_wrapper.c userspace.c transports.c xp_socket.c mmap.c) +@@ -1344,7 +1345,7 @@ + zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \ + zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \ + zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \ +- zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c) ++ zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_canary.c ) + + if test -r "$abs_srcdir/Zend/zend_objects.c"; then + PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c \ +diff -Nura php-5.2.3/ext/standard/basic_functions.c suhosin-patch-5.2.3-0.9.6.2/ext/standard/basic_functions.c +--- php-5.2.3/ext/standard/basic_functions.c 2007-05-22 17:38:27.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/ext/standard/basic_functions.c 2007-06-01 11:03:54.000000000 +0200 +@@ -3560,7 +3560,9 @@ + PHP_FALIAS(socket_get_status, stream_get_meta_data, arginfo_stream_get_meta_data) + + #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS) +- PHP_FE(realpath, arginfo_realpath) ++#undef realpath ++ PHP_NAMED_FE(realpath, PHP_FN(real_path), arginfo_realpath) ++#define realpath real_path + #endif + + #ifdef HAVE_FNMATCH +diff -Nura php-5.2.3/ext/standard/dl.c suhosin-patch-5.2.3-0.9.6.2/ext/standard/dl.c +--- php-5.2.3/ext/standard/dl.c 2007-02-23 01:37:35.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/ext/standard/dl.c 2007-06-01 11:03:54.000000000 +0200 +@@ -233,6 +233,19 @@ + RETURN_FALSE; + } + } ++#if SUHOSIN_PATCH ++ if (strncmp("suhosin", module_entry->name, sizeof("suhosin")-1) == 0) { ++ void *log_func; ++ /* sucessfully loaded suhosin extension, now check for logging function replacement */ ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "suhosin_log"); ++ if (log_func == NULL) { ++ log_func = (void *) DL_FETCH_SYMBOL(handle, "_suhosin_log"); ++ } ++ if (log_func != NULL) { ++ zend_suhosin_log = log_func; ++ } ++ } ++#endif + RETURN_TRUE; + } + /* }}} */ +diff -Nura php-5.2.3/ext/standard/file.c suhosin-patch-5.2.3-0.9.6.2/ext/standard/file.c +--- php-5.2.3/ext/standard/file.c 2007-05-27 19:33:39.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/ext/standard/file.c 2007-06-01 11:03:54.000000000 +0200 +@@ -2359,7 +2359,7 @@ + #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS) + /* {{{ proto string realpath(string path) + Return the resolved path */ +-PHP_FUNCTION(realpath) ++PHP_FUNCTION(real_path) + { + zval **path; + char resolved_path_buff[MAXPATHLEN]; +diff -Nura php-5.2.3/ext/standard/file.h suhosin-patch-5.2.3-0.9.6.2/ext/standard/file.h +--- php-5.2.3/ext/standard/file.h 2007-01-10 15:40:06.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/ext/standard/file.h 2007-06-01 11:03:54.000000000 +0200 +@@ -61,7 +61,7 @@ + PHP_FUNCTION(fd_set); + PHP_FUNCTION(fd_isset); + #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS) +-PHP_FUNCTION(realpath); ++PHP_FUNCTION(real_path); + #endif + #ifdef HAVE_FNMATCH + PHP_FUNCTION(fnmatch); +diff -Nura php-5.2.3/ext/standard/info.c suhosin-patch-5.2.3-0.9.6.2/ext/standard/info.c +--- php-5.2.3/ext/standard/info.c 2007-04-02 14:41:07.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/ext/standard/info.c 2007-06-01 11:03:54.000000000 +0200 +@@ -627,6 +627,31 @@ + + php_info_print_table_end(); + ++ /* Suhosin Patch */ ++ php_info_print_box_start(0); ++ if (expose_php && !sapi_module.phpinfo_as_text) { ++ PUTS("<a href=\"http://www.hardened-php.net/suhosin/index.html\"><img border=\"0\" src=\""); ++ if (SG(request_info).request_uri) { ++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC); ++ PUTS(elem_esc); ++ efree(elem_esc); ++ } ++ PUTS("?="SUHOSIN_LOGO_GUID"\" alt=\"Suhosin logo\" /></a>\n"); ++ } ++ PUTS("This server is protected with the Suhosin Patch "); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS(SUHOSIN_PATCH_VERSION); ++ } else { ++ zend_html_puts(SUHOSIN_PATCH_VERSION, strlen(SUHOSIN_PATCH_VERSION) TSRMLS_CC); ++ } ++ PUTS(!sapi_module.phpinfo_as_text?"<br />":"\n"); ++ if (sapi_module.phpinfo_as_text) { ++ PUTS("Copyright (c) 2006 Hardened-PHP Project\n"); ++ } else { ++ PUTS("Copyright (c) 2006 <a href=\"http://www.hardened-php.net/\">Hardened-PHP Project</a>\n"); ++ } ++ php_info_print_box_end(); ++ + /* Zend Engine */ + php_info_print_box_start(0); + if (expose_php && !sapi_module.phpinfo_as_text) { +diff -Nura php-5.2.3/ext/standard/syslog.c suhosin-patch-5.2.3-0.9.6.2/ext/standard/syslog.c +--- php-5.2.3/ext/standard/syslog.c 2007-05-17 08:38:13.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/ext/standard/syslog.c 2007-06-01 11:03:54.000000000 +0200 +@@ -42,6 +42,7 @@ + */ + PHP_MINIT_FUNCTION(syslog) + { ++#if !SUHOSIN_PATCH + /* error levels */ + REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ + REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ +@@ -97,6 +98,7 @@ + /* AIX doesn't have LOG_PERROR */ + REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ + #endif ++#endif + BG(syslog_device)=NULL; + + return SUCCESS; +diff -Nura php-5.2.3/main/fopen_wrappers.c suhosin-patch-5.2.3-0.9.6.2/main/fopen_wrappers.c +--- php-5.2.3/main/fopen_wrappers.c 2007-04-18 13:58:40.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/main/fopen_wrappers.c 2007-06-01 11:03:54.000000000 +0200 +@@ -111,7 +111,7 @@ + + /* normalize and expand path */ + if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) { +- return -1; ++ return -2; + } + + path_len = strlen(resolved_name); +@@ -172,14 +172,20 @@ + } + } + ++ resolved_name_len = strlen(resolved_name); + if (path_tmp[path_len - 1] == PHP_DIR_SEPARATOR) { +- resolved_name_len = strlen(resolved_name); + if (resolved_name[resolved_name_len - 1] != PHP_DIR_SEPARATOR) { + resolved_name[resolved_name_len] = PHP_DIR_SEPARATOR; + resolved_name[++resolved_name_len] = '\0'; + } + } + ++ if (resolved_name_len == resolved_basedir_len - 1) { ++ if (resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) { ++ resolved_basedir_len--; ++ } ++ } ++ + /* Check the path */ + #if defined(PHP_WIN32) || defined(NETWARE) + if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { +@@ -193,7 +199,7 @@ + } + } else { + /* Unable to resolve the real path, return -1 */ +- return -1; ++ return -3; + } + } + /* }}} */ +@@ -212,22 +218,44 @@ + char *pathbuf; + char *ptr; + char *end; ++ char path_copy[MAXPATHLEN]; ++ int path_len; ++ ++ /* Special case path ends with a trailing slash */ ++ path_len = strlen(path); ++ if (path_len >= MAXPATHLEN) { ++ errno = EPERM; /* we deny permission to open it */ ++ return -1; ++ } ++ if (path_len > 0 && path[path_len-1] == PHP_DIR_SEPARATOR) { ++ memcpy(path_copy, path, path_len+1); ++ while (path_len > 0 && path_copy[path_len-1] == PHP_DIR_SEPARATOR) path_len--; ++ path_copy[path_len] = '\0'; ++ path = (const char *)&path_copy; ++ } + + pathbuf = estrdup(PG(open_basedir)); + + ptr = pathbuf; + + while (ptr && *ptr) { ++ int res; + end = strchr(ptr, DEFAULT_DIR_SEPARATOR); + if (end != NULL) { + *end = '\0'; + end++; + } + +- if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) { ++ res = php_check_specific_open_basedir(ptr, path TSRMLS_CC); ++ if (res == 0) { + efree(pathbuf); + return 0; + } ++ if (res == -2) { ++ efree(pathbuf); ++ errno = EPERM; ++ return -1; ++ } + + ptr = end; + } +diff -Nura php-5.2.3/main/main.c suhosin-patch-5.2.3-0.9.6.2/main/main.c +--- php-5.2.3/main/main.c 2007-04-18 11:38:56.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/main/main.c 2007-06-01 11:03:54.000000000 +0200 +@@ -88,6 +88,9 @@ + + #include "SAPI.h" + #include "rfc1867.h" ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#endif + /* }}} */ + + #ifndef ZTS +@@ -1211,7 +1214,7 @@ + + /* used to close fd's in the 3..255 range here, but it's problematic + */ +- shutdown_memory_manager(1, 1 TSRMLS_CC); ++ shutdown_memory_manager(1, 1 TSRMLS_CC); + } + /* }}} */ + +@@ -1252,6 +1255,9 @@ + + zend_try { + shutdown_memory_manager(CG(unclean_shutdown), 0 TSRMLS_CC); ++#if SUHOSIN_PATCH ++ suhosin_clear_mm_canaries(TSRMLS_C); ++#endif + } zend_end_try(); + + zend_try { +@@ -1334,6 +1340,9 @@ + /* 11. Free Willy (here be crashes) */ + zend_try { + shutdown_memory_manager(CG(unclean_shutdown) || !report_memleaks, 0 TSRMLS_CC); ++#if SUHOSIN_PATCH ++ suhosin_clear_mm_canaries(TSRMLS_C); ++#endif + } zend_end_try(); + + /* 12. Reset max_execution_time */ +@@ -1457,6 +1466,9 @@ + #ifdef ZTS + tsrm_ls = ts_resource(0); + #endif ++#if SUHOSIN_PATCH ++ suhosin_startup(); ++#endif + + module_shutdown = 0; + module_startup = 1; +@@ -1586,6 +1598,10 @@ + REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_PATH", PHP_CONFIG_FILE_PATH, strlen(PHP_CONFIG_FILE_PATH), CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS); ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("SUHOSIN_PATCH", 1, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_STRINGL_CONSTANT("SUHOSIN_PATCH_VERSION", SUHOSIN_PATCH_VERSION, sizeof(SUHOSIN_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS); ++#endif + REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS); + REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS); +@@ -1636,7 +1652,9 @@ + module_startup = 0; + + shutdown_memory_manager(1, 0 TSRMLS_CC); +- ++#if SUHOSIN_PATCH ++ suhosin_clear_mm_canaries(TSRMLS_C); ++#endif + /* we're done */ + return SUCCESS; + } +@@ -1694,6 +1712,9 @@ + #ifndef ZTS + zend_ini_shutdown(TSRMLS_C); + shutdown_memory_manager(CG(unclean_shutdown), 1 TSRMLS_CC); ++#if SUHOSIN_PATCH ++ suhosin_clear_mm_canaries(TSRMLS_C); ++#endif + core_globals_dtor(&core_globals TSRMLS_CC); + #else + zend_ini_global_shutdown(TSRMLS_C); +diff -Nura php-5.2.3/main/php_config.h.in suhosin-patch-5.2.3-0.9.6.2/main/php_config.h.in +--- php-5.2.3/main/php_config.h.in 2007-05-30 20:50:55.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/main/php_config.h.in 2007-06-01 11:03:54.000000000 +0200 +@@ -806,6 +806,9 @@ + /* Define if the target system has /dev/urandom device */ + #undef HAVE_DEV_URANDOM + ++/* Suhosin-Patch for PHP */ ++#undef SUHOSIN_PATCH ++ + /* Whether you have AOLserver */ + #undef HAVE_AOLSERVER + +diff -Nura php-5.2.3/main/php.h suhosin-patch-5.2.3-0.9.6.2/main/php.h +--- php-5.2.3/main/php.h 2007-01-01 10:36:11.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/php.h 2007-06-01 11:03:54.000000000 +0200 +@@ -40,6 +40,13 @@ + #undef sprintf + #define sprintf php_sprintf + ++#if SUHOSIN_PATCH ++#if HAVE_REALPATH ++#undef realpath ++#define realpath php_realpath ++#endif ++#endif ++ + /* PHP's DEBUG value must match Zend's ZEND_DEBUG value */ + #undef PHP_DEBUG + #define PHP_DEBUG ZEND_DEBUG +@@ -452,6 +459,10 @@ + #endif + #endif /* !XtOffsetOf */ + ++#if SUHOSIN_PATCH ++#include "suhosin_patch.h" ++#endif ++ + #endif + + /* +diff -Nura php-5.2.3/main/php_logos.c suhosin-patch-5.2.3-0.9.6.2/main/php_logos.c +--- php-5.2.3/main/php_logos.c 2007-01-06 21:44:51.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/php_logos.c 2007-06-01 11:03:54.000000000 +0200 +@@ -50,6 +50,10 @@ + return zend_hash_del(&phpinfo_logo_hash, logo_string, strlen(logo_string)); + } + ++#if SUHOSIN_PATCH ++#include "suhosin_logo.h" ++#endif ++ + int php_init_info_logos(void) + { + if(zend_hash_init(&phpinfo_logo_hash, 0, NULL, NULL, 1)==FAILURE) +@@ -58,6 +62,9 @@ + php_register_info_logo(PHP_LOGO_GUID , "image/gif", php_logo , sizeof(php_logo)); + php_register_info_logo(PHP_EGG_LOGO_GUID, "image/gif", php_egg_logo, sizeof(php_egg_logo)); + php_register_info_logo(ZEND_LOGO_GUID , "image/gif", zend_logo , sizeof(zend_logo)); ++#if SUHOSIN_PATCH ++ php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo, sizeof(suhosin_logo)); ++#endif + + return SUCCESS; + } +diff -Nura php-5.2.3/main/snprintf.c suhosin-patch-5.2.3-0.9.6.2/main/snprintf.c +--- php-5.2.3/main/snprintf.c 2007-04-13 00:01:20.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/main/snprintf.c 2007-06-01 11:03:54.000000000 +0200 +@@ -1069,7 +1069,11 @@ + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = cc; ++#endif + goto skip_output; + + /* +diff -Nura php-5.2.3/main/spprintf.c suhosin-patch-5.2.3-0.9.6.2/main/spprintf.c +--- php-5.2.3/main/spprintf.c 2007-01-01 10:36:11.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/spprintf.c 2007-06-01 11:03:54.000000000 +0200 +@@ -650,7 +650,11 @@ + + + case 'n': ++#if SUHOSIN_PATCH ++ zend_suhosin_log(S_MISC, "'n' specifier within format string"); ++#else + *(va_arg(ap, int *)) = xbuf->len; ++#endif + goto skip_output; + + /* +diff -Nura php-5.2.3/main/suhosin_globals.h suhosin-patch-5.2.3-0.9.6.2/main/suhosin_globals.h +--- php-5.2.3/main/suhosin_globals.h 1970-01-01 01:00:00.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/suhosin_globals.h 2007-06-01 11:03:54.000000000 +0200 +@@ -0,0 +1,61 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2006 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser <sesser@hardened-php.net> | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_GLOBALS_H ++#define SUHOSIN_GLOBALS_H ++ ++typedef struct _suhosin_patch_globals suhosin_patch_globals_struct; ++ ++#ifdef ZTS ++# define SPG(v) TSRMG(suhosin_patch_globals_id, suhosin_patch_globals_struct *, v) ++extern int suhosin_patch_globals_id; ++#else ++# define SPG(v) (suhosin_patch_globals.v) ++extern struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++ ++struct _suhosin_patch_globals { ++ /* logging */ ++ int log_syslog; ++ int log_syslog_facility; ++ int log_syslog_priority; ++ int log_sapi; ++ int log_script; ++ int log_phpscript; ++ char *log_scriptname; ++ char *log_phpscriptname; ++ zend_bool log_phpscript_is_safe; ++ zend_bool log_use_x_forwarded_for; ++ ++ /* memory manager canary protection */ ++ unsigned int canary_1; ++ unsigned int canary_2; ++ unsigned int canary_3; ++ unsigned int dummy; ++}; ++ ++ ++#endif /* SUHOSIN_GLOBALS_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +diff -Nura php-5.2.3/main/suhosin_logo.h suhosin-patch-5.2.3-0.9.6.2/main/suhosin_logo.h +--- php-5.2.3/main/suhosin_logo.h 1970-01-01 01:00:00.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/suhosin_logo.h 2007-06-01 11:03:54.000000000 +0200 +@@ -0,0 +1,178 @@ ++static unsigned char suhosin_logo[] = ++ "\xff\xd8\xff\xe0\x00\x10\x4a\x46\x49\x46\x00\x01\x01\x01\x00\x48" ++ "\x00\x48\x00\x00\xff\xe1\x00\x16\x45\x78\x69\x66\x00\x00\x4d\x4d" ++ "\x00\x2a\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\xff\xdb\x00\x43" ++ "\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01" ++ "\x01\xff\xc0\x00\x0b\x08\x00\x27\x00\x71\x01\x01\x22\x00\xff\xc4" ++ "\x00\x1e\x00\x00\x02\x02\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00" ++ "\x00\x00\x00\x00\x09\x06\x08\x05\x07\x02\x03\x0a\x01\x04\xff\xc4" ++ "\x00\x32\x10\x00\x01\x04\x03\x00\x02\x00\x05\x01\x05\x09\x01\x00" ++ "\x00\x00\x00\x05\x02\x03\x04\x06\x01\x07\x08\x00\x09\x11\x12\x13" ++ "\x14\x21\x15\x0a\x16\x31\x56\x96\x17\x18\x19\x23\x32\x41\x58\x98" ++ "\xd4\xd6\xff\xda\x00\x08\x01\x01\x00\x00\x3f\x00\xf4\xc1\xe1\xe5" ++ "\x69\xe9\x3e\xb9\xd1\x7c\x8a\x2e\x9d\x66\xe8\x3b\x29\x4d\x7f\x46" ++ "\xba\x58\x55\x54\x8d\xb1\x5f\xaa\xd9\x8d\x51\x2b\xb6\x27\x5a\x69" ++ "\xd1\x43\xaf\x16\x1a\xf0\xb2\xb1\xe9\x6d\x9f\xc2\xa4\x36\x18\xb5" ++ "\x85\x10\x41\xbe\xfc\x09\xac\x49\x29\x11\xd4\x32\x97\xec\x08\x13" ++ "\xc1\x2d\x20\xc3\x59\xeb\x26\x05\xd8\x6b\x76\x31\x43\x8f\x57\xcf" ++ "\x84\x9f\x14\xa8\x53\x81\x0b\xc3\x64\x80\xa3\x02\x0a\x41\x75\xf8" ++ "\x44\x85\x93\x81\x22\x3c\xd8\x13\xe1\xbe\xf4\x59\x91\x1f\x6a\x44" ++ "\x77\x5c\x69\xc4\x2f\x39\x5f\x0f\x2a\x8d\xeb\xba\xf8\xc3\x56\x6c" ++ "\x3b\x36\xa7\xda\xbd\x4d\xa1\xb5\x4e\xc6\xa7\xa4\x3a\xec\x15\x2d" ++ "\xa5\xb3\xea\x5a\xdc\xac\x46\xac\x01\x60\xd8\x43\xc8\x8e\x8b\xb1" ++ "\x40\x4c\x95\x8b\x34\x41\x28\x52\x91\x28\x43\xd3\xa3\xb6\xa7\x55" ++ "\x15\xe7\x5a\x96\xcb\xf1\xda\xe5\x55\xee\xfe\x1e\xbd\xd9\x41\xd3" ++ "\x28\xfd\x97\xca\x57\x2b\x85\x9c\xa4\x30\x95\xaa\xa5\x57\xa2\x35" ++ "\x15\x86\xcb\x61\x34\x41\xe4\xc7\x80\x20\x18\x21\x17\x09\x85\x0b" ++ "\x14\x9d\x21\x68\x62\x1c\x08\x11\x64\x4b\x92\xf2\xd2\xd3\x2d\x2d" ++ "\x6a\xc2\x73\x6b\x3c\x3c\x8b\x9e\xbc\x52\xaa\xa4\xab\x81\x6c\xf6" ++ "\xfa\xbd\x70\xc5\xc6\x7b\xc2\xaa\x22\x4f\x58\x04\x87\x25\x6a\x27" ++ "\x1d\xa4\x3d\x20\x75\x72\x01\x09\x71\xe5\x1c\x9e\xc3\x2e\x36\xf3" ++ "\xd0\xc6\x35\x2a\x43\x4d\x2d\x0e\x2d\xb4\xa1\x49\xce\x65\x1e\x52" ++ "\x9e\xa1\xf6\x09\xcc\xdc\x63\x66\xa8\x01\xe9\x3b\x0d\xd7\x5a\x85" ++ "\xbb\xc5\x65\xc0\x7b\x2e\x46\xa9\xd9\x56\x1d\x4c\x92\x72\x26\x4e" ++ "\x86\xd5\x68\xae\xc4\xaa\x55\xce\xd7\x83\x59\xb3\x81\xee\xce\x74" ++ "\x39\x39\x31\x9f\x8a\x25\xe8\xa5\xa5\xe5\x81\xf2\x11\x23\xcb\xa1" ++ "\x1e\x43\x12\xe3\xb1\x2a\x2b\xcd\xc8\x8d\x25\x96\xa4\x47\x7d\x95" ++ "\xa5\xc6\x9f\x61\xe4\x25\xc6\x5e\x69\xc4\xe7\x29\x5b\x6e\xb6\xa4" ++ "\xad\x0b\x4e\x72\x95\x25\x58\x56\x33\x9c\x67\xce\xef\x0f\x17\xbf" ++ "\x4c\x7b\x2d\xe6\xfe\x76\x35\x27\x5a\x07\x97\x67\xe8\xae\x8d\x71" ++ "\x0f\xb2\x13\x99\xb9\xbc\x14\xad\xb3\xb7\xe6\x11\x6f\xe0\xda\x58" ++ "\xb1\x08\xac\xa6\x6c\x2d\x7f\x05\xb7\x56\xd2\xe6\xcf\xbb\x4d\x0c" ++ "\xe3\x50\xb2\xec\x91\xf0\x4a\xb8\xd6\x22\xb8\xa7\xf6\x67\xaf\xcf" ++ "\x63\x7e\xd7\xe7\x42\xd8\xbd\xc3\x71\xa1\xf2\x7e\x9b\xa8\x97\x83" ++ "\x6e\xd1\xdc\x4b\x06\x11\x2d\xae\x26\x61\x98\x72\x10\xf4\x42\x5d" ++ "\x20\x4a\xa3\x73\xd7\xf2\xcd\x3c\x48\x32\xe4\x03\x9f\x80\x37\x08" ++ "\x36\x11\xd0\xcb\x97\x6c\x08\xed\x6d\x33\x24\xa2\x1b\xb4\x77\xdf" ++ "\x61\x5d\x5f\xc1\x43\xc2\x82\xeb\x0f\x5d\x84\x08\x68\xaa\xa4\x01" ++ "\xe1\x19\xdf\xbc\x31\x65\xfe\xd1\xf5\x7d\x7a\xb2\x2a\x33\x50\x21" ++ "\x2a\x56\x9d\xb1\x81\xab\xdb\x35\x78\x30\x83\xd9\x89\x1d\x31\xac" ++ "\x96\x14\x07\x61\xbc\x20\x68\x42\x85\x33\x19\xac\xbe\xdb\x34\x56" ++ "\xf1\xd5\xfd\x29\xa9\x28\xdb\xcb\x4c\x5a\x23\xdc\xf5\x96\xc5\x10" ++ "\xa3\x35\x5b\x14\x68\xd3\x61\x62\x64\x76\x26\xcb\x17\x3e\x34\x98" ++ "\x04\xa3\xc4\x20\x38\x90\x92\xe3\xc8\x07\x2c\x36\x74\x66\x26\x0e" ++ "\x29\x02\x64\x29\x2d\x21\xe6\x16\x9c\x6b\xce\xa3\x89\xd9\x4f\xd3" ++ "\xc4\xbd\xc5\x87\x79\x9c\x65\xf6\x39\x45\x60\xe8\xce\x9e\xab\x6d" ++ "\x13\x15\x22\xe1\x5e\x4b\x38\x42\xc4\x1e\xd5\x76\xe0\xc5\xeb\x85" ++ "\x07\x2d\x0f\xb8\xb6\xa6\xd6\x6d\x71\x0d\xa2\x43\x4c\x25\xea\xfa" ++ "\xa1\xae\x4c\xe4\x7d\xbd\x76\xa9\xfb\x06\xc2\x83\x42\xeb\xad\xe7" ++ "\xe9\x5f\x68\x6f\xba\xfb\x2f\x07\xce\xb8\x13\xc1\x9b\xeb\xb0\x76" ++ "\x45\x57\x28\x7b\xea\xbe\x0f\xf4\x30\x7b\xa0\xed\xe4\x22\x93\x21" ++ "\xfc\xbc\xe0\xb9\x75\xc1\x4f\xfc\xef\xb6\xfa\xa1\xfc\x64\xa1\x4a" ++ "\x82\xc7\x33\xad\x75\xed\x82\xbd\x3d\xdb\xf7\xa8\xbe\x5e\xbb\x36" ++ "\x62\x04\x9a\x2e\xc5\xd9\x9e\x9c\x3a\x0b\x98\x0b\x57\xac\xf1\x24" ++ "\x62\x58\x83\x15\x5b\xa6\xf2\xda\x34\x70\x03\xce\x0f\x93\x1b\x12" ++ "\xc7\xce\x54\x87\x33\x15\xd6\x53\x25\x1f\x2a\x90\x87\x12\xe3\x78" ++ "\xef\x55\x77\x4d\x4a\xd8\x7e\xef\xd2\xfd\xd1\xaf\x3a\xaf\x55\xdb" ++ "\x6a\x2d\x3d\x42\xac\x51\x79\xee\x91\xab\xe1\x05\x2d\x3c\x80\xa2" ++ "\x43\xad\x22\x2e\xd5\x33\x13\xa4\x9e\x00\xe0\x04\x10\x84\xc8\xf2" ++ "\x19\x30\x92\x1f\xaa\xc3\x28\xc9\x76\x30\x3f\xe9\x10\x61\x5e\x79" ++ "\xd5\xf7\xdf\xd0\x54\xdb\xae\xb6\xae\xfa\xe8\xa3\x57\xe0\x6c\x2d" ++ "\xf7\xbd\x49\xd6\x6e\x76\x79\xcc\x54\x0c\x5f\xff\x00\xbb\x06\x98" ++ "\xa6\x9e\x89\x61\xb4\x6f\xc3\xe3\x6a\xc2\x4f\x59\x03\xc9\x80\x2c" ++ "\x59\x24\x44\x70\x38\xd5\x96\x6a\x9e\x8b\x81\x64\xe5\xbc\xa0\x3c" ++ "\x33\xaf\x17\x9d\xff\x00\x71\x1a\xd1\x3a\x80\x66\xb3\xd9\x31\x77" ++ "\x0d\x12\xbd\xae\x29\xb5\x6a\xd6\xcf\x8d\x68\x87\x75\xcd\xe8\x65" ++ "\x5a\xbe\x3c\x04\x7b\x34\xdb\x54\x19\xa4\x63\x9c\x2a\x5d\x23\xbe" ++ "\xf4\xb1\x1c\x4d\x90\xec\x92\x2f\x49\x71\xf7\x14\xf2\x97\x9f\x15" ++ "\x57\xed\x13\x21\x2a\xf5\x33\xd1\x2a\x52\x52\xac\xb7\x62\xd1\xcb" ++ "\x46\x73\x8c\x67\x28\x56\x77\x86\xbf\x6f\x2a\x4e\x73\xfe\x95\x65" ++ "\x0b\x5a\x3e\x38\xfc\xfc\xaa\x56\x3f\x86\x73\xe3\xb9\x4a\x52\x84" ++ "\xa5\x08\x4e\x12\x94\x27\x09\x4a\x53\x8c\x61\x29\x4a\x71\xf0\x4a" ++ "\x53\x8c\x7e\x31\x8c\x63\x18\xc6\x31\x8f\xc6\x31\xf8\xc7\x9f\x7c" ++ "\xd5\xbb\xae\x5e\xe2\x1f\xab\x6e\x24\x34\x00\x8a\x25\x83\x70\x40" ++ "\x1c\xcc\xda\x45\x7f\x66\x4e\x30\x2e\x94\x7e\x74\x49\xf0\xe4\x4e" ++ "\x06\x5c\xa8\x2f\x89\x21\x2e\x98\x0e\xd9\x21\xc2\x0b\x21\x0f\xc4" ++ "\x16\x6e\x48\xd9\xe4\xe3\x4a\x19\x1e\x64\x67\x54\xff\x00\x3a\x6d" ++ "\x4f\x62\xb5\x00\x4a\xaa\x51\xfd\x2d\xe8\x0e\x6c\xaf\xc6\x7d\x6d" ++ "\xc8\x88\xc7\x67\xea\x8a\x58\x02\x73\xe3\x65\x4d\xc9\x24\xc0\x3d" ++ "\x57\xa3\x2e\x53\x16\x99\x4f\xe5\xe7\x19\x97\x3e\x3b\xcf\xc9\x4b" ++ "\x99\x7f\x33\x25\xa5\xdf\xba\x77\x2b\xd3\x3e\xc2\x7b\x8b\x94\x07" ++ "\xe9\x52\x5b\x43\x87\x34\x14\x86\x37\xcf\x41\x6b\x8e\x6a\xa5\x22" ++ "\xab\xdb\x96\xa2\xcf\x46\xd8\x9b\x45\x93\xef\xd6\xdf\x3e\x99\x9c" ++ "\x7e\x29\x10\x6b\x6c\xa2\xb8\x43\x05\x09\x44\x70\x8c\xb8\xaa\x54" ++ "\x7c\x30\x36\x5e\x1c\x5e\x5b\x9f\x6c\x0d\x81\xee\xa0\x93\x8d\x67" ++ "\x55\xf3\x87\xaf\xaa\x6b\x58\xf9\xbe\xb2\x36\x07\x42\x6e\xbd\x96" ++ "\xe3\x9f\x1f\x8f\xc9\xf4\x9d\xae\x6a\x7d\x4c\x96\xbe\x5f\xc7\xcd" ++ "\xf3\xb2\xf7\xcd\xf0\xcf\xc3\xe4\xf8\xfe\x37\x4f\x1c\x4d\xf6\x40" ++ "\xf1\x6b\x7c\x4e\xe0\xa6\x71\xad\x56\xa7\x1c\x5c\x15\x6b\xfc\xf3" ++ "\x01\x5d\xac\xf1\x75\x9a\x72\x6b\xaa\x28\xc5\x88\x6d\xfb\x33\x85" ++ "\xe0\x4e\x61\xab\xeb\x31\x2c\x71\x08\x73\x11\x3b\xfc\xb5\xc0\x96" ++ "\xcc\x87\x24\x44\xb5\x9b\x9e\xb3\x71\xba\xe9\xed\xb1\x4e\xd7\x76" ++ "\x6c\xd2\xb6\x05\xb7\x5a\xde\xeb\x34\x5b\x96\x16\xfb\x59\xa9\x5c" ++ "\x4f\x55\xca\x8a\xac\x59\xb0\xe4\x54\x39\x25\xbc\x81\x37\x2a\x09" ++ "\x5f\x9e\x3b\x6b\x7d\x1f\x69\xf3\x34\x85\x39\x84\xa7\x28\x0b\xd3" ++ "\xfd\xfb\x4b\x7a\xea\xe7\xd2\x3c\xd3\xda\x15\x68\xbc\x73\xd3\x22" ++ "\x6f\xd7\x72\x5b\x2b\x66\xee\xa8\x0d\x54\xe8\x5b\xf9\x92\x96\x92" ++ "\x93\xea\x97\x4a\xc7\x43\x10\x46\x35\xc5\xc0\x60\x8a\xe4\xc1\xb5" ++ "\x36\xc6\xae\xed\xf7\x70\xa5\x86\x99\x3d\x91\xf8\xfd\x4e\x53\xeb" ++ "\xbb\xbd\x6d\xec\x8f\xd7\x89\x3d\x31\x7f\xd7\x78\xba\x50\xbb\x74" ++ "\x9d\xf6\xac\x4e\xb9\x03\x9c\x79\xd5\xe1\xbd\x17\x68\xd9\x13\x0b" ++ "\x45\x75\x88\x00\x1d\x1f\xae\x73\x6a\x1d\x5c\x6e\x44\x9f\xa6\xfa" ++ "\x4e\xd8\x25\x8b\xc0\xbc\xb2\x99\xe3\x17\x24\xb3\x23\xe2\x48\x8b" ++ "\xfa\x22\xe7\x7e\x8f\xe6\x3f\x5f\x55\x0d\x75\xd3\x51\x0b\xd7\xed" ++ "\xd3\x6f\x97\x3b\x85\x42\x80\x7e\x5f\xdc\x1b\xd6\xba\xee\xc4\x80" ++ "\xce\x06\xa9\x15\x8c\x97\x5f\x40\x69\xb2\x4d\xc5\xb2\x5c\x1e\x01" ++ "\x87\x7e\xe0\x36\x6d\x78\x80\x4e\x3c\x02\xec\x90\x1d\x11\x81\x74" ++ "\xa5\x8b\xa4\xa0\x56\x06\xd5\x79\x72\x85\x57\x3b\xb2\x2e\xae\x90" ++ "\x18\x8d\x91\xb2\x0e\x44\x19\xaa\xb4\xcc\x08\xed\x46\xfa\xd7\x2b" ++ "\x78\x58\x72\x5d\xbb\x5e\x49\xe7\xee\xf3\x8a\x9d\x22\xa4\x19\xc8" ++ "\xe7\x08\xc3\x90\x9b\x35\x9a\xa4\x25\x8c\x4b\x9b\xa7\xf8\xbf\x81" ++ "\xf5\xdf\x22\x66\xf1\x7e\x9f\x66\x3d\xbb\xfa\x73\x73\x4d\xfd\x67" ++ "\x7b\xf4\xce\xc3\x62\x2e\x6f\xbb\x0c\xa2\xdc\x69\xfc\x8a\x17\x0e" ++ "\x3a\x9e\x83\x46\xd7\xe3\x5e\x65\x86\xc0\x51\x00\xbb\x91\xe3\xe1" ++ "\xc1\x16\xc4\xe9\x65\x5c\x14\x3e\x44\x6a\x6b\xd1\x1e\xb0\x36\xdd" ++ "\x0b\x7d\x8a\xeb\xaf\x58\x5b\x64\x3f\x38\xed\x52\x76\xe8\x46\xf7" ++ "\x86\x84\xb3\x93\xb1\x0b\xe5\xfd\xfd\x0d\xe9\x6d\xe4\xf1\x1b\x1d" ++ "\x56\xb4\x34\xe4\x6a\xf5\xa4\x9c\x2c\xc9\x64\x94\xc1\xf5\x79\x6d" ++ "\x12\x96\xf3\x47\xc5\x48\xa8\xdb\xd8\x95\x64\x29\xcf\xf6\x88\xf1" ++ "\x95\x7a\x98\xe8\xbc\x27\x19\xce\x73\x61\xd1\xb8\xc6\x31\x8c\xe7" ++ "\x39\xce\x77\x9e\xbc\xc6\x31\x8c\x63\xf3\x9c\xe7\x39\xc6\x31\x8f" ++ "\xf7\xce\x7e\x1e\x3b\x7f\x0f\x0f\x0f\x13\x57\xb9\x0a\xe1\x0b\x64" ++ "\x5f\x58\x40\xc6\xc7\x7a\x4b\xf2\x3d\xbc\x71\xf4\xa7\xd2\xca\x14" ++ "\xe2\x98\x1a\x30\x1e\xe0\x26\x5a\x6a\xf0\x9c\x67\x38\x66\x00\xb8" ++ "\x72\xe6\xbe\xac\xfe\x12\xd3\x0b\x56\x73\x8c\x63\xc7\x2b\xe1\xe2" ++ "\xe8\xdd\x7b\xff\x00\xd8\xe5\x23\x6c\xce\xa8\x69\xcf\x5e\x3a\xef" ++ "\x77\xea\xe5\xab\x0e\x82\xdb\xd9\xed\x7a\x9e\xb8\x6d\x51\x32\xdb" ++ "\x79\xc3\x36\x9a\x2d\xa3\x50\x39\x65\x0a\x63\x0e\xe5\xd4\x39\x12" ++ "\xbf\x8b\x98\xa4\xa1\x2d\xad\xb3\xcf\x65\x6a\x43\x78\xb3\x3b\x07" ++ "\xd8\xd5\xea\xae\x76\xad\x6f\xf5\xff\x00\xca\x93\xab\x96\xb0\x64" ++ "\xeb\xd6\x4a\xd5\x87\xba\xec\x24\x60\x97\x06\x76\x03\xe3\x4c\x07" ++ "\x29\x11\x8e\x34\x25\x02\x64\x29\xf0\x25\x48\x85\x3a\x33\x8b\x7a" ++ "\x3c\x86\x1e\x75\xa5\x61\xc6\x97\x9f\x8d\x25\xf5\xc9\xcd\xde\xc9" ++ "\x7d\x77\xf2\xc8\x7e\x70\xaf\x73\x5f\x2d\xec\xa2\x51\x2d\x96\xfb" ++ "\x89\xad\x80\x57\xb2\x36\x1d\x7d\x83\x45\xac\xf3\xdb\xcc\x6c\x31" ++ "\x4f\xcf\x30\x58\xd0\x12\x28\x90\x50\x42\x86\xfb\x48\x16\x3c\xc5" ++ "\x9c\xf8\xe7\xcc\x29\x88\xb3\x4a\x4b\x4e\x6c\xbc\xdb\xc7\xbb\xe9" ++ "\xb6\xa0\x8b\x11\xa1\x7d\x73\xd7\xe9\xbf\x7e\xc2\x6c\x10\x8d\xee" ++ "\x9d\xef\x63\x3a\xe0\xf5\xbe\x8c\x3e\xa1\xc7\xc5\xd1\x00\x44\x1e" ++ "\xf3\x51\xf2\xe2\xb0\xe3\xb5\x13\x7f\x32\xf1\x8c\xa6\x22\xfe\x1f" ++ "\x49\x4d\xbb\xcf\x3a\x5d\xed\x4c\xd2\xfc\x85\xed\x23\xd6\xc7\x50" ++ "\xb6\x5b\x3a\x16\x83\xb8\x6f\xfd\x32\x3f\xaa\x36\x34\xbb\xf5\x96" ++ "\xa9\xab\xcf\x9f\x8f\xac\xc3\xca\xd5\x8b\xd8\x48\x9e\x79\xaa\x30" ++ "\x87\xca\x58\x4d\x59\x96\xb9\x4f\xc5\x1b\x1c\xd2\xda\x5b\xe6\x57" ++ "\x29\xa1\x28\x7a\x2b\x5b\xff\x00\x12\x2f\x5e\x3f\xf3\xbb\x8e\x7f" ++ "\xec\xc6\x98\xff\x00\xed\x3c\xa6\xdd\xa9\xdc\x7e\xa0\xf7\xd6\x99" ++ "\x31\xa2\xf7\xaf\x6b\xe9\x82\x74\x4b\x3d\x8f\x5e\x58\x0b\x33\xab" ++ "\xef\xc3\xaf\x84\x64\xb9\xae\xb6\x25\x5f\x62\x8f\x1c\xe3\xf4\x51" ++ "\xb7\x96\xe3\x0e\x30\x42\xa9\x18\x39\xbf\x9e\x2a\x1f\x74\x19\x02" ++ "\x2d\x43\x93\x06\x63\xb1\xa7\x47\x6a\xfa\x9b\x6c\xeb\xbd\xe9\xae" ++ "\x6a\x7b\x6f\x53\x5a\x60\x5d\xb5\xcd\xe8\x67\xeb\x35\x3b\x48\xc6" ++ "\xa6\xb3\x04\xc8\xdf\xb8\x7e\x26\x64\xb0\xc9\x18\xb0\xa7\x33\xf2" ++ "\x4a\x8b\x22\x3b\x8d\x4b\x89\x1d\xf6\x9d\x65\xc4\x38\xd2\x54\x9c" ++ "\xe3\xcd\x89\xe1\xe1\xe6\x3e\x70\x81\x45\x1d\x18\xf9\x31\x83\xc8" ++ "\xbe\x14\x82\x4b\x87\x7a\x74\x28\xd2\xdd\x12\x55\x30\xe6\x0e\x49" ++ "\x31\x8e\x48\x69\xc5\xc0\x20\x91\xe4\x48\x41\x4c\xd8\xb9\x6a\x4e" ++ "\x21\xce\x99\x1b\x0e\xfd\x09\x4f\xa1\x79\x0f\x0f\x0f\x0f\x0f\x0f" ++ "\x0f\x3f\x3c\xb8\x71\x27\xc7\x72\x24\xe8\xb1\xa6\xc5\x7b\x18\xc3" ++ "\xb1\xa5\xb0\xd4\x98\xee\xe3\x19\xc6\x71\x87\x19\x79\x2b\x6d\x78" ++ "\xc6\x71\x8c\xe3\x0a\x4e\x71\x8c\xe3\x19\xfe\x38\xf2\x3b\xfb\x8b" ++ "\x48\xfe\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe1\xfb\x8b\x48\xfe" ++ "\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe4\x95\x86\x18\x8a\xcb\x31" ++ "\xa3\x32\xd4\x78\xf1\xdb\x43\x2c\x47\x61\xb4\x32\xcb\x2c\xb4\x9c" ++ "\x21\xb6\x99\x69\xbc\x25\xb6\xdb\x6d\x18\xc2\x10\xda\x12\x94\xa1" ++ "\x38\xc2\x53\x8c\x63\x18\xc7\x9d\xbe\x7f\xff\xd9" ++ ; +diff -Nura php-5.2.3/main/suhosin_patch.c suhosin-patch-5.2.3-0.9.6.2/main/suhosin_patch.c +--- php-5.2.3/main/suhosin_patch.c 1970-01-01 01:00:00.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/suhosin_patch.c 2007-06-01 11:03:54.000000000 +0200 +@@ -0,0 +1,380 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2006 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser <sesser@hardened-php.net> | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: suhosin_patch.c,v 1.2 2004/11/21 09:38:52 ionic Exp $ */ ++ ++#include "php.h" ++ ++#include <stdio.h> ++#include <stdlib.h> ++ ++#if HAVE_UNISTD_H ++#include <unistd.h> ++#endif ++#include "SAPI.h" ++#include "php_globals.h" ++ ++#if SUHOSIN_PATCH ++ ++#ifdef HAVE_SYS_SOCKET_H ++#include <sys/socket.h> ++#endif ++ ++#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE) ++#undef AF_UNIX ++#endif ++ ++#if defined(AF_UNIX) ++#include <sys/un.h> ++#endif ++ ++#define SYSLOG_PATH "/dev/log" ++ ++#ifdef PHP_WIN32 ++static HANDLE log_source = 0; ++#endif ++ ++#include "snprintf.h" ++ ++#include "suhosin_patch.h" ++ ++#ifdef ZTS ++#include "suhosin_globals.h" ++int suhosin_patch_globals_id; ++#else ++struct _suhosin_patch_globals suhosin_patch_globals; ++#endif ++ ++static void php_security_log(int loglevel, char *fmt, ...); ++ ++static void suhosin_patch_globals_ctor(suhosin_patch_globals_struct *suhosin_patch_globals TSRMLS_DC) ++{ ++ memset(suhosin_patch_globals, 0, sizeof(*suhosin_patch_globals)); ++} ++ ++PHPAPI void suhosin_startup() ++{ ++#ifdef ZTS ++ ts_allocate_id(&suhosin_patch_globals_id, sizeof(suhosin_patch_globals_struct), (ts_allocate_ctor) suhosin_patch_globals_ctor, NULL); ++#else ++ suhosin_patch_globals_ctor(&suhosin_patch_globals TSRMLS_CC); ++#endif ++ zend_suhosin_log = php_security_log; ++} ++ ++/*PHPAPI void suhosin_clear_mm_canaries(TSRMLS_D) ++{ ++ zend_alloc_clear_mm_canaries(AG(heap)); ++ SPG(canary_1) = zend_canary(); ++ SPG(canary_2) = zend_canary(); ++ SPG(canary_3) = zend_canary(); ++}*/ ++ ++static char *loglevel2string(int loglevel) ++{ ++ switch (loglevel) { ++ case S_FILES: ++ return "FILES"; ++ case S_INCLUDE: ++ return "INCLUDE"; ++ case S_MEMORY: ++ return "MEMORY"; ++ case S_MISC: ++ return "MISC"; ++ case S_SESSION: ++ return "SESSION"; ++ case S_SQL: ++ return "SQL"; ++ case S_EXECUTOR: ++ return "EXECUTOR"; ++ case S_VARS: ++ return "VARS"; ++ default: ++ return "UNKNOWN"; ++ } ++} ++ ++static void php_security_log(int loglevel, char *fmt, ...) ++{ ++ int s, r, i=0; ++#if defined(AF_UNIX) ++ struct sockaddr_un saun; ++#endif ++#ifdef PHP_WIN32 ++ LPTSTR strs[2]; ++ unsigned short etype; ++ DWORD evid; ++#endif ++ char buf[4096+64]; ++ char error[4096+100]; ++ char *ip_address; ++ char *fname; ++ char *alertstring; ++ int lineno; ++ va_list ap; ++ TSRMLS_FETCH(); ++ ++ /*SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SPG(log_syslog), SPG(log_sapi), SPG(log_script));*/ ++ ++ if (SPG(log_use_x_forwarded_for)) { ++ ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "X-FORWARDED-FOR not set"; ++ } ++ } else { ++ ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC); ++ if (ip_address == NULL) { ++ ip_address = "REMOTE_ADDR not set"; ++ } ++ } ++ ++ ++ va_start(ap, fmt); ++ ap_php_vsnprintf(error, sizeof(error), fmt, ap); ++ va_end(ap); ++ while (error[i]) { ++ if (error[i] < 32) error[i] = '.'; ++ i++; ++ } ++ ++/* if (SPG(simulation)) { ++ alertstring = "ALERT-SIMULATION"; ++ } else { */ ++ alertstring = "ALERT"; ++/* }*/ ++ ++ if (zend_is_executing(TSRMLS_C)) { ++ if (EG(current_execute_data)) { ++ lineno = EG(current_execute_data)->opline->lineno; ++ fname = EG(current_execute_data)->op_array->filename; ++ } else { ++ lineno = zend_get_executed_lineno(TSRMLS_C); ++ fname = zend_get_executed_filename(TSRMLS_C); ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno); ++ } else { ++ fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC); ++ if (fname==NULL) { ++ fname = "unknown"; ++ } ++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname); ++ } ++ ++ /* Syslog-Logging disabled? */ ++ if (((SPG(log_syslog)|S_INTERNAL) & loglevel)==0) { ++ goto log_sapi; ++ } ++ ++#if defined(AF_UNIX) ++ ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SPG(log_syslog_facility)|SPG(log_syslog_priority)),getpid(),buf); ++ ++ s = socket(AF_UNIX, SOCK_DGRAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ s = socket(AF_UNIX, SOCK_STREAM, 0); ++ if (s == -1) { ++ goto log_sapi; ++ } ++ ++ memset(&saun, 0, sizeof(saun)); ++ saun.sun_family = AF_UNIX; ++ strcpy(saun.sun_path, SYSLOG_PATH); ++ /*saun.sun_len = sizeof(saun);*/ ++ ++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun)); ++ if (r) { ++ close(s); ++ goto log_sapi; ++ } ++ } ++ send(s, error, strlen(error), 0); ++ ++ close(s); ++#endif ++#ifdef PHP_WIN32 ++ ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf); ++ ++ switch (SPG(log_syslog_priority)) { /* translate UNIX type into NT type */ ++ case 1: /*LOG_ALERT:*/ ++ etype = EVENTLOG_ERROR_TYPE; ++ break; ++ case 6: /*LOG_INFO:*/ ++ etype = EVENTLOG_INFORMATION_TYPE; ++ break; ++ default: ++ etype = EVENTLOG_WARNING_TYPE; ++ } ++ evid = loglevel; ++ strs[0] = error; ++ /* report the event */ ++ if (log_source == NULL) { ++ log_source = RegisterEventSource(NULL, "Suhosin-Patch-" SUHOSIN_PATCH_VERSION); ++ } ++ ReportEvent(log_source, etype, (unsigned short) SPG(log_syslog_priority), evid, NULL, 1, 0, strs, NULL); ++ ++#endif ++log_sapi: ++ /* SAPI Logging activated? */ ++ /*SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SPG(log_syslog), SPG(log_sapi), SPG(log_script), SPG(log_phpscript));*/ ++ if (((SPG(log_sapi)|S_INTERNAL) & loglevel)!=0) { ++ sapi_module.log_message(buf); ++ } ++ ++/*log_script:*/ ++ /* script logging activaed? */ ++ if (((SPG(log_script) & loglevel)!=0) && SPG(log_scriptname)!=NULL) { ++ char cmd[8192], *cmdpos, *bufpos; ++ FILE *in; ++ int space; ++ ++ ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", SPG(log_scriptname), loglevel2string(loglevel)); ++ space = sizeof(cmd) - strlen(cmd); ++ cmdpos = cmd + strlen(cmd); ++ bufpos = buf; ++ if (space <= 1) return; ++ while (space > 2 && *bufpos) { ++ if (*bufpos == '\'') { ++ if (space<=5) break; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\\'; ++ *cmdpos++ = '\''; ++ *cmdpos++ = '\''; ++ bufpos++; ++ space-=4; ++ } else { ++ *cmdpos++ = *bufpos++; ++ space--; ++ } ++ } ++ *cmdpos++ = '\''; ++ *cmdpos = 0; ++ ++ if ((in=VCWD_POPEN(cmd, "r"))==NULL) { ++ php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", SPG(log_scriptname)); ++ return; ++ } ++ /* read and forget the result */ ++ while (1) { ++ int readbytes = fread(cmd, 1, sizeof(cmd), in); ++ if (readbytes<=0) { ++ break; ++ } ++ } ++ pclose(in); ++ } ++/*log_phpscript:*/ ++ if ((SPG(log_phpscript) & loglevel)!=0 && EG(in_execution) && SPG(log_phpscriptname) && SPG(log_phpscriptname)[0]) { ++ zend_file_handle file_handle; ++ zend_op_array *new_op_array; ++ zval *result = NULL; ++ ++ /*long orig_execution_depth = SPG(execution_depth);*/ ++ zend_bool orig_safe_mode = PG(safe_mode); ++ char *orig_basedir = PG(open_basedir); ++ ++ char *phpscript = SPG(log_phpscriptname); ++/*SDEBUG("scriptname %s", SPG(log_phpscriptname));`*/ ++#ifdef ZEND_ENGINE_2 ++ if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) { ++#else ++ if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) { ++ file_handle.filename = phpscript; ++ file_handle.free_filename = 0; ++#endif ++ if (!file_handle.opened_path) { ++ file_handle.opened_path = estrndup(phpscript, strlen(phpscript)); ++ } ++ new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC); ++ zend_destroy_file_handle(&file_handle TSRMLS_CC); ++ if (new_op_array) { ++ HashTable *active_symbol_table = EG(active_symbol_table); ++ zval *zerror, *zerror_class; ++ ++ if (active_symbol_table == NULL) { ++ active_symbol_table = &EG(symbol_table); ++ } ++ EG(return_value_ptr_ptr) = &result; ++ EG(active_op_array) = new_op_array; ++ ++ MAKE_STD_ZVAL(zerror); ++ MAKE_STD_ZVAL(zerror_class); ++ ZVAL_STRING(zerror, buf, 1); ++ ZVAL_LONG(zerror_class, loglevel); ++ ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL); ++ zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL); ++ ++ /*SPG(execution_depth) = 0;*/ ++ if (SPG(log_phpscript_is_safe)) { ++ PG(safe_mode) = 0; ++ PG(open_basedir) = NULL; ++ } ++ ++ zend_execute(new_op_array TSRMLS_CC); ++ ++ /*SPG(execution_depth) = orig_execution_depth;*/ ++ PG(safe_mode) = orig_safe_mode; ++ PG(open_basedir) = orig_basedir; ++ ++#ifdef ZEND_ENGINE_2 ++ destroy_op_array(new_op_array TSRMLS_CC); ++#else ++ destroy_op_array(new_op_array); ++#endif ++ efree(new_op_array); ++#ifdef ZEND_ENGINE_2 ++ if (!EG(exception)) ++#endif ++ { ++ if (EG(return_value_ptr_ptr)) { ++ zval_ptr_dtor(EG(return_value_ptr_ptr)); ++ EG(return_value_ptr_ptr) = NULL; ++ } ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } else { ++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname)); ++ return; ++ } ++ } ++ ++} ++ ++ ++#endif ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +diff -Nura php-5.2.3/main/suhosin_patch.h suhosin-patch-5.2.3-0.9.6.2/main/suhosin_patch.h +--- php-5.2.3/main/suhosin_patch.h 1970-01-01 01:00:00.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/suhosin_patch.h 2007-06-01 11:03:54.000000000 +0200 +@@ -0,0 +1,40 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2006 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser <sesser@hardened-php.net> | ++ +----------------------------------------------------------------------+ ++ */ ++ ++#ifndef SUHOSIN_PATCH_H ++#define SUHOSIN_PATCH_H ++ ++#if SUHOSIN_PATCH ++ ++#include "zend.h" ++ ++PHPAPI void suhosin_startup(); ++#define SUHOSIN_PATCH_VERSION "0.9.6.2" ++ ++#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18" ++ ++#endif ++ ++#endif /* SUHOSIN_PATCH_H */ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ */ +diff -Nura php-5.2.3/main/suhosin_patch.m4 suhosin-patch-5.2.3-0.9.6.2/main/suhosin_patch.m4 +--- php-5.2.3/main/suhosin_patch.m4 1970-01-01 01:00:00.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/main/suhosin_patch.m4 2007-06-01 11:03:54.000000000 +0200 +@@ -0,0 +1,8 @@ ++dnl ++dnl $Id: suhosin_patch.m4,v 1.1 2004/11/14 13:24:24 ionic Exp $ ++dnl ++dnl This file contains Suhosin Patch for PHP specific autoconf functions. ++dnl ++ ++AC_DEFINE(SUHOSIN_PATCH, 1, [Suhosin Patch]) ++ +diff -Nura php-5.2.3/sapi/apache/mod_php5.c suhosin-patch-5.2.3-0.9.6.2/sapi/apache/mod_php5.c +--- php-5.2.3/sapi/apache/mod_php5.c 2007-01-01 10:36:12.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/sapi/apache/mod_php5.c 2007-06-01 11:03:54.000000000 +0200 +@@ -943,7 +943,11 @@ + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component("PHP/" PHP_VERSION); ++#endif + } + } + #endif +diff -Nura php-5.2.3/sapi/apache2filter/sapi_apache2.c suhosin-patch-5.2.3-0.9.6.2/sapi/apache2filter/sapi_apache2.c +--- php-5.2.3/sapi/apache2filter/sapi_apache2.c 2007-01-01 10:36:12.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/sapi/apache2filter/sapi_apache2.c 2007-06-01 11:03:54.000000000 +0200 +@@ -562,7 +562,11 @@ + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +diff -Nura php-5.2.3/sapi/apache2handler/sapi_apache2.c suhosin-patch-5.2.3-0.9.6.2/sapi/apache2handler/sapi_apache2.c +--- php-5.2.3/sapi/apache2handler/sapi_apache2.c 2007-01-01 10:36:12.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/sapi/apache2handler/sapi_apache2.c 2007-06-01 11:03:54.000000000 +0200 +@@ -364,7 +364,11 @@ + { + TSRMLS_FETCH(); + if (PG(expose_php)) { ++#if SUHOSIN_PATCH ++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch"); ++#else + ap_add_version_component(p, "PHP/" PHP_VERSION); ++#endif + } + } + +diff -Nura php-5.2.3/sapi/cgi/cgi_main.c suhosin-patch-5.2.3-0.9.6.2/sapi/cgi/cgi_main.c +--- php-5.2.3/sapi/cgi/cgi_main.c 2007-05-28 10:11:59.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/sapi/cgi/cgi_main.c 2007-06-01 11:03:54.000000000 +0200 +@@ -1560,11 +1560,19 @@ + SG(headers_sent) = 1; + SG(request_info).no_headers = 1; + } ++#if SUHOSIN_PATCH ++#if ZEND_DEBUG ++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, SUHOSIN_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#else ++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, SUHOSIN_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); ++#endif ++#else + #if ZEND_DEBUG + php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #else + php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + #endif ++#endif + php_end_ob_buffers(1 TSRMLS_CC); + exit(0); + break; +diff -Nura php-5.2.3/sapi/cli/php_cli.c suhosin-patch-5.2.3-0.9.6.2/sapi/cli/php_cli.c +--- php-5.2.3/sapi/cli/php_cli.c 2007-05-06 14:57:50.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/sapi/cli/php_cli.c 2007-06-01 11:03:54.000000000 +0200 +@@ -777,8 +777,14 @@ + } + + request_started = 1; +- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2007 The PHP Group\n%s", +- PHP_VERSION, sapi_module.name, __DATE__, __TIME__, ++#if SUHOSIN_PATCH ++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2007 The PHP Group\n%s", ++ PHP_VERSION, SUHOSIN_PATCH_VERSION, ++#else ++ php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2007 The PHP Group\n%s", ++ PHP_VERSION, ++#endif ++ sapi_module.name, __DATE__, __TIME__, + #if ZEND_DEBUG && defined(HAVE_GCOV) + "(DEBUG GCOV)", + #elif ZEND_DEBUG +diff -Nura php-5.2.3/TSRM/TSRM.h suhosin-patch-5.2.3-0.9.6.2/TSRM/TSRM.h +--- php-5.2.3/TSRM/TSRM.h 2007-04-17 08:26:32.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/TSRM/TSRM.h 2007-06-01 11:03:54.000000000 +0200 +@@ -38,6 +38,13 @@ + typedef unsigned long tsrm_uintptr_t; + #endif + ++#if SUHOSIN_PATCH ++# if HAVE_REALPATH ++# undef realpath ++# define realpath php_realpath ++# endif ++#endif ++ + /* Only compile multi-threading functions if we're in ZTS mode */ + #ifdef ZTS + +@@ -93,6 +100,7 @@ + + #define THREAD_HASH_OF(thr,ts) (unsigned long)thr%(unsigned long)ts + ++ + #ifdef __cplusplus + extern "C" { + #endif +diff -Nura php-5.2.3/TSRM/tsrm_virtual_cwd.c suhosin-patch-5.2.3-0.9.6.2/TSRM/tsrm_virtual_cwd.c +--- php-5.2.3/TSRM/tsrm_virtual_cwd.c 2007-05-30 12:50:47.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/TSRM/tsrm_virtual_cwd.c 2007-06-01 11:03:54.000000000 +0200 +@@ -267,6 +267,176 @@ + return p; + } + ++#if SUHOSIN_PATCH ++CWD_API char *php_realpath(const char *path, char *resolved) ++{ ++ struct stat sb; ++ char *p, *q, *s; ++ size_t left_len, resolved_len; ++ unsigned symlinks; ++ int serrno, slen; ++ int is_dir = 1; ++ char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; ++ ++ serrno = errno; ++ symlinks = 0; ++ if (path[0] == '/') { ++ resolved[0] = '/'; ++ resolved[1] = '\0'; ++ if (path[1] == '\0') ++ return (resolved); ++ resolved_len = 1; ++ left_len = strlcpy(left, path + 1, sizeof(left)); ++ } else { ++ if (getcwd(resolved, PATH_MAX) == NULL) { ++ strlcpy(resolved, ".", PATH_MAX); ++ return (NULL); ++ } ++ resolved_len = strlen(resolved); ++ left_len = strlcpy(left, path, sizeof(left)); ++ } ++ if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { ++ errno = ENAMETOOLONG; ++ return (NULL); ++ } ++ ++ /* ++ * Iterate over path components in `left'. ++ */ ++ while (left_len != 0) { ++ /* ++ * Extract the next path component and adjust `left' ++ * and its length. ++ */ ++ p = strchr(left, '/'); ++ s = p ? p : left + left_len; ++ if (s - left >= sizeof(next_token)) { ++ errno = ENAMETOOLONG; ++ return (NULL); ++ } ++ memcpy(next_token, left, s - left); ++ next_token[s - left] = '\0'; ++ left_len -= s - left; ++ if (p != NULL) ++ memmove(left, s + 1, left_len + 1); ++ if (resolved[resolved_len - 1] != '/') { ++ if (resolved_len + 1 >= PATH_MAX) { ++ errno = ENAMETOOLONG; ++ return (NULL); ++ } ++ resolved[resolved_len++] = '/'; ++ resolved[resolved_len] = '\0'; ++ } ++ if (next_token[0] == '\0') ++ continue; ++ else if (strcmp(next_token, ".") == 0) ++ continue; ++ else if (strcmp(next_token, "..") == 0) { ++ /* ++ * Strip the last path component except when we have ++ * single "/" ++ */ ++ if (!is_dir) { ++ errno = ENOENT; ++ return (NULL); ++ } ++ if (resolved_len > 1) { ++ resolved[resolved_len - 1] = '\0'; ++ q = strrchr(resolved, '/'); ++ *q = '\0'; ++ resolved_len = q - resolved; ++ } ++ continue; ++ } ++ ++ /* ++ * Append the next path component and lstat() it. If ++ * lstat() fails we still can return successfully if ++ * there are no more path components left. ++ */ ++ resolved_len = strlcat(resolved, next_token, PATH_MAX); ++ if (resolved_len >= PATH_MAX) { ++ errno = ENAMETOOLONG; ++ return (NULL); ++ } ++ if (lstat(resolved, &sb) != 0) { ++ if (errno == ENOENT) { ++ if (p == NULL) { ++ errno = serrno; ++ return (resolved); ++ } else if (strstr(left, "/.") == NULL && strstr(left, "./") == NULL) { ++ resolved_len = strlcat(resolved, "/", PATH_MAX); ++ resolved_len = strlcat(resolved, left, PATH_MAX); ++ if (resolved_len >= PATH_MAX) { ++ errno = ENAMETOOLONG; ++ return (NULL); ++ } ++ errno = serrno; ++ return (resolved); ++ } ++ } ++ return (NULL); ++ } ++ if (S_ISLNK(sb.st_mode)) { ++ if (symlinks++ > MAXSYMLINKS) { ++ errno = ELOOP; ++ return (NULL); ++ } ++ slen = readlink(resolved, symlink, sizeof(symlink) - 1); ++ if (slen < 0) ++ return (NULL); ++ symlink[slen] = '\0'; ++ if (symlink[0] == '/') { ++ resolved[1] = 0; ++ resolved_len = 1; ++ } else if (resolved_len > 1) { ++ /* Strip the last path component. */ ++ resolved[resolved_len - 1] = '\0'; ++ q = strrchr(resolved, '/'); ++ *q = '\0'; ++ resolved_len = q - resolved; ++ } ++ ++ /* ++ * If there are any path components left, then ++ * append them to symlink. The result is placed ++ * in `left'. ++ */ ++ if (p != NULL) { ++ if (symlink[slen - 1] != '/') { ++ if (slen + 1 >= sizeof(symlink)) { ++ errno = ENAMETOOLONG; ++ return (NULL); ++ } ++ symlink[slen] = '/'; ++ symlink[slen + 1] = 0; ++ } ++ left_len = strlcat(symlink, left, sizeof(left)); ++ if (left_len >= sizeof(left)) { ++ errno = ENAMETOOLONG; ++ return (NULL); ++ } ++ } ++ left_len = strlcpy(left, symlink, sizeof(left)); ++ } else { ++ if (S_ISDIR(sb.st_mode)) { ++ is_dir = 1; ++ } else { ++ is_dir = 0; ++ } ++ } ++ } ++ ++ /* ++ * Remove trailing slash except when the resolved pathname ++ * is a single "/". ++ */ ++ if (resolved_len > 1 && resolved[resolved_len - 1] == '/') ++ resolved[resolved_len - 1] = '\0'; ++ return (resolved); ++} ++#endif ++ + CWD_API void virtual_cwd_startup(void) + { + char cwd[MAXPATHLEN]; +diff -Nura php-5.2.3/TSRM/tsrm_virtual_cwd.h suhosin-patch-5.2.3-0.9.6.2/TSRM/tsrm_virtual_cwd.h +--- php-5.2.3/TSRM/tsrm_virtual_cwd.h 2007-01-22 10:31:46.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/TSRM/tsrm_virtual_cwd.h 2007-06-01 11:03:54.000000000 +0200 +@@ -139,6 +139,22 @@ + + typedef int (*verify_path_func)(const cwd_state *); + ++#ifndef HAVE_STRLCPY ++CWD_API size_t php_strlcpy(char *dst, const char *src, size_t siz); ++#undef strlcpy ++#define strlcpy php_strlcpy ++#endif ++ ++#ifndef HAVE_STRLCAT ++CWD_API size_t php_strlcat(char *dst, const char *src, size_t siz); ++#undef strlcat ++#define strlcat php_strlcat ++#endif ++ ++ ++#if SUHOSIN_PATCH ++CWD_API char *php_realpath(const char *path, char *resolved); ++#endif + CWD_API void virtual_cwd_startup(void); + CWD_API void virtual_cwd_shutdown(void); + CWD_API char *virtual_getcwd_ex(size_t *length TSRMLS_DC); +diff -Nura php-5.2.3/win32/build/config.w32 suhosin-patch-5.2.3-0.9.6.2/win32/build/config.w32 +--- php-5.2.3/win32/build/config.w32 2007-04-18 11:38:59.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/win32/build/config.w32 2007-06-01 11:03:54.000000000 +0200 +@@ -299,7 +299,7 @@ + zend_sprintf.c zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c \ + zend_stream.c zend_iterators.c zend_interfaces.c zend_objects.c \ + zend_object_handlers.c zend_objects_API.c \ +- zend_default_classes.c zend_execute.c zend_strtod.c"); ++ zend_default_classes.c zend_execute.c zend_strtod.c zend_canary.c"); + + ADD_SOURCES("main", "main.c snprintf.c spprintf.c safe_mode.c fopen_wrappers.c \ + php_scandir.c php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \ +@@ -344,6 +344,8 @@ + AC_DEFINE('HAVE_USLEEP', 1); + AC_DEFINE('HAVE_STRCOLL', 1); + ++AC_DEFINE('SUHOSIN_PATCH', 1); ++ + /* For snapshot builders, where can we find the additional + * files that make up the snapshot template? */ + ARG_WITH("snapshot-template", "Path to snapshot builder template dir", "no"); +diff -Nura php-5.2.3/Zend/Makefile.am suhosin-patch-5.2.3-0.9.6.2/Zend/Makefile.am +--- php-5.2.3/Zend/Makefile.am 2006-12-05 09:07:57.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/Makefile.am 2007-06-01 11:03:54.000000000 +0200 +@@ -17,7 +17,7 @@ + zend_objects_API.c zend_ts_hash.c zend_stream.c \ + zend_default_classes.c \ + zend_iterators.c zend_interfaces.c zend_exceptions.c \ +- zend_strtod.c zend_multibyte.c ++ zend_strtod.c zend_multibyte.c zend_canary.c + + libZend_la_LDFLAGS = + libZend_la_LIBADD = @ZEND_EXTRA_LIBS@ +diff -Nura php-5.2.3/Zend/zend_alloc.c suhosin-patch-5.2.3-0.9.6.2/Zend/zend_alloc.c +--- php-5.2.3/Zend/zend_alloc.c 2007-05-28 12:07:50.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_alloc.c 2007-06-01 11:03:54.000000000 +0200 +@@ -311,13 +311,26 @@ + #define MEM_BLOCK_GUARD 0x2A8FCC84 + #define MEM_BLOCK_LEAK 0x6C5E8F2D + ++#if SUHOSIN_PATCH ++# define CANARY_SIZE sizeof(size_t) ++#else ++# define CANARY_SIZE 0 ++#endif ++ + /* mm block type */ + typedef struct _zend_mm_block_info { + #if ZEND_MM_COOKIES + size_t _cookie; + #endif +- size_t _size; +- size_t _prev; ++#if SUHOSIN_PATCH ++ size_t canary_1; ++#endif ++ size_t _size; ++ size_t _prev; ++#if SUHOSIN_PATCH ++ size_t size; ++ size_t canary_2; ++#endif + } zend_mm_block_info; + + #if ZEND_DEBUG +@@ -422,6 +435,9 @@ + int miss; + } cache_stat[ZEND_MM_NUM_BUCKETS+1]; + #endif ++#if SUHOSIN_PATCH ++ size_t canary_1,canary_2,canary_3; ++#endif + }; + + #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \ +@@ -511,15 +527,15 @@ + #define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK) + #define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block)) + #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block)) +-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE) ++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE) + #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE) + #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment)) + +-#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0) ++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0) + + #define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<<ZEND_MM_ALIGNMENT_LOG2)+ZEND_MM_ALIGNED_MIN_HEADER_SIZE) + +-#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))) ++#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))) + + #define ZEND_MM_BUCKET_INDEX(true_size) ((true_size>>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2)) + +@@ -581,6 +597,48 @@ + + #endif + ++#if SUHOSIN_PATCH ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \ ++ size_t *p = SUHOSIN_MM_END_CANARY_PTR(block), check; \ ++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \ ++ canary_mismatch: \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected"); \ ++ exit(1); \ ++ } \ ++ memcpy(&check, p, CANARY_SIZE); \ ++ if (check != heap->canary_3) { \ ++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected"); \ ++ exit(1); \ ++ goto canary_mismatch; \ ++ } \ ++ } while (0) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) do { \ ++ (block)->info.canary_1 = heap->canary_1; \ ++ (block)->info.canary_2 = heap->canary_2; \ ++ } while (0) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) \ ++ (size_t*)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) do { \ ++ size_t *p = SUHOSIN_MM_END_CANARY_PTR(block); \ ++ memcpy(p, &heap->canary_3, CANARY_SIZE); \ ++ } while (0) ++ ++#else ++ ++# define SUHOSIN_MM_CHECK_CANARIES(block) ++ ++# define SUHOSIN_MM_SET_CANARIES(block) ++ ++# define SUHOSIN_MM_END_CANARY_PTR(block) ++ ++# define SUHOSIN_MM_SET_END_CANARY(block) ++ ++#endif ++ + + #if ZEND_MM_HEAP_PROTECTION + +@@ -779,6 +837,12 @@ + if (EXPECTED(prev == mm_block)) { + zend_mm_free_block **rp, **cp; + ++#if SUHOSIN_PATCH ++ if (next != mm_block) { ++ zend_suhosin_log(S_MEMORY, "heap corrupt on efree() - heap corruption detected"); ++ exit(1); ++ } ++#endif + #if ZEND_MM_SAFE_UNLINKING + if (UNEXPECTED(next != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); +@@ -817,6 +881,12 @@ + } + } else { + ++#if SUHOSIN_PATCH ++ if (prev->next_free_block != mm_block || next->prev_free_block != mm_block) { ++ zend_suhosin_log(S_MEMORY, "linked list corrupt on efree() - heap corruption detected"); ++ exit(1); ++ } ++#endif + #if ZEND_MM_SAFE_UNLINKING + if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) { + zend_mm_panic("zend_mm_heap corrupted"); +@@ -864,6 +934,11 @@ + heap->large_free_buckets[i] = NULL; + } + heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap); ++#if SUHOSIN_PATCH ++ heap->canary_1 = zend_canary(); ++ heap->canary_2 = zend_canary(); ++ heap->canary_3 = zend_canary(); ++#endif + } + + static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment) +@@ -1732,6 +1807,11 @@ + best_fit = heap->cache[index]; + heap->cache[index] = best_fit->prev_free_block; + heap->cached -= true_size; ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); + return ZEND_MM_DATA_OF(best_fit); +@@ -1866,6 +1946,12 @@ + + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1); + ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif ++ + heap->size += true_size; + if (heap->peak < heap->size) { + heap->peak = heap->size; +@@ -1889,6 +1975,9 @@ + + mm_block = ZEND_MM_HEADER_OF(p); + size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION +@@ -1951,6 +2040,9 @@ + mm_block = ZEND_MM_HEADER_OF(p); + true_size = ZEND_MM_TRUE_SIZE(size); + orig_size = ZEND_MM_BLOCK_SIZE(mm_block); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()"); ++#endif + ZEND_MM_CHECK_PROTECTION(mm_block); + + if (UNEXPECTED(true_size < size)) { +@@ -1982,6 +2074,11 @@ + HANDLE_UNBLOCK_INTERRUPTIONS(); + } + ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return p; + } + +@@ -2001,13 +2098,18 @@ + heap->cache[index] = best_fit->prev_free_block; + ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED); + ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(best_fit); ++ ((zend_mm_block*)best_fit)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(best_fit); ++#endif + + ptr = ZEND_MM_DATA_OF(best_fit); + + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); + #endif + + heap->cached -= true_size - orig_size; +@@ -2065,6 +2167,11 @@ + if (heap->peak < heap->size) { + heap->peak = heap->size; + } ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + HANDLE_UNBLOCK_INTERRUPTIONS(); + return p; + } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) && +@@ -2168,6 +2275,11 @@ + } + + HANDLE_UNBLOCK_INTERRUPTIONS(); ++#if SUHOSIN_PATCH ++ SUHOSIN_MM_SET_CANARIES(mm_block); ++ ((zend_mm_block*)mm_block)->info.size = size; ++ SUHOSIN_MM_SET_END_CANARY(mm_block); ++#endif + return ZEND_MM_DATA_OF(mm_block); + } + +@@ -2175,7 +2287,7 @@ + #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION + memcpy(ptr, p, mm_block->debug.size); + #else +- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE); ++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE); + #endif + _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + return ptr; +@@ -2418,6 +2530,17 @@ + zend_mm_shutdown(AG(mm_heap), full_shutdown, silent); + } + ++#if SUHOSIN_PATCH ++ZEND_API void suhosin_clear_mm_canaries(TSRMLS_D) ++{ ++/* NOT HERE ++ ++ AG(mm_heap)->canary_1 = zend_canary(); ++ AG(mm_heap)->canary_2 = zend_canary(); ++ AG(mm_heap)->canary_3 = zend_canary(); */ ++} ++#endif ++ + static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC) + { + char *tmp; +diff -Nura php-5.2.3/Zend/zend_alloc.h suhosin-patch-5.2.3-0.9.6.2/Zend/zend_alloc.h +--- php-5.2.3/Zend/zend_alloc.h 2007-03-20 07:46:48.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_alloc.h 2007-06-01 11:03:54.000000000 +0200 +@@ -128,6 +128,9 @@ + + ZEND_API void start_memory_manager(TSRMLS_D); + ZEND_API void shutdown_memory_manager(int silent, int full_shutdown TSRMLS_DC); ++#if SUHOSIN_PATCH ++ZEND_API void suhosin_clear_mm_canaries(TSRMLS_D); ++#endif + ZEND_API int is_zend_mm(TSRMLS_D); + + #if ZEND_DEBUG +diff -Nura php-5.2.3/Zend/zend.c suhosin-patch-5.2.3-0.9.6.2/Zend/zend.c +--- php-5.2.3/Zend/zend.c 2007-04-26 21:08:58.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend.c 2007-06-01 11:03:54.000000000 +0200 +@@ -57,7 +57,9 @@ + ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args); + int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap); + ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); +- ++#if SUHOSIN_PATCH ++ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif + void (*zend_on_timeout)(int seconds TSRMLS_DC); + + static void (*zend_message_dispatcher_p)(long message, void *data); +@@ -74,9 +76,88 @@ + return SUCCESS; + } + ++#if SUHOSIN_PATCH ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog) ++{ ++ if (!new_value) { ++ SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY; ++ } else { ++ SPG(log_syslog) = atoi(new_value) | S_MEMORY; ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility) ++{ ++ if (!new_value) { ++ SPG(log_syslog_facility) = LOG_USER; ++ } else { ++ SPG(log_syslog_facility) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority) ++{ ++ if (!new_value) { ++ SPG(log_syslog_priority) = LOG_ALERT; ++ } else { ++ SPG(log_syslog_priority) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_sapi) ++{ ++ if (!new_value) { ++ SPG(log_sapi) = S_ALL & ~S_SQL; ++ } else { ++ SPG(log_sapi) = atoi(new_value); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_script) ++{ ++ if (!new_value) { ++ SPG(log_script) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname) ++{ ++ if (SPG(log_scriptname)) { ++ pefree(SPG(log_scriptname),1); ++ } ++ SPG(log_scriptname) = NULL; ++ if (new_value) { ++ SPG(log_scriptname) = pestrdup(new_value,1); ++ } ++ return SUCCESS; ++} ++static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript) ++{ ++ if (!new_value) { ++ SPG(log_phpscript) = S_ALL & ~S_MEMORY; ++ } else { ++ SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL); ++ } ++ return SUCCESS; ++} ++#endif + + ZEND_INI_BEGIN() + ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting) ++#if SUHOSIN_PATCH ++ ZEND_INI_ENTRY("suhosin.log.syslog", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog) ++ ZEND_INI_ENTRY("suhosin.log.syslog.facility", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog_facility) ++ ZEND_INI_ENTRY("suhosin.log.syslog.priority", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog_priority) ++ ZEND_INI_ENTRY("suhosin.log.sapi", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_sapi) ++ ZEND_INI_ENTRY("suhosin.log.script", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_script) ++ ZEND_INI_ENTRY("suhosin.log.script.name", NULL, ZEND_INI_SYSTEM, OnUpdateSuhosin_log_scriptname) ++ STD_ZEND_INI_BOOLEAN("suhosin.log.use-x-forwarded-for", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, log_use_x_forwarded_for, suhosin_patch_globals_struct, suhosin_patch_globals) ++ ZEND_INI_ENTRY("suhosin.log.phpscript", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_phpscript) ++ STD_ZEND_INI_ENTRY("suhosin.log.phpscript.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateString, log_phpscriptname, suhosin_patch_globals_struct, suhosin_patch_globals) ++ STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_SYSTEM, OnUpdateBool, log_phpscript_is_safe, suhosin_patch_globals_struct, suhosin_patch_globals) ++#endif + STD_ZEND_INI_BOOLEAN("zend.ze1_compatibility_mode", "0", ZEND_INI_ALL, OnUpdateBool, ze1_compatibility_mode, zend_executor_globals, executor_globals) + #ifdef ZEND_MULTIBYTE + STD_ZEND_INI_BOOLEAN("detect_unicode", "1", ZEND_INI_ALL, OnUpdateBool, detect_unicode, zend_compiler_globals, compiler_globals) +diff -Nura php-5.2.3/Zend/zend_canary.c suhosin-patch-5.2.3-0.9.6.2/Zend/zend_canary.c +--- php-5.2.3/Zend/zend_canary.c 1970-01-01 01:00:00.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_canary.c 2007-06-01 11:03:54.000000000 +0200 +@@ -0,0 +1,64 @@ ++/* ++ +----------------------------------------------------------------------+ ++ | Suhosin-Patch for PHP | ++ +----------------------------------------------------------------------+ ++ | Copyright (c) 2004-2006 Stefan Esser | ++ +----------------------------------------------------------------------+ ++ | This source file is subject to version 2.02 of the PHP license, | ++ | that is bundled with this package in the file LICENSE, and is | ++ | available at through the world-wide-web at | ++ | http://www.php.net/license/2_02.txt. | ++ | If you did not receive a copy of the PHP license and are unable to | ++ | obtain it through the world-wide-web, please send a note to | ++ | license@php.net so we can mail you a copy immediately. | ++ +----------------------------------------------------------------------+ ++ | Author: Stefan Esser <sesser@hardened-php.net> | ++ +----------------------------------------------------------------------+ ++ */ ++/* $Id: zend_canary.c,v 1.1 2004/11/26 12:45:41 ionic Exp $ */ ++ ++#include "zend.h" ++ ++#include <stdio.h> ++#include <stdlib.h> ++ ++ ++#if SUHOSIN_PATCH ++ ++static size_t last_canary = 0x73625123; ++ ++/* will be replaced later with more compatible method */ ++ZEND_API size_t zend_canary() ++{ ++ time_t t; ++ size_t canary; ++ int fd; ++ ++#ifndef PHP_WIN32 ++ fd = open("/dev/urandom", 0); ++ if (fd != -1) { ++ int r = read(fd, &canary, sizeof(canary)); ++ close(fd); ++ if (r == sizeof(canary)) { ++ return (canary); ++ } ++ } ++#endif ++ /* not good but we never want to do this */ ++ time(&t); ++ canary = *(unsigned int *)&t + getpid() << 16 + last_canary; ++ last_canary ^= (canary << 5) | (canary >> (32-5)); ++ return (canary); ++} ++ ++#endif ++ ++ ++/* ++ * Local variables: ++ * tab-width: 4 ++ * c-basic-offset: 4 ++ * End: ++ * vim600: sw=4 ts=4 fdm=marker ++ * vim<600: sw=4 ts=4 ++ */ +diff -Nura php-5.2.3/Zend/zend_compile.c suhosin-patch-5.2.3-0.9.6.2/Zend/zend_compile.c +--- php-5.2.3/Zend/zend_compile.c 2007-05-18 15:12:03.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_compile.c 2007-06-01 11:03:54.000000000 +0200 +@@ -54,7 +54,6 @@ + property_info->name = zend_strndup(property_info->name, property_info->name_length); + } + +- + static void zend_destroy_property_info(zend_property_info *property_info) + { + efree(property_info->name); +@@ -68,6 +67,10 @@ + { + free(property_info->name); + } ++#if SUHOSIN_PATCH ++void *suhosin_zend_destroy_property_info_internal = zend_destroy_property_info_internal; ++void *suhosin_zend_destroy_property_info = zend_destroy_property_info; ++#endif + + static void build_runtime_defined_function_key(zval *result, char *name, int name_length TSRMLS_DC) + { +diff -Nura php-5.2.3/Zend/zend_compile.h suhosin-patch-5.2.3-0.9.6.2/Zend/zend_compile.h +--- php-5.2.3/Zend/zend_compile.h 2007-05-18 15:12:04.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_compile.h 2007-06-01 11:03:54.000000000 +0200 +@@ -564,6 +564,11 @@ + + int zendlex(znode *zendlval TSRMLS_DC); + ++#if SUHOSIN_PATCH ++extern void *suhosin_zend_destroy_property_info_internal; ++extern void *suhosin_zend_destroy_property_info; ++#endif ++ + /* BEGIN: OPCODES */ + + #include "zend_vm_opcodes.h" +@@ -686,6 +691,7 @@ + + #define ZEND_RETURNS_FUNCTION 1<<0 + ++ + END_EXTERN_C() + + #define ZEND_CLONE_FUNC_NAME "__clone" +diff -Nura php-5.2.3/Zend/zend_constants.c suhosin-patch-5.2.3-0.9.6.2/Zend/zend_constants.c +--- php-5.2.3/Zend/zend_constants.c 2007-04-04 02:42:42.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_constants.c 2007-06-01 11:03:54.000000000 +0200 +@@ -110,6 +110,75 @@ + REGISTER_MAIN_LONG_CONSTANT("E_USER_NOTICE", E_USER_NOTICE, CONST_PERSISTENT | CONST_CS); + + REGISTER_MAIN_LONG_CONSTANT("E_ALL", E_ALL, CONST_PERSISTENT | CONST_CS); ++#if SUHOSIN_PATCH ++ REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS); ++ REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS); ++ ++ /* error levels */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT); ++ /* facility: type of program logging the message */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NEWS ++ /* No LOG_NEWS on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */ ++#endif ++#ifdef LOG_UUCP ++ /* No LOG_UUCP on HP-UX */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_CRON ++ /* apparently some systems don't have this one */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_AUTHPRIV ++ /* AIX doesn't have LOG_AUTHPRIV */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT); ++#endif ++#if !defined(PHP_WIN32) && !defined(NETWARE) ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT); ++#endif ++ /* options */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT); ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT); ++#ifdef LOG_NOWAIT ++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT); ++#endif ++#ifdef LOG_PERROR ++ /* AIX doesn't have LOG_PERROR */ ++ REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/ ++#endif ++#endif + + /* true/false constants */ + { +diff -Nura php-5.2.3/Zend/Zend.dsp suhosin-patch-5.2.3-0.9.6.2/Zend/Zend.dsp +--- php-5.2.3/Zend/Zend.dsp 2006-12-05 09:07:57.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/Zend.dsp 2007-06-01 11:03:54.000000000 +0200 +@@ -239,6 +239,10 @@ + # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File
+diff -Nura php-5.2.3/Zend/zend_errors.h suhosin-patch-5.2.3-0.9.6.2/Zend/zend_errors.h +--- php-5.2.3/Zend/zend_errors.h 2007-01-01 10:35:46.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_errors.h 2007-06-01 11:03:54.000000000 +0200 +@@ -39,6 +39,20 @@ + #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR) + #define E_CORE (E_CORE_ERROR | E_CORE_WARNING) + ++#if SUHOSIN_PATCH ++#define S_MEMORY (1<<0L) ++#define S_MISC (1<<1L) ++#define S_VARS (1<<2L) ++#define S_FILES (1<<3L) ++#define S_INCLUDE (1<<4L) ++#define S_SQL (1<<5L) ++#define S_EXECUTOR (1<<6L) ++#define S_MAIL (1<<7L) ++#define S_SESSION (1<<8L) ++#define S_INTERNAL (1<<29L) ++#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_SESSION | S_MISC | S_SQL | S_EXECUTOR) ++#endif ++ + #endif /* ZEND_ERRORS_H */ + + /* +diff -Nura php-5.2.3/Zend/zend.h suhosin-patch-5.2.3-0.9.6.2/Zend/zend.h +--- php-5.2.3/Zend/zend.h 2007-04-26 21:08:58.000000000 +0200 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend.h 2007-06-01 11:03:54.000000000 +0200 +@@ -520,6 +520,9 @@ + extern ZEND_API int (*zend_stream_open_function)(const char *filename, zend_file_handle *handle TSRMLS_DC); + extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap); + extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC); ++#if SUHOSIN_PATCH ++extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...); ++#endif + + + ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3); +@@ -650,6 +653,13 @@ + + #include "zend_variables.h" + ++#if SUHOSIN_PATCH ++#include "suhosin_globals.h" ++#include "php_syslog.h" ++ ++ZEND_API size_t zend_canary(); ++#endif ++ + #endif /* ZEND_H */ + + /* +diff -Nura php-5.2.3/Zend/zend_hash.c suhosin-patch-5.2.3-0.9.6.2/Zend/zend_hash.c +--- php-5.2.3/Zend/zend_hash.c 2007-02-21 15:11:00.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_hash.c 2007-06-01 11:03:54.000000000 +0200 +@@ -20,6 +20,7 @@ + /* $Id: zend_hash.c,v 1.121.2.4.2.7 2007/02/21 14:11:00 dmitry Exp $ */ + + #include "zend.h" ++#include "zend_compile.h" + + #define CONNECT_TO_BUCKET_DLLIST(element, list_head) \ + (element)->pNext = (list_head); \ +@@ -132,7 +133,189 @@ + (p)->pDataPtr=NULL; \ + } + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++MUTEX_T zend_hash_dprot_mx_reader; ++MUTEX_T zend_hash_dprot_mx_writer; ++unsigned int zend_hash_dprot_reader; ++#endif ++unsigned int zend_hash_dprot_counter; ++unsigned int zend_hash_dprot_curmax; ++dtor_func_t *zend_hash_dprot_table = NULL; ++ ++static void zend_hash_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((++(zend_hash_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_reader); ++ if ((--(zend_hash_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader); ++#endif ++} ++ ++static void zend_hash_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++static void zend_hash_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_hash_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_hash_dprot_mx_reader); ++ tsrm_mutex_free(zend_hash_dprot_mx_writer); ++#endif ++ free(zend_hash_dprot_table); ++}*/ ++ ++static void zend_hash_add_destructor(dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ if (zend_hash_dprot_table == NULL) { ++#ifdef ZTS ++ zend_hash_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_hash_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_hash_dprot_reader = 0; ++#endif ++ zend_hash_dprot_counter = 0; ++ zend_hash_dprot_curmax = 256; ++ zend_hash_dprot_table = (dtor_func_t *) malloc(256 * sizeof(dtor_func_t)); ++ } ++ ++ zend_hash_dprot_begin_write(); ++ ++ if (zend_hash_dprot_counter == 0) { ++ zend_hash_dprot_counter++; ++ zend_hash_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_hash_dprot_counter >= zend_hash_dprot_curmax) { ++ zend_hash_dprot_curmax += 256; ++ zend_hash_dprot_table = (dtor_func_t *) realloc(zend_hash_dprot_table, zend_hash_dprot_curmax * sizeof(dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_hash_dprot_table[left] < value) { ++ memmove(zend_hash_dprot_table+left+2, zend_hash_dprot_table+left+1, (zend_hash_dprot_counter-left-1)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_hash_dprot_table+left+1, zend_hash_dprot_table+left, (zend_hash_dprot_counter-left)*sizeof(dtor_func_t)); ++ zend_hash_dprot_table[left] = pDestructor; ++ } ++ ++ zend_hash_dprot_counter++; ++ } ++ } ++ ++ zend_hash_dprot_end_write(); ++} ++ ++static void zend_hash_check_destructor(dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR ++#ifdef ZEND_ENGINE_2 ++ || pDestructor == suhosin_zend_destroy_property_info_internal || pDestructor == suhosin_zend_destroy_property_info ++#endif ++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) { ++ return; ++ } ++ ++ zend_hash_dprot_begin_read(); ++ ++ if (zend_hash_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_hash_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_hash_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_hash_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_hash_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_hash_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor"); ++ exit(1); ++ return; ++ } ++ ++ } ++ ++ zend_hash_dprot_end_read(); ++} + ++#else ++#define zend_hash_add_destructor(pDestructor) do {} while(0) ++#define zend_hash_check_destructor(pDestructor) do {} while(0) ++#endif + + ZEND_API int _zend_hash_init(HashTable *ht, uint nSize, hash_func_t pHashFunction, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC) + { +@@ -153,6 +336,7 @@ + + ht->nTableMask = ht->nTableSize - 1; + ht->pDestructor = pDestructor; ++ zend_hash_add_destructor(pDestructor); + ht->arBuckets = NULL; + ht->pListHead = NULL; + ht->pListTail = NULL; +@@ -230,6 +414,8 @@ + return FAILURE; + } + #endif ++ ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -295,6 +481,7 @@ + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -370,6 +557,7 @@ + return FAILURE; + } + #endif ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -493,6 +681,7 @@ + if (ht->pInternalPointer == p) { + ht->pInternalPointer = p->pListNext; + } ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +@@ -518,6 +707,8 @@ + + SET_INCONSISTENT(HT_IS_DESTROYING); + ++ zend_hash_check_destructor(ht->pDestructor); ++ + p = ht->pListHead; + while (p != NULL) { + q = p; +@@ -544,6 +735,8 @@ + + SET_INCONSISTENT(HT_CLEANING); + ++ zend_hash_check_destructor(ht->pDestructor); ++ + p = ht->pListHead; + while (p != NULL) { + q = p; +@@ -607,6 +800,7 @@ + ht->nNumOfElements--; + HANDLE_UNBLOCK_INTERRUPTIONS(); + ++ zend_hash_check_destructor(ht->pDestructor); + if (ht->pDestructor) { + ht->pDestructor(p->pData); + } +diff -Nura php-5.2.3/Zend/zend_llist.c suhosin-patch-5.2.3-0.9.6.2/Zend/zend_llist.c +--- php-5.2.3/Zend/zend_llist.c 2007-02-16 09:33:28.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/zend_llist.c 2007-06-01 11:03:54.000000000 +0200 +@@ -23,6 +23,184 @@ + #include "zend_llist.h" + #include "zend_qsort.h" + ++#if SUHOSIN_PATCH ++#ifdef ZTS ++MUTEX_T zend_llist_dprot_mx_reader; ++MUTEX_T zend_llist_dprot_mx_writer; ++unsigned int zend_llist_dprot_reader; ++#endif ++unsigned int zend_llist_dprot_counter; ++unsigned int zend_llist_dprot_curmax; ++llist_dtor_func_t *zend_llist_dprot_table = NULL; ++ ++static void zend_llist_dprot_begin_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((++(zend_llist_dprot_reader)) == 1) { ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_end_read() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_reader); ++ if ((--(zend_llist_dprot_reader)) == 0) { ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++ } ++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader); ++#endif ++} ++ ++static void zend_llist_dprot_begin_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_lock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++static void zend_llist_dprot_end_write() ++{ ++#ifdef ZTS ++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer); ++#endif ++} ++ ++/*ZEND_API void zend_llist_dprot_dtor() ++{ ++#ifdef ZTS ++ tsrm_mutex_free(zend_llist_dprot_mx_reader); ++ tsrm_mutex_free(zend_llist_dprot_mx_writer); ++#endif ++ free(zend_llist_dprot_table); ++}*/ ++ ++static void zend_llist_add_destructor(llist_dtor_func_t pDestructor) ++{ ++ int left, right, mid; ++ zend_bool found = 0; ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ if (zend_llist_dprot_table == NULL) { ++#ifdef ZTS ++ zend_llist_dprot_mx_reader = tsrm_mutex_alloc(); ++ zend_llist_dprot_mx_writer = tsrm_mutex_alloc(); ++ zend_llist_dprot_reader = 0; ++#endif ++ zend_llist_dprot_counter = 0; ++ zend_llist_dprot_curmax = 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) malloc(256 * sizeof(llist_dtor_func_t)); ++ } ++ ++ zend_llist_dprot_begin_write(); ++ ++ if (zend_llist_dprot_counter == 0) { ++ zend_llist_dprot_counter++; ++ zend_llist_dprot_table[0] = pDestructor; ++ } else { ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ mid = 0; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ ++ if (zend_llist_dprot_counter >= zend_llist_dprot_curmax) { ++ zend_llist_dprot_curmax += 256; ++ zend_llist_dprot_table = (llist_dtor_func_t *) realloc(zend_llist_dprot_table, zend_llist_dprot_curmax * sizeof(llist_dtor_func_t)); ++ } ++ ++ if ((unsigned long)zend_llist_dprot_table[left] < value) { ++ memmove(zend_llist_dprot_table+left+2, zend_llist_dprot_table+left+1, (zend_llist_dprot_counter-left-1)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left+1] = pDestructor; ++ } else { ++ memmove(zend_llist_dprot_table+left+1, zend_llist_dprot_table+left, (zend_llist_dprot_counter-left)*sizeof(llist_dtor_func_t)); ++ zend_llist_dprot_table[left] = pDestructor; ++ } ++ ++ zend_llist_dprot_counter++; ++ } ++ } ++ ++ zend_llist_dprot_end_write(); ++} ++ ++static void zend_llist_check_destructor(llist_dtor_func_t pDestructor) ++{ ++ unsigned long value; ++ ++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) { ++ return; ++ } ++ ++ zend_llist_dprot_begin_read(); ++ ++ if (zend_llist_dprot_counter > 0) { ++ int left, right, mid; ++ zend_bool found = 0; ++ ++ value = (unsigned long) pDestructor; ++ left = 0; ++ right = zend_llist_dprot_counter-1; ++ ++ while (left < right) { ++ mid = (right - left) >> 1; ++ mid += left; ++ if ((unsigned long)zend_llist_dprot_table[mid] == value) { ++ found = 1; ++ break; ++ } ++ if (value < (unsigned long)zend_llist_dprot_table[mid]) { ++ right = mid-1; ++ } else { ++ left = mid+1; ++ } ++ } ++ if ((unsigned long)zend_llist_dprot_table[left] == value) { ++ found = 1; ++ } ++ ++ if (!found) { ++ zend_llist_dprot_end_read(); ++ ++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor"); ++ exit(1); ++ return; ++ } ++ ++ } ++ ++ zend_llist_dprot_end_read(); ++} ++#else ++#define zend_llist_add_destructor(pDestructor) do {} while(0) ++#define zend_llist_check_destructor(pDestructor) do {} while(0) ++#endif ++ + ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent) + { + l->head = NULL; +@@ -30,6 +208,7 @@ + l->count = 0; + l->size = size; + l->dtor = dtor; ++ zend_llist_add_destructor(dtor); + l->persistent = persistent; + } + +@@ -81,6 +260,7 @@ + } else {\ + (l)->tail = (current)->prev;\ + }\ ++ zend_llist_check_destructor((l)->dtor); \ + if ((l)->dtor) {\ + (l)->dtor((current)->data);\ + }\ +@@ -108,6 +288,7 @@ + { + zend_llist_element *current=l->head, *next; + ++ zend_llist_check_destructor(l->dtor); + while (current) { + next = current->next; + if (l->dtor) { +@@ -133,6 +314,7 @@ + zend_llist_element *old_tail; + void *data; + ++ zend_llist_check_destructor(l->dtor); + if ((old_tail = l->tail)) { + if (old_tail->prev) { + old_tail->prev->next = NULL; +diff -Nura php-5.2.3/Zend/ZendTS.dsp suhosin-patch-5.2.3-0.9.6.2/Zend/ZendTS.dsp +--- php-5.2.3/Zend/ZendTS.dsp 2006-12-05 09:07:57.000000000 +0100 ++++ suhosin-patch-5.2.3-0.9.6.2/Zend/ZendTS.dsp 2007-06-01 11:03:54.000000000 +0200 +@@ -273,6 +273,10 @@ + # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File
diff --git a/debian/rules b/debian/rules index dc31ba81a..8feb95ffe 100755 --- a/debian/rules +++ b/debian/rules @@ -47,6 +47,11 @@ ifneq (nostrip, $(findstring nostrip, $(DEB_BUILD_OPTIONS))) install_strip = -s endif +# conditionally you can enable the suhosin patch +ifneq (, $(findstring suhosin, $(DEB_BUILD_OPTIONS))) + SUHOSIN_STAMP = suhosin-stamp +endif + # Old magic.mime location: ifeq ($(wildcard /usr/share/misc/file/magic.mime), /usr/share/misc/file/magic.mime) MAGIC_MIME = /usr/share/misc/file/magic.mime @@ -113,13 +118,22 @@ BUILTIN_EXTENSION_CHECK=$$e=get_loaded_extensions(); natcasesort($$e); \ include /usr/share/quilt/quilt.make prepared: prepared-stamp -prepared-stamp: $(QUILT_STAMPFN) +prepared-stamp: $(QUILT_STAMPFN) $(SUHOSIN_STAMP) dh_testdir sed -i -e 's/EXTRA_VERSION=""/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/' configure.in rm -f aclocal.m4 config.sub config.guess ltmain.sh ./buildconf --force touch prepared-stamp +# rules to apply the suhosin patch +suhosin-stamp: $(QUILT_STAMPFN) + patch -p1 < debian/patches/suhosin.patch + # the suhosin patches patch both configure/configure.in, so let's + # make configure.in and the sapi modules show up as newer + touch configure.in + touch sapi/*.m4 + touch suhosin-stamp + unprepared: dh_testdir sed -i -e 's/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/EXTRA_VERSION=""/' configure.in @@ -146,7 +160,7 @@ build-cli-stamp: configure-cli-stamp build-cgi-stamp: configure-cgi-stamp dh_testdir - cd cgi-build && $(MAKE) && mv sapi/cgi/php sapi/cgi/cgi-bin.php5 + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/cgi-bin.php5 # Dirty hack to not rebuild everything twice cd cgi-build/main && \ @@ -156,7 +170,7 @@ build-cgi-stamp: configure-cgi-stamp touch ../../ext/standard/info.c && \ touch ../../sapi/cgi/cgi_main.c - cd cgi-build && $(MAKE) && mv sapi/cgi/php sapi/cgi/usr.bin.php5-cgi + cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/usr.bin.php5-cgi touch build-cgi-stamp @@ -292,6 +306,12 @@ clean: unprepared rm -f debian/$${sapi}.$${cruft}; \ done; \ done + if [ "$(SUHOSIN_STAMP)" ]; then \ + if [ -f "$(SUHOSIN_STAMP)" ]; then \ + patch -p1 -R < debian/patches/suhosin.patch; \ + rm -f "$(SUHOSIN_STAMP)"; \ + fi; \ + fi install: DH_OPTIONS= install: build |