Fix couple of PHP-FPM bugs unsuitable for release

Conflicts:
	debian/patches/series

7 files changed, 327 insertions, 0 deletions

diff --git a/debian/patches/bug68381.patch b/debian/patches/bug68381.patch
new file mode 100644
index 000000000..2974b5382
--- /dev/null
+++ b/debian/patches/bug68381.patch
@@ -0,0 +1,19 @@
+--- php5.orig/sapi/fpm/fpm/fpm_unix.c
++++ php5/sapi/fpm/fpm/fpm_unix.c
+@@ -266,6 +266,8 @@ int fpm_unix_init_main() /* {{{ */
+ 	struct fpm_worker_pool_s *wp;
+ 	int is_root = !geteuid();
+ 
++	zlog_set_level(fpm_globals.log_level);
++
+ 	if (fpm_global_config.rlimit_files) {
+ 		struct rlimit r;
+ 
+@@ -396,7 +398,6 @@ int fpm_unix_init_main() /* {{{ */
+ 		}
+ 	}
+ 
+-	zlog_set_level(fpm_globals.log_level);
+ 	return 0;
+ }
+ /* }}} */
diff --git a/debian/patches/bug68420.patch b/debian/patches/bug68420.patch
new file mode 100644
index 000000000..533cf0abc
--- /dev/null
+++ b/debian/patches/bug68420.patch
@@ -0,0 +1,33 @@
+--- php5.orig/sapi/fpm/fpm/fpm_sockets.c
++++ php5/sapi/fpm/fpm/fpm_sockets.c
+@@ -274,13 +274,23 @@ static int fpm_socket_af_inet_listening_
+ 		return -1;
+ 	}
+ 
+-	// strip brackets from address for getaddrinfo
+-	if (addr != NULL) {
+-		addr_len = strlen(addr);
+-		if (addr[0] == '[' && addr[addr_len - 1] == ']') {
+-			addr[addr_len - 1] = '\0';
+-			addr++;
+-		}
++	if (!addr) {
++		/* no address: default documented behavior, all IPv4 addresses */
++		struct sockaddr_in sa_in;
++
++		memset(&sa_in, 0, sizeof(sa_in));
++		sa_in.sin_family = AF_INET;
++		sa_in.sin_port = htons(port);
++		sa_in.sin_addr.s_addr = htonl(INADDR_ANY);
++		free(dup_address);
++		return fpm_sockets_get_listening_socket(wp, (struct sockaddr *) &sa_in, sizeof(struct sockaddr_in));
++	}
++
++	/* strip brackets from address for getaddrinfo */
++	addr_len = strlen(addr);
++	if (addr[0] == '[' && addr[addr_len - 1] == ']') {
++		addr[addr_len - 1] = '\0';
++		addr++;
+ 	}
+ 
+ 	memset(&hints, 0, sizeof hints);
diff --git a/debian/patches/bug68421.patch b/debian/patches/bug68421.patch
new file mode 100644
index 000000000..e02145a81
--- /dev/null
+++ b/debian/patches/bug68421.patch
@@ -0,0 +1,64 @@
+--- php5.orig/sapi/fpm/fpm/fastcgi.c
++++ php5/sapi/fpm/fpm/fastcgi.c
+@@ -137,6 +137,7 @@ typedef union _sa_t {
+ 	struct sockaddr     sa;
+ 	struct sockaddr_un  sa_unix;
+ 	struct sockaddr_in  sa_inet;
++	struct sockaddr_in6 sa_inet6;
+ } sa_t;
+ 
+ static HashTable fcgi_mgmt_vars;
+@@ -1094,12 +1095,27 @@ void fcgi_free_mgmt_var_cb(void * ptr)
+ 	pefree(*var, 1);
+ }
+ 
+-char *fcgi_get_last_client_ip() /* {{{ */
++const char *fcgi_get_last_client_ip() /* {{{ */
+ {
+-	if (client_sa.sa.sa_family == AF_UNIX) {
+-		return NULL;
++	static char str[INET6_ADDRSTRLEN];
++
++	/* Ipv4 */
++	if (client_sa.sa.sa_family == AF_INET) {
++		return inet_ntop(client_sa.sa.sa_family, &client_sa.sa_inet.sin_addr, str, INET6_ADDRSTRLEN);
++	}
++#ifdef IN6_IS_ADDR_V4MAPPED
++	/* Ipv4-Mapped-Ipv6 */
++	if (client_sa.sa.sa_family == AF_INET6
++		&& IN6_IS_ADDR_V4MAPPED(&client_sa.sa_inet6.sin6_addr)) {
++		return inet_ntop(AF_INET, ((char *)&client_sa.sa_inet6.sin6_addr)+12, str, INET6_ADDRSTRLEN);
+ 	}
+-	return inet_ntoa(client_sa.sa_inet.sin_addr);
++#endif
++	/* Ipv6 */
++	if (client_sa.sa.sa_family == AF_INET6) {
++		return inet_ntop(client_sa.sa.sa_family, &client_sa.sa_inet6.sin6_addr, str, INET6_ADDRSTRLEN);
++	}
++	/* Unix socket */
++	return NULL;
+ }
+ /* }}} */
+ /*
+--- php5.orig/sapi/fpm/fpm/fastcgi.h
++++ php5/sapi/fpm/fpm/fastcgi.h
+@@ -133,7 +133,7 @@ int fcgi_flush(fcgi_request *req, int cl
+ void fcgi_set_mgmt_var(const char * name, size_t name_len, const char * value, size_t value_len);
+ void fcgi_free_mgmt_var_cb(void * ptr);
+ 
+-char *fcgi_get_last_client_ip();
++const char *fcgi_get_last_client_ip();
+ 
+ /*
+  * Local variables:
+--- php5.orig/sapi/fpm/fpm/fpm_log.c
++++ php5/sapi/fpm/fpm/fpm_log.c
+@@ -367,7 +367,7 @@ int fpm_log_write(char *log_format TSRML
+ 
+ 				case 'R': /* remote IP address */
+ 					if (!test) {
+-						char *tmp = fcgi_get_last_client_ip();
++						const char *tmp = fcgi_get_last_client_ip();
+ 						len2 = snprintf(b, FPM_LOG_BUFFER - len, "%s", tmp ? tmp : "-");
+ 					}
+ 					break;
diff --git a/debian/patches/bug68423.patch b/debian/patches/bug68423.patch
new file mode 100644
index 000000000..6de7a6c92
--- /dev/null
+++ b/debian/patches/bug68423.patch
@@ -0,0 +1,38 @@
+--- php5.orig/sapi/fpm/fpm/fpm_sockets.c
++++ php5/sapi/fpm/fpm/fpm_sockets.c
+@@ -85,13 +85,24 @@ static void *fpm_get_in_addr(struct sock
+ }
+ /* }}} */
+ 
++static int fpm_get_in_port(struct sockaddr *sa) /* {{{ */
++{
++    if (sa->sa_family == AF_INET) {
++        return ntohs(((struct sockaddr_in*)sa)->sin_port);
++    }
++
++    return ntohs(((struct sockaddr_in6*)sa)->sin6_port);
++}
++/* }}} */
++
+ static int fpm_sockets_hash_op(int sock, struct sockaddr *sa, char *key, int type, int op) /* {{{ */
+ {
+ 	if (key == NULL) {
+ 		switch (type) {
+ 			case FPM_AF_INET : {
+-				key = alloca(INET6_ADDRSTRLEN);
+-				inet_ntop(sa->sa_family, fpm_get_in_addr(sa), key, sizeof key);
++				key = alloca(INET6_ADDRSTRLEN+10);
++				inet_ntop(sa->sa_family, fpm_get_in_addr(sa), key, INET6_ADDRSTRLEN);
++				sprintf(key+strlen(key), ":%d", fpm_get_in_port(sa));
+ 				break;
+ 			}
+ 
+@@ -246,7 +257,7 @@ static int fpm_socket_af_inet_listening_
+ 	char *addr = NULL;
+ 	int addr_len;
+ 	int port = 0;
+-	int sock;
++	int sock = -1;
+ 	int status;
+ 
+ 	if (port_str) { /* this is host:port pair */
diff --git a/debian/patches/bug68428.patch b/debian/patches/bug68428.patch
new file mode 100644
index 000000000..fa10d86a1
--- /dev/null
+++ b/debian/patches/bug68428.patch
@@ -0,0 +1,148 @@
+--- php5.orig/Zend/zend_execute_API.c
++++ php5/Zend/zend_execute_API.c
+@@ -1236,6 +1236,10 @@ ZEND_API void zend_timeout(int dummy) /*
+ #ifdef ZEND_WIN32
+ static LRESULT CALLBACK zend_timeout_WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) /* {{{ */
+ {
++#ifdef ZTS
++	THREAD_T thread_id = (THREAD_T)wParam;
++#endif
++
+ 	switch (message) {
+ 		case WM_DESTROY:
+ 			PostQuitMessage(0);
+@@ -1250,7 +1254,7 @@ static LRESULT CALLBACK zend_timeout_Wnd
+ #endif
+ 				SetTimer(timeout_window, wParam, lParam*1000, NULL);
+ #ifdef ZTS
+-				tsrm_ls = ts_resource_ex(0, &wParam);
++				tsrm_ls = ts_resource_ex(0, &thread_id);
+ 				if (!tsrm_ls) {
+ 					/* shouldn't normally happen */
+ 					break;
+@@ -1267,7 +1271,7 @@ static LRESULT CALLBACK zend_timeout_Wnd
+ #ifdef ZTS
+ 				void ***tsrm_ls;
+ 
+-				tsrm_ls = ts_resource_ex(0, &wParam);
++				tsrm_ls = ts_resource_ex(0, &thread_id);
+ 				if (!tsrm_ls) {
+ 					/* Thread died before receiving its timeout? */
+ 					break;
+--- php5.orig/sapi/fpm/fpm/fastcgi.c
++++ php5/sapi/fpm/fpm/fastcgi.c
+@@ -144,7 +144,7 @@ static HashTable fcgi_mgmt_vars;
+ 
+ static int is_initialized = 0;
+ static int in_shutdown = 0;
+-static in_addr_t *allowed_clients = NULL;
++static sa_t *allowed_clients = NULL;
+ 
+ static sa_t client_sa;
+ 
+@@ -267,14 +267,18 @@ void fcgi_set_allowed_clients(char *ip)
+ 				*end = 0;
+ 				end++;
+ 			}
+-			allowed_clients[n] = inet_addr(cur);
+-			if (allowed_clients[n] == INADDR_NONE) {
++			if (inet_pton(AF_INET, cur, &allowed_clients[n].sa_inet.sin_addr)>0) {
++				allowed_clients[n].sa.sa_family = AF_INET;
++				n++;
++			} else if (inet_pton(AF_INET6, cur, &allowed_clients[n].sa_inet6.sin6_addr)>0) {
++				allowed_clients[n].sa.sa_family = AF_INET6;
++				n++;
++			} else {
+ 				zlog(ZLOG_ERROR, "Wrong IP address '%s' in listen.allowed_clients", cur);
+ 			}
+-			n++;
+ 			cur = end;
+ 		}
+-		allowed_clients[n] = INADDR_NONE;
++		allowed_clients[n].sa.sa_family = 0;
+ 		free(ip);
+ 	}
+ }
+@@ -760,6 +764,43 @@ void fcgi_close(fcgi_request *req, int f
+ 	}
+ }
+ 
++static int fcgi_is_allowed() {
++	int i;
++
++	if (client_sa.sa.sa_family == AF_UNIX) {
++		return 1;
++	}
++	if (!allowed_clients) {
++		return 1;
++	}
++	if (client_sa.sa.sa_family == AF_INET) {
++		for (i=0 ; allowed_clients[i].sa.sa_family ; i++) {
++			if (allowed_clients[i].sa.sa_family == AF_INET
++				&& !memcmp(&client_sa.sa_inet.sin_addr, &allowed_clients[i].sa_inet.sin_addr, 4)) {
++				return 1;
++			}
++		}
++	}
++	if (client_sa.sa.sa_family == AF_INET6) {
++		for (i=0 ; allowed_clients[i].sa.sa_family ; i++) {
++			if (allowed_clients[i].sa.sa_family == AF_INET6
++				&& !memcmp(&client_sa.sa_inet6.sin6_addr, &allowed_clients[i].sa_inet6.sin6_addr, 12)) {
++				return 1;
++			}
++#ifdef IN6_IS_ADDR_V4MAPPED
++			if (allowed_clients[i].sa.sa_family == AF_INET
++			    && IN6_IS_ADDR_V4MAPPED(&client_sa.sa_inet6.sin6_addr)
++				&& !memcmp(((char *)&client_sa.sa_inet6.sin6_addr)+12, &allowed_clients[i].sa_inet.sin_addr, 4)) {
++				return 1;
++			}
++#endif
++		}
++	}
++
++	zlog(ZLOG_ERROR, "Connection disallowed: IP address '%s' has been dropped.", fcgi_get_last_client_ip());
++	return 0;
++}
++
+ int fcgi_accept_request(fcgi_request *req)
+ {
+ #ifdef _WIN32
+@@ -810,23 +851,10 @@ int fcgi_accept_request(fcgi_request *re
+ 					FCGI_UNLOCK(req->listen_socket);
+ 
+ 					client_sa = sa;
+-					if (sa.sa.sa_family == AF_INET && req->fd >= 0 && allowed_clients) {
+-						int n = 0;
+-						int allowed = 0;
+-
+-						while (allowed_clients[n] != INADDR_NONE) {
+-							if (allowed_clients[n] == sa.sa_inet.sin_addr.s_addr) {
+-								allowed = 1;
+-								break;
+-							}
+-							n++;
+-						}
+-						if (!allowed) {
+-							zlog(ZLOG_ERROR, "Connection disallowed: IP address '%s' has been dropped.", inet_ntoa(sa.sa_inet.sin_addr));
+-							closesocket(req->fd);
+-							req->fd = -1;
+-							continue;
+-						}
++					if (req->fd >= 0 && !fcgi_is_allowed()) {
++						closesocket(req->fd);
++						req->fd = -1;
++						continue;
+ 					}
+ 				}
+ 
+--- php5.orig/sapi/fpm/php-fpm.conf.in
++++ php5/sapi/fpm/php-fpm.conf.in
+@@ -177,7 +177,7 @@ listen = /var/run/php5-fpm.sock
+ ;listen.group = @php_fpm_group@
+ ;listen.mode = 0660
+  
+-; List of ipv4 addresses of FastCGI clients which are allowed to connect.
++; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
+ ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+ ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+ ; must be separated by a comma. If this value is left blank, connections will be
diff --git a/debian/patches/fpm-ipv6-comments.patch b/debian/patches/fpm-ipv6-comments.patch
new file mode 100644
index 000000000..da38ade37
--- /dev/null
+++ b/debian/patches/fpm-ipv6-comments.patch
@@ -0,0 +1,19 @@
+--- php5.orig/sapi/fpm/php-fpm.conf.in
++++ php5/sapi/fpm/php-fpm.conf.in
+@@ -154,12 +154,14 @@ group = @php_fpm_group@
+ 
+ ; The address on which to accept FastCGI requests.
+ ; Valid syntaxes are:
+-;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
++;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+ ;                            a specific port;
+ ;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+ ;                            a specific port;
+-;   'port'                 - to listen on a TCP socket to all addresses on a
++;   'port'                 - to listen on a TCP socket to all IPv4 addresses on a
+ ;                            specific port;
++;   '[::]:port'            - to listen on a TCP socket to all addresses
++;                            (IPv6 and IPv4-mapped) on a specific port;
+ ;   '/path/to/unix/socket' - to listen on a unix socket.
+ ; Note: This value is mandatory.
+ listen = /var/run/php5-fpm.sock
diff --git a/debian/patches/series b/debian/patches/series
index afdb05734..ac0c31b26 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -46,3 +46,9 @@ hack-phpdbg-to-explicitly-link-with-libedit.patch
 php-fpm-getallheaders.patch
 0001-Fix-ZEND_MM_ALIGNMENT-on-m64k.patch
 php68104.patch
+bug68421.patch
+bug68423.patch
+bug68420.patch
+bug68428.patch
+bug68381.patch
+fpm-ipv6-comments.patch