19838509 upgrade php to version 5.3.29
18857741 problem in UTILITY/PHP
18890894 problem in UTILITY/PHP
18890895 problem in UTILITY/PHP
19003253 problem in UTILITY/PHP
19167518 problem in UTILITY/PHP
19519142 problem in UTILITY/PHP
19556437 problem in UTILITY/PHP
19707971 problem in UTILITY/PHP
19796954 problem in UTILITY/PHP
20258327 problem in UTILITY/PHP
20488612 announce PHP 5.2 EOF in man page
--- a/components/php-5_2/common.mk Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_2/common.mk Wed Feb 11 10:30:02 2015 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
#
PHP_REL= 5.2
@@ -161,7 +161,7 @@
CONF_ENVLINE += \
LIBS="$(LIBS)" \
EXTENSION_DIR=$(MODULES_DIR) \
- PHP_PEAR_CACHE_DIR=/var/tmp/pear/cache \
+ PHP_PEAR_CACHE_DIR=/var/cache/php-pear \
PHP_PEAR_DOWNLOAD_DIR=/var/tmp/pear/cache \
PHP_PEAR_EXTENSION_DIR=/var/php/$(PHP_REL)/modules \
PHP_PEAR_INSTALL_DIR=/var/php/$(PHP_REL)/pear \
--- a/components/php-5_2/php-sapi/Makefile Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_2/php-sapi/Makefile Wed Feb 11 10:30:02 2015 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
#
include ../../../make-rules/shared-macros.mk
@@ -88,9 +88,9 @@
set -e; \
cat $(BUILD_DIR_32)/scripts/phpize | \
sed -e "s,^\#!/bin/sh,\#!$(CONFIG_SHELL)," | \
- sed -e "s%^prefix=.*%prefix=$(SOURCE_DIR)%" | \
- sed -e "s%^includedir=.*%includedir=$(SOURCE_DIR)%" | \
- sed -e "s%^phpdir=.*%phpdir=$(SOURCE_DIR)%" | \
+ sed -e "s%^prefix=.*%prefix=$(BUILD_DIR_32)%" | \
+ sed -e "s%^includedir=.*%includedir=$(BUILD_DIR_32)%" | \
+ sed -e "s%^phpdir=.*%phpdir=$(BUILD_DIR_32)%" | \
sed -e "s%phpdir/phpize.m4%phpdir/scripts/phpize.m4%" | \
sed -e "s%$PHP_AUTOCONF || exit 1%$PHP_AUTOCONF -f || exit 1%" | \
sed -e "s%$PHP_AUTOHEADER || exit 1%$PHP_AUTOHEADER -f || exit 1%" | \
@@ -101,8 +101,8 @@
( set -e; \
cat $(BUILD_DIR_32)/scripts/php-config | \
sed -e "s,^\#! /bin/sh,\#!$(CONFIG_SHELL)," | \
- sed -e "s%^prefix=.*%prefix=$(SOURCE_DIR)%" | \
- sed -e "s%^include_dir=.*%include_dir=$(SOURCE_DIR)%" \
+ sed -e "s%^prefix=.*%prefix=$(BUILD_DIR_32)%" | \
+ sed -e "s%^include_dir=.*%include_dir=$(BUILD_DIR_32)%" \
> php-config-proto ; \
chmod 755 php-config-proto ) ; \
( set -e; \
@@ -120,12 +120,12 @@
$(CP) $(COMPONENT_DIR)/../Solaris/php$(PHP_REL).conf \
$(PROTO_DIR)/$(APACHE2_PHP)/php$(PHP_REL).conf; \
$(CHMOD) 644 $(PROTO_DIR)/$(APACHE2_PHP)/php$(PHP_REL).conf; \
- $(SYMLINK) php$(PHP_REL).conf \
- $(PROTO_DIR)/$(APACHE2_PHP)/php.conf; \
+ cd $(PROTO_DIR)/$(APACHE2_PHP); \
+ $(SYMLINK) php$(PHP_REL).conf php.conf; \
$(CP) $(PROTO_DIR)/$(APACHE2_EXTDIR)/libphp5.so \
$(PROTO_DIR)/$(APACHE2_EXTDIR)/mod_php$(PHP_REL).so; \
- $(SYMLINK) $(PROTO_DIR)/$(APACHE2_EXTDIR)/mod_php$(PHP_REL).so \
- $(PROTO_DIR)/$(APACHE2_EXTDIR)/mod_php5.so; \
+ cd $(PROTO_DIR)/$(APACHE2_EXTDIR); \
+ $(SYMLINK) mod_php$(PHP_REL).so mod_php5.so; \
)
# Ship a default php.ini to simplify ease of use.
@@ -217,6 +217,8 @@
CLEAN_PATHS += php.ini-patched
# common targets
+configure: $(CONFIGURE_32)
+
build: $(BUILD_32)
install: $(INSTALL_32) PHP-NSAPI_INSTALL PHP-CGI_INSTALL
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_2/php-sapi/patches/60_php_18857741.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,32 @@
+Fix for CVE-2014-2497
+Patch:
+http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420
+Code:
+http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420
+Verified by hand that it patches the correct code
+but needed one slight tweak needing return instead of goto.
+
+
+diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c
+index 73f86e5..b69414e 100644
+--- a/ext/gd/libgd/gdxpm.c
++++ b/ext/gd/libgd/gdxpm.c
[email protected]@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
+ if (ret != XpmSuccess) {
+ return 0;
+ }
++ number = image.ncolors;
++ for(i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color) {
++ return 0;
++ }
++ }
+
+ if (!(im = gdImageCreate(image.width, image.height))) {
+ return 0;
+ }
+
+- number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
+ switch (strlen (image.colorTable[i].c_color)) {--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_2/php-sapi/patches/61_php_19003253.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,21 @@
+Fix for CVE-2014-4049
+Community bug:
+https://bugs.php.net/bug.php?id=67432
+Patch based on:
+https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
+Slightly modified from the above source as the context is slightly different.
+
+
+--- php-5.2.17/ext/standard/dns.c_orig 2010-01-03 01:23:27.000000000 -0800
++++ php-5.2.17/ext/standard/dns.c 2014-10-17 11:12:46.117985578 -0700
[email protected]@ -484,6 +484,10 @@
+
+ while (ll < dlen) {
+ n = cp[ll];
++ if ((ll + n) >= dlen) {
++ // Invalid chunk length, truncate
++ n = dlen - (ll + 1);
++ }
+ memcpy(tp + ll , cp + ll + 1, n);
+ ll = ll + n + 1;
+ }--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_2/php-sapi/patches/62_php_19167518.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,54 @@
+Fix for CVE-2014-4721
+Bug:
+https://bugs.php.net/bug.php?id=67498
+Patch:
+https://bugs.php.net/patch-display.php?bug=67498&patch=bug67948-patch&revision=1403508072
+Slightly modified to correct for diff context.
+
+
+diff --git a/ext/standard/info.c b/ext/standard/info.c
+index 70b2e2f..0f15bbe 100644
+--- a/ext/standard/info.c
++++ b/ext/standard/info.c
[email protected]@ -875,16 +875,16 @@ PHPAPI void php_print_info(int flag TSRMLS_DC)
+
+ php_info_print_table_start();
+ php_info_print_table_header(2, "Variable", "Value");
+- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data));
+ }
+- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data));
+ }
+- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data));
+ }
+- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data));
+ }
+ php_print_gpcse_array("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
+diff --git a/ext/standard/tests/general_functions/bug67498.phpt b/ext/standard/tests/general_functions/bug67498.phpt
+new file mode 100644
+index 0000000..5b5951b
+--- /dev/null
++++ b/ext/standard/tests/general_functions/bug67498.phpt
[email protected]@ -0,0 +1,15 @@
++--TEST--
++phpinfo() Type Confusion Information Leak Vulnerability
++--FILE--
++<?php
++$PHP_SELF = 1;
++phpinfo(INFO_VARIABLES);
++
++?>
++==DONE==
++--EXPECTF--
++phpinfo()
++
++PHP Variables
++%A
++==DONE==--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_2/php-sapi/patches/63_php_19796954.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,29 @@
+Fix for CVE-2014-8088
+Patch:
+http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
+Code:
+http://git.php.net/?p=php-src.git;a=commitdiff;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
+Verified by hand that it patches the correct code.
+
+
+diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
+index 10daa82..da5aa5f 100644
+--- a/ext/ldap/ldap.c
++++ b/ext/ldap/ldap.c
[email protected]@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
+ RETURN_FALSE;
+ }
+
++ if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
++ RETURN_FALSE;
++ }
++
++ if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
++ RETURN_FALSE;
++ }
++
+ ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
+
+ if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_2/php-sapi/patches/64_php_19556437.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,255 @@
+Fix for CVE-2014-3597
+Patch:
+http://git.php.net/?p=php-src.git;a=commitdiff;h=2fefae47716d501aec41c1102f3fd4531f070b05
+This patch was created by hand from the above community diff.
+
+
+--- php-5.2.17/ext/standard/dns.c_orig 2014-10-29 09:08:05.187565521 -0700
++++ php-5.2.17/ext/standard/dns.c 2014-11-04 10:54:59.065340474 -0800
[email protected]@ -396,8 +396,14 @@
+ #define php_dns_free_res(__res__)
+ #endif
+
++#define CHECKCP(n) do { \
++ if (cp + n > end) { \
++ return NULL; \
++ } \
++} while (0)
++
+ /* {{{ php_parserr */
+-static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int store, zval **subarray)
++static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_to_fetch, int store, zval **subarray)
+ {
+ u_short type, class, dlen;
+ u_long ttl;
[email protected]@ -409,16 +415,18 @@
+
+ *subarray = NULL;
+
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, sizeof(name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
+ cp += n;
+
++ CHECKCP(10);
+ GETSHORT(type, cp);
+ GETSHORT(class, cp);
+ GETLONG(ttl, cp);
+ GETSHORT(dlen, cp);
++ CHECKCP(dlen);
+ if (type_to_fetch != T_ANY && type != type_to_fetch) {
+ cp += dlen;
+ return cp;
[email protected]@ -435,12 +443,14 @@
+ add_assoc_string(*subarray, "host", name, 1);
+ switch (type) {
+ case DNS_T_A:
++ CHECKCP(4);
+ add_assoc_string(*subarray, "type", "A", 1);
+ snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);
+ add_assoc_string(*subarray, "ip", name, 1);
+ cp += dlen;
+ break;
+ case DNS_T_MX:
++ CHECKCP(2);
+ add_assoc_string(*subarray, "type", "MX", 1);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "pri", n);
[email protected]@ -456,7 +466,7 @@
+ case DNS_T_PTR:
+ if (type == DNS_T_PTR)
+ add_assoc_string(*subarray, "type", "PTR", 1);
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -466,51 +476,59 @@
+ case DNS_T_HINFO:
+ /* See RFC 1010 for values */
+ add_assoc_string(*subarray, "type", "HINFO", 1);
++ CHECKCP(1);
+ n = *cp & 0xFF;
+ cp++;
++ CHECKCP(n);
+ add_assoc_stringl(*subarray, "cpu", cp, n, 1);
+ cp += n;
++ CHECKCP(1);
+ n = *cp & 0xFF;
+ cp++;
++ CHECKCP(n);
+ add_assoc_stringl(*subarray, "os", cp, n, 1);
+ cp += n;
+ break;
+ case DNS_T_TXT:
+ {
+- int ll = 0;
++ int l1 = 0, l2 = 0;
+
+ add_assoc_string(*subarray, "type", "TXT", 1);
+ tp = emalloc(dlen + 1);
+
+- while (ll < dlen) {
+- n = cp[ll];
+- if ((ll + n) >= dlen) {
++ while (l1 < dlen) {
++ n = cp[l1];
++ if ((l1 + n) >= dlen) {
+ // Invalid chunk length, truncate
+- n = dlen - (ll + 1);
++ n = dlen - (l1 + 1);
+ }
+- memcpy(tp + ll , cp + ll + 1, n);
+- ll = ll + n + 1;
++ if (n) {
++ memcpy(tp + l2 , cp + l1 + 1, n);
++ }
++ l1 = l1 + n + 1;
++ l2 = l2 + n;
+ }
+- tp[dlen] = '\0';
++ tp[l2] = '\0';
+ cp += dlen;
+
+- add_assoc_stringl(*subarray, "txt", tp, dlen - 1, 0);
++ add_assoc_stringl(*subarray, "txt", tp, l2, 0);
+ }
+ break;
+ case DNS_T_SOA:
+ add_assoc_string(*subarray, "type", "SOA", 1);
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
+ if (n < 0) {
+ return NULL;
+ }
+ cp += n;
+ add_assoc_string(*subarray, "mname", name, 1);
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
+ if (n < 0) {
+ return NULL;
+ }
+ cp += n;
+ add_assoc_string(*subarray, "rname", name, 1);
++ CHECKCP(5*4);
+ GETLONG(n, cp);
+ add_assoc_long(*subarray, "serial", n);
+ GETLONG(n, cp);
[email protected]@ -524,6 +542,7 @@
+ break;
+ case DNS_T_AAAA:
+ tp = name;
++ CHECKCP(8*2);
+ for(i=0; i < 8; i++) {
+ GETSHORT(s, cp);
+ if (s != 0) {
[email protected]@ -558,6 +577,7 @@
+ case DNS_T_A6:
+ p = cp;
+ add_assoc_string(*subarray, "type", "A6", 1);
++ CHECKCP(1);
+ n = ((int)cp[0]) & 0xFF;
+ cp++;
+ add_assoc_long(*subarray, "masklen", n);
[email protected]@ -593,6 +613,7 @@
+ cp++;
+ }
+ for(i = (n+8)/16; i < 8; i++) {
++ CHECKCP(2);
+ GETSHORT(s, cp);
+ if (s != 0) {
+ if (tp > (u_char *)name) {
[email protected]@ -622,7 +643,7 @@
+ tp[0] = '\0';
+ add_assoc_string(*subarray, "ipv6", name, 1);
+ if (cp < p + dlen) {
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -631,6 +652,7 @@
+ }
+ break;
+ case DNS_T_SRV:
++ CHECKCP(3*2);
+ add_assoc_string(*subarray, "type", "SRV", 1);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "pri", n);
[email protected]@ -638,7 +660,7 @@
+ add_assoc_long(*subarray, "weight", n);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "port", n);
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -646,21 +668,34 @@
+ add_assoc_string(*subarray, "target", name, 1);
+ break;
+ case DNS_T_NAPTR:
++ CHECKCP(2*2);
+ add_assoc_string(*subarray, "type", "NAPTR", 1);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "order", n);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "pref", n);
++
++ CHECKCP(1);
+ n = (cp[0] & 0xFF);
+- add_assoc_stringl(*subarray, "flags", ++cp, n, 1);
++ cp++;
++ CHECKCP(n);
++ add_assoc_stringl(*subarray, "flags", cp, n, 1);
+ cp += n;
++
++ CHECKCP(1);
+ n = (cp[0] & 0xFF);
+- add_assoc_stringl(*subarray, "services", ++cp, n, 1);
++ cp++;
++ CHECKCP(n);
++ add_assoc_stringl(*subarray, "services", cp, n, 1);
+ cp += n;
++
++ CHECKCP(1);
+ n = (cp[0] & 0xFF);
+- add_assoc_stringl(*subarray, "regex", ++cp, n, 1);
++ cp++;
++ CHECKCP(n);
++ add_assoc_stringl(*subarray, "regex", cp, n, 1);
+ cp += n;
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -833,7 +868,7 @@
+ while (an-- && cp && cp < end) {
+ zval *retval;
+
+- cp = php_parserr(cp, &answer, type_to_fetch, store_results, &retval);
++ cp = php_parserr(cp, end, &answer, type_to_fetch, store_results, &retval);
+ if (retval != NULL && store_results) {
+ add_next_index_zval(return_value, retval);
+ }
[email protected]@ -848,7 +883,7 @@
+ while (ns-- > 0 && cp && cp < end) {
+ zval *retval;
+
+- cp = php_parserr(cp, &answer, DNS_T_ANY, 1, &retval);
++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, 1, &retval);
+ if (retval != NULL) {
+ add_next_index_zval(authns, retval);
+ }
[email protected]@ -857,7 +892,7 @@
+ while (ar-- > 0 && cp && cp < end) {
+ zval *retval;
+
+- cp = php_parserr(cp, &answer, DNS_T_ANY, 1, &retval);
++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, 1, &retval);
+ if (retval != NULL) {
+ add_next_index_zval(addtl, retval);
+ }--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_2/php-sapi/patches/65_php_19556437.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,18 @@
+Fix for CVE-2014-5120
+Based on code in php 5.3.29 from comments in:
+https://bugs.php.net/bug.php?id=67730
+
+
+--- php-5.2.17/ext/gd/gd_ctx.c_orig 2010-01-03 01:23:27.000000000 -0800
++++ php-5.2.17/ext/gd/gd_ctx.c 2014-11-04 15:12:01.612256878 -0800
[email protected]@ -90,7 +90,9 @@
+ }
+
+ if (argc > 1 && (Z_TYPE_PP(file) != IS_NULL && ((argc == 2) || (argc > 2 && Z_STRLEN_PP(file))))) {
+-
++ if (strlen(Z_STRVAL_PP(file)) != Z_STRLEN_PP(file)) {
++ RETURN_FALSE;
++ }
+ PHP_GD_CHECK_OPEN_BASEDIR(fn, "Invalid filename");
+
+ fp = VCWD_FOPEN(fn, "wb");--- a/components/php-5_3/Makefile Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_3/Makefile Wed Feb 11 10:30:02 2015 -0800
@@ -18,11 +18,18 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
+TPNO_PHP_5_3= 21389
+TPNO_PHP_APC= 17127
+TPNO_PHP_IDN= 17128
+TPNO_PHP_MEMCACHE= 17130
TPNO_PHP_SUHOSIN= 17559
+TPNO_PHP_TCPWRAP= 17132
+TPNO_PHP_XDEBUG= 17133
+TPNO_PHP_ZENDOPCACHE= 14926
include ../../make-rules/ips.mk
@@ -118,7 +125,7 @@
# looks like i DO NEED the pear patches
COMPONENT_NAME= php
-COMPONENT_VERSION= 5.3.28
+COMPONENT_VERSION= 5.3.29
COMPONENT_PROJECT_URL= http://www.php.net/
COMPONENT_BUGDB= utility/php
--- a/components/php-5_3/common.mk Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_3/common.mk Wed Feb 11 10:30:02 2015 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
#
PHP_REL= 5.3
@@ -161,8 +161,8 @@
CONF_ENVLINE += \
LIBS="$(LIBS)" \
EXTENSION_DIR=$(MODULES_DIR) \
- PHP_PEAR_CACHE_DIR=/var/tmp/pear/cache \
- PHP_PEAR_DOWNLOAD_DIR=/var/tmp/pear/cache \
+ PHP_PEAR_CACHE_DIR=/var/cache/php-pear \
+ PHP_PEAR_DOWNLOAD_DIR=/tmp/pear/download \
PHP_PEAR_EXTENSION_DIR=/var/php/$(PHP_REL)/modules \
PHP_PEAR_INSTALL_DIR=/var/php/$(PHP_REL)/pear \
PHP_PEAR_SIG_BIN=/usr/gnu/bin/gpg \
--- a/components/php-5_3/php-cgi/Makefile Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_3/php-cgi/Makefile Wed Feb 11 10:30:02 2015 -0800
@@ -18,16 +18,16 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
#
include ../../../make-rules/shared-macros.mk
COMPONENT_NAME= php
-COMPONENT_VERSION= 5.3.28
+COMPONENT_VERSION= 5.3.29
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.bz2
COMPONENT_ARCHIVE_HASH= \
- sha256:0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
+ sha256:c4e1cf6972b2a9c7f2777a18497d83bf713cdbecabb65d3ff62ba441aebb0091
COMPONENT_ARCHIVE_URL= http://us.php.net/get/$(COMPONENT_ARCHIVE)/from/this/mirror
PATCH_DIR = ../php-sapi/patches
@@ -55,6 +55,8 @@
COMPONENT_INSTALL_TARGETS = install-sapi
# common targets
+configure: $(CONFIGURE_32)
+
build: $(BUILD_32)
install: $(INSTALL_32)
--- a/components/php-5_3/php-nsapi/Makefile Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_3/php-nsapi/Makefile Wed Feb 11 10:30:02 2015 -0800
@@ -18,17 +18,17 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
#
include ../../../make-rules/shared-macros.mk
COMPONENT_NAME= php
-COMPONENT_VERSION= 5.3.28
+COMPONENT_VERSION= 5.3.29
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.bz2
COMPONENT_ARCHIVE_HASH= \
- sha256:0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
+ sha256:c4e1cf6972b2a9c7f2777a18497d83bf713cdbecabb65d3ff62ba441aebb0091
COMPONENT_ARCHIVE_URL= http://us.php.net/get/$(COMPONENT_ARCHIVE)/from/this/mirror
COMPONENT_PROJECT_URL= http://www.php.net/
@@ -134,6 +134,8 @@
CLEAN_PATHS += webserver7-spi phpize-proto.zts php.ini
# common targets
+configure: $(CONFIGURE_32)
+
build: $(BUILD_32)
install: $(INSTALL_32)
--- a/components/php-5_3/php-pear.p5m Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_3/php-pear.p5m Wed Feb 11 10:30:02 2015 -0800
@@ -18,45 +18,34 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
#
# All the files under /var/php are mode=0644
<transform file path=var/php/.* -> default mode 0644>
<transform file path=var/php/.* -> default group bin>
<transform file path=var/php/.* -> default preserve renamenew>
-
-set name=pkg.fmri value=pkg:/web/php-53/extension/[email protected]$(COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.fmri \
+ value=pkg:/web/php-53/extension/[email protected]$(COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.summary value="PHP Extension and Application Repository"
set name=pkg.description \
value="Framework and reusable PHP components from PEAR repository for PHP"
-set name=pkg.summary value="PHP Extension and Application Repository"
-set name=info.classification \
- value="org.opensolaris.category.2008:Development/PHP"
-set name=info.source-url value=http://us.php.net/get/php-$(COMPONENT_VERSION).tar.gz/from/this/mirror
+
+# This package name has known conflicts with other packages in the WOS
+set name=pkg.linted.pkglint.manifest004 value=true
+set name=info.classification value=org.opensolaris.category.2008:Development/PHP
+set name=info.source-url \
+ value=http://us.php.net/get/php-$(COMPONENT_VERSION).tar.gz/from/this/mirror
set name=info.upstream-url value=http://pear.php.net/
set name=org.opensolaris.arc-caseid value=PSARC/2012/067
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
-
-# This package name has known conflicts with other packages in the WOS
-set pkg.linted.pkglint.manifest004=true
-
-
-license php-pear.license license='PHP, LGPLv2.1' \
- com.oracle.info.description="the PEAR extension module for PHP" \
- com.oracle.info.name=php-pear \
- com.oracle.info.version=$(COMPONENT_VERSION) \
- com.oracle.info.tpno=17137
-
-dir path=var/php/5.3/include/php
-dir path=var/php/5.3/modules
-dir path=var/php/5.3/pear/.registry/.channel.__uri
-dir path=var/php/5.3/pear/.registry/.channel.doc.php.net
-dir path=var/php/5.3/pear/.registry/.channel.pecl.php.net
-
file path=etc/php/5.3/pear.conf mode=0644 preserve=renamenew
file path=usr/php/5.3/bin/pear mode=0555
file path=usr/php/5.3/bin/peardev mode=0555
file path=usr/php/5.3/bin/pecl mode=0555
+dir path=var/cache/php-pear owner=webservd group=webservd
+dir path=var/php/5.3/include/php
+dir path=var/php/5.3/modules
file path=var/php/5.3/pear/.channels/.alias/pear.txt
file path=var/php/5.3/pear/.channels/.alias/pecl.txt
file path=var/php/5.3/pear/.channels/.alias/phpdocs.txt
@@ -68,6 +57,9 @@
file path=var/php/5.3/pear/.depdblock
file path=var/php/5.3/pear/.filemap
file path=var/php/5.3/pear/.lock
+dir path=var/php/5.3/pear/.registry/.channel.__uri
+dir path=var/php/5.3/pear/.registry/.channel.doc.php.net
+dir path=var/php/5.3/pear/.registry/.channel.pecl.php.net
file path=var/php/5.3/pear/.registry/archive_tar.reg
file path=var/php/5.3/pear/.registry/console_getopt.reg
file path=var/php/5.3/pear/.registry/pear.reg
@@ -180,72 +172,56 @@
file path=var/php/5.3/pear/doc/PEAR/LICENSE
file path=var/php/5.3/pear/doc/PEAR/README
file path=var/php/5.3/pear/doc/Structures_Graph/docs/generate.sh
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph_Manipulator_AcyclicTest.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph_Manipulator_TopologicalSorter.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph_Node.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_Manipulator_AcyclicTest_php.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_Manipulator_TopologicalSorter_php.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_Node_php.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_php.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/tutorial_Structures_Graph.pkg.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/classtrees_Structures_Graph.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph_Manipulator_AcyclicTest.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph_Manipulator_TopologicalSorter.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/Structures_Graph_Node.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_Manipulator_AcyclicTest_php.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_Manipulator_TopologicalSorter_php.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_Node_php.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/_Structures_Graph_php.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/Structures_Graph/tutorial_Structures_Graph.pkg.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/classtrees_Structures_Graph.html
file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/elementindex.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/elementindex_Structures_Graph.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/elementindex_Structures_Graph.html
file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/errors.html
file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/index.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/html/li_Structures_Graph.html
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/li_Structures_Graph.html
file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/media/banner.css
file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/media/stylesheet.css
file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/packages.html
file path=var/php/5.3/pear/doc/Structures_Graph/docs/html/todolist.html
-file \
- path=var/php/5.3/pear/doc/Structures_Graph/docs/tutorials/Structures_Graph/Structures_Graph.pkg
+file path=var/php/5.3/pear/doc/Structures_Graph/docs/tutorials/Structures_Graph/Structures_Graph.pkg
file path=var/php/5.3/pear/doc/XML_Util/examples/example.php
file path=var/php/5.3/pear/doc/XML_Util/examples/example2.php
file path=var/php/5.3/pear/pearcmd.php
file path=var/php/5.3/pear/peclcmd.php
file path=var/php/5.3/pear/test/Structures_Graph/tests/AllTests.php
file path=var/php/5.3/pear/test/Structures_Graph/tests/testCase/BasicGraph.php
-file path=var/php/5.3/pear/test/XML_Util/tests/AllTests.php
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_apiVersion.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_attributesToString.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_collapseEmptyTags.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createCDataSection.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_attributesToString.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_collapseEmptyTags.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createCDataSection.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createComment.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createEndElement.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createStartElement.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createStartElement.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createTag.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createTagFromArray.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_getDocTypeDeclaration.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_getXmlDeclaration.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_createTagFromArray.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_getDocTypeDeclaration.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_getXmlDeclaration.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_isValidName.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_raiseError.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_replaceEntities.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_reverseEntities.phpt
-file \
- path=var/php/5.3/pear/test/XML_Util/tests/testBasic_splitQualifiedName.phpt
+file path=var/php/5.3/pear/test/XML_Util/tests/testBasic_splitQualifiedName.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBug_4950.phpt
file path=var/php/5.3/pear/test/XML_Util/tests/testBug_5392.phpt
+
+license php-pear.license license="PHP, LGPLv2.1" \
+ com.oracle.info.description="the PEAR extension module for PHP" \
+ com.oracle.info.name=php-pear com.oracle.info.tpno=$(TPNO_PHP_5_3) \
+ com.oracle.info.version=$(COMPONENT_VERSION)
+
# need generic dependency on PHP itself
-depend fmri=web/[email protected]$(COMPONENT_VERSION) type=require
+depend type=require fmri=web/[email protected]$(COMPONENT_VERSION)--- a/components/php-5_3/php-sapi/Makefile Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-5_3/php-sapi/Makefile Wed Feb 11 10:30:02 2015 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
#
include ../../../make-rules/shared-macros.mk
@@ -29,11 +29,11 @@
# published from.
COMPONENT_NAME= php
-COMPONENT_VERSION= 5.3.28
+COMPONENT_VERSION= 5.3.29
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.bz2
COMPONENT_ARCHIVE_HASH= \
- sha256:0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513
+ sha256:c4e1cf6972b2a9c7f2777a18497d83bf713cdbecabb65d3ff62ba441aebb0091
COMPONENT_ARCHIVE_URL= http://us.php.net/get/$(COMPONENT_ARCHIVE)/from/this/mirror
COMPONENT_PROJECT_URL= http://www.php.net/
@@ -236,6 +236,8 @@
CLEAN_PATHS += php.ini-patched
# common targets
+configure: $(CONFIGURE_32)
+
build: $(BUILD_32)
install: $(INSTALL_32) PHP-NSAPI_INSTALL PHP-CGI_INSTALL
--- a/components/php-5_3/php-sapi/patches/150_php_18083695.patch Tue Jan 27 23:32:47 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,51 +0,0 @@
-Fix for CVE-2013-6712
-Patch:
-http://git.php.net/?p=php-src.git;a=patch;h=12fe4e90be7bfa2a763197079f68f5568a14e071
-Code:
-http://git.php.net/?p=php-src.git;a=commitdiff;h=12fe4e90be7bfa2a763197079f68f5568a14e071
-This patch is for php 5.4 code but works well enough on php 5.3 code.
-Verified by hand that it patches the correct code.
-Slightly modified by hand to remove unnecessary parts that fail to patch.
-
-
-From 12fe4e90be7bfa2a763197079f68f5568a14e071 Mon Sep 17 00:00:00 2001
-From: Remi Collet <[email protected]>
-Date: Wed, 27 Nov 2013 11:13:16 +0100
-Subject: [PATCH] Fixed bug #66060 (Heap buffer over-read in DateInterval)
-
----
- NEWS | 3 +++
- ext/date/lib/parse_iso_intervals.c | 4 ++--
- ext/date/lib/parse_iso_intervals.re | 2 +-
- 3 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/ext/date/lib/parse_iso_intervals.c b/ext/date/lib/parse_iso_intervals.c
-index bd1ad05..480ea38 100644
---- a/ext/date/lib/parse_iso_intervals.c
-+++ b/ext/date/lib/parse_iso_intervals.c
[email protected]@ -415,7 +415,7 @@ yy6:
- break;
- }
- ptr++;
-- } while (*ptr);
-+ } while (!s->errors->error_count && *ptr);
- s->have_period = 1;
- TIMELIB_DEINIT;
- return TIMELIB_PERIOD;
-diff --git a/ext/date/lib/parse_iso_intervals.re b/ext/date/lib/parse_iso_intervals.re
-index 56aa34d..c5e9f67 100644
---- a/ext/date/lib/parse_iso_intervals.re
-+++ b/ext/date/lib/parse_iso_intervals.re
[email protected]@ -383,7 +383,7 @@ isoweek = year4 "-"? "W" weekofyear;
- break;
- }
- ptr++;
-- } while (*ptr);
-+ } while (!s->errors->error_count && *ptr);
- s->have_period = 1;
- TIMELIB_DEINIT;
- return TIMELIB_PERIOD;
---
-1.8.4.3
-
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/190_php_18857741.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,31 @@
+Fix for CVE-2014-2497
+Patch:
+http://git.php.net/?p=php-src.git;a=patch;h=cf4753691dc55999373d1c576f62ecb298723420
+Code:
+http://git.php.net/?p=php-src.git;a=commit;h=cf4753691dc55999373d1c576f62ecb298723420
+Verified by hand that it patches the correct code.
+
+
+diff --git a/ext/gd/libgd/gdxpm.c b/ext/gd/libgd/gdxpm.c
+index 73f86e5..b69414e 100644
+--- a/ext/gd/libgd/gdxpm.c
++++ b/ext/gd/libgd/gdxpm.c
[email protected]@ -31,12 +31,17 @@ gdImagePtr gdImageCreateFromXpm (char *filename)
+ if (ret != XpmSuccess) {
+ return 0;
+ }
++ number = image.ncolors;
++ for(i = 0; i < number; i++) {
++ if (!image.colorTable[i].c_color) {
++ goto done;
++ }
++ }
+
+ if (!(im = gdImageCreate(image.width, image.height))) {
+ goto done;
+ }
+
+- number = image.ncolors;
+ colors = (int *) safe_emalloc(number, sizeof(int), 0);
+ for (i = 0; i < number; i++) {
+ switch (strlen (image.colorTable[i].c_color)) {--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/200_php_19796954.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,29 @@
+Fix for CVE-2014-8088
+Patch:
+http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
+Code:
+http://git.php.net/?p=php-src.git;a=commitdiff;h=ed4de188dd1c15d278a8250e6be3cba142bba6af
+Verified by hand that it patches the correct code.
+
+
+diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
+index 10daa82..da5aa5f 100644
+--- a/ext/ldap/ldap.c
++++ b/ext/ldap/ldap.c
[email protected]@ -399,6 +399,16 @@ PHP_FUNCTION(ldap_bind)
+ RETURN_FALSE;
+ }
+
++ if (ldap_bind_dn != NULL && memchr(ldap_bind_dn, '\0', ldap_bind_dnlen) != NULL) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "DN contains a null byte");
++ RETURN_FALSE;
++ }
++
++ if (ldap_bind_pw != NULL && memchr(ldap_bind_pw, '\0', ldap_bind_pwlen) != NULL) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Password contains a null byte");
++ RETURN_FALSE;
++ }
++
+ ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, &link, -1, "ldap link", le_link);
+
+ if ((rc = ldap_bind_s(ld->link, ldap_bind_dn, ldap_bind_pw, LDAP_AUTH_SIMPLE)) != LDAP_SUCCESS) {--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/210_php_19556437.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,98 @@
+Fix for CVE-2014-3538
+Patch from PHP community:
+http://git.php.net/?p=php-src.git;a=commitdiff;h=eeaec70758bfc0c0e2c0f8944c8dbeae02866206
+But this is for php 5.4.32.
+The website:
+http://permalink.gmane.org/gmane.linux.frugalware.scm/131282
+shows a patch for php 5.3.26 so I've hand crafted a patch
+based on both websites.
+
+
+--- php-5.3.29/ext/fileinfo/libmagic/softmagic.c_orig 2014-10-20 16:46:35.678013082 -0700
++++ php-5.3.29/ext/fileinfo/libmagic/softmagic.c 2014-10-22 13:51:20.141509243 -0700
[email protected]@ -56,7 +56,7 @@
+ private int32_t moffset(struct magic_set *, struct magic *);
+ private void mdebug(uint32_t, const char *, size_t);
+ private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
+- const unsigned char *, uint32_t, size_t, size_t);
++ const unsigned char *, uint32_t, size_t, struct magic *);
+ private int mconvert(struct magic_set *, struct magic *);
+ private int print_sep(struct magic_set *, int);
+ private int handle_annotation(struct magic_set *, struct magic *);
[email protected]@ -898,7 +898,7 @@
+
+ private int
+ mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
+- const unsigned char *s, uint32_t offset, size_t nbytes, size_t linecnt)
++ const unsigned char *s, uint32_t offset, size_t nbytes, struct magic *m)
+ {
+ /*
+ * Note: FILE_SEARCH and FILE_REGEX do not actually copy
[email protected]@ -918,15 +918,24 @@
+ const char *last; /* end of search region */
+ const char *buf; /* start of search region */
+ const char *end;
+- size_t lines;
++ size_t lines, linecnt, bytecnt;
++
++ linecnt = m->str_range;
++ bytecnt = linecnt * 80;
+
++ if (bytecnt == 0) {
++ bytecnt = 8192;
++ }
++ if (bytecnt > nbytes) {
++ bytecnt = nbytes;
++ }
+ if (s == NULL) {
+ ms->search.s_len = 0;
+ ms->search.s = NULL;
+ return 0;
+ }
+ buf = RCAST(const char *, s) + offset;
+- end = last = RCAST(const char *, s) + nbytes;
++ end = last = RCAST(const char *, s) + bytecnt;
+ /* mget() guarantees buf <= last */
+ for (lines = linecnt, b = buf; lines && b < end &&
+ ((b = CAST(const char *,
[email protected]@ -939,7 +948,7 @@
+ b++;
+ }
+ if (lines)
+- last = RCAST(const char *, s) + nbytes;
++ last = RCAST(const char *, s) + bytecnt;
+
+ ms->search.s = buf;
+ ms->search.s_len = last - buf;
[email protected]@ -1012,7 +1021,6 @@
+ int recursion_level)
+ {
+ uint32_t offset = ms->offset;
+- uint32_t count = m->str_range;
+ union VALUETYPE *p = &ms->ms_value;
+
+ if (recursion_level >= 20) {
[email protected]@ -1020,10 +1028,13 @@
+ return -1;
+ }
+
+- if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1)
++ if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset,
++ (uint32_t)nbytes, m) == -1)
+ return -1;
+
+ if ((ms->flags & MAGIC_DEBUG) != 0) {
++ fprintf(stderr, "mget(type=%d, flag=%x, offset=%u, "
++ "nbytes=%zu)\n", m->type, m->flag, offset, nbytes);
+ mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE));
+ }
+
[email protected]@ -1504,7 +1515,7 @@
+ if (m->flag & INDIROFFADD) {
+ offset += ms->c.li[cont_level-1].off;
+ }
+- if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1)
++ if (mcopy(ms, p, m->type, 0, s, offset, nbytes, m) == -1)
+ return -1;
+ ms->offset = offset;
+ --- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/211_php_19556437.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,18 @@
+Fix for CVE-2014-3587
+Patch from PHP community:
+http://git.php.net/?p=php-src.git;a=blobdiff;f=ext/fileinfo/libmagic/cdf.c;h=2c0a2d9dfcd803e21fb40cd04c48a679aa09a6df;hp=429f3b952f68d1ef7f2ebb4925ef5b16c54b7833;hb=35f32637b08ca6397829138ed45a0768f592f262;hpb=eab42649ab9c6d949dc8e1ba9e31124e9cfb3b1b
+
+
+diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
+index 429f3b9..2c0a2d9 100644
+--- a/ext/fileinfo/libmagic/cdf.c
++++ b/ext/fileinfo/libmagic/cdf.c
[email protected]@ -820,7 +820,7 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ q = (const uint8_t *)(const void *)
+ ((const char *)(const void *)p + ofs
+ - 2 * sizeof(uint32_t));
+- if (q > e) {
++ if (q < p || q > e) {
+ DPRINTF(("Ran of the end %p > %p\n", q, e));
+ goto out;
+ }--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/212_php_19556437.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,267 @@
+Fixed Sec Bug #67717 segfault in dns_get_record CVE-2014-3597
+
+Incomplete fix for CVE-2014-4049
+
+Check possible buffer overflow
+- pass real buffer end to dn_expand calls
+- check buffer len before each read
+
+
+diff --git a/ext/standard/dns.c b/ext/standard/dns.c
+index 214a7dc..0b5e69c 100644
+--- a/ext/standard/dns.c
++++ b/ext/standard/dns.c
[email protected]@ -412,8 +412,14 @@ PHP_FUNCTION(dns_check_record)
+
+ #if HAVE_FULL_DNS_FUNCS
+
++#define CHECKCP(n) do { \
++ if (cp + n > end) { \
++ return NULL; \
++ } \
++} while (0)
++
+ /* {{{ php_parserr */
+-static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int store, zval **subarray)
++static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_to_fetch, int store, zval **subarray)
+ {
+ u_short type, class, dlen;
+ u_long ttl;
[email protected]@ -425,16 +431,18 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+
+ *subarray = NULL;
+
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, sizeof(name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, sizeof(name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
+ cp += n;
+
++ CHECKCP(10);
+ GETSHORT(type, cp);
+ GETSHORT(class, cp);
+ GETLONG(ttl, cp);
+ GETSHORT(dlen, cp);
++ CHECKCP(dlen);
+ if (type_to_fetch != T_ANY && type != type_to_fetch) {
+ cp += dlen;
+ return cp;
[email protected]@ -461,12 +469,14 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+
+ switch (type) {
+ case DNS_T_A:
++ CHECKCP(4);
+ add_assoc_string(*subarray, "type", "A", 1);
+ snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);
+ add_assoc_string(*subarray, "ip", name, 1);
+ cp += dlen;
+ break;
+ case DNS_T_MX:
++ CHECKCP(2);
+ add_assoc_string(*subarray, "type", "MX", 1);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "pri", n);
[email protected]@ -485,7 +495,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ if (type == DNS_T_PTR) {
+ add_assoc_string(*subarray, "type", "PTR", 1);
+ }
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -495,18 +505,22 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ case DNS_T_HINFO:
+ /* See RFC 1010 for values */
+ add_assoc_string(*subarray, "type", "HINFO", 1);
++ CHECKCP(1);
+ n = *cp & 0xFF;
+ cp++;
++ CHECKCP(n);
+ add_assoc_stringl(*subarray, "cpu", (char*)cp, n, 1);
+ cp += n;
++ CHECKCP(1);
+ n = *cp & 0xFF;
+ cp++;
++ CHECKCP(n);
+ add_assoc_stringl(*subarray, "os", (char*)cp, n, 1);
+ cp += n;
+ break;
+ case DNS_T_TXT:
+ {
+- int ll = 0;
++ int l1 = 0, l2 = 0;
+ zval *entries = NULL;
+
+ add_assoc_string(*subarray, "type", "TXT", 1);
[email protected]@ -515,37 +529,41 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ MAKE_STD_ZVAL(entries);
+ array_init(entries);
+
+- while (ll < dlen) {
+- n = cp[ll];
+- if ((ll + n) >= dlen) {
++ while (l1 < dlen) {
++ n = cp[l1];
++ if ((l1 + n) >= dlen) {
+ // Invalid chunk length, truncate
+- n = dlen - (ll + 1);
++ n = dlen - (l1 + 1);
++ }
++ if (n) {
++ memcpy(tp + l2 , cp + l1 + 1, n);
++ add_next_index_stringl(entries, cp + l1 + 1, n, 1);
+ }
+- memcpy(tp + ll , cp + ll + 1, n);
+- add_next_index_stringl(entries, cp + ll + 1, n, 1);
+- ll = ll + n + 1;
++ l1 = l1 + n + 1;
++ l2 = l2 + n;
+ }
+- tp[dlen] = '\0';
++ tp[l2] = '\0';
+ cp += dlen;
+
+- add_assoc_stringl(*subarray, "txt", tp, (dlen>0)?dlen - 1:0, 0);
++ add_assoc_stringl(*subarray, "txt", tp, l2, 0);
+ add_assoc_zval(*subarray, "entries", entries);
+ }
+ break;
+ case DNS_T_SOA:
+ add_assoc_string(*subarray, "type", "SOA", 1);
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
+ if (n < 0) {
+ return NULL;
+ }
+ cp += n;
+ add_assoc_string(*subarray, "mname", name, 1);
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) -2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) -2);
+ if (n < 0) {
+ return NULL;
+ }
+ cp += n;
+ add_assoc_string(*subarray, "rname", name, 1);
++ CHECKCP(5*4);
+ GETLONG(n, cp);
+ add_assoc_long(*subarray, "serial", n);
+ GETLONG(n, cp);
[email protected]@ -559,6 +577,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ break;
+ case DNS_T_AAAA:
+ tp = (u_char*)name;
++ CHECKCP(8*2);
+ for(i=0; i < 8; i++) {
+ GETSHORT(s, cp);
+ if (s != 0) {
[email protected]@ -593,6 +612,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ case DNS_T_A6:
+ p = cp;
+ add_assoc_string(*subarray, "type", "A6", 1);
++ CHECKCP(1);
+ n = ((int)cp[0]) & 0xFF;
+ cp++;
+ add_assoc_long(*subarray, "masklen", n);
[email protected]@ -628,6 +648,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ cp++;
+ }
+ for (i = (n + 8) / 16; i < 8; i++) {
++ CHECKCP(2);
+ GETSHORT(s, cp);
+ if (s != 0) {
+ if (tp > (u_char *)name) {
[email protected]@ -657,7 +678,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ tp[0] = '\0';
+ add_assoc_string(*subarray, "ipv6", name, 1);
+ if (cp < p + dlen) {
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -666,6 +687,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ }
+ break;
+ case DNS_T_SRV:
++ CHECKCP(3*2);
+ add_assoc_string(*subarray, "type", "SRV", 1);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "pri", n);
[email protected]@ -673,7 +695,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ add_assoc_long(*subarray, "weight", n);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "port", n);
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -681,21 +703,35 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+ add_assoc_string(*subarray, "target", name, 1);
+ break;
+ case DNS_T_NAPTR:
++ CHECKCP(2*2);
+ add_assoc_string(*subarray, "type", "NAPTR", 1);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "order", n);
+ GETSHORT(n, cp);
+ add_assoc_long(*subarray, "pref", n);
++
++ CHECKCP(1);
+ n = (cp[0] & 0xFF);
+- add_assoc_stringl(*subarray, "flags", (char*)++cp, n, 1);
++ cp++;
++ CHECKCP(n);
++ add_assoc_stringl(*subarray, "flags", (char*)cp, n, 1);
+ cp += n;
++
++ CHECKCP(1);
+ n = (cp[0] & 0xFF);
+- add_assoc_stringl(*subarray, "services", (char*)++cp, n, 1);
++ cp++;
++ CHECKCP(n);
++ add_assoc_stringl(*subarray, "services", (char*)cp, n, 1);
+ cp += n;
++
++ CHECKCP(1);
+ n = (cp[0] & 0xFF);
+- add_assoc_stringl(*subarray, "regex", (char*)++cp, n, 1);
++ cp++;
++ CHECKCP(n);
++ add_assoc_stringl(*subarray, "regex", (char*)cp, n, 1);
+ cp += n;
+- n = dn_expand(answer->qb2, answer->qb2+65536, cp, name, (sizeof name) - 2);
++
++ n = dn_expand(answer->qb2, end, cp, name, (sizeof name) - 2);
+ if (n < 0) {
+ return NULL;
+ }
[email protected]@ -888,7 +924,7 @@ PHP_FUNCTION(dns_get_record)
+ while (an-- && cp && cp < end) {
+ zval *retval;
+
+- cp = php_parserr(cp, &answer, type_to_fetch, store_results, &retval);
++ cp = php_parserr(cp, end, &answer, type_to_fetch, store_results, &retval);
+ if (retval != NULL && store_results) {
+ add_next_index_zval(return_value, retval);
+ }
[email protected]@ -901,7 +937,7 @@ PHP_FUNCTION(dns_get_record)
+ while (ns-- > 0 && cp && cp < end) {
+ zval *retval = NULL;
+
+- cp = php_parserr(cp, &answer, DNS_T_ANY, authns != NULL, &retval);
++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, authns != NULL, &retval);
+ if (retval != NULL) {
+ add_next_index_zval(authns, retval);
+ }
[email protected]@ -913,7 +949,7 @@ PHP_FUNCTION(dns_get_record)
+ while (ar-- > 0 && cp && cp < end) {
+ zval *retval = NULL;
+
+- cp = php_parserr(cp, &answer, DNS_T_ANY, 1, &retval);
++ cp = php_parserr(cp, end, &answer, DNS_T_ANY, 1, &retval);
+ if (retval != NULL) {
+ add_next_index_zval(addtl, retval);
+ }--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/213_php_19556437.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,60 @@
+Fix for CVE-2014-4670
+Patch:
+http://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb
+
+
+Fixed Bug #67538 (SPL Iterators use-after-free)
+---
+
+diff --git a/ext/spl/spl_dllist.c b/ext/spl/spl_dllist.c
+index 39a0733..0b44d41 100644
+--- a/ext/spl/spl_dllist.c
++++ b/ext/spl/spl_dllist.c
[email protected]@ -43,12 +43,10 @@ PHPAPI zend_class_entry *spl_ce_SplStack;
+
+ #define SPL_LLIST_DELREF(elem) if(!--(elem)->rc) { \
+ efree(elem); \
+- elem = NULL; \
+ }
+
+ #define SPL_LLIST_CHECK_DELREF(elem) if((elem) && !--(elem)->rc) { \
+ efree(elem); \
+- elem = NULL; \
+ }
+
+ #define SPL_LLIST_ADDREF(elem) (elem)->rc++
[email protected]@ -916,6 +914,11 @@ SPL_METHOD(SplDoublyLinkedList, offsetUnset)
+ llist->dtor(element TSRMLS_CC);
+ }
+
++ if (intern->traverse_pointer == element) {
++ SPL_LLIST_DELREF(element);
++ intern->traverse_pointer = NULL;
++ }
++
+ zval_ptr_dtor((zval **)&element->data);
+ element->data = NULL;
+
+diff --git a/ext/spl/tests/bug67538.phpt b/ext/spl/tests/bug67538.phpt
+new file mode 100644
+index 0000000..b6f3848
+--- /dev/null
++++ b/ext/spl/tests/bug67538.phpt
[email protected]@ -0,0 +1,17 @@
++--TEST--
++Bug #67538 (SPL Iterators use-after-free)
++--FILE--
++<?php
++$list = new SplDoublyLinkedList();
++$list->push('a');
++$list->push('b');
++
++$list->rewind();
++$list->offsetUnset(0);
++$list->push('b');
++$list->offsetUnset(0);
++$list->next();
++echo "okey";
++?>
++--EXPECTF--
++okey--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/214_php_19556437.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,47 @@
+Fix for CVE-2014-4698
+Patch:
+http://git.php.net/?p=php-src.git;a=commitdiff;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd
+
+Hand crafted patch for php 5.3 from above due to context differences.
+
+--- php-5.3.29/ext/spl/spl_array.c_orig 2014-08-13 12:22:50.000000000 -0700
++++ php-5.3.29/ext/spl/spl_array.c 2014-11-04 14:31:14.198629945 -0800
[email protected]@ -1843,6 +1843,7 @@
+ int buf_len;
+ spl_array_object *intern = (spl_array_object*)zend_object_store_get_object(getThis() TSRMLS_CC);
+ int was_in_unserialize = intern->unserialize_data != NULL;
++ HashTable *aht;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) {
+ return;
[email protected]@ -1853,6 +1854,12 @@
+ return;
+ }
+
++ aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
++ if (aht->nApplyCount > 0) {
++ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited");
++ return;
++ }
++
+ if (!was_in_unserialize) {
+ intern->unserialize_data = emalloc(sizeof(php_unserialize_data_t));
+ PHP_VAR_UNSERIALIZE_INIT(*intern->unserialize_data);
+--- php-5.3.29/ext/spl/tests/bug67539.phpt_orig 2014-11-04 14:32:52.307769425 -0800
++++ php-5.3.29/ext/spl/tests/bug67539.phpt 2014-11-04 14:33:24.460710922 -0800
[email protected]@ -0,0 +1,15 @@
++--TEST--
++Bug #67539 (ArrayIterator use-after-free due to object change during sorting)
++--FILE--
++<?php
++
++$it = new ArrayIterator(array_fill(0,2,'X'), 1 );
++
++function badsort($a, $b) {
++ $GLOBALS['it']->unserialize($GLOBALS['it']->serialize());
++ return TRUE;
++}
++
++$it->uksort('badsort');
++--EXPECTF--
++Warning: Modification of ArrayObject during sorting is prohibited in %sbug67539.php on line %d--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/220_php_20258327.patch Wed Feb 11 10:30:02 2015 -0800
@@ -0,0 +1,60 @@
+Fix from PHP community for CVE-2014-8142
+Bug:
+https://bugs.php.net/bug.php?id=68594
+Code:
+http://git.php.net/?p=php-src.git;a=commit;h=630f9c33c23639de85c3fd306b209b538b73b4c9
+This patch is for a newer version of php so this hand crafted equivalent
+was created for php 5.3.
+
+--- php-5.3.29/ext/standard/var_unserializer.re_orig 2014-08-13 12:22:50.000000000 -0700
++++ php-5.3.29/ext/standard/var_unserializer.re 2015-02-05 14:51:58.796366953 -0800
[email protected]@ -304,6 +304,9 @@
+ } else {
+ /* object properties should include no integers */
+ convert_to_string(key);
++ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
++ var_push_dtor(var_hash, old_data);
++ }
+ zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ sizeof data, NULL);
+ }
+
+--- php-5.3.29/ext/standard/var_unserializer.c_orig 2014-08-13 12:27:30.000000000 -0700
++++ php-5.3.29/ext/standard/var_unserializer.c 2015-02-05 15:20:42.925115687 -0800
[email protected]@ -298,6 +298,9 @@
+ } else {
+ /* object properties should include no integers */
+ convert_to_string(key);
++ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
++ var_push_dtor(var_hash, old_data);
++ }
+ zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ sizeof data, NULL);
+ }
+
+--- php-5.3.29/ext/standard/tests/serialize/bug68594.phpt_orig 2015-02-05 14:59:34.551069069 -0800
++++ php-5.3.29/ext/standard/tests/serialize/bug68594.phpt 2015-02-05 14:54:28.269051205 -0800
[email protected]@ -0,0 +1,23 @@
++--TEST--
++Bug #68545 Use after free vulnerability in unserialize()
++--FILE--
++<?php
++for ($i=4; $i<100; $i++) {
++ $m = new StdClass();
++
++ $u = array(1);
++
++ $m->aaa = array(1,2,&$u,4,5);
++ $m->bbb = 1;
++ $m->ccc = &$u;
++ $m->ddd = str_repeat("A", $i);
++
++ $z = serialize($m);
++ $z = str_replace("bbb", "aaa", $z);
++ $y = unserialize($z);
++ $z = serialize($y);
++}
++?>
++===DONE===
++--EXPECTF--
++===DONE===--- a/components/php-common/php.1.sunman Tue Jan 27 23:32:47 2015 -0800
+++ b/components/php-common/php.1.sunman Wed Feb 11 10:30:02 2015 -0800
@@ -1,6 +1,6 @@
'\" te
-.\" Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
-.TH php 1 "10 May 2012" "SunOS 5.11" "User Commands"
+.\" Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
+.TH php 1 "29 Jan 2015" "SunOS 5.11" "User Commands"
.SH "NAME"
php \- PHP Command Line Interface
@@ -88,48 +88,82 @@
http://pecl.php.net/ PECL Repository
.fi
.SH NOTES
-.PP
+.LP
+PHP 5.2 may be removed in a future update.
+Newer versions of PHP will appear in a future Solaris.
+.LP
+Please migrate to a newer version.
+Migration documentation is available on the PHP website:
+.LP
+.nf
+http://php.net/manual/en/appendices.php
+.fi
+.LP
+If it is desired to keep the obsolete version of PHP
+then it should be frozen to prevent its removal by a future update.
+.LP
+.nf
+pkg freeze 'web/php-52*' web/server/apache-22/module/apache-php52
+pkg change-facet --no-backup-be 'version-lock\&.web/php-52*=False' \e
+ version-lock\&.web/server/apache-22/module/apache-php52=False
+.fi
+.LP
+Please note that the freezing of packages may yield
+an unsupportable system so use with caution.
+.LP
PHP has been built to be largefile-aware and to use
64-bit integers, although the interpreter and the library
themselves are 32-bit applications (LP32).
-.PP
+.LP
If you wish to build and install PHP add-on modules from PECL,
you can do so using the phpize script - see phpize(1) for
details.
-.PP
-Solaris ships with PHP 5.2.17 and 5.3.14.
-To install PHP 5.2.17 use the pkg(1) command:
-.PP
+.LP
+Solaris ships with PHP 5.2 and 5.3.
+To install PHP 5.2 use the pkg(1) command:
+.LP
+.nf
pkg install web/php-52 web/server/apache-22/module/apache-php52
-.PP
-To install PHP 5.3.14:
-.PP
+.fi
+.LP
+To install PHP 5.3:
+.LP
+.nf
pkg install web/php-53 web/server/apache-22/module/apache-php53
-.PP
+.fi
+.LP
Documentation is separate:
-.PP
+.LP
+.nf
pkg install web/php-53/documentation
-.PP
+.fi
+.LP
Before and after installing check or set the value of PHP's pkg
mediator to the default version desired:
-.PP
+.LP
+.nf
pkg mediator
-.PP
+.fi
+.LP
To set the default version of PHP change the pkg mediator value:
-.PP
+.LP
+.nf
pkg set-mediator -V 5.3 php
-.PP
+.fi
+.LP
where php mediator values are 5.2 or 5.3.
-.PP
+.LP
The configuration of php is controlled by editing the php
configuration file for that specific version:
-.PP
+.LP
+.nf
/etc/apache2/2.2/conf.d/php/php5.2.conf
.br
or
.br
/etc/apache2/2.2/conf.d/php/php5.3.conf
-.PP
+.fi
+.LP
The pkg mediator will select the proper file to use.
-.PP
+.LP
PHP is a recursive acronym which stands for PHP Hypertext Pages.