diff options
Diffstat (limited to 'recipes/php/php-5.2.13')
| -rw-r--r-- | recipes/php/php-5.2.13/CVE-2010-0397.patch | 58 | ||||
| -rw-r--r-- | recipes/php/php-5.2.13/acinclude-xml2-config.patch | 18 | ||||
| -rw-r--r-- | recipes/php/php-5.2.13/imap-fix-autofoo.patch | 41 | ||||
| -rw-r--r-- | recipes/php/php-5.2.13/pear-makefile.patch | 13 | ||||
| -rw-r--r-- | recipes/php/php-5.2.13/php-m4-divert.patch | 83 |
5 files changed, 213 insertions, 0 deletions
diff --git a/recipes/php/php-5.2.13/CVE-2010-0397.patch b/recipes/php/php-5.2.13/CVE-2010-0397.patch new file mode 100644 index 0000000000..8f70d40a46 --- /dev/null +++ b/recipes/php/php-5.2.13/CVE-2010-0397.patch @@ -0,0 +1,58 @@ +Description: Fix a null pointer dereference when processing invalid + XML-RPC requests. +Origin: vendor +Forwarded: http://bugs.php.net/51288 +Last-Update: 2010-03-12 + +Index: php/ext/xmlrpc/tests/bug51288.phpt +=================================================================== +--- /dev/null ++++ php/ext/xmlrpc/tests/bug51288.phpt +@@ -0,0 +1,14 @@ ++--TEST-- ++Bug #51288 (CVE-2010-0397, NULL pointer deref when no <methodName> in request) ++--FILE-- ++<?php ++$method = NULL; ++$req = '<?xml version="1.0"?><methodCall></methodCall>'; ++var_dump(xmlrpc_decode_request($req, $method)); ++var_dump($method); ++echo "Done\n"; ++?> ++--EXPECT-- ++NULL ++NULL ++Done +Index: php/ext/xmlrpc/xmlrpc-epi-php.c +=================================================================== +--- php.orig/ext/xmlrpc/xmlrpc-epi-php.c ++++ php/ext/xmlrpc/xmlrpc-epi-php.c +@@ -701,6 +701,7 @@ zval* decode_request_worker (zval* xml_i + zval* retval = NULL; + XMLRPC_REQUEST response; + STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}}; ++ const char *method_name; + opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(Z_STRVAL_P(encoding_in)) : ENCODING_DEFAULT; + + /* generate XMLRPC_REQUEST from raw xml */ +@@ -711,10 +712,16 @@ zval* decode_request_worker (zval* xml_i + + if(XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) { + if(method_name_out) { +- zval_dtor(method_name_out); +- Z_TYPE_P(method_name_out) = IS_STRING; +- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response)); +- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ method_name = XMLRPC_RequestGetMethodName(response); ++ if (method_name) { ++ zval_dtor(method_name_out); ++ Z_TYPE_P(method_name_out) = IS_STRING; ++ Z_STRVAL_P(method_name_out) = estrdup(method_name); ++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out)); ++ } else if (retval) { ++ zval_ptr_dtor(&retval); ++ retval = NULL; ++ } + } + } + diff --git a/recipes/php/php-5.2.13/acinclude-xml2-config.patch b/recipes/php/php-5.2.13/acinclude-xml2-config.patch new file mode 100644 index 0000000000..bf519d2934 --- /dev/null +++ b/recipes/php/php-5.2.13/acinclude-xml2-config.patch @@ -0,0 +1,18 @@ +--- /orig-acinclude.m4 2007-02-20 15:03:25.000000000 +0200 ++++ /acinclude.m4 2007-02-20 15:03:24.000000000 +0200 +@@ -2359,12 +2359,9 @@ + AC_DEFUN([PHP_SETUP_LIBXML], [ + AC_CACHE_CHECK([for xml2-config path], ac_cv_php_xml2_config_path, + [ +- for i in $PHP_LIBXML_DIR /usr/local /usr; do +- if test -x "$i/bin/xml2-config"; then +- ac_cv_php_xml2_config_path="$i/bin/xml2-config" +- break +- fi +- done ++ ++ ac_cv_php_xml2_config_path="$PHP_LIBXML_DIR/xml2-config" ++ + ]) + + if test -x "$ac_cv_php_xml2_config_path"; then diff --git a/recipes/php/php-5.2.13/imap-fix-autofoo.patch b/recipes/php/php-5.2.13/imap-fix-autofoo.patch new file mode 100644 index 0000000000..3695b7bc42 --- /dev/null +++ b/recipes/php/php-5.2.13/imap-fix-autofoo.patch @@ -0,0 +1,41 @@ +Index: php-5.2.11/ext/imap/config.m4 +=================================================================== +--- php-5.2.11.orig/ext/imap/config.m4 2009-12-10 12:27:52.800974533 -0700 ++++ php-5.2.11/ext/imap/config.m4 2009-12-10 12:28:33.720976583 -0700 +@@ -103,7 +103,7 @@ + PHP_NEW_EXTENSION(imap, php_imap.c, $ext_shared) + AC_DEFINE(HAVE_IMAP,1,[ ]) + +- for i in $PHP_IMAP /usr/local /usr; do ++ for i in $PHP_IMAP $PHP_IMAP/usr /usr/local /usr; do + IMAP_INC_CHK() + el[]IMAP_INC_CHK(/include/c-client) + el[]IMAP_INC_CHK(/include/imap) +@@ -192,13 +192,7 @@ + AC_MSG_ERROR(Cannot find rfc822.h. Please check your c-client installation.) + fi + +- if test -r "$IMAP_DIR/c-client/c-client.a"; then +- ln -s "$IMAP_DIR/c-client/c-client.a" "$IMAP_DIR/c-client/libc-client.a" >/dev/null 2>&1 +- elif test -r "$IMAP_DIR/$PHP_LIBDIR/c-client.a"; then +- ln -s "$IMAP_DIR/$PHP_LIBDIR/c-client.a" "$IMAP_DIR/$PHP_LIBDIR/libc-client.a" >/dev/null 2>&1 +- fi +- +- for lib in c-client4 c-client imap; do ++ for lib in /usr/lib c-client4 c-client imap; do + IMAP_LIB=$lib + IMAP_LIB_CHK($PHP_LIBDIR) + IMAP_LIB_CHK(c-client) +Index: php-5.2.11/acinclude.m4 +=================================================================== +--- php-5.2.11.orig/acinclude.m4 2009-12-10 12:37:13.134722881 -0700 ++++ php-5.2.11/acinclude.m4 2009-12-10 12:37:39.342007053 -0700 +@@ -2338,7 +2338,7 @@ + PHP_OPENSSL_DIR="/usr/local/ssl /usr/local /usr /usr/local/openssl" + fi + +- for i in $PHP_OPENSSL_DIR; do ++ for i in $PHP_OPENSSL_DIR $PHP_OPENSSL_DIR/usr; do + if test -r $i/include/openssl/evp.h; then + OPENSSL_INCDIR=$i/include + fi diff --git a/recipes/php/php-5.2.13/pear-makefile.patch b/recipes/php/php-5.2.13/pear-makefile.patch new file mode 100644 index 0000000000..487f507a02 --- /dev/null +++ b/recipes/php/php-5.2.13/pear-makefile.patch @@ -0,0 +1,13 @@ +Index: php-5.2.11/pear/Makefile.frag +=================================================================== +--- php-5.2.11.orig/pear/Makefile.frag 2009-08-02 13:11:15.000000000 -0600 ++++ php-5.2.11/pear/Makefile.frag 2009-12-09 16:13:38.700972014 -0700 +@@ -11,7 +11,7 @@ + PEAR_SUFFIX = -ds a$(program_suffix) + + install-pear-installer: $(SAPI_CLI_PATH) +- @$(top_builddir)/sapi/cli/php $(PEAR_INSTALL_FLAGS) pear/install-pear-nozlib.phar -d "$(peardir)" -b "$(bindir)" ${PEAR_PREFIX} ${PEAR_SUFFIX} ++ @$(PHP_NATIVE_DIR)/php $(PEAR_INSTALL_FLAGS) pear/install-pear-nozlib.phar -d "$(peardir)" -b "$(bindir)" ${PEAR_PREFIX} ${PEAR_SUFFIX} + + install-pear: + @echo "Installing PEAR environment: $(INSTALL_ROOT)$(peardir)/" diff --git a/recipes/php/php-5.2.13/php-m4-divert.patch b/recipes/php/php-5.2.13/php-m4-divert.patch new file mode 100644 index 0000000000..dfc7b643e2 --- /dev/null +++ b/recipes/php/php-5.2.13/php-m4-divert.patch @@ -0,0 +1,83 @@ +Patch taken from + +http://cvs.pld-linux.org/cgi-bin/cvsweb/packages/php/php-m4-divert.patch?rev=1.1 + +diff -ur php-5.2.10.org/configure.in php-5.2.10/configure.in +--- php-5.2.10.org/configure.in 2009-06-17 14:22:41.000000000 +0200 ++++ php-5.2.10/configure.in 2009-08-18 12:16:25.317640253 +0200 +@@ -1,7 +1,7 @@ + ## $Id: configure.in,v 1.579.2.52.2.139 2009/06/17 12:22:41 iliaa Exp $ -*- autoconf -*- + dnl ## Process this file with autoconf to produce a configure script. + +-divert(1) ++divert(1001) + + dnl ## Diversion 1 is the autoconf + automake setup phase. We also + dnl ## set the PHP version, deal with platform-specific compile +@@ -263,7 +263,7 @@ + sinclude(TSRM/tsrm.m4) + + +-divert(2) ++divert(1002) + + dnl ## Diversion 2 is where we set PHP-specific options and come up + dnl ## with reasonable default values for them. We check for pthreads here +@@ -302,7 +302,7 @@ + PTHREADS_FLAGS + fi + +-divert(3) ++divert(1003) + + dnl ## In diversion 3 we check for compile-time options to the PHP + dnl ## core and how to deal with different system dependencies. +@@ -661,7 +661,7 @@ + PHP_CRYPT_R_STYLE + fi + +-divert(4) ++divert(1004) + + dnl ## In diversion 4 we check user-configurable general settings. + +@@ -902,7 +902,7 @@ + AC_MSG_RESULT([using system default]) + fi + +-divert(5) ++divert(1005) + + dnl ## In diversion 5 we check which extensions should be compiled. + dnl ## All of these are normally in the extension directories. +diff -ur php-5.2.10.org/ext/standard/config.m4 php-5.2.10/ext/standard/config.m4 +--- php-5.2.10.org/ext/standard/config.m4 2007-07-11 13:56:03.000000000 +0200 ++++ php-5.2.10/ext/standard/config.m4 2009-08-18 12:16:25.317640253 +0200 +@@ -1,6 +1,6 @@ + dnl $Id: config.m4,v 1.80.2.3.2.3 2007/07/11 11:56:03 jani Exp $ -*- autoconf -*- + +-divert(3)dnl ++divert(1003)dnl + + dnl + dnl Check if flush should be called explicitly after buffered io +@@ -205,7 +205,7 @@ + AC_CHECK_FUNCS(getcwd getwd asinh acosh atanh log1p hypot glob strfmon nice fpclass isinf isnan) + AC_FUNC_FNMATCH + +-divert(5)dnl ++divert(1005)dnl + + dnl + dnl Check for regex library type +diff -ur php-5.2.10.org/scripts/phpize.m4 php-5.2.10/scripts/phpize.m4 +--- php-5.2.10.org/scripts/phpize.m4 2009-06-02 21:54:22.000000000 +0200 ++++ php-5.2.10/scripts/phpize.m4 2009-08-18 12:16:25.317640253 +0200 +@@ -1,6 +1,6 @@ + dnl This file becomes configure.in for self-contained extensions. + +-divert(1) ++divert(1001) + + AC_PREREQ(2.13) + AC_INIT(config.m4) |