Thu Oct 20 13:32:20 2011 UTC ()

Add fix for 2011-3379 from r317183 from PHP's repository.

Bump PKGREVISION.


(taca)

diff -r1.17 -r1.18 pkgsrc/lang/php53/Makefile
diff -r1.24 -r1.25 pkgsrc/lang/php53/distinfo
diff -r0 -r1.1 pkgsrc/lang/php53/patches/patch-Zend_zend__builtin__functions.c

--- pkgsrc/lang/php53/Attic/Makefile 2011/08/23 22:22:27 1.17
+++ pkgsrc/lang/php53/Attic/Makefile 2011/10/20 13:32:20 1.18

 @@ -1,19 +1,20 @@
-# $NetBSD: Makefile,v 1.17 2011/08/23 22:22:27 taca Exp $
+# $NetBSD: Makefile,v 1.18 2011/10/20 13:32:20 taca Exp $
+#
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
+#
 PKGNAME=		php-${PHP_BASE_VERS}
 PKGREVISION=		1
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
 LICENSE=		php
 TEST_TARGET=		test
 PKG_DESTDIR_SUPPORT=	user-destdir
 USE_TOOLS+=		gmake lex pkg-config
 LIBTOOL_OVERRIDE=	# empty
 .include "Makefile.php"

--- pkgsrc/lang/php53/Attic/distinfo 2011/10/20 12:38:24 1.24
+++ pkgsrc/lang/php53/Attic/distinfo 2011/10/20 13:32:20 1.25

 @@ -1,21 +1,22 @@
-$NetBSD: distinfo,v 1.24 2011/10/20 12:38:24 taca Exp $
+$NetBSD: distinfo,v 1.25 2011/10/20 13:32:20 taca Exp $
 SHA1 (php-5.3.8/php-5.3.8.tar.bz2) = 8f29029e092f262876bfdd2ce56f6867e2b74b85
 RMD160 (php-5.3.8/php-5.3.8.tar.bz2) = f18a18e2dfd7ea7885760eec2a05b3c4a15ad9db
 Size (php-5.3.8/php-5.3.8.tar.bz2) = 11190060 bytes
 SHA1 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 3c38e873584b8f9e325a813cc9b197a342595099
 RMD160 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 19f789bf49a5fed2cd88b199fd8ac5d1ffa9bdc8
 Size (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 41175 bytes
 SHA1 (patch-Zend_zend__builtin__functions.c) = 635480e508bd8159daa3f6e38c8b8d6c14f89b5b
 SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e
 SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b
 SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690
 SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881
 SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56
 SHA1 (patch-af) = 1618b23fd6d090ce5aa929208416028724278bfc
 SHA1 (patch-ag) = c49cdff097d1e54ebe93b5afb550e89b0cc2468e
 SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
 SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
 SHA1 (patch-as) = 5faa039f0ab7663e82787973e937aea685ba2dac
 SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23

$NetBSD: patch-Zend_zend__builtin__functions.c,v 1.1 2011/10/20 13:32:20 taca Exp $

* Fix for 2011-3379 from r317183 from PHP's repository.

--- Zend/zend_builtin_functions.c.orig	2011-08-08 14:54:50.000000000 +0000
+++ Zend/zend_builtin_functions.c
@@ -816,13 +816,19 @@ static void is_a_impl(INTERNAL_FUNCTION_
 	int class_name_len;
 	zend_class_entry *instance_ce;
 	zend_class_entry **ce;
+	zend_bool allow_string = only_subclass;
 	zend_bool retval;
 
-	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs", &obj, &class_name, &class_name_len) == FAILURE) {
+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|b", &obj, &class_name, &class_name_len, &allow_string) == FAILURE) {
 		return;
 	}
-	
-	if (Z_TYPE_P(obj) == IS_STRING) {
+	/*
+	   allow_string - is_a default is no, is_subclass_of is yes. 
+	   if it's allowed, then the autoloader will be called if the class does not exist.
+	   default behaviour is different, as 'is_a' usage is normally to test mixed return values 
+	*/
+
+	if (allow_string && Z_TYPE_P(obj) == IS_STRING) {
 		zend_class_entry **the_ce;
 		if (zend_lookup_class(Z_STRVAL_P(obj), Z_STRLEN_P(obj), &the_ce TSRMLS_CC) == FAILURE) {
 			RETURN_FALSE;