Pullup ticket #3573 - requested by taca lang/php53 security update Revisions pulled up: - lang/php53/Makefile 1.18 - lang/php53/Makefile.php 1.9-1.10 - lang/php53/distinfo 1.23-1.26 - lang/php53/patches/patch-Zend_zend__builtin__functions.c 1.1-1.2 - lang/php53/patches/patch-as 1.1 --- Module Name: pkgsrc Committed By: jklos Date: Thu Oct 6 05:34:00 UTC 2011 Modified Files: pkgsrc/lang/php53: distinfo Added Files: pkgsrc/lang/php53/patches: patch-as Log Message: Atomic operations via gcc are not supported on many archs. Allow them only on amd64, powerpc, i386 and alpha. --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 20 12:38:24 UTC 2011 Modified Files: pkgsrc/lang/php53: Makefile.php distinfo Log Message: Re-add suhosin-patch to distinfo. --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 20 12:39:33 UTC 2011 Modified Files: pkgsrc/lang/php53: Makefile.php Log Message: Revert accidental commit with previous commit. --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 20 13:32:20 UTC 2011 Modified Files: pkgsrc/lang/php53: Makefile distinfo Added Files: pkgsrc/lang/php53/patches: patch-Zend_zend__builtin__functions.c Log Message: Add fix for 2011-3379 from r317183 from PHP's repository. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 20 14:30:55 UTC 2011 Modified Files: pkgsrc/lang/php53: distinfo pkgsrc/lang/php53/patches: patch-Zend_zend__builtin__functions.c Log Message: A small correction in comment text of the patch.diff -r1.17 -r1.17.2.1 pkgsrc/lang/php53/Makefile
(sbd)
@@ -1,19 +1,20 @@ | @@ -1,19 +1,20 @@ | |||
1 | # $NetBSD: Makefile,v 1.17 2011/08/23 22:22:27 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.17.2.1 2011/10/22 07:01:25 sbd Exp $ | |
2 | 2 | |||
3 | # | 3 | # | |
4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | 4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | |
5 | # | 5 | # | |
6 | PKGNAME= php-${PHP_BASE_VERS} | 6 | PKGNAME= php-${PHP_BASE_VERS} | |
7 | PKGREVISION= 1 | |||
7 | CATEGORIES= lang | 8 | CATEGORIES= lang | |
8 | 9 | |||
9 | HOMEPAGE= http://www.php.net/ | 10 | HOMEPAGE= http://www.php.net/ | |
10 | COMMENT= PHP Hypertext Preprocessor version 5 | 11 | COMMENT= PHP Hypertext Preprocessor version 5 | |
11 | LICENSE= php | 12 | LICENSE= php | |
12 | 13 | |||
13 | TEST_TARGET= test | 14 | TEST_TARGET= test | |
14 | PKG_DESTDIR_SUPPORT= user-destdir | 15 | PKG_DESTDIR_SUPPORT= user-destdir | |
15 | 16 | |||
16 | USE_TOOLS+= gmake lex pkg-config | 17 | USE_TOOLS+= gmake lex pkg-config | |
17 | LIBTOOL_OVERRIDE= # empty | 18 | LIBTOOL_OVERRIDE= # empty | |
18 | 19 | |||
19 | .include "Makefile.php" | 20 | .include "Makefile.php" |
@@ -1,21 +1,23 @@ | @@ -1,21 +1,23 @@ | |||
1 | $NetBSD: distinfo,v 1.22 2011/09/12 16:24:32 taca Exp $ | 1 | $NetBSD: distinfo,v 1.22.2.1 2011/10/22 07:01:25 sbd Exp $ | |
2 | 2 | |||
3 | SHA1 (php-5.3.8/php-5.3.8.tar.bz2) = 8f29029e092f262876bfdd2ce56f6867e2b74b85 | 3 | SHA1 (php-5.3.8/php-5.3.8.tar.bz2) = 8f29029e092f262876bfdd2ce56f6867e2b74b85 | |
4 | RMD160 (php-5.3.8/php-5.3.8.tar.bz2) = f18a18e2dfd7ea7885760eec2a05b3c4a15ad9db | 4 | RMD160 (php-5.3.8/php-5.3.8.tar.bz2) = f18a18e2dfd7ea7885760eec2a05b3c4a15ad9db | |
5 | Size (php-5.3.8/php-5.3.8.tar.bz2) = 11190060 bytes | 5 | Size (php-5.3.8/php-5.3.8.tar.bz2) = 11190060 bytes | |
6 | SHA1 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 3c38e873584b8f9e325a813cc9b197a342595099 | 6 | SHA1 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 3c38e873584b8f9e325a813cc9b197a342595099 | |
7 | RMD160 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 19f789bf49a5fed2cd88b199fd8ac5d1ffa9bdc8 | 7 | RMD160 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 19f789bf49a5fed2cd88b199fd8ac5d1ffa9bdc8 | |
8 | Size (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 41175 bytes | 8 | Size (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 41175 bytes | |
9 | SHA1 (patch-Zend_zend__builtin__functions.c) = 3d734b2137cd0b31ed54725f18059aba67f0de5b | |||
9 | SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e | 10 | SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e | |
10 | SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b | 11 | SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b | |
11 | SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690 | 12 | SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690 | |
12 | SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 | 13 | SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 | |
13 | SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 | 14 | SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 | |
14 | SHA1 (patch-af) = 1618b23fd6d090ce5aa929208416028724278bfc | 15 | SHA1 (patch-af) = 1618b23fd6d090ce5aa929208416028724278bfc | |
15 | SHA1 (patch-ag) = c49cdff097d1e54ebe93b5afb550e89b0cc2468e | 16 | SHA1 (patch-ag) = c49cdff097d1e54ebe93b5afb550e89b0cc2468e | |
16 | SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 | 17 | SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 | |
17 | SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f | 18 | SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f | |
18 | SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 | 19 | SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 | |
19 | SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e | 20 | SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e | |
21 | SHA1 (patch-as) = 5faa039f0ab7663e82787973e937aea685ba2dac | |||
20 | SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 | 22 | SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 | |
21 | SHA1 (patch-php__mssql.h) = fa9e349127121cf478691c108ac611563e445c40 | 23 | SHA1 (patch-php__mssql.h) = fa9e349127121cf478691c108ac611563e445c40 |
$NetBSD: patch-Zend_zend__builtin__functions.c,v 1.2.2.2 2011/10/22 07:01:25 sbd Exp $
* Fix for CVE-2011-3379 from r317183 from PHP's repository.
--- Zend/zend_builtin_functions.c.orig 2011-08-08 14:54:50.000000000 +0000
+++ Zend/zend_builtin_functions.c
@@ -816,13 +816,19 @@ static void is_a_impl(INTERNAL_FUNCTION_
int class_name_len;
zend_class_entry *instance_ce;
zend_class_entry **ce;
+ zend_bool allow_string = only_subclass;
zend_bool retval;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs", &obj, &class_name, &class_name_len) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|b", &obj, &class_name, &class_name_len, &allow_string) == FAILURE) {
return;
}
-
- if (Z_TYPE_P(obj) == IS_STRING) {
+ /*
+ allow_string - is_a default is no, is_subclass_of is yes.
+ if it's allowed, then the autoloader will be called if the class does not exist.
+ default behaviour is different, as 'is_a' usage is normally to test mixed return values
+ */
+
+ if (allow_string && Z_TYPE_P(obj) == IS_STRING) {
zend_class_entry **the_ce;
if (zend_lookup_class(Z_STRVAL_P(obj), Z_STRLEN_P(obj), &the_ce TSRMLS_CC) == FAILURE) {
RETURN_FALSE;
$NetBSD: patch-as,v 1.1.2.2 2011/10/22 07:01:25 sbd Exp $
--- ext/standard/php_crypt_r.c.orig 2011-10-06 05:25:16.000000000 +0000
+++ ext/standard/php_crypt_r.c
@@ -94,7 +94,8 @@ void _crypt_extended_init_r(void)
if (!initialized) {
#ifdef PHP_WIN32
InterlockedIncrement(&initialized);
-#elif (defined(__GNUC__) && !defined(__hpux) && (__GNUC__ > 4 || \
+#elif (defined(__GNUC__) && (defined(__amd64__) || defined(__alpha__) || \
+ defined(__i386__) || defined(__powerpc__)) && (__GNUC__ > 4 || \
(__GNUC__ == 4 && (__GNUC_MINOR__ > 1 || (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ > 1)))))
__sync_fetch_and_add(&initialized, 1);
#elif defined(HAVE_ATOMIC_H) /* Solaris 10 defines atomic API within */