OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer Root: /e/openpkg/cvs Email: [EMAIL PROTECTED] Module: openpkg-src Date: 22-Jul-2004 16:29:38 Branch: OPENPKG_2_0_SOLID Handle: 2004072215293700 Added files: (Branch: OPENPKG_2_0_SOLID) openpkg-src/apache apache.patch.php Modified files: (Branch: OPENPKG_2_0_SOLID) openpkg-src/apache apache.spec Log: SA-2004.034-php; CAN-2004-0594, CAN-2004-0595 Summary: Revision Changes Path 1.2.2.1 +610 -0 openpkg-src/apache/apache.patch.php 1.211.2.7 +3 -1 openpkg-src/apache/apache.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/apache/apache.patch.php ============================================================================ $ cvs diff -u -r0 -r1.2.2.1 apache.patch.php --- /dev/null 2004-07-22 16:29:38 +0200 +++ apache.patch.php 2004-07-22 16:29:38 +0200 @@ -0,0 +1,610 @@ +OpenPKG-SA-2004.034-php; CAN-2004-0594, CAN-2004-0595 + +Index: php-4.3.4/Zend/zend_alloc.c +=================================================================== +--- php-4.3.4.orig/Zend/zend_alloc.c 2004-07-14 12:48:39.063013753 +0200 ++++ php-4.3.4/Zend/zend_alloc.c 2004-07-14 12:48:53.975006655 +0200 +@@ -67,7 +67,7 @@ + #define _CHECK_MEMORY_LIMIT(s, rs, file, lineno) { AG(allocated_memory) += rs;\ + if (AG(memory_limit)<AG(allocated_memory)) {\ + int php_mem_limit = AG(memory_limit); \ +- if (AG(memory_limit)+1048576 > AG(allocated_memory) - rs) { \ ++ if (EG(in_execution) && AG(memory_limit)+1048576 > AG(allocated_memory) - rs) { \ + AG(memory_limit) = AG(allocated_memory) + 1048576; \ + if (file) { \ + zend_error(E_ERROR,"Allowed memory size of %d bytes exhausted at %s:%d (tried to allocate %d bytes)", php_mem_limit, file, lineno, s); \ +Index: php-4.3.4/Zend/zend_hash.c +=================================================================== +--- php-4.3.4.orig/Zend/zend_hash.c 2004-07-14 13:14:45.475609161 +0200 ++++ php-4.3.4/Zend/zend_hash.c 2004-07-14 13:14:55.865900116 +0200 +@@ -174,6 +174,7 @@ + ZEND_API int zend_hash_init(HashTable *ht, uint nSize, hash_func_t pHashFunction, dtor_func_t pDestructor, int persistent) + { + uint i = 3; ++ Bucket **tmp; + + SET_INCONSISTENT(HT_OK); + +@@ -183,14 +184,6 @@ + + ht->nTableSize = 1 << i; + ht->nTableMask = ht->nTableSize - 1; +- +- /* Uses ecalloc() so that Bucket* == NULL */ +- ht->arBuckets = (Bucket **) pecalloc(ht->nTableSize, sizeof(Bucket *), persistent); +- +- if (!ht->arBuckets) { +- return FAILURE; +- } +- + ht->pDestructor = pDestructor; + ht->pListHead = NULL; + ht->pListTail = NULL; +@@ -200,6 +193,16 @@ + ht->persistent = persistent; + ht->nApplyCount = 0; + ht->bApplyProtection = 1; ++ ht->arBuckets = NULL; ++ ++ /* Uses ecalloc() so that Bucket* == NULL */ ++ tmp = (Bucket **) pecalloc(ht->nTableSize, sizeof(Bucket *), persistent); ++ ++ if (!tmp) { ++ return FAILURE; ++ } ++ ht->arBuckets = tmp; ++ + return SUCCESS; + } + +Index: php-4.3.4/Zend/zend_variables.c +=================================================================== +--- php-4.3.4.orig/Zend/zend_variables.c 2004-07-14 13:14:45.481608752 +0200 ++++ php-4.3.4/Zend/zend_variables.c 2004-07-14 13:14:55.865900116 +0200 +@@ -114,27 +114,31 @@ + case IS_CONSTANT_ARRAY: { + zval *tmp; + HashTable *original_ht = zvalue->value.ht; ++ HashTable *tmp_ht = NULL; + TSRMLS_FETCH(); + + if (zvalue->value.ht == &EG(symbol_table)) { + return SUCCESS; /* do nothing */ + } +- ALLOC_HASHTABLE_REL(zvalue->value.ht); +- zend_hash_init(zvalue->value.ht, 0, NULL, ZVAL_PTR_DTOR, 0); +- zend_hash_copy(zvalue->value.ht, original_ht, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); ++ ALLOC_HASHTABLE_REL(tmp_ht); ++ zend_hash_init(tmp_ht, 0, NULL, ZVAL_PTR_DTOR, 0); ++ zend_hash_copy(tmp_ht, original_ht, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); ++ zvalue->value.ht = tmp_ht; + } + break; + case IS_OBJECT: { + zval *tmp; + HashTable *original_ht = zvalue->value.obj.properties; ++ HashTable *tmp_ht = NULL; + TSRMLS_FETCH(); + + if (zvalue->value.obj.properties == &EG(symbol_table)) { + return SUCCESS; /* do nothing */ + } +- ALLOC_HASHTABLE_REL(zvalue->value.obj.properties); +- zend_hash_init(zvalue->value.obj.properties, 0, NULL, ZVAL_PTR_DTOR, 0); +- zend_hash_copy(zvalue->value.obj.properties, original_ht, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); ++ ALLOC_HASHTABLE_REL(tmp_ht); ++ zend_hash_init(tmp_ht, 0, NULL, ZVAL_PTR_DTOR, 0); ++ zend_hash_copy(tmp_ht, original_ht, (copy_ctor_func_t) zval_add_ref, (void *) &tmp, sizeof(zval *)); ++ zvalue->value.obj.properties = tmp_ht; + } + break; + } +Index: php-4.3.4/ext/mssql/php_mssql.c +=================================================================== +--- php-4.3.4.orig/ext/mssql/php_mssql.c 2004-07-14 13:14:45.428612368 +0200 ++++ php-4.3.4/ext/mssql/php_mssql.c 2004-07-14 13:14:55.868899911 +0200 +@@ -343,6 +343,7 @@ + PHP_RSHUTDOWN_FUNCTION(mssql) + { + STR_FREE(MS_SQL_G(appname)); ++ MS_SQL_G(appname) = NULL; + if (MS_SQL_G(server_message)) { + STR_FREE(MS_SQL_G(server_message)); + } +Index: php-4.3.4/ext/session/session.c +=================================================================== +--- php-4.3.4.orig/ext/session/session.c 2004-07-14 13:14:45.433612027 +0200 ++++ php-4.3.4/ext/session/session.c 2004-07-14 13:14:55.869899843 +0200 +@@ -499,13 +499,16 @@ + + static void php_session_track_init(TSRMLS_D) + { ++ zval *session_vars = NULL; ++ + /* Unconditionally destroy existing arrays -- possible dirty data */ + zend_hash_del(&EG(symbol_table), "HTTP_SESSION_VARS", + sizeof("HTTP_SESSION_VARS")); + zend_hash_del(&EG(symbol_table), "_SESSION", sizeof("_SESSION")); + +- MAKE_STD_ZVAL(PS(http_session_vars)); +- array_init(PS(http_session_vars)); ++ MAKE_STD_ZVAL(session_vars); ++ array_init(session_vars); ++ PS(http_session_vars) = session_vars; + + ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1); + ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), PS(http_session_vars), 2, 1); +Index: php-4.3.4/ext/sybase/php_sybase_db.c +=================================================================== +--- php-4.3.4.orig/ext/sybase/php_sybase_db.c 2004-07-14 13:14:45.456610458 +0200 ++++ php-4.3.4/ext/sybase/php_sybase_db.c 2004-07-14 13:14:55.871899707 +0200 +@@ -297,7 +297,9 @@ + PHP_RSHUTDOWN_FUNCTION(sybase) + { + efree(php_sybase_module.appname); ++ php_sybase_module.appname = NULL; + STR_FREE(php_sybase_module.server_message); ++ php_sybase_module.server_message = NULL; + return SUCCESS; + } + +Index: php-4.3.4/ext/sybase_ct/php_sybase_ct.c +=================================================================== +--- php-4.3.4.orig/ext/sybase_ct/php_sybase_ct.c 2004-07-14 13:14:45.470609502 +0200 ++++ php-4.3.4/ext/sybase_ct/php_sybase_ct.c 2004-07-14 13:14:55.874899502 +0200 +@@ -407,11 +407,13 @@ + PHP_RSHUTDOWN_FUNCTION(sybase) + { + efree(SybCtG(appname)); ++ SybCtG(appname) = NULL; + if (SybCtG(callback_name)) { + zval_ptr_dtor(&SybCtG(callback_name)); + SybCtG(callback_name)= NULL; + } + STR_FREE(SybCtG(server_message)); ++ SybCtG(server_message) = NULL; + return SUCCESS; + } + +Index: php-4.3.4/ext/w32api/w32api.c +=================================================================== +--- php-4.3.4.orig/ext/w32api/w32api.c 2004-07-14 13:14:45.450610867 +0200 ++++ php-4.3.4/ext/w32api/w32api.c 2004-07-14 13:14:55.876899366 +0200 +@@ -290,20 +290,26 @@ + */ + PHP_RINIT_FUNCTION(w32api) + { ++ HashTable *tmp; ++ WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL; ++ + /* Allocate Request Specific HT's here + */ +- ALLOC_HASHTABLE(WG(funcs)); +- zend_hash_init(WG(funcs), 1, NULL, php_w32api_hash_func_dtor, 1); +- +- ALLOC_HASHTABLE(WG(libraries)); +- zend_hash_init(WG(libraries), 1, NULL, php_w32api_hash_lib_dtor, 1); +- +- ALLOC_HASHTABLE(WG(callbacks)); +- zend_hash_init(WG(callbacks), 1, NULL, php_w32api_hash_callback_dtor, 1); +- +- ALLOC_HASHTABLE(WG(types)); +- zend_hash_init(WG(types), 1, NULL, php_w32api_hash_type_dtor, 1); +- ++ ALLOC_HASHTABLE(tmp); ++ zend_hash_init(tmp, 1, NULL, php_w32api_hash_func_dtor, 1); ++ WG(funcs) = tmp; ++ ++ ALLOC_HASHTABLE(tmp); ++ zend_hash_init(tmp, 1, NULL, php_w32api_hash_lib_dtor, 1); ++ WG(libraries) = tmp; ++ ++ ALLOC_HASHTABLE(tmp); ++ zend_hash_init(tmp, 1, NULL, php_w32api_hash_callback_dtor, 1); ++ WG(callbacks) = tmp; ++ ++ ALLOC_HASHTABLE(tmp); ++ zend_hash_init(tmp, 1, NULL, php_w32api_hash_type_dtor, 1); ++ WG(types) = tmp; + + return SUCCESS; + +@@ -330,6 +336,7 @@ + zend_hash_destroy(WG(types)); + FREE_HASHTABLE(WG(types)); + ++ WG(funcs) = WG(libraries) = WG(callbacks) = WG(types) = NULL; + + return SUCCESS; + } +Index: php-4.3.4/main/main.c +=================================================================== +--- php-4.3.4.orig/main/main.c 2004-07-14 13:14:45.491608069 +0200 ++++ php-4.3.4/main/main.c 2004-07-14 13:14:55.878899229 +0200 +@@ -1367,6 +1367,7 @@ + int _gpc_flags[5] = {0, 0, 0, 0, 0}; + zend_bool have_variables_order; + zval *dummy_track_vars_array = NULL; ++ zval *env_vars = NULL; + zend_bool initialized_dummy_track_vars_array=0; + int i; + char *variables_order; +@@ -1399,9 +1400,10 @@ + } else { + variables_order = PG(gpc_order); + have_variables_order=0; +- ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]); +- array_init(PG(http_globals)[TRACK_VARS_ENV]); +- INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]); ++ ALLOC_ZVAL(env_vars); ++ array_init(env_vars); ++ INIT_PZVAL(env_vars); ++ PG(http_globals)[TRACK_VARS_ENV] = env_vars; + php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC); + if (PG(register_globals)) { + php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC); +@@ -1444,9 +1446,10 @@ + case 'E': + if (!_gpc_flags[3]) { + if (have_variables_order) { +- ALLOC_ZVAL(PG(http_globals)[TRACK_VARS_ENV]); +- array_init(PG(http_globals)[TRACK_VARS_ENV]); +- INIT_PZVAL(PG(http_globals)[TRACK_VARS_ENV]); ++ ALLOC_ZVAL(env_vars); ++ array_init(env_vars); ++ INIT_PZVAL(env_vars); ++ PG(http_globals)[TRACK_VARS_ENV] = env_vars; + php_import_environment_variables(PG(http_globals)[TRACK_VARS_ENV] TSRMLS_CC); + if (PG(register_globals)) { + php_autoglobal_merge(&EG(symbol_table), Z_ARRVAL_P(PG(http_globals)[TRACK_VARS_ENV]) TSRMLS_CC); +Index: php-4.3.4/main/rfc1867.c +=================================================================== +--- php-4.3.4.orig/main/rfc1867.c 2004-07-14 13:14:45.485608479 +0200 ++++ php-4.3.4/main/rfc1867.c 2004-07-14 13:16:53.079904285 +0200 +@@ -693,7 +693,7 @@ + char *boundary, *s=NULL, *boundary_end = NULL, *start_arr=NULL, *array_index=NULL; + char *temp_filename=NULL, *lbuf=NULL, *abuf=NULL; + int boundary_len=0, total_bytes=0, cancel_upload=0, is_arr_upload=0, array_len=0, max_file_size=0, skip_upload=0; +- zval *http_post_files=NULL; ++ zval *http_post_files=NULL; HashTable *uploaded_files=NULL; + zend_bool magic_quotes_gpc; + multipart_buffer *mbuff; + zval *array_ptr = (zval *) arg; +@@ -743,8 +743,9 @@ + /* Initialize $_FILES[] */ + zend_hash_init(&PG(rfc1867_protected_variables), 5, NULL, NULL, 0); + +- ALLOC_HASHTABLE(SG(rfc1867_uploaded_files)); +- zend_hash_init(SG(rfc1867_uploaded_files), 5, NULL, (dtor_func_t) free_estring, 0); ++ ALLOC_HASHTABLE(uploaded_files); ++ zend_hash_init(uploaded_files, 5, NULL, (dtor_func_t) free_estring, 0); ++ SG(rfc1867_uploaded_files) = uploaded_files; + + ALLOC_ZVAL(http_post_files); + array_init(http_post_files); +Patches within this file... More or less security related +--------------------------------------------------------- + +Fixed: Alloca replaced by emalloc() where the size is user supplied + + Zend/zend_constants.c + ext/msession/msession.c + ext/pcntl/pcntl.c + ext/session/mod_mm.c + ext/wddx/wddx.c + +Fixed: Off-By-One in memory allocation for IMAP addresses + + ext/imap/php_imap.c + +Fixed: Correctly disable CLIENT_LOCAL_FILE option when open_basedir set + + ext/mysql/php_mysql.c + +Fixed: Added missing safe_mode check + + ext/standard/ftok.c + ext/standard/iptc.c + +Fixed: Made strip_slashes binary safe to work around an IE bug (feature?) + + ext/standard/string.c + + before strip_slashes($input, "<b>"); would believe <\0whatever> + is a valid tag (because it would search in "<b>" for "<\0" + and of course our friend internet explorer accepts <\0whatever> + as <whatever> + + + +Index: php-4.3.4/Zend/zend_constants.c +=================================================================== +--- php-4.3.4.orig/Zend/zend_constants.c 2004-07-14 13:16:57.582597240 +0200 ++++ php-4.3.4/Zend/zend_constants.c 2004-07-14 13:20:37.300623859 +0200 +@@ -220,8 +220,7 @@ + int retval = 1; + + if (zend_hash_find(EG(zend_constants), name, name_len+1, (void **) &c) == FAILURE) { +- lookup_name = do_alloca(name_len+1); +- memcpy(lookup_name, name, name_len+1); ++ lookup_name = estrndup(name, name_len); + zend_str_tolower(lookup_name, name_len); + + if (zend_hash_find(EG(zend_constants), lookup_name, name_len+1, (void **) &c)==SUCCESS) { +@@ -231,7 +230,7 @@ + } else { + retval=0; + } +- free_alloca(lookup_name); ++ efree(lookup_name); + } + + if (retval) { +@@ -252,9 +251,7 @@ + printf("Registering constant for module %d\n", c->module_number); + #endif + +- lowercase_name = do_alloca(c->name_len); +- +- memcpy(lowercase_name, c->name, c->name_len); ++ lowercase_name = estrndup(c->name, c->name_len); + + if (!(c->flags & CONST_CS)) { + zend_str_tolower(lowercase_name, c->name_len); +@@ -268,7 +265,7 @@ + zend_error(E_NOTICE,"Constant %s already defined", lowercase_name); + ret = FAILURE; + } +- free_alloca(lowercase_name); ++ efree(lowercase_name); + return ret; + } + +Index: php-4.3.4/ext/imap/php_imap.c +=================================================================== +--- php-4.3.4.orig/ext/imap/php_imap.c 2004-07-14 13:16:57.532600650 +0200 ++++ php-4.3.4/ext/imap/php_imap.c 2004-07-14 13:16:59.114492780 +0200 +@@ -3674,7 +3674,7 @@ + addresstmp = addresslist; + + if ((len = _php_imap_address_size(addresstmp))) { +- tmpstr = (char *) malloc (len); ++ tmpstr = (char *) malloc(len + 1); + tmpstr[0] = '\0'; + rfc822_write_address(tmpstr, addresstmp); + *fulladdress = tmpstr; +Index: php-4.3.4/ext/msession/msession.c +=================================================================== +--- php-4.3.4.orig/ext/msession/msession.c 2004-07-14 13:16:57.577597581 +0200 ++++ php-4.3.4/ext/msession/msession.c 2004-07-14 13:16:59.116492644 +0200 +@@ -1266,7 +1266,7 @@ + { + int port; + int len = strlen(save_path)+1; +- char * path = alloca(len); ++ char * path = emalloc(len); + char * szport; + + strcpy(path, save_path); +@@ -1285,7 +1285,13 @@ + + ELOG( "ps_open_msession"); + PS_SET_MOD_DATA((void *)1); /* session.c needs a non-zero here! */ +- return PHPMsessionConnect(path, port) ? SUCCESS : FAILURE; ++ if (PHPMsessionConnect(path, port)) { ++ efree(path); ++ return SUCCESS; ++ } else { ++ efree(path); ++ return FAILURE; ++ } + } + + PS_CLOSE_FUNC(msession) +Index: php-4.3.4/ext/mysql/php_mysql.c +=================================================================== +--- php-4.3.4.orig/ext/mysql/php_mysql.c 2004-07-14 13:16:57.544599832 +0200 ++++ php-4.3.4/ext/mysql/php_mysql.c 2004-07-14 13:16:59.118492507 +0200 +@@ -259,6 +259,9 @@ + */ + static void php_mysql_set_default_link(int id TSRMLS_DC) + { ++ if (MySG(default_link) != -1) { ++ zend_list_delete(MySG(default_link)); ++ } + MySG(default_link) = id; + zend_list_addref(id); + } +@@ -591,7 +594,7 @@ + break; + } + /* disable local infile option for open_basedir */ +- if (PG(open_basedir) && strlen(PG(open_basedir))) { ++ if (PG(open_basedir) && strlen(PG(open_basedir)) && (client_flags & CLIENT_LOCAL_FILES)) { + client_flags ^= CLIENT_LOCAL_FILES; + } + +Index: php-4.3.4/ext/pcntl/pcntl.c +=================================================================== +--- php-4.3.4.orig/ext/pcntl/pcntl.c 2004-07-14 13:16:57.550599422 +0200 ++++ php-4.3.4/ext/pcntl/pcntl.c 2004-07-14 13:16:59.119492439 +0200 +@@ -386,7 +386,7 @@ + args_hash = HASH_OF(args); + argc = zend_hash_num_elements(args_hash); + +- argv = alloca((argc+2) * sizeof(char *)); ++ argv = safe_emalloc((argc + 2), sizeof(char *), 0); + *argv = path; + for ( zend_hash_internal_pointer_reset(args_hash), current_arg = argv+1; + (argi < argc && (zend_hash_get_current_data(args_hash, (void **) &element) == SUCCESS)); +@@ -397,7 +397,7 @@ + } + *(current_arg) = NULL; + } else { +- argv = alloca(2 * sizeof(char *)); ++ argv = emalloc(2 * sizeof(char *)); + *argv = path; + *(argv+1) = NULL; + } +@@ -407,13 +407,13 @@ + envs_hash = HASH_OF(envs); + envc = zend_hash_num_elements(envs_hash); + +- envp = alloca((envc+1) * sizeof(char *)); ++ envp = safe_emalloc((envc + 1), sizeof(char *), 0); + for ( zend_hash_internal_pointer_reset(envs_hash), pair = envp; + (envi < envc && (zend_hash_get_current_data(envs_hash, (void **) &element) == SUCCESS)); + (envi++, pair++, zend_hash_move_forward(envs_hash)) ) { + switch (return_val = zend_hash_get_current_key_ex(envs_hash, &key, &key_length, &key_num, 0, NULL)) { + case HASH_KEY_IS_LONG: +- key = alloca(101); ++ key = emalloc(101); + snprintf(key, 100, "%ld", key_num); + key_length = strlen(key); + break; +@@ -432,7 +432,7 @@ + strlcat(*pair, Z_STRVAL_PP(element), pair_length); + + /* Cleanup */ +- if (return_val == HASH_KEY_IS_LONG) free_alloca(key); ++ if (return_val == HASH_KEY_IS_LONG) efree(key); + } + *(pair) = NULL; + } +@@ -445,10 +445,10 @@ + /* Cleanup */ + if (envp != NULL) { + for (pair = envp; *pair != NULL; pair++) efree(*pair); +- free_alloca(envp); ++ efree(envp); + } + +- free_alloca(argv); ++ efree(argv); + + RETURN_FALSE; + } +Index: php-4.3.4/ext/session/mod_mm.c +=================================================================== +--- php-4.3.4.orig/ext/session/mod_mm.c 2004-07-14 13:16:57.555599082 +0200 ++++ php-4.3.4/ext/session/mod_mm.c 2004-07-14 13:16:59.120492371 +0200 +@@ -16,7 +16,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: apache.patch.php,v 1.2.2.1 2004/07/22 14:29:37 thl Exp $ */ ++/* $Id: apache.patch.php,v 1.2.2.1 2004/07/22 14:29:37 thl Exp $ */ + + #include "php.h" + +@@ -264,7 +264,7 @@ + return FAILURE; + + /* Directory + '/' + File + Module Name + Effective UID + \0 */ +- ps_mm_path = do_alloca(save_path_len+1+sizeof(PS_MM_FILE)+mod_name_len+strlen(euid)+1); ++ ps_mm_path = emalloc(save_path_len+1+sizeof(PS_MM_FILE)+mod_name_len+strlen(euid)+1); + + memcpy(ps_mm_path, PS(save_path), save_path_len + 1); + if (save_path_len > 0 && ps_mm_path[save_path_len - 1] != DEFAULT_SLASH) { +@@ -277,7 +277,7 @@ + + ret = ps_mm_initialize(ps_mm_instance, ps_mm_path); + +- free_alloca(ps_mm_path); ++ efree(ps_mm_path); + + if (ret != SUCCESS) { + free(ps_mm_instance); +Index: php-4.3.4/ext/standard/ftok.c +=================================================================== +--- php-4.3.4.orig/ext/standard/ftok.c 2004-07-14 13:16:57.560598741 +0200 ++++ php-4.3.4/ext/standard/ftok.c 2004-07-14 13:16:59.120492371 +0200 +@@ -16,7 +16,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: apache.patch.php,v 1.2.2.1 2004/07/22 14:29:37 thl Exp $ */ ++/* $Id: apache.patch.php,v 1.2.2.1 2004/07/22 14:29:37 thl Exp $ */ + + #include "php.h" + +@@ -52,6 +52,10 @@ + RETURN_LONG(-1); + } + ++ if ((PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(pathname), NULL, CHECKUID_CHECK_FILE_AND_DIR))) || php_check_open_basedir(Z_STRVAL_PP(pathname) TSRMLS_CC)) { ++ RETURN_LONG(-1); ++ } ++ + k = ftok(Z_STRVAL_PP(pathname),Z_STRVAL_PP(proj)[0]); + + RETURN_LONG(k); +Index: php-4.3.4/ext/standard/iptc.c +=================================================================== +--- php-4.3.4.orig/ext/standard/iptc.c 2004-07-14 13:16:57.565598400 +0200 ++++ php-4.3.4/ext/standard/iptc.c 2004-07-14 13:16:59.121492303 +0200 +@@ -208,6 +208,10 @@ + break; + } + ++ if (PG(safe_mode) && (!php_checkuid(Z_STRVAL_PP(jpeg_file), NULL, CHECKUID_CHECK_FILE_AND_DIR))) { ++ RETURN_FALSE; ++ } ++ + if (php_check_open_basedir(Z_STRVAL_PP(jpeg_file) TSRMLS_CC)) { + RETURN_FALSE; + } +@@ -347,7 +351,7 @@ + inx += 2; + } + +- sprintf(key, "%d#%03d", (unsigned int) dataset, (unsigned int) recnum); ++ snprintf(key, sizeof(key), "%d#%03d", (unsigned int) dataset, (unsigned int) recnum); + + if ((len > length) || (inx + len) > length) + break; +Index: php-4.3.4/ext/standard/string.c +=================================================================== +--- php-4.3.4.orig/ext/standard/string.c 2004-07-14 13:16:57.572597922 +0200 ++++ php-4.3.4/ext/standard/string.c 2004-07-14 13:16:59.125492030 +0200 +@@ -3349,6 +3349,8 @@ + + while (i < len) { + switch (c) { ++ case '\0': ++ break; + case '<': + if (isspace(*(p + 1))) { + goto reg_char; +Index: php-4.3.4/ext/wddx/wddx.c +=================================================================== +--- php-4.3.4.orig/ext/wddx/wddx.c 2004-07-14 13:16:57.538600241 +0200 ++++ php-4.3.4/ext/wddx/wddx.c 2004-07-14 13:16:59.126491962 +0200 +@@ -16,7 +16,7 @@ + +----------------------------------------------------------------------+ + */ + +-/* $Id: apache.patch.php,v 1.2.2.1 2004/07/22 14:29:37 thl Exp $ */ ++/* $Id: apache.patch.php,v 1.2.2.1 2004/07/22 14:29:37 thl Exp $ */ + + #include "php.h" + #include "php_wddx.h" +@@ -1069,7 +1069,7 @@ + case ST_DATETIME: { + char *tmp; + +- tmp = do_alloca(len + 1); ++ tmp = emalloc(len + 1); + memcpy(tmp, s, len); + tmp[len] = '\0'; + +@@ -1080,7 +1080,7 @@ + Z_STRLEN_P(ent->data) = len; + Z_STRVAL_P(ent->data) = estrndup(s, len); + } +- free_alloca(tmp); ++ efree(tmp); + } + default: + break; + @@ . patch -p0 <<'@@ .' Index: openpkg-src/apache/apache.spec ============================================================================ $ cvs diff -u -r1.211.2.6 -r1.211.2.7 apache.spec --- openpkg-src/apache/apache.spec 16 Jul 2004 09:55:21 -0000 1.211.2.6 +++ openpkg-src/apache/apache.spec 22 Jul 2004 14:29:37 -0000 1.211.2.7 @@ -64,7 +64,7 @@ Group: Web License: ASF Version: %{V_apache} -Release: 2.0.4 +Release: 2.0.5 # package options (suexec related) %option with_suexec yes @@ -199,6 +199,7 @@ Source25: apache.sh Patch0: apache.patch Patch1: apache.patch.modssl +Patch2: apache.patch.php # build information Prefix: %{l_prefix} @@ -458,6 +459,7 @@ %if "%{with_mod_php}" == "yes" %setup -q -T -D -a 3 ( cd php-%{V_mod_php} + %patch -p1 -P 2 %{l_shtool} subst \ -e 's;\(/include\)/freetype2;\1;' \ configure \ @@ . ______________________________________________________________________ The OpenPKG Project www.openpkg.org CVS Repository Commit List [EMAIL PROTECTED]