From fd4d1afde90d94006397e86d2d161dd88d114a2c Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 19 Aug 2013 15:15:55 +0200 Subject: PHP 5.4.18 --- php-5.4.17-CVE-2013-4013.patch | 181 ----------- php-5.4.17-man.patch | 668 ----------------------------------------- php-5.4.18-bison.patch | 29 ++ php54.spec | 30 +- 4 files changed, 49 insertions(+), 859 deletions(-) delete mode 100644 php-5.4.17-CVE-2013-4013.patch delete mode 100644 php-5.4.17-man.patch create mode 100644 php-5.4.18-bison.patch diff --git a/php-5.4.17-CVE-2013-4013.patch b/php-5.4.17-CVE-2013-4013.patch deleted file mode 100644 index dfa2c86..0000000 --- a/php-5.4.17-CVE-2013-4013.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 7d163e8a0880ae8af2dd869071393e5dc07ef271 Mon Sep 17 00:00:00 2001 -From: Rob Richards -Date: Sat, 6 Jul 2013 07:53:07 -0400 -Subject: [PATCH] truncate results at depth of 255 to prevent corruption - ---- - ext/xml/xml.c | 90 +++++++++++++++++++++++++++++++++-------------------------- - 1 file changed, 50 insertions(+), 40 deletions(-) - -diff --git a/ext/xml/xml.c b/ext/xml/xml.c -index 1f0480b..9f0bc30 100644 ---- a/ext/xml/xml.c -+++ b/ext/xml/xml.c -@@ -428,7 +428,7 @@ static void xml_parser_dtor(zend_rsrc_list_entry *rsrc TSRMLS_DC) - } - if (parser->ltags) { - int inx; -- for (inx = 0; inx < parser->level; inx++) -+ for (inx = 0; ((inx < parser->level) && (inx < XML_MAXLEVEL)); inx++) - efree(parser->ltags[ inx ]); - efree(parser->ltags); - } -@@ -805,45 +805,50 @@ void _xml_startElementHandler(void *userData, const XML_Char *name, const XML_Ch - } - - if (parser->data) { -- zval *tag, *atr; -- int atcnt = 0; -+ if (parser->level <= XML_MAXLEVEL) { -+ zval *tag, *atr; -+ int atcnt = 0; - -- MAKE_STD_ZVAL(tag); -- MAKE_STD_ZVAL(atr); -+ MAKE_STD_ZVAL(tag); -+ MAKE_STD_ZVAL(atr); - -- array_init(tag); -- array_init(atr); -+ array_init(tag); -+ array_init(atr); - -- _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); -+ _xml_add_to_info(parser,((char *) tag_name) + parser->toffset); - -- add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ -- add_assoc_string(tag,"type","open",1); -- add_assoc_long(tag,"level",parser->level); -+ add_assoc_string(tag,"tag",((char *) tag_name) + parser->toffset,1); /* cast to avoid gcc-warning */ -+ add_assoc_string(tag,"type","open",1); -+ add_assoc_long(tag,"level",parser->level); - -- parser->ltags[parser->level-1] = estrdup(tag_name); -- parser->lastwasopen = 1; -+ parser->ltags[parser->level-1] = estrdup(tag_name); -+ parser->lastwasopen = 1; - -- attributes = (const XML_Char **) attrs; -+ attributes = (const XML_Char **) attrs; - -- while (attributes && *attributes) { -- att = _xml_decode_tag(parser, attributes[0]); -- val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); -- -- add_assoc_stringl(atr,att,val,val_len,0); -+ while (attributes && *attributes) { -+ att = _xml_decode_tag(parser, attributes[0]); -+ val = xml_utf8_decode(attributes[1], strlen(attributes[1]), &val_len, parser->target_encoding); - -- atcnt++; -- attributes += 2; -+ add_assoc_stringl(atr,att,val,val_len,0); - -- efree(att); -- } -+ atcnt++; -+ attributes += 2; - -- if (atcnt) { -- zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); -- } else { -- zval_ptr_dtor(&atr); -- } -+ efree(att); -+ } -+ -+ if (atcnt) { -+ zend_hash_add(Z_ARRVAL_P(tag),"attributes",sizeof("attributes"),&atr,sizeof(zval*),NULL); -+ } else { -+ zval_ptr_dtor(&atr); -+ } - -- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); -+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),(void *) &parser->ctag); -+ } else if (parser->level == (XML_MAXLEVEL + 1)) { -+ TSRMLS_FETCH(); -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); -+ } - } - - efree(tag_name); -@@ -895,7 +900,7 @@ void _xml_endElementHandler(void *userData, const XML_Char *name) - - efree(tag_name); - -- if (parser->ltags) { -+ if ((parser->ltags) && (parser->level <= XML_MAXLEVEL)) { - efree(parser->ltags[parser->level-1]); - } - -@@ -979,18 +984,23 @@ void _xml_characterDataHandler(void *userData, const XML_Char *s, int len) - } - } - -- MAKE_STD_ZVAL(tag); -- -- array_init(tag); -- -- _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); -+ if (parser->level <= XML_MAXLEVEL) { -+ MAKE_STD_ZVAL(tag); - -- add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); -- add_assoc_string(tag,"value",decoded_value,0); -- add_assoc_string(tag,"type","cdata",1); -- add_assoc_long(tag,"level",parser->level); -+ array_init(tag); - -- zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); -+ _xml_add_to_info(parser,parser->ltags[parser->level-1] + parser->toffset); -+ -+ add_assoc_string(tag,"tag",parser->ltags[parser->level-1] + parser->toffset,1); -+ add_assoc_string(tag,"value",decoded_value,0); -+ add_assoc_string(tag,"type","cdata",1); -+ add_assoc_long(tag,"level",parser->level); -+ -+ zend_hash_next_index_insert(Z_ARRVAL_P(parser->data),&tag,sizeof(zval*),NULL); -+ } else if (parser->level == (XML_MAXLEVEL + 1)) { -+ TSRMLS_FETCH(); -+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Maximum depth exceeded - Results truncated"); -+ } - } - } else { - efree(decoded_value); --- -1.7.11.5 - -From 710eee5555bc5c95692bd3c84f5d2b5d687349b6 Mon Sep 17 00:00:00 2001 -From: =?utf8?q?Johannes=20Schl=C3=BCter?= -Date: Wed, 10 Jul 2013 19:35:18 +0200 -Subject: [PATCH] add test for bug #65236 - ---- - ext/xml/tests/bug65236.phpt | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - create mode 100644 ext/xml/tests/bug65236.phpt - -diff --git a/ext/xml/tests/bug65236.phpt b/ext/xml/tests/bug65236.phpt -new file mode 100644 -index 0000000..67b26d6 ---- /dev/null -+++ b/ext/xml/tests/bug65236.phpt -@@ -0,0 +1,15 @@ -+--TEST-- -+Bug #65236 (heap corruption in xml parser) -+--SKIPIF-- -+ -+--FILE-- -+", 1000), $a); -+ -+echo "Done\n"; -+?> -+--EXPECTF-- -+Warning: xml_parse_into_struct(): Maximum depth exceeded - Results truncated in %s on line %d -+Done --- -1.7.11.5 - diff --git a/php-5.4.17-man.patch b/php-5.4.17-man.patch deleted file mode 100644 index d0c034a..0000000 --- a/php-5.4.17-man.patch +++ /dev/null @@ -1,668 +0,0 @@ ->From c940aab7895fa4cb109e7790ae14080090b04959 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Tue, 2 Jul 2013 10:42:47 +0200 -Subject: [PATCH] Fixed Bug #65143 Missing php-cgi man page - -Currently php-cgi man page is a simple redirect to -php (CLI) man page. - -Could be splited / improved in the future. ---- - sapi/cgi/Makefile.frag | 3 +++ - sapi/cgi/config9.m4 | 2 ++ - sapi/cgi/php-cgi.1.in | 1 + - sapi/cli/php.1.in | 2 ++ - 4 files changed, 8 insertions(+) - create mode 100644 sapi/cgi/php-cgi.1.in - -diff --git a/sapi/cgi/Makefile.frag b/sapi/cgi/Makefile.frag -index 505119e..d54dd40 100644 ---- a/sapi/cgi/Makefile.frag -+++ b/sapi/cgi/Makefile.frag -@@ -6,4 +6,7 @@ $(SAPI_CGI_PATH): $(PHP_GLOBAL_OBJS) $(PHP_BINARY_OBJS) $(PHP_CGI_OBJS) - install-cgi: $(SAPI_CGI_PATH) - @echo "Installing PHP CGI binary: $(INSTALL_ROOT)$(bindir)/" - @$(INSTALL) -m 0755 $(SAPI_CGI_PATH) $(INSTALL_ROOT)$(bindir)/$(program_prefix)php-cgi$(program_suffix)$(EXEEXT) -+ @echo "Installing PHP CGI man page: $(INSTALL_ROOT)$(mandir)/man1/" -+ @$(mkinstalldirs) $(INSTALL_ROOT)$(mandir)/man1 -+ @$(INSTALL_DATA) sapi/cgi/php-cgi.1 $(INSTALL_ROOT)$(mandir)/man1/$(program_prefix)php-cgi$(program_suffix).1 - -diff --git a/sapi/cgi/config9.m4 b/sapi/cgi/config9.m4 -index 67251ae..49e61c8 100644 ---- a/sapi/cgi/config9.m4 -+++ b/sapi/cgi/config9.m4 -@@ -71,6 +71,8 @@ if test "$PHP_CGI" != "no"; then - dnl Expose to Makefile - PHP_SUBST(SAPI_CGI_PATH) - PHP_SUBST(BUILD_CGI) -+ -+ PHP_OUTPUT(sapi/cgi/php-cgi.1) - else - AC_MSG_RESULT(yes) - fi -diff --git a/sapi/cgi/php-cgi.1.in b/sapi/cgi/php-cgi.1.in -new file mode 100644 -index 0000000..340e6c5 ---- /dev/null -+++ b/sapi/cgi/php-cgi.1.in -@@ -0,0 +1 @@ -+.so man1/php.1 -diff --git a/sapi/cli/php.1.in b/sapi/cli/php.1.in -index 0e9d07a..6f0266d 100644 ---- a/sapi/cli/php.1.in -+++ b/sapi/cli/php.1.in -@@ -1,6 +1,8 @@ - .TH PHP 1 "2013" "The PHP Group" "Scripting Language" - .SH NAME - php \- PHP Command Line Interface 'CLI' -+.P -+php-cgi \- PHP Command Gateway Interface 'CGI' - .SH SYNOPSIS - .B php - [options] [ --- -1.7.11.5 - ->From f4ce5e7fb65ce215ea5fd182a90aaa4d634f6023 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Tue, 2 Jul 2013 10:46:50 +0200 -Subject: [PATCH] Fixed Bug #65142 Missing phar man page - -Simple man page from phar help output. ---- - NEWS | 3 + - ext/phar/Makefile.frag | 4 + - ext/phar/config.m4 | 2 + - ext/phar/phar.1.in | 523 ++++++++++++++++++++++++++++++++++++++++++++++++ - ext/phar/phar.phar.1.in | 1 + - 5 files changed, 533 insertions(+) - create mode 100644 ext/phar/phar.1.in - create mode 100644 ext/phar/phar.phar.1.in - -diff --git a/ext/phar/Makefile.frag b/ext/phar/Makefile.frag -index b1c820f..ed6de9f 100644 ---- a/ext/phar/Makefile.frag -+++ b/ext/phar/Makefile.frag -@@ -40,3 +40,7 @@ install-pharcmd: pharcmd - $(INSTALL) $(builddir)/phar.phar $(INSTALL_ROOT)$(bindir) - -@rm -f $(INSTALL_ROOT)$(bindir)/phar - $(LN_S) -f $(bindir)/phar.phar $(INSTALL_ROOT)$(bindir)/phar -+ @$(mkinstalldirs) $(INSTALL_ROOT)$(mandir)/man1 -+ @$(INSTALL_DATA) $(builddir)/phar.1 $(INSTALL_ROOT)$(mandir)/man1/phar.1 -+ @$(INSTALL_DATA) $(builddir)/phar.phar.1 $(INSTALL_ROOT)$(mandir)/man1/phar.phar.1 -+ -diff --git a/ext/phar/config.m4 b/ext/phar/config.m4 -index 2ac7f3d..d424060 100644 ---- a/ext/phar/config.m4 -+++ b/ext/phar/config.m4 -@@ -27,4 +27,6 @@ if test "$PHP_PHAR" != "no"; then - PHP_ADD_EXTENSION_DEP(phar, hash, true) - PHP_ADD_EXTENSION_DEP(phar, spl, true) - PHP_ADD_MAKEFILE_FRAGMENT -+ -+ PHP_OUTPUT(ext/phar/phar.1 ext/phar/phar.phar.1) - fi -diff --git a/ext/phar/phar.1.in b/ext/phar/phar.1.in -new file mode 100644 -index 0000000..259a2ba ---- /dev/null -+++ b/ext/phar/phar.1.in -@@ -0,0 +1,523 @@ -+.TH PHAR 1 "2013" "The PHP Group" "User Commands" -+.SH NAME -+phar, phar.phar \- PHAR (PHP archive) command line tool -+.SH SYNOPSIS -+.B phar -+ [options] ... -+.LP -+.SH DESCRIPTION -+The \fBPHAR\fP file format provides a way to put entire PHP applications into a single -+file called a "phar" (PHP Archive) for easy distribution and installation. -+.P -+With the \fBphar\fP command you can create, update or extract PHP archives. -+.P -+Commands: -+add compress delete extract help help-list info list meta-del -+meta-get meta-set pack sign stub-get stub-set tree version -+ -+.SH add command -+Add entries to a PHAR package. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.TP -+.PD -+.B ... -+Any number of input files and directories. If -i is in -+use then ONLY files and matching the given regular -+expression are being packed. If -x is given then files -+matching that regular expression are NOT being packed. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B \-a \fIalias\fP -+Provide an \fIalias\fP name for the phar file. -+.TP -+.PD -+.B \-c \fIalgo\fP -+Compression algorithm (see -+.SM -+.B COMPRESSION -+) -+.TP -+.PD -+.B \-i \fIregex\fP -+Specifies a regular expression for input files. -+.TP -+.PD -+.B \-l \fIlevel\fP -+Number of preceding subdirectories to strip from file entries -+.TP -+.PD -+.B \-x \fIregex\fP -+Regular expression for input files to exclude. -+ -+.SH compress command -+Compress or uncompress all files or a selected entry. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B \-c \fIalgo\fP -+Compression algorithm (see -+.SM -+.B COMPRESSION -+) -+.TP -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B -e \fIentry\fP -+Name of \fIentry\fP to work on (must include PHAR internal -+directory name if any). -+ -+.SH delete command -+Delete entry from a PHAR archive -+.P -+Required arguments: -+.TP 15 -+.PD -+.B \-e \fIentry\fP -+Name of \fIentry\fP to work on (must include PHAR internal -+directory name if any). -+.TP -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+ -+.SH extract command -+Extract a PHAR package to a directory. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B -i \fIregex\fP -+Specifies a regular expression for input files. -+.TP -+.PD -+.B -x \fIregex\fP -+Regular expression for input files to exclude. -+.TP -+.PD -+.B ... -+Directory to extract to (defaults to '.'). -+ -+ -+.SH help command -+This help or help for a selected command. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B ... -+Optional command to retrieve help for. -+ -+.SH help-list command -+Lists available commands. -+ -+.SH info command -+Get information about a PHAR package. -+.P -+By using -k it is possible to return a single value. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B -k \fIindex\fP -+Subscription \fIindex\fP to work on. -+ -+.SH list command -+List contents of a PHAR archive. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B -i \fIregex\fP -+Specifies a regular expression for input files. -+.TP -+.PD -+.B -x \fIregex\fP -+Regular expression for input files to exclude. -+ -+ -+.SH meta-del command -+Delete meta information of a PHAR entry or a PHAR package. -+.P -+If -k is given then the metadata is expected to be an array and the -+given index is being deleted. -+.P -+If something was deleted the return value is 0 otherwise it is 1. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B -e \fIentry\fP -+Name of \fIentry\fP to work on (must include PHAR internal -+directory name if any). -+.TP -+.PD -+.B -k \fIindex\fP -+Subscription \fIindex\fP to work on. -+ -+.SH meta-get command -+Get meta information of a PHAR entry or a PHAR package in serialized from. If -+no output file is specified for meta data then stdout is being used. -+You can also specify a particular index using -k. In that case the -+metadata is expected to be an array and the value of the given index -+is returned using echo rather than using serialize. If that index does -+not exist or no meta data is present then the return value is 1. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B -e \fIentry\fP -+Name of \fIentry\fP to work on (must include PHAR internal -+directory name if any). -+.TP -+.PD -+.B -k \fIindex\fP -+Subscription \fIindex\fP to work on. -+ -+.SH meta-set command -+Set meta data of a PHAR entry or a PHAR package using serialized input. If no -+input file is specified for meta data then stdin is being used. You can -+also specify a particular index using -k. In that case the metadata is -+expected to be an array and the value of the given index is being set. -+If the metadata is not present or empty a new array will be created. -+If the metadata is present and a flat value then the return value is -+1. Also using -k the input is been taken directly rather then being -+serialized. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.TP -+.PD -+.B -m \fImeta\fP -+Meta data to store with entry (serialized php data). -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B -e \fIentry\fP -+Name of \fIentry\fP to work on (must include PHAR internal -+directory name if any). -+.TP -+.PD -+.B -k \fIindex\fP -+Subscription \fIindex\fP to work on. -+ -+.SH pack command -+Pack files into a PHAR archive. -+.P -+When using -s , then the stub file is being excluded from the -+list of input files/dirs.To create an archive that contains PEAR class -+PHP_Archive then point -p argument to PHP/Archive.php. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.TP -+.PD -+.B ... -+Any number of input files and directories. If -i is in -+use then ONLY files and matching the given regular -+expression are being packed. If -x is given then files -+matching that regular expression are NOT being packed. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B \-a \fIalias\fP -+Provide an \fIalias\fP name for the phar file. -+.TP -+.PD -+.B \-b \fIbang\fP -+Hash-bang line to start the archive (e.g. #!/usr/bin/php). -+The hash mark itself '#!' and the newline character are optional. -+.TP -+.PD -+.B \-c \fIalgo\fP -+Compression algorithm (see -+.SM -+.B COMPRESSION -+) -+.TP -+.PD -+.B \-h \fIhash\fP -+Selects the \fIhash\fP algorithm (see -+.SM -+.B HASH -+) -+.TP -+.PD -+.B \-i \fIregex\fP -+Specifies a regular expression for input files. -+.TP -+.PD -+.B \-l \fIlevel\fP -+Number of preceding subdirectories to strip from file entries -+.TP -+.PD -+.B \-p \fIloader\fP -+Location of PHP_Archive class file (pear list-files -+PHP_Archive).You can use '0' or '1' to locate it -+automatically using the mentioned pear command. When -+using '0' the command does not error out when the class -+file cannot be located. This switch also adds some code -+around the stub so that class PHP_Archive gets -+registered as phar:// stream wrapper if necessary. And -+finally this switch will add the file phar.inc from -+this package and load it to ensure class Phar is -+present. -+.TP -+.PD -+.B \-s \fIstub\fP -+Select the \fIstub\fP file. -+.TP -+.PD -+.B \-x \fIregex\fP -+Regular expression for input files to exclude. -+.TP -+.PD -+.B \-y \fIkey\fP -+Private \fIkey\fP for OpenSSL signing. -+ -+.SH sign command -+Set signature hash algorithm. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.TP -+.PD -+.B \-h \fIhash\fP -+Selects the \fIhash\fP algorithm (see -+.SM -+.B HASH -+) -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B \-y \fIkey\fP -+Private \fIkey\fP for OpenSSL signing. -+ -+.SH stub-get command -+Get the stub of a PHAR file. If no output file is specified as stub then stdout -+is being used. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B \-s \fIstub\fP -+Select the \fIstub\fP file. -+ -+.SH stub-set command -+Set the stub of a PHAR file. If no input file is specified as stub then stdin -+is being used. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B \-b \fIbang\fP -+Hash-bang line to start the archive (e.g. #!/usr/bin/php). -+The hash mark itself '#!' and the newline character are optional. -+.TP -+.PD -+.B \-p \fIloader\fP -+Location of PHP_Archive class file (pear list-files -+PHP_Archive).You can use '0' or '1' to locate it -+automatically using the mentioned pear command. When -+using '0' the command does not error out when the class -+file cannot be located. This switch also adds some code -+around the stub so that class PHP_Archive gets -+registered as phar:// stream wrapper if necessary. And -+finally this switch will add the file phar.inc from -+this package and load it to ensure class Phar is -+present. -+.TP -+.PD -+.B \-s \fIstub\fP -+Select the \fIstub\fP file. -+ -+ -+.SH tree command -+Get a directory tree for a PHAR archive. -+.P -+Required arguments: -+.TP 15 -+.PD -+.B -f \fIfile\fP -+Specifies the phar \fIfile\fP to work on. -+.P -+Optional arguments: -+.TP 15 -+.PD -+.B \-i \fIregex\fP -+Specifies a regular expression for input files. -+.TP -+.PD -+.B \-x \fIregex\fP -+Regular expression for input files to exclude. -+ -+.SH version command -+Get information about the PHAR environment and the tool version. -+ -+ -+.SH COMPRESSION -+Algorithms: -+.TP 15 -+.PD -+.B 0 -+No compression -+.TP -+.PD -+.B none -+No compression -+.TP -+.PD -+.B auto -+Automatically select compression algorithm -+.TP -+.PD -+.B gz -+GZip compression -+.TP -+.PD -+.B gzip -+GZip compression -+.TP -+.PD -+.B bz2 -+BZip2 compression -+.TP -+.PD -+.B bzip2 -+BZip2 compression -+ -+.SH HASH -+Algorithms: -+.TP 15 -+.PD -+.TP -+.PD -+.B md5 -+MD5 -+.TP -+.PD -+.B sha1 -+SHA1 -+.TP -+.PD -+.B sha256 -+SHA256 -+.TP -+.PD -+.B sha512 -+SHA512 -+.TP -+.PD -+.B openssl -+OpenSSL -+ -+.SH SEE ALSO -+For a more or less complete description of PHAR look here: -+.PD 0 -+.P -+.B http://php.net/phar -+.PD 1 -+.P -+.SH BUGS -+You can view the list of known bugs or report any new bug you -+found at: -+.PD 0 -+.P -+.B http://bugs.php.net -+.PD 1 -+.SH AUTHORS -+The PHP Group: Thies C. Arntzen, Stig Bakken, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, Andrei Zmievski. -+.P -+Work for the PHP archive was done by Gregory Beaver, Marcus Boerger. -+.P -+A List of active developers can be found here: -+.PD 0 -+.P -+.B http://www.php.net/credits.php -+.PD 1 -+.P -+And last but not least PHP was developed with the help of a huge amount of -+contributors all around the world. -+.SH VERSION INFORMATION -+This manpage describes \fBphar\fP, version @PHP_VERSION@. -+.SH COPYRIGHT -+Copyright \(co 1997\-2013 The PHP Group -+.LP -+This source file is subject to version 3.01 of the PHP license, -+that is bundled with this package in the file LICENSE, and is -+available through the world-wide-web at the following url: -+.PD 0 -+.P -+.B http://www.php.net/license/3_01.txt -+.PD 1 -+.P -+If you did not receive a copy of the PHP license and are unable to -+obtain it through the world-wide-web, please send a note to -+.B license@php.net -+so we can mail you a copy immediately. -diff --git a/ext/phar/phar.phar.1.in b/ext/phar/phar.phar.1.in -new file mode 100644 -index 0000000..b5eecbf ---- /dev/null -+++ b/ext/phar/phar.phar.1.in -@@ -0,0 +1 @@ -+.so man1/phar.1 --- -1.7.11.5 - ->From 67817a199ca4c8bcff163cb005287c0087db6bf3 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Tue, 2 Jul 2013 12:19:09 +0200 -Subject: [PATCH] fix typo in php man page - ---- - sapi/cli/php.1.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sapi/cli/php.1.in b/sapi/cli/php.1.in -index 6f0266d..749baa8 100644 ---- a/sapi/cli/php.1.in -+++ b/sapi/cli/php.1.in -@@ -2,7 +2,7 @@ - .SH NAME - php \- PHP Command Line Interface 'CLI' - .P --php-cgi \- PHP Command Gateway Interface 'CGI' -+php-cgi \- PHP Common Gateway Interface 'CGI' command - .SH SYNOPSIS - .B php - [options] [ --- -1.7.11.5 - diff --git a/php-5.4.18-bison.patch b/php-5.4.18-bison.patch new file mode 100644 index 0000000..dd2481d --- /dev/null +++ b/php-5.4.18-bison.patch @@ -0,0 +1,29 @@ +diff --git a/Zend/zend_language_parser.y b/Zend/zend_language_parser.y +index ccbc9b1..6a9a24a 100644 +--- a/Zend/zend_language_parser.y ++++ b/Zend/zend_language_parser.y +@@ -41,17 +41,19 @@ static YYSIZE_T zend_yytnamerr(char*, const char*); + + #define YYERROR_VERBOSE + #define YYSTYPE znode +-#ifdef ZTS +-# define YYPARSE_PARAM tsrm_ls +-# define YYLEX_PARAM tsrm_ls +-#endif +- + + %} + + %pure_parser + %expect 3 + ++%code requires { ++#ifdef ZTS ++# define YYPARSE_PARAM tsrm_ls ++# define YYLEX_PARAM tsrm_ls ++#endif ++} ++ + %token END 0 "end of file" + %left T_INCLUDE T_INCLUDE_ONCE T_EVAL T_REQUIRE T_REQUIRE_ONCE + %token T_INCLUDE "include (T_INCLUDE)" diff --git a/php54.spec b/php54.spec index e2de3ac..d32a548 100644 --- a/php54.spec +++ b/php54.spec @@ -17,7 +17,7 @@ %ifarch ppc ppc64 %global oraclever 10.2.0.2 %else -%global oraclever 11.2 +%global oraclever 12.1 %endif # Regression tests take a long time, you can skip 'em with this @@ -75,11 +75,11 @@ Summary: PHP scripting language for creating dynamic web sites Name: php -Version: 5.4.17 +Version: 5.4.18 %if 0%{?snapdate:1}%{?rcver:1} Release: 0.5.%{?snapdate}%{?rcver}%{?dist} %else -Release: 2%{?dist} +Release: 1%{?dist} %endif # All files licensed under PHP version 3.01, except # Zend is licensed under Zend @@ -109,13 +109,12 @@ Patch5: php-5.2.0-includedir.patch Patch6: php-5.2.4-embed.patch Patch7: php-5.3.0-recode.patch Patch8: php-5.4.7-libdb.patch +# Patch for https://bugs.php.net/65460 +Patch9: php-5.4.18-bison.patch # Fixes for extension modules # https://bugs.php.net/63171 no odbc call during timeout Patch21: php-5.4.7-odbctimer.patch -# https://bugs.php.net/65143 php-cgi man page -# https://bugs.php.net/65142 phar man page -Patch22: php-5.4.17-man.patch # Functional changes Patch40: php-5.4.0-dlopen.patch @@ -133,7 +132,6 @@ Patch46: php-5.4.9-fixheader.patch Patch47: php-5.4.9-phpinfo.patch # Security fixes -Patch60: php-5.4.17-CVE-2013-4013.patch # Fixes for tests @@ -161,6 +159,8 @@ BuildRequires: libtool-ltdl-devel %if %{with_libzip} BuildRequires: libzip-devel >= 0.10 %endif +# Temporary for need for https://bugs.php.net/65460 +BuildRequires: bison Obsoletes: php53, php53u, php54 Provides: php-zts = %{version}-%{release} @@ -770,9 +770,12 @@ httpd -V | grep -q 'threaded:.*yes' && exit 1 %patch7 -p1 -b .recode %patch8 -p1 -b .libdb rm -f ext/json/utf8_to_utf16.* +%if 0%{?fedora} > 10 || 0%{?rhel} > 5 +# bison >= 2.4 +%patch9 -p1 -b .bison +%endif %patch21 -p1 -b .odbctimer -%patch22 -p1 -b .manpages %patch40 -p1 -b .dlopen %patch41 -p1 -b .easter @@ -789,10 +792,13 @@ rm -f ext/json/utf8_to_utf16.* %patch46 -p1 -b .fixheader %patch47 -p1 -b .phpinfo -%patch60 -p1 -b .cve4113 - %patch91 -p1 -b .remi-oci8 +# Temporary workaround for https://bugs.php.net/65460 +# Regenerated bison files +rm Zend/zend_{language,ini}_parser.[ch] +./genfiles + # Prevent %%doc confusion over LICENSE files cp Zend/LICENSE Zend/ZEND_LICENSE @@ -1635,6 +1641,10 @@ fi %changelog +* Mon Aug 19 2013 Remi Collet 5.4.18-1 +- update to 5.4.18, fix for CVE-2013-4248 +- php-oci8 build with oracle instantclient 12.1 + * Fri Jul 12 2013 Remi Collet - 5.4.17-2 - add security fix for CVE-2013-4113 - add missing ASL 1.0 license -- cgit