Changes - j0ke.net Open Build Service

Changes of Revision 2

[-] [+]	Changed	php5.spec
@@ -1,5 +1,5 @@ # -# spec file for package php5 (Version 5.2.14) +# spec file for package php5 (Version 5.2.15) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -149,7 +149,7 @@ #define builtin_tz_ver 2007.9 ### ### -Version: 5.2.14 +Version: 5.2.15 Summary: PHP5 Core Files Release: 10 License: The PHP License, version 3.01 @@ -1634,7 +1634,7 @@ # fix deadlock %{__cp} %{S:5} %{buildroot}/%{peardir}/PEAR # reminder: Will be removed when upstream fixes deadlock in pear -test %version = 5.2.14 +test %version = 5.2.15 # for pear XML files %{__install} -d -m 0755 %{buildroot}/var/lib/pear # provide compat symlink
	Renamed	suhosin-patch-5.2.15-0.9.7.patch.gz ^
[-] [+]	Changed	php-5.2.15.tar.bz2/LICENSE ^
@@ -1,6 +1,6 @@ -------------------------------------------------------------------- The PHP License, version 3.01 -Copyright (c) 1999 - 2006 The PHP Group. All rights reserved. +Copyright (c) 1999 - 2010 The PHP Group. All rights reserved. -------------------------------------------------------------------- Redistribution and use in source and binary forms, with or without
[-] [+]	Changed	php-5.2.15.tar.bz2/NEWS ^
@@ -1,5 +1,37 @@ -PHP NEWS +PHP NEWS \|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\| +09 Dec 2010, PHP 5.2.15 +- Fixed extract() to do not overwrite $GLOBALS and $this when using + EXTR_OVERWRITE. (jorto at redhat dot com) +- Fixed crash in zip extract method (possible CWE-170). + (Maksymilian Arciemowicz, Pierre) +- Fixed a possible double free in imap extension (Identified by Mateusz + Kocielski). (CVE-2010-4150). (Ilia) +- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre) +- Fixed possible crash in mssql_fetch_batch(). (Kalle) +- Fixed NULL pointer dereference in ZipArchive::getArchiveComment. + (CVE-2010-3709). (Maksymilian Arciemowicz) + +- Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre) +- Fixed bug #53323 (pdo_firebird getAttribute() crash). + (preeves at ibphoenix dot com) +- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with + large amount of data). (CVE-2010-3709). (Adam) +- Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset + can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry) +- Fixed bug #52772 (var_dump() doesn't check for the existence of + get_class_name before calling it). (Kalle, Gustavo) +- Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). + (Felipe, Adam) +- Fixed bug #52436 (Compile error if systems do not have stdint.h) + (Sriram Natarajan) +- Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle) +- Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry) +- Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). + (Felipe) +- Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy + with SoapClient object). (Dmitry) + 22 Jul 2010, PHP 5.2.14 - Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe) @@ -28,6 +60,8 @@ PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) +- Fixed bug #52944 (Invalid write on second and subsequent reads with an + inflate filter fed invalid data). (Gustavo) - Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). @@ -113,6 +147,8 @@ include file and line in trace). (Felipe) - Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) +- Fixed bug #49687 (utf8_decode vulnerabilities and deficiencies in the number + of reported malformed sequences). (CVE-2010-3870) (Gustavo) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh)
[-] [+]	Added	php-5.2.15.tar.bz2/Zend/tests/bug52879.phpt ^
@@ -0,0 +1,16 @@ +--TEST-- +Bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early) +--FILE-- +<?php +class MyClass { + public $myRef; + public function __set($property,$value) { + $this->myRef = $value; + } +} +$myGlobal=new MyClass($myGlobal); +$myGlobal->myRef=&$myGlobal; +$myGlobal->myNonExistentProperty="ok\n"; +echo $myGlobal; +--EXPECT-- +ok
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/tests/declare_001.phpt ^
@@ -1,5 +1,11 @@ --TEST-- Testing declare statement with several type values +--SKIPIF-- +<?php +if (in_array("detect_unicode", array_keys(ini_get_all()))) { + die("skip"); +} +?> --FILE-- <?php
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_API.c ^
@@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_API.c 293155 2010-01-05 20:46:53Z sebastian $ / +/ $Id: zend_API.c 302150 2010-08-12 17:27:16Z sas $ / #include "zend.h" #include "zend_execute.h" @@ -952,7 +952,7 @@ } else { ALLOC_HASHTABLE_REL(object->properties); zend_hash_init(object->properties, zend_hash_num_elements(&class_type->default_properties), NULL, ZVAL_PTR_DTOR, 0); - zend_hash_copy(object->properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void ) &tmp, sizeof(zval )); + zend_hash_copy(object->properties, &class_type->default_properties, zval_copy_property_ctor(class_type), (void ) &tmp, sizeof(zval *)); } } else { Z_OBJVAL_P(arg) = class_type->create_object(class_type TSRMLS_CC);
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_compile.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_compile.c 300817 2010-06-28 16:37:57Z felipe $ / +/ $Id: zend_compile.c 302150 2010-08-12 17:27:16Z sas $ / #include <zend_language_parser.h> #include "zend.h" @@ -2298,6 +2298,9 @@ return ZEND_HASH_APPLY_KEEP; } +#define zval_property_ctor(parent_ce, ce) \ + ((copy_ctor_func_t) (((parent_ce)->type != (ce)->type) ? zval_shared_property_ctor : zval_add_ref)) + ZEND_API void zend_do_inheritance(zend_class_entry ce, zend_class_entry parent_ce TSRMLS_DC) { if ((ce->ce_flags & ZEND_ACC_INTERFACE) @@ -2313,7 +2316,7 @@ zend_do_inherit_interfaces(ce, parent_ce TSRMLS_CC); / Inherit properties / - zend_hash_merge(&ce->default_properties, &parent_ce->default_properties, (void ()(void )) zval_add_ref, NULL, sizeof(zval ), 0); + zend_hash_merge(&ce->default_properties, &parent_ce->default_properties, zval_property_ctor(parent_ce, ce), NULL, sizeof(zval ), 0); if (parent_ce->type != ce->type) { / User class extends internal class / zend_update_class_constants(parent_ce TSRMLS_CC); @@ -2323,7 +2326,7 @@ } zend_hash_merge_ex(&ce->properties_info, &parent_ce->properties_info, (copy_ctor_func_t) (ce->type & ZEND_INTERNAL_CLASS ? zend_duplicate_property_info_internal : zend_duplicate_property_info), sizeof(zend_property_info), (merge_checker_func_t) do_inherit_property_access_check, ce); - zend_hash_merge(&ce->constants_table, &parent_ce->constants_table, (void ()(void )) zval_add_ref, NULL, sizeof(zval ), 0); + zend_hash_merge(&ce->constants_table, &parent_ce->constants_table, zval_property_ctor(parent_ce, ce), NULL, sizeof(zval *), 0); zend_hash_merge_ex(&ce->function_table, &parent_ce->function_table, (copy_ctor_func_t) do_inherit_method, sizeof(zend_function), (merge_checker_func_t) do_inherit_method_check, ce); do_inherit_parent_constructor(ce);
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_exceptions.c ^
@@ -19,7 +19,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_exceptions.c 293155 2010-01-05 20:46:53Z sebastian $ / +/ $Id: zend_exceptions.c 302150 2010-08-12 17:27:16Z sas $ / #include "zend.h" #include "zend_API.h" @@ -84,7 +84,7 @@ ALLOC_HASHTABLE(object->properties); zend_hash_init(object->properties, 0, NULL, ZVAL_PTR_DTOR, 0); - zend_hash_copy(object->properties, &class_type->default_properties, (copy_ctor_func_t) zval_add_ref, (void ) &tmp, sizeof(zval )); + zend_hash_copy(object->properties, &class_type->default_properties, zval_copy_property_ctor(class_type), (void ) &tmp, sizeof(zval *)); ALLOC_ZVAL(trace); trace->is_ref = 0;
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_hash.h ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_hash.h 293155 2010-01-05 20:46:53Z sebastian $ / +/ $Id: zend_hash.h 304083 2010-10-05 11:28:56Z dmitry $ / #ifndef ZEND_HASH_H #define ZEND_HASH_H @@ -306,7 +306,7 @@ } \ if (tmp >= '0' && tmp <= '9') { / possibly a numeric index / \ const char end = key + length - 1; \ - long idx; \ + ulong idx; \ \ if ((end != '\0') / not a null terminated string / \ \|\| (tmp == '0' && length > 2) /* numbers with leading zeros / \ @@ -322,11 +322,11 @@ } \ if (tmp == end) { \ if (key == '-') { \ - idx = -idx; \ - if (idx > 0) { /* overflow / \ + if (idx-1 > LONG_MAX) { / overflow / \ break; \ } \ - } else if (idx < 0) { / overflow / \ + idx = (ulong)(-(long)idx); \ + } else if (idx > LONG_MAX) { / overflow */ \ break; \ } \ return func; \
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_object_handlers.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_object_handlers.c 293155 2010-01-05 20:46:53Z sebastian $ / +/ $Id: zend_object_handlers.c 303913 2010-10-01 09:49:20Z dmitry $ / #include "zend.h" #include "zend_globals.h" @@ -329,6 +329,9 @@ !guard->in_get) { / have getter - try with it! / ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { + SEPARATE_ZVAL(&object); + } guard->in_get = 1; / prevent circular getting / rv = zend_std_call_getter(object, member TSRMLS_CC); guard->in_get = 0; @@ -418,22 +421,22 @@ } } } else { - int setter_done = 0; zend_guard guard; if (zobj->ce->__set && zend_get_property_guard(zobj, property_info, member, &guard) == SUCCESS && !guard->in_set) { ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { + SEPARATE_ZVAL(&object); + } guard->in_set = 1; /* prevent circular setting / if (zend_std_call_setter(object, member, value TSRMLS_CC) != SUCCESS) { / for now, just ignore it - __set should take care of warnings, etc. / } - setter_done = 1; guard->in_set = 0; zval_ptr_dtor(&object); - } - if (!setter_done && property_info) { + } else if (property_info) { zval foo; / if we assign referenced variable, we should separate it / @@ -611,6 +614,9 @@ !guard->in_unset) { / have unseter - try with it! / ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { + SEPARATE_ZVAL(&object); + } guard->in_unset = 1; / prevent circular unsetting / zend_std_call_unsetter(object, member TSRMLS_CC); guard->in_unset = 0; @@ -1042,6 +1048,9 @@ / have issetter - try with it! / ZVAL_ADDREF(object); + if (PZVAL_IS_REF(object)) { + SEPARATE_ZVAL(&object); + } guard->in_isset = 1; / prevent circular getting */ rv = zend_std_call_issetter(object, member TSRMLS_CC); if (rv) {
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_objects.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_objects.c 293155 2010-01-05 20:46:53Z sebastian $ / +/ $Id: zend_objects.c 302150 2010-08-12 17:27:16Z sas $ / #include "zend.h" #include "zend_globals.h" @@ -156,7 +156,7 @@ (p)->value.obj = Z_OBJ_HT_PP(p)->clone_obj(orig TSRMLS_CC); } } else { - (p)->refcount++; + zval_shared_property_ctor(p); } } @@ -165,7 +165,7 @@ if (EG(ze1_compatibility_mode)) { zend_hash_copy(new_object->properties, old_object->properties, (copy_ctor_func_t) zval_add_ref_or_clone, (void ) NULL /* Not used anymore /, sizeof(zval )); } else { - zend_hash_copy(new_object->properties, old_object->properties, (copy_ctor_func_t) zval_add_ref, (void ) NULL / Not used anymore /, sizeof(zval )); + zend_hash_copy(new_object->properties, old_object->properties, zval_copy_property_ctor(old_object->ce), (void ) NULL / Not used anymore /, sizeof(zval )); } if (old_object->ce->clone) { zval *new_obj;
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_variables.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_variables.c 293155 2010-01-05 20:46:53Z sebastian $ / +/ $Id: zend_variables.c 302150 2010-08-12 17:27:16Z sas $ / #include <stdio.h> #include "zend.h" @@ -150,6 +150,18 @@ } / }}} / +ZEND_API void zval_property_ctor(zval p) / {{{ / +{ + zval orig_ptr = p; + + ALLOC_ZVAL(p); + *p = orig_ptr; + zval_copy_ctor(p); + (p)->refcount = 1; + (p)->is_ref = 0; +} +/ }}} / + #if ZEND_DEBUG ZEND_API void _zval_copy_ctor_wrapper(zval zvalue) /* {{{ */ {
[-] [+]	Changed	php-5.2.15.tar.bz2/Zend/zend_variables.h ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zend_variables.h 293155 2010-01-05 20:46:53Z sebastian $ / +/ $Id: zend_variables.h 302150 2010-08-12 17:27:16Z sas $ / #ifndef ZEND_VARIABLES_H #define ZEND_VARIABLES_H @@ -77,6 +77,17 @@ ZEND_API void zval_add_ref(zval p); +ZEND_API void zval_property_ctor(zval ); + +#ifdef ZTS +# define zval_shared_property_ctor zval_property_ctor +#else +# define zval_shared_property_ctor zval_add_ref +#endif + +#define zval_copy_property_ctor(ce) ((copy_ctor_func_t) (((ce)->type == ZEND_INTERNAL_CLASS) ? zval_shared_property_ctor : zval_add_ref)) + + END_EXTERN_C() #define ZVAL_DESTRUCTOR (void ()(void *)) zval_dtor_wrapper
[-] [+]	Changed	php-5.2.15.tar.bz2/configure ^
@@ -2164,7 +2164,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=14 +PHP_RELEASE_VERSION=15 PHP_EXTRA_VERSION="" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr $PHP_MAJOR_VERSION \* 10000 + $PHP_MINOR_VERSION \* 100 + $PHP_RELEASE_VERSION`
[-] [+]	Changed	php-5.2.15.tar.bz2/configure.in ^
@@ -1,4 +1,4 @@ -## $Id: configure.in 301437 2010-07-21 10:32:07Z johannes $ -- autoconf -- +## $Id: configure.in 306138 2010-12-09 19:35:13Z iliaa $ -- autoconf -- dnl ## Process this file with autoconf to produce a configure script. divert(1) @@ -41,7 +41,7 @@ PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=2 -PHP_RELEASE_VERSION=14 +PHP_RELEASE_VERSION=15 PHP_EXTRA_VERSION="" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/curl/tests/curl_multi_getcontent_basic3.phpt ^
@@ -17,7 +17,7 @@ //SET URL AND OTHER OPTIONS curl_setopt($ch1, CURLOPT_URL, "http://php.net/robots.txt"); - curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata2.txt"); + curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata2.txt"); curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true); @@ -55,5 +55,10 @@ Disallow: /search.php Disallow: /mod.php Disallow: /manual/add-note.php + +Disallow: /harming/humans +Disallow: /ignoring/human/orders +Disallow: /harm/to/self + CURL2
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/curl/tests/curl_multi_getcontent_error1.phpt ^
@@ -16,8 +16,8 @@ $ch2=curl_init(); //SET URL AND OTHER OPTIONS - curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata1.txt"); - curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata2.txt"); + curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata1.txt"); + curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata2.txt"); curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/curl/tests/curl_multi_getcontent_error2.phpt ^
@@ -16,8 +16,8 @@ $ch2=curl_init(); //SET URL AND OTHER OPTIONS - curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata1.txt"); - curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata2.txt"); + curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata1.txt"); + curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata2.txt"); curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/curl/tests/curl_multi_getcontent_error3.phpt ^
@@ -16,8 +16,8 @@ $ch2=curl_init(); //SET URL AND OTHER OPTIONS - curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata1.txt"); - curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata2.txt"); + curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata1.txt"); + curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata2.txt"); curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/curl/tests/curl_multi_getcontent_error4.phpt ^
@@ -16,8 +16,8 @@ $ch2=curl_init(); //SET URL AND OTHER OPTIONS - curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata1.txt"); - curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__)."/curl_testdata2.txt"); + curl_setopt($ch1, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata1.txt"); + curl_setopt($ch2, CURLOPT_URL, "file://".dirname(__FILE__). DIRECTORY_SEPARATOR . "curl_testdata2.txt"); curl_setopt($ch1, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch2, CURLOPT_RETURNTRANSFER, true);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/filter/logical_filters.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: logical_filters.c 297353 2010-04-02 18:27:48Z rasmus $ / +/ $Id: logical_filters.c 303885 2010-09-30 02:35:37Z aharvey $ / #include "php_filter.h" #include "filter_private.h" @@ -531,6 +531,11 @@ int matches; + / The maximum length of an e-mail address is 320 octets, per RFC 2821. / + if (Z_STRLEN_P(value) > 320) { + RETURN_VALIDATION_FAILED + } + re = pcre_get_compiled_regex((char )regexp, &pcre_extra, &preg_options TSRMLS_CC); if (!re) { RETURN_VALIDATION_FAILED
[-] [+]	Added	php-5.2.15.tar.bz2/ext/filter/tests/bug52929.phpt ^
@@ -0,0 +1,18 @@ +--TEST-- +Bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) +--SKIPIF-- +<?php if (!extension_loaded("filter")) die("skip"); ?> +--FILE-- +<?php +var_dump(filter_var('valid@email.address', FILTER_VALIDATE_EMAIL)); + +// Beyond the allowable limit for an e-mail address. +var_dump(filter_var('xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.zz', FILTER_VALIDATE_EMAIL)); + +// An invalid address likely to crash PHP due to stack exhaustion if it goes to +// the validation regex. +var_dump(filter_var(str_repeat('x', 8000), FILTER_VALIDATE_EMAIL)); +--EXPECT-- +string(19) "valid@email.address" +bool(false) +bool(false)
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/gd/gd.c ^
@@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ / -/ $Id: gd.c 293588 2010-01-15 17:09:14Z tabe $ / +/ $Id: gd.c 306097 2010-12-08 22:30:12Z iliaa $ / / gd 1.2 is copyright 1994, 1995, Quest Protein Database Center, Cold Spring Harbor Labs. / @@ -4593,6 +4593,11 @@ return; } + if (aa_steps != 4 \|\| aa_steps != 16) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "AA steps must be 4 or 16"); + RETURN_FALSE; + } + ZEND_FETCH_RESOURCE(bg_img, gdImagePtr, &img, -1, "Image", le_gd); ZEND_FETCH_RESOURCE(f_ind, int , &fnt, -1, "Type 1 font", le_ps_font);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/iconv/tests/iconv_stream_filter_delimiter.phpt ^
@@ -41,12 +41,12 @@ string(10) "69636f6e76" string(2) "0a" -Warning: stream_filter_append(): unable to create or locate filter "convert.iconv.ISO-2022-JP.EUC-JP" in %s/iconv_stream_filter_delimiter.php on line %d +Warning: stream_filter_append(): unable to create or locate filter "convert.iconv.ISO-2022-JP.EUC-JP" in %siconv_stream_filter_delimiter.php on line %d string(20) "1b244224332473244b24" string(10) "41244f1b28" string(2) "42" -Warning: stream_filter_append(): unable to create or locate filter "convert.iconv.ISO-2022-JP\0EUC-JP" in %s/iconv_stream_filter_delimiter.php on line %d +Warning: stream_filter_append(): unable to create or locate filter "convert.iconv.ISO-2022-JP\0EUC-JP" in %siconv_stream_filter_delimiter.php on line %d string(20) "1b244224332473244b24" string(10) "41244f1b28" string(2) "42"
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/imap/php_imap.c ^
@@ -26,7 +26,7 @@ \| PHP 4.0 updates: Zeev Suraski <zeev@zend.com> \| +----------------------------------------------------------------------+ / -/ $Id: php_imap.c 294699 2010-02-07 13:06:54Z pajoye $ / +/ $Id: php_imap.c 305032 2010-11-02 17:50:39Z iliaa $ / #define IMAP41 @@ -794,10 +794,12 @@ if (IMAPG(imap_user)) { efree(IMAPG(imap_user)); + IMAPG(imap_user) = 0; } if (IMAPG(imap_password)) { efree(IMAPG(imap_password)); + IMAPG(imap_password) = 0; } / local filename, need to perform open_basedir and safe_mode checks */
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/mbstring/tests/bug43301.phpt ^
@@ -14,7 +14,7 @@ echo mb_ereg_replace($ptr,'$1',$txt,'e'); ?> --EXPECTF-- -Parse error: syntax error, unexpected T_LNUMBER, expecting T_VARIABLE or '$' in %s/bug43301.php(%d) : mbregex replace on line 1 +Parse error: syntax error, unexpected T_LNUMBER, expecting T_VARIABLE or '$' in %sbug43301.php(%d) : mbregex replace on line 1 Fatal error: mb_ereg_replace(): Failed evaluating code: -$1 in %s/bug43301.php on line %d +$1 in %sbug43301.php on line %d
[-] [+]	Added	php-5.2.15.tar.bz2/ext/mbstring/tests/mb_strcut_missing_boundary_check.phpt ^
@@ -0,0 +1,31 @@ +--TEST-- +mb_strcut() missing boundary check. +--SKIPIF-- +<?php +extension_loaded('mbstring') or die('skip'); +function_exists('mb_convert_encoding') or die("skip mb_convert_encoding() is not available in this build"); +?> +--FILE-- +<?php +mb_internal_encoding("UCS-4LE"); +var_dump(bin2hex(mb_strcut("\x61\x00\x00\x00\x62\x00\x00\x00\x63\x00\x00\x00", 0, 32))); +mb_internal_encoding("UCS-4BE"); +var_dump(bin2hex(mb_strcut("\x00\x00\x00\x61\x00\x00\x00\x62\x00\x00\x00\x63", 0, 32))); +mb_internal_encoding("UCS-2LE"); +var_dump(bin2hex(mb_strcut("\x61\x00\x62\x00\x63\x00", 0, 32))); +mb_internal_encoding("UCS-2BE"); +var_dump(bin2hex(mb_strcut("\x00\x61\x00\x62\x00\x63", 0, 32))); +mb_internal_encoding("UTF-16"); +var_dump(bin2hex(mb_strcut("\x00\x61\x00\x62\x00\x63", 0, 32))); +mb_internal_encoding("UTF-8"); +var_dump(bin2hex(mb_strcut("abc", 0, 32))); +mb_internal_encoding("ISO-8859-1"); +var_dump(bin2hex(mb_strcut("abc", 0, 32))); +--EXPECT-- +string(24) "610000006200000063000000" +string(24) "000000610000006200000063" +string(12) "610062006300" +string(12) "006100620063" +string(12) "006100620063" +string(6) "616263" +string(6) "616263"
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/mssql/php_mssql.c ^
@@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ / -/ $Id: php_mssql.c 298255 2010-04-21 14:19:27Z felipe $ / +/ $Id: php_mssql.c 302457 2010-08-18 20:16:05Z kalle $ / #ifdef COMPILE_DL_MSSQL #define HAVE_MSSQL 1 @@ -979,6 +979,14 @@ unsigned char res_buf; int res_length = dbdatlen(mssql_ptr->link, offset); + if (res_length == 0) { + ZVAL_NULL(result); + return; + } else if (res_length < 0) { + ZVAL_FALSE(result); + return; + } + res_buf = (unsigned char ) emalloc(res_length+1); bin = ((DBBINARY )dbdata(mssql_ptr->link, offset)); memcpy(res_buf, bin, res_length);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/mysql/php_mysql.c ^
@@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ / -/ $Id: php_mysql.c 293036 2010-01-03 09:23:27Z sebastian $ / +/ $Id: php_mysql.c 302613 2010-08-21 16:19:30Z kalle $ / / TODO: *
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/mysqli/mysqli.c ^
@@ -15,7 +15,7 @@ \| Author: Georg Richter <georg@php.net> \| +----------------------------------------------------------------------+ - $Id: mysqli.c 293039 2010-01-03 16:59:33Z pierrick $ + $Id: mysqli.c 302181 2010-08-13 10:43:15Z kalle $ */ #ifdef HAVE_CONFIG_H @@ -695,6 +695,7 @@ #endif MyG(error_msg) = NULL; MyG(error_no) = 0; + MyG(report_mode) = 0; return SUCCESS; }
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pcre/pcrelib/config.h ^
@@ -1,5 +1,10 @@ #include <php_compat.h> + +#ifndef PHP_WIN32 +#include <php_config.h> +#endif + #undef PACKAGE_NAME #undef PACKAGE_VERSION #undef PACKAGE_TARNAME @@ -8,6 +13,8 @@ #define SUPPORT_UCP #define SUPPORT_UTF8 +/* Exclude these below definitions when building within PHP / +#ifndef ZEND_API / config.h. Generated from config.h.in by configure. / / config.h.in. Generated from configure.ac by autoheader. / @@ -179,6 +186,9 @@ / Define to 1 if you have `_strtoi64'. / / #undef HAVE__STRTOI64 / +/ Exclude these above definitions when building within PHP / +#endif + / The value of LINK_SIZE determines the number of bytes used to store links as offsets within the compiled regex. The default is 2, which allows for compiled patterns up to 64K long. This covers the vast majority of cases.
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo/tests/bug_38253.phpt ^
@@ -24,7 +24,13 @@ $pdo = PDOTest::factory(); -$pdo->exec ("create table test2 (id integer primary key, n text)"); +if ($pdo->getAttribute(PDO::ATTR_DRIVER_NAME) == 'oci') { + $type = "clob"; +} else{ + $type = "text"; +} + +$pdo->exec ("create table test2 (id integer primary key, n $type)"); $pdo->exec ("INSERT INTO test2 (id, n) VALUES (1,'hi')"); $pdo->setAttribute (PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_FUNC);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo/tests/bug_43139.phpt ^
@@ -17,7 +17,12 @@ $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); -var_dump($db->query('select 0 as abc, 1 as xyz, 2 as def')->fetchAll(PDO::FETCH_GROUP)); +$from = ''; +if ($db->getAttribute(PDO::ATTR_DRIVER_NAME) == 'oci') { + $from = 'from dual'; +} + +var_dump($db->query("select 0 as abc, 1 as xyz, 2 as def $from")->fetchAll(PDO::FETCH_GROUP)); ?> --EXPECT-- array(1) {
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo/tests/pdo_018.phpt ^
@@ -127,7 +127,13 @@ unset($stmt); echo "===DATA===\n"; -var_dump($db->query('SELECT test.val FROM test')->fetchAll(PDO::FETCH_COLUMN)); +$res = $db->query('SELECT test.val FROM test')->fetchAll(PDO::FETCH_COLUMN); + +// For Oracle map NULL to empty string so the test doesn't diff +if ($db->getAttribute(PDO::ATTR_DRIVER_NAME) == 'oci' && $res[0] === null) { + $res[0] = ""; +} +var_dump($res); echo "===FAILURE===\n"; try
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo/tests/pdo_021.phpt ^
@@ -41,8 +41,6 @@ $num = $select->fetchColumn(); echo 'There are ' . $num . " rows in the table.\n"; -$select->closeCursor(); - // Insert using named parameters $stmt2 = $db->prepare("INSERT INTO test VALUES(:first, :second, :third)"); foreach ($data as $row) {
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo/tests/pdo_034.phpt ^
@@ -44,9 +44,9 @@ string(1) "4" } -Warning: PDOStatement::fetch(): SQLSTATE[HY000]: General error: PDO::FETCH_KEY_PAIR fetch mode requires the result set to contain extactly 2 columns. in %s/pdo_034.php on line %d +Warning: PDOStatement::fetch(): SQLSTATE[HY000]: General error: PDO::FETCH_KEY_PAIR fetch mode requires the result set to contain extactly 2 columns. in %spdo_034.php on line %d -Warning: PDOStatement::fetch(): SQLSTATE[HY000]: General error%s/pdo_034.php on line %d +Warning: PDOStatement::fetch(): SQLSTATE[HY000]: General error%spdo_034.php on line %d bool(false) array(5) { ["test0"]=>
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo_dblib/dblib_stmt.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: dblib_stmt.c 295958 2010-03-08 12:39:44Z iliaa $ / +/ $Id: dblib_stmt.c 302745 2010-08-24 16:58:16Z aharvey $ */ #ifdef HAVE_CONFIG_H # include "config.h" @@ -170,8 +170,8 @@ case SQLMONEY4: case SQLMONEYN: { DBFLT8 money_value; - dbconvert(NULL, S->cols[i].coltype, dbdata(H->link, i+1), dbdatlen(H->link, i+1), SQLFLT8, (LPBYTE)&money_value, val->len); - val->len = spprintf(val->data, 0, "%.4f", money_value); + dbconvert(NULL, S->cols[i].coltype, dbdata(H->link, i+1), dbdatlen(H->link, i+1), SQLFLT8, (LPBYTE)&money_value, 8); + val->len = spprintf(&val->data, 0, "%.4f", money_value); } break; default:
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo_firebird/firebird_driver.c ^
@@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ / -/ $Id: firebird_driver.c 300637 2010-06-21 21:38:35Z felipe $ / +/ $Id: firebird_driver.c 305459 2010-11-17 14:15:57Z felipe $ / #ifdef HAVE_CONFIG_H #include "config.h" @@ -508,7 +508,7 @@ pdo_firebird_db_handle H = (pdo_firebird_db_handle *)dbh->driver_data; switch (attr) { - char tmp[200]; + char tmp[512]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh->auto_commit);
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/pdo_pgsql/tests/bug36727.phpt ^
@@ -19,6 +19,6 @@ echo "Done\n"; ?> --EXPECTF-- -Warning: PDOStatement::bindValue(): SQLSTATE[HY093]: Invalid parameter number: :test in %s/bug36727.php on line %d +Warning: PDOStatement::bindValue(): SQLSTATE[HY093]: Invalid parameter number: :test in %sbug36727.php on line %d bool(false) Done \ No newline at end of file
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/recode/CREDITS ^
@@ -1,2 +1,2 @@ Recode -Kristian Köhntopp +Kristian Koehntopp
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/reflection/tests/bug42976.phpt ^
@@ -26,9 +26,9 @@ --EXPECTF-- string(9) "x.changed" -Warning: Invocation of C's constructor failed in %s/bug42976.php on line %d +Warning: Invocation of C's constructor failed in %sbug42976.php on line %d string(10) "x.original" -Warning: Invocation of C's constructor failed in %s/bug42976.php on line %d +Warning: Invocation of C's constructor failed in %sbug42976.php on line %d string(10) "x.original" Done
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/soap/php_http.c ^
@@ -17,7 +17,7 @@ \| Dmitry Stogov <dmitry@zend.com> \| +----------------------------------------------------------------------+ / -/ $Id: php_http.c 293491 2010-01-13 07:26:08Z fmk $ / +/ $Id: php_http.c 304084 2010-10-05 11:43:59Z dmitry $ */ #include "php_soap.h" #include "ext/standard/base64.h" @@ -167,6 +167,13 @@ smart_str_appendc(&soap_headers, ':'); smart_str_append_unsigned(&soap_headers, phpurl->port); smart_str_append_const(&soap_headers, " HTTP/1.1\r\n"); + smart_str_append_const(&soap_headers, "Host: "); + smart_str_appends(&soap_headers, phpurl->host); + if (phpurl->port != 80) { + smart_str_appendc(&soap_headers, ':'); + smart_str_append_unsigned(&soap_headers, phpurl->port); + } + smart_str_append_const(&soap_headers, "\r\n"); proxy_authentication(this_ptr, &soap_headers TSRMLS_CC); smart_str_append_const(&soap_headers, "\r\n"); if (php_stream_write(stream, soap_headers.c, soap_headers.len) != soap_headers.len) {
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/soap/php_sdl.c ^
@@ -17,7 +17,7 @@ \| Dmitry Stogov <dmitry@zend.com> \| +----------------------------------------------------------------------+ / -/ $Id: php_sdl.c 299013 2010-05-05 07:43:45Z dmitry $ / +/ $Id: php_sdl.c 305198 2010-11-08 11:34:32Z dmitry $ */ #include "php_soap.h" #include "ext/libxml/php_libxml.h" @@ -3239,10 +3239,13 @@ php_stream_context_set_option(context, "http", "proxy", str_proxy); zval_ptr_dtor(&str_proxy); - MAKE_STD_ZVAL(str_proxy); - ZVAL_BOOL(str_proxy, 1); - php_stream_context_set_option(context, "http", "request_fulluri", str_proxy); - zval_ptr_dtor(&str_proxy); + if (uri_len < sizeof("https://")-1 \|\| + strncasecmp(uri, "https://", sizeof("https://")-1) != 0) { + MAKE_STD_ZVAL(str_proxy); + ZVAL_BOOL(str_proxy, 1); + php_stream_context_set_option(context, "http", "request_fulluri", str_proxy); + zval_ptr_dtor(&str_proxy); + } proxy_authentication(this_ptr, &headers TSRMLS_CC); }
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/standard/array.c ^
@@ -21,7 +21,7 @@ +----------------------------------------------------------------------+ / -/ $Id: array.c 300371 2010-06-11 08:53:31Z dmitry $ / +/ $Id: array.c 305570 2010-11-19 22:06:44Z felipe $ / #include "php.h" #include "php_ini.h" @@ -1516,10 +1516,10 @@ case EXTR_OVERWRITE: / GLOBALS protection / - if (var_exists && var_name_len == sizeof("GLOBALS") && !strcmp(var_name, "GLOBALS")) { + if (var_exists && var_name_len == sizeof("GLOBALS")-1 && !strcmp(var_name, "GLOBALS")) { break; } - if (var_exists && var_name_len == sizeof("this") && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { + if (var_exists && var_name_len == sizeof("this")-1 && !strcmp(var_name, "this") && EG(scope) && EG(scope)->name_length != 0) { break; } smart_str_appendl(&final_name, var_name, var_name_len); @@ -3842,8 +3842,8 @@ for (i = 1; i < arr_argc; i++) { Bucket ptr = ptrs[i]; if (behavior == DIFF_NORMAL) { - while (ptr && (0 < (c = diff_data_compare_func(ptrs[0], ptr TSRMLS_CC)))) { - ptr++; + while (ptrs[i] && (0 < (c = diff_data_compare_func(ptrs[0], ptrs[i] TSRMLS_CC)))) { + ptrs[i]++; } } else if (behavior & DIFF_ASSOC) { / triggered also when DIFF_KEY / while (ptr && (0 != (c = diff_key_compare_func(ptrs[0], ptr TSRMLS_CC)))) {
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/standard/credits.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: credits.c 293036 2010-01-03 09:23:27Z sebastian $ / +/ $Id: credits.c 305421 2010-11-17 00:02:22Z felipe $ */ #include "php.h" #include "info.h" @@ -98,7 +98,7 @@ php_info_print_table_colspan_header(2, "PHP Documentation"); CREDIT_LINE("Authors", "Mehdi Achour, Friedhelm Betz, Antony Dovgal, Nuno Lopes, Hannes Magnusson, Georg Richter, Damien Seguy, Jakub Vrana"); CREDIT_LINE("Editor", "Philip Olson"); - CREDIT_LINE("User Note Maintainers", "Friedhelm Betz, Etienne Kneuss, Nuno Lopes, Hannes Magnusson, Felipe Pena, Maciek Sokolewicz"); + CREDIT_LINE("User Note Maintainers", "Friedhelm Betz, Etienne Kneuss, Nuno Lopes, Hannes Magnusson, Felipe Pena, Maciek Sokolewicz, Daniel P. Brown"); CREDIT_LINE("Other Contributors", "Previously active authors, editors and other contributors are listed in the manual."); php_info_print_table_end(); } @@ -106,7 +106,7 @@ if (flag & PHP_CREDITS_QA) { php_info_print_table_start(); php_info_print_table_header(1, "PHP Quality Assurance Team"); - php_info_print_table_row(1, "Ilia Alshanetsky, Joerg Behrens, Antony Dovgal, Stefan Esser, Moriyoshi Koizumi, Magnus Maatta, Sebastian Nohn, Derick Rethans, Melvyn Sopacua, Jani Taskinen"); + php_info_print_table_row(1, "Ilia Alshanetsky, Joerg Behrens, Antony Dovgal, Stefan Esser, Moriyoshi Koizumi, Magnus Maatta, Sebastian Nohn, Derick Rethans, Melvyn Sopacua, Jani Taskinen, Pierre-Alain Joye, Dmitry Stogov, Felipe Pena"); php_info_print_table_end(); }
[-] [+]	Added	php-5.2.15.tar.bz2/ext/standard/tests/array/extract_safety.phpt ^
@@ -0,0 +1,24 @@ +--TEST-- +Test extract() for overwrite of GLOBALS +--FILE-- +<?php +$str = "John"; +debug_zval_dump($GLOBALS["str"]); + +/* Extracting Global Variables */ +$splat = array("foo" => "bar"); +var_dump(extract(array("GLOBALS" => $splat, EXTR_OVERWRITE))); + +unset ($splat); + +debug_zval_dump($GLOBALS["str"]); + +echo "\nDone"; +?> + +--EXPECTF-- +string(4) "John" refcount(2) +int(0) +string(4) "John" refcount(2) + +Done \ No newline at end of file
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/standard/tests/file/copy_variation12.phpt ^
@@ -42,11 +42,11 @@ --EXPECTF-- * Test copy() function: Trying to create a copy of an existing dir * -Warning: copy(): The first argument to copy() function cannot be a directory in %s/copy_variation12.php on line %d +Warning: copy(): The first argument to copy() function cannot be a directory in %scopy_variation12.php on line %d bool(false) bool(false) int(%d) -Warning: filesize(): stat failed for %s/copy_copy_variation12 in %s/copy_variation12.php on line %d +Warning: filesize(): stat failed for %scopy_copy_variation12 in %scopy_variation12.php on line %d bool(false) * Done *
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/standard/tests/streams/bug46024.phpt ^
@@ -1,7 +1,7 @@ --TEST-- Bug #46024 stream_select() doesn't return the correct number --SKIPIF-- -<?php if (!getenv('TEST_PHP_EXECUTABLE')) die("TEST_PHP_EXECUTABLE not defined"); ?> +<?php if (!getenv('TEST_PHP_EXECUTABLE')) die("skip TEST_PHP_EXECUTABLE not defined"); ?> --FILE-- <?php $php = getenv('TEST_PHP_EXECUTABLE');
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/standard/var.c ^
@@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ / -/ $Id: var.c 301245 2010-07-13 18:53:12Z pajoye $ / +/ $Id: var.c 303330 2010-09-13 20:14:18Z kalle $ / @@ -140,9 +140,13 @@ return; } - Z_OBJ_HANDLER(struc, get_class_name)(struc, &class_name, &class_name_len, 0 TSRMLS_CC); - php_printf("%sobject(%s)#%d (%d) {\n", COMMON, class_name, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0); - efree(class_name); + if (Z_OBJ_HANDLER(struc, get_class_name)) { + Z_OBJ_HANDLER(struc, get_class_name)(*struc, &class_name, &class_name_len, 0 TSRMLS_CC); + php_printf("%sobject(%s)#%d (%d) {\n", COMMON, class_name, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0); + efree(class_name); + } else { + php_printf("%sobject(unknown class)#%d (%d) {\n", COMMON, Z_OBJ_HANDLE_PP(struc), myht ? zend_hash_num_elements(myht) : 0); + } php_element_dump_func = php_object_property_dump; head_done: if (myht) {
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/sysvshm/tests/002.phpt ^
@@ -33,33 +33,33 @@ echo "Done\n"; ?> --EXPECTF-- -Warning: Wrong parameter count for shm_attach() in %s/sysvshm/tests/002.php on line %d +Warning: Wrong parameter count for shm_attach() in %s002.php on line %d NULL -Warning: Wrong parameter count for shm_attach() in %s/sysvshm/tests/002.php on line %d +Warning: Wrong parameter count for shm_attach() in %s002.php on line %d NULL -Warning: shm_attach(): Segment size must be greater then zero. in %s/sysvshm/tests/002.php on line %d +Warning: shm_attach(): Segment size must be greater then zero. in %s002.php on line %d bool(false) -Warning: shm_attach(): Segment size must be greater then zero. in %s/sysvshm/tests/002.php on line %d +Warning: shm_attach(): Segment size must be greater then zero. in %s002.php on line %d bool(false) -Warning: shm_attach(): Segment size must be greater then zero. in %s/sysvshm/tests/002.php on line %d +Warning: shm_attach(): Segment size must be greater then zero. in %s002.php on line %d bool(false) -Warning: shm_attach(): Segment size must be greater then zero. in %s/sysvshm/tests/002.php on line %d +Warning: shm_attach(): Segment size must be greater then zero. in %s002.php on line %d bool(false) -Warning: shm_remove(): The parameter is not a valid shm_identifier in %s/sysvshm/tests/002.php on line %d +Warning: shm_remove(): The parameter is not a valid shm_identifier in %s002.php on line %d -Warning: shm_attach(): Segment size must be greater then zero. in %s/sysvshm/tests/002.php on line %d +Warning: shm_attach(): Segment size must be greater then zero. in %s002.php on line %d bool(false) -Warning: shm_remove(): The parameter is not a valid shm_identifier in %s/sysvshm/tests/002.php on line %d +Warning: shm_remove(): The parameter is not a valid shm_identifier in %s002.php on line %d int(%d) -Warning: shm_remove(): The parameter is not a valid shm_identifier in %s/sysvshm/tests/002.php on line %d +Warning: shm_remove(): The parameter is not a valid shm_identifier in %s002.php on line %d int(%d) int(%d) int(%d)
[-] [+]	Added	php-5.2.15.tar.bz2/ext/xml/tests/bug49687.phpt ^
@@ -0,0 +1,24 @@ +--TEST-- +Bug #49687 Several utf8_decode deficiencies and vulnerabilities +--SKIPIF-- +<?php +require_once("skipif.inc"); +if (!extension_loaded('xml')) die ("skip xml extension not available"); +?> +--FILE-- +<?php + +$tests = array( + "\x41\xC2\x3E\x42", + "\xE3\x80\x22", + "\x41\x98\xBA\x42\xE2\x98\x43\xE2\x98\xBA\xE2\x98", +); +foreach ($tests as $t) { + echo bin2hex(utf8_decode($t)), "\n"; +} +echo "Done.\n"; +--EXPECT-- +413f3e42 +3f22 +413f3f423f433f3f +Done.
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/xml/xml.c ^
@@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ / -/ $Id: xml.c 293146 2010-01-05 13:03:40Z pierrick $ / +/ $Id: xml.c 305055 2010-11-03 14:18:28Z cataphract $ / #define IS_EXT_MODULE @@ -554,10 +554,111 @@ } / }}} / +/ copied from trunk's implementation of get_next_char in ext/standard/html.c / +#define MB_FAILURE(pos, advance) do { \ + cursor = pos + (advance); \ + status = FAILURE; \ + return 0; \ +} while (0) + +#define CHECK_LEN(pos, chars_need) ((str_len - (pos)) >= (chars_need)) +#define utf8_lead(c) ((c) < 0x80 \|\| ((c) >= 0xC2 && (c) <= 0xF4)) +#define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF) + +/ {{{ php_next_utf8_char + / +static inline unsigned int php_next_utf8_char( + const unsigned char str, + size_t str_len, + size_t cursor, + int status) +{ + size_t pos = cursor; + unsigned int this_char = 0; + unsigned char c; + + status = SUCCESS; + + if (!CHECK_LEN(pos, 1)) + MB_FAILURE(pos, 1); + + /* We'll follow strategy 2. from section 3.6.1 of UTR #36: + * "In a reported illegal byte sequence, do not include any + * non-initial byte that encodes a valid character or is a leading + * byte for a valid sequence. / + c = str[pos]; + if (c < 0x80) { + this_char = c; + pos++; + } else if (c < 0xc2) { + MB_FAILURE(pos, 1); + } else if (c < 0xe0) { + if (!CHECK_LEN(pos, 2)) + MB_FAILURE(pos, 1); + + if (!utf8_trail(str[pos + 1])) { + MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2); + } + this_char = ((c & 0x1f) << 6) \| (str[pos + 1] & 0x3f); + if (this_char < 0x80) { / non-shortest form / + MB_FAILURE(pos, 2); + } + pos += 2; + } else if (c < 0xf0) { + size_t avail = str_len - pos; + + if (avail < 3 \|\| + !utf8_trail(str[pos + 1]) \|\| !utf8_trail(str[pos + 2])) { + if (avail < 2 \|\| utf8_lead(str[pos + 1])) + MB_FAILURE(pos, 1); + else if (avail < 3 \|\| utf8_lead(str[pos + 2])) + MB_FAILURE(pos, 2); + else + MB_FAILURE(pos, 3); + } + + this_char = ((c & 0x0f) << 12) \| ((str[pos + 1] & 0x3f) << 6) \| (str[pos + 2] & 0x3f); + if (this_char < 0x800) { / non-shortest form / + MB_FAILURE(pos, 3); + } else if (this_char >= 0xd800 && this_char <= 0xdfff) { / surrogate / + MB_FAILURE(pos, 3); + } + pos += 3; + } else if (c < 0xf5) { + size_t avail = str_len - pos; + + if (avail < 4 \|\| + !utf8_trail(str[pos + 1]) \|\| !utf8_trail(str[pos + 2]) \|\| + !utf8_trail(str[pos + 3])) { + if (avail < 2 \|\| utf8_lead(str[pos + 1])) + MB_FAILURE(pos, 1); + else if (avail < 3 \|\| utf8_lead(str[pos + 2])) + MB_FAILURE(pos, 2); + else if (avail < 4 \|\| utf8_lead(str[pos + 3])) + MB_FAILURE(pos, 3); + else + MB_FAILURE(pos, 4); + } + + this_char = ((c & 0x07) << 18) \| ((str[pos + 1] & 0x3f) << 12) \| ((str[pos + 2] & 0x3f) << 6) \| (str[pos + 3] & 0x3f); + if (this_char < 0x10000 \|\| this_char > 0x10FFFF) { / non-shortest form or outside range / + MB_FAILURE(pos, 4); + } + pos += 4; + } else { + MB_FAILURE(pos, 1); + } + + cursor = pos; + return this_char; +} +/* }}} / + + / {{{ xml_utf8_decode / PHPAPI char xml_utf8_decode(const XML_Char s, int len, int newlen, const XML_Char encoding) { - int pos = len; + size_t pos = 0; char newbuf = emalloc(len + 1); unsigned int c; char (decoder)(unsigned short) = NULL; @@ -576,36 +677,15 @@ newbuf[newlen] = '\0'; return newbuf; } - while (pos > 0) { - c = (unsigned char)(s); - if (c >= 0xf0) { / four bytes encoded, 21 bits / - if(pos-4 >= 0) { - c = ((s[0]&7)<<18) \| ((s[1]&63)<<12) \| ((s[2]&63)<<6) \| (s[3]&63); - } else { - c = '?'; - } - s += 4; - pos -= 4; - } else if (c >= 0xe0) { / three bytes encoded, 16 bits / - if(pos-3 >= 0) { - c = ((s[0]&63)<<12) \| ((s[1]&63)<<6) \| (s[2]&63); - } else { - c = '?'; - } - s += 3; - pos -= 3; - } else if (c >= 0xc0) { / two bytes encoded, 11 bits / - if(pos-2 >= 0) { - c = ((s[0]&63)<<6) \| (s[1]&63); - } else { - c = '?'; - } - s += 2; - pos -= 2; - } else { - s++; - pos--; + + while (pos < (size_t)len) { + int status = FAILURE; + c = php_next_utf8_char((const unsigned char)s, (size_t) len, &pos, &status); + + if (status == FAILURE \|\| c > 0xFFU) { + c = '?'; } + newbuf[newlen] = decoder ? decoder(c) : c; ++newlen; }
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/zip/php_zip.c ^
@@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ / -/ $Id: php_zip.c 293036 2010-01-03 09:23:27Z sebastian $ / +/ $Id: php_zip.c 305848 2010-11-30 11:04:06Z pajoye $ / #ifdef HAVE_CONFIG_H #include "config.h" @@ -413,6 +413,9 @@ return 0; } path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length); + if(!path_cleaned) { + return 0; + } path_cleaned_len = strlen(path_cleaned); if (path_cleaned_len >= MAXPATHLEN \|\| zip_stat(za, file, 0, &sb) != 0) { @@ -1954,6 +1957,9 @@ PHP_ZIP_STAT_INDEX(intern, index, 0, sb); comment = zip_get_file_comment(intern, index, &comment_len, (int)flags); + if(comment==NULL) { + RETURN_FALSE; + } RETURN_STRINGL((char )comment, (long)comment_len, 1); } /* }}} */ @@ -2537,7 +2543,7 @@ php_info_print_table_start(); php_info_print_table_row(2, "Zip", "enabled"); - php_info_print_table_row(2, "Extension Version","$Id: php_zip.c 293036 2010-01-03 09:23:27Z sebastian $"); + php_info_print_table_row(2, "Extension Version","$Id: php_zip.c 305848 2010-11-30 11:04:06Z pajoye $"); php_info_print_table_row(2, "Zip version", PHP_ZIP_VERSION_STRING); php_info_print_table_row(2, "Libzip version", "0.9.0");
[-] [+]	Added	php-5.2.15.tar.bz2/ext/zlib/tests/bug_52944.phpt ^
@@ -0,0 +1,157 @@ +--TEST-- +Bug #52944 (segfault with zlib filter and corrupted data) +--SKIPIF-- +<?php if (!extension_loaded("zlib")) print "skip"; ?> +--INI-- +allow_url_fopen=1 +--FILE-- +<?php +$data = +'U3XuBFLaJfQAWt4cqi8u8ugXxyDcPTZy8VicbJr50gGTEh0dmo+d8O4uBCTuAf3dHbbDYTieluscWXkKlavfKdMkZZRP3GpTApbb'. +'mQONJCgdbpPHat6iGOoq34vIGCLKFuD8qiA4ti5AL7bArvDtd7i+5tvn49j1L3bwroIsk1iPS5leATIwp1iwk+VdPLzu7tsexYBf'. +'giLx7WtQI779GtQIKD1QI4AT1Ihvf0I1Iu1u1Ca+7Vs3TtfqiCXvrm99EuJy/ix5z1VD8atW9sUyvmu/pQn8KU5lZvHUqC5xzgow'. +'0e8m/e5n5fLH2EPhBn4CA3n0p02/E/hVlAgxNIczOk7H7shAHSyUQ7PIwicPE/xNw7Nq4F+aHj2CowlZQKvhr2+fGIhA1QsSG6SD'. +'y3MBWfRsWxpYq08oqfievkq2Du7uwO99DGhG4GQrIODp67QfRFEFnrUQWD1qV2R44JVHoEjwt5c6ASus4MdOAtA+2OZAHLLOA9O6'. +'4kgGY4wOggODnQMWrk6fnTn4s4E/GG/QqEPiOiY+PWvij9MDz+0qM8WlyB6rGiGdVcVbChvQJhcjos7ShfrFxU017nBgsMHx2OON'. +'NV7mx3AovW/veYYnlUfNlF1TNysBvNPrs5V6ClWzREIaxqSGPIK+EoQEeqBvCarbQHOQnolOl/jMrmXPMBWbIDRkzJPVo3kCD3Us'. +'NRXjK+Ad8/fMLPiqY7+CulD4Vc/pga9nIEdhGDsx1qvT4Aw9rpW6rGtv5tqvcnMLWCNgtbu7BZ25GYiGMwiStZFNs0jY+uxVFrcG'. +'rOVt+PaYWLhRRxt3rOCm2E/BUUA75CBa7wmWkSkXFyV7bsA/9NU5TPSC8jU9p/fSqS0u9l44323oNb1h6KfYl1mvAYIzNUX0Csfp'. +'pozkYa12FecgDSsD86KHnATUwz8uzu3jbL5Bkb9UyUtMjL30feyC0oVBYY/DcR8DYdAnbI1FcItMFuAcIkNLx7498TGqFlN49v/K'. +'5TdaEbZPfKhWMwvZw5SKGjMvAGm6xBrEIRtYsmfRcY0NfA5ogzyuzS2nO9sCMcVkMlxTpc03vuJcSkv9T4aZkYktzv5j3FUIf9Eu'. +'EVuPX9ZM2dBAEEEAmEzVXRcbdmMfGoEF0hn+ufCvjZoGXMbSLKGXRkIhYEcJFHzrGphvw7M/YAd1MT/q4b1weBHE7+N+ge1EyDGK'. +'vT/q0GzHs65w1UpMcFyhKRUsLtZfOj1gG3MMrfijvnyV7gJ6DOJTfsQwogzOuESkGzr2vt7AB5ltDDDgs1YBLCP2Hs4ep/INGvDn'. +'0gS4x7TeREJvQoEvnXoNF2AxzeJZadBG9nsfE1DhTWy/BU0CvZ/t/8VxK1No7y8OsiarJz7+Z4eP7zN0XqDFE2fBdgcLzaFdGau4'. +'eCY+NT0bWZiQ9RJ8xXipdAO0oplw23O6CXo1DvAcC7C0VnHjT9+dnveSDURCDL+J058ivgw1MKpyUank1fTE7eD+MYNOtKepW3EM'. +'5BaeogscRezzQwX74AjxOVQW7QYa4BPofdJVOrFAYE2dq42rbINe19qxXjuXQquNl2liaVckfFge4ywTvwxcfNuyttEveIsC5Efh'. +'t/0A5I1okwDIHgrUs3fN2x3Q79uewcOW4/dgcJII2THNt84OUqH5dlnqMzEPzLrjLQi4S+MtVgp6vWcf+ZBE33o8admzR8jNW06P'. +'QldnMQigV9BkjL7s2W0fRg+kbGLKAf78yTVnjHqLJv5Qjv0IeEDy4yPGq0JBW+BDvsVZShTCaCWReUxyexvGUy8LRxw72zipLkfM'. +'a5oI2gU7/g1j8VDFlbFspQbEOJs7RdSJJDjP95E1IHKcjuHLG4xcDeh/dWXyLkXf/JFL2QJcW2nE5NXi4hT+b7e6jjOGiqHNMbWT'. +'sLVBvw1MQLgf8dt69bepfRWCHfyDIx4Z+RYGUv6AqwxbGGD5A8YzzGY9+71nbKlzi0glZwx/ABx/NvCnUYMEyJXuvXns4PsG/jQ6'. +'9kcfPq8j/DqmrZ9xXXoYSLidm1i1f/LA7BI807Pf4oZPYI19F9WRQRAtZJMeRRzCn8DnwMM9PzepeCNEb883OvT9HP0ovLO8UkY9'. +'/oSSaM+n4dt20Kigx0lBgiPHgQFn4nAVc8ufSMdg4i0Z5mg0oDjD7s0saDFcEhehwEJntB2onT2hGTAXAx8MKgAVNU21E8wQNYXQ'. +'NFf40yNVQga+Z0+xrAmk7oMUQWOfM/2ZTX758olZiaMm33pQ/X1BtvOrMAnHeJiBSheFXMKD94DNU2mkmsvE3AGrJtVcB2n/4inK'. +'jwAZCUviQzNQgOMJojl7IF8e6YyJidrAa1HrParr/hwJifakm3TB5m8GqSGxuFhz2Nv4I4tpcyMhr4FeaN2ikWvSsZuGlgZCVWHF'. +'Np2AKxTgEbXkY+6FyRivfDWrEnEbI0h5C9WhRdKUIws1Ah6PXb/LjqrO8bUMac6wX7iXoKV/qlgtU/vKMP8GXcQaGMxdF4PtMdNP'. +'ZfKg8U56sg92RdJk2/hHYYCN5zp4Y3bwxvRIDt4rezRJujhIQWXMspk1tCIWF4Fj37holt/deS/w2ZSTfD2cxMJZPbDZ0OYnSf04'. +'AG019g+HdEw8gKmvDnh0/LSRPjWAIn4zfc2aeSUXcBYeU1jd2I1B897dKS8OKHsMHdJLqeNoVE7kY6f05tQBMfvYtSMfCsHh2TKu'. +'LJozmKY8Pt2g/m3wGcJKGzaKCYCjQaYqLY9ja5xckLecwnjndoKrMLh2ChaskC6FQQLdYmK3k6T6hmzudB5gliE9wbMKq0ZO2+Kd'. +'frgGaU2bFYOwh4YbGc/Zhj9Itfsuumm46+8WuYgSemdNDMUOrLF9bIiF1SvIcfVibPsEfwXwEgRSrs4IkLhpCoDTFzjumlOAIgv7'. +'dHqWGtnCI+BW4UFq1KaFKnGAPM8tcjzFDns13W1tFBMMjlEFXCANwEPGsKQoHiwupo+2BNgoJzXw8Jci0Ug780lYtzhDwyI4bF6x'. +'tqUz//T3J/sNHcfVGwcG5Bv26+FhQ7/TQV2+UfYjXUmH+PYKvF9nYOAfXIFs05MF0GZuD+I1bxzCPYYAjX94gfYEikCDHljmHIQW'. +'UdBAG97qgZKGn3X8eYo/z/DnOf58iz/fnZmpI6Hv5tHsjoPB/VhMZvm0zJxnI7sKbVamF/wDJ7XXkHRLpV/PHnqUZUHNI1FjPSox'. +'M2fsNKtw7xDv3pBTh3Jpx8SUjDoe7Ssr/t9s7tgDz8hKkEz5kxsXB26mjTbLQ5gd0ryBQfK6DbLuACweipYkhxgdULB45bjEIYlj'. +'hFzVsQOI9LI/eo5Cvzx90cFAgZLOlXo0DtD6ybmilDPD+Gr6DgT5PLw4dFw+wKZQgkwvoxcfLGV8/5ybY+ZeR4R9OdUvJqZS+MKc'. +'s5i2khnoq5qlU1GEomn7cvac2y5zlAvJ5ekoBXEmmg4vFCRqJWfSDU8FLZagAgvcApwcX4zNnW+3KWE2YAQKUg1bPxdm05UZpCod'. +'QOJfTouMHbo2uDhDcozKx1ymCZKK+RG2g1QRLvx2xHWCOiqI77EHF3INCaEsyzUz/VZsDo99btQVL3dOHTSHKdSbBiP8BunIxD/Q'. +'kVOlT56ZzWmO6pBwBb6UZL5nVh1s0o0rPqys8GkNel/5BI5a7+5OBVgHLswDjCWAKA3QjzMQmuDJdZ4xFcc9XYlZf0GhqxmZKhXj'. +'oLpb2QyUXsI4reNzqEBAwoCl1JXT28ixWewzk2fHsDUVeVTikTHNoQn+mMMZ1hXzRpybchWrwo89E5V7YBNqMbVKXjKa6zlzsufk'. +'3oVshy4QS3Y9MPPSWuvCHpWGY1C0GsnGl0s+DtMkVYZBwZokYHiw02MjvySnMDkpMz/PzY/0ifyikqkgDvhBfOcL9CYY5bY/jvvi'. +'0e1jIum7gPac24Oohaeixwlae4FNHGYihuxDmm5vHR6cHB3une9vHv+I6Kpgjt/uvj65F2Jzj7/nJomR+3jKD6fL8tO4vMaEMSSt'. +'qrMG7I40BA458LMgpdHs7Nht3v3l2z5ZEqYieUvZsMg270hz7W51oW03NT86wygOKgqXRQeupQr6efBYaiBLDapLDYqlHoHOLpfY'. +'qSwxB0tklaW15xDWlV1D20regqPt5Dtm5Dke7kiQcFviiCUS7AXYS7cA2w+BHXaH7agAmLjOQgbZqYZUqpmk1dxKpxmK9WQGSt0H'. +'tjq2g344KEC+ySAZGy7LRpNxAezay+C2g3Hgj2kvUAFqoja5MwdSacnEzeM8wUWYAs5xJc4CpIJznOLcA4HSfxO2K+iz7YrmdOaB'. +'KRi38xiPg/gqiPcL00gA5qRdfRQMonEwH7CeQ1iCXiiAr9E5dNU8uy2bgflDPygWVwCEMo/p9PojsEkKROm6WR8f8ynS1cxwojAD'. +'jRQ2cAtQu3n2J8DNod+NioAjtzyoUCoWbckOnmzmqVBbfJpZGTAoAO62yjDtAsw+nXxWhusU4A4OyzDdAswxnY5WhgsLcCdBXFFi'. +'zwOBkGtnVf0vvIyHN30/mgzHlVNpbyXQT7yZsAJIHB+AgBetQjGvMKaPji3BZ4IZFGF+FFXpFz+8UVjqSMR0HIrT5ApW8FTg2PQr'. +'WzH1ZIgLNqVkSKexLqj0RCSMcioojOCFcTzVeEOD2wkEAs3RijgN/f3mSv15vfb06fOVNfCAFfDC1BXYlzONN8hBk/Dy861WFgiz'. +'FTu4UpY7BrK5NYLExKnrzT8sbLXEUduODm2ntdo0ydwaoRviC0h6wcXqqjsHP0XD4LDdBhLTgfxi/+BjB6wzgabNaPCkCblpNb/L'. +'TsD1Ujg2IA2xB/Gxo97KwLDXeJxC7rDERTxU6g8L+fMa9UVcRTdKhzZulFIaImUU3gR9SjGZSNdxCO3VX4SDjoYrmEvixGc8xnIM'. +'OmQV/myETn396fPaYsepLd44a/oy1HIrhuroi7hsL1bTAZsMLaI1/ewLhyylRig7BACCp2sA/vMR4VrSvChuAeMt1Za061Bf1lt4'. +'xn19SesG8IItxrfVlzrWHSh57Cyl9ZYnVcd2iLVONibfrj99Wlsc1RaHSwU+gazbGSuF2ymnhHhiG/FKmmiGx8vO0qJfxxPt+bm1'. +'9FtJ/ocFaPR1oWuXFrtLy7l+xZJOHKiCJKfYO/AteCBvnSpiZgB/WDCMcNcJT9IjZZdWl0xgMgwBMRDtSe5w9nDXNBsiBwcvCDYP'. +'Tx474dsSLJOgvSS7tqqWZkqqOIN7y3QXDAefl3TZ33pN14gWjl7XNaYBPa6+pPPxxTWEssfwnjy3NTVS+fQNEPbR7aPVJ397sLm/'. +'g+79uzgYgL6xewnen4LX8y39ccRp50nXBfqdAxmXTDx3lm/aePRodRVd2+NBkr6TPIvpvhdHWyIl8GyJvmU4z9n6A1TsJSriFYEe'. +'JV1QzJTyIRzKq0i5gEczU+JhJLJq8hrcaoz0NUMploYeyf80BMphPoc+HITjuQj/wBcYprUYdUHmnUOX4iWyg9F4KgjyCLjiG0Mn'. +'lAwjIlZNnI42sFtGfRc4YPX072or35+tdiy8GEEex//Y0epreM/K43uRCCbkqs2rVu56xQ4OHfUi5KUYJWnzXgx4g5+x9Pk///rv'. +'Pv+3z//l8z/8+u9+/ftf/8Pnf9A+/wsk/QWS/vHzP//695//n8//7dd//+t/+PXvNUj6LwD7f37+i4apn/9vzPT5L3iJKfSxpNGj'. +'XIAtd3OJwHGAK3Z0h6mat9RfeB+KobfChDSJbvHtsxlwG1p+jqd6S9glunATWm8pkAyOCu2H48MDQ1/FbJgLhsdIt7ja8N9t+vRo'. +'KRkkshqNuqUpX9ROW2rIKudSRVdaSq5eAmOkgCketpYaWk40p19nVnbdQnZHKh63mnGGXqKnnhvQFQRlvtnMk1VC434eKMBGc0PS'. +'4q/nv3sZMC0vz0PiKhNZoeiCbsh4JJuN19AMEj4nNt/gL6ov1U6prag/ixClmCIeXVRaf+G91JdFzZb1F6veS9ytlGsBISD2RE5C'. +'ZquEqJACxfboSg+WPksKkUGR0uhRlYrEC0QkqMw+E+RWeG0mcK+uziGlvHj3OBoEJ9AF+THMglcIXxvUwygGnXjuTabn3ni+lhi5'. +'U1x4ovt++cphHs5hykdYxjt3ihJfliQ0Efym/5dKiW8TSs7duSWibvv5o1JglBm5go8kknDYRjTAKrdLYPbCmP35I85OLq/VQMD3'. +'g/aYk/BpNje/2vklGSmyfZNdt+NFrem8upMeqqrfEoxpUEHTJbpiZskDBrhYMudUSOUkZctDnrj4T8MfSIHfNCQ5r9Yjr0dVo2nw'. +'aOTAe0pPpJS2oq3Xak0BgXQCwkMbmE9NNgQNc3XNXFl7/gzhkHuQBMIkSOnPxhHK3cwa4jSQt9oSIYLeKKEmvixbGmwEqV0Lv1mn'. +'Uk2ZFuUKZR06D28GMVNIV7BfwuRdOCTqzUPDHVVZh6wP77dfcoBzjQ++SwrZiyuFOKX4wtubgeJgHNpBu43n2OijST8BZ1HHy3HH'. +'4ComjXVtZmnPcMsFtvkR3oZId/6xAau939V2KG+i1e1v7bX5NyF/r22+P3l7eHRsj28gUfg2fMPuJOSQUjzQ/OFrkQ34Wdnb3do5'. +'ON5BZJxDXpZswE/ua3p9cnaJoigc+C2xszt+V9/vrorGrOavKWTyJHd3hjqB0JLpzq04d6mhExF0K3GvguzyhY7V5SgRHCptvETn'. +'RVfefNWmEyzaRve0ffbYceiGQZy5wuUoPfBtvHfB7QQ2eJUAYXUwQjYZT/vBKb5TBIEFuhOg/roCccBwCfPKNqksEAA4ZZiV1bY6'. +'vMbtOPo46uBh+3iActsOE0NvAJO2giEGSOPI0Rs6cm168HVnZoEJ98pNgn44LNaftmRa7WZyHdK5TxhYcesDrI7rSQ3cJchXXlHa'. +'AAqCojHZfqZ+8KLxOBrgh7pIlpemhg7iXO2mNzXIguqyIBQWeqOdLwmYaQzjC5PzJRG7Y3qxoDYdwgkFkeQSjb+9abStaSMEmvKK'. +'74cY9XCsUJbo2hYLXzBKkaL2JFwRbLdyzTkwVFyqnxR4RieROrdUZKNtw8gK4g8kOcmOtrjR8stbFrj8SW+D7YktIa4Qb3SMLJZo'. +'LL1ohVcg81w8PauiOhrxp6O3o+F4Be8obNRrtb9peq5/0aGNXQ0KEeKaNtlhbuA+lObAjTvhsFFrjsCUAwe9UdNfvliF0tBplkeL'. +'yxbyUXZUw1GUhLTvzHRwKyNYSL6OgdSkBeTHhg42Nd16rM/weLv5HzkWWR6ETCXQEibNoiQH7oExwmOhdqEWoVXHTUW4W5Y2ic34'. +'YiqRi/inKltXZOvKbMW6lhpmQQ0aoYUYG13rEx2NIKE+rdDECHRRqqDmN48Q1RhRDdrKJWcbMHooT9C0/n35UXrSH0LgwHa6Z6dN'. +'EoXWnETDMxkAgx/lQNfp3t3dzujODxiekCpBLnD9fjIMxw7Jr/fwZPSI3JgIY/tlDbLjYfvi/Ul7mZ4wfFu9AcodhgMYgeQ8NJSt'. +'lKFFRbAUlftaL4DHJIy+cdEwehu9BolR5tFODlJsrAU4vn9dmmUYBUntKcTpXeJueXyInBabseI43Ei4zjS4dDx2i2b1RFEjKIpv'. +'ANfxCKcR0gNN+Rkd4cdy2byNMBiYXaQ0caMrXClHJjW66EmlrzM+2xXIfzNGN+F2ZmU2rRBxP4XB9UZVIrroeNcXyJjWMdbc4Bsc'. +'kBYNPvtzEiOH0EfeNUfFY2VTf45TuC1cWfyseoBp+ox3c/8b1DZfnaoKK+2RtZVKmjadD9Tt04PTGPRzxmmLi5iyuBins6D6fvRJ'. +'py1/uVRxKaP4wGj6lNWI7QGtPqzSlO5qCFxkPC4lLi4+LogrRMISCz4afVuKlceptAVEWXImhAFVih4lzh0InzvWyHekLlcR5+0l'. +'HsOAheABymIw4olaVsfKb18UtGmpHqUcEeoIqAQ41cWg0M8wnutBmBHrgSo4ayQ6l/o+hbiPXyVQNdeiYKVrN0aj/pS5DnQhMShd'. +'+DTDACDlMicgjDyqH22LxUX8BSN2iJfG+GC3OQ6fTbmBHxp8AgcKcAw5CZy20FPVeR/n8hqh3ZrENOuwkT028JRxs9mFkda+Qc9w'. +'o9YQvdN1nHTn/0a3QQDJKAhayWn37O5OebfPxeATyh3cALffR0MB+KkF+uV1qg3QKOOamuVva/xtrerbOn+DP0L2nqLVB7zVtXpn'. +'M6jMMBUV56g8G5SET9Y5Gqv8jk/W+bkQkJTEz9a57HVOlW/WudLR/ElJsAQm5auSYLFCVXUhaELlMJTU8zjtnG2oL0Q/Zp/bQTDu'. +'Rq1GxxL3GjfaqEattAO7liQ2GKEmqSdQxkiBwpbhlBGBbkBf9TXPcfJ4B2PVSPrR9d0wigdu/67tJmNz1bTH4KbkcpuZoUDCleg/'. +'ZwjQUMwpT2q0Cu1nyC12N9BlsagT/82ahKX/Tk0i14maJNjwv1+jisMq9zUNH1RTQQR4UdQP3KFeJIng/d+JKtLnRLqkQzE3ckK0'. +'IqW9mQ0XW7X6VPSnt4CnAb4pZT0Tmj8d57hpzlIH919ZGKMql6cqCixSlRjzijSkhmw/VjtgcbFtflFdBGOV6qKUTapnZg2ieNRV'. +'ZwG6oKx7VTLqATp3BS0b4AoQhjPAzq54oa15NqIKzOEhS3gDOd+FbXO24qAZbdPq8tWBZIaf6nSLwAivq/sbfAALIDM+enimCgXy'. +'SzPrwiTnwjklI+k1usjQS9ZF3rOA5xR/5v9uoaEFZbDr+4rMoXzaHthK+ZQjtJbySSfRSCb44i/48jiTwslK/clcYMU7DkZ4jFfm'. +'5fBskI0WW+A42Ch8jsdOAKlBPxjglRfwNGw5nkF/zRl/EBNReChY3PEMffmU71Nxb4z0YpXUhoSsYB8+YQwgIFZEMSRflrMXtDOt'. +'tWfPTAv+fjG+eoavruKr/0Z8axm+NRXfWg6f3Jts6eayburY3amN5hnisBg6v7IDNkheCNMldJjK9rrjrGfBd2QOOqtA1F+MX6BO'. +'p7j2fFu31mcmvFpflPSLuQqGTYB7fCXi07SxbUkYJWWtlLJOKWeVtVk2Nhq/2Pxobpi//E2uFl//dW51eWhhhc0na/azZ1Yuda0y'. +'dV2kyqr/0Th1V9qbK6+JQmsz86H3B0n3vES65yXSPTcryzfnvzxQ7HJ12cvVFVgu1gI60P3FqFma+H8FyTXXVubm0mvDT1uQHA4A'. +'MH9D9Fl2oA0IC+mSdJqt6LaDN5hP4q3jY/pAYwDcRfAI8Y9SiI4ewRCcEjoHoovCrTVFm4EP1Ws7JcE545N7uk5XzC4dQO7sABFU'. +'lhzbd+teTtzGaQ2HK/47s9xPkzhonK49VdK8IOxQGrzjvzWQQV4fzWLICf/Dt0nAL5whjq6HjdP682fW0zX4/5nlT91hrpyWG19k'. +'uerr33OShIOELLETB1PEBkn8L00OGLhGlcC0i657EQLsdwD33Tp8+ZbT8Y6j4RiaioiV8iK8r1Ug+u4ZwltPRZYIeoCaDVWuP01L'. +'iGIfzExA9GzdegYNqj3l9DhoSewCMnH7A/AiTtfWoSIAWl9b4w9XIVgdY4B++h1dvFBHPeR3k9Dl0gQVO1G/xQlr9WeINGvw2nf4'. +'Dpo27ESN02+fUZMgRTSfem+9htU+s/qoF5nU9W/XAddz/CbSmd5ra0+znqF0UVT9KXxY/w4QPc0+QF9AnS3xT6SPwuGFoNV3a1b9'. +'+3WRPg0wSlk0A/+tEaZBILkBapJ2jtL4gRtHSDxqKgIN3aupYJa1784s6jj+LKiR66/nhFip1Pdr0FVQqdEkHvUDiZdQpd2RJVFn'. +'cm0ATRL2r4IYAL5fs8S/MwuG2DhQ2oWVLjYW8irjOA/M07VJOOzYPTDmhigOxDu9NtMJOplu3baCdkOHl+BwMv7TBLf/E2huWQjs'. +'0oKRSZlPU+yA5EwBnFmIcHeI+O5D1APFv+qE5pPucpvziErcl2klzWV0V9ZMmXN3eF9eEISUaXXNfFHPyl9de9KlwlPckGIYKytd'. +'gX2lrhSwNfFC/8vak2vRl+RDwboaQnGUt55v1nwE97ZLbRk3rLvirHEJKuGAavH4S9tV7Kv7c64Um/aku1Iv9dkcHA80rqLj0vY9'. +'ybPGnybh8CtaWGjjw3kLTSz34HwkDzbynl4s9eRxcUG33B1kg/tRAoWGT9gif7cLhZvLPaXRDyESeGDwl/Go7X64QtiitE4CzRPA'. +'mR96Ozej6B48QH/woTbaDVGvUXRtgEytYa9it5hK074AVQiolnuAzFhR0K0APqxYsW/nIkQPj3y7dNmNU7LmQymz+QxQbIpoiMoL'. +'xfqh5MpxxFYY+w8NUO7Ky3hs1FfkMFDJjxLoATSSHySSdDgUBNk8NNVEULhDYO6mNVOpkC+bR0e+m3bwZPu8DMWFzoE8Sr7n1O1v'. +'a/Vn3zX5Op9ak6fqB7SMXOpEI1x1+qbj1JWeHPC5/3g6e/9JzV6nzn5BVXM9vEQEJy4G8hDG1afZeje+GqK73+2a/ICK1RisdtNF'. +'W2hZkSPCFaiBmQ1FI3zSX+mB6sqQrV7kmf9/fDrkqIA8Hz5IgeVBfsD+KxABGNcBvptDBgPo8KRuPzN/N2JgTdSRUrOfPflrGGQe'. +'cb8QBXT0M5XKr9CTKwz0i3SoAw3TnUoYxSHILStxQcq4hyoOisNbJ7orocrFfy12kk89VteyhOWyYP9txQhR1suLsguUU10qDyjo'. +'GMAMa89MUzZO6YKLnI6vAMeaqiL+FTjp/v3aeiW11CUFKQ8y/krXqhGwSt/5GKWgNl8Y9dU1+9tnpmoHfWs/e772DM0SREe8TAxv'. +'rM2FxZZi8wQANK+GD4Xs6fc5CNbstRyG79cVHPOyPC/k+e6pyIUhdxkX3EuM7gvUWUXPyFZ7BnM8WRNUpoGS9vXcboEMK6GapScy'. +'4qK0wQGSvHltdbULPjH5xQ18z0Jb6GQ/uRyQAuU2dKpT+5eTYBIUA2MCx+UVdKvlqJPpdMEzzomXptejkeuH46l+JoRmVgURxGgE'. +'lmeL1VFaF7+7E+uGTT52PftKE+zw+Y9t+O/773UR6RNwAFaxbDwzKC3LvcKCWnhKkQjO4ly3hTY0+Cxmq4Cs4c+4Om3ntvipQ8v6'. +'YMeJtcHbti0a7dRmQRpJ0bZuiaR8Zkq2Auylq/kWd34ja7Bwyv0IN3+Pi2uNSpGBCESeZU0W8ajcagFNdKV7JPhCR3uQhIG4Y5qW'. +'EZSNLKE3wQ2c7bCPgZakYbw0MsC8zZ7nLSHarYB5SIZOFBh1XgjzOw5//v9XKLNoVJpjO8DdHkkDXx7JLvOhv+xeIsKe54xcER3+'. +'deO2JcetGDLlUdi6dxS2lVFIIel3d8/Sc1zSwJTscXWt4VZEmKyuNUWQshwqKyszuu4oF6eMq2Q0pKXwsGq4hCcGbisdUrfie6MO'. +'8tkqDhuz2XbaK2tpdJcPhpv/ot30Mfa6AkmtEsmXFjbLN+xL8auhVS25m+Brh5oMlv29G1WI+/raOrUEL+rtGz3fzkwyYHcqb6qQ'. +'ONp5c76/c8w3/eI6He2zEKl4uK++2e9r7TDotxItBhxxGLR0BWQNQN65SXIdxQDRioZLY43C4FSgdQTqo77VXJyRJqmQ8LEcGki+'. +'QaJCPwXovagTDrUw0cLhldsPc0U+g+87AzfsF77/YeH1zs52RXNkclV7wpjbk8Ksqdiv42jYYdx/WHh3dPh6d2+nogDlC5UxlyAq'. +'IBb0+uSd1pdNpcIsbV2ju3i1QQj8MxkUs61XZrO1owADcP0xSF7KL2v9anP7/Hhn82jrraN/jCaa72KNwIJuaa5GO2w0jtzVrsNx'. +'F2Q5COWpNnJjdwDaME7sF178Ev+9A2WXaC9cjY4HXFrlg71xG+rSSyDqi1X3paWNI4GaqNwPRDXev9s7hHq8PjzaP9/df+Poq8lq'. +'OOisnuPdyKvBcJV1pd0J25xh5/z4ZPPk/fGrzaPz7Z3Xm+/3Tk52fj7hfX6OtnQc9ANqazvqY1C9top7u9Vcx5s/7ZxneSjXm2Cs'. +'4emFVbAnh4d7J7vvOIuApRZQjqSY5Wjn9VER/VHQBhp1IUMyroIvFiHhZTHlXFCx3YM3spxH1HL3Co1X2y7CnhyebO4hmxwLeAA+'. +'icau6IiGxhk2f9j8+fzD5m5a8ew/yLAVDYdAWChBgT7eOdiuhD4G9YqcQ3szZY32j9+c7xwdaVpllp04jmIt8v0JDLzHWY7jo5/O'. +'63MKweN/xIWFZFfEgR91huEneAH6jUCWBoIY2OeHP84p+jWRGa3UlpZM6E709qTfnyq1qM4rCNMBtTvpk+pNHucKXKvOsykHwf2F'. +'YtPXKhGcgJgEBu9HuDqkBRnpgHYamAGYiqKUC2lF13SYNJq3eezr1dhxSasNpL12k+EvIBSkCaz2y+bJyRyKgP0KWghjo/OFPeW9'. +'uI8eKZ0HYmoydKn1odcPNKV+rw/3tneOKvuLhnaSgR4cahI3IT+Ism8fd45z3z4GSa6L1ufzBPfOkpA7b452t2G04mEU5ziacuBH'. +'Ad5BwvRm9AT+ZufkfG/34McidilvEokcgc7fH+1V1gXSGSdBvT3Z36uConRAmiiwIFff71dSEKzKKJ4M0goIWXrOcuLdztH5u803'. +'Owxer2Ut2t59t4d0LQ3GLvMic9xtbaataLf1mRa1tdu12VIZwfnJuz0FQf40AC314VGApJfg2OPoPW6v4dAL3qzOx5PUzeUlTewT'. +'hiFQKn+WVeCE5Ofbww/nr48O9/Mt0NpxNGgsVQGfHKrNHYf9fhnu/at9VXziWEDzTIHb2X938rFIP+JYaqoC+WoHOm+nAAqQeJKS'. +'Arb5+gT6CqAeKTDY6JpKdLALzk92T1SmJcDP/8fnv3z+p8///Ot/0j7/4+f/S/v8v37+y6//y+d/+PxPGnz63z//Z+3zvwDEv3z+'. +'r5//UUW3t31UwofoOPs/ahneYq79j/l8kGt/Who3W4d77/cPzunglxyZYJCVwd4d7f60ebKj0CgOr1x/WoY83v1zHuExKIsy2HaG'. +'TYzAEcpP7KI50Gsq9HYlWElmoIipaMzO0e7htiqNp6MKsP0dcL+3c3wx1TjevaLZOSGAbDnAY2+q6HNSpE9VU7YO3x+cHH1UlSCg'. +'i6e/udG7B1uHWVcD2O4QdE4F4Kv3H4/zFXQrOWd7r8Dp231VBh1+OEC7syjEtoWirADNCWcA3UutRaEXjk9guJYE7RHPA1VVEI9K'. +'rSg7qOo/suXUVo/B4kiq6Pj6MFc+nog5D1/90SOqIc45zS20XmOwTW+S3Ae1RlBvaQ5hPtQ6QW0Jc6I/1eKHSn+uVlLzprQnvwy+'. +'uXWye3igcjgf4FQCPNpXB3eKujy0918dwuPh+3evPqqKO44mI6hGCfTVx+1NhTUBtOVOkwqwDzs7P6pdeR0EF1Vw+8Aeb48zuEE0'. +'HHcF4NbbzaMTAVnidDQupcVXAV+SL6T3QKmGUnKo0PeNtyJcJmYknHYV9Seyu/KVBlbND09w2LMhX0KdQqeo54GTt5PCp67OPPD1'. +'2naefOs1Les5FbK+XyA09UgFgY929nNwozi4CqMJOO7VGZ4XEXfdfntlCl50GXbtYwF2TUNAWV0m7u7xu73Nj+cgy/ePC/0M4nyg'. +'GM7bO3sFES37I8ABKizJzVcABuLq9S546WoW5LY40KbRBFwY8XDtDsfo7bcIA3ohibCLN6rQCcH5RSjFpLqWpD7+XLRgO23tnMvZ'. +'BcR9H+IJq3fiESmZWBbnilDlCKPe2X5QJA=='; +$fp = fopen('data://text/plain;base64,' . $data, 'r'); +stream_filter_append($fp, 'zlib.inflate', STREAM_FILTER_READ); +var_dump(fread($fp,1)); +var_dump(fread($fp,1)); +fclose($fp); +echo "Done.\n"; +--EXPECT-- +string(0) "" +string(0) "" +Done.
[-] [+]	Changed	php-5.2.15.tar.bz2/ext/zlib/zlib_filter.c ^
@@ -16,7 +16,7 @@ +----------------------------------------------------------------------+ / -/ $Id: zlib_filter.c 293036 2010-01-03 09:23:27Z sebastian $ / +/ $Id: zlib_filter.c 303878 2010-09-29 18:58:58Z cataphract $ / #include "php.h" #include "php_zlib.h" @@ -102,6 +102,9 @@ } else if (status != Z_OK) { / Something bad happened / php_stream_bucket_delref(bucket TSRMLS_CC); + / reset these because despite the error the filter may be used again / + data->strm.next_in = data->inbuf; + data->strm.avail_in = 0; return PSFS_ERR_FATAL; } desired -= data->strm.avail_in; / desired becomes what we consumed this round through */
[-] [+]	Changed	php-5.2.15.tar.bz2/main/fopen_wrappers.c ^
@@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ / -/ $Id: fopen_wrappers.c 293036 2010-01-03 09:23:27Z sebastian $ / +/ $Id: fopen_wrappers.c 306136 2010-12-09 17:04:29Z pajoye $ / / {{{ includes / @@ -172,6 +172,9 @@ resolved_basedir[resolved_basedir_len] = PHP_DIR_SEPARATOR; resolved_basedir[++resolved_basedir_len] = '\0'; } + } else { + resolved_basedir[resolved_basedir_len++] = PHP_DIR_SEPARATOR; + resolved_basedir[resolved_basedir_len] = '\0'; } resolved_name_len = strlen(resolved_name); @@ -188,8 +191,13 @@ #else if (strncmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) { #endif - / File is in the right directory / - return 0; + if (resolved_name_len > resolved_basedir_len && + resolved_name[resolved_basedir_len] != PHP_DIR_SEPARATOR) { + return -1; + } else { + / File is in the right directory / + return 0; + } } else { / /openbasedir/ and /openbasedir are the same directory */ if (resolved_basedir_len == (resolved_name_len + 1) && resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
[-] [+]	Changed	php-5.2.15.tar.bz2/main/php_version.h ^
@@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 2 -#define PHP_RELEASE_VERSION 14 +#define PHP_RELEASE_VERSION 15 #define PHP_EXTRA_VERSION "" -#define PHP_VERSION "5.2.14" -#define PHP_VERSION_ID 50214 +#define PHP_VERSION "5.2.15" +#define PHP_VERSION_ID 50215
[-] [+]	Changed	php-5.2.15.tar.bz2/php.ini-dist ^
@@ -614,7 +614,6 @@ ;extension=php_curl.dll ;extension=php_dba.dll ;extension=php_dbase.dll -;extension=php_exif.dll ;extension=php_fdf.dll ;extension=php_gd2.dll ;extension=php_gettext.dll @@ -624,6 +623,7 @@ ;extension=php_interbase.dll ;extension=php_ldap.dll ;extension=php_mbstring.dll +;extension=php_exif.dll ;extension=php_mcrypt.dll ;extension=php_mhash.dll ;extension=php_mime_magic.dll
[-] [+]	Changed	php-5.2.15.tar.bz2/php.ini-recommended ^
@@ -665,7 +665,6 @@ ;extension=php_curl.dll ;extension=php_dba.dll ;extension=php_dbase.dll -;extension=php_exif.dll ;extension=php_fdf.dll ;extension=php_gd2.dll ;extension=php_gettext.dll @@ -675,6 +674,7 @@ ;extension=php_interbase.dll ;extension=php_ldap.dll ;extension=php_mbstring.dll +;extension=php_exif.dll ;extension=php_mcrypt.dll ;extension=php_mhash.dll ;extension=php_mime_magic.dll
[-] [+]	Changed	php-5.2.15.tar.bz2/run-tests.php ^
@@ -24,7 +24,7 @@ +----------------------------------------------------------------------+ / -/ $Id: run-tests.php 293036 2010-01-03 09:23:27Z sebastian $ / +/ $Id: run-tests.php 303891 2010-09-30 11:16:45Z aharvey $ / / Sanity check to ensure that pcre extension needed by this script is available. * In the event it is not, print a nice error message indicating that this script will @@ -572,7 +572,7 @@ if (!$valgrind_header) { error("Valgrind returned no version info, cannot proceed.\nPlease check if Valgrind is installed."); } else { - $valgrind_version = preg_replace("/valgrind-([0-9])\.([0-9])\.([0-9]+)([.-]\w+)?(\s+)/", '$1$2$3', $valgrind_header, 1, $replace_count); + $valgrind_version = preg_replace("/valgrind-([0-9])\.([0-9])\.([0-9]+)([.-\w]+)?(\s+)/", '$1$2$3', $valgrind_header, 1, $replace_count); if ($replace_count != 1 \|\| !is_numeric($valgrind_version)) { error("Valgrind returned invalid version info (\"$valgrind_header\"), cannot proceed."); } @@ -641,7 +641,7 @@ $html_output = is_resource($html_file); break; case '--version': - echo '$Revision: 293036 $' . "\n"; + echo '$Revision: 303891 $' . "\n"; exit(1); default: @@ -2161,7 +2161,17 @@ $settings .= " -d \"$name=$val\""; } } else { - $value = addslashes($value); + if (substr(PHP_OS, 0, 3) == "WIN" && !empty($value) && $value{0} == '"') { + $len = strlen($value); + + if ($value{$len - 1} == '"') { + $value{0} = "'"; + $value{$len - 1} = "'"; + } + } else { + $value = addslashes($value); + } + $settings .= " -d \"$name=$value\""; } }
[-] [+]	Changed	php-5.2.15.tar.bz2/tests/basic/021.phpt ^
@@ -1,7 +1,7 @@ --TEST-- Bug #37276 (problems witch $_POST array) --INI-- -file_upload=1 +file_uploads=1 --POST_RAW-- Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737 -----------------------------20896060251896012921717172737
[-] [+]	Deleted	php5-5.2.14-rpmlintrc ^
@@ -1,4 +0,0 @@ -addFilter(".* 64bit-portability-issue rpmlint ") -addFilter(".* implicit-fortify-decl") -setBadness('64bit-portability-issue rpmlint', 0) -setBadness('implicit-fortify-decl', 0)
[-] [+]	Added	php5-5.2.15-rpmlintrc ^
@@ -0,0 +1,4 @@ +addFilter(".* 64bit-portability-issue rpmlint ") +addFilter(".* implicit-fortify-decl") +setBadness('64bit-portability-issue rpmlint', 0) +setBadness('implicit-fortify-decl', 0)