Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi release team,
William was so kind to prepare another batch
of *upstream* fixes (pulled from upstream git)
Here's changelog (the PHP#xxx added by me):
[ William Dauchy ]
* upstream fix: $env can be destructively changed. (PHP#60602 fixed in 5.4.27/5.5.11)
* upstream fix: copy() arginfo incorrect since 5.4 (PHP#66509 fixed in 5.4.25/5.5.9)
* upstream fix: Out of memory on command stream_get_contents (PHP#61019 fixed in 5.4.28/5.512
* upstream fix: stream_socket_server() creates wrong Abstract Namespace UNIX sockets (PHP#64330 fixed in 5.4.28/5.5.12)
* upstream fix: exit in stream filter produces segfault (PHP#66182 fixed in 5.4.28/5.5.12)
* upstream fix: fpassthru broken (PHP#66736 fixed in 5.4.28/5.5.12)
* upstream fix: Incorrect object comparison with inheritance (PHP#66286 fixed in 5.4.25)
* upstream fix: openssl_seal() memory leak (PHP#66942 fixed in 5.5.12)
* upstream fix: Segfault in mysqli_stmt::bind_result() when link closed (PHP# fixed in 5.4.28/5.5.11)
* upstream fix: Segmentation fault after memory_limit (PHP#66283 fixed in 5.4.25)
E.g. we already have the fixes in testing (5.5.12+dfsg-2)
Here's the diffstat:
$ diffstat php5_5.4.4-14+deb7u10.debdiff
debian/patches/Incorrect-object-comparison-with-inheritance.patch | 53 +++
debian/patches/Out-of-memory-on-command-stream_get_contents.patch | 100 ++++++
debian/patches/Segfault-in-mysqli_stmt-bind_result-when-link-closed.patch | 77 +++++
debian/patches/Segmentation-fault-after-memory_limit.patch | 37 ++
debian/patches/copy-arginfo-incorrect-since-54.patch | 39 ++
debian/patches/exit-in-stream-filter-produces-segfault.patch | 22 +
debian/patches/fpassthru-broken.patch | 57 +++
debian/patches/openssl_seal-memory-leak.patch | 86 ++++++
debian/patches/proc_open-separate-environment-values-that-arent-strings.patch | 143 ++++++++++
debian/patches/stream_socket_server-creates-wrong-Abstract-Namespace-UNIX-sockets.patch | 43 +++
php5-5.4.4/debian/changelog | 16 +
php5-5.4.4/debian/patches/series | 10
12 files changed, 683 insertions(+)
Here's more verbose diff from our git:
- --cut here--
commit 4a40977740fae9f1d34a40788deec3f511488cf9
Author: Ondřej Surý <ondrej@sury.org>
Date: Tue May 27 13:44:43 2014 +0200
prepare 5.4.4-14+deb7u10 release
commit 88691aa77dbf7776d52b2da0238c37305a801a45
Author: William Dauchy <william@gandi.net>
Date: Fri May 16 08:13:10 2014 +0200
upstream fix: Segmentation fault after memory_limit
see upstream bug https://bugs.php.net/66283
Fix bug #66283 (Segmentation fault after memory_limit)
commit e446a930eb58ac3a8032f15e78bc5d3cdc433d03
Author: William Dauchy <william@gandi.net>
Date: Fri May 16 08:08:18 2014 +0200
upstream fix: Segfault in mysqli_stmt::bind_result() when link closed
see https://bugs.php.net/66762 for details
Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
commit d11a7129feb265f3294c68e4bb67ff09d28f7f4b
Author: William Dauchy <william@gandi.net>
Date: Fri May 16 08:04:30 2014 +0200
upstream fix: openssl_seal() memory leak
see upstream bug https://bugs.php.net/66942 for details
Fix #66942: openssl_seal() memory leak
commit 15a2fe5b39ea1dd57e04bfee30b832bac448551a
Author: William Dauchy <william@gandi.net>
Date: Fri May 16 07:37:48 2014 +0200
upstream fix: Incorrect object comparison with inheritance
see upstream bug
https://bugs.php.net/66286
7e8e21d Fix bug #66286: Incorrect object comparison with inheritance
commit 8147cf0199f551ae08349cff3dd490d9983379a6
Author: William Dauchy <william@gandi.net>
Date: Fri May 16 07:29:01 2014 +0200
upstream fix: fpassthru broken
see upstream bug https://bugs.php.net/66736
d08b4db Fix Bug #66736 fpassthru broken
commit 9ff44b6877e7e2dc6157d64c9282ce378a5aa30e
Author: William Dauchy <william@gandi.net>
Date: Thu May 15 22:51:16 2014 +0200
upstream fix: exit in stream filter produces segfault
see upstream bug https://bugs.php.net/66182 for details
7ab5c59 Fix bug #66182 exit in stream filter produces segfault
commit bacc5dc59e7cf954c643cafe30905e460bb7cdf2
Author: William Dauchy <william@gandi.net>
Date: Thu May 15 22:38:15 2014 +0200
upstream fix: stream_socket_server() creates wrong Abstract Namespace UNIX sockets
see upstream bug for details https://bugs.php.net/64330
91a9d24
stream_socket_server() creates wrong Abstract Namespace UNIX sockets
commit 7989b1d53d526da0c9655f5d8950ab4a9fc9bb06
Author: William Dauchy <william@gandi.net>
Date: Thu May 15 22:25:09 2014 +0200
upstream fix: Out of memory on command stream_get_contents
fixing upstream bug
https://bugs.php.net/61019
1ec83d4 Fixed bug #61019 (Out of memory on command stream_get_contents)
commit 6ff0b2950c39e3b014b02de1c645c89d16bfb724
Author: William Dauchy <william@gandi.net>
Date: Mon Apr 28 11:58:42 2014 +0200
upstream fix: copy() arginfo incorrect since 5.4
see https://bugs.php.net/66509 for the upstream bug
5b906ce Fix bug #66509: copy() arginfo incorrect since 5.4
commit 5125e28f1275d22dad1ec2d909ac90a6a7fc2f27
Author: William Dauchy <william@gandi.net>
Date: Mon Apr 28 11:25:20 2014 +0200
upstream fix: $env can be destructively changed.
see upstream bug for details:
https://bugs.php.net/60602
upstream fix:
e73c05b proc_open(): separate environment values that aren't strings
- --cut here--
And the full .debdiff is attached.
Ondrej
- -- System Information:
Debian Release: 7.5
APT prefers stable
APT policy: (900, 'stable'), (800, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJThIV9AAoJEAyZtw70/LsH42QP/2jHGYz4+Q8HNjzzpJMfbz1G
j1HEgaRbi7WrIHcK2OE0tivfeyli90CnOzuAZlw+Aha4KxJHgLgMBsVq7yaz58o2
FFTcfFk99K35w0qV9P46UOL6NhlNGaeDI2Jp19wpzoxV6Gguy6E5EvPJjQwEic7P
yIiC7of54Qz66VGTecms00V2gX7QBsC92DnXnGNXUm+exr7hN3Za+zaP1I4VqyB/
/hRLvKF4CN29JiehN6uVY+Ny+CL2CrZQqbxWw7unfXvkzmhoW2P8ZB6IGNs4ITvT
eYURCplWvSiOfBKDmo7X4iYpkrqTYkHNHP2NK5Z49DyaZpaCpOVGKaqGNmMnGxaB
w3ZR8kz7o+kygR8IYon64CIt03CZyuecjhC+FrCQnHIJPTgSETpRUNQ0BFPQs/cq
VYuMauU2gYconkosTNxSe4T8QNoUzPMW3mCOYFMYgWBp6iaqO8tZkU0XzmA6toL5
K+Pd+k1PA6A7b0FbRBp0cHQIdJPTMghAI/3uHQs6OIS42DUAR0drS1+aRnHVKdKh
7JPKc8Cmey90kDTMdGzK95LXx80VzayE0GKZbdNuYtUsrLPShLG5mUAi2qew/90v
BCLNzW0DCSrPDVpJxKc79o3XAFdzLrKT3zTu4AG1bv1HDaxJjW9Ib5EJkaeyrPXE
YQ4cYJzY7PBQNf34A00u
=/bx8
-----END PGP SIGNATURE-----
diff -u php5-5.4.4/debian/changelog php5-5.4.4/debian/changelog
--- php5-5.4.4/debian/changelog
+++ php5-5.4.4/debian/changelog
@@ -1,3 +1,19 @@
+php5 (5.4.4-14+deb7u10) stable; urgency=medium
+
+ [ William Dauchy ]
+ * upstream fix: $env can be destructively changed.
+ * upstream fix: copy() arginfo incorrect since 5.4
+ * upstream fix: Out of memory on command stream_get_contents
+ * upstream fix: stream_socket_server() creates wrong Abstract Namespace UNIX sockets
+ * upstream fix: exit in stream filter produces segfault
+ * upstream fix: fpassthru broken
+ * upstream fix: Incorrect object comparison with inheritance
+ * upstream fix: openssl_seal() memory leak
+ * upstream fix: Segfault in mysqli_stmt::bind_result() when link closed
+ * upstream fix: Segmentation fault after memory_limit
+
+ -- Ondřej Surý <ondrej@debian.org> Tue, 27 May 2014 13:44:18 +0200
+
php5 (5.4.4-14+deb7u9) stable; urgency=low
[ William Dauchy ]
diff -u php5-5.4.4/debian/patches/series php5-5.4.4/debian/patches/series
--- php5-5.4.4/debian/patches/series
+++ php5-5.4.4/debian/patches/series
@@ -141,0 +142,10 @@
+proc_open-separate-environment-values-that-arent-strings.patch
+copy-arginfo-incorrect-since-54.patch
+Out-of-memory-on-command-stream_get_contents.patch
+stream_socket_server-creates-wrong-Abstract-Namespace-UNIX-sockets.patch
+exit-in-stream-filter-produces-segfault.patch
+fpassthru-broken.patch
+Incorrect-object-comparison-with-inheritance.patch
+openssl_seal-memory-leak.patch
+Segfault-in-mysqli_stmt-bind_result-when-link-closed.patch
+Segmentation-fault-after-memory_limit.patch
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/Segfault-in-mysqli_stmt-bind_result-when-link-closed.patch
+++ php5-5.4.4/debian/patches/Segfault-in-mysqli_stmt-bind_result-when-link-closed.patch
@@ -0,0 +1,77 @@
+commit 9137acc7ecdf1542fe6fda5056a0273359682735
+Author: Remi Collet <remi@php.net>
+Date: Thu Feb 27 08:45:16 2014 +0100
+
+ Fixed Bug #66762 Segfault in mysqli_stmt::bind_result() when link closed
+
+ Each new mysqli_stmt now increase the refcount of the link object.
+ So the link is really destroy after all statements.
+
+ Only implemented with libmysqlclient, as mysqlnd already implement
+ this internally.
+
+ So, libmysqlclient and mysqlnd have the same behavior.
+
+--- a/ext/mysqli/mysqli.c
++++ b/ext/mysqli/mysqli.c
+@@ -176,8 +176,11 @@
+ php_free_stmt_bind_buffer(stmt->param, FETCH_SIMPLE);
+ /* Clean output bind */
+ php_free_stmt_bind_buffer(stmt->result, FETCH_RESULT);
+-#endif
+
++ if (stmt->link_handle) {
++ zend_objects_store_del_ref_by_handle(stmt->link_handle TSRMLS_CC);
++ }
++#endif
+ if (stmt->query) {
+ efree(stmt->query);
+ }
+@@ -1052,6 +1055,10 @@
+ efree(stmt);
+ RETURN_FALSE;
+ }
++#ifndef MYSQLI_USE_MYSQLND
++ stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
++ zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
++#endif
+
+ mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
+ mysqli_resource->ptr = (void *)stmt;
+--- a/ext/mysqli/mysqli_api.c
++++ b/ext/mysqli/mysqli_api.c
+@@ -1837,6 +1837,10 @@
+ efree(stmt);
+ RETURN_FALSE;
+ }
++#ifndef MYSQLI_USE_MYSQLND
++ stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
++ zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
++#endif
+
+ mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
+ mysqli_resource->ptr = (void *)stmt;
+@@ -2365,6 +2369,10 @@
+ efree(stmt);
+ RETURN_FALSE;
+ }
++#ifndef MYSQLI_USE_MYSQLND
++ stmt->link_handle = Z_OBJ_HANDLE(*mysql_link);
++ zend_objects_store_add_ref_by_handle(stmt->link_handle TSRMLS_CC);
++#endif
+
+ mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1, sizeof(MYSQLI_RESOURCE));
+ mysqli_resource->status = MYSQLI_STATUS_INITIALIZED;
+--- a/ext/mysqli/php_mysqli_structs.h
++++ b/ext/mysqli/php_mysqli_structs.h
+@@ -116,6 +116,10 @@
+ BIND_BUFFER param;
+ BIND_BUFFER result;
+ char *query;
++#ifndef MYSQLI_USE_MYSQLND
++ /* used to manage refcount with libmysql (already implement in mysqlnd) */
++ zend_object_handle link_handle;
++#endif
+ } MY_STMT;
+
+ typedef struct {
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/stream_socket_server-creates-wrong-Abstract-Namespace-UNIX-sockets.patch
+++ php5-5.4.4/debian/patches/stream_socket_server-creates-wrong-Abstract-Namespace-UNIX-sockets.patch
@@ -0,0 +1,43 @@
+commit 91a9d24aa30507e6c7d8937db2de24394f0ce121
+Author: Michael Wallner <mike@php.net>
+Date: Wed Apr 2 11:09:26 2014 +0200
+
+ Fix bug #64330
+
+ stream_socket_server() creates wrong Abstract Namespace UNIX sockets
+
+--- /dev/null
++++ b/ext/standard/tests/network/bug64330.phpt
+@@ -0,0 +1,20 @@
++--TEST--
++Bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets)
++--SKIPIF--
++<?php
++if (!in_array("unix", stream_get_transports())) die("SKIP unix domain sockets unavailable");
++?>
++--FILE--
++<?php
++echo "Test\n";
++$server = stream_socket_server("unix://\x00/MyBindName");
++$client = stream_socket_client("unix://\x00/MyBindName");
++if ($client) {
++ echo "ok\n";
++}
++?>
++===DONE===
++--EXPECT--
++Test
++ok
++===DONE===
+--- a/main/streams/xp_socket.c
++++ b/main/streams/xp_socket.c
+@@ -588,7 +588,8 @@
+
+ parse_unix_address(xparam, &unix_addr TSRMLS_CC);
+
+- return bind(sock->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr));
++ return bind(sock->socket, (const struct sockaddr *)&unix_addr,
++ (socklen_t) XtOffsetOf(struct sockaddr_un, sun_path) + xparam->inputs.namelen);
+ }
+ #endif
+
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/Incorrect-object-comparison-with-inheritance.patch
+++ php5-5.4.4/debian/patches/Incorrect-object-comparison-with-inheritance.patch
@@ -0,0 +1,53 @@
+commit 7e8e21df0c9aa39278e994b05540b69920201b32
+Author: Nikita Popov <nikic@php.net>
+Date: Sat Jan 4 01:22:14 2014 +0100
+
+ Fix bug #66286: Incorrect object comparison with inheritance
+
+ std_compare_objects immidiately returned 0 if the property tables
+ of both objects contain NULL at some index. Thus it would report
+ objects as equal even though properties following after that
+ differ.
+
+--- /dev/null
++++ b/Zend/tests/bug66286.phpt
+@@ -0,0 +1,26 @@
++--TEST--
++Bug #66286: Incorrect object comparison with inheritance
++--FILE--
++<?php
++
++abstract class first {
++ protected $someArray = array();
++}
++
++class second extends first {
++ protected $someArray = array();
++ protected $someValue = null;
++
++ public function __construct($someValue) {
++ $this->someValue = $someValue;
++ }
++}
++
++$objFirst = new second('123');
++$objSecond = new second('321');
++
++var_dump ($objFirst == $objSecond);
++
++?>
++--EXPECT--
++bool(false)
+--- a/Zend/zend_object_handlers.c
++++ b/Zend/zend_object_handlers.c
+@@ -1376,10 +1376,6 @@
+ Z_OBJ_UNPROTECT_RECURSION(o1);
+ Z_OBJ_UNPROTECT_RECURSION(o2);
+ return 1;
+- } else {
+- Z_OBJ_UNPROTECT_RECURSION(o1);
+- Z_OBJ_UNPROTECT_RECURSION(o2);
+- return 0;
+ }
+ }
+ }
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/Segmentation-fault-after-memory_limit.patch
+++ php5-5.4.4/debian/patches/Segmentation-fault-after-memory_limit.patch
@@ -0,0 +1,37 @@
+commit 2311ba7d3ff08d27bd7d4b87b51a0f96c5d62d12
+Author: Johannes Schlüter <johannes@php.net>
+Date: Tue Jan 21 16:28:30 2014 +0100
+
+ Fix bug #66283 (Segmentation fault after memory_limit)
+
+ There are situations where mysqlnd dupliates zvals while freeing result
+ sets. If the memory_limit is reached during this operation the engine
+ will bailout. This patch makes sure that a later attempt (during
+ RSHIUTDOWN) won't cause a double free, instead we rely on the engine to
+ free emalloc()ed memory after bailout.
+
+--- a/ext/mysqlnd/mysqlnd_result.c
++++ b/ext/mysqlnd/mysqlnd_result.c
+@@ -198,9 +198,11 @@
+ if (set->data) {
+ unsigned int copy_on_write_performed = 0;
+ unsigned int copy_on_write_saved = 0;
++ zval **data = set->data;
++ set->data = NULL; /* prevent double free if following loop is interrupted */
+
+ for (row = set->row_count - 1; row >= 0; row--) {
+- zval **current_row = set->data + row * field_count;
++ zval **current_row = data + row * field_count;
+ MYSQLND_MEMORY_POOL_CHUNK *current_buffer = set->row_buffers[row];
+ int64_t col;
+
+@@ -222,8 +224,7 @@
+
+ MYSQLND_INC_GLOBAL_STATISTIC_W_VALUE2(STAT_COPY_ON_WRITE_PERFORMED, copy_on_write_performed,
+ STAT_COPY_ON_WRITE_SAVED, copy_on_write_saved);
+- mnd_efree(set->data);
+- set->data = NULL;
++ mnd_efree(data);
+ }
+
+ if (set->row_buffers) {
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/copy-arginfo-incorrect-since-54.patch
+++ php5-5.4.4/debian/patches/copy-arginfo-incorrect-since-54.patch
@@ -0,0 +1,39 @@
+commit 5b906ce6eb02118697c2f81d462ddfa724377fe8
+Author: Will Fitch <willfitch@php.net>
+Date: Sat Jan 18 11:25:53 2014 -0500
+
+ Fix bug #66509: copy() arginfo incorrect since 5.4
+
+ Since 5.4, the ZEND_BEGIN_ARG_INFO_EX was replaced
+ by non _EX, causing Reflection to assume the
+ $context parameter is required.
+
+--- a/ext/standard/basic_functions.c
++++ b/ext/standard/basic_functions.c
+@@ -1206,7 +1206,7 @@
+ ZEND_BEGIN_ARG_INFO(arginfo_fstat, 0)
+ ZEND_ARG_INFO(0, fp)
+ ZEND_END_ARG_INFO()
+-ZEND_BEGIN_ARG_INFO(arginfo_copy, 0)
++ZEND_BEGIN_ARG_INFO_EX(arginfo_copy, 0, 0, 2)
+ ZEND_ARG_INFO(0, source_file)
+ ZEND_ARG_INFO(0, destination_file)
+ ZEND_ARG_INFO(0, context)
+--- /dev/null
++++ b/ext/standard/tests/file/bug66509.phpt
+@@ -0,0 +1,15 @@
++--TEST--
++Bug #66509 (copy() showing $context parameter as required)
++--FILE--
++<?php
++
++$r = new \ReflectionFunction('copy');
++
++foreach($r->getParameters() as $p) {
++ var_dump($p->isOptional());
++}
++?>
++--EXPECT--
++bool(false)
++bool(false)
++bool(true)
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/Out-of-memory-on-command-stream_get_contents.patch
+++ php5-5.4.4/debian/patches/Out-of-memory-on-command-stream_get_contents.patch
@@ -0,0 +1,100 @@
+commit 1ec83d44a1601c3560f430e08af9698bf8fb075c
+Author: Michael Wallner <mike@php.net>
+Date: Wed Apr 2 15:36:39 2014 +0200
+
+ Fixed bug #61019 (Out of memory on command stream_get_contents)
+
+--- /dev/null
++++ b/ext/standard/tests/streams/bug61019.phpt
+@@ -0,0 +1,78 @@
++--TEST--
++Bug #61019 (Out of memory on command stream_get_contents)
++--FILE--
++<?php
++
++echo "Test\n";
++
++$descriptorspec = array(
++ 0 => array("pipe", "r"), // stdin is a pipe that the child will read from
++ 1 => array("pipe", "w"), // stdout is a pipe that the child will write to
++ 2 => array("pipe", "w") // stderr is a pipe that the child will write to
++);
++
++$process=proc_open("echo testtext",$descriptorspec,$pipes);
++if(is_resource($process))
++{
++ stream_set_blocking($pipes[0],false);
++ stream_set_blocking($pipes[1],false);
++ stream_set_blocking($pipes[2],false);
++ stream_set_write_buffer($pipes[0],0);
++ stream_set_read_buffer($pipes[1],0);
++ stream_set_read_buffer($pipes[2],0);
++ $stdin_stream="";
++ $stderr_stream="";
++
++ echo "External command executed\n";
++ do
++ {
++ $process_state=proc_get_status($process);
++ $tmp_stdin=stream_get_contents($pipes[1]);
++ if($tmp_stdin)
++ {
++ $stdin_stream=$stdin_stream.$tmp_stdin;
++ }
++ $tmp_stderr=stream_get_contents($pipes[2]);
++ if($tmp_stderr)
++ {
++ $stderr_stream=$stderr_stream.$tmp_stderr;
++ }
++ } while($process_state['running']);
++
++ echo "External command exit: ".$process_state['exitcode']."\n";
++
++ //read outstanding data
++ $tmp_stdin=stream_get_contents($pipes[1]);
++ if($tmp_stdin)
++ {
++ $stdin_stream=$stdin_stream.$tmp_stdin;
++ }
++ $tmp_stderr=stream_get_contents($pipes[2]);
++ if($tmp_stderr)
++ {
++ $stderr_stream=$stderr_stream.$tmp_stderr;
++ }
++
++ fclose ($pipes[0]);
++ fclose ($pipes[1]);
++ fclose ($pipes[2]);
++
++ proc_close($process);
++
++ echo "STDOUT: ".$stdin_stream."\n";
++ echo "STDERR: ".$stderr_stream."\n";
++}
++else
++{
++ echo "Can't start external command\n";
++}
++?>
++===DONE===
++--EXPECT--
++Test
++External command executed
++External command exit: 0
++STDOUT: testtext
++
++STDERR:
++===DONE===
+--- a/main/streams/streams.c
++++ b/main/streams/streams.c
+@@ -735,6 +735,10 @@
+
+ if (!stream->readfilters.head && (stream->flags & PHP_STREAM_FLAG_NO_BUFFER || stream->chunk_size == 1)) {
+ toread = stream->ops->read(stream, buf, size TSRMLS_CC);
++ if (toread == (size_t) -1) {
++ /* e.g. underlying read(2) returned -1 */
++ break;
++ }
+ } else {
+ php_stream_fill_read_buffer(stream, size TSRMLS_CC);
+
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/fpassthru-broken.patch
+++ php5-5.4.4/debian/patches/fpassthru-broken.patch
@@ -0,0 +1,57 @@
+commit d08b4dbf23febd3f305a2682b03ab9c70f11ac60
+Author: Michael Wallner <mike@php.net>
+Date: Thu Apr 3 10:40:06 2014 +0200
+
+ Fix Bug #66736 fpassthru broken
+
+--- a/main/output.c
++++ b/main/output.c
+@@ -234,6 +234,13 @@
+ * Unbuffered write */
+ PHPAPI int php_output_write_unbuffered(const char *str, size_t len TSRMLS_DC)
+ {
++#if PHP_DEBUG
++ if (len > UINT_MAX) {
++ php_error(E_WARNING, "Attempt to output more than UINT_MAX bytes at once; "
++ "output will be truncated %lu => %lu",
++ (unsigned long) len, (unsigned long) (len % UINT_MAX));
++ }
++#endif
+ if (OG(flags) & PHP_OUTPUT_DISABLED) {
+ return 0;
+ }
+@@ -248,6 +255,13 @@
+ * Buffered write */
+ PHPAPI int php_output_write(const char *str, size_t len TSRMLS_DC)
+ {
++#if PHP_DEBUG
++ if (len > UINT_MAX) {
++ php_error(E_WARNING, "Attempt to output more than UINT_MAX bytes at once; "
++ "output will be truncated %lu => %lu",
++ (unsigned long) len, (unsigned long) (len % UINT_MAX));
++ }
++#endif
+ if (OG(flags) & PHP_OUTPUT_DISABLED) {
+ return 0;
+ }
+--- a/main/streams/streams.c
++++ b/main/streams/streams.c
+@@ -1404,11 +1404,16 @@
+ p = php_stream_mmap_range(stream, php_stream_tell(stream), PHP_STREAM_MMAP_ALL, PHP_STREAM_MAP_MODE_SHARED_READONLY, &mapped);
+
+ if (p) {
+- PHPWRITE(p, mapped);
++ do {
++ /* output functions return int, so pass in int max */
++ if (0 < (b = PHPWRITE(p, MIN(mapped - bcount, INT_MAX)))) {
++ bcount += b;
++ }
++ } while (b > 0 && mapped > bcount);
+
+ php_stream_mmap_unmap_ex(stream, mapped);
+
+- return mapped;
++ return bcount;
+ }
+ }
+
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/proc_open-separate-environment-values-that-arent-strings.patch
+++ php5-5.4.4/debian/patches/proc_open-separate-environment-values-that-arent-strings.patch
@@ -0,0 +1,143 @@
+commit e73c05b75e9b279acffe2320fd65e6e54cbd0b59
+Author: Tjerk Meesters <datibbaw@php.net>
+Date: Thu Oct 10 20:21:14 2013 +0800
+
+ proc_open(): separate environment values that aren't strings
+
+ Added a test case
+
+--- a/ext/standard/proc_open.c
++++ b/ext/standard/proc_open.c
+@@ -116,8 +116,17 @@
+ zend_hash_get_current_data_ex(target_hash, (void **) &element, &pos) == SUCCESS;
+ zend_hash_move_forward_ex(target_hash, &pos)) {
+
+- convert_to_string_ex(element);
+- el_len = Z_STRLEN_PP(element);
++ if (Z_TYPE_PP(element) != IS_STRING) {
++ zval tmp;
++
++ MAKE_COPY_ZVAL(element, &tmp);
++ convert_to_string(&tmp);
++ el_len = Z_STRLEN(tmp);
++
++ zval_dtor(&tmp);
++ } else {
++ el_len = Z_STRLEN_PP(element);
++ }
+ if (el_len == 0) {
+ continue;
+ }
+@@ -129,7 +138,7 @@
+ if (string_length == 0) {
+ continue;
+ }
+- sizeenv += string_length+1;
++ sizeenv += string_length;
+ break;
+ }
+ }
+@@ -142,19 +151,26 @@
+ for (zend_hash_internal_pointer_reset_ex(target_hash, &pos);
+ zend_hash_get_current_data_ex(target_hash, (void **) &element, &pos) == SUCCESS;
+ zend_hash_move_forward_ex(target_hash, &pos)) {
++ zval tmp;
++
++ if (Z_TYPE_PP(element) != IS_STRING) {
++ MAKE_COPY_ZVAL(element, &tmp);
++ convert_to_string(&tmp);
++ } else {
++ tmp = **element;
++ }
+
+- convert_to_string_ex(element);
+- el_len = Z_STRLEN_PP(element);
++ el_len = Z_STRLEN(tmp);
+
+ if (el_len == 0) {
+- continue;
++ goto next_element;
+ }
+
+- data = Z_STRVAL_PP(element);
++ data = Z_STRVAL(tmp);
+ switch (zend_hash_get_current_key_ex(target_hash, &string_key, &string_length, &num_key, 0, &pos)) {
+ case HASH_KEY_IS_STRING:
+ if (string_length == 0) {
+- continue;
++ goto next_element;
+ }
+
+ l = string_length + el_len + 1;
+@@ -179,6 +195,11 @@
+ case HASH_KEY_NON_EXISTANT:
+ break;
+ }
++
++next_element:
++ if (Z_TYPE_PP(element) != IS_STRING) {
++ zval_dtor(&tmp);
++ }
+ }
+
+ assert((uint)(p - env.envp) <= sizeenv);
+--- /dev/null
++++ b/ext/standard/tests/streams/bug60602.phpt
+@@ -0,0 +1,57 @@
++--TEST--
++Bug #60602 proc_open() modifies environment if it contains arrays
++--FILE--
++<?php
++
++$descs = array(
++ 0 => array('pipe', 'r'), // stdin
++ 1 => array('pipe', 'w'), // stdout
++ 2 => array('pipe', 'w'), // strerr
++);
++
++$environment = array('test' => array(1, 2, 3));
++
++$cmd = (substr(PHP_OS, 0, 3) == 'WIN') ? 'dir' : 'ls';
++$p = proc_open($cmd, $descs, $pipes, '.', $environment);
++
++if (is_resource($p)) {
++ $data = '';
++
++ while (1) {
++ $w = $e = NULL;
++ $n = stream_select($pipes, $w, $e, 300);
++
++ if ($n === false) {
++ echo "no streams \n";
++ break;
++ } else if ($n === 0) {
++ echo "process timed out\n";
++ proc_terminate($p, 9);
++ break;
++ } else if ($n > 0) {
++ $line = fread($pipes[1], 8192);
++ if (strlen($line) == 0) {
++ /* EOF */
++ break;
++ }
++ $data .= $line;
++ }
++ }
++ var_dump(strlen($data));
++
++ $ret = proc_close($p);
++ var_dump($ret);
++ var_dump(is_array($environment['test']));
++} else {
++ echo "no process\n";
++}
++?>
++==DONE==
++--EXPECTF--
++Notice: Array to string conversion in %s on line %d
++
++Notice: Array to string conversion in %s on line %d
++int(%d)
++int(0)
++bool(true)
++==DONE==
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/openssl_seal-memory-leak.patch
+++ php5-5.4.4/debian/patches/openssl_seal-memory-leak.patch
@@ -0,0 +1,86 @@
+commit a186312832207437e4783024dcdece5232ac6c39
+Author: Chuan Ma <Chuan.Ma@avidlifemedia.com>
+Date: Mon Mar 24 23:24:41 2014 -0400
+
+ Fix #66942: openssl_seal() memory leak
+
+ Fix #66952: memory leak in openssl_open()
+
+--- a/NEWS
++++ b/NEWS
+@@ -1068,6 +1068,10 @@
+ - Session:
+ . Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)
+
++- OpenSSL:
++ . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
++ . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
++
+ - SimpleXML:
+ . Reverted the SimpleXML->query() behaviour to returning empty arrays
+ instead of false when no nodes are found as it was since 5.3.3
+--- a/ext/openssl/openssl.c
++++ b/ext/openssl/openssl.c
+@@ -4287,6 +4287,7 @@
+
+ if (!EVP_EncryptInit(&ctx,cipher,NULL,NULL)) {
+ RETVAL_FALSE;
++ EVP_CIPHER_CTX_cleanup(&ctx);
+ goto clean_exit;
+ }
+
+@@ -4297,10 +4298,12 @@
+ #endif
+ /* allocate one byte extra to make room for \0 */
+ buf = emalloc(data_len + EVP_CIPHER_CTX_block_size(&ctx));
++ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ if (!EVP_SealInit(&ctx, cipher, eks, eksl, NULL, pkeys, nkeys) || !EVP_SealUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
+ RETVAL_FALSE;
+ efree(buf);
++ EVP_CIPHER_CTX_cleanup(&ctx);
+ goto clean_exit;
+ }
+
+@@ -4333,6 +4336,7 @@
+ efree(buf);
+ }
+ RETVAL_LONG(len1 + len2);
++ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ clean_exit:
+ for (i=0; i<nkeys; i++) {
+@@ -4391,25 +4395,21 @@
+ if (EVP_OpenInit(&ctx, cipher, (unsigned char *)ekey, ekey_len, NULL, pkey) && EVP_OpenUpdate(&ctx, buf, &len1, (unsigned char *)data, data_len)) {
+ if (!EVP_OpenFinal(&ctx, buf + len1, &len2) || (len1 + len2 == 0)) {
+ efree(buf);
+- if (keyresource == -1) {
+- EVP_PKEY_free(pkey);
+- }
+- RETURN_FALSE;
++ RETVAL_FALSE;
++ } else {
++ zval_dtor(opendata);
++ buf[len1 + len2] = '\0';
++ ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
++ RETVAL_TRUE;
+ }
+ } else {
+ efree(buf);
+- if (keyresource == -1) {
+- EVP_PKEY_free(pkey);
+- }
+- RETURN_FALSE;
++ RETVAL_FALSE;
+ }
+ if (keyresource == -1) {
+ EVP_PKEY_free(pkey);
+ }
+- zval_dtor(opendata);
+- buf[len1 + len2] = '\0';
+- ZVAL_STRINGL(opendata, erealloc(buf, len1 + len2 + 1), len1 + len2, 0);
+- RETURN_TRUE;
++ EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ /* }}} */
+
only in patch2:
unchanged:
--- php5-5.4.4.orig/debian/patches/exit-in-stream-filter-produces-segfault.patch
+++ php5-5.4.4/debian/patches/exit-in-stream-filter-produces-segfault.patch
@@ -0,0 +1,22 @@
+commit 7ab5c593f77b229210a88d436270707f74b22b78
+Author: Michael Wallner <mike@php.net>
+Date: Thu Apr 3 09:07:35 2014 +0200
+
+ Fix bug #66182 exit in stream filter produces segfault
+
+ Unfortunately, a segv caused by exit cannot be tested reliably.
+
+--- a/ext/standard/user_filters.c
++++ b/ext/standard/user_filters.c
+@@ -180,6 +180,11 @@
+ zval zpropname;
+ int call_result;
+
++ /* the userfilter object probably doesn't exist anymore */
++ if (CG(unclean_shutdown)) {
++ return ret;
++ }
++
+ if (FAILURE == zend_hash_find(Z_OBJPROP_P(obj), "stream", sizeof("stream"), (void**)&zstream)) {
+ /* Give the userfilter class a hook back to the stream */
+ ALLOC_INIT_ZVAL(zstream);
Attachment:
php5_5.4.4-14+deb7u10.diff.gz
Description: application/gzip
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.0 Source: php5 Binary: php5, php5-common, libapache2-mod-php5, libapache2-mod-php5filter, php5-cgi, php5-cli, php5-fpm, libphp5-embed, php5-dev, php5-dbg, php-pear, php5-curl, php5-enchant, php5-gd, php5-gmp, php5-imap, php5-interbase, php5-intl, php5-ldap, php5-mcrypt, php5-mysql, php5-mysqlnd, php5-odbc, php5-pgsql, php5-pspell, php5-recode, php5-snmp, php5-sqlite, php5-sybase, php5-tidy, php5-xmlrpc, php5-xsl Architecture: any all Version: 5.4.4-14+deb7u10 Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Uploaders: Ondřej Surý <ondrej@debian.org>, Sean Finney <seanius@debian.org>, Thijs Kinkhorst <thijs@debian.org>, Lior Kaplan <kaplan@debian.org>, William Dauchy <wdauchy@gmail.com> Homepage: http://www.php.net/ Standards-Version: 3.9.3 Vcs-Browser: http://git.debian.org/?p=pkg-php/php.git Vcs-Git: git://git.debian.org/pkg-php/php.git Build-Depends: apache2-prefork-dev, autoconf (>= 2.63), automake (>= 1.11) | automake1.11, bison, chrpath, debhelper (>= 5), firebird-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.5-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.1-dev [!hurd-any !m68k !hppa !ppc64], flex, freetds-dev, hardening-wrapper, libapr1-dev (>= 1.2.7-8), libbz2-dev, libc-client-dev, libcurl4-openssl-dev | libcurl-dev, libdb-dev, libenchant-dev, libevent-dev (>= 1.4.11), libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd2-xpm-dev, libglib2.0-dev, libgmp3-dev, libicu-dev, libjpeg-dev | libjpeg62-dev, libkrb5-dev, libldap2-dev, libmagic-dev, libmcrypt-dev, libmhash-dev (>= 0.8.8), libmysqlclient-dev | libmysqlclient15-dev, libonig-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng-dev | libpng12-dev, libpq-dev, libpspell-dev, libqdbm-dev, librecode-dev, libsasl2-dev, libsnmp-dev, libsqlite3-dev, libssl-dev, libtidy-dev, libtool (>= 2.2), libwrap0-dev, libxmltok1-dev, libxml2-dev, libx slt1-dev (>= 1.0.18), locales-all | language-pack-de, mysql-server, netbase, netcat-traditional, quilt, re2c, unixodbc-dev, zlib1g-dev, tzdata Build-Conflicts: bind-dev Package-List: libapache2-mod-php5 deb httpd optional libapache2-mod-php5filter deb httpd extra libphp5-embed deb php optional php-pear deb php optional php5 deb php optional php5-cgi deb php optional php5-cli deb php optional php5-common deb php optional php5-curl deb php optional php5-dbg deb debug extra php5-dev deb php optional php5-enchant deb php optional php5-fpm deb php optional php5-gd deb php optional php5-gmp deb php optional php5-imap deb php optional php5-interbase deb php optional php5-intl deb php optional php5-ldap deb php optional php5-mcrypt deb php optional php5-mysql deb php optional php5-mysqlnd deb php extra php5-odbc deb php optional php5-pgsql deb php optional php5-pspell deb php optional php5-recode deb php optional php5-snmp deb php optional php5-sqlite deb php optional php5-sybase deb php optional php5-tidy deb php optional php5-xmlrpc deb php optional php5-xsl deb php optional Checksums-Sha1: 5b218c805078dca5925bef26bb3fb7a9cf98a940 14060505 php5_5.4.4.orig.tar.gz 2a946b5bd712fb3cd53109963b43b3df303666ca 265525 php5_5.4.4-14+deb7u10.diff.gz Checksums-Sha256: 0404b517ff938aca2c445fd61d10467e275acb031607cb09bf678241ba205edf 14060505 php5_5.4.4.orig.tar.gz d26dea91b429ad5ee74da4f32509d736470bb279129992b6cb811f593142c8d7 265525 php5_5.4.4-14+deb7u10.diff.gz Files: 8366c3626f2275ab8c7ef5e2d6bc5bd7 14060505 php5_5.4.4.orig.tar.gz a71cf8c3efca25f8d6dcc3ddfe74557e 265525 php5_5.4.4-14+deb7u10.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJThIFfAAoJEAyZtw70/LsH7o4QAJUGcKhnnbXhirR+5Cx4BYAk qIvFaCSPcCsWbRR1me6mJ1osYwf9dXXk9FTLPj/Xvh8JUhOjBtYkaH/oXO4nq17I RtxR8W/xNq+75gPsTdHrcVVacvxoCrq5HYAtXHsGjQt0zrqTliVtpoH6je8EiaHX t0gA44Ff+1lzCiq+ylCXWByBXVag1ZYBvOSuW10X5GT6BmA7ZvDWFVWEHnQOAtRl 7ZW92UIQ2Z6G/Thp2rIp3LFue9jd9BboCHYAAQdR5Mlr5S87XIcGigMVg1uEbbZD T4O4o+HnEAN9FoYoEy4/kFemgp2WBP1jHG9I/6awJWXJMo5NvFNKhmseGx9FxL39 Otiu71uBohFdeTIwXAWxtRi9YT7eEswPn9hZB4/aW6LcqPWOlyrEP+AUhrQasroT otKhxLaEssJKQbNLIl5EEkLigURo38TrpDZsl6drXM6pOnYIaU0zFCVf0KTkT6Bu mHo2LrYdT519DUJYjsZgUDMv7Imnoozd+z3+tU9wybQ5ZuhBxMaQ2Z6SJQ4vW4p7 GfLwHiRwFJwseDUj4p276ZqxPHs2egYBhRruVYhDJVxVQsoyp/1odGf3ER052E2L 5gxeBd5MaKRnZbYf2bvUaBmdSmofdJhUXCy853pZf8ZBLDmF5erg7hFQSBrHfWKs cVob836Rkc5LeSMVyB4Y =F/3P -----END PGP SIGNATURE-----