Merge branch 'PHP-5.4' of git.php.net:php-src into PHP-5.4

* 'PHP-5.4' of git.php.net:php-src:
  bump version
  Update NEWS
  fix bug #65481 (shutdown segfault due to serialize)
  Track created curl_slist structs by option so they can be updated in situ.
  Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse').
  added new glob() test
  fix using wrong buffer pointer
  Fix bug #65470	Segmentation fault in zend_error() with --enable-dtrace
  Fix for php bug #64802 includes test case
  new for fix #65225
  Fixed #65225: PHP_BINARY incorrectly set
  Use pkg-config to detect iodbc
  Add -P option to use the current binary
  Create test to the extension xmlrpc
  Fixbug: phpize --clean will delete include/*.h

Author: Yasuo Ohgaki

NEWS

@@ -1,13 +1,17 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? 2013, PHP 5.4.19
+?? ??? 2013, PHP 5.4.20
 
 - Core:
+  . Fixed bug #65481 (shutdown segfault due to serialize) (Mike)
+  . Fixed bug #65470 (Segmentation fault in zend_error() with 
+    --enable-dtrace). (Chris Jones, Kris Van Hees)
   . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
     fails). (Laruence)
   . Fixed bug #65304 (Use of max int in array_sum). (Laruence)
   . Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
     limited case). (Arpad)
+  . Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
   . Improved fix for bug #63186 (compile failure on netbsd). (Matteo)
   . Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
   . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
@@ -16,6 +20,13 @@ PHP                                                                        NEWS
   . Fixed bug #61268 (--enable-dtrace leads make to clobber
     Zend/zend_dtrace.d) (Chris Jones)
 
+- cURL:
+  . Fixed bug #65458 (curl memory leak). (Adam)
+
+- Openssl:
+  . Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in 
+    some cases). (Mark Jones)
+
 - Session:
   . Fixed bug #62129 (rfc1867 crashes php even though turned off). (gxd305 at
     gmail dot com)
@@ -45,7 +56,16 @@ PHP                                                                        NEWS
   . Fixed bug #65391 (Unable to send vary header user-agent when 
     ob_start('ob_gzhandler') is called) (Mike)
 
-?? ??? 2013, PHP 5.4.18
+22 Aug 2013, PHP 5.4.19
+
+- Core:
+  . Fixed bug #64503 (Compilation fails with error: conflicting types for
+    'zendparse'). (Laruence)
+
+- Openssl:
+  . Fixed UMR in fix for CVE-2013-4248.
+
+15 Aug 2013, PHP 5.4.18
 
 - Core:
   . Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was

Zend/zend.c

@@ -1091,17 +1091,19 @@ ZEND_API void zend_error(int type, const char *format, ...) /* {{{ */
 		error_filename = "Unknown";
 	}
 
-	va_start(args, format);
-
 #ifdef HAVE_DTRACE
 	if(DTRACE_ERROR_ENABLED()) {
 		char *dtrace_error_buffer;
+		va_start(args, format);
 		zend_vspprintf(&dtrace_error_buffer, 0, format, args);
 		DTRACE_ERROR(dtrace_error_buffer, (char *)error_filename, error_lineno);
 		efree(dtrace_error_buffer);
+		va_end(args);
 	}
 #endif /* HAVE_DTRACE */
 
+	va_start(args, format);
+
 	/* if we don't have a user defined error handler */
 	if (!EG(user_error_handler)
 		|| !(EG(user_error_handler_error_reporting) & type)

Zend/zend_language_parser.y

@@ -41,17 +41,19 @@ static YYSIZE_T zend_yytnamerr(char*, const char*);
 
 #define YYERROR_VERBOSE
 #define YYSTYPE znode
-#ifdef ZTS
-# define YYPARSE_PARAM tsrm_ls
-# define YYLEX_PARAM tsrm_ls
-#endif
-
 
 %}
 
 %pure_parser
 %expect 3
 
+%code requires {
+#ifdef ZTS
+# define YYPARSE_PARAM tsrm_ls
+# define YYLEX_PARAM tsrm_ls
+#endif
+}
+
 %token END 0 "end of file"
 %left T_INCLUDE T_INCLUDE_ONCE T_EVAL T_REQUIRE T_REQUIRE_ONCE
 %token T_INCLUDE      "include (T_INCLUDE)"

configure.in

@@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
 
 PHP_MAJOR_VERSION=5
 PHP_MINOR_VERSION=4
-PHP_RELEASE_VERSION=19
+PHP_RELEASE_VERSION=20
 PHP_EXTRA_VERSION="-dev"
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`

ext/curl/interface.c

@@ -1373,9 +1373,9 @@ static void curl_free_post(void **post)
 
 /* {{{ curl_free_slist
  */
-static void curl_free_slist(void **slist)
+static void curl_free_slist(void *slist)
 {
-	curl_slist_free_all((struct curl_slist *) *slist);
+	curl_slist_free_all(*((struct curl_slist **) slist));
 }
 /* }}} */
 
@@ -1443,8 +1443,10 @@ static void alloc_curl_handle(php_curl **ch)
 	(*ch)->handlers->read->stream = NULL;
 
 	zend_llist_init(&(*ch)->to_free->str,   sizeof(char *),            (llist_dtor_func_t) curl_free_string, 0);
-	zend_llist_init(&(*ch)->to_free->slist, sizeof(struct curl_slist), (llist_dtor_func_t) curl_free_slist,  0);
 	zend_llist_init(&(*ch)->to_free->post,  sizeof(struct HttpPost),   (llist_dtor_func_t) curl_free_post,   0);
+
+	(*ch)->to_free->slist = emalloc(sizeof(HashTable));
+	zend_hash_init((*ch)->to_free->slist, 4, NULL, curl_free_slist, 0);
 }
 /* }}} */
 
@@ -1675,6 +1677,7 @@ PHP_FUNCTION(curl_copy_handle)
 	curl_easy_setopt(dupch->cp, CURLOPT_WRITEHEADER,       (void *) dupch);
 	curl_easy_setopt(dupch->cp, CURLOPT_PROGRESSDATA,      (void *) dupch); 
 
+	efree(dupch->to_free->slist);
 	efree(dupch->to_free);
 	dupch->to_free = ch->to_free;
 
@@ -2184,7 +2187,7 @@ static int _php_curl_setopt(php_curl *ch, long option, zval **zvalue, zval *retu
 					return 1;
 				}
 			}
-			zend_llist_add_element(&ch->to_free->slist, &slist);
+			zend_hash_index_update(ch->to_free->slist, (ulong) option, &slist, sizeof(struct curl_slist *), NULL);
 
 			error = curl_easy_setopt(ch->cp, option, slist);
 
@@ -2680,8 +2683,9 @@ static void _php_curl_close_ex(php_curl *ch TSRMLS_DC)
 	/* cURL destructors should be invoked only by last curl handle */
 	if (Z_REFCOUNT_P(ch->clone) <= 1) {
 		zend_llist_clean(&ch->to_free->str);
-		zend_llist_clean(&ch->to_free->slist);
 		zend_llist_clean(&ch->to_free->post);
+		zend_hash_destroy(ch->to_free->slist);
+		efree(ch->to_free->slist);
 		efree(ch->to_free);
 		FREE_ZVAL(ch->clone);
 	} else {

ext/curl/php_curl.h

@@ -126,7 +126,7 @@ struct _php_curl_send_headers {
 struct _php_curl_free {
 	zend_llist str;
 	zend_llist post;
-	zend_llist slist;
+	HashTable *slist;
 };
 
 typedef struct {

ext/curl/tests/bug65458.phpt

@@ -0,0 +1,25 @@
+--TEST--
+Bug #65458 (curl memory leak)
+--SKIPIF--
+<?php
+if (!extension_loaded('curl')) exit("skip curl extension not loaded");
+?>
+--FILE--
+<?php
+$ch = curl_init();
+$init = memory_get_usage();
+for ($i = 0; $i < 10000; $i++) {
+    curl_setopt($ch, CURLOPT_HTTPHEADER, [ "SOAPAction: getItems" ]);
+}
+
+$preclose = memory_get_usage();
+curl_close($ch);
+
+// This is a slightly tricky heuristic, but basically, we want to ensure
+// $preclose - $init has a delta in the order of bytes, not megabytes. Given
+// the number of iterations in the loop, if we're wasting memory here, we
+// should have megs and megs of extra allocations.
+var_dump(($preclose - $init) < 10000);
+?>
+--EXPECT--
+bool(true)

ext/odbc/config.m4

@@ -370,18 +370,33 @@ PHP_ARG_WITH(iodbc,,
 
   if test "$PHP_IODBC" != "no"; then
     AC_MSG_CHECKING(for iODBC support)
-    if test "$PHP_IODBC" = "yes"; then
-      PHP_IODBC=/usr/local
+    if test -z "$PKG_CONFIG"; then
+      AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
+    fi 
+    if test -x "$PKG_CONFIG" && $PKG_CONFIG --exists libiodbc ; then
+      PHP_ADD_LIBRARY_WITH_PATH(iodbc, $PHP_IODBC/$PHP_LIBDIR)
+      ODBC_TYPE=iodbc
+      ODBC_INCLUDE=`$PKG_CONFIG --cflags-only-I libiodbc`
+      ODBC_LFLAGS=`$PKG_CONFIG --libs-only-L libiodbc`
+      ODBC_LIBS=`$PKG_CONFIG --libs-only-l libiodbc`
+      PHP_EVAL_INCLINE($ODBC_INCLUDE)
+      AC_DEFINE(HAVE_IODBC,1,[ ])
+      AC_DEFINE(HAVE_ODBC2,1,[ ])
+      AC_MSG_RESULT([$ext_output])
+    else
+      if test "$PHP_IODBC" = "yes"; then
+        PHP_IODBC=/usr/local
+      fi
+      PHP_ADD_LIBRARY_WITH_PATH(iodbc, $PHP_IODBC/$PHP_LIBDIR)
+      PHP_ADD_INCLUDE($PHP_IODBC/include, 1)
+      ODBC_TYPE=iodbc
+      ODBC_INCLUDE=-I$PHP_IODBC/include
+      ODBC_LFLAGS=-L$PHP_IODBC/$PHP_LIBDIR
+      ODBC_LIBS=-liodbc
+      AC_DEFINE(HAVE_IODBC,1,[ ])
+      AC_DEFINE(HAVE_ODBC2,1,[ ])
+      AC_MSG_RESULT([$ext_output])
     fi
-    PHP_ADD_LIBRARY_WITH_PATH(iodbc, $PHP_IODBC/$PHP_LIBDIR)
-    PHP_ADD_INCLUDE($PHP_IODBC/include, 1)
-    ODBC_TYPE=iodbc
-    ODBC_INCLUDE=-I$PHP_IODBC/include
-    ODBC_LFLAGS=-L$PHP_IODBC/$PHP_LIBDIR
-    ODBC_LIBS=-liodbc
-    AC_DEFINE(HAVE_IODBC,1,[ ])
-    AC_DEFINE(HAVE_ODBC2,1,[ ])
-    AC_MSG_RESULT([$ext_output])
   fi
 fi
 

ext/openssl/openssl.c

@@ -561,6 +561,7 @@ static EVP_PKEY * php_openssl_generate_private_key(struct php_x509_request * req
 
 static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int shortname TSRMLS_DC) /* {{{ */
 {
+	zval **data;
 	zval *subitem, *subentries;
 	int i, j = -1, last = -1, obj_cnt = 0;
 	char *sname;
@@ -592,39 +593,27 @@ static void add_assoc_name_entry(zval * val, char * key, X509_NAME * name, int s
 			sname = (char *) OBJ_nid2ln(nid);
 		}
 
-		MAKE_STD_ZVAL(subentries);
-		array_init(subentries);
+		str = X509_NAME_ENTRY_get_data(ne);
+		if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) {
+			to_add_len = ASN1_STRING_to_UTF8(&to_add, str);
+		} else {
+			to_add = ASN1_STRING_data(str);
+			to_add_len = ASN1_STRING_length(str);
+		}
 
-		last = -1;
-		for (;;) {
-			j = X509_NAME_get_index_by_OBJ(name, obj, last);
-			if (j < 0) {
-				if (last != -1) break;
-			} else {
-				obj_cnt++;
-				ne  = X509_NAME_get_entry(name, j);
-				str = X509_NAME_ENTRY_get_data(ne);
-				if (ASN1_STRING_type(str) != V_ASN1_UTF8STRING) {
-					to_add_len = ASN1_STRING_to_UTF8(&to_add, str);
-					if (to_add_len != -1) {
-						add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1);
-					}
-				} else {
-					to_add = ASN1_STRING_data(str);
-					to_add_len = ASN1_STRING_length(str);
+		if (to_add_len != -1) {
+			if (zend_hash_find(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, (void**)&data) == SUCCESS) {
+				if (Z_TYPE_PP(data) == IS_ARRAY) {
+					subentries = *data;
+					add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1);
+				} else if (Z_TYPE_PP(data) == IS_STRING) {
+					MAKE_STD_ZVAL(subentries);
+					array_init(subentries);
+					add_next_index_stringl(subentries, Z_STRVAL_PP(data), Z_STRLEN_PP(data), 1);
 					add_next_index_stringl(subentries, (char *)to_add, to_add_len, 1);
+					zend_hash_update(Z_ARRVAL_P(subitem), sname, strlen(sname)+1, &subentries, sizeof(zval*), NULL);
 				}
-			}
-			last = j;
-		}
-		i = last;
-
-		if (obj_cnt > 1) {
-			add_assoc_zval_ex(subitem, sname, strlen(sname) + 1, subentries);
-		} else {
-			zval_dtor(subentries);
-			FREE_ZVAL(subentries);
-			if (obj_cnt && str && to_add_len > -1) {
+			} else {
 				add_assoc_stringl(subitem, sname, (char *)to_add, to_add_len, 1);
 			}
 		}
@@ -1574,6 +1563,7 @@ PHP_FUNCTION(openssl_x509_parse)
 		bio_out = BIO_new(BIO_s_mem());
 		if (nid == NID_subject_alt_name) {
 			if (openssl_x509v3_subjectAltName(bio_out, extension) == 0) {
+				BIO_get_mem_ptr(bio_out, &bio_buf);
 				add_assoc_stringl(subitem, extname, bio_buf->data, bio_buf->length, 1);
 			} else {
 				zval_dtor(return_value);

ext/openssl/tests/bug64802.pem

@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGfzCCBWegAwIBAgIQSVCinGH6MkvjJZjRyjK9nTANBgkqhkiG9w0BAQUFADCB
+jjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
+A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNDAyBgNV
+BAMTK0NPTU9ETyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIgQ0Ew
+HhcNMTIwMjI5MDAwMDAwWhcNMTQwMjI4MjM1OTU5WjCCAW8xEjAQBgNVBAMTCXd3
+dy5yZC5pbzERMA8GA1UEAxMIcmRpby5jb20xDjAMBgNVBAMTBXJkLmlvMRUwEwYD
+VQQDEwxhcGkucmRpby5jb20xEjAQBgNVBAMTCWFwaS5yZC5pbzEQMA4GA1UEBRMH
+NDU4NjAwNzETMBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhE
+ZWxhd2FyZTEdMBsGA1UEDxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xCzAJBgNVBAYT
+AlVTMQ4wDAYDVQQREwU5NDEwMzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFzAVBgNVBAkTDjE1NTAgQnJ5YW50IHN0MRMwEQYDVQQKEwpSZGlv
+LCBJbmMuMSMwIQYDVQQLExpDT01PRE8gRVYgTXVsdGktRG9tYWluIFNTTDEVMBMG
+A1UEAxMMd3d3LnJkaW8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAt0AgYOe8EBJNVBAuSJFLKHRKZn0/ObCLBFG4xVH/5fb1rfYHBT1XSjjOqR3t
+iGC/A3esF8YC7TuHQcTLVephx0DtJv1ASxRg3zPM8ebBRsuul18N0W+sY1aNXpkd
+36quxvjg5UdBrAweuekJ7OTSZcCe2Ry/SKBeZSWWtkWsI4krCLv7JaKUwxw2h+Hn
+TAZSBLVxz/mixF0WYdepYwnq2Hm7XvvVEIQ7wxOQ9bA7iCevLojZOnb39BT2QII7
+cy8AB47RZdfYg7UwaO3bST2rauA4MKar7/Ozqc0aemNFpLatJfgv07cydiuj9fsd
+5aE/c8is8C9M9+7MmSMkcNEgGwIDAQABo4IB8zCCAe8wHwYDVR0jBBgwFoAUiERR
+/1AqaV4tiPQhutkM8s7L6nwwHQYDVR0OBBYEFCrYw8bfrYJ61NS2yYx6/CnhjzT4
+MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEFATArMCkGCCsG
+AQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8uY29tL0NQUzBTBgNVHR8ETDBK
+MEigRqBEhkJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9FeHRlbmRlZFZh
+bGlkYXRpb25TZWN1cmVTZXJ2ZXJDQS5jcmwwgYQGCCsGAQUFBwEBBHgwdjBOBggr
+BgEFBQcwAoZCaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPRXh0ZW5kZWRW
+YWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8v
+b2NzcC5jb21vZG9jYS5jb20wTAYDVR0RBEUwQ4IMd3d3LnJkaW8uY29tgglhcGku
+cmQuaW+CDGFwaS5yZGlvLmNvbYIFcmQuaW+CCHJkaW8uY29tggl3d3cucmQuaW8w
+DQYJKoZIhvcNAQEFBQADggEBAKFd4bPVFRyrlqIKPtrtMuqGqid6685ohxf0cv52
+sjdRYwLVTjnZOrmkDdNaF3R2A1ZlVMRN+67rK+qfY5sTeijFcudV3/i0PDtOFRwP
+6yYVD2uZmYkxfPiW309HPmDF+EzhxpVjWlTQEOwkfFLTmJmwl3Qu2Kffp8F1ENXW
+OTVNvj5VtMghvzu68PpzKl1VjlOR4Ej9NCwh1dUjNKEoTPzvpehXsIZ7jHSpX/T1
+wSSt9ckiechDdpgZXTzHgbxHNibK0Uhh+QhkBgYMj5F8qj5BlBhWAWqQa/VnEdmr
+Pfo7U+QmadoqQd7qt06hE2hG1nfZ0vPJDbWV3oVSwG2Yt7I=
+-----END CERTIFICATE-----