main/php: security upgrade to 5.3.9 (CVE-2011-4566)

fixes #931

(cherry picked from commit 56856330d45dacc0db81240dcdf2a76fb805f2bd)

main/php/APKBUILD

@@ -1,9 +1,9 @@
 # Contributor: Carlo Landmeter <clandmeter at gmail>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=php
-pkgver=5.3.8
-_suhosinver=5.3.7-0.9.10
-pkgrel=1
+pkgver=5.3.9
+_suhosinver=$pkgver-0.9.10
+pkgrel=0
 pkgdesc="The PHP language runtime engine"
 url="http://www.php.net/"
 license="PHP-3"
@@ -63,9 +63,9 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-cli $pkgname-pear
 	"
 
 source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2
-        suhosin-patch-${_suhosinver}.patch
+	http://download.suhosin.org/suhosin-patch-${_suhosinver}.patch.gz
 	php-install-pear-xml.patch
-	max_input_vars.patch
+	php5-module.conf
 	"
 
 _extdir="/usr/lib/php/20090626"
@@ -363,7 +363,7 @@ dev() {
 	mv "$pkgdir"/usr/bin/phpize "$subpkgdir"/usr/bin/
 }
 
-md5sums="704cd414a0565d905e1074ffdc1fadfb  php-5.3.8.tar.bz2
-8bd8840465d6bcd8e1e5d2cec80a1bfc  suhosin-patch-5.3.7-0.9.10.patch
+md5sums="dd3288ed5c08cd61ac5bf619cb357521  php-5.3.9.tar.bz2
+c099b3d7eac95018ababd41ded7f3066  suhosin-patch-5.3.9-0.9.10.patch.gz
 5111e3be06d391f8772587c675240fab  php-install-pear-xml.patch
-031c6fdcfbd45366fea32b697893d511  max_input_vars.patch"
+67719f428f44ec004da18705cbabe2ee  php5-module.conf"

main/php/max_input_vars.patch

@@ -1,63 +0,0 @@
-Index: PHP_5_3/NEWS
-===================================================================
---- PHP_5_3/NEWS	(revision 321037)
-+++ PHP_5_3/NEWS	(revision 321038)
-@@ -2,6 +2,10 @@
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- ?? ??? 2011, PHP 5.3.9
- 
-+- Core:
-+  . Added max_input_vars directive to prevent attacks based on hash collisions
-+    (Dmitry).
-+
- - Streams:
-   . Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together
-     with the last read). (Gustavo)
-Index: PHP_5_3/main/php_variables.c
-===================================================================
---- PHP_5_3/main/php_variables.c	(revision 321037)
-+++ PHP_5_3/main/php_variables.c	(revision 321038)
-@@ -191,6 +191,9 @@
- 				}
- 				if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
- 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
-+					if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
-+						php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-+					}
- 					MAKE_STD_ZVAL(gpc_element);
- 					array_init(gpc_element);
- 					zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-@@ -236,6 +239,9 @@
- 				zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
- 				zval_ptr_dtor(&gpc_element);
- 			} else {
-+				if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
-+					php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-+				}
- 				zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
- 			}
- 			if (escaped_index != index) {
-Index: PHP_5_3/main/main.c
-===================================================================
---- PHP_5_3/main/main.c	(revision 321037)
-+++ PHP_5_3/main/main.c	(revision 321038)
-@@ -512,6 +512,7 @@
- 	STD_PHP_INI_ENTRY("post_max_size",			"8M",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLong,			post_max_size,			sapi_globals_struct,sapi_globals)
- 	STD_PHP_INI_ENTRY("upload_tmp_dir",			NULL,		PHP_INI_SYSTEM,		OnUpdateStringUnempty,	upload_tmp_dir,			php_core_globals,	core_globals)
- 	STD_PHP_INI_ENTRY("max_input_nesting_level", "64",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_nesting_level,			php_core_globals,	core_globals)
-+	STD_PHP_INI_ENTRY("max_input_vars",			"1000",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_vars,						php_core_globals,	core_globals)
- 
- 	STD_PHP_INI_ENTRY("user_dir",				NULL,		PHP_INI_SYSTEM,		OnUpdateString,			user_dir,				php_core_globals,	core_globals)
- 	STD_PHP_INI_ENTRY("variables_order",		"EGPCS",	PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateStringUnempty,	variables_order,		php_core_globals,	core_globals)
---- ./main/php_globals.h.orig
-+++ ./main/php_globals.h
-@@ -170,6 +170,9 @@
- 	char *mail_log;
- 
- 	zend_bool in_error_log;
-+
-+	long max_input_vars;
-+
- };
- 
-