yohgaki

Index: en/reference/session/security.xml
===================================================================
--- en/reference/session/security.xml	(リビジョン 332867)
+++ en/reference/session/security.xml	(作業コピー)
@@ -7,6 +7,102 @@
   External links: <link xlink:href="&url.session-fixation;">Session fixation</link>
  </para>
  <para>
+  HTTP session management is core of web security. All of mitigation should be adopted to make
+  sure session security. User should enable/use applicable settings appropriately.

yohgaki

diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 2ac0454..c4632ae 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -746,6 +746,104 @@ ZEND_GET_MODULE(pgsql)
 
 static int le_link, le_plink, le_result, le_lofp, le_string;
 
+/* Compatibility definitions */
+

yohgaki

diff --git a/ext/iconv/iconv.c b/ext/iconv/iconv.c
index ea6ac1a..c8784b1 100644
--- a/ext/iconv/iconv.c
+++ b/ext/iconv/iconv.c
@@ -220,21 +220,55 @@ static char _generic_superset_name[] = ICONV_UCS4_ENCODING;
 #define GENERIC_SUPERSET_NBYTES 4
 /* }}} */
 
-static PHP_INI_MH(OnUpdateStringIconvCharset)
+

yohgaki

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 907301d..3d5b7a2 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3248,7 +3248,7 @@ PHPAPI char *php_addslashes_ex(char *str, int length, int *new_length, int shoul
        char *source, *target;
        char *end;
        int local_new_length;
-               
+

yohgaki

diff --git a/rpm/build b/rpm/build
new file mode 100755
index 0000000..de73e32
--- /dev/null
+++ b/rpm/build
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# A silly little helper script to build the RPM.
+set -e

yohgaki

diff --git a/ext/session/php_session.h b/ext/session/php_session.h
index e8e79f0..ba3420e 100644
--- a/ext/session/php_session.h
+++ b/ext/session/php_session.h
@@ -180,6 +180,7 @@ typedef struct _php_ps_globals {
 	double rfc1867_min_freq;   /* session.upload_progress.min_freq */
 
 	zend_bool use_strict_mode; /* whether or not PHP accepts unknown session ids */
+	char session_data_hash[16]; /* binary MD5 hash length */
 } php_ps_globals;

yohgaki

diff --git a/ext/session/session.c b/ext/session/session.c
index c02a10d..1497da4 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -827,6 +827,51 @@ PHP_INI_END()
 /* ***************
    * Serializers *
    *************** */
+PS_SERIALIZER_ENCODE_FUNC(php_serialize) /* {{{ */
+{

yohgaki

diff -up memcache-2.2.6/memcache_session.c.orig memcache-2.2.6/memcache_session.c
--- memcache-2.2.6/memcache_session.c.orig	2012-05-17 14:50:33.000000000 +0900
+++ memcache-2.2.6/memcache_session.c	2012-05-17 16:28:20.000000000 +0900
@@ -280,6 +280,42 @@ PS_GC_FUNC(memcache)
 }
 /* }}} */
 
+
+PS_VALIDATE_SID_FUNC(memcache)
+{

yohgaki

<?php
// 出力バッファを開始
ob_start();

// PHPエラーを例外へ変換する為のクラス
class myException extends Exception {
	public function __construct($errno, $errstr, $errfile, $errline, $errctx) {
		// エラー番号とエラーレベルのマッピング
		$errlev = array(
			E_USER_ERROR   => 'SECURITY',

yohgaki

diff -ur httpd-1.3.42.orig//src/support/htdigest.c httpd-1.3.42/src/support/htdigest.c
--- httpd-1.3.42.orig//src/support/htdigest.c	2006-07-12 17:16:05.000000000 +0900
+++ httpd-1.3.42/src/support/htdigest.c	2012-04-01 11:48:49.705771078 +0900
@@ -71,7 +71,7 @@
     while ((line[y++] = line[x++]));
 }
 
-static int getline(char *s, int n, FILE *f)
+static int my_getline(char *s, int n, FILE *f)
 {