summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsbd <sbd@pkgsrc.org>2011-03-22 06:31:55 +0000
committersbd <sbd@pkgsrc.org>2011-03-22 06:31:55 +0000
commit1ca85f71e051e12e074ef1663e60405a768de1de (patch)
tree0a99b85ee3744d15d5517f1f53f27f97e601c076
parent67481151ab34e87e4485381a298e5115526cb3f5 (diff)
downloadpkgsrc-1ca85f71e051e12e074ef1663e60405a768de1de.tar.gz
Pullup ticket #3393 - requested by taca
security fix for lang/php5 Revisions pulled up: - lang/php5/Makefile 1.84 - lang/php5/distinfo 1.89 - lang/php5/patches/patch-main_snprintf.c 1.1 - lang/php5/patches/patch-main_snprintf.h 1.1 - lang/php5/patches/patch-main_spprintf.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Mar 21 16:34:28 UTC 2011 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-main_snprintf.c patch-main_snprintf.h patch-main_spprintf.c Log Message: Apply changes by r308525 from PHP's repository to fix bug #54055 (buffer overrun with high values for precision ini setting). It fixes one of security fixes by PHP 5.3.6. Bump PKGREVISION.
-rw-r--r--lang/php5/Makefile4
-rw-r--r--lang/php5/distinfo5
-rw-r--r--lang/php5/patches/patch-main_snprintf.c26
-rw-r--r--lang/php5/patches/patch-main_snprintf.h31
-rw-r--r--lang/php5/patches/patch-main_spprintf.c26
5 files changed, 89 insertions, 3 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index f70e47ecb2a..29d3a6c8682 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81.2.1 2011/02/23 19:12:53 tron Exp $
+# $NetBSD: Makefile,v 1.81.2.2 2011/03/22 06:31:55 sbd Exp $
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
COMMENT= PHP Hypertext Preprocessor version 5
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 42d2570b69e..89ebfe23b8a 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.84.2.2 2011/03/22 06:22:17 sbd Exp $
+$NetBSD: distinfo,v 1.84.2.3 2011/03/22 06:31:55 sbd Exp $
SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095
RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9
@@ -19,3 +19,6 @@ SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528
SHA1 (patch-ext_shmop_shmop.c) = 6e11b87dd71ff26357b14b61df626c40b40a022d
SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6
SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089
+SHA1 (patch-main_snprintf.c) = cb112df0cadf84aaeee5987169a31460989995a8
+SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf
+SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275
diff --git a/lang/php5/patches/patch-main_snprintf.c b/lang/php5/patches/patch-main_snprintf.c
new file mode 100644
index 00000000000..d2b94156569
--- /dev/null
+++ b/lang/php5/patches/patch-main_snprintf.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-main_snprintf.c,v 1.1.2.2 2011/03/22 06:31:55 sbd Exp $
+
+--- main/snprintf.c.orig 2010-01-03 09:23:27.000000000 +0000
++++ main/snprintf.c
+@@ -675,10 +675,6 @@ static int format_converter(register buf
+
+ /*
+ * Check if a precision was specified
+- *
+- * XXX: an unreasonable amount of precision may be specified
+- * resulting in overflow of num_buf. Currently we
+- * ignore this possibility.
+ */
+ if (*fmt == '.') {
+ adjust_precision = YES;
+@@ -692,6 +688,10 @@ static int format_converter(register buf
+ precision = 0;
+ } else
+ precision = 0;
++
++ if (precision > FORMAT_CONV_MAX_PRECISION) {
++ precision = FORMAT_CONV_MAX_PRECISION;
++ }
+ } else
+ adjust_precision = NO;
+ } else
diff --git a/lang/php5/patches/patch-main_snprintf.h b/lang/php5/patches/patch-main_snprintf.h
new file mode 100644
index 00000000000..4e0541eaf88
--- /dev/null
+++ b/lang/php5/patches/patch-main_snprintf.h
@@ -0,0 +1,31 @@
+$NetBSD: patch-main_snprintf.h,v 1.1.2.2 2011/03/22 06:31:55 sbd Exp $
+
+--- main/snprintf.h.orig 2010-01-03 09:23:27.000000000 +0000
++++ main/snprintf.h
+@@ -12,7 +12,7 @@
+ | obtain it through the world-wide-web, please send a note to |
+ | license@php.net so we can mail you a copy immediately. |
+ +----------------------------------------------------------------------+
+- | Author: Stig Sæther Bakken <ssb@php.net> |
++ | Author: Stig Sæther Bakken <ssb@php.net> |
+ | Marcus Boerger <helly@php.net> |
+ +----------------------------------------------------------------------+
+ */
+@@ -148,6 +148,17 @@ extern char * ap_php_conv_10(register wi
+ extern char * ap_php_conv_p2(register u_wide_int num, register int nbits,
+ char format, char *buf_end, register int *len);
+
++/* The maximum precision that's allowed for float conversion. Does not include
++ * decimal separator, exponent, sign, terminator. Currently does not affect
++ * the modes e/f, only g/k/H, as those have a different limit enforced at
++ * another level (see NDIG in php_conv_fp()).
++ * Applies to the formatting functions of both spprintf.c and snprintf.c, which
++ * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the
++ * call to php_gcvt().
++ * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9
++ * should be enough, but let's give some more space) */
++#define FORMAT_CONV_MAX_PRECISION 500
++
+ #endif /* SNPRINTF_H */
+
+ /*
diff --git a/lang/php5/patches/patch-main_spprintf.c b/lang/php5/patches/patch-main_spprintf.c
new file mode 100644
index 00000000000..6c736abbcbb
--- /dev/null
+++ b/lang/php5/patches/patch-main_spprintf.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-main_spprintf.c,v 1.1.2.2 2011/03/22 06:31:55 sbd Exp $
+
+--- main/spprintf.c.orig 2010-01-03 09:23:27.000000000 +0000
++++ main/spprintf.c
+@@ -282,10 +282,6 @@ static void xbuf_format_converter(smart_
+
+ /*
+ * Check if a precision was specified
+- *
+- * XXX: an unreasonable amount of precision may be specified
+- * resulting in overflow of num_buf. Currently we
+- * ignore this possibility.
+ */
+ if (*fmt == '.') {
+ adjust_precision = YES;
+@@ -299,6 +295,10 @@ static void xbuf_format_converter(smart_
+ precision = 0;
+ } else
+ precision = 0;
++
++ if (precision > FORMAT_CONV_MAX_PRECISION) {
++ precision = FORMAT_CONV_MAX_PRECISION;
++ }
+ } else
+ adjust_precision = NO;
+ } else