Pullup ticket #3393 - requested by taca

security fix for lang/php5 Revisions pulled up: - lang/php5/Makefile 1.84 - lang/php5/distinfo 1.89 - lang/php5/patches/patch-main_snprintf.c 1.1 - lang/php5/patches/patch-main_snprintf.h 1.1 - lang/php5/patches/patch-main_spprintf.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Mar 21 16:34:28 UTC 2011 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-main_snprintf.c patch-main_snprintf.h patch-main_spprintf.c Log Message: Apply changes by r308525 from PHP's repository to fix bug #54055 (buffer overrun with high values for precision ini setting). It fixes one of security fixes by PHP 5.3.6. Bump PKGREVISION.
author: sbd <sbd> 2011-03-22 06:31:55 +0000
committer: sbd <sbd> 2011-03-22 06:31:55 +0000
commit: d6095b4f79a1dd0823d576f1bde3d943f4ae0757 (patch)
tree: 0a99b85ee3744d15d5517f1f53f27f97e601c076
parent: a360480337e36e7f095ce155f1c973f717e7f656 (diff)
download: pkgsrc-d6095b4f79a1dd0823d576f1bde3d943f4ae0757.tar.gz
5 files changed, 89 insertions, 3 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index f70e47ecb2a..29d3a6c8682 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.81.2.1 2011/02/23 19:12:53 tron Exp $
+# $NetBSD: Makefile,v 1.81.2.2 2011/03/22 06:31:55 sbd Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		2
+PKGREVISION=		3
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 42d2570b69e..89ebfe23b8a 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.84.2.2 2011/03/22 06:22:17 sbd Exp $
+$NetBSD: distinfo,v 1.84.2.3 2011/03/22 06:31:55 sbd Exp $
 
 SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095
 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9
@@ -19,3 +19,6 @@ SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528
 SHA1 (patch-ext_shmop_shmop.c) = 6e11b87dd71ff26357b14b61df626c40b40a022d
 SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6
 SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089
+SHA1 (patch-main_snprintf.c) = cb112df0cadf84aaeee5987169a31460989995a8
+SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf
+SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275
diff --git a/lang/php5/patches/patch-main_snprintf.c b/lang/php5/patches/patch-main_snprintf.c
new file mode 100644
index 00000000000..d2b94156569
--- /dev/null
+++ b/lang/php5/patches/patch-main_snprintf.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-main_snprintf.c,v 1.1.2.2 2011/03/22 06:31:55 sbd Exp $
+
+--- main/snprintf.c.orig	2010-01-03 09:23:27.000000000 +0000
++++ main/snprintf.c
+@@ -675,10 +675,6 @@ static int format_converter(register buf
+ 
+ 				/*
+ 				 * Check if a precision was specified
+-				 *
+-				 * XXX: an unreasonable amount of precision may be specified
+-				 * resulting in overflow of num_buf. Currently we
+-				 * ignore this possibility.
+ 				 */
+ 				if (*fmt == '.') {
+ 					adjust_precision = YES;
+@@ -692,6 +688,10 @@ static int format_converter(register buf
+ 							precision = 0;
+ 					} else
+ 						precision = 0;
++
++					if (precision > FORMAT_CONV_MAX_PRECISION) {
++						precision = FORMAT_CONV_MAX_PRECISION;
++					}
+ 				} else
+ 					adjust_precision = NO;
+ 			} else
diff --git a/lang/php5/patches/patch-main_snprintf.h b/lang/php5/patches/patch-main_snprintf.h
new file mode 100644
index 00000000000..4e0541eaf88
--- /dev/null
+++ b/lang/php5/patches/patch-main_snprintf.h
@@ -0,0 +1,31 @@
+$NetBSD: patch-main_snprintf.h,v 1.1.2.2 2011/03/22 06:31:55 sbd Exp $
+
+--- main/snprintf.h.orig	2010-01-03 09:23:27.000000000 +0000
++++ main/snprintf.h
+@@ -12,7 +12,7 @@
+    | obtain it through the world-wide-web, please send a note to          |
+    | license@php.net so we can mail you a copy immediately.               |
+    +----------------------------------------------------------------------+
+-   | Author: Stig S�ther Bakken <ssb@php.net>                             |
++   | Author: Stig Sæther Bakken <ssb@php.net>                             |
+    |         Marcus Boerger <helly@php.net>                               |
+    +----------------------------------------------------------------------+
+ */
+@@ -148,6 +148,17 @@ extern char * ap_php_conv_10(register wi
+ extern char * ap_php_conv_p2(register u_wide_int num, register int nbits,
+ 		 char format, char *buf_end, register int *len);
+ 
++/* The maximum precision that's allowed for float conversion. Does not include
++ * decimal separator, exponent, sign, terminator. Currently does not affect
++ * the modes e/f, only g/k/H, as those have a different limit enforced at
++ * another level (see NDIG in php_conv_fp()).
++ * Applies to the formatting functions of both spprintf.c and snprintf.c, which
++ * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the
++ * call to php_gcvt().
++ * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9
++ * should be enough, but let's give some more space) */
++#define FORMAT_CONV_MAX_PRECISION 500
++
+ #endif /* SNPRINTF_H */
+ 
+ /*
diff --git a/lang/php5/patches/patch-main_spprintf.c b/lang/php5/patches/patch-main_spprintf.c
new file mode 100644
index 00000000000..6c736abbcbb
--- /dev/null
+++ b/lang/php5/patches/patch-main_spprintf.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-main_spprintf.c,v 1.1.2.2 2011/03/22 06:31:55 sbd Exp $
+
+--- main/spprintf.c.orig	2010-01-03 09:23:27.000000000 +0000
++++ main/spprintf.c
+@@ -282,10 +282,6 @@ static void xbuf_format_converter(smart_
+ 
+ 				/*
+ 				 * Check if a precision was specified
+-				 *
+-				 * XXX: an unreasonable amount of precision may be specified
+-				 * resulting in overflow of num_buf. Currently we
+-				 * ignore this possibility.
+ 				 */
+ 				if (*fmt == '.') {
+ 					adjust_precision = YES;
+@@ -299,6 +295,10 @@ static void xbuf_format_converter(smart_
+ 							precision = 0;
+ 					} else
+ 						precision = 0;
++
++					if (precision > FORMAT_CONV_MAX_PRECISION) {
++						precision = FORMAT_CONV_MAX_PRECISION;
++					}
+ 				} else
+ 					adjust_precision = NO;
+ 			} else
author	sbd <sbd>	2011-03-22 06:31:55 +0000
committer	sbd <sbd>	2011-03-22 06:31:55 +0000
commit	d6095b4f79a1dd0823d576f1bde3d943f4ae0757 (patch)
tree	0a99b85ee3744d15d5517f1f53f27f97e601c076
parent	a360480337e36e7f095ce155f1c973f717e7f656 (diff)
download	pkgsrc-d6095b4f79a1dd0823d576f1bde3d943f4ae0757.tar.gz