summaryrefslogtreecommitdiff
path: root/lang/php53
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2010-12-13 13:16:37 +0000
committertaca <taca@pkgsrc.org>2010-12-13 13:16:37 +0000
commit27940fde082c0ae932b0387f863dcaa6331d2c6d (patch)
treeaf53d86e5c316fcb447591e69dd0bfcb99142c38 /lang/php53
parent82c42963b0d05cd788cc3d4852f2f0c4679bbbb4 (diff)
downloadpkgsrc-27940fde082c0ae932b0387f863dcaa6331d2c6d.tar.gz
Update lang/php53 package to 5.3.4 (PHP 5.3.4).
The PHP development team is proud to announce the immediate release of PHP 5.3.4. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes. Security Enhancements and Fixes in PHP 5.3.4: * Fixed crash in zip extract method (possible CWE-170). * Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243). * Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). * Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). * Fixed possible flaw in open_basedir (CVE-2010-3436). * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950). * Fixed symbolic resolution support when the target is a DFS share. * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710). Key Bug Fixes in PHP 5.3.4 include: * Added stat support for zip stream. * Added follow_location (enabled by default) option for the http stream support. * Added a 3rd parameter to get_html_translation_table. It now takes a charset hint, like htmlentities et al. * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend multibyte at runtime. * Multiple improvements to the FPM SAPI. * Over 100 other bug fixes. For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3. For a full list of changes in PHP 5.3.4, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/.
Diffstat (limited to 'lang/php53')
-rw-r--r--lang/php53/Makefile3
-rw-r--r--lang/php53/Makefile.common4
-rw-r--r--lang/php53/distinfo18
-rw-r--r--lang/php53/patches/patch-ab24
-rw-r--r--lang/php53/patches/patch-am65
-rw-r--r--lang/php53/patches/patch-an20
-rw-r--r--lang/php53/patches/patch-ao166
-rw-r--r--lang/php53/patches/patch-ap20
-rw-r--r--lang/php53/patches/patch-aq19
9 files changed, 20 insertions, 319 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index 5d2823d5cc6..e79c9c35af9 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.5 2010/11/25 03:43:50 taca Exp $
+# $NetBSD: Makefile,v 1.6 2010/12/13 13:16:37 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
COMMENT= PHP Hypertext Preprocessor version 5
diff --git a/lang/php53/Makefile.common b/lang/php53/Makefile.common
index 20440975e68..503144d06d9 100644
--- a/lang/php53/Makefile.common
+++ b/lang/php53/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.2 2010/07/24 22:23:37 tron Exp $
+# $NetBSD: Makefile.common,v 1.3 2010/12/13 13:16:37 taca Exp $
# used by lang/php53/Makefile.php
# used by lang/php/ext.mk
# used by meta-pkgs/php53-extensions/Makefile
@@ -39,7 +39,7 @@ EXTRACT_SUFX?= .tar.bz2
MAINTAINER?= pkgsrc-users@NetBSD.org
HOMEPAGE?= http://www.php.net/
-PHP_BASE_VERS= 5.3.3
+PHP_BASE_VERS= 5.3.4
PHP_EXTENSION_DIR= lib/php/20090630
PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index 22c7e4cc9d4..a8037aa9fdc 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,13 +1,10 @@
-$NetBSD: distinfo,v 1.7 2010/11/25 03:43:50 taca Exp $
+$NetBSD: distinfo,v 1.8 2010/12/13 13:16:37 taca Exp $
-SHA1 (php-5.3.3/php-5.3.3.tar.bz2) = 9f66716b341119e4e4f8fe3d81b7d0a5daf3cbc8
-RMD160 (php-5.3.3/php-5.3.3.tar.bz2) = 9edb51663feac9b787f8382012893f1ac98fec6a
-Size (php-5.3.3/php-5.3.3.tar.bz2) = 10662227 bytes
-SHA1 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 76675242cfdeff763767900213346af622002490
-RMD160 (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 8dcd8b51ea0357b6cc51e70e495e18f341c62f7c
-Size (php-5.3.3/suhosin-patch-5.3.3-0.9.10.patch.gz) = 41298 bytes
+SHA1 (php-5.3.4/php-5.3.4.tar.bz2) = 0b33926e78e1683e3383b3b5c840ee60ba669b0b
+RMD160 (php-5.3.4/php-5.3.4.tar.bz2) = dffbeced87117fd34c948de3ebdde01a25c24dae
+Size (php-5.3.4/php-5.3.4.tar.bz2) = 10804376 bytes
SHA1 (patch-aa) = f51491af7c577f36979fc07d52b5857368392e09
-SHA1 (patch-ab) = 8ac388f50afc03f3f4eacbfed42ae295a2e8d700
+SHA1 (patch-ab) = 7aeb5148056e7f0b150388c4cf60a139f6aeec44
SHA1 (patch-ac) = a896371d3343c07a5cf46c79d9ca9e1b2164797a
SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881
SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56
@@ -17,8 +14,3 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
-SHA1 (patch-am) = b2627295554d6e3cbe7de70e79ae0938379f8d93
-SHA1 (patch-an) = d4ac5152584450d731b4c5ccb82ee84a8eed5071
-SHA1 (patch-ao) = 6871d0a2b3bca1deec6b309e90e1c109a4758a21
-SHA1 (patch-ap) = d54c00968ab581f8442b087a7ece42c827ff47f5
-SHA1 (patch-aq) = 3f541181fcaa8bc2a20bd719a9c71b0cccd411d6
diff --git a/lang/php53/patches/patch-ab b/lang/php53/patches/patch-ab
index ad8856baaaf..58353b4b858 100644
--- a/lang/php53/patches/patch-ab
+++ b/lang/php53/patches/patch-ab
@@ -1,17 +1,17 @@
-$NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $
+$NetBSD: patch-ab,v 1.3 2010/12/13 13:16:37 taca Exp $
---- configure.orig 2010-07-24 22:35:41.000000000 +0100
-+++ configure 2010-07-24 22:39:23.000000000 +0100
-@@ -13778,7 +13778,7 @@
+--- configure.orig 2010-12-08 21:46:58.000000000 +0000
++++ configure
+@@ -13699,7 +13699,7 @@ EOF
PHP_VAR_SUBST="$PHP_VAR_SUBST SAPI_CGI_PATH"
- INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
+ INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)@CGIDIR@\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)@CGIDIR@/php"
- PHP_SAPI=cgi
-
-@@ -23206,7 +23206,7 @@
+ if test "$PHP_SAPI" != "default"; then
+ { echo "configure: error:
+@@ -22963,7 +22963,7 @@ fi
if test "$found_openssl" = "no"; then
if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -20,7 +20,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $
fi
for i in $PHP_OPENSSL_DIR; do
-@@ -25179,7 +25179,7 @@
+@@ -24930,7 +24930,7 @@ echo "configure:24910: checking bundled
PHP_SQLITE3_CFLAGS="-I@ext_srcdir@/libsqlite $other_flags $threadsafe_flags $debug_flags"
@@ -29,7 +29,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $
unique=`echo $header_file|$SED 's/[^a-zA-Z0-9]/_/g'`
-@@ -36124,7 +36124,7 @@
+@@ -35788,7 +35788,7 @@ fi
if test "$found_openssl" = "no"; then
if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -38,7 +38,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $
fi
for i in $PHP_OPENSSL_DIR; do
-@@ -50201,7 +50201,7 @@
+@@ -49814,7 +49814,7 @@ fi
if test "$found_openssl" = "no"; then
if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -47,7 +47,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $
fi
for i in $PHP_OPENSSL_DIR; do
-@@ -84421,7 +84421,7 @@
+@@ -83900,7 +83900,7 @@ fi
if test "$found_openssl" = "no"; then
if test "$PHP_OPENSSL_DIR" = "yes"; then
@@ -56,7 +56,7 @@ $NetBSD: patch-ab,v 1.2 2010/07/24 22:23:37 tron Exp $
fi
for i in $PHP_OPENSSL_DIR; do
-@@ -107682,12 +107682,7 @@
+@@ -107040,12 +107040,7 @@ old_CC=$CC
if test "$PHP_THREAD_SAFETY" = "yes" && test -n "$ac_cv_pthreads_cflags"; then
CXXFLAGS="$CXXFLAGS $ac_cv_pthreads_cflags"
INLINE_CFLAGS="$INLINE_CFLAGS $ac_cv_pthreads_cflags"
diff --git a/lang/php53/patches/patch-am b/lang/php53/patches/patch-am
deleted file mode 100644
index 2251b9818ea..00000000000
--- a/lang/php53/patches/patch-am
+++ /dev/null
@@ -1,65 +0,0 @@
-$NetBSD: patch-am,v 1.1 2010/11/25 03:43:50 taca Exp $
-
-GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016
-
---- Zend/zend_gc.c.orig 2010-04-01 22:54:03.000000000 +0000
-+++ Zend/zend_gc.c
-@@ -414,19 +414,21 @@ static void gc_mark_roots(TSRMLS_D)
- gc_root_buffer *current = GC_G(roots).next;
-
- while (current != &GC_G(roots)) {
-- if (current->handle && EG(objects_store).object_buckets) {
-- struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
-+ if (current->handle) {
-+ if (EG(objects_store).object_buckets) {
-+ struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
-
-- if (GC_GET_COLOR(obj->buffered) == GC_PURPLE) {
-- zval z;
-+ if (GC_GET_COLOR(obj->buffered) == GC_PURPLE) {
-+ zval z;
-
-- INIT_PZVAL(&z);
-- Z_OBJ_HANDLE(z) = current->handle;
-- Z_OBJ_HT(z) = current->u.handlers;
-- zobj_mark_grey(obj, &z TSRMLS_CC);
-- } else {
-- GC_SET_ADDRESS(obj->buffered, NULL);
-- GC_REMOVE_FROM_BUFFER(current);
-+ INIT_PZVAL(&z);
-+ Z_OBJ_HANDLE(z) = current->handle;
-+ Z_OBJ_HT(z) = current->u.handlers;
-+ zobj_mark_grey(obj, &z TSRMLS_CC);
-+ } else {
-+ GC_SET_ADDRESS(obj->buffered, NULL);
-+ GC_REMOVE_FROM_BUFFER(current);
-+ }
- }
- } else {
- if (GC_ZVAL_GET_COLOR(current->u.pz) == GC_PURPLE) {
-@@ -623,15 +625,17 @@ static void gc_collect_roots(TSRMLS_D)
- gc_root_buffer *current = GC_G(roots).next;
-
- while (current != &GC_G(roots)) {
-- if (current->handle && EG(objects_store).object_buckets) {
-- struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
-- zval z;
-+ if (current->handle) {
-+ if (EG(objects_store).object_buckets) {
-+ struct _store_object *obj = &EG(objects_store).object_buckets[current->handle].bucket.obj;
-+ zval z;
-
-- GC_SET_ADDRESS(obj->buffered, NULL);
-- INIT_PZVAL(&z);
-- Z_OBJ_HANDLE(z) = current->handle;
-- Z_OBJ_HT(z) = current->u.handlers;
-- zobj_collect_white(&z TSRMLS_CC);
-+ GC_SET_ADDRESS(obj->buffered, NULL);
-+ INIT_PZVAL(&z);
-+ Z_OBJ_HANDLE(z) = current->handle;
-+ Z_OBJ_HT(z) = current->u.handlers;
-+ zobj_collect_white(&z TSRMLS_CC);
-+ }
- } else {
- GC_ZVAL_SET_ADDRESS(current->u.pz, NULL);
- zval_collect_white(current->u.pz TSRMLS_CC);
diff --git a/lang/php53/patches/patch-an b/lang/php53/patches/patch-an
deleted file mode 100644
index 273a1e6a999..00000000000
--- a/lang/php53/patches/patch-an
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: patch-an,v 1.1 2010/11/25 03:43:50 taca Exp $
-
-Fix for CVE-2010-3710 (a part of http://secunia.com/advisories/41724/):
-
- http://svn.php.net/viewvc?view=revision&revision=303779
-
---- ext/filter/logical_filters.c.orig 2010-04-02 18:27:48.000000000 +0000
-+++ ext/filter/logical_filters.c
-@@ -531,6 +531,11 @@ void php_filter_validate_email(PHP_INPUT
- int matches;
-
-
-+ /* The maximum length of an e-mail address is 320 octets, per RFC 2821. */
-+ if (Z_STRLEN_P(value) > 320) {
-+ RETURN_VALIDATION_FAILED
-+ }
-+
- re = pcre_get_compiled_regex((char *)regexp, &pcre_extra, &preg_options TSRMLS_CC);
- if (!re) {
- RETURN_VALIDATION_FAILED
diff --git a/lang/php53/patches/patch-ao b/lang/php53/patches/patch-ao
deleted file mode 100644
index fe17b49820d..00000000000
--- a/lang/php53/patches/patch-ao
+++ /dev/null
@@ -1,166 +0,0 @@
-$NetBSD: patch-ao,v 1.1 2010/11/25 03:43:50 taca Exp $
-
-Fix for CVE-2010-3870 (a part of http://secunia.com/advisories/41724/):
-
- http://svn.php.net/viewvc?view=revision&revision=304959
-
---- ext/xml/xml.c.orig 2010-01-05 13:03:40.000000000 +0000
-+++ ext/xml/xml.c
-@@ -659,10 +659,111 @@ PHPAPI char *xml_utf8_encode(const char
- }
- /* }}} */
-
-+/* copied from trunk's implementation of get_next_char in ext/standard/html.c */
-+#define MB_FAILURE(pos, advance) do { \
-+ *cursor = pos + (advance); \
-+ *status = FAILURE; \
-+ return 0; \
-+} while (0)
-+
-+#define CHECK_LEN(pos, chars_need) ((str_len - (pos)) >= (chars_need))
-+#define utf8_lead(c) ((c) < 0x80 || ((c) >= 0xC2 && (c) <= 0xF4))
-+#define utf8_trail(c) ((c) >= 0x80 && (c) <= 0xBF)
-+
-+/* {{{ php_next_utf8_char
-+ */
-+static inline unsigned int php_next_utf8_char(
-+ const unsigned char *str,
-+ size_t str_len,
-+ size_t *cursor,
-+ int *status)
-+{
-+ size_t pos = *cursor;
-+ unsigned int this_char = 0;
-+ unsigned char c;
-+
-+ *status = SUCCESS;
-+
-+ if (!CHECK_LEN(pos, 1))
-+ MB_FAILURE(pos, 1);
-+
-+ /* We'll follow strategy 2. from section 3.6.1 of UTR #36:
-+ * "In a reported illegal byte sequence, do not include any
-+ * non-initial byte that encodes a valid character or is a leading
-+ * byte for a valid sequence.» */
-+ c = str[pos];
-+ if (c < 0x80) {
-+ this_char = c;
-+ pos++;
-+ } else if (c < 0xc2) {
-+ MB_FAILURE(pos, 1);
-+ } else if (c < 0xe0) {
-+ if (!CHECK_LEN(pos, 2))
-+ MB_FAILURE(pos, 1);
-+
-+ if (!utf8_trail(str[pos + 1])) {
-+ MB_FAILURE(pos, utf8_lead(str[pos + 1]) ? 1 : 2);
-+ }
-+ this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f);
-+ if (this_char < 0x80) { /* non-shortest form */
-+ MB_FAILURE(pos, 2);
-+ }
-+ pos += 2;
-+ } else if (c < 0xf0) {
-+ size_t avail = str_len - pos;
-+
-+ if (avail < 3 ||
-+ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2])) {
-+ if (avail < 2 || utf8_lead(str[pos + 1]))
-+ MB_FAILURE(pos, 1);
-+ else if (avail < 3 || utf8_lead(str[pos + 2]))
-+ MB_FAILURE(pos, 2);
-+ else
-+ MB_FAILURE(pos, 3);
-+ }
-+
-+ this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f);
-+ if (this_char < 0x800) { /* non-shortest form */
-+ MB_FAILURE(pos, 3);
-+ } else if (this_char >= 0xd800 && this_char <= 0xdfff) { /* surrogate */
-+ MB_FAILURE(pos, 3);
-+ }
-+ pos += 3;
-+ } else if (c < 0xf5) {
-+ size_t avail = str_len - pos;
-+
-+ if (avail < 4 ||
-+ !utf8_trail(str[pos + 1]) || !utf8_trail(str[pos + 2]) ||
-+ !utf8_trail(str[pos + 3])) {
-+ if (avail < 2 || utf8_lead(str[pos + 1]))
-+ MB_FAILURE(pos, 1);
-+ else if (avail < 3 || utf8_lead(str[pos + 2]))
-+ MB_FAILURE(pos, 2);
-+ else if (avail < 4 || utf8_lead(str[pos + 3]))
-+ MB_FAILURE(pos, 3);
-+ else
-+ MB_FAILURE(pos, 4);
-+ }
-+
-+ this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f);
-+ if (this_char < 0x10000 || this_char > 0x10FFFF) { /* non-shortest form or outside range */
-+ MB_FAILURE(pos, 4);
-+ }
-+ pos += 4;
-+ } else {
-+ MB_FAILURE(pos, 1);
-+ }
-+
-+ *cursor = pos;
-+ return this_char;
-+}
-+/* }}} */
-+
-+
- /* {{{ xml_utf8_decode */
- PHPAPI char *xml_utf8_decode(const XML_Char *s, int len, int *newlen, const XML_Char *encoding)
- {
-- int pos = len;
-+ size_t pos = 0;
- char *newbuf = emalloc(len + 1);
- unsigned int c;
- char (*decoder)(unsigned short) = NULL;
-@@ -681,36 +782,15 @@ PHPAPI char *xml_utf8_decode(const XML_C
- newbuf[*newlen] = '\0';
- return newbuf;
- }
-- while (pos > 0) {
-- c = (unsigned char)(*s);
-- if (c >= 0xf0) { /* four bytes encoded, 21 bits */
-- if(pos-4 >= 0) {
-- c = ((s[0]&7)<<18) | ((s[1]&63)<<12) | ((s[2]&63)<<6) | (s[3]&63);
-- } else {
-- c = '?';
-- }
-- s += 4;
-- pos -= 4;
-- } else if (c >= 0xe0) { /* three bytes encoded, 16 bits */
-- if(pos-3 >= 0) {
-- c = ((s[0]&63)<<12) | ((s[1]&63)<<6) | (s[2]&63);
-- } else {
-- c = '?';
-- }
-- s += 3;
-- pos -= 3;
-- } else if (c >= 0xc0) { /* two bytes encoded, 11 bits */
-- if(pos-2 >= 0) {
-- c = ((s[0]&63)<<6) | (s[1]&63);
-- } else {
-- c = '?';
-- }
-- s += 2;
-- pos -= 2;
-- } else {
-- s++;
-- pos--;
-+
-+ while (pos < (size_t)len) {
-+ int status = FAILURE;
-+ c = php_next_utf8_char((const unsigned char*)s, (size_t) len, &pos, &status);
-+
-+ if (status == FAILURE || c > 0xFFU) {
-+ c = '?';
- }
-+
- newbuf[*newlen] = decoder ? decoder(c) : c;
- ++*newlen;
- }
diff --git a/lang/php53/patches/patch-ap b/lang/php53/patches/patch-ap
deleted file mode 100644
index 15fa5400311..00000000000
--- a/lang/php53/patches/patch-ap
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: patch-ap,v 1.1 2010/11/25 03:43:50 taca Exp $
-
-Fix for CVE-2010-4150:
- http://svn.php.net/viewvc?view=revision&revision=305032
-
---- ext/imap/php_imap.c.orig 2010-04-14 09:45:37.000000000 +0000
-+++ ext/imap/php_imap.c
-@@ -1209,10 +1209,12 @@ static void php_imap_do_open(INTERNAL_FU
-
- if (IMAPG(imap_user)) {
- efree(IMAPG(imap_user));
-+ IMAPG(imap_user) = 0;
- }
-
- if (IMAPG(imap_password)) {
- efree(IMAPG(imap_password));
-+ IMAPG(imap_password) = 0;
- }
-
- /* local filename, need to perform open_basedir and safe_mode checks */
diff --git a/lang/php53/patches/patch-aq b/lang/php53/patches/patch-aq
deleted file mode 100644
index 038674040a1..00000000000
--- a/lang/php53/patches/patch-aq
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2010/11/25 03:43:50 taca Exp $
-
-Fix for CVE-2010-4156 (also http://secunia.com/advisories/42135/):
-
- http://svn.php.net/viewvc?view=revision&revision=305214
-
---- ext/mbstring/libmbfl/mbfl/mbfilter.c.orig 2010-03-12 04:55:37.000000000 +0000
-+++ ext/mbstring/libmbfl/mbfl/mbfilter.c
-@@ -1397,6 +1397,10 @@ mbfl_strcut(
- start = string->val + from;
- end = start + (length & -4);
- } else if ((encoding->flag & MBFL_ENCTYPE_SBCS)) {
-+ if (from + length >= string->len) {
-+ length = string->len - from;
-+ }
-+
- start = string->val + from;
- end = start + length;
- } else if (encoding->mblen_table != NULL) {