summaryrefslogtreecommitdiff
path: root/lang/php53
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2012-02-02 16:00:40 +0000
committertaca <taca@pkgsrc.org>2012-02-02 16:00:40 +0000
commitf57d2e6e0865730f9900c98e2ebc0fb9483ddb46 (patch)
treeb1d43e5de9e30d36e04470c829e0e39821715d49 /lang/php53
parenta182cdc9e084bfc3c9685b357fb1a740ab98273b (diff)
downloadpkgsrc-f57d2e6e0865730f9900c98e2ebc0fb9483ddb46.tar.gz
Add fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP
Hashtable Collision DOS" by revision 323007 from PHP's repository. http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ Bump PKGREVISION.
Diffstat (limited to 'lang/php53')
-rw-r--r--lang/php53/Makefile4
-rw-r--r--lang/php53/distinfo3
-rw-r--r--lang/php53/patches/patch-main_php__variables.c19
3 files changed, 23 insertions, 3 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index 4325786c092..c98845b546f 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.21 2012/01/20 03:22:08 taca Exp $
+# $NetBSD: Makefile,v 1.22 2012/02/02 16:00:40 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index 8bc1d2d3223..b8e2c5a28e0 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.32 2012/02/02 15:44:09 taca Exp $
+$NetBSD: distinfo,v 1.33 2012/02/02 16:00:40 taca Exp $
SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51
RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6
@@ -17,5 +17,6 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
+SHA1 (patch-main_php__variables.c) = 2938bda56e51ddefd8b589035fc68ded9b83ab57
SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad
SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23
diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c
new file mode 100644
index 00000000000..e262dd0ecf6
--- /dev/null
+++ b/lang/php53/patches/patch-main_php__variables.c
@@ -0,0 +1,19 @@
+$NetBSD: patch-main_php__variables.c,v 1.3 2012/02/02 16:00:40 taca Exp $
+
+Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable
+Collision DOS" by revision 323007 from PHP's repository.
+
+http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
+
+--- main/php_variables.c.orig 2012-01-01 13:15:04.000000000 +0000
++++ main/php_variables.c
+@@ -198,6 +198,9 @@ PHPAPI void php_register_variable_ex(cha
+ MAKE_STD_ZVAL(gpc_element);
+ array_init(gpc_element);
+ zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
++ } else {
++ efree(var_orig);
++ return;
+ }
+ }
+ if (index != escaped_index) {