summaryrefslogtreecommitdiff
path: root/lang/php5
diff options
context:
space:
mode:
authoradrianp <adrianp>2007-06-07 10:45:18 +0000
committeradrianp <adrianp>2007-06-07 10:45:18 +0000
commit7fc04542858ff515d30643518acd9a53615a4305 (patch)
tree61e140e5bce7b8c212a4f8a5d37f859ee8a793f4 /lang/php5
parente65b8e9818654315c7fe4a475a25f017e58963e8 (diff)
downloadpkgsrc-7fc04542858ff515d30643518acd9a53615a4305.tar.gz
Add in the correct patch to fix CVE-2007-2872
Spotted by Takahiro Kambe
Diffstat (limited to 'lang/php5')
-rw-r--r--lang/php5/Makefile3
-rw-r--r--lang/php5/distinfo3
-rw-r--r--lang/php5/patches/patch-am28
3 files changed, 32 insertions, 2 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index 59dd2d36eff..410fa4db42d 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2007/06/06 19:33:12 adrianp Exp $
+# $NetBSD: Makefile,v 1.53 2007/06/07 10:45:42 adrianp Exp $
PKGNAME= php-${PHP_BASE_VERS}
+PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index df60f7b7269..34364de5ff3 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.41 2007/06/06 19:33:13 adrianp Exp $
+$NetBSD: distinfo,v 1.42 2007/06/07 10:45:42 adrianp Exp $
SHA1 (php-5.2.3/php-5.2.3.tar.bz2) = 0a02e05e1c663c0d4ee0b253917c0e140e606261
RMD160 (php-5.2.3/php-5.2.3.tar.bz2) = 3c895cf7e513e5a3d7d9f742a9d56102cbb3a79b
@@ -9,3 +9,4 @@ SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab
SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
+SHA1 (patch-am) = 430a79a913aa0885ff6ef9a8d7b938732747445a
diff --git a/lang/php5/patches/patch-am b/lang/php5/patches/patch-am
new file mode 100644
index 00000000000..248c955a0d5
--- /dev/null
+++ b/lang/php5/patches/patch-am
@@ -0,0 +1,28 @@
+$NetBSD: patch-am,v 1.3 2007/06/07 10:45:18 adrianp Exp $
+
+--- ext/standard/string.c.orig 2007-05-30 01:33:13.000000000 +0100
++++ ext/standard/string.c
+@@ -1956,18 +1956,20 @@ static char *php_chunk_split(char *src,
+ char *p, *q;
+ int chunks; /* complete chunks! */
+ int restlen;
+- int out_len;
++ float out_len;
+
+ chunks = srclen / chunklen;
+ restlen = srclen - chunks * chunklen; /* srclen % chunklen */
+
+- out_len = (srclen + (chunks + 1) * endlen + 1);
++ out_len = chunks + 1;
++ out_len *= endlen;
++ out_len += srclen + 1;
+
+ if (out_len > INT_MAX || out_len <= 0) {
+ return NULL;
+ }
+
+- dest = safe_emalloc(out_len, sizeof(char), 0);
++ dest = safe_emalloc((int)out_len, sizeof(char), 0);
+
+ for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) {
+ memcpy(q, p, chunklen);