diff options
| author | adrianp <adrianp@pkgsrc.org> | 2007-06-07 10:45:18 +0000 |
|---|---|---|
| committer | adrianp <adrianp@pkgsrc.org> | 2007-06-07 10:45:18 +0000 |
| commit | 6391ed8962797a370ac1f8a6b3fd83cd9c7ceb93 (patch) | |
| tree | 61e140e5bce7b8c212a4f8a5d37f859ee8a793f4 /lang | |
| parent | b79ed54e3a177dc8e70350c99d0de0408f197586 (diff) | |
| download | pkgsrc-6391ed8962797a370ac1f8a6b3fd83cd9c7ceb93.tar.gz | |
Add in the correct patch to fix CVE-2007-2872
Spotted by Takahiro Kambe
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/php5/Makefile | 3 | ||||
| -rw-r--r-- | lang/php5/distinfo | 3 | ||||
| -rw-r--r-- | lang/php5/patches/patch-am | 28 |
3 files changed, 32 insertions, 2 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile index 59dd2d36eff..410fa4db42d 100644 --- a/lang/php5/Makefile +++ b/lang/php5/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.52 2007/06/06 19:33:12 adrianp Exp $ +# $NetBSD: Makefile,v 1.53 2007/06/07 10:45:42 adrianp Exp $ PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php5/distinfo b/lang/php5/distinfo index df60f7b7269..34364de5ff3 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.41 2007/06/06 19:33:13 adrianp Exp $ +$NetBSD: distinfo,v 1.42 2007/06/07 10:45:42 adrianp Exp $ SHA1 (php-5.2.3/php-5.2.3.tar.bz2) = 0a02e05e1c663c0d4ee0b253917c0e140e606261 RMD160 (php-5.2.3/php-5.2.3.tar.bz2) = 3c895cf7e513e5a3d7d9f742a9d56102cbb3a79b @@ -9,3 +9,4 @@ SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50 +SHA1 (patch-am) = 430a79a913aa0885ff6ef9a8d7b938732747445a diff --git a/lang/php5/patches/patch-am b/lang/php5/patches/patch-am new file mode 100644 index 00000000000..248c955a0d5 --- /dev/null +++ b/lang/php5/patches/patch-am @@ -0,0 +1,28 @@ +$NetBSD: patch-am,v 1.3 2007/06/07 10:45:18 adrianp Exp $ + +--- ext/standard/string.c.orig 2007-05-30 01:33:13.000000000 +0100 ++++ ext/standard/string.c +@@ -1956,18 +1956,20 @@ static char *php_chunk_split(char *src, + char *p, *q; + int chunks; /* complete chunks! */ + int restlen; +- int out_len; ++ float out_len; + + chunks = srclen / chunklen; + restlen = srclen - chunks * chunklen; /* srclen % chunklen */ + +- out_len = (srclen + (chunks + 1) * endlen + 1); ++ out_len = chunks + 1; ++ out_len *= endlen; ++ out_len += srclen + 1; + + if (out_len > INT_MAX || out_len <= 0) { + return NULL; + } + +- dest = safe_emalloc(out_len, sizeof(char), 0); ++ dest = safe_emalloc((int)out_len, sizeof(char), 0); + + for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) { + memcpy(q, p, chunklen); |