diff options
| author | taca <taca@pkgsrc.org> | 2011-05-16 13:08:45 +0000 |
|---|---|---|
| committer | taca <taca@pkgsrc.org> | 2011-05-16 13:08:45 +0000 |
| commit | 24fe43b93ba85e3ed56e7a76828d9dfb9d0bd0c4 (patch) | |
| tree | 35b063d2ad285b0118dd8ac5c6e9cd9e908cd856 /lang | |
| parent | 3ec868e56180ae4551ca138bc5f8284ecb8f53be (diff) | |
| download | pkgsrc-24fe43b93ba85e3ed56e7a76828d9dfb9d0bd0c4.tar.gz | |
Add a patch to fix for CVE-2011-1148 (and more bugfix) from PHP's repository.
Bump PKGREVISION.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/php53/Makefile | 3 | ||||
| -rw-r--r-- | lang/php53/distinfo | 6 | ||||
| -rw-r--r-- | lang/php53/patches/patch-ext_standard_string.c | 163 |
3 files changed, 167 insertions, 5 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index 900c6b881b2..07f766f9d0d 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.8 2011/03/19 07:01:18 taca Exp $ +# $NetBSD: Makefile,v 1.9 2011/05/16 13:08:45 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ COMMENT= PHP Hypertext Preprocessor version 5 diff --git a/lang/php53/distinfo b/lang/php53/distinfo index f288322d1a4..d6d6db09730 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,11 +1,8 @@ -$NetBSD: distinfo,v 1.13 2011/03/19 07:01:18 taca Exp $ +$NetBSD: distinfo,v 1.14 2011/05/16 13:08:45 taca Exp $ SHA1 (php-5.3.6/php-5.3.6.tar.bz2) = 0e0b9b4d9117f22080e2204afa9383469eb0dbbd RMD160 (php-5.3.6/php-5.3.6.tar.bz2) = 619bf96cf24bf6aa0988494186f8914fde94d44d Size (php-5.3.6/php-5.3.6.tar.bz2) = 10952171 bytes -SHA1 (php-5.3.6/suhosin-patch-5.3.4-0.9.10.patch.gz) = a2ab4bd03a329ec56a1f8b99e12e59f1838e0da6 -RMD160 (php-5.3.6/suhosin-patch-5.3.4-0.9.10.patch.gz) = e5105397a9e41997ad11d2a0be01c7e3c9d06c6e -Size (php-5.3.6/suhosin-patch-5.3.4-0.9.10.patch.gz) = 41092 bytes SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b SHA1 (patch-ac) = 07a3d6c9ee4c316033afd8c7db71eb21045a3afd @@ -17,3 +14,4 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e +SHA1 (patch-ext_standard_string.c) = fe16ffedd894a6d580f3c998b9f571f403f4a764 diff --git a/lang/php53/patches/patch-ext_standard_string.c b/lang/php53/patches/patch-ext_standard_string.c new file mode 100644 index 00000000000..369d95e9058 --- /dev/null +++ b/lang/php53/patches/patch-ext_standard_string.c @@ -0,0 +1,163 @@ +$NetBSD: patch-ext_standard_string.c,v 1.1 2011/05/16 13:08:45 taca Exp $ + +* Update to r310401 of PHP's repository, including fix for CVE-2011-1148. + +--- ext/standard/string.c.orig 2011-01-01 02:19:59.000000000 +0000 ++++ ext/standard/string.c +@@ -2352,20 +2352,35 @@ PHP_FUNCTION(substr_replace) + + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(str), &pos_str); + while (zend_hash_get_current_data_ex(Z_ARRVAL_PP(str), (void **) &tmp_str, &pos_str) == SUCCESS) { +- convert_to_string_ex(tmp_str); ++ zval *orig_str; ++ zval dummy; ++ if(Z_TYPE_PP(tmp_str) != IS_STRING) { ++ dummy = **tmp_str; ++ orig_str = &dummy; ++ zval_copy_ctor(orig_str); ++ convert_to_string(orig_str); ++ } else { ++ orig_str = *tmp_str; ++ } + + if (Z_TYPE_PP(from) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(from), (void **) &tmp_from, &pos_from)) { +- convert_to_long_ex(tmp_from); ++ if(Z_TYPE_PP(tmp_from) != IS_LONG) { ++ zval dummy = **tmp_from; ++ zval_copy_ctor(&dummy); ++ convert_to_long(&dummy); ++ f = Z_LVAL(dummy); ++ } else { ++ f = Z_LVAL_PP(tmp_from); ++ } + +- f = Z_LVAL_PP(tmp_from); + if (f < 0) { +- f = Z_STRLEN_PP(tmp_str) + f; ++ f = Z_STRLEN_P(orig_str) + f; + if (f < 0) { + f = 0; + } +- } else if (f > Z_STRLEN_PP(tmp_str)) { +- f = Z_STRLEN_PP(tmp_str); ++ } else if (f > Z_STRLEN_P(orig_str)) { ++ f = Z_STRLEN_P(orig_str); + } + zend_hash_move_forward_ex(Z_ARRVAL_PP(from), &pos_from); + } else { +@@ -2374,72 +2389,92 @@ PHP_FUNCTION(substr_replace) + } else { + f = Z_LVAL_PP(from); + if (f < 0) { +- f = Z_STRLEN_PP(tmp_str) + f; ++ f = Z_STRLEN_P(orig_str) + f; + if (f < 0) { + f = 0; + } +- } else if (f > Z_STRLEN_PP(tmp_str)) { +- f = Z_STRLEN_PP(tmp_str); ++ } else if (f > Z_STRLEN_P(orig_str)) { ++ f = Z_STRLEN_P(orig_str); + } + } + + if (argc > 3 && Z_TYPE_PP(len) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(len), (void **) &tmp_len, &pos_len)) { +- convert_to_long_ex(tmp_len); +- +- l = Z_LVAL_PP(tmp_len); ++ if(Z_TYPE_PP(tmp_len) != IS_LONG) { ++ zval dummy = **tmp_len; ++ zval_copy_ctor(&dummy); ++ convert_to_long(&dummy); ++ l = Z_LVAL(dummy); ++ } else { ++ l = Z_LVAL_PP(tmp_len); ++ } + zend_hash_move_forward_ex(Z_ARRVAL_PP(len), &pos_len); + } else { +- l = Z_STRLEN_PP(tmp_str); ++ l = Z_STRLEN_P(orig_str); + } + } else if (argc > 3) { + l = Z_LVAL_PP(len); + } else { +- l = Z_STRLEN_PP(tmp_str); ++ l = Z_STRLEN_P(orig_str); + } + + if (l < 0) { +- l = (Z_STRLEN_PP(tmp_str) - f) + l; ++ l = (Z_STRLEN_P(orig_str) - f) + l; + if (l < 0) { + l = 0; + } + } + +- if ((f + l) > Z_STRLEN_PP(tmp_str)) { +- l = Z_STRLEN_PP(tmp_str) - f; ++ if ((f + l) > Z_STRLEN_P(orig_str)) { ++ l = Z_STRLEN_P(orig_str) - f; + } + +- result_len = Z_STRLEN_PP(tmp_str) - l; ++ result_len = Z_STRLEN_P(orig_str) - l; + + if (Z_TYPE_PP(repl) == IS_ARRAY) { + if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(repl), (void **) &tmp_repl, &pos_repl)) { +- convert_to_string_ex(tmp_repl); +- result_len += Z_STRLEN_PP(tmp_repl); ++ zval *repl_str; ++ zval zrepl; ++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { ++ zrepl = **tmp_repl; ++ repl_str = &zrepl; ++ zval_copy_ctor(repl_str); ++ convert_to_string(repl_str); ++ } else { ++ repl_str = *tmp_repl; ++ } ++ ++ result_len += Z_STRLEN_P(repl_str); + zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl); + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); +- memcpy((result + f), Z_STRVAL_PP(tmp_repl), Z_STRLEN_PP(tmp_repl)); +- memcpy((result + f + Z_STRLEN_PP(tmp_repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy(result, Z_STRVAL_P(orig_str), f); ++ memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str)); ++ memcpy((result + f + Z_STRLEN_P(repl_str)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); ++ if(Z_TYPE_PP(tmp_repl) != IS_STRING) { ++ zval_dtor(repl_str); ++ } + } else { + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); +- memcpy((result + f), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy(result, Z_STRVAL_P(orig_str), f); ++ memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); + } + } else { + result_len += Z_STRLEN_PP(repl); + + result = emalloc(result_len + 1); + +- memcpy(result, Z_STRVAL_PP(tmp_str), f); ++ memcpy(result, Z_STRVAL_P(orig_str), f); + memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl)); +- memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l); ++ memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l); + } + + result[result_len] = '\0'; + add_next_index_stringl(return_value, result, result_len, 0); +- ++ if(Z_TYPE_PP(tmp_str) != IS_STRING) { ++ zval_dtor(orig_str); ++ } + zend_hash_move_forward_ex(Z_ARRVAL_PP(str), &pos_str); + } /*while*/ + } /* if */ |