summaryrefslogtreecommitdiff
path: root/lang
diff options
context:
space:
mode:
authortaca <taca@pkgsrc.org>2010-03-27 06:23:13 +0000
committertaca <taca@pkgsrc.org>2010-03-27 06:23:13 +0000
commit3fa16a28779b741d40df0edb5b2c65044ca246c0 (patch)
tree682f21a99948f55073de773b5defb39c360eb74b /lang
parentb7de2882a2c1c9b50d04b1b8d2261590fbfc74bf (diff)
downloadpkgsrc-3fa16a28779b741d40df0edb5b2c65044ca246c0.tar.gz
Add patch for php-xmlrpc to fix CVE-2010-0397 security problem.
These patch are created from r296152 and r296153 from svn from PHP.
Diffstat (limited to 'lang')
-rw-r--r--lang/php5/distinfo3
-rw-r--r--lang/php5/patches/patch-be35
-rw-r--r--lang/php53/distinfo6
-rw-r--r--lang/php53/patches/patch-ak35
4 files changed, 74 insertions, 5 deletions
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 6d403eec0ed..94d87ab0849 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.76 2010/03/04 15:36:04 taca Exp $
+$NetBSD: distinfo,v 1.77 2010/03/27 06:23:13 taca Exp $
SHA1 (php-5.2.13/php-5.2.13.tar.bz2) = 7127a21f1b493e3cd43f45cadecdb46b623eb1fb
RMD160 (php-5.2.13/php-5.2.13.tar.bz2) = 9e21d32a7b757d25ed827834b26235ea1eebfcc8
@@ -17,3 +17,4 @@ SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df
SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
+SHA1 (patch-be) = 6388d13d4e9f7ebf7b9a2cf6c096b85df44a648b
diff --git a/lang/php5/patches/patch-be b/lang/php5/patches/patch-be
new file mode 100644
index 00000000000..9f3c0d74373
--- /dev/null
+++ b/lang/php5/patches/patch-be
@@ -0,0 +1,35 @@
+$NetBSD: patch-be,v 1.1 2010/03/27 06:23:13 taca Exp $
+
+Fix for CVE-2010-0397: r296152, r296153 from svn from PHP.
+
+--- ext/xmlrpc/xmlrpc-epi-php.c.orig 2010-01-17 17:19:38.000000000 +0000
++++ ext/xmlrpc/xmlrpc-epi-php.c
+@@ -723,6 +723,7 @@ zval* decode_request_worker (zval* xml_i
+ zval* retval = NULL;
+ XMLRPC_REQUEST response;
+ STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
++ const char *method_name;
+ opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(Z_STRVAL_P(encoding_in)) : ENCODING_DEFAULT;
+
+ /* generate XMLRPC_REQUEST from raw xml */
+@@ -733,10 +734,16 @@ zval* decode_request_worker (zval* xml_i
+
+ if(XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
+ if(method_name_out) {
+- zval_dtor(method_name_out);
+- Z_TYPE_P(method_name_out) = IS_STRING;
+- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
+- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++ method_name = XMLRPC_RequestGetMethodName(response);
++ if (method_name) {
++ zval_dtor(method_name_out);
++ Z_TYPE_P(method_name_out) = IS_STRING;
++ Z_STRVAL_P(method_name_out) = estrdup(method_name);
++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++ } else if (retval) {
++ zval_ptr_dtor(&retval);
++ retval = NULL;
++ }
+ }
+ }
+
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index 55512678ed3..55e65464671 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,11 +1,8 @@
-$NetBSD: distinfo,v 1.1.1.1 2010/03/16 15:31:58 taca Exp $
+$NetBSD: distinfo,v 1.2 2010/03/27 06:23:13 taca Exp $
SHA1 (php-5.3.2/php-5.3.2.tar.bz2) = 79ea4ee3da3a7542d1e348ac963a5b38bcbb4b6b
RMD160 (php-5.3.2/php-5.3.2.tar.bz2) = 60a8aac0d51511ecaf8dcad9d31bdf072c0c99cf
Size (php-5.3.2/php-5.3.2.tar.bz2) = 10477662 bytes
-SHA1 (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = c48d3f24341d3b0214ca3e980320b23864aa93ba
-RMD160 (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = 64d8b7ec2ec91fd7a43b0cd95c0aa0df5b666768
-Size (php-5.3.2/suhosin-patch-5.3.2-0.9.9.1.patch.gz) = 40847 bytes
SHA1 (patch-aa) = f51491af7c577f36979fc07d52b5857368392e09
SHA1 (patch-ab) = 07c1a5463a302ea155aba10da0d6b0ee0aee43a8
SHA1 (patch-ac) = f1a0c3ebe65bc3c486c44411b384bc882288b55d
@@ -16,3 +13,4 @@ SHA1 (patch-ag) = c49cdff097d1e54ebe93b5afb550e89b0cc2468e
SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
+SHA1 (patch-ak) = f80a23158ea9105be47fc90465a1fee46673cc74
diff --git a/lang/php53/patches/patch-ak b/lang/php53/patches/patch-ak
new file mode 100644
index 00000000000..9b347870c1a
--- /dev/null
+++ b/lang/php53/patches/patch-ak
@@ -0,0 +1,35 @@
+$NetBSD: patch-ak,v 1.1 2010/03/27 06:23:13 taca Exp $
+
+Fix for CVE-2010-0397: r296152, r296153 from svn from PHP.
+
+--- ext/xmlrpc/xmlrpc-epi-php.c.orig 2010-02-03 20:19:05.000000000 +0000
++++ ext/xmlrpc/xmlrpc-epi-php.c
+@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in
+ zval* retval = NULL;
+ XMLRPC_REQUEST response;
+ STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
++ const char *method_name;
+ opts.xml_elem_opts.encoding = encoding_in ? utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT;
+
+ /* generate XMLRPC_REQUEST from raw xml */
+@@ -788,10 +789,16 @@ zval* decode_request_worker(char *xml_in
+
+ if (XMLRPC_RequestGetRequestType(response) == xmlrpc_request_call) {
+ if (method_name_out) {
+- zval_dtor(method_name_out);
+- Z_TYPE_P(method_name_out) = IS_STRING;
+- Z_STRVAL_P(method_name_out) = estrdup(XMLRPC_RequestGetMethodName(response));
+- Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++ method_name = XMLRPC_RequestGetMethodName(response);
++ if (method_name) {
++ zval_dtor(method_name_out);
++ Z_TYPE_P(method_name_out) = IS_STRING;
++ Z_STRVAL_P(method_name_out) = estrdup(method_name);
++ Z_STRLEN_P(method_name_out) = strlen(Z_STRVAL_P(method_name_out));
++ } else if (retval) {
++ zval_ptr_dtor(&retval);
++ retval = NULL;
++ }
+ }
+ }
+