diff options
author | sbd <sbd> | 2012-05-07 09:40:48 +0000 |
---|---|---|
committer | sbd <sbd> | 2012-05-07 09:40:48 +0000 |
commit | 02266c13168f0cd7e2f0249e11243d83dcaee2ce (patch) | |
tree | 6d1416324c69b768d14e075ad1e994ea603f5c00 /lang | |
parent | c364027f3a43035c6e6853b41ab0ed8e9e3d8f85 (diff) | |
download | pkgsrc-02266c13168f0cd7e2f0249e11243d83dcaee2ce.tar.gz |
Pullup ticket #3774 - requested by taca
lang/php53 security update
Revisions pulled up:
- lang/php53/Makefile 1.26
- lang/php53/distinfo 1.39-1.40
- lang/php53/patches/patch-sapi_cgi_cgi__main.c 1.1-1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 6 14:27:46 UTC 2012
Modified Files:
pkgsrc/lang/php53: Makefile distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-sapi_cgi_cgi__main.c
Log Message:
Additional fix for CVS-2012-1823; it wasn't fixed by PHP 5.3.12.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Sun May 6 14:31:21 UTC 2012
Modified Files:
pkgsrc/lang/php53: distinfo
pkgsrc/lang/php53/patches: patch-sapi_cgi_cgi__main.c
Log Message:
Fix miss spelling in comment: s/CVS-/CVE-/.
Diffstat (limited to 'lang')
-rw-r--r-- | lang/php53/Makefile | 3 | ||||
-rw-r--r-- | lang/php53/distinfo | 3 | ||||
-rw-r--r-- | lang/php53/patches/patch-sapi_cgi_cgi__main.c | 22 |
3 files changed, 26 insertions, 2 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index a660127144f..69bbe97f60f 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.24.2.1 2012/05/04 08:39:30 spz Exp $ +# $NetBSD: Makefile,v 1.24.2.2 2012/05/07 09:40:48 sbd Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/distinfo b/lang/php53/distinfo index 221768d3f69..b9795e4834b 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.36.2.1 2012/05/04 08:39:30 spz Exp $ +$NetBSD: distinfo,v 1.36.2.2 2012/05/07 09:40:48 sbd Exp $ SHA1 (php-5.3.12/php-5.3.12.tar.bz2) = 1aef7c01207637671299e3eb2d74eb81dd6a8f83 RMD160 (php-5.3.12/php-5.3.12.tar.bz2) = 5d91c2d16b54632aa123677f63776b312872997c @@ -19,3 +19,4 @@ SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 +SHA1 (patch-sapi_cgi_cgi__main.c) = 13fb85106ab2612f733caef3a42280fdca45ad6e diff --git a/lang/php53/patches/patch-sapi_cgi_cgi__main.c b/lang/php53/patches/patch-sapi_cgi_cgi__main.c new file mode 100644 index 00000000000..59b57635972 --- /dev/null +++ b/lang/php53/patches/patch-sapi_cgi_cgi__main.c @@ -0,0 +1,22 @@ +$NetBSD$ + +Additional fix for CVE-2012-1823. + +--- sapi/cgi/cgi_main.c.orig 2012-05-03 13:54:59.000000000 +0000 ++++ sapi/cgi/cgi_main.c +@@ -1557,13 +1557,14 @@ int main(int argc, char *argv[]) + getenv("REQUEST_METHOD") + ) { + cgi = 1; ++ skip_getopt = 1; + } + } + + if(query_string = getenv("QUERY_STRING")) { + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); +- if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) { ++ if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { + skip_getopt = 1; + } + free(decoded_query_string); |