Pullup ticket #3774 - requested by taca

lang/php53 security update

Revisions pulled up:
- lang/php53/Makefile                                           1.26
- lang/php53/distinfo                                           1.39-1.40
- lang/php53/patches/patch-sapi_cgi_cgi__main.c                 1.1-1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun May  6 14:27:46 UTC 2012

   Modified Files:
   	pkgsrc/lang/php53: Makefile distinfo
   Added Files:
   	pkgsrc/lang/php53/patches: patch-sapi_cgi_cgi__main.c

   Log Message:
   Additional fix for CVS-2012-1823; it wasn't fixed by PHP 5.3.12.

   Bump PKGREVISION.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun May  6 14:31:21 UTC 2012

   Modified Files:
   	pkgsrc/lang/php53: distinfo
   	pkgsrc/lang/php53/patches: patch-sapi_cgi_cgi__main.c

   Log Message:
   Fix miss spelling in comment: s/CVS-/CVE-/.

3 files changed, 26 insertions, 2 deletions

diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index a660127144f..69bbe97f60f 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.24.2.1 2012/05/04 08:39:30 spz Exp $
+# $NetBSD: Makefile,v 1.24.2.2 2012/05/07 09:40:48 sbd Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		1
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index 221768d3f69..b9795e4834b 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.36.2.1 2012/05/04 08:39:30 spz Exp $
+$NetBSD: distinfo,v 1.36.2.2 2012/05/07 09:40:48 sbd Exp $
 
 SHA1 (php-5.3.12/php-5.3.12.tar.bz2) = 1aef7c01207637671299e3eb2d74eb81dd6a8f83
 RMD160 (php-5.3.12/php-5.3.12.tar.bz2) = 5d91c2d16b54632aa123677f63776b312872997c
@@ -19,3 +19,4 @@ SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
 SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad
 SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23
+SHA1 (patch-sapi_cgi_cgi__main.c) = 13fb85106ab2612f733caef3a42280fdca45ad6e
diff --git a/lang/php53/patches/patch-sapi_cgi_cgi__main.c b/lang/php53/patches/patch-sapi_cgi_cgi__main.c
new file mode 100644
index 00000000000..59b57635972
--- /dev/null
+++ b/lang/php53/patches/patch-sapi_cgi_cgi__main.c
@@ -0,0 +1,22 @@
+$NetBSD$
+
+Additional fix for CVE-2012-1823.
+
+--- sapi/cgi/cgi_main.c.orig	2012-05-03 13:54:59.000000000 +0000
++++ sapi/cgi/cgi_main.c
+@@ -1557,13 +1557,14 @@ int main(int argc, char *argv[])
+ 			getenv("REQUEST_METHOD")
+ 		) {
+ 			cgi = 1;
++			skip_getopt = 1;
+ 		}
+ 	}
+ 
+ 	if(query_string = getenv("QUERY_STRING")) {
+ 		decoded_query_string = strdup(query_string);
+ 		php_url_decode(decoded_query_string, strlen(decoded_query_string));
+-		if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) {
++		if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
+ 			skip_getopt = 1;
+ 		}
+ 		free(decoded_query_string);