Add security fix for http://www.ocert.org/advisories/ocert-2011-003.html

from r321038 from PHP's repository.

Bump PKGREVISION.

5 files changed, 65 insertions, 4 deletions

diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index 0724983caee..e0a0bff4fab 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.18 2011/10/20 13:32:20 taca Exp $
+# $NetBSD: Makefile,v 1.19 2012/01/03 16:23:14 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index 7e605eebc73..339f89680fe 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.26 2011/10/20 14:30:55 taca Exp $
+$NetBSD: distinfo,v 1.27 2012/01/03 16:23:14 taca Exp $
 
 SHA1 (php-5.3.8/php-5.3.8.tar.bz2) = 8f29029e092f262876bfdd2ce56f6867e2b74b85
 RMD160 (php-5.3.8/php-5.3.8.tar.bz2) = f18a18e2dfd7ea7885760eec2a05b3c4a15ad9db
@@ -6,7 +6,7 @@ Size (php-5.3.8/php-5.3.8.tar.bz2) = 11190060 bytes
 SHA1 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 3c38e873584b8f9e325a813cc9b197a342595099
 RMD160 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 19f789bf49a5fed2cd88b199fd8ac5d1ffa9bdc8
 Size (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 41175 bytes
-SHA1 (patch-Zend_zend__builtin__functions.c) = 3d734b2137cd0b31ed54725f18059aba67f0de5b
+SHA1 (patch-Zend_zend__builtin__functions.c) = beada1a54586a545e934c40085c14d1b9e8e02f3
 SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e
 SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b
 SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690
@@ -19,5 +19,8 @@ SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
 SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
 SHA1 (patch-as) = 5faa039f0ab7663e82787973e937aea685ba2dac
+SHA1 (patch-main_main.c) = f99875ecd8a74db8454af36a840c8a7f24a58c7a
+SHA1 (patch-main_php__globals.h) = 0bf4b91293ef61649b3259ae5b2d9f4d921058d7
+SHA1 (patch-main_php__variables.c) = 36956e69bfa3fcb87cd851b5e1d1a13cf470ef32
 SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23
 SHA1 (patch-php__mssql.h) = fa9e349127121cf478691c108ac611563e445c40
diff --git a/lang/php53/patches/patch-main_main.c b/lang/php53/patches/patch-main_main.c
new file mode 100644
index 00000000000..75ed38ee3c2
--- /dev/null
+++ b/lang/php53/patches/patch-main_main.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-main_main.c,v 1.1 2012/01/03 16:23:14 taca Exp $
+
+* Fix for http://www.ocert.org/advisories/ocert-2011-003.html
+  from r321038 from PHP's repository.
+
+--- main/main.c.orig	2012-01-03 02:28:53.000000000 +0000
++++ main/main.c
+@@ -504,6 +504,7 @@ PHP_INI_BEGIN()
+ 	STD_PHP_INI_ENTRY("post_max_size",			"8M",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLong,			post_max_size,			sapi_globals_struct,sapi_globals)
+ 	STD_PHP_INI_ENTRY("upload_tmp_dir",			NULL,		PHP_INI_SYSTEM,		OnUpdateStringUnempty,	upload_tmp_dir,			php_core_globals,	core_globals)
+ 	STD_PHP_INI_ENTRY("max_input_nesting_level", "64",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_nesting_level,			php_core_globals,	core_globals)
++	STD_PHP_INI_ENTRY("max_input_vars",			"1000",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_vars,						php_core_globals,	core_globals)
+ 
+ 	STD_PHP_INI_ENTRY("user_dir",				NULL,		PHP_INI_SYSTEM,		OnUpdateString,			user_dir,				php_core_globals,	core_globals)
+ 	STD_PHP_INI_ENTRY("variables_order",		"EGPCS",	PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateStringUnempty,	variables_order,		php_core_globals,	core_globals)
diff --git a/lang/php53/patches/patch-main_php__globals.h b/lang/php53/patches/patch-main_php__globals.h
new file mode 100644
index 00000000000..9950417c1ef
--- /dev/null
+++ b/lang/php53/patches/patch-main_php__globals.h
@@ -0,0 +1,16 @@
+$NetBSD: patch-main_php__globals.h,v 1.1 2012/01/03 16:23:14 taca Exp $
+
+* Fix for http://www.ocert.org/advisories/ocert-2011-003.html
+  from r321038 from PHP's repository.
+
+--- main/php_globals.h.orig	2011-01-01 02:19:59.000000000 +0000
++++ main/php_globals.h
+@@ -170,6 +170,8 @@ struct _php_core_globals {
+ 	char *mail_log;
+ 
+ 	zend_bool in_error_log;
++
++	long max_input_vars;
+ };
+ 
+ 
diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c
new file mode 100644
index 00000000000..d970b8a202d
--- /dev/null
+++ b/lang/php53/patches/patch-main_php__variables.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-main_php__variables.c,v 1.1 2012/01/03 16:23:14 taca Exp $
+
+* Fix for http://www.ocert.org/advisories/ocert-2011-003.html
+  from r321038 from PHP's repository.
+
+--- main/php_variables.c.orig	2011-01-01 02:19:59.000000000 +0000
++++ main/php_variables.c
+@@ -191,6 +191,9 @@ PHPAPI void php_register_variable_ex(cha
+ 				}
+ 				if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
+ 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
++					if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
++						php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
++					}
+ 					MAKE_STD_ZVAL(gpc_element);
+ 					array_init(gpc_element);
+ 					zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+@@ -236,6 +239,9 @@ plain_var:
+ 				zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
+ 				zval_ptr_dtor(&gpc_element);
+ 			} else {
++				if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
++					php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
++				}
+ 				zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
+ 			}
+ 			if (escaped_index != index) {