diff options
| author | taca <taca> | 2012-05-13 16:09:52 +0000 |
|---|---|---|
| committer | taca <taca> | 2012-05-13 16:09:52 +0000 |
| commit | 71818cab7896b224d0642c82bd94625aed075d0b (patch) | |
| tree | 2a70d9357ea19953f0d355186a83f18745a820f5 /lang | |
| parent | 25ee9e76933a706d1571c1f066f6261be33977ea (diff) | |
| download | pkgsrc-71818cab7896b224d0642c82bd94625aed075d0b.tar.gz | |
Add fix for CVE-2012-1823.
Bump PKGREVISION.
Diffstat (limited to 'lang')
| -rw-r--r-- | lang/php5/Makefile | 4 | ||||
| -rw-r--r-- | lang/php5/distinfo | 3 | ||||
| -rw-r--r-- | lang/php5/patches/patch-sapi_cgi_cgi__main.c | 24 |
3 files changed, 28 insertions, 3 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile index 54ab99f7626..ae9554d7978 100644 --- a/lang/php5/Makefile +++ b/lang/php5/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.87 2011/06/24 11:59:29 taca Exp $ +# $NetBSD: Makefile,v 1.88 2012/05/13 16:09:52 taca Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php5/distinfo b/lang/php5/distinfo index 46f3521e7b6..cfc98b53109 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.93 2012/02/02 15:47:13 taca Exp $ +$NetBSD: distinfo,v 1.94 2012/05/13 16:09:52 taca Exp $ SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9 @@ -27,3 +27,4 @@ SHA1 (patch-main_snprintf.c) = cb112df0cadf84aaeee5987169a31460989995a8 SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275 SHA1 (patch-main_streams_cast.c) = 0e69cad7d6451b18ec844cc8ea6d18eaf0748530 +SHA1 (patch-sapi_cgi_cgi__main.c) = a88f29e80810a3c9d9d895051c9dd3c1da8099b8 diff --git a/lang/php5/patches/patch-sapi_cgi_cgi__main.c b/lang/php5/patches/patch-sapi_cgi_cgi__main.c new file mode 100644 index 00000000000..8da6e0c7124 --- /dev/null +++ b/lang/php5/patches/patch-sapi_cgi_cgi__main.c @@ -0,0 +1,24 @@ +$NetBSD: patch-sapi_cgi_cgi__main.c,v 1.1 2012/05/13 16:09:52 taca Exp $ + +* fix for CVE-2012-1823. + +--- sapi/cgi/cgi_main.c.orig 2010-01-03 09:23:27.000000000 +0000 ++++ sapi/cgi/cgi_main.c +@@ -1405,7 +1405,7 @@ int main(int argc, char *argv[]) + } + #endif + +- while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) { ++ while (!cgi && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) { + switch (c) { + case 'c': + if (cgi_sapi_module.php_ini_path_override) { +@@ -1659,7 +1659,7 @@ consult the installation file that came + #endif /* FASTCGI */ + + zend_first_try { +- while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1)) != -1) { ++ while (!cgi && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1)) != -1) { + switch (c) { + #if PHP_FASTCGI + case 'T': |