Add fix for CVE-2013-6712, ext/date DoS vulnerability.

Bump PKGREVISION.
author: taca <taca> 2013-12-05 16:16:40 +0000
committer: taca <taca> 2013-12-05 16:16:40 +0000
commit: 0e8aaf5e0f8b939d0145ed4121cadd684e323909 (patch)
tree: a415a96be2d23371905dfd95a397d299bcfa9427 /lang
parent: 5c09a1d9890ed7e1053f0701d2c0114bd3b75960 (diff)
download: pkgsrc-0e8aaf5e0f8b939d0145ed4121cadd684e323909.tar.gz
12 files changed, 105 insertions, 7 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index c327b4f69fa..e34f8ab6579 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.43 2013/08/14 15:42:56 taca Exp $
+# $NetBSD: Makefile,v 1.44 2013/12/05 16:16:40 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		2
+PKGREVISION=		3
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index 2b319c58c92..ed7fde9c82c 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.68 2013/08/16 00:38:13 taca Exp $
+$NetBSD: distinfo,v 1.69 2013/12/05 16:16:40 taca Exp $
 
 SHA1 (php-5.3.27.tar.bz2) = 4f95682940ebe1bc1a93812d593460625a2aae64
 RMD160 (php-5.3.27.tar.bz2) = c2887004859f32b25229ffe52d86270c8de194b7
@@ -17,6 +17,8 @@ SHA1 (patch-ah) = 697156508da2d837a1ea1a41f036eab4fb87e94b
 SHA1 (patch-ai) = 9659f73eef1b4fcca9b844bdaa785ac6d5e582a1
 SHA1 (patch-aj) = 181658ae523bd60f67750566711fc078b49191b7
 SHA1 (patch-al) = fe534d7d50a529e3c7d0ffed76afdb70bb55a521
+SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = 1243e4cda1d6446ee4f8b6cab61556fa07837139
+SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 75d4abd666c17d7d5f8a4ee9e489bf2565f83524
 SHA1 (patch-ext_openssl_openssl.c) = f45f4322ac875db7b0bb86efb7cfda1f659ac6cc
 SHA1 (patch-ext_standard_basic__functions.c) = 017fd25e646af4d7eb2a0bd13b3c8da34eaee8c5
 SHA1 (patch-main_streams_cast.c) = d68b69c9418a8780b1610b8755487771f7c46a5a
diff --git a/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c b/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c
new file mode 100644
index 00000000000..e895589cb76
--- /dev/null
+++ b/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-ext_date_lib_parse__iso__intervals.c,v 1.1 2013/12/05 16:16:40 taca Exp $
+
+Fix for CVE-2013-6712.
+
+--- ext/date/lib/parse_iso_intervals.c.orig	2013-07-10 17:43:08.000000000 +0000
++++ ext/date/lib/parse_iso_intervals.c
+@@ -415,7 +415,7 @@ yy6:
+ 					break;
+ 			}
+ 			ptr++;
+-		} while (*ptr);
++		} while (!s->errors->error_count && *ptr);
+ 		s->have_period = 1;
+ 		TIMELIB_DEINIT;
+ 		return TIMELIB_PERIOD;
diff --git a/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re b/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re
new file mode 100644
index 00000000000..39c23175ab0
--- /dev/null
+++ b/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re
@@ -0,0 +1,15 @@
+$NetBSD: patch-ext_date_lib_parse__iso__intervals.re,v 1.1 2013/12/05 16:16:40 taca Exp $
+
+Fix for CVE-2013-6712.
+
+--- ext/date/lib/parse_iso_intervals.re.orig	2013-07-10 17:43:08.000000000 +0000
++++ ext/date/lib/parse_iso_intervals.re
+@@ -383,7 +383,7 @@ isoweek          = year4 "-"? "W" weekof
+ 					break;
+ 			}
+ 			ptr++;
+-		} while (*ptr);
++		} while (!s->errors->error_count && *ptr);
+ 		s->have_period = 1;
+ 		TIMELIB_DEINIT;
+ 		return TIMELIB_PERIOD;
diff --git a/lang/php54/Makefile b/lang/php54/Makefile
index 21f12e613c5..47e53ef1dbe 100644
--- a/lang/php54/Makefile
+++ b/lang/php54/Makefile
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.14 2013/08/16 15:28:23 taca Exp $
+# $NetBSD: Makefile,v 1.15 2013/12/05 16:17:15 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		1
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php54/distinfo b/lang/php54/distinfo
index 0ad59775a47..3c3d8ffcc73 100644
--- a/lang/php54/distinfo
+++ b/lang/php54/distinfo
@@ -1,10 +1,12 @@
-$NetBSD: distinfo,v 1.29 2013/11/16 09:45:26 taca Exp $
+$NetBSD: distinfo,v 1.30 2013/12/05 16:17:15 taca Exp $
 
 SHA1 (php-5.4.22.tar.bz2) = 4b73d3667a97db1ce32ebf5b98fcc4b2585d981b
 RMD160 (php-5.4.22.tar.bz2) = 578f25e8776b42e3f643bddcce9b92e376171343
 Size (php-5.4.22.tar.bz2) = 12246577 bytes
 SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00
 SHA1 (patch-configure) = ce3205292370fb279033aaa06138cea1a3725ef1
+SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = c2b18faed698a6ace171ca93cd082985ac3e1b83
+SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = 1a6b18d1d9bec66b0ab67cb2f602cc9ef97678b1
 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
 SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
diff --git a/lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.c b/lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.c
new file mode 100644
index 00000000000..a49dcca18c4
--- /dev/null
+++ b/lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-ext_date_lib_parse__iso__intervals.c,v 1.1 2013/12/05 16:17:15 taca Exp $
+
+Fix for CVE-2013-6712.
+
+--- ext/date/lib/parse_iso_intervals.c.orig	2013-11-13 06:46:59.000000000 +0000
++++ ext/date/lib/parse_iso_intervals.c
+@@ -415,7 +415,7 @@ yy6:
+ 					break;
+ 			}
+ 			ptr++;
+-		} while (*ptr);
++		} while (!s->errors->error_count && *ptr);
+ 		s->have_period = 1;
+ 		TIMELIB_DEINIT;
+ 		return TIMELIB_PERIOD;
diff --git a/lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.re b/lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.re
new file mode 100644
index 00000000000..03569f06228
--- /dev/null
+++ b/lang/php54/patches/patch-ext_date_lib_parse__iso__intervals.re
@@ -0,0 +1,15 @@
+$NetBSD: patch-ext_date_lib_parse__iso__intervals.re,v 1.1 2013/12/05 16:17:15 taca Exp $
+
+Fix for CVE-2013-6712.
+
+--- ext/date/lib/parse_iso_intervals.re.orig	2013-11-13 06:46:59.000000000 +0000
++++ ext/date/lib/parse_iso_intervals.re
+@@ -383,7 +383,7 @@ isoweek          = year4 "-"? "W" weekof
+ 					break;
+ 			}
+ 			ptr++;
+-		} while (*ptr);
++		} while (!s->errors->error_count && *ptr);
+ 		s->have_period = 1;
+ 		TIMELIB_DEINIT;
+ 		return TIMELIB_PERIOD;
diff --git a/lang/php55/Makefile b/lang/php55/Makefile
index add5aac9a99..e1a0c6b99c9 100644
--- a/lang/php55/Makefile
+++ b/lang/php55/Makefile
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.5 2013/08/17 13:15:21 taca Exp $
+# $NetBSD: Makefile,v 1.6 2013/12/05 16:17:47 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		1
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php55/distinfo b/lang/php55/distinfo
index 65f5c7fd6ce..3f37a992d56 100644
--- a/lang/php55/distinfo
+++ b/lang/php55/distinfo
@@ -1,10 +1,12 @@
-$NetBSD: distinfo,v 1.10 2013/11/15 16:33:14 taca Exp $
+$NetBSD: distinfo,v 1.11 2013/12/05 16:17:47 taca Exp $
 
 SHA1 (php-5.5.6.tar.bz2) = 02a30f72b1d6876a41b48548d4f95bf2b4761147
 RMD160 (php-5.5.6.tar.bz2) = 7a9289fe14e0a4edb3ff92eb8e3db9030e77d734
 Size (php-5.5.6.tar.bz2) = 12983030 bytes
 SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a
 SHA1 (patch-configure) = 37b19e0f75619ffe016a1d834dbe774ea4452a2d
+SHA1 (patch-ext_date_lib_parse__iso__intervals.c) = b0810f2e6d23cbc52356b38bc6a8fa545d1a0b6f
+SHA1 (patch-ext_date_lib_parse__iso__intervals.re) = fb27d18d88f13dce8d44de805f255d5af61afef1
 SHA1 (patch-ext_gd_config.m4) = 91c9798333d4776856a0a9e20196986856b758b2
 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
 SHA1 (patch-ext_mssql_php__mssql.c) = 4ef1837850443e9db2e71620a3ddaed5ab5c435b
diff --git a/lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.c b/lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.c
new file mode 100644
index 00000000000..f37ad891b0b
--- /dev/null
+++ b/lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-ext_date_lib_parse__iso__intervals.c,v 1.1 2013/12/05 16:17:48 taca Exp $
+
+Fix for CVE-2013-6712.
+
+--- ext/date/lib/parse_iso_intervals.c.orig	2013-11-12 14:17:27.000000000 +0000
++++ ext/date/lib/parse_iso_intervals.c
+@@ -380,7 +380,7 @@ yy6:
+ 					break;
+ 			}
+ 			ptr++;
+-		} while (*ptr);
++		} while (!s->errors->error_count && *ptr);
+ 		s->have_period = 1;
+ 		TIMELIB_DEINIT;
+ 		return TIMELIB_PERIOD;
diff --git a/lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.re b/lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.re
new file mode 100644
index 00000000000..201dc78ac65
--- /dev/null
+++ b/lang/php55/patches/patch-ext_date_lib_parse__iso__intervals.re
@@ -0,0 +1,15 @@
+$NetBSD: patch-ext_date_lib_parse__iso__intervals.re,v 1.1 2013/12/05 16:17:48 taca Exp $
+
+Fix for CVE-2013-6712.
+
+--- ext/date/lib/parse_iso_intervals.re.orig	2013-11-12 14:17:27.000000000 +0000
++++ ext/date/lib/parse_iso_intervals.re
+@@ -348,7 +348,7 @@ isoweek          = year4 "-"? "W" weekof
+ 					break;
+ 			}
+ 			ptr++;
+-		} while (*ptr);
++		} while (!s->errors->error_count && *ptr);
+ 		s->have_period = 1;
+ 		TIMELIB_DEINIT;
+ 		return TIMELIB_PERIOD;
author	taca <taca>	2013-12-05 16:16:40 +0000
committer	taca <taca>	2013-12-05 16:16:40 +0000
commit	0e8aaf5e0f8b939d0145ed4121cadd684e323909 (patch)
tree	a415a96be2d23371905dfd95a397d299bcfa9427 /lang
parent	5c09a1d9890ed7e1053f0701d2c0114bd3b75960 (diff)
download	pkgsrc-0e8aaf5e0f8b939d0145ed4121cadd684e323909.tar.gz