diff options
author | taca <taca@pkgsrc.org> | 2012-02-02 16:00:40 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2012-02-02 16:00:40 +0000 |
commit | 4d41371e275ee33b16e26331293c211b950c3cfc (patch) | |
tree | b1d43e5de9e30d36e04470c829e0e39821715d49 /lang | |
parent | 005389469a375c61854ea5628dc2e09dcc4ebdff (diff) | |
download | pkgsrc-4d41371e275ee33b16e26331293c211b950c3cfc.tar.gz |
Add fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP
Hashtable Collision DOS" by revision 323007 from PHP's repository.
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
Bump PKGREVISION.
Diffstat (limited to 'lang')
-rw-r--r-- | lang/php53/Makefile | 4 | ||||
-rw-r--r-- | lang/php53/distinfo | 3 | ||||
-rw-r--r-- | lang/php53/patches/patch-main_php__variables.c | 19 |
3 files changed, 23 insertions, 3 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index 4325786c092..c98845b546f 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.21 2012/01/20 03:22:08 taca Exp $ +# $NetBSD: Makefile,v 1.22 2012/02/02 16:00:40 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/distinfo b/lang/php53/distinfo index 8bc1d2d3223..b8e2c5a28e0 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.32 2012/02/02 15:44:09 taca Exp $ +$NetBSD: distinfo,v 1.33 2012/02/02 16:00:40 taca Exp $ SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51 RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6 @@ -17,5 +17,6 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e +SHA1 (patch-main_php__variables.c) = 2938bda56e51ddefd8b589035fc68ded9b83ab57 SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c new file mode 100644 index 00000000000..e262dd0ecf6 --- /dev/null +++ b/lang/php53/patches/patch-main_php__variables.c @@ -0,0 +1,19 @@ +$NetBSD: patch-main_php__variables.c,v 1.3 2012/02/02 16:00:40 taca Exp $ + +Fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHP Hashtable +Collision DOS" by revision 323007 from PHP's repository. + +http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ + +--- main/php_variables.c.orig 2012-01-01 13:15:04.000000000 +0000 ++++ main/php_variables.c +@@ -198,6 +198,9 @@ PHPAPI void php_register_variable_ex(cha + MAKE_STD_ZVAL(gpc_element); + array_init(gpc_element); + zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); ++ } else { ++ efree(var_orig); ++ return; + } + } + if (index != escaped_index) { |