Add patches to fix SA43328.

Bump PKGREVISION.
author: taca <taca@pkgsrc.org> 2011-02-21 16:25:33 +0000
committer: taca <taca@pkgsrc.org> 2011-02-21 16:25:33 +0000
commit: f3d8d091c6082fb2d7db855779cc0bd6548af3d1 (patch)
tree: cad820057f2e0df9258aa186a39a0ba3e5bfe7f5 /lang
parent: c46af70b89998a2d71e6747385631f63b623dcb5 (diff)
download: pkgsrc-f3d8d091c6082fb2d7db855779cc0bd6548af3d1.tar.gz
4 files changed, 174 insertions, 2 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index e91ef909463..9fac3702858 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.82 2011/02/15 20:52:24 shattered Exp $
+# $NetBSD: Makefile,v 1.83 2011/02/21 16:25:33 taca Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
diff --git a/lang/php5/patches/patch-ext_exif_exif.c b/lang/php5/patches/patch-ext_exif_exif.c
new file mode 100644
index 00000000000..eb09f846fbe
--- /dev/null
+++ b/lang/php5/patches/patch-ext_exif_exif.c
@@ -0,0 +1,63 @@
+$NetBSD: patch-ext_exif_exif.c,v 1.1 2011/02/21 16:25:33 taca Exp $
+
+Catch up to r308362 from PHP's repogitry for SA43328.
+
+--- ext/exif/exif.c.orig	2010-01-03 09:23:27.000000000 +0000
++++ ext/exif/exif.c
+@@ -40,6 +40,16 @@
+ #include "php.h"
+ #include "ext/standard/file.h"
+ 
++#ifdef HAVE_STDINT_H
++# include <stdint.h>
++#endif
++#ifdef HAVE_INTTYPES_H
++# include <inttypes.h>
++#endif
++#ifdef PHP_WIN32
++# include "win32/php_stdint.h"
++#endif
++
+ #if HAVE_EXIF
+ 
+ /* When EXIF_DEBUG is defined the module generates a lot of debug messages
+@@ -2826,6 +2836,7 @@ static int exif_process_IFD_TAG(image_in
+ 	int tag, format, components;
+ 	char *value_ptr, tagname[64], cbuf[32], *outside=NULL;
+ 	size_t byte_count, offset_val, fpos, fgot;
++	int64_t byte_count_signed;
+ 	xp_field_type *tmp_xp;
+ #ifdef EXIF_DEBUG
+ 	char *dump_data;
+@@ -2850,13 +2861,20 @@ static int exif_process_IFD_TAG(image_in
+ 		/*return TRUE;*/
+ 	}
+ 
+-	byte_count = components * php_tiff_bytes_per_format[format];
++	if (components < 0) {
++		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components);
++		return FALSE;
++	}
++
++	byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format];
+ 
+-	if ((ssize_t)byte_count < 0) {
+-		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
++	if (byte_count_signed < 0 || (byte_count_signed > INT32_MAX)) {
++		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC));
+ 		return FALSE;
+ 	}
+ 
++	byte_count = (size_t)byte_count_signed;
++
+ 	if (byte_count > 4) {
+ 		offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
+ 		/* If its bigger than 4 bytes, the dir entry contains an offset. */
+@@ -2921,6 +2939,7 @@ static int exif_process_IFD_TAG(image_in
+ 		efree(dump_data);
+ 	}
+ #endif
++
+ 	if (section_index==SECTION_THUMBNAIL) {
+ 		if (!ImageInfo->Thumbnail.data) {
+ 			switch(tag) {
diff --git a/lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c b/lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c
new file mode 100644
index 00000000000..b9898e2444b
--- /dev/null
+++ b/lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c
@@ -0,0 +1,17 @@
+$NetBSD: patch-ext_zip_lib_zip__name__locate.c,v 1.1 2011/02/21 16:25:33 taca Exp $
+
+Catch up to r307867 from PHP's repogitry for SA43328.
+
+--- ext/zip/lib/zip_name_locate.c.orig	2008-10-23 16:13:51.000000000 +0000
++++ ext/zip/lib/zip_name_locate.c
+@@ -60,6 +60,10 @@ _zip_name_locate(struct zip *za, const c
+ 	return -1;
+     }
+ 
++    if((flags & ZIP_FL_UNCHANGED)  && !za->cdir) {
++	return -1;
++    }
++
+     cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;
+ 
+     n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;
diff --git a/lang/php5/patches/patch-ext_zip_php__zip.c b/lang/php5/patches/patch-ext_zip_php__zip.c
new file mode 100644
index 00000000000..57f80de7642
--- /dev/null
+++ b/lang/php5/patches/patch-ext_zip_php__zip.c
@@ -0,0 +1,92 @@
+$NetBSD: patch-ext_zip_php__zip.c,v 1.1 2011/02/21 16:25:33 taca Exp $
+
+Catch up to r308107 from PHP's repository.
+
+--- ext/zip/php_zip.c.orig	2010-11-30 11:04:06.000000000 +0000
++++ ext/zip/php_zip.c
+@@ -436,7 +436,7 @@ static int php_zip_extract_file(struct z
+ 			len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file_dirname);
+ 		}
+ 
+-		php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC);
++		php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
+ 
+ 		if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
+ 			efree(file_dirname_fullpath);
+@@ -447,7 +447,7 @@ static int php_zip_extract_file(struct z
+ 	}
+ 
+ 	/* let see if the path already exists */
+-	if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
++	if (php_stream_stat_path_ex(file_dirname_fullpath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
+ 
+ #if defined(PHP_WIN32) && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 1)
+ 		char *e;
+@@ -483,9 +483,14 @@ static int php_zip_extract_file(struct z
+ 		efree(file_dirname_fullpath);
+ 		efree(file_basename);
+ 		free(new_state.cwd);
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot build full extract path");
+ 		return 0;
+ 	} else if (len > MAXPATHLEN) {
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++		efree(file_dirname_fullpath);
++		efree(file_basename);
++		free(new_state.cwd);
++		return 0;
+ 	}
+ 
+ 	/* check again the full path, not sure if it
+@@ -500,27 +505,42 @@ static int php_zip_extract_file(struct z
+ 		return 0;
+ 	}
+ 
++#if PHP_API_VERSION < 20100412
++	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
++#else
++	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
++#endif
++
++	if (stream == NULL) {
++		n = -1;
++		goto done;
++	}
++
+ 	zf = zip_fopen(za, file, 0);
+ 	if (zf == NULL) {
++		n = -1;
++		php_stream_close(stream);
++		goto done;
++	}
++
++	n = 0;
++	if (stream == NULL) {
++		int ret = zip_fclose(zf);
+ 		efree(fullpath);
+-		efree(file_dirname_fullpath);
+ 		efree(file_basename);
++		efree(file_dirname_fullpath);
+ 		free(new_state.cwd);
+ 		return 0;
+ 	}
+ 
+-#if (PHP_MAJOR_VERSION < 6)
+-	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+-#else
+-	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
+-#endif
+-	n = 0;
+-	if (stream) {
+-		while ((n=zip_fread(zf, b, sizeof(b))) > 0) php_stream_write(stream, b, n);
+-		php_stream_close(stream);
++	while ((n=zip_fread(zf, b, sizeof(b))) > 0) {
++		php_stream_write(stream, b, n);
+ 	}
++
++	php_stream_close(stream);
+ 	n = zip_fclose(zf);
+ 
++done:
+ 	efree(fullpath);
+ 	efree(file_basename);
+ 	efree(file_dirname_fullpath);
author	taca <taca@pkgsrc.org>	2011-02-21 16:25:33 +0000
committer	taca <taca@pkgsrc.org>	2011-02-21 16:25:33 +0000
commit	f3d8d091c6082fb2d7db855779cc0bd6548af3d1 (patch)
tree	cad820057f2e0df9258aa186a39a0ba3e5bfe7f5 /lang
parent	c46af70b89998a2d71e6747385631f63b623dcb5 (diff)
download	pkgsrc-f3d8d091c6082fb2d7db855779cc0bd6548af3d1.tar.gz