diff options
| author | taca <taca> | 2011-02-26 02:55:28 +0000 |
|---|---|---|
| committer | taca <taca> | 2011-02-26 02:55:28 +0000 |
| commit | b13803e351d3ab9f5564868bbc0527719e0d3f4a (patch) | |
| tree | 169ae2aa151111a49cd05aea0aa6db3456f894f7 /textproc/php-intl | |
| parent | 0abd327d2c1aa608d2cfc39810b034bd9b5127e6 (diff) | |
| download | pkgsrc-b13803e351d3ab9f5564868bbc0527719e0d3f4a.tar.gz | |
Add a fix for CVE-2011-0420 (CERT: VU#210829) from PHP's repository, r306449.
Bump PKGREVISION.
Diffstat (limited to 'textproc/php-intl')
| -rw-r--r-- | textproc/php-intl/Makefile | 3 | ||||
| -rw-r--r-- | textproc/php-intl/distinfo | 3 | ||||
| -rw-r--r-- | textproc/php-intl/patches/patch-grapheme_grapheme__string.c | 26 |
3 files changed, 30 insertions, 2 deletions
diff --git a/textproc/php-intl/Makefile b/textproc/php-intl/Makefile index 012933285e5..54c380d1cce 100644 --- a/textproc/php-intl/Makefile +++ b/textproc/php-intl/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.4 2011/01/07 09:25:16 taca Exp $ +# $NetBSD: Makefile,v 1.5 2011/02/26 02:55:28 taca Exp $ MODNAME= intl PECL_VERSION= 1.1.2 +PKGREVISION= 1 CATEGORIES+= textproc COMMENT= PHP extension for i18n diff --git a/textproc/php-intl/distinfo b/textproc/php-intl/distinfo index 004f0b8b2fa..5a68b04067d 100644 --- a/textproc/php-intl/distinfo +++ b/textproc/php-intl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.2 2010/12/16 03:37:28 taca Exp $ +$NetBSD: distinfo,v 1.3 2011/02/26 02:55:28 taca Exp $ SHA1 (php-intl/intl-1.1.2.tgz) = c86b3a4734c331ac3e7a56bb50b11766f4c4d5f7 RMD160 (php-intl/intl-1.1.2.tgz) = 913c9f7fbb0f117e90affbbe5b17c1f881fb2fce @@ -12,3 +12,4 @@ SHA1 (patch-af) = 815006577c08b1cab7f0e5e601770f786c61c910 SHA1 (patch-ag) = 66db6e293f9eb9e81ccd6f8055aed2e036791247 SHA1 (patch-ah) = 024f97675087d3f282e6cd8af059179ea7faea60 SHA1 (patch-aj) = edb43a597a43db653af7be4d3066bf9bd376e8be +SHA1 (patch-grapheme_grapheme__string.c) = 46d02667c47f68671a166db3ffdd3a33c2678018 diff --git a/textproc/php-intl/patches/patch-grapheme_grapheme__string.c b/textproc/php-intl/patches/patch-grapheme_grapheme__string.c new file mode 100644 index 00000000000..f16db8ed36a --- /dev/null +++ b/textproc/php-intl/patches/patch-grapheme_grapheme__string.c @@ -0,0 +1,26 @@ +$NetBSD: patch-grapheme_grapheme__string.c,v 1.1 2011/02/26 02:55:28 taca Exp $ + +A fix for CVE-2011-0420 (CERT: VU#210829) from PHP's repository, r306449. + +--- grapheme/grapheme_string.c.orig 1970-01-01 09:13:08.000000000 +0000 ++++ grapheme/grapheme_string.c +@@ -819,11 +819,17 @@ PHP_FUNCTION(grapheme_extract) + } + + if ( lstart > INT32_MAX || lstart < 0 || lstart >= str_len ) { ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 0 TSRMLS_CC ); + +- intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 1 TSRMLS_CC ); +- + RETURN_FALSE; + } ++ if ( size > INT32_MAX || size < 0) { ++ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: size is invalid", 0 TSRMLS_CC ); ++ RETURN_FALSE; ++ } ++ if (size == 0) { ++ RETURN_EMPTY_STRING(); ++ } + + /* we checked that it will fit: */ + start = (int32_t) lstart; |