summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lang/php55/Makefile3
-rw-r--r--lang/php55/distinfo4
-rw-r--r--lang/php55/patches/patch-ext_spl_spl__array.c27
-rw-r--r--lang/php55/patches/patch-ext_spl_spl__dllist.c18
4 files changed, 50 insertions, 2 deletions
diff --git a/lang/php55/Makefile b/lang/php55/Makefile
index c9d6c385cdb..77718501b91 100644
--- a/lang/php55/Makefile
+++ b/lang/php55/Makefile
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.14 2014/06/27 11:34:19 taca Exp $
+# $NetBSD: Makefile,v 1.15 2014/07/13 15:23:42 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
+PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff --git a/lang/php55/distinfo b/lang/php55/distinfo
index 683199454c4..9f83e7e5cd9 100644
--- a/lang/php55/distinfo
+++ b/lang/php55/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2014/06/27 11:34:19 taca Exp $
+$NetBSD: distinfo,v 1.26 2014/07/13 15:23:42 taca Exp $
SHA1 (php-5.5.14.tar.bz2) = 062d351da165aa0568e4d8cbc53a18d73b99f49a
RMD160 (php-5.5.14.tar.bz2) = d3f87693d3118cfdc64a7b77e9b765ce4eb7ae60
@@ -16,6 +16,8 @@ SHA1 (patch-ext_pdo__mysql_config.m4) = 3526e737da25129710218e7141d5a05ae0a51390
SHA1 (patch-ext_pdo_config.m4) = 26a4ad02e5c6b7a54c3c54a6d026a3ccfed62c59
SHA1 (patch-ext_phar_Makefile.frag) = 1af23d9135557bc7ba2f3627b317d4cbef37aaba
SHA1 (patch-ext_phar_phar_phar.php) = 011f2d68048dbc63f5efcab4e23062daa9e8e08c
+SHA1 (patch-ext_spl_spl__array.c) = de3ac1ade2201fedb41fb23efb03887307de45bc
+SHA1 (patch-ext_spl_spl__dllist.c) = f98d5dc1199eb021e776599761e0823ce8463f2e
SHA1 (patch-ext_sqlite3_libsqlite_sqlite3.c) = b384b9daa466f2a8a3e6cfd4ea6cff81f9342941
SHA1 (patch-ext_standard_basic__functions.c) = f2a44998145306c2cb2d2f3822c0e7cc70c778b4
SHA1 (patch-makedist) = 3f6b0621d30264824f2cb4c2903d15ba95be3937
diff --git a/lang/php55/patches/patch-ext_spl_spl__array.c b/lang/php55/patches/patch-ext_spl_spl__array.c
new file mode 100644
index 00000000000..592c8c6d699
--- /dev/null
+++ b/lang/php55/patches/patch-ext_spl_spl__array.c
@@ -0,0 +1,27 @@
+$NetBSD: patch-ext_spl_spl__array.c,v 1.1 2014/07/13 15:23:42 taca Exp $
+
+Fix for CVE-2014-4698.
+
+--- ext/spl/spl_array.c.orig 2014-06-25 13:06:23.000000000 +0000
++++ ext/spl/spl_array.c
+@@ -1733,6 +1733,7 @@ SPL_METHOD(Array, unserialize)
+ const unsigned char *p, *s;
+ php_unserialize_data_t var_hash;
+ zval *pmembers, *pflags = NULL;
++ HashTable *aht;
+ long flags;
+
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &buf, &buf_len) == FAILURE) {
+@@ -1744,6 +1745,12 @@ SPL_METHOD(Array, unserialize)
+ return;
+ }
+
++ aht = spl_array_get_hash_table(intern, 0 TSRMLS_CC);
++ if (aht->nApplyCount > 0) {
++ zend_error(E_WARNING, "Modification of ArrayObject during sorting is prohibited");
++ return;
++ }
++
+ /* storage */
+ s = p = (const unsigned char*)buf;
+ PHP_VAR_UNSERIALIZE_INIT(var_hash);
diff --git a/lang/php55/patches/patch-ext_spl_spl__dllist.c b/lang/php55/patches/patch-ext_spl_spl__dllist.c
new file mode 100644
index 00000000000..32d0944c58b
--- /dev/null
+++ b/lang/php55/patches/patch-ext_spl_spl__dllist.c
@@ -0,0 +1,18 @@
+$NetBSD: patch-ext_spl_spl__dllist.c,v 1.1 2014/07/13 15:23:42 taca Exp $
+
+Fix for CVE-2014-4670.
+
+--- ext/spl/spl_dllist.c.orig 2014-06-25 13:06:23.000000000 +0000
++++ ext/spl/spl_dllist.c
+@@ -916,6 +916,11 @@ SPL_METHOD(SplDoublyLinkedList, offsetUn
+ llist->dtor(element TSRMLS_CC);
+ }
+
++ if (intern->traverse_pointer == element) {
++ SPL_LLIST_DELREF(element);
++ intern->traverse_pointer = NULL;
++ }
++
+ zval_ptr_dtor((zval **)&element->data);
+ element->data = NULL;
+