diff options
-rw-r--r-- | lang/php54/Makefile | 3 | ||||
-rw-r--r-- | lang/php54/distinfo | 10 | ||||
-rw-r--r-- | lang/php54/patches/patch-ext_date_php_date.c | 30 | ||||
-rw-r--r-- | lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt | 16 |
4 files changed, 5 insertions, 54 deletions
diff --git a/lang/php54/Makefile b/lang/php54/Makefile index b8dd082d0a3..db8ba26de1e 100644 --- a/lang/php54/Makefile +++ b/lang/php54/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.26 2015/02/18 11:04:03 sevan Exp $ +# $NetBSD: Makefile,v 1.27 2015/02/19 09:37:36 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php54/distinfo b/lang/php54/distinfo index dde448413eb..d82873cc667 100644 --- a/lang/php54/distinfo +++ b/lang/php54/distinfo @@ -1,14 +1,12 @@ -$NetBSD: distinfo,v 1.52 2015/02/18 11:04:03 sevan Exp $ +$NetBSD: distinfo,v 1.53 2015/02/19 09:37:36 taca Exp $ -SHA1 (php-5.4.37.tar.bz2) = 608e00a730e9674e1a2e2627175e7a27f4add18f -RMD160 (php-5.4.37.tar.bz2) = 9aa559cd4c4c63701133194b59ccff0f241a2241 -Size (php-5.4.37.tar.bz2) = 12275113 bytes +SHA1 (php-5.4.38.tar.bz2) = 863fcb872fe20d054d1a3444c27ec7f8be9f4317 +RMD160 (php-5.4.38.tar.bz2) = 5cd4d7c80badd19aa7e1081e3fd190607e46e1af +Size (php-5.4.38.tar.bz2) = 12273298 bytes SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00 SHA1 (patch-aclocal.m4) = 699086785fcd3d3834cc6016479dbdae6518e522 SHA1 (patch-build_libtool.m4) = d81527abea3bd97e220f00a5d5296d8b1bfe2659 SHA1 (patch-configure) = df6209127b1e23d17bc7128da3a44f3e44bbfd48 -SHA1 (patch-ext_date_php_date.c) = e1c6551a422c54c7be7ec16e6d10821f47cb924c -SHA1 (patch-ext_date_tests_bug68942_2.phpt) = 385ed2c3077b5384bff117b97867463c6bdac15e SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b diff --git a/lang/php54/patches/patch-ext_date_php_date.c b/lang/php54/patches/patch-ext_date_php_date.c deleted file mode 100644 index e1bc4ab8865..00000000000 --- a/lang/php54/patches/patch-ext_date_php_date.c +++ /dev/null @@ -1,30 +0,0 @@ -$NetBSD: patch-ext_date_php_date.c,v 1.1 2015/02/18 11:04:03 sevan Exp $ - -Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/php_date.c.orig 2015-01-20 20:06:02.000000000 +0000 -+++ ext/date/php_date.c -@@ -2575,12 +2575,9 @@ static int php_date_initialize_from_hash - timelib_tzinfo *tzi; - php_timezone_obj *tzobj; - -- if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { -- convert_to_string(*z_date); -- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { -- convert_to_long(*z_timezone_type); -- if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { -- convert_to_string(*z_timezone); -+ if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { -+ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { -+ if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { - - switch (Z_LVAL_PP(z_timezone_type)) { - case TIMELIB_ZONETYPE_OFFSET: -@@ -2595,7 +2592,6 @@ static int php_date_initialize_from_hash - - case TIMELIB_ZONETYPE_ID: { - int ret; -- convert_to_string(*z_timezone); - - tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC); - diff --git a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt deleted file mode 100644 index ceb358bbcee..00000000000 --- a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1 2015/02/18 11:04:03 sevan Exp $ - -Test for bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942_2.phpt.orig 2015-02-18 01:43:49.000000000 +0000 -+++ ext/date/tests/bug68942_2.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTime). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d |