diff options
Diffstat (limited to 'lang')
-rw-r--r-- | lang/php53/Makefile | 4 | ||||
-rw-r--r-- | lang/php53/distinfo | 3 | ||||
-rw-r--r-- | lang/php53/patches/patch-ext_phar_tar.c | 23 |
3 files changed, 27 insertions, 3 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index e83664190f1..b847fc76e72 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,10 +1,10 @@ -# $NetBSD: Makefile,v 1.29 2012/05/31 15:58:10 taca Exp $ +# $NetBSD: Makefile,v 1.30 2012/06/12 14:45:51 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/distinfo b/lang/php53/distinfo index b945a5c0376..23801896690 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.43 2012/06/03 21:23:10 abs Exp $ +$NetBSD: distinfo,v 1.44 2012/06/12 14:45:51 taca Exp $ SHA1 (php-5.3.13.tar.bz2) = 8a52dae3fc9e27814c15fc0ebd744bee38305248 RMD160 (php-5.3.13.tar.bz2) = 1ad55e7bd1262471c66d2236fbba76c137960029 @@ -17,6 +17,7 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e +SHA1 (patch-ext_phar_tar.c) = a19b4e6c2e663dbd254dbb1d5bb25de57d6cef27 SHA1 (patch-ext_standard_basic__functions.c) = 18596d281017760293189d87d19de9c5c772232d SHA1 (patch-ext_standard_crypt__freesec.c) = 5851993e4197bec2b61d6e58601173d564fed112 SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad diff --git a/lang/php53/patches/patch-ext_phar_tar.c b/lang/php53/patches/patch-ext_phar_tar.c new file mode 100644 index 00000000000..9586abfdd70 --- /dev/null +++ b/lang/php53/patches/patch-ext_phar_tar.c @@ -0,0 +1,23 @@ +$NetBSD: patch-ext_phar_tar.c,v 1.1 2012/06/12 14:45:51 taca Exp $ + +Fix for http://secunia.com/advisories/44335/, also CVE-2012-2386. + +--- ext/phar/tar.c.orig 2012-05-08 09:22:27.000000000 +0000 ++++ ext/phar/tar.c +@@ -337,6 +337,16 @@ bail: + last_was_longlink = 1; + /* support the ././@LongLink system for storing long filenames */ + entry.filename_len = entry.uncompressed_filesize; ++ ++ /* Check for overflow - bug 61065 */ ++ if (entry.filename_len == UINT_MAX) { ++ if (error) { ++ spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname); ++ } ++ php_stream_close(fp); ++ phar_destroy_phar_data(myphar TSRMLS_CC); ++ return FAILURE; ++ } + entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent); + + read = php_stream_read(fp, entry.filename, entry.filename_len); |