summaryrefslogtreecommitdiff
path: root/lang
diff options
context:
space:
mode:
Diffstat (limited to 'lang')
-rw-r--r--lang/php53/Makefile4
-rw-r--r--lang/php53/distinfo3
-rw-r--r--lang/php53/patches/patch-ext_phar_tar.c23
3 files changed, 27 insertions, 3 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index e83664190f1..b847fc76e72 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.29 2012/05/31 15:58:10 taca Exp $
+# $NetBSD: Makefile,v 1.30 2012/06/12 14:45:51 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index b945a5c0376..23801896690 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.43 2012/06/03 21:23:10 abs Exp $
+$NetBSD: distinfo,v 1.44 2012/06/12 14:45:51 taca Exp $
SHA1 (php-5.3.13.tar.bz2) = 8a52dae3fc9e27814c15fc0ebd744bee38305248
RMD160 (php-5.3.13.tar.bz2) = 1ad55e7bd1262471c66d2236fbba76c137960029
@@ -17,6 +17,7 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
+SHA1 (patch-ext_phar_tar.c) = a19b4e6c2e663dbd254dbb1d5bb25de57d6cef27
SHA1 (patch-ext_standard_basic__functions.c) = 18596d281017760293189d87d19de9c5c772232d
SHA1 (patch-ext_standard_crypt__freesec.c) = 5851993e4197bec2b61d6e58601173d564fed112
SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad
diff --git a/lang/php53/patches/patch-ext_phar_tar.c b/lang/php53/patches/patch-ext_phar_tar.c
new file mode 100644
index 00000000000..9586abfdd70
--- /dev/null
+++ b/lang/php53/patches/patch-ext_phar_tar.c
@@ -0,0 +1,23 @@
+$NetBSD: patch-ext_phar_tar.c,v 1.1 2012/06/12 14:45:51 taca Exp $
+
+Fix for http://secunia.com/advisories/44335/, also CVE-2012-2386.
+
+--- ext/phar/tar.c.orig 2012-05-08 09:22:27.000000000 +0000
++++ ext/phar/tar.c
+@@ -337,6 +337,16 @@ bail:
+ last_was_longlink = 1;
+ /* support the ././@LongLink system for storing long filenames */
+ entry.filename_len = entry.uncompressed_filesize;
++
++ /* Check for overflow - bug 61065 */
++ if (entry.filename_len == UINT_MAX) {
++ if (error) {
++ spprintf(error, 4096, "phar error: \"%s\" is a corrupted tar file (invalid entry size)", fname);
++ }
++ php_stream_close(fp);
++ phar_destroy_phar_data(myphar TSRMLS_CC);
++ return FAILURE;
++ }
+ entry.filename = pemalloc(entry.filename_len+1, myphar->is_persistent);
+
+ read = php_stream_read(fp, entry.filename, entry.filename_len);