From a360480337e36e7f095ce155f1c973f717e7f656 Mon Sep 17 00:00:00 2001 From: sbd Date: Tue, 22 Mar 2011 06:22:17 +0000 Subject: Pullup ticket #3394 - requested by taca security fix for devel/php-shmop Revisions pulled up: - devel/php-shmop/Makefile 1.10 - lang/php5/distinfo 1.88 - lang/php5/patches/patch-ext_shmop_shmop.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Mon Mar 21 16:08:29 UTC 2011 Modified Files: pkgsrc/devel/php-shmop: Makefile pkgsrc/lang/php5: distinfo Added Files: pkgsrc/lang/php5/patches: patch-ext_shmop_shmop.c Log Message: Add a patch to fix bug #54193 (Integer overflow in shmop_read()) referring r309018 from PHPs' repository. (CVE-2011-1092) Bump PKGREVISION of devel/php-shmop. --- devel/php-shmop/Makefile | 3 ++- lang/php5/distinfo | 6 ++---- lang/php5/patches/patch-ext_shmop_shmop.c | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 5 deletions(-) create mode 100644 lang/php5/patches/patch-ext_shmop_shmop.c diff --git a/devel/php-shmop/Makefile b/devel/php-shmop/Makefile index e22a8ab4ae1..83fb5b37f2d 100644 --- a/devel/php-shmop/Makefile +++ b/devel/php-shmop/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.9 2008/06/12 02:14:28 joerg Exp $ +# $NetBSD: Makefile,v 1.9.26.1 2011/03/22 06:22:17 sbd Exp $ MODNAME= shmop +PKGREVISION= 1 CATEGORIES+= devel COMMENT= PHP extension for simple SysV shared memory operations diff --git a/lang/php5/distinfo b/lang/php5/distinfo index f6697b4811f..42d2570b69e 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,11 +1,8 @@ -$NetBSD: distinfo,v 1.84.2.1 2011/02/23 19:12:53 tron Exp $ +$NetBSD: distinfo,v 1.84.2.2 2011/03/22 06:22:17 sbd Exp $ SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9 Size (php-5.2.17/php-5.2.17.tar.bz2) = 9092312 bytes -SHA1 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = fec10b2b81582d06bb0d0a96ea55c525afc8ab29 -RMD160 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = b28b70faf136b3e04c5b483da0f4c2279378f43a -Size (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 bytes SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 SHA1 (patch-ab) = feeb73834db284e8b3acabc11fb4c934837cb13f SHA1 (patch-af) = 68c5a31dccf1854ba1aff653e4c524767d6a64f6 @@ -19,5 +16,6 @@ SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1 SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528 +SHA1 (patch-ext_shmop_shmop.c) = 6e11b87dd71ff26357b14b61df626c40b40a022d SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6 SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089 diff --git a/lang/php5/patches/patch-ext_shmop_shmop.c b/lang/php5/patches/patch-ext_shmop_shmop.c new file mode 100644 index 00000000000..f6395518d71 --- /dev/null +++ b/lang/php5/patches/patch-ext_shmop_shmop.c @@ -0,0 +1,15 @@ +$NetBSD: patch-ext_shmop_shmop.c,v 1.1.2.2 2011/03/22 06:22:18 sbd Exp $ + +Fix for CVE-2011-1092. + +--- ext/shmop/shmop.c.orig 2010-01-03 09:23:27.000000000 +0000 ++++ ext/shmop/shmop.c +@@ -223,7 +223,7 @@ PHP_FUNCTION(shmop_read) + RETURN_FALSE; + } + +- if (start + count > shmop->size || count < 0) { ++ if (count < 0 || start > (INT_MAX - count) || start + count > shmop->size) { + php_error_docref(NULL TSRMLS_CC, E_WARNING, "count is out of range"); + RETURN_FALSE; + } -- cgit v1.2.3