From af6a82c2b0e42d34d4139491935f165f8413983c Mon Sep 17 00:00:00 2001 From: taca Date: Thu, 10 Aug 2006 05:57:09 +0000 Subject: Add security fix for Secunia Advisory SA21403 from PHP's CVS repository. Bump PKGREVISION. --- lang/php5/Makefile | 4 +-- lang/php5/distinfo | 3 +- lang/php5/patches/patch-aw | 81 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+), 3 deletions(-) create mode 100644 lang/php5/patches/patch-aw (limited to 'lang/php5') diff --git a/lang/php5/Makefile b/lang/php5/Makefile index 093228bc5ce..f8773adff90 100644 --- a/lang/php5/Makefile +++ b/lang/php5/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.38 2006/07/18 21:57:30 adrianp Exp $ +# $NetBSD: Makefile,v 1.39 2006/08/10 05:57:09 taca Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php5/distinfo b/lang/php5/distinfo index 643d76131ca..6c816d8b012 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.25 2006/07/18 21:57:30 adrianp Exp $ +$NetBSD: distinfo,v 1.26 2006/08/10 05:57:09 taca Exp $ SHA1 (php-5.1.4nb1/php-5.1.4.tar.bz2) = 83d4c5a4a3e8f3bcb0da841edd8d55893dbf5394 RMD160 (php-5.1.4nb1/php-5.1.4.tar.bz2) = d4ab11884a3a899f21eef777767a553cf81584ce @@ -12,3 +12,4 @@ SHA1 (patch-as) = 217c06efe5912570fab64f205d0b4faa07cda063 SHA1 (patch-at) = d1dd8decd0e5528e9166bd313bc382e3e138a82f SHA1 (patch-au) = 90264101db6c2f000c30d1f513392acec781202b SHA1 (patch-av) = a6cfc9b508d6e6e8fe2523a1b8a2480b6c767014 +SHA1 (patch-aw) = 5f075e62d57a77280e173a27bfeb096a4c4ceaa2 diff --git a/lang/php5/patches/patch-aw b/lang/php5/patches/patch-aw new file mode 100644 index 00000000000..2505e7b8ba2 --- /dev/null +++ b/lang/php5/patches/patch-aw @@ -0,0 +1,81 @@ +$NetBSD: patch-aw,v 1.1 2006/08/10 05:57:09 taca Exp $ + +# Fix for Secunia Advisory SA21403 + +--- ext/standard/scanf.c.orig 2006-01-01 21:50:15.000000000 +0900 ++++ ext/standard/scanf.c +@@ -732,7 +732,7 @@ PHPAPI int php_sscanf_internal( char *st + if (*end == '$') { + format = end+1; + ch = format++; +- objIndex = varStart + value; ++ objIndex = varStart + value - 1; + } + } + +@@ -762,7 +762,9 @@ PHPAPI int php_sscanf_internal( char *st + switch (*ch) { + case 'n': + if (!(flags & SCAN_SUPPRESS)) { +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + zend_uint refcount; + + current = args[objIndex++]; +@@ -888,7 +890,9 @@ PHPAPI int php_sscanf_internal( char *st + } + } + if (!(flags & SCAN_SUPPRESS)) { +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + zend_uint refcount; + + current = args[objIndex++]; +@@ -932,7 +936,9 @@ PHPAPI int php_sscanf_internal( char *st + goto done; + } + if (!(flags & SCAN_SUPPRESS)) { +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + zval_dtor( *current ); + ZVAL_STRINGL( *current, string, end-string, 1); +@@ -1089,7 +1095,9 @@ PHPAPI int php_sscanf_internal( char *st + value = (int) (*fn)(buf, NULL, base); + if ((flags & SCAN_UNSIGNED) && (value < 0)) { + sprintf(buf, "%u", value); /* INTL: ISO digit */ +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + /* change passed value type to string */ + current = args[objIndex++]; + convert_to_string( *current ); +@@ -1098,7 +1106,9 @@ PHPAPI int php_sscanf_internal( char *st + add_index_string(*return_value, objIndex++, buf, 1); + } + } else { +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + convert_to_long( *current ); + Z_LVAL(**current) = value; +@@ -1206,7 +1216,9 @@ PHPAPI int php_sscanf_internal( char *st + double dvalue; + *end = '\0'; + dvalue = zend_strtod(buf, NULL); +- if (numVars) { ++ if (numVars && objIndex >= argCount) { ++ break; ++ } else if (numVars) { + current = args[objIndex++]; + convert_to_double( *current ); + Z_DVAL_PP( current ) = dvalue; -- cgit v1.2.3