From 4f7cc3f52de4ca595157f1094776d719601760b8 Mon Sep 17 00:00:00 2001 From: taca Date: Sun, 6 May 2012 14:27:46 +0000 Subject: Additional fix for CVS-2012-1823; it wasn't fixed by PHP 5.3.12. Bump PKGREVISION. --- lang/php53/Makefile | 3 ++- lang/php53/distinfo | 3 ++- lang/php53/patches/patch-sapi_cgi_cgi__main.c | 22 ++++++++++++++++++++++ 3 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 lang/php53/patches/patch-sapi_cgi_cgi__main.c (limited to 'lang') diff --git a/lang/php53/Makefile b/lang/php53/Makefile index 9e84f3fbc72..65c83992ecc 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.25 2012/04/26 14:26:32 taca Exp $ +# $NetBSD: Makefile,v 1.26 2012/05/06 14:27:46 taca Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 1 CATEGORIES= lang HOMEPAGE= http://www.php.net/ diff --git a/lang/php53/distinfo b/lang/php53/distinfo index 27f4bf53a06..fb31c5128dd 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.38 2012/05/04 01:48:41 taca Exp $ +$NetBSD: distinfo,v 1.39 2012/05/06 14:27:46 taca Exp $ SHA1 (php-5.3.12/php-5.3.12.tar.bz2) = 1aef7c01207637671299e3eb2d74eb81dd6a8f83 RMD160 (php-5.3.12/php-5.3.12.tar.bz2) = 5d91c2d16b54632aa123677f63776b312872997c @@ -19,3 +19,4 @@ SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e SHA1 (patch-main_streams_cast.c) = c169ccb73dc660e40eff9f9e168374f35eedadad SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23 +SHA1 (patch-sapi_cgi_cgi__main.c) = f96320decb6bb0140d383c1d95486de68a1b4c1c diff --git a/lang/php53/patches/patch-sapi_cgi_cgi__main.c b/lang/php53/patches/patch-sapi_cgi_cgi__main.c new file mode 100644 index 00000000000..dcb360e3814 --- /dev/null +++ b/lang/php53/patches/patch-sapi_cgi_cgi__main.c @@ -0,0 +1,22 @@ +$NetBSD$ + +Additional fix for CVS-2012-1823. + +--- sapi/cgi/cgi_main.c.orig 2012-05-03 13:54:59.000000000 +0000 ++++ sapi/cgi/cgi_main.c +@@ -1557,13 +1557,14 @@ int main(int argc, char *argv[]) + getenv("REQUEST_METHOD") + ) { + cgi = 1; ++ skip_getopt = 1; + } + } + + if(query_string = getenv("QUERY_STRING")) { + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); +- if(*decoded_query_string == '-' && strchr(decoded_query_string, '=') == NULL) { ++ if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) { + skip_getopt = 1; + } + free(decoded_query_string); -- cgit v1.2.3