From c1b8b805a15eb5a502d6b249dc48cad2b396c01e Mon Sep 17 00:00:00 2001
From: taca <taca>
Date: Sat, 26 Feb 2011 02:55:28 +0000
Subject: Add a fix for CVE-2011-0420 (CERT: VU#210829) from PHP's repository,
 r306449.

Bump PKGREVISION.
---
 textproc/php-intl/Makefile                         |  3 ++-
 textproc/php-intl/distinfo                         |  3 ++-
 .../patches/patch-grapheme_grapheme__string.c      | 26 ++++++++++++++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100644 textproc/php-intl/patches/patch-grapheme_grapheme__string.c

(limited to 'textproc/php-intl')

diff --git a/textproc/php-intl/Makefile b/textproc/php-intl/Makefile
index 012933285e5..54c380d1cce 100644
--- a/textproc/php-intl/Makefile
+++ b/textproc/php-intl/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.4 2011/01/07 09:25:16 taca Exp $
+# $NetBSD: Makefile,v 1.5 2011/02/26 02:55:28 taca Exp $
 
 MODNAME=		intl
 PECL_VERSION=		1.1.2
+PKGREVISION=		1
 CATEGORIES+=		textproc
 COMMENT=		PHP extension for i18n
 
diff --git a/textproc/php-intl/distinfo b/textproc/php-intl/distinfo
index 004f0b8b2fa..5a68b04067d 100644
--- a/textproc/php-intl/distinfo
+++ b/textproc/php-intl/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2010/12/16 03:37:28 taca Exp $
+$NetBSD: distinfo,v 1.3 2011/02/26 02:55:28 taca Exp $
 
 SHA1 (php-intl/intl-1.1.2.tgz) = c86b3a4734c331ac3e7a56bb50b11766f4c4d5f7
 RMD160 (php-intl/intl-1.1.2.tgz) = 913c9f7fbb0f117e90affbbe5b17c1f881fb2fce
@@ -12,3 +12,4 @@ SHA1 (patch-af) = 815006577c08b1cab7f0e5e601770f786c61c910
 SHA1 (patch-ag) = 66db6e293f9eb9e81ccd6f8055aed2e036791247
 SHA1 (patch-ah) = 024f97675087d3f282e6cd8af059179ea7faea60
 SHA1 (patch-aj) = edb43a597a43db653af7be4d3066bf9bd376e8be
+SHA1 (patch-grapheme_grapheme__string.c) = 46d02667c47f68671a166db3ffdd3a33c2678018
diff --git a/textproc/php-intl/patches/patch-grapheme_grapheme__string.c b/textproc/php-intl/patches/patch-grapheme_grapheme__string.c
new file mode 100644
index 00000000000..f16db8ed36a
--- /dev/null
+++ b/textproc/php-intl/patches/patch-grapheme_grapheme__string.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-grapheme_grapheme__string.c,v 1.1 2011/02/26 02:55:28 taca Exp $
+
+A fix for CVE-2011-0420 (CERT: VU#210829) from PHP's repository, r306449.
+
+--- grapheme/grapheme_string.c.orig	1970-01-01 09:13:08.000000000 +0000
++++ grapheme/grapheme_string.c
+@@ -819,11 +819,17 @@ PHP_FUNCTION(grapheme_extract)
+ 	}
+ 
+ 	if ( lstart > INT32_MAX || lstart < 0 || lstart >= str_len ) {
++		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 0 TSRMLS_CC );
+ 
+-		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: start not contained in string", 1 TSRMLS_CC );
+-
+ 		RETURN_FALSE;
+ 	}
++	if ( size > INT32_MAX || size < 0) {
++		intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "grapheme_extract: size is invalid", 0 TSRMLS_CC );
++		RETURN_FALSE;
++	}
++	if (size == 0) {
++		RETURN_EMPTY_STRING();
++	}
+ 
+ 	/* we checked that it will fit: */
+ 	start = (int32_t) lstart;
-- 
cgit v1.2.3