Apply changes by r308525 from PHP's repository to fix bug #54055 (buffer overrun with high values for precision ini setting). It fixes one of security fixes by PHP 5.3.6. Bump PKGREVISION.diff -r1.83 -r1.84 pkgsrc/lang/php5/Makefile
(taca)
| @@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.83 2011/02/21 16:25:33 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.84 2011/03/21 16:34:28 taca Exp $ | |
| 2 | 2 | |||
| 3 | PKGNAME= php-${PHP_BASE_VERS} | 3 | PKGNAME= php-${PHP_BASE_VERS} | |
| 4 | PKGREVISION= 2 | 4 | PKGREVISION= 3 | |
| 5 | CATEGORIES= lang | 5 | CATEGORIES= lang | |
| 6 | HOMEPAGE= http://www.php.net/ | 6 | HOMEPAGE= http://www.php.net/ | |
| 7 | COMMENT= PHP Hypertext Preprocessor version 5 | 7 | COMMENT= PHP Hypertext Preprocessor version 5 | |
| 8 | 8 | |||
| 9 | TEST_TARGET= test | 9 | TEST_TARGET= test | |
| 10 | PKG_DESTDIR_SUPPORT= user-destdir | 10 | PKG_DESTDIR_SUPPORT= user-destdir | |
| 11 | 11 | |||
| 12 | USE_TOOLS+= gmake lex pkg-config | 12 | USE_TOOLS+= gmake lex pkg-config | |
| 13 | LIBTOOL_OVERRIDE= # empty | 13 | LIBTOOL_OVERRIDE= # empty | |
| 14 | 14 | |||
| 15 | PKG_OPTIONS_REQUIRED_GROUPS+= sapi | 15 | PKG_OPTIONS_REQUIRED_GROUPS+= sapi | |
| 16 | PKG_OPTIONS_GROUP.sapi= cgi fastcgi | 16 | PKG_OPTIONS_GROUP.sapi= cgi fastcgi | |
| 17 | PKG_SUGGESTED_OPTIONS+= cgi | 17 | PKG_SUGGESTED_OPTIONS+= cgi |
| @@ -1,20 +1,23 @@ | @@ -1,20 +1,23 @@ | |||
| 1 | $NetBSD: distinfo,v 1.88 2011/03/21 16:08:29 taca Exp $ | 1 | $NetBSD: distinfo,v 1.89 2011/03/21 16:34:28 taca Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095 | 3 | SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095 | |
| 4 | RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9 | 4 | RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9 | |
| 5 | Size (php-5.2.17/php-5.2.17.tar.bz2) = 9092312 bytes | 5 | Size (php-5.2.17/php-5.2.17.tar.bz2) = 9092312 bytes | |
| 6 | SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 | 6 | SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 | |
| 7 | SHA1 (patch-af) = 68c5a31dccf1854ba1aff653e4c524767d6a64f6 | 7 | SHA1 (patch-af) = 68c5a31dccf1854ba1aff653e4c524767d6a64f6 | |
| 8 | SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94 | 8 | SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94 | |
| 9 | SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728 | 9 | SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728 | |
| 10 | SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc | 10 | SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc | |
| 11 | SHA1 (patch-al) = 257129124d46a84f7342b1a00f0cab073066e7cb | 11 | SHA1 (patch-al) = 257129124d46a84f7342b1a00f0cab073066e7cb | |
| 12 | SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602 | 12 | SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602 | |
| 13 | SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce | 13 | SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce | |
| 14 | SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df | 14 | SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df | |
| 15 | SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d | 15 | SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d | |
| 16 | SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1 | 16 | SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1 | |
| 17 | SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528 | 17 | SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528 | |
| 18 | SHA1 (patch-ext_shmop_shmop.c) = 6e11b87dd71ff26357b14b61df626c40b40a022d | 18 | SHA1 (patch-ext_shmop_shmop.c) = 6e11b87dd71ff26357b14b61df626c40b40a022d | |
| 19 | SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6 | 19 | SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6 | |
| 20 | SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089 | 20 | SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089 | |
| 21 | SHA1 (patch-main_snprintf.c) = cb112df0cadf84aaeee5987169a31460989995a8 | |||
| 22 | SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf | |||
| 23 | SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275 |
$NetBSD: patch-main_snprintf.c,v 1.1 2011/03/21 16:34:28 taca Exp $
--- main/snprintf.c.orig 2010-01-03 09:23:27.000000000 +0000
+++ main/snprintf.c
@@ -675,10 +675,6 @@ static int format_converter(register buf
/*
* Check if a precision was specified
- *
- * XXX: an unreasonable amount of precision may be specified
- * resulting in overflow of num_buf. Currently we
- * ignore this possibility.
*/
if (*fmt == '.') {
adjust_precision = YES;
@@ -692,6 +688,10 @@ static int format_converter(register buf
precision = 0;
} else
precision = 0;
+
+ if (precision > FORMAT_CONV_MAX_PRECISION) {
+ precision = FORMAT_CONV_MAX_PRECISION;
+ }
} else
adjust_precision = NO;
} else
$NetBSD: patch-main_snprintf.h,v 1.1 2011/03/21 16:34:28 taca Exp $
--- main/snprintf.h.orig 2010-01-03 09:23:27.000000000 +0000
+++ main/snprintf.h
@@ -12,7 +12,7 @@
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
- | Author: Stig Sæther Bakken <ssb@php.net> |
+ | Author: Stig Sæther Bakken <ssb@php.net> |
| Marcus Boerger <helly@php.net> |
+----------------------------------------------------------------------+
*/
@@ -148,6 +148,17 @@ extern char * ap_php_conv_10(register wi
extern char * ap_php_conv_p2(register u_wide_int num, register int nbits,
char format, char *buf_end, register int *len);
+/* The maximum precision that's allowed for float conversion. Does not include
+ * decimal separator, exponent, sign, terminator. Currently does not affect
+ * the modes e/f, only g/k/H, as those have a different limit enforced at
+ * another level (see NDIG in php_conv_fp()).
+ * Applies to the formatting functions of both spprintf.c and snprintf.c, which
+ * use equally sized buffers of MAX_BUF_SIZE = 512 to hold the result of the
+ * call to php_gcvt().
+ * This should be reasonably smaller than MAX_BUF_SIZE (I think MAX_BUF_SIZE - 9
+ * should be enough, but let's give some more space) */
+#define FORMAT_CONV_MAX_PRECISION 500
+
#endif /* SNPRINTF_H */
/*
$NetBSD: patch-main_spprintf.c,v 1.1 2011/03/21 16:34:28 taca Exp $
--- main/spprintf.c.orig 2010-01-03 09:23:27.000000000 +0000
+++ main/spprintf.c
@@ -282,10 +282,6 @@ static void xbuf_format_converter(smart_
/*
* Check if a precision was specified
- *
- * XXX: an unreasonable amount of precision may be specified
- * resulting in overflow of num_buf. Currently we
- * ignore this possibility.
*/
if (*fmt == '.') {
adjust_precision = YES;
@@ -299,6 +295,10 @@ static void xbuf_format_converter(smart_
precision = 0;
} else
precision = 0;
+
+ if (precision > FORMAT_CONV_MAX_PRECISION) {
+ precision = FORMAT_CONV_MAX_PRECISION;
+ }
} else
adjust_precision = NO;
} else