Tue May 17 08:17:07 2011 UTC ()
Pullup ticket #3432 - requested by taca
lang/php53 security update
Revisions pulled up:
- lang/php53/Makefile 1.9
- lang/php53/distinfo 1.14
- lang/php53/patches/patch-ext_standard_string.c 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 16 13:08:45 UTC 2011
Modified Files:
pkgsrc/lang/php53: Makefile distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-ext_standard_string.c
Log Message:
Add a patch to fix for CVE-2011-1148 (and more bugfix) from PHP's repository.
Bump PKGREVISION.
(sbd)
diff -r1.8 -r1.8.2.1 pkgsrc/lang/php53/Makefile
diff -r1.13 -r1.13.2.1 pkgsrc/lang/php53/distinfo
diff -r0 -r1.1.2.2 pkgsrc/lang/php53/patches/patch-ext_standard_string.c
--- pkgsrc/lang/php53/Attic/Makefile 2011/03/19 07:01:18 1.8
+++ pkgsrc/lang/php53/Attic/Makefile 2011/05/17 08:17:06 1.8.2.1
| @@ -1,19 +1,20 @@ | | | @@ -1,19 +1,20 @@ |
1 | # $NetBSD: Makefile,v 1.8 2011/03/19 07:01:18 taca Exp $ | | 1 | # $NetBSD: Makefile,v 1.8.2.1 2011/05/17 08:17:06 sbd Exp $ |
2 | | | 2 | |
3 | # | | 3 | # |
4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | | 4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. |
5 | # | | 5 | # |
6 | PKGNAME= php-${PHP_BASE_VERS} | | 6 | PKGNAME= php-${PHP_BASE_VERS} |
| | | 7 | PKGREVISION= 1 |
7 | CATEGORIES= lang | | 8 | CATEGORIES= lang |
8 | HOMEPAGE= http://www.php.net/ | | 9 | HOMEPAGE= http://www.php.net/ |
9 | COMMENT= PHP Hypertext Preprocessor version 5 | | 10 | COMMENT= PHP Hypertext Preprocessor version 5 |
10 | | | 11 | |
11 | TEST_TARGET= test | | 12 | TEST_TARGET= test |
12 | PKG_DESTDIR_SUPPORT= user-destdir | | 13 | PKG_DESTDIR_SUPPORT= user-destdir |
13 | | | 14 | |
14 | USE_TOOLS+= gmake lex pkg-config | | 15 | USE_TOOLS+= gmake lex pkg-config |
15 | LIBTOOL_OVERRIDE= # empty | | 16 | LIBTOOL_OVERRIDE= # empty |
16 | | | 17 | |
17 | .include "Makefile.php" | | 18 | .include "Makefile.php" |
18 | | | 19 | |
19 | CGIDIR= ${PREFIX}/libexec/cgi-bin | | 20 | CGIDIR= ${PREFIX}/libexec/cgi-bin |
--- pkgsrc/lang/php53/Attic/distinfo 2011/03/19 07:01:18 1.13
+++ pkgsrc/lang/php53/Attic/distinfo 2011/05/17 08:17:07 1.13.2.1
| @@ -1,19 +1,17 @@ | | | @@ -1,19 +1,17 @@ |
1 | $NetBSD: distinfo,v 1.13 2011/03/19 07:01:18 taca Exp $ | | 1 | $NetBSD: distinfo,v 1.13.2.1 2011/05/17 08:17:07 sbd Exp $ |
2 | | | 2 | |
3 | SHA1 (php-5.3.6/php-5.3.6.tar.bz2) = 0e0b9b4d9117f22080e2204afa9383469eb0dbbd | | 3 | SHA1 (php-5.3.6/php-5.3.6.tar.bz2) = 0e0b9b4d9117f22080e2204afa9383469eb0dbbd |
4 | RMD160 (php-5.3.6/php-5.3.6.tar.bz2) = 619bf96cf24bf6aa0988494186f8914fde94d44d | | 4 | RMD160 (php-5.3.6/php-5.3.6.tar.bz2) = 619bf96cf24bf6aa0988494186f8914fde94d44d |
5 | Size (php-5.3.6/php-5.3.6.tar.bz2) = 10952171 bytes | | 5 | Size (php-5.3.6/php-5.3.6.tar.bz2) = 10952171 bytes |
6 | SHA1 (php-5.3.6/suhosin-patch-5.3.4-0.9.10.patch.gz) = a2ab4bd03a329ec56a1f8b99e12e59f1838e0da6 | | | |
7 | RMD160 (php-5.3.6/suhosin-patch-5.3.4-0.9.10.patch.gz) = e5105397a9e41997ad11d2a0be01c7e3c9d06c6e | | | |
8 | Size (php-5.3.6/suhosin-patch-5.3.4-0.9.10.patch.gz) = 41092 bytes | | | |
9 | SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e | | 6 | SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e |
10 | SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b | | 7 | SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b |
11 | SHA1 (patch-ac) = 07a3d6c9ee4c316033afd8c7db71eb21045a3afd | | 8 | SHA1 (patch-ac) = 07a3d6c9ee4c316033afd8c7db71eb21045a3afd |
12 | SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 | | 9 | SHA1 (patch-ad) = 1608c58860a43b4e31df8646b5ded253ec9aa881 |
13 | SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 | | 10 | SHA1 (patch-ae) = e590db60a60f4e5ef2da4e5edb786335a67a3d56 |
14 | SHA1 (patch-af) = 64a9e8bf83df23179b221e03af6061fc7ee2584e | | 11 | SHA1 (patch-af) = 64a9e8bf83df23179b221e03af6061fc7ee2584e |
15 | SHA1 (patch-ag) = c49cdff097d1e54ebe93b5afb550e89b0cc2468e | | 12 | SHA1 (patch-ag) = c49cdff097d1e54ebe93b5afb550e89b0cc2468e |
16 | SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 | | 13 | SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83 |
17 | SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f | | 14 | SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f |
18 | SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 | | 15 | SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48 |
19 | SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e | | 16 | SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e |
| | | 17 | SHA1 (patch-ext_standard_string.c) = fe16ffedd894a6d580f3c998b9f571f403f4a764 |
$NetBSD: patch-ext_standard_string.c,v 1.1.2.2 2011/05/17 08:17:07 sbd Exp $
* Update to r310401 of PHP's repository, including fix for CVE-2011-1148.
--- ext/standard/string.c.orig 2011-01-01 02:19:59.000000000 +0000
+++ ext/standard/string.c
@@ -2352,20 +2352,35 @@ PHP_FUNCTION(substr_replace)
zend_hash_internal_pointer_reset_ex(Z_ARRVAL_PP(str), &pos_str);
while (zend_hash_get_current_data_ex(Z_ARRVAL_PP(str), (void **) &tmp_str, &pos_str) == SUCCESS) {
- convert_to_string_ex(tmp_str);
+ zval *orig_str;
+ zval dummy;
+ if(Z_TYPE_PP(tmp_str) != IS_STRING) {
+ dummy = **tmp_str;
+ orig_str = &dummy;
+ zval_copy_ctor(orig_str);
+ convert_to_string(orig_str);
+ } else {
+ orig_str = *tmp_str;
+ }
if (Z_TYPE_PP(from) == IS_ARRAY) {
if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(from), (void **) &tmp_from, &pos_from)) {
- convert_to_long_ex(tmp_from);
+ if(Z_TYPE_PP(tmp_from) != IS_LONG) {
+ zval dummy = **tmp_from;
+ zval_copy_ctor(&dummy);
+ convert_to_long(&dummy);
+ f = Z_LVAL(dummy);
+ } else {
+ f = Z_LVAL_PP(tmp_from);
+ }
- f = Z_LVAL_PP(tmp_from);
if (f < 0) {
- f = Z_STRLEN_PP(tmp_str) + f;
+ f = Z_STRLEN_P(orig_str) + f;
if (f < 0) {
f = 0;
}
- } else if (f > Z_STRLEN_PP(tmp_str)) {
- f = Z_STRLEN_PP(tmp_str);
+ } else if (f > Z_STRLEN_P(orig_str)) {
+ f = Z_STRLEN_P(orig_str);
}
zend_hash_move_forward_ex(Z_ARRVAL_PP(from), &pos_from);
} else {
@@ -2374,72 +2389,92 @@ PHP_FUNCTION(substr_replace)
} else {
f = Z_LVAL_PP(from);
if (f < 0) {
- f = Z_STRLEN_PP(tmp_str) + f;
+ f = Z_STRLEN_P(orig_str) + f;
if (f < 0) {
f = 0;
}
- } else if (f > Z_STRLEN_PP(tmp_str)) {
- f = Z_STRLEN_PP(tmp_str);
+ } else if (f > Z_STRLEN_P(orig_str)) {
+ f = Z_STRLEN_P(orig_str);
}
}
if (argc > 3 && Z_TYPE_PP(len) == IS_ARRAY) {
if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(len), (void **) &tmp_len, &pos_len)) {
- convert_to_long_ex(tmp_len);
-
- l = Z_LVAL_PP(tmp_len);
+ if(Z_TYPE_PP(tmp_len) != IS_LONG) {
+ zval dummy = **tmp_len;
+ zval_copy_ctor(&dummy);
+ convert_to_long(&dummy);
+ l = Z_LVAL(dummy);
+ } else {
+ l = Z_LVAL_PP(tmp_len);
+ }
zend_hash_move_forward_ex(Z_ARRVAL_PP(len), &pos_len);
} else {
- l = Z_STRLEN_PP(tmp_str);
+ l = Z_STRLEN_P(orig_str);
}
} else if (argc > 3) {
l = Z_LVAL_PP(len);
} else {
- l = Z_STRLEN_PP(tmp_str);
+ l = Z_STRLEN_P(orig_str);
}
if (l < 0) {
- l = (Z_STRLEN_PP(tmp_str) - f) + l;
+ l = (Z_STRLEN_P(orig_str) - f) + l;
if (l < 0) {
l = 0;
}
}
- if ((f + l) > Z_STRLEN_PP(tmp_str)) {
- l = Z_STRLEN_PP(tmp_str) - f;
+ if ((f + l) > Z_STRLEN_P(orig_str)) {
+ l = Z_STRLEN_P(orig_str) - f;
}
- result_len = Z_STRLEN_PP(tmp_str) - l;
+ result_len = Z_STRLEN_P(orig_str) - l;
if (Z_TYPE_PP(repl) == IS_ARRAY) {
if (SUCCESS == zend_hash_get_current_data_ex(Z_ARRVAL_PP(repl), (void **) &tmp_repl, &pos_repl)) {
- convert_to_string_ex(tmp_repl);
- result_len += Z_STRLEN_PP(tmp_repl);
+ zval *repl_str;
+ zval zrepl;
+ if(Z_TYPE_PP(tmp_repl) != IS_STRING) {
+ zrepl = **tmp_repl;
+ repl_str = &zrepl;
+ zval_copy_ctor(repl_str);
+ convert_to_string(repl_str);
+ } else {
+ repl_str = *tmp_repl;
+ }
+
+ result_len += Z_STRLEN_P(repl_str);
zend_hash_move_forward_ex(Z_ARRVAL_PP(repl), &pos_repl);
result = emalloc(result_len + 1);
- memcpy(result, Z_STRVAL_PP(tmp_str), f);
- memcpy((result + f), Z_STRVAL_PP(tmp_repl), Z_STRLEN_PP(tmp_repl));
- memcpy((result + f + Z_STRLEN_PP(tmp_repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
+ memcpy(result, Z_STRVAL_P(orig_str), f);
+ memcpy((result + f), Z_STRVAL_P(repl_str), Z_STRLEN_P(repl_str));
+ memcpy((result + f + Z_STRLEN_P(repl_str)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
+ if(Z_TYPE_PP(tmp_repl) != IS_STRING) {
+ zval_dtor(repl_str);
+ }
} else {
result = emalloc(result_len + 1);
- memcpy(result, Z_STRVAL_PP(tmp_str), f);
- memcpy((result + f), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
+ memcpy(result, Z_STRVAL_P(orig_str), f);
+ memcpy((result + f), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
}
} else {
result_len += Z_STRLEN_PP(repl);
result = emalloc(result_len + 1);
- memcpy(result, Z_STRVAL_PP(tmp_str), f);
+ memcpy(result, Z_STRVAL_P(orig_str), f);
memcpy((result + f), Z_STRVAL_PP(repl), Z_STRLEN_PP(repl));
- memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_PP(tmp_str) + f + l, Z_STRLEN_PP(tmp_str) - f - l);
+ memcpy((result + f + Z_STRLEN_PP(repl)), Z_STRVAL_P(orig_str) + f + l, Z_STRLEN_P(orig_str) - f - l);
}
result[result_len] = '\0';
add_next_index_stringl(return_value, result, result_len, 0);
-
+ if(Z_TYPE_PP(tmp_str) != IS_STRING) {
+ zval_dtor(orig_str);
+ }
zend_hash_move_forward_ex(Z_ARRVAL_PP(str), &pos_str);
} /*while*/
} /* if */