pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2012Q1]: pkgsrc/lang/php5 Pullup ticket #3788 - requested by taca



details:   https://anonhg.NetBSD.org/pkgsrc/rev/89f618491c1e
branches:  pkgsrc-2012Q1
changeset: 602106:89f618491c1e
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed May 16 12:50:45 2012 +0000

description:
Pullup ticket #3788 - requested by taca
lang/php5: security patch

Revisions pulled up:
- lang/php5/Makefile                                            1.88
- lang/php5/distinfo                                            1.94
- lang/php5/patches/patch-sapi_cgi_cgi__main.c                  1.1

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun May 13 16:09:52 UTC 2012

   Modified Files:
        pkgsrc/lang/php5: Makefile distinfo
   Added Files:
        pkgsrc/lang/php5/patches: patch-sapi_cgi_cgi__main.c

   Log Message:
   Add fix for CVE-2012-1823.

   Bump PKGREVISION.

diffstat:

 lang/php5/Makefile                           |   4 ++--
 lang/php5/distinfo                           |   3 ++-
 lang/php5/patches/patch-sapi_cgi_cgi__main.c |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diffs (55 lines):

diff -r 7ad93a6dbdbd -r 89f618491c1e lang/php5/Makefile
--- a/lang/php5/Makefile        Wed May 16 12:04:14 2012 +0000
+++ b/lang/php5/Makefile        Wed May 16 12:50:45 2012 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.87 2011/06/24 11:59:29 taca Exp $
+# $NetBSD: Makefile,v 1.87.8.1 2012/05/16 12:50:45 tron Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           4
+PKGREVISION=           5
 CATEGORIES=            lang
 
 HOMEPAGE=              http://www.php.net/
diff -r 7ad93a6dbdbd -r 89f618491c1e lang/php5/distinfo
--- a/lang/php5/distinfo        Wed May 16 12:04:14 2012 +0000
+++ b/lang/php5/distinfo        Wed May 16 12:50:45 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.93 2012/02/02 15:47:13 taca Exp $
+$NetBSD: distinfo,v 1.93.2.1 2012/05/16 12:50:45 tron Exp $
 
 SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095
 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9
@@ -27,3 +27,4 @@
 SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf
 SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275
 SHA1 (patch-main_streams_cast.c) = 0e69cad7d6451b18ec844cc8ea6d18eaf0748530
+SHA1 (patch-sapi_cgi_cgi__main.c) = a88f29e80810a3c9d9d895051c9dd3c1da8099b8
diff -r 7ad93a6dbdbd -r 89f618491c1e lang/php5/patches/patch-sapi_cgi_cgi__main.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php5/patches/patch-sapi_cgi_cgi__main.c      Wed May 16 12:50:45 2012 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-sapi_cgi_cgi__main.c,v 1.1.2.2 2012/05/16 12:50:45 tron Exp $
+
+* fix for CVE-2012-1823.
+
+--- sapi/cgi/cgi_main.c.orig   2010-01-03 09:23:27.000000000 +0000
++++ sapi/cgi/cgi_main.c
+@@ -1405,7 +1405,7 @@ int main(int argc, char *argv[])
+       }
+ #endif
+ 
+-      while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) {
++      while (!cgi && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) {
+               switch (c) {
+                       case 'c':
+                               if (cgi_sapi_module.php_ini_path_override) {
+@@ -1659,7 +1659,7 @@ consult the installation file that came 
+ #endif /* FASTCGI */
+ 
+       zend_first_try {
+-              while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1)) != -1) {
++              while (!cgi && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1)) != -1) {
+                       switch (c) {
+ #if PHP_FASTCGI
+                               case 'T':



Home | Main Index | Thread Index | Old Index