[pkgsrc/trunk]: pkgsrc/lang/php53 * Add a fix of potential security problem b...

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e14034625970
branches:  trunk
changeset: 589982:e14034625970
user:      taca <taca%pkgsrc.org@localhost>
date:      Mon Jun 20 13:38:19 2011 +0000

description:
* Add a fix of potential security problem by char signedness processing:

        http://www.openwall.com/lists/oss-security/2011/06/20/2

 Noted by Matthias Drochner via private mail.

* Add LICENSE.

Bump PKGREVISION.

diffstat:

 lang/php53/Makefile                                     |   6 ++++--
 lang/php53/distinfo                                     |   3 ++-
 lang/php53/patches/patch-ext_standard_crypt__blowfish.c |  16 ++++++++++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diffs (57 lines):

diff -r 90c7737163dc -r e14034625970 lang/php53/Makefile
--- a/lang/php53/Makefile       Mon Jun 20 12:43:00 2011 +0000
+++ b/lang/php53/Makefile       Mon Jun 20 13:38:19 2011 +0000
@@ -1,13 +1,15 @@
-# $NetBSD: Makefile,v 1.10 2011/06/15 14:42:03 taca Exp $
+# $NetBSD: Makefile,v 1.11 2011/06/20 13:38:19 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           2
+PKGREVISION=           3
 CATEGORIES=            lang
+
 HOMEPAGE=              http://www.php.net/
 COMMENT=               PHP Hypertext Preprocessor version 5
+LICENSE=               php-license
 
 TEST_TARGET=           test
 PKG_DESTDIR_SUPPORT=   user-destdir
diff -r 90c7737163dc -r e14034625970 lang/php53/distinfo
--- a/lang/php53/distinfo       Mon Jun 20 12:43:00 2011 +0000
+++ b/lang/php53/distinfo       Mon Jun 20 13:38:19 2011 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2011/06/15 14:42:03 taca Exp $
+$NetBSD: distinfo,v 1.16 2011/06/20 13:38:19 taca Exp $
 
 SHA1 (php-5.3.6/php-5.3.6.tar.bz2) = 0e0b9b4d9117f22080e2204afa9383469eb0dbbd
 RMD160 (php-5.3.6/php-5.3.6.tar.bz2) = 619bf96cf24bf6aa0988494186f8914fde94d44d
@@ -15,5 +15,6 @@
 SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
 SHA1 (patch-ext_sockets_sockets.c) = 99137af0e3307f1b379e4a4012ebd56978a88a15
+SHA1 (patch-ext_standard_crypt__blowfish.c) = 816a8404322c336bada83587761254318966191a
 SHA1 (patch-ext_standard_string.c) = fe16ffedd894a6d580f3c998b9f571f403f4a764
 SHA1 (patch-main_rfc1867.c) = 2f7efd3ebc6eadb377ce308d5d8293bda07bbc42
diff -r 90c7737163dc -r e14034625970 lang/php53/patches/patch-ext_standard_crypt__blowfish.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php53/patches/patch-ext_standard_crypt__blowfish.c   Mon Jun 20 13:38:19 2011 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ext_standard_crypt__blowfish.c,v 1.1 2011/06/20 13:38:19 taca Exp $
+
+- Fix potential security problem by char signedness processing:
+  http://www.openwall.com/lists/oss-security/2011/06/20/2
+
+--- ext/standard/crypt_blowfish.c.orig 2010-02-21 23:47:14.000000000 +0000
++++ ext/standard/crypt_blowfish.c
+@@ -565,7 +565,7 @@ static void BF_set_key(__CONST char *key
+               tmp = 0;
+               for (j = 0; j < 4; j++) {
+                       tmp <<= 8;
+-                      tmp |= *ptr;
++                      tmp |= (unsigned char)*ptr;
+ 
+                       if (!*ptr) ptr = key; else ptr++;
+               }