pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/php5 Add in the correct patch to fix CVE-2007-2872
details: https://anonhg.NetBSD.org/pkgsrc/rev/6712bc8eb19f
branches: trunk
changeset: 529539:6712bc8eb19f
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Thu Jun 07 10:45:18 2007 +0000
description:
Add in the correct patch to fix CVE-2007-2872
Spotted by Takahiro Kambe
diffstat:
lang/php5/Makefile | 3 ++-
lang/php5/distinfo | 3 ++-
lang/php5/patches/patch-am | 28 ++++++++++++++++++++++++++++
3 files changed, 32 insertions(+), 2 deletions(-)
diffs (58 lines):
diff -r 703b49d9226b -r 6712bc8eb19f lang/php5/Makefile
--- a/lang/php5/Makefile Thu Jun 07 09:31:56 2007 +0000
+++ b/lang/php5/Makefile Thu Jun 07 10:45:18 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2007/06/06 19:33:12 adrianp Exp $
+# $NetBSD: Makefile,v 1.53 2007/06/07 10:45:42 adrianp Exp $
PKGNAME= php-${PHP_BASE_VERS}
+PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/
diff -r 703b49d9226b -r 6712bc8eb19f lang/php5/distinfo
--- a/lang/php5/distinfo Thu Jun 07 09:31:56 2007 +0000
+++ b/lang/php5/distinfo Thu Jun 07 10:45:18 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.41 2007/06/06 19:33:13 adrianp Exp $
+$NetBSD: distinfo,v 1.42 2007/06/07 10:45:42 adrianp Exp $
SHA1 (php-5.2.3/php-5.2.3.tar.bz2) = 0a02e05e1c663c0d4ee0b253917c0e140e606261
RMD160 (php-5.2.3/php-5.2.3.tar.bz2) = 3c895cf7e513e5a3d7d9f742a9d56102cbb3a79b
@@ -9,3 +9,4 @@
SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab
SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
+SHA1 (patch-am) = 430a79a913aa0885ff6ef9a8d7b938732747445a
diff -r 703b49d9226b -r 6712bc8eb19f lang/php5/patches/patch-am
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php5/patches/patch-am Thu Jun 07 10:45:18 2007 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-am,v 1.3 2007/06/07 10:45:18 adrianp Exp $
+
+--- ext/standard/string.c.orig 2007-05-30 01:33:13.000000000 +0100
++++ ext/standard/string.c
+@@ -1956,18 +1956,20 @@ static char *php_chunk_split(char *src,
+ char *p, *q;
+ int chunks; /* complete chunks! */
+ int restlen;
+- int out_len;
++ float out_len;
+
+ chunks = srclen / chunklen;
+ restlen = srclen - chunks * chunklen; /* srclen % chunklen */
+
+- out_len = (srclen + (chunks + 1) * endlen + 1);
++ out_len = chunks + 1;
++ out_len *= endlen;
++ out_len += srclen + 1;
+
+ if (out_len > INT_MAX || out_len <= 0) {
+ return NULL;
+ }
+
+- dest = safe_emalloc(out_len, sizeof(char), 0);
++ dest = safe_emalloc((int)out_len, sizeof(char), 0);
+
+ for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) {
+ memcpy(q, p, chunklen);
Home |
Main Index |
Thread Index |
Old Index