pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2006Q3]: pkgsrc/www/php4 Pullup ticket 1899 - requested by adr...
details: https://anonhg.NetBSD.org/pkgsrc/rev/085484f610c6
branches: pkgsrc-2006Q3
changeset: 519161:085484f610c6
user: ghen <ghen%pkgsrc.org@localhost>
date: Sat Nov 04 16:32:12 2006 +0000
description:
Pullup ticket 1899 - requested by adrianp
security fix for php
- pkgsrc/www/php4/Makefile 1.73
- pkgsrc/www/php4/distinfo 1.60
- pkgsrc/www/php4/patches/patch-av 1.333
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Nov 4 11:19:41 UTC 2006
Modified Files:
pkgsrc/www/php4: Makefile distinfo
Added Files:
pkgsrc/www/php4/patches: patch-av
Log Message:
Fix for CVE-2006-5465 from PHP CVS
http://www.hardened-php.net/advisory_132006.138.html
diffstat:
www/php4/Makefile | 4 ++--
www/php4/distinfo | 3 ++-
www/php4/patches/patch-av | 32 ++++++++++++++++++++++++++++++++
3 files changed, 36 insertions(+), 3 deletions(-)
diffs (63 lines):
diff -r e63f69830482 -r 085484f610c6 www/php4/Makefile
--- a/www/php4/Makefile Sat Nov 04 16:25:31 2006 +0000
+++ b/www/php4/Makefile Sat Nov 04 16:32:12 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.70.2.1 2006/10/29 16:47:58 ghen Exp $
+# $NetBSD: Makefile,v 1.70.2.2 2006/11/04 16:32:12 ghen Exp $
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES+= lang
COMMENT= HTML-embedded scripting language
diff -r e63f69830482 -r 085484f610c6 www/php4/distinfo
--- a/www/php4/distinfo Sat Nov 04 16:25:31 2006 +0000
+++ b/www/php4/distinfo Sat Nov 04 16:32:12 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.57.2.1 2006/10/29 16:47:58 ghen Exp $
+$NetBSD: distinfo,v 1.57.2.2 2006/11/04 16:32:12 ghen Exp $
SHA1 (php-4.4.4.tar.bz2) = 05d62910fb5734344db87f0a17b1e8e001b26b05
RMD160 (php-4.4.4.tar.bz2) = 02fd7d5135a9e5ce11d905a4a474a5d42b8441f3
@@ -16,3 +16,4 @@
SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
SHA1 (patch-au) = 8b8e317dbb9cfc265bf29ebe0827d9b734a1a3b7
+SHA1 (patch-av) = d2e828caa542288d5444cf9d39f3aa0fa7a6f438
diff -r e63f69830482 -r 085484f610c6 www/php4/patches/patch-av
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/php4/patches/patch-av Sat Nov 04 16:32:12 2006 +0000
@@ -0,0 +1,32 @@
+$NetBSD: patch-av,v 1.2.2.1 2006/11/04 16:32:12 ghen Exp $
+
+# CVE-2006-5465
+
+--- ext/standard/html.c.orig 2006-02-25 21:33:06.000000000 +0000
++++ ext/standard/html.c
+@@ -878,7 +878,7 @@ PHPAPI char *php_escape_html_entities(un
+
+ matches_map = 0;
+
+- if (len + 9 > maxlen)
++ if (len + 16 > maxlen)
+ replaced = erealloc (replaced, maxlen += 128);
+
+ if (all) {
+@@ -903,9 +903,15 @@ PHPAPI char *php_escape_html_entities(un
+ }
+
+ if (matches_map) {
++ int l = strlen(rep);
++ /* increase the buffer size */
++ if (len + 2 + l >= maxlen) {
++ replaced = erealloc(replaced, maxlen += 128);
++ }
++
+ replaced[len++] = '&';
+ strcpy(replaced + len, rep);
+- len += strlen(rep);
++ len += l;
+ replaced[len++] = ';';
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index