[pkgsrc/trunk]: pkgsrc/lang/php5 Add fix for CVE-2012-1823.

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/cfd59efbb76e
branches:  trunk
changeset: 603805:cfd59efbb76e
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun May 13 16:09:52 2012 +0000

description:
Add fix for CVE-2012-1823.

Bump PKGREVISION.

diffstat:

 lang/php5/Makefile                           |   4 ++--
 lang/php5/distinfo                           |   3 ++-
 lang/php5/patches/patch-sapi_cgi_cgi__main.c |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diffs (55 lines):

diff -r f2620f8f6361 -r cfd59efbb76e lang/php5/Makefile
--- a/lang/php5/Makefile        Sun May 13 16:08:37 2012 +0000
+++ b/lang/php5/Makefile        Sun May 13 16:09:52 2012 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.87 2011/06/24 11:59:29 taca Exp $
+# $NetBSD: Makefile,v 1.88 2012/05/13 16:09:52 taca Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           4
+PKGREVISION=           5
 CATEGORIES=            lang
 
 HOMEPAGE=              http://www.php.net/
diff -r f2620f8f6361 -r cfd59efbb76e lang/php5/distinfo
--- a/lang/php5/distinfo        Sun May 13 16:08:37 2012 +0000
+++ b/lang/php5/distinfo        Sun May 13 16:09:52 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.93 2012/02/02 15:47:13 taca Exp $
+$NetBSD: distinfo,v 1.94 2012/05/13 16:09:52 taca Exp $
 
 SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095
 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9
@@ -27,3 +27,4 @@
 SHA1 (patch-main_snprintf.h) = 86ae4c1c8ae9183254e9914cb56d3df999f719cf
 SHA1 (patch-main_spprintf.c) = 0fe0888b612402c41f040c8781df7f1a7ca66275
 SHA1 (patch-main_streams_cast.c) = 0e69cad7d6451b18ec844cc8ea6d18eaf0748530
+SHA1 (patch-sapi_cgi_cgi__main.c) = a88f29e80810a3c9d9d895051c9dd3c1da8099b8
diff -r f2620f8f6361 -r cfd59efbb76e lang/php5/patches/patch-sapi_cgi_cgi__main.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php5/patches/patch-sapi_cgi_cgi__main.c      Sun May 13 16:09:52 2012 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-sapi_cgi_cgi__main.c,v 1.1 2012/05/13 16:09:52 taca Exp $
+
+* fix for CVE-2012-1823.
+
+--- sapi/cgi/cgi_main.c.orig   2010-01-03 09:23:27.000000000 +0000
++++ sapi/cgi/cgi_main.c
+@@ -1405,7 +1405,7 @@ int main(int argc, char *argv[])
+       }
+ #endif
+ 
+-      while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) {
++      while (!cgi && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0)) != -1) {
+               switch (c) {
+                       case 'c':
+                               if (cgi_sapi_module.php_ini_path_override) {
+@@ -1659,7 +1659,7 @@ consult the installation file that came 
+ #endif /* FASTCGI */
+ 
+       zend_first_try {
+-              while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1)) != -1) {
++              while (!cgi && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1)) != -1) {
+                       switch (c) {
+ #if PHP_FASTCGI
+                               case 'T':