[pkgsrc/trunk]: pkgsrc/lang/php5 Add in the correct patch to fix CVE-2007-2872

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/6712bc8eb19f
branches:  trunk
changeset: 529539:6712bc8eb19f
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Thu Jun 07 10:45:18 2007 +0000

description:
Add in the correct patch to fix CVE-2007-2872
Spotted by Takahiro Kambe

diffstat:

 lang/php5/Makefile         |   3 ++-
 lang/php5/distinfo         |   3 ++-
 lang/php5/patches/patch-am |  28 ++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 2 deletions(-)

diffs (58 lines):

diff -r 703b49d9226b -r 6712bc8eb19f lang/php5/Makefile
--- a/lang/php5/Makefile        Thu Jun 07 09:31:56 2007 +0000
+++ b/lang/php5/Makefile        Thu Jun 07 10:45:18 2007 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.52 2007/06/06 19:33:12 adrianp Exp $
+# $NetBSD: Makefile,v 1.53 2007/06/07 10:45:42 adrianp Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
+PKGREVISION=           1
 CATEGORIES=            lang
 
 HOMEPAGE=              http://www.php.net/
diff -r 703b49d9226b -r 6712bc8eb19f lang/php5/distinfo
--- a/lang/php5/distinfo        Thu Jun 07 09:31:56 2007 +0000
+++ b/lang/php5/distinfo        Thu Jun 07 10:45:18 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.41 2007/06/06 19:33:13 adrianp Exp $
+$NetBSD: distinfo,v 1.42 2007/06/07 10:45:42 adrianp Exp $
 
 SHA1 (php-5.2.3/php-5.2.3.tar.bz2) = 0a02e05e1c663c0d4ee0b253917c0e140e606261
 RMD160 (php-5.2.3/php-5.2.3.tar.bz2) = 3c895cf7e513e5a3d7d9f742a9d56102cbb3a79b
@@ -9,3 +9,4 @@
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
 SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab
 SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
+SHA1 (patch-am) = 430a79a913aa0885ff6ef9a8d7b938732747445a
diff -r 703b49d9226b -r 6712bc8eb19f lang/php5/patches/patch-am
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/php5/patches/patch-am        Thu Jun 07 10:45:18 2007 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-am,v 1.3 2007/06/07 10:45:18 adrianp Exp $
+
+--- ext/standard/string.c.orig 2007-05-30 01:33:13.000000000 +0100
++++ ext/standard/string.c
+@@ -1956,18 +1956,20 @@ static char *php_chunk_split(char *src, 
+       char *p, *q;
+       int chunks; /* complete chunks! */
+       int restlen;
+-      int out_len; 
++      float out_len; 
+ 
+       chunks = srclen / chunklen;
+       restlen = srclen - chunks * chunklen; /* srclen % chunklen */
+ 
+-      out_len = (srclen + (chunks + 1) * endlen + 1);
++      out_len = chunks + 1;
++      out_len *= endlen;
++      out_len += srclen + 1;
+ 
+       if (out_len > INT_MAX || out_len <= 0) {
+               return NULL;
+       }
+ 
+-      dest = safe_emalloc(out_len, sizeof(char), 0);
++      dest = safe_emalloc((int)out_len, sizeof(char), 0);
+ 
+       for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) {
+               memcpy(q, p, chunklen);