diff options
| author | Florian Smeets <flo@FreeBSD.org> | 2015-03-21 19:41:29 +0000 |
|---|---|---|
| committer | Florian Smeets <flo@FreeBSD.org> | 2015-03-21 19:41:29 +0000 |
| commit | ffdc459cc145ad9a280219a84b4b49a8f3ac7d99 (patch) | |
| tree | 70e4269be5df87f445037078b25a308701696dc5 /lang/php53/files | |
| parent | - Convert to new USE_GITHUB usage and remove deprecated GH_COMMIT (diff) | |
Add patches for the following CVEs
CVE-2015-2301
CVE-2014-9705
CVE-2015-0273
MFH: 2015Q1
Notes
Notes:
svn path=/head/; revision=381839
Diffstat (limited to 'lang/php53/files')
| -rw-r--r-- | lang/php53/files/patch-CVE-2014-9705 | 34 | ||||
| -rw-r--r-- | lang/php53/files/patch-CVE-2015-0273 | 18 |
2 files changed, 52 insertions, 0 deletions
diff --git a/lang/php53/files/patch-CVE-2014-9705 b/lang/php53/files/patch-CVE-2014-9705 new file mode 100644 index 000000000000..0b4d6b1e67be --- /dev/null +++ b/lang/php53/files/patch-CVE-2014-9705 @@ -0,0 +1,34 @@ +--- ext/enchant/enchant.c 2015-03-16 13:42:36.063819735 -0400 ++++ ext/enchant/enchant.c 2015-03-16 13:42:36.059819705 -0400 +@@ -545,13 +545,12 @@ + + d = enchant_broker_request_dict(pbroker->pbroker, (const char *)tag); + if (d) { ++ pos = pbroker->dictcnt++; + if (pbroker->dictcnt) { + pbroker->dict = (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * pbroker->dictcnt); +- pos = pbroker->dictcnt++; + } else { + pbroker->dict = (enchant_dict **)emalloc(sizeof(enchant_dict *)); + pos = 0; +- pbroker->dictcnt++; + } + + dict = pbroker->dict[pos] = (enchant_dict *)emalloc(sizeof(enchant_dict)); +@@ -606,14 +605,14 @@ + + d = enchant_broker_request_pwl_dict(pbroker->pbroker, (const char *)pwl); + if (d) { ++ pos = pbroker->dictcnt++; + if (pbroker->dictcnt) { +- pos = pbroker->dictcnt++; + pbroker->dict = (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * pbroker->dictcnt); + } else { + pbroker->dict = (enchant_dict **)emalloc(sizeof(enchant_dict *)); + pos = 0; +- pbroker->dictcnt++; + } ++ + dict = pbroker->dict[pos] = (enchant_dict *)emalloc(sizeof(enchant_dict)); + dict->id = pos; + dict->pbroker = pbroker; diff --git a/lang/php53/files/patch-CVE-2015-0273 b/lang/php53/files/patch-CVE-2015-0273 new file mode 100644 index 000000000000..d707ca3c2b0d --- /dev/null +++ b/lang/php53/files/patch-CVE-2015-0273 @@ -0,0 +1,18 @@ +--- ext/date/php_date.c.orig 2015-03-21 18:31:58.092700000 +0100 ++++ ext/date/php_date.c 2015-03-21 18:33:51.148505000 +0100 +@@ -2573,12 +2573,9 @@ + timelib_tzinfo *tzi; + php_timezone_obj *tzobj; + +- if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) { +- convert_to_string(*z_date); +- if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) { +- convert_to_long(*z_timezone_type); +- if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) { +- convert_to_string(*z_timezone); ++ if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) { ++ if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) { ++ if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) { + + switch (Z_LVAL_PP(z_timezone_type)) { + case TIMELIB_ZONETYPE_OFFSET: |