From 4bac042f438038d28cfeec08b87ed83b44c4be04 Mon Sep 17 00:00:00 2001
From: Leonardo Arena <rnalrd@alpinelinux.org>
Date: Wed, 5 Mar 2014 10:35:58 +0000
Subject: main/php: security fix CVE-2013-6712. Fixes #2649

---
 main/php/APKBUILD            | 18 ++++++++++++++++--
 main/php/CVE-2013-6712.patch | 17 +++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 main/php/CVE-2013-6712.patch

diff --git a/main/php/APKBUILD b/main/php/APKBUILD
index f355badcce..a89af48b9f 100644
--- a/main/php/APKBUILD
+++ b/main/php/APKBUILD
@@ -3,7 +3,7 @@
 pkgname=php
 pkgver=5.3.28
 _suhosinver=5.3.9-0.9.10
-pkgrel=0
+pkgrel=1
 pkgdesc="The PHP language runtime engine"
 url="http://www.php.net/"
 arch="all"
@@ -77,6 +77,7 @@ source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2
 	php-install-pear-xml.patch
 	php-fpm.initd
 	php5-module.conf
+	CVE-2013-6712.patch
 	"
 
 _apiver="20090626"
@@ -440,4 +441,17 @@ md5sums="56ff88934e068d142d6c0deefd1f396b  php-5.3.28.tar.bz2
 c099b3d7eac95018ababd41ded7f3066  suhosin-patch-5.3.9-0.9.10.patch.gz
 5111e3be06d391f8772587c675240fab  php-install-pear-xml.patch
 9ab162ff3428511a68aa9801c746e0d5  php-fpm.initd
-67719f428f44ec004da18705cbabe2ee  php5-module.conf"
+67719f428f44ec004da18705cbabe2ee  php5-module.conf
+91934e87e24ff0551fc8fdc0ebb97699  CVE-2013-6712.patch"
+sha256sums="0cac960c651c4fbb3d21cf2f2b279a06e21948fb35a0d1439b97296cac1d8513  php-5.3.28.tar.bz2
+4438caeab0a10c6c94aee9f7eaa703f5799f97d4e0579f43a947bb7314e38317  suhosin-patch-5.3.9-0.9.10.patch.gz
+1eb9644c0fef5934e53627fbd52fe3d5f467ad994b4a7184ddf1ec70ba7cd9a7  php-install-pear-xml.patch
+96e68f7c545adcac56ed1f5824b33041e270680ca884a9cfe27e7f4ac8abfd3b  php-fpm.initd
+ceec4d5b2a128c6a97e49830af604f0bb555bca1a86a9cd0366b828ba392257f  php5-module.conf
+57ca9cbfbfdae125db7ce9f03944277c14202d1a05de472bc8d72ae29e7230ae  CVE-2013-6712.patch"
+sha512sums="84b58379ca12748ae2c9ba37de28c80e78bf8e5b96cf9715b1eafd297a3e155089e9560d6fee7b031be0139dcbe954a9c0717b583ff1fb1cd8a89308b5f6dfd3  php-5.3.28.tar.bz2
+98c56d41fac123626cbd1bcf4ca8afba5a9a960fd58a60e08c91a68cab7589162c4f9e1b0c39abaf173775cb63091a04c4224ee278410ec0afdbe9f3cf05f322  suhosin-patch-5.3.9-0.9.10.patch.gz
+842d6ed04114959fa77597b055882cfaa74a51127c964db2575b36419c54215d1b3f541bdeead3a69b056c4d9532dda0406108286015f0d763ab01895023be39  php-install-pear-xml.patch
+33247a1c9188eba893bb0be13456eeeec9b971c7f482a4e2bd0f318fb63d8c67d379a021840768bef8e4d630be859c5bdb424c1e90b9b816ec691c078147e915  php-fpm.initd
+895e94c791bd82060ad820fef049d366a09c932097faa6b7b9a2c2e9e00a18cb7c0f9b128679c7659b404379266fd0f95dba5c0333f626194cf60f7bf6044102  php5-module.conf
+7328abb8de423906c24e6116029d26689f96f5d08c21e8ddbed901a578b55ab82740c63a243c47c0a7ad8970b182ae03fe8fe3222d8fca00a15816cbbfd37cae  CVE-2013-6712.patch"
diff --git a/main/php/CVE-2013-6712.patch b/main/php/CVE-2013-6712.patch
new file mode 100644
index 0000000000..e21cf1dada
--- /dev/null
+++ b/main/php/CVE-2013-6712.patch
@@ -0,0 +1,17 @@
+diff --git a/main/php/CVE-2013-6712.patch b/main/php/CVE-2013-6712.patch
+new file mode 100644
+index 0000000..b98532e
+--- /dev/null
++++ b/main/php/CVE-2013-6712.patch
+@@ -0,0 +1,11 @@
++--- a/ext/date/lib/parse_iso_intervals.re.old 2013-11-08 18:09:18.815549958 +0100
+++++ b/ext/date/lib/parse_iso_intervals.re 2013-11-08 18:09:34.461608419 +0100
++@@ -348,7 +348,7 @@
++ break;
++ }
++ ptr++;
++- } while (*ptr);
+++ } while (!s->errors->error_count && *ptr);
++ s->have_period = 1;
++ TIMELIB_DEINIT;
++ return TIMELIB_PERIOD;
-- 
cgit v1.2.3