summaryrefslogtreecommitdiffstats
path: root/main/php
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2014-06-23 14:00:47 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2014-06-23 14:00:47 +0000
commitfec747b9906380f6b5bc0cb26a8f387014b81b72 (patch)
tree6e181c92316954c32d69db4173aeaf698dfe892d /main/php
parentfdec4ffd0859ebba95622b1bb8fbf46f9de7468c (diff)
downloadaports-fec747b9906380f6b5bc0cb26a8f387014b81b72.tar.bz2
aports-fec747b9906380f6b5bc0cb26a8f387014b81b72.tar.xz
main/php: fix CVE-2014-4049
Diffstat (limited to 'main/php')
-rw-r--r--main/php/APKBUILD12
-rw-r--r--main/php/CVE-2014-4049.patch30
2 files changed, 38 insertions, 4 deletions
diff --git a/main/php/APKBUILD b/main/php/APKBUILD
index a088e3fb8..89b42f40b 100644
--- a/main/php/APKBUILD
+++ b/main/php/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Matt Smith <mcs@darkregion.net>
pkgname=php
pkgver=5.5.13
-pkgrel=1
+pkgrel=2
pkgdesc="The PHP language runtime engine"
url="http://www.php.net/"
arch="all"
@@ -108,6 +108,7 @@ source="http://php.net/distributions/php-$pkgver.tar.bz2
php5-module.conf
php-install-pear-xml.patch
gd-iconv.patch
+ CVE-2014-4049.patch
"
_apiver="20121113"
@@ -489,14 +490,17 @@ md5sums="e26e90af25ee6505dc18855e0180ffe9 php-5.5.13.tar.bz2
2e86e55c29c81282474dea27cc97b873 php-fpm.initd
67719f428f44ec004da18705cbabe2ee php5-module.conf
483bc0a85c50a9a9aedbe14a19ed4526 php-install-pear-xml.patch
-162d8d079944387eab2bc80edab347ae gd-iconv.patch"
+162d8d079944387eab2bc80edab347ae gd-iconv.patch
+bd763609e1a4cd15ba0142cb7e5bc7a4 CVE-2014-4049.patch"
sha256sums="e58a4a754eb18d2d8b1a120cad5cce4ed24a7db5d49eca5830a40e4c8ca78b9c php-5.5.13.tar.bz2
375892c6997f48659f7087ccb7fac039e4bb2f375453247295caa7858b9e15b9 php-fpm.initd
ceec4d5b2a128c6a97e49830af604f0bb555bca1a86a9cd0366b828ba392257f php5-module.conf
f739ca427a1dd53a388bad0823565299c5d4a5796b1171b892884e4d7d099bab php-install-pear-xml.patch
-6122bf279cdb7c387dd000761b2426969a73cf63a10a132aa98a79eb1dd259b2 gd-iconv.patch"
+6122bf279cdb7c387dd000761b2426969a73cf63a10a132aa98a79eb1dd259b2 gd-iconv.patch
+fc2275931dee760718a935d7247e57b36879ae6adba4ecdc2e5b824f3834db05 CVE-2014-4049.patch"
sha512sums="0c82635d73b328c5798163dba2b293fc1ad976793a9fac21a36840594c4f26d5a6582ba437f54bfaacf1fde3df2d09366b106bb555cb42a29097e6ad33ac36d9 php-5.5.13.tar.bz2
2d294022f2c45b2f3229655e5883b8ccab6852ed0378df682b9dd85a31038666ad3a622580861ce2d26dedf187326727ecf93694eb716271e9be25f79daddae9 php-fpm.initd
895e94c791bd82060ad820fef049d366a09c932097faa6b7b9a2c2e9e00a18cb7c0f9b128679c7659b404379266fd0f95dba5c0333f626194cf60f7bf6044102 php5-module.conf
f1177cbf6b1f44402f421c3d317aab1a2a40d0b1209c11519c1158df337c8945f3a313d689c939768584f3e4edbe52e8bd6103fb6777462326a9d94e8ab1f505 php-install-pear-xml.patch
-59443fb464f49ff7d9b64739df982e7240f9d4792226d96ad1538286945125fc7eb6f0cab88b64d5c81ee3679fd89bffdca59ebd20eca2778ab801ee54529028 gd-iconv.patch"
+59443fb464f49ff7d9b64739df982e7240f9d4792226d96ad1538286945125fc7eb6f0cab88b64d5c81ee3679fd89bffdca59ebd20eca2778ab801ee54529028 gd-iconv.patch
+d852e632b145d6157469bea7f76128ddec8a0634739c302d5888d6a135246ecb44ff7d65e9557049b0e655845b79c9f6ebed2afca8402d34b2ee5cae9ad71220 CVE-2014-4049.patch"
diff --git a/main/php/CVE-2014-4049.patch b/main/php/CVE-2014-4049.patch
new file mode 100644
index 000000000..c614d432c
--- /dev/null
+++ b/main/php/CVE-2014-4049.patch
@@ -0,0 +1,30 @@
+From 4f73394fdd95d3165b4391e1b0dedd57fced8c3b Mon Sep 17 00:00:00 2001
+From: Sara Golemon <pollita@php.net>
+Date: Tue, 10 Jun 2014 11:18:02 -0700
+Subject: [PATCH] Fix potential segfault in dns_get_record()
+
+If the remote sends us a packet with a malformed TXT record,
+we could end up trying to over-consume the packet and wander
+off into overruns.
+---
+ ext/standard/dns.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ext/standard/dns.c b/ext/standard/dns.c
+index 6a89446..214a7dc 100644
+--- a/ext/standard/dns.c
++++ b/ext/standard/dns.c
+@@ -517,6 +517,10 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
+
+ while (ll < dlen) {
+ n = cp[ll];
++ if ((ll + n) >= dlen) {
++ // Invalid chunk length, truncate
++ n = dlen - (ll + 1);
++ }
+ memcpy(tp + ll , cp + ll + 1, n);
+ add_next_index_stringl(entries, cp + ll + 1, n, 1);
+ ll = ll + n + 1;
+--
+1.9.3
+