svn commit: r360913 - in head/lang/php53: . files
Florian Smeets
flo at FreeBSD.org
Sun Jul 6 14:42:16 UTC 2014
Author: flo
Date: Sun Jul 6 14:42:15 2014
New Revision: 360913
URL: http://svnweb.freebsd.org/changeset/ports/360913
QAT: https://qat.redports.org/buildarchive/r360913/
Log:
Merge a patch from php 5.4/5.5 to fix a security vulnerability. No CVE has
been assigned (yet?).
More info on https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
PR: 191638
Submitted by: logan at elandsys.com
Added:
head/lang/php53/files/patch-ext_standard_info.c (contents, props changed)
Modified:
head/lang/php53/Makefile
Modified: head/lang/php53/Makefile
==============================================================================
--- head/lang/php53/Makefile Sun Jul 6 14:33:40 2014 (r360912)
+++ head/lang/php53/Makefile Sun Jul 6 14:42:15 2014 (r360913)
@@ -3,7 +3,7 @@
PORTNAME= php53
PORTVERSION= 5.3.28
-PORTREVISION?= 2
+PORTREVISION?= 3
CATEGORIES?= lang devel www
MASTER_SITES= ${MASTER_SITE_PHP}
MASTER_SITE_SUBDIR= distributions
Added: head/lang/php53/files/patch-ext_standard_info.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lang/php53/files/patch-ext_standard_info.c Sun Jul 6 14:42:15 2014 (r360913)
@@ -0,0 +1,23 @@
+--- ext/standard/info.c.orig 2014-07-06 14:16:21.785793323 +0200
++++ ext/standard/info.c 2014-07-06 14:20:20.630549152 +0200
+@@ -999,16 +999,16 @@
+
+ php_info_print_table_start();
+ php_info_print_table_header(2, "Variable", "Value");
+- if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data));
+ }
+- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data));
+ }
+- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data));
+ }
+- if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) {
++ if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data));
+ }
+ php_print_gpcse_array("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);
More information about the svn-ports-head
mailing list