Add patches for the following CVEs

CVE-2015-2301 CVE-2014-9705 CVE-2015-0273 MFH: 2015Q1
svn path=/head/; revision=381839
2024-11-28 01:06:17 +00:00 · 2015-03-21 19:41:29 +00:00 · 2015-03-21 19:41:29 +00:00 · ffdc459cc1 · 2021-03-31 03:12:20 +00:00
commit ffdc459cc1
parent 14ffee87c2
4 changed files with 65 additions and 1 deletions
--- a/archivers/php53-phar/files/patch-CVE-2015-2301
+++ b/archivers/php53-phar/files/patch-CVE-2015-2301
@ -0,0 +1,12 @@
+--- phar_object.c	2015-03-16 13:56:47.878348393 -0400
+++ phar_object.c	2015-03-16 13:56:47.826347993 -0400
+@@ -2320,8 +2320,8 @@
+ 	}
+ its_ok:
+ 	if (SUCCESS == php_stream_stat_path(newpath, &ssb)) {
+-		efree(oldpath);
+ 		zend_throw_exception_ex(spl_ce_BadMethodCallException, 0 TSRMLS_CC, "phar \"%s\" exists and must be unlinked prior to conversion", newpath);
+		efree(oldpath);
+ 		return NULL;
+ 	}
+ 	if (!phar->is_data) {
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	php53
 PORTVERSION=	5.3.29
-PORTREVISION?=	4
+PORTREVISION?=	5
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
--- a/lang/php53/files/patch-CVE-2014-9705
+++ b/lang/php53/files/patch-CVE-2014-9705
@ -0,0 +1,34 @@
+--- ext/enchant/enchant.c	2015-03-16 13:42:36.063819735 -0400
+++ ext/enchant/enchant.c	2015-03-16 13:42:36.059819705 -0400
+@@ -545,13 +545,12 @@
+ 
+ 	d = enchant_broker_request_dict(pbroker->pbroker, (const char *)tag);
+ 	if (d) {
+		pos = pbroker->dictcnt++;
+ 		if (pbroker->dictcnt) {
+ 			pbroker->dict = (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * pbroker->dictcnt);
+-			pos = pbroker->dictcnt++;
+ 		} else {
+ 			pbroker->dict = (enchant_dict **)emalloc(sizeof(enchant_dict *));
+ 			pos = 0;
+-			pbroker->dictcnt++;
+ 		}
+ 
+ 		dict = pbroker->dict[pos] = (enchant_dict *)emalloc(sizeof(enchant_dict));
+@@ -606,14 +605,14 @@
+ 
+ 	d = enchant_broker_request_pwl_dict(pbroker->pbroker, (const char *)pwl);
+ 	if (d) {
+		pos = pbroker->dictcnt++;
+ 		if (pbroker->dictcnt) {
+-			pos = pbroker->dictcnt++;
+ 			pbroker->dict = (enchant_dict **)erealloc(pbroker->dict, sizeof(enchant_dict *) * pbroker->dictcnt);
+ 		} else {
+ 			pbroker->dict = (enchant_dict **)emalloc(sizeof(enchant_dict *));
+ 			pos = 0;
+-			pbroker->dictcnt++;
+ 		}
+
+ 		dict = pbroker->dict[pos] = (enchant_dict *)emalloc(sizeof(enchant_dict));
+ 		dict->id = pos;
+ 		dict->pbroker = pbroker;
--- a/lang/php53/files/patch-CVE-2015-0273
+++ b/lang/php53/files/patch-CVE-2015-0273
@ -0,0 +1,18 @@
+--- ext/date/php_date.c.orig	2015-03-21 18:31:58.092700000 +0100
+++ ext/date/php_date.c	2015-03-21 18:33:51.148505000 +0100
+@@ -2573,12 +2573,9 @@
+ 	timelib_tzinfo   *tzi;
+ 	php_timezone_obj *tzobj;
+ 
+-	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) {
+-		convert_to_string(*z_date);
+-		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) {
+-			convert_to_long(*z_timezone_type);
+-			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) {
+-				convert_to_string(*z_timezone);
+	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) {
+		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) {
+			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) {
+ 
+ 				switch (Z_LVAL_PP(z_timezone_type)) {
+ 					case TIMELIB_ZONETYPE_OFFSET: