From owner-svn-ports-head@FreeBSD.ORG  Sun Jul  6 14:42:16 2014
Return-Path: <owner-svn-ports-head@FreeBSD.ORG>
Delivered-To: svn-ports-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7A963371;
 Sun,  6 Jul 2014 14:42:16 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CF6127DE;
 Sun,  6 Jul 2014 14:42:16 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s66EgGr6035071;
 Sun, 6 Jul 2014 14:42:16 GMT (envelope-from flo@svn.freebsd.org)
Received: (from flo@localhost)
 by svn.freebsd.org (8.14.8/8.14.8/Submit) id s66EgF6k035067;
 Sun, 6 Jul 2014 14:42:15 GMT (envelope-from flo@svn.freebsd.org)
Message-Id: <201407061442.s66EgF6k035067@svn.freebsd.org>
From: Florian Smeets <flo@FreeBSD.org>
Date: Sun, 6 Jul 2014 14:42:15 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r360913 - in head/lang/php53: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2014 14:42:16 -0000

Author: flo
Date: Sun Jul  6 14:42:15 2014
New Revision: 360913
URL: http://svnweb.freebsd.org/changeset/ports/360913
QAT: https://qat.redports.org/buildarchive/r360913/

Log:
  Merge a patch from php 5.4/5.5 to fix a security vulnerability. No CVE has
  been assigned (yet?).
  
  More info on https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
  
  PR:		191638
  Submitted by:	logan@elandsys.com

Added:
  head/lang/php53/files/patch-ext_standard_info.c   (contents, props changed)
Modified:
  head/lang/php53/Makefile

Modified: head/lang/php53/Makefile
==============================================================================
--- head/lang/php53/Makefile	Sun Jul  6 14:33:40 2014	(r360912)
+++ head/lang/php53/Makefile	Sun Jul  6 14:42:15 2014	(r360913)
@@ -3,7 +3,7 @@
 
 PORTNAME=	php53
 PORTVERSION=	5.3.28
-PORTREVISION?=	2
+PORTREVISION?=	3
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions

Added: head/lang/php53/files/patch-ext_standard_info.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/lang/php53/files/patch-ext_standard_info.c	Sun Jul  6 14:42:15 2014	(r360913)
@@ -0,0 +1,23 @@
+--- ext/standard/info.c.orig	2014-07-06 14:16:21.785793323 +0200
++++ ext/standard/info.c	2014-07-06 14:20:20.630549152 +0200
+@@ -999,16 +999,16 @@
+ 
+ 		php_info_print_table_start();
+ 		php_info_print_table_header(2, "Variable", "Value");
+-		if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE) {
++		if (zend_hash_find(&EG(symbol_table), "PHP_SELF", sizeof("PHP_SELF"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ 			php_info_print_table_row(2, "PHP_SELF", Z_STRVAL_PP(data));
+ 		}
+-		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE) {
++		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_TYPE", sizeof("PHP_AUTH_TYPE"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ 			php_info_print_table_row(2, "PHP_AUTH_TYPE", Z_STRVAL_PP(data));
+ 		}
+-		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE) {
++		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_USER", sizeof("PHP_AUTH_USER"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ 			php_info_print_table_row(2, "PHP_AUTH_USER", Z_STRVAL_PP(data));
+ 		}
+-		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE) {
++		if (zend_hash_find(&EG(symbol_table), "PHP_AUTH_PW", sizeof("PHP_AUTH_PW"), (void **) &data) != FAILURE && Z_TYPE_PP(data) == IS_STRING) {
+ 			php_info_print_table_row(2, "PHP_AUTH_PW", Z_STRVAL_PP(data));
+ 		}
+ 		php_print_gpcse_array("_REQUEST", sizeof("_REQUEST")-1 TSRMLS_CC);