From dc30c93c5a347ba132b6a5620ec5e6c9bff9402f Mon Sep 17 00:00:00 2001
From: Daniel Jahre <rock@lospalmos.net>
Date: Mon, 9 Oct 2006 14:37:17 +0000
Subject: [PATCH] Daniel Jahre: 	added security patch to php5 package 	this
 is a SECURITY patch

[2006100916344134950] (https://www.rocklinux.net/submaster)



git-svn-id: http://www.rocklinux.org/svn/rock-linux/trunk@7933 c5f82cb5-29bc-0310-9cd0-bff59a50e3bc
---
 package/alessandro/php/php.desc               |  2 +-
 .../alessandro/php/php5/CVE-2006-4812.patch   | 31 +++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 package/alessandro/php/php5/CVE-2006-4812.patch

diff --git a/package/alessandro/php/php.desc b/package/alessandro/php/php.desc
index c1199eaeb..0641866f2 100644
--- a/package/alessandro/php/php.desc
+++ b/package/alessandro/php/php.desc
@@ -44,7 +44,7 @@
 #endif
 
 #if xpkg == php5
-[V] 5.1.6
+[V] 5.1.6 1
 [O] pear_version=2006-05-17
 [D] 499767077 php-5.1.6.tar.bz2 http://static.php.net/www.php.net/distributions/
 [D] 3500472770 install-pear-nozlib-2006-05-17.phar !http://pear.php.net/install-pear-nozlib.phar
diff --git a/package/alessandro/php/php5/CVE-2006-4812.patch b/package/alessandro/php/php5/CVE-2006-4812.patch
new file mode 100644
index 000000000..a205d0734
--- /dev/null
+++ b/package/alessandro/php/php5/CVE-2006-4812.patch
@@ -0,0 +1,31 @@
+diff -Nura php-5.1.6.orig/Zend/zend_alloc.c php-5.1.6/Zend/zend_alloc.c
+--- ./Zend/zend_alloc.c	2006-08-10 19:16:24.000000000 +0200
++++ ./Zend/zend_alloc.c	2006-10-09 09:36:32.000000000 +0200
+@@ -17,7 +17,7 @@
+    +----------------------------------------------------------------------+
+ */
+ 
+-/* $Id: zend_alloc.c,v 1.144.2.4 2006/08/10 17:16:24 iliaa Exp $ */
++/* $Id: zend_alloc.c,v 1.144.2.5 2006/09/30 17:15:23 iliaa Exp $ */
+ 
+ #include "zend.h"
+ #include "zend_alloc.h"
+@@ -328,15 +328,14 @@
+ ZEND_API void *_ecalloc(size_t nmemb, size_t size ZEND_FILE_LINE_DC ZEND_FILE_LINE_ORIG_DC)
+ {
+ 	void *p;
+-	int final_size = size*nmemb;
+-	
++
+ 	HANDLE_BLOCK_INTERRUPTIONS();
+-	p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
++	p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+ 	if (!p) {
+ 		HANDLE_UNBLOCK_INTERRUPTIONS();
+ 		return (void *) p;
+ 	}
+-	memset(p, 0, final_size);
++	memset(p, 0, size * nmemb);
+ 	HANDLE_UNBLOCK_INTERRUPTIONS();
+ 	return p;
+ }