addpkg: php53 5.3.29-4

1 files changed, 29 insertions, 0 deletions

diff --git a/CVE-2015-2787.patch b/CVE-2015-2787.patch
new file mode 100644
index 000000000000..141c56a879b1
--- /dev/null
+++ b/CVE-2015-2787.patch
@@ -0,0 +1,29 @@
+Description: fix arbitrary code exection via process_nested_data use-after-free
+Origin: backport, https://github.com/php/php-src/commit/780222f97f47644a6a118ada86a269a96a1e8134
+Origin: backport, https://github.com/php/php-src/commit/d76b293ac71aa5bd4e9a433192afef6e0dd5a4ee
+Bug: https://bugs.php.net/bug.php?id=68976
+
+Index: php5-5.3.10/ext/standard/var_unserializer.c
+===================================================================
+--- php5-5.3.10.orig/ext/standard/var_unserializer.c	2015-04-17 06:24:38.154295164 -0400
++++ php5-5.3.10/ext/standard/var_unserializer.c	2015-04-17 06:24:38.154295164 -0400
+@@ -304,6 +304,7 @@
+ 			zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ 					sizeof data, NULL);
+ 		}
++		var_push_dtor(var_hash, &data);
+ 		
+ 		zval_dtor(key);
+ 		FREE_ZVAL(key);
+Index: php5-5.3.10/ext/standard/var_unserializer.re
+===================================================================
+--- php5-5.3.10.orig/ext/standard/var_unserializer.re	2015-04-17 06:24:38.154295164 -0400
++++ php5-5.3.10/ext/standard/var_unserializer.re	2015-04-17 06:24:38.154295164 -0400
+@@ -310,6 +310,7 @@
+ 			zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ 					sizeof data, NULL);
+ 		}
++		var_push_dtor(var_hash, &data);
+ 		
+ 		zval_dtor(key);
+ 		FREE_ZVAL(key);