--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/220_php_20258327.patch Fri Feb 06 14:28:07 2015 -0800
@@ -0,0 +1,60 @@
+Fix from PHP community for CVE-2014-8142
+Bug:
+https://bugs.php.net/bug.php?id=68594
+Code:
+http://git.php.net/?p=php-src.git;a=commit;h=630f9c33c23639de85c3fd306b209b538b73b4c9
+This patch is for a newer version of php so this hand crafted equivalent
+was created for php 5.3.
+
+--- php-5.3.29/ext/standard/var_unserializer.re_orig 2014-08-13 12:22:50.000000000 -0700
++++ php-5.3.29/ext/standard/var_unserializer.re 2015-02-05 14:51:58.796366953 -0800
+@@ -304,6 +304,9 @@
+ } else {
+ /* object properties should include no integers */
+ convert_to_string(key);
++ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
++ var_push_dtor(var_hash, old_data);
++ }
+ zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ sizeof data, NULL);
+ }
+
+--- php-5.3.29/ext/standard/var_unserializer.c_orig 2014-08-13 12:27:30.000000000 -0700
++++ php-5.3.29/ext/standard/var_unserializer.c 2015-02-05 15:20:42.925115687 -0800
+@@ -298,6 +298,9 @@
+ } else {
+ /* object properties should include no integers */
+ convert_to_string(key);
++ if (zend_symtable_find(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, (void **)&old_data)==SUCCESS) {
++ var_push_dtor(var_hash, old_data);
++ }
+ zend_hash_update(ht, Z_STRVAL_P(key), Z_STRLEN_P(key) + 1, &data,
+ sizeof data, NULL);
+ }
+
+--- php-5.3.29/ext/standard/tests/serialize/bug68594.phpt_orig 2015-02-05 14:59:34.551069069 -0800
++++ php-5.3.29/ext/standard/tests/serialize/bug68594.phpt 2015-02-05 14:54:28.269051205 -0800
+@@ -0,0 +1,23 @@
++--TEST--
++Bug #68545 Use after free vulnerability in unserialize()
++--FILE--
++<?php
++for ($i=4; $i<100; $i++) {
++ $m = new StdClass();
++
++ $u = array(1);
++
++ $m->aaa = array(1,2,&$u,4,5);
++ $m->bbb = 1;
++ $m->ccc = &$u;
++ $m->ddd = str_repeat("A", $i);
++
++ $z = serialize($m);
++ $z = str_replace("bbb", "aaa", $z);
++ $y = unserialize($z);
++ $z = serialize($y);
++}
++?>
++===DONE===
++--EXPECTF--
++===DONE===