--- rpms/php/sme8/php-5.3.3-CVE-2012-2143.patch	2012/06/29 14:45:08	1.1
+++ rpms/php/sme8/php-5.3.3-CVE-2012-2143.patch	2012/06/29 14:45:08	1.1.2.1
@@ -0,0 +1,39 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2143
+
+http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34
+
+--- php-5.3.3/ext/standard/crypt_freesec.c.cve2143
++++ php-5.3.3/ext/standard/crypt_freesec.c
+@@ -629,7 +629,8 @@ _crypt_extended_r(const char *key, const
+ 	 */
+ 	q = (u_char *) keybuf;
+ 	while (q - (u_char *) keybuf < sizeof(keybuf)) {
+-		if ((*q++ = *key << 1))
++		*q++ = *key << 1;
++		if (*key)
+ 			key++;
+ 	}
+ 	if (des_setkey((u_char *) keybuf, data))
+--- php-5.3.3/ext/standard/tests/strings/crypt_chars.phpt.cve2143
++++ php-5.3.3/ext/standard/tests/strings/crypt_chars.phpt
+@@ -0,0 +1,19 @@
++--TEST--
++crypt() function - characters > 0x80
++--SKIPIF--
++<?php
++if (!function_exists('crypt')) {
++        die("SKIP crypt() is not available");
++}
++?>
++--FILE--
++<?php
++var_dump(crypt("À1234abcd", "99"));
++var_dump(crypt("À9234abcd", "99"));
++var_dump(crypt("À1234abcd", "_01234567"));
++var_dump(crypt("À9234abcd", "_01234567"));
++--EXPECT--
++string(13) "99PxawtsTfX56"
++string(13) "99jcVcGxUZOWk"
++string(20) "_01234567IBjxKliXXRQ"
++string(20) "_012345678OSGpGQRVHA"