[arch-commits] CVS update of extra/devel/php (CVE-2008-0599.patch PKGBUILD)

Pierre Schmitz pierre at archlinux.org
Sat Mar 8 10:06:05 UTC 2008 

    Date: Saturday, March 8, 2008 @ 05:06:05
  Author: pierre
    Path: /home/cvs-extra/extra/devel/php

   Added: CVE-2008-0599.patch (1.1)
Modified: PKGBUILD (1.122 -> 1.123)

fix CVE-2008-0599


---------------------+
 CVE-2008-0599.patch |   11 +++++++++++
 PKGBUILD            |   13 +++++++++----
 2 files changed, 20 insertions(+), 4 deletions(-)


Index: extra/devel/php/CVE-2008-0599.patch
diff -u /dev/null extra/devel/php/CVE-2008-0599.patch:1.1
--- /dev/null	Sat Mar  8 05:06:05 2008
+++ extra/devel/php/CVE-2008-0599.patch	Sat Mar  8 05:06:05 2008
@@ -0,0 +1,11 @@
+--- sapi/cgi/cgi_main.c	2007/12/31 07:20:16	1.267.2.15.2.54
++++ sapi/cgi/cgi_main.c	2008/02/28 00:29:29	1.267.2.15.2.55
+@@ -1017,7 +1017,7 @@
+ 						) {
+ 							/* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
+ 							int ptlen = strlen(pt) - strlen(env_script_name);
+-							int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
++							int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
+ 							char *path_translated = NULL;
+ 
+ 							path_translated = (char *) emalloc(path_translated_len + 1);
Index: extra/devel/php/PKGBUILD
diff -u extra/devel/php/PKGBUILD:1.122 extra/devel/php/PKGBUILD:1.123
--- extra/devel/php/PKGBUILD:1.122	Sun Mar  2 16:06:14 2008
+++ extra/devel/php/PKGBUILD	Sat Mar  8 05:06:05 2008
@@ -1,8 +1,8 @@
-# $Id: PKGBUILD,v 1.122 2008/03/02 21:06:14 pierre Exp $
+# $Id: PKGBUILD,v 1.123 2008/03/08 10:06:05 pierre Exp $
 # Maintainer: Pierre Schmitz <pierre at archlinux.de>
 pkgname=php
 pkgver=5.2.5
-pkgrel=6
+pkgrel=7
 _suhosinver=0.9.6.2
 pkgdesc='A high-level scripting language'
 arch=('i686' 'x86_64')
@@ -39,11 +39,13 @@
 source=("http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2" \
         "http://www.hardened-php.net/suhosin/_media/suhosin-patch-${pkgver}-${_suhosinver}.patch.gz" \
         'php.ini' \
-        'pcre-7.6-3.patch')
+        'pcre-7.6-3.patch' \
+        'CVE-2008-0599.patch')
 md5sums=('1fe14ca892460b09f06729941a1bb605' \
          'a43f1a0ee9e7c41c4cb6890174f1f9d8' \
          '7cb9c272fb373ee431f4a808952e0bef' \
-         '636145bec97f5365ba753ce48cc968d4')
+         '636145bec97f5365ba753ce48cc968d4' \
+         'ba28bf5e7aeaefa7d7e328eecd30207c')
 
 build() {
 	[ -e /usr/lib/libdb-4.1.so ] && echo 'remove db4.1 package' && return 1
@@ -125,6 +127,9 @@
 
 	cd ${startdir}/src/${pkgname}-${pkgver}
 
+	# fix security issue CVE-2008-0599
+	patch -p0 -i ${startdir}/src/CVE-2008-0599.patch || return 1
+
 	# update "builtin" version of pcre
 	# see FS#9601
 	patch -p1 -i  ${startdir}/src/pcre-7.6-3.patch || return 1

More information about the arch-commits mailing list