[arch-commits] CVS update of extra/devel/php (CVE-2008-0599.patch PKGBUILD)
Pierre Schmitz
pierre at archlinux.org
Sat Mar 8 10:06:05 UTC 2008
Date: Saturday, March 8, 2008 @ 05:06:05
Author: pierre
Path: /home/cvs-extra/extra/devel/php
Added: CVE-2008-0599.patch (1.1)
Modified: PKGBUILD (1.122 -> 1.123)
fix CVE-2008-0599
---------------------+
CVE-2008-0599.patch | 11 +++++++++++
PKGBUILD | 13 +++++++++----
2 files changed, 20 insertions(+), 4 deletions(-)
Index: extra/devel/php/CVE-2008-0599.patch
diff -u /dev/null extra/devel/php/CVE-2008-0599.patch:1.1
--- /dev/null Sat Mar 8 05:06:05 2008
+++ extra/devel/php/CVE-2008-0599.patch Sat Mar 8 05:06:05 2008
@@ -0,0 +1,11 @@
+--- sapi/cgi/cgi_main.c 2007/12/31 07:20:16 1.267.2.15.2.54
++++ sapi/cgi/cgi_main.c 2008/02/28 00:29:29 1.267.2.15.2.55
+@@ -1017,7 +1017,7 @@
+ ) {
+ /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
+ int ptlen = strlen(pt) - strlen(env_script_name);
+- int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
++ int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
+ char *path_translated = NULL;
+
+ path_translated = (char *) emalloc(path_translated_len + 1);
Index: extra/devel/php/PKGBUILD
diff -u extra/devel/php/PKGBUILD:1.122 extra/devel/php/PKGBUILD:1.123
--- extra/devel/php/PKGBUILD:1.122 Sun Mar 2 16:06:14 2008
+++ extra/devel/php/PKGBUILD Sat Mar 8 05:06:05 2008
@@ -1,8 +1,8 @@
-# $Id: PKGBUILD,v 1.122 2008/03/02 21:06:14 pierre Exp $
+# $Id: PKGBUILD,v 1.123 2008/03/08 10:06:05 pierre Exp $
# Maintainer: Pierre Schmitz <pierre at archlinux.de>
pkgname=php
pkgver=5.2.5
-pkgrel=6
+pkgrel=7
_suhosinver=0.9.6.2
pkgdesc='A high-level scripting language'
arch=('i686' 'x86_64')
@@ -39,11 +39,13 @@
source=("http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2" \
"http://www.hardened-php.net/suhosin/_media/suhosin-patch-${pkgver}-${_suhosinver}.patch.gz" \
'php.ini' \
- 'pcre-7.6-3.patch')
+ 'pcre-7.6-3.patch' \
+ 'CVE-2008-0599.patch')
md5sums=('1fe14ca892460b09f06729941a1bb605' \
'a43f1a0ee9e7c41c4cb6890174f1f9d8' \
'7cb9c272fb373ee431f4a808952e0bef' \
- '636145bec97f5365ba753ce48cc968d4')
+ '636145bec97f5365ba753ce48cc968d4' \
+ 'ba28bf5e7aeaefa7d7e328eecd30207c')
build() {
[ -e /usr/lib/libdb-4.1.so ] && echo 'remove db4.1 package' && return 1
@@ -125,6 +127,9 @@
cd ${startdir}/src/${pkgname}-${pkgver}
+ # fix security issue CVE-2008-0599
+ patch -p0 -i ${startdir}/src/CVE-2008-0599.patch || return 1
+
# update "builtin" version of pcre
# see FS#9601
patch -p1 -i ${startdir}/src/pcre-7.6-3.patch || return 1
More information about the arch-commits
mailing list