[arch-commits] CVS update of extra/devel/php-apc (CVE-2008-1488.patch PKGBUILD apc.ini)
Pierre Schmitz
pierre at archlinux.org
Wed Mar 26 21:54:38 UTC 2008
Date: Wednesday, March 26, 2008 @ 17:54:38
Author: pierre
Path: /home/cvs-extra/extra/devel/php-apc
Added: CVE-2008-1488.patch (1.1)
Modified: PKGBUILD (1.15 -> 1.16) apc.ini (1.1 -> 1.2)
upgpkg: php-apc 3.0.16-4
downgrade to 3.0.16 due to random crashes with 3.0.17; backported CVE-2008-1488
---------------------+
CVE-2008-1488.patch | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 16 +++++---
apc.ini | 10 -----
3 files changed, 106 insertions(+), 16 deletions(-)
Index: extra/devel/php-apc/CVE-2008-1488.patch
diff -u /dev/null extra/devel/php-apc/CVE-2008-1488.patch:1.1
--- /dev/null Wed Mar 26 17:54:38 2008
+++ extra/devel/php-apc/CVE-2008-1488.patch Wed Mar 26 17:54:37 2008
@@ -0,0 +1,96 @@
+--- apc.c 2007/11/29 22:15:53 3.18
++++ apc.c 2008/03/25 18:04:53 3.18.2.1
+@@ -270,26 +270,13 @@
+
+ /* }}} */
+
+-/* {{{ filesystem functions */
+-
+-#ifdef PHP_WIN32
+-int apc_win32_stat(const char *path, struct stat *buf TSRMLS_DC)
+-{
+- char rpath[MAXPATHLEN];
+- BY_HANDLE_FILE_INFORMATION fi;
+- HANDLE f;
+-
+- if (VCWD_STAT(path, buf)) {
+- return -1;
+- }
+-
+- VCWD_REALPATH(path, rpath);
+- f = CreateFile(rpath, 0, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | FILE_ATTRIBUTE_READONLY, NULL);
+- GetFileInformationByHandle(f, &fi);
+- buf->st_ino = (ino_t)fi.nFileIndexLow;
+- CloseHandle (f);
+- return 0;
+-}
++/* similar to php_stream_stat_path */
++#ifdef ZEND_ENGINE_2
++#define APC_URL_STAT(wrapper, filename, pstatbuf) \
++ ((wrapper)->wops->url_stat((wrapper), (filename), 0, (pstatbuf), NULL TSRMLS_CC))
++#else
++#define APC_URL_STAT(wrapper, filename, pstatbuf) \
++ ((wrapper)->wops->url_stat((wrapper), (filename), (pstatbuf) TSRMLS_CC))
+ #endif
+
+ int apc_search_paths(const char* filename, const char* path, apc_fileinfo_t* fileinfo)
+@@ -299,12 +286,33 @@
+ int exec_fname_length;
+ int found = 0;
+ int i;
++ php_stream_wrapper *wrapper = NULL;
++ char *path_for_open = NULL;
++
+ TSRMLS_FETCH();
+
+ assert(filename && fileinfo);
+
+- if (IS_ABSOLUTE_PATH(filename, strlen(filename)) && apc_stat(filename, &fileinfo->st_buf) == 0) {
+- strncpy(fileinfo->fullpath, filename, MAXPATHLEN);
++
++ wrapper = php_stream_locate_url_wrapper(filename, &path_for_open, 0 TSRMLS_CC);
++
++ if(!wrapper || !wrapper->wops || !wrapper->wops->url_stat) {
++ return -1;
++ }
++
++#ifdef ZEND_ENGINE_2
++ if(wrapper != &php_plain_files_wrapper) {
++ if(APC_URL_STAT(wrapper, path_for_open, &fileinfo->st_buf) == 0) {
++ strncpy(fileinfo->fullpath, path_for_open, MAXPATHLEN);
++ return 0;
++ }
++ return -1; /* cannot stat */
++ }
++#endif
++
++ if (IS_ABSOLUTE_PATH(path_for_open, strlen(path_for_open)) &&
++ APC_URL_STAT(wrapper, path_for_open, &fileinfo->st_buf) == 0) {
++ strncpy(fileinfo->fullpath, path_for_open, MAXPATHLEN);
+ return 0;
+ }
+
+@@ -314,8 +322,8 @@
+
+ /* for each directory in paths, look for filename inside */
+ for (i = 0; paths[i]; i++) {
+- snprintf(fileinfo->fullpath, sizeof(fileinfo->fullpath), "%s%c%s", paths[i], DEFAULT_SLASH, filename);
+- if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {
++ snprintf(fileinfo->fullpath, sizeof(fileinfo->fullpath), "%s%c%s", paths[i], DEFAULT_SLASH, path_for_open);
++ if (APC_URL_STAT(wrapper, fileinfo->fullpath, &fileinfo->st_buf) == 0) {
+ found = 1;
+ break;
+ }
+@@ -331,9 +339,9 @@
+ /* not: [no active file] or no path */
+ memcpy(fileinfo->fullpath, exec_fname, exec_fname_length);
+ fileinfo->fullpath[exec_fname_length] = DEFAULT_SLASH;
+- strcpy(fileinfo->fullpath +exec_fname_length +1, filename);
+- /* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", filename, exec_fname, fileinfo->fullpath); */
+- if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) {
++ strlcpy(fileinfo->fullpath +exec_fname_length +1, path_for_open,sizeof(fileinfo->fullpath)-exec_fname_length-1);
++ /* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", path_for_open, exec_fname, fileinfo->fullpath); */
++ if (APC_URL_STAT(wrapper, fileinfo->fullpath, &fileinfo->st_buf) == 0) {
+ found = 1;
+ }
+ }
Index: extra/devel/php-apc/PKGBUILD
diff -u extra/devel/php-apc/PKGBUILD:1.15 extra/devel/php-apc/PKGBUILD:1.16
--- extra/devel/php-apc/PKGBUILD:1.15 Wed Mar 26 05:43:12 2008
+++ extra/devel/php-apc/PKGBUILD Wed Mar 26 17:54:38 2008
@@ -1,23 +1,27 @@
-# $Id: PKGBUILD,v 1.15 2008/03/26 09:43:12 pierre Exp $
+# $Id: PKGBUILD,v 1.16 2008/03/26 21:54:38 pierre Exp $
# Maintainer: Pierre Schmitz <pierre at archlinux.de>
pkgname=php-apc
-pkgver=3.0.17
-pkgrel=1
+pkgver=3.0.16
+pkgrel=4
arch=('i686' 'x86_64')
pkgdesc='APC is a free, open, and robust framework for caching and optimizing PHP intermediate code.'
url='http://pecl.php.net/package/APC'
depends=('php')
license="PHP"
-source=("http://pecl.php.net/get/APC-${pkgver}.tgz" 'apc.ini')
+source=("http://pecl.php.net/get/APC-${pkgver}.tgz" 'apc.ini' 'CVE-2008-1488.patch')
install=php-apc.install
backup=('etc/php/conf.d/apc.ini')
-md5sums=('c3ab4d8022237c71c9cacdb97eb22a16' '20f434002425707acd4d934a1f8e852a')
+options=('force')
+md5sums=('5aa2ee801c3d74d868c1d8184781ba6b'
+ 'd97e651eb50b072f91e193d11a528d9b'
+ '148a4b899fe3c4f01febff01b5fb22bc')
build() {
cd $startdir/src/APC-$pkgver
+ patch -i ../CVE-2008-1488.patch || return 1
phpize || return 1
./configure --prefix=/usr || return 1
make || return 1
make INSTALL_ROOT=${startdir}/pkg install || return 1
install -D -m644 ../apc.ini ${startdir}/pkg/etc/php/conf.d/apc.ini
-}
+}
\ No newline at end of file
Index: extra/devel/php-apc/apc.ini
diff -u extra/devel/php-apc/apc.ini:1.1 extra/devel/php-apc/apc.ini:1.2
--- extra/devel/php-apc/apc.ini:1.1 Wed Sep 26 04:35:43 2007
+++ extra/devel/php-apc/apc.ini Wed Mar 26 17:54:38 2008
@@ -171,16 +171,6 @@
; (Default: 0)
; apc.rfc1867
-; This enables a lock-free local process shadow-cache which
-; reduces lock contention when the cache is being written to.
-; (Default: 0)
-; apc.localcache
-
-; The size of the local process shadow-cache, should be set to
-; a sufficently large value, approximately half of num_files_hint.
-; (Default: 512)
-; apc.localcache.size
-
; Optimize include_once and require_once calls and avoid the
; expensive system calls used.
; (Default: 0)
More information about the arch-commits
mailing list