[arch-commits] Commit in php/trunk (CVE-2008-0599.patch PKGBUILD)

Pierre Schmitz pierre at archlinux.org
Thu May 1 17:02:35 EDT 2008


    Date: Thursday, May 1, 2008 @ 17:02:34
  Author: pierre
Revision: 1203

upgpkg: php 5.2.6-1

Modified:
  php/trunk/PKGBUILD
Deleted:
  php/trunk/CVE-2008-0599.patch

---------------------+
 CVE-2008-0599.patch |   11 -----------
 PKGBUILD            |   19 +++++++------------
 2 files changed, 7 insertions(+), 23 deletions(-)

Deleted: CVE-2008-0599.patch
===================================================================
--- CVE-2008-0599.patch	2008-05-01 20:08:29 UTC (rev 1202)
+++ CVE-2008-0599.patch	2008-05-01 21:02:34 UTC (rev 1203)
@@ -1,11 +0,0 @@
---- sapi/cgi/cgi_main.c	2007/12/31 07:20:16	1.267.2.15.2.54
-+++ sapi/cgi/cgi_main.c	2008/02/28 00:29:29	1.267.2.15.2.55
-@@ -1017,7 +1017,7 @@
- 						) {
- 							/* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
- 							int ptlen = strlen(pt) - strlen(env_script_name);
--							int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
-+							int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
- 							char *path_translated = NULL;
- 
- 							path_translated = (char *) emalloc(path_translated_len + 1);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2008-05-01 20:08:29 UTC (rev 1202)
+++ PKGBUILD	2008-05-01 21:02:34 UTC (rev 1203)
@@ -1,8 +1,8 @@
 # $Id$
 # Maintainer: Pierre Schmitz <pierre at archlinux.de>
 pkgname=php
-pkgver=5.2.5
-pkgrel=11
+pkgver=5.2.6
+pkgrel=1
 _suhosinver=0.9.6.2
 pkgdesc='A high-level scripting language'
 arch=('i686' 'x86_64')
@@ -37,13 +37,11 @@
             )
 options=('emptydirs' '!makeflags')
 source=("http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2" \
-        "http://www.hardened-php.net/suhosin/_media/suhosin-patch-${pkgver}-${_suhosinver}.patch.gz" \
-        'php.ini' \
-        'CVE-2008-0599.patch')
-md5sums=('1fe14ca892460b09f06729941a1bb605' \
-         'a43f1a0ee9e7c41c4cb6890174f1f9d8' \
-         '7cb9c272fb373ee431f4a808952e0bef' \
-         'ba28bf5e7aeaefa7d7e328eecd30207c')
+        "http://download.suhosin.org/suhosin-patch-${pkgver}-${_suhosinver}.patch.gz" \
+        'php.ini')
+md5sums=('7380ffecebd95c6edb317ef861229ebd' \
+         'f2ec986341a314c271259dbe4d940858' \
+         '7cb9c272fb373ee431f4a808952e0bef')
 
 build() {
 	[ -e /usr/lib/libdb-4.1.so ] && echo 'remove db4.1 package' && return 1
@@ -126,9 +124,6 @@
 
 	cd ${startdir}/src/${pkgname}-${pkgver}
 
-	# fix security issue CVE-2008-0599
-	patch -p0 -i ${startdir}/src/CVE-2008-0599.patch || return 1
-
 	# apply suhosin patch
 	patch -p1 -i ${startdir}/src/suhosin-patch-${pkgver}-${_suhosinver}.patch || return 1
 





More information about the arch-commits mailing list