[Pkg-php-commits] r1180 - php5/branches/lenny/debian/patches

Sean Finney seanius at alioth.debian.org
Sat Dec 6 16:24:16 UTC 2008 

Author: seanius
Date: 2008-12-06 16:24:16 +0000 (Sat, 06 Dec 2008)
New Revision: 1180

Removed:
   php5/branches/lenny/debian/patches/CVE-2008-0599.patch
   php5/branches/lenny/debian/patches/CVE-2008-1384.patch
   php5/branches/lenny/debian/patches/CVE-2008-2050.patch
   php5/branches/lenny/debian/patches/CVE-2008-2051.patch
Log:
the last merge to complete the incomplete merge was also incomplete

this should the final change: remove the lenny-specific patches which are
incorporated into later versions which have later propagated to lenny.


Deleted: php5/branches/lenny/debian/patches/CVE-2008-0599.patch
===================================================================
--- php5/branches/lenny/debian/patches/CVE-2008-0599.patch	2008-12-06 16:20:16 UTC (rev 1179)
+++ php5/branches/lenny/debian/patches/CVE-2008-0599.patch	2008-12-06 16:24:16 UTC (rev 1180)
@@ -1,14 +0,0 @@
-http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.54&r2=1.267.2.15.2.55&diff_format=u
-Index: php-src/sapi/cgi/cgi_main.c
-diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54 php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.55
---- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54	Mon Dec 31 07:20:16 2007
-+++ php-src/sapi/cgi/cgi_main.c	Thu Feb 28 00:29:29 2008
-@@ -1017,7 +1017,7 @@
- 						) {
- 							/* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
- 							int ptlen = strlen(pt) - strlen(env_script_name);
--							int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
-+							int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
- 							char *path_translated = NULL;
- 
- 							path_translated = (char *) emalloc(path_translated_len + 1);

Deleted: php5/branches/lenny/debian/patches/CVE-2008-1384.patch
===================================================================
--- php5/branches/lenny/debian/patches/CVE-2008-1384.patch	2008-12-06 16:20:16 UTC (rev 1179)
+++ php5/branches/lenny/debian/patches/CVE-2008-1384.patch	2008-12-06 16:24:16 UTC (rev 1180)
@@ -1,34 +0,0 @@
-http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&view=patch
-Index: php5-5.2.5/ext/standard/formatted_print.c
-===================================================================
---- php5-5.2.5.orig/ext/standard/formatted_print.c
-+++ php5-5.2.5/ext/standard/formatted_print.c
-@@ -76,6 +76,7 @@ php_sprintf_appendstring(char **buffer, 
- 	register int npad;
- 	int req_size;
- 	int copy_len;
-+	int m_width;
- 
- 	copy_len = (expprec ? MIN(max_width, len) : len);
- 	npad = min_width - copy_len;
-@@ -86,11 +87,19 @@ php_sprintf_appendstring(char **buffer, 
- 	
- 	PRINTF_DEBUG(("sprintf: appendstring(%x, %d, %d, \"%s\", %d, '%c', %d)\n",
- 				  *buffer, *pos, *size, add, min_width, padding, alignment));
-+	m_width = MAX(min_width, copy_len);
- 
--	req_size = *pos + MAX(min_width, copy_len) + 1;
-+	if(m_width > INT_MAX - *pos - 1) {
-+		zend_error_noreturn(E_ERROR, "Field width %d is too long", m_width);
-+	}
-+
-+	req_size = *pos + m_width + 1;
- 
- 	if (req_size > *size) {
- 		while (req_size > *size) {
-+			if(*size > INT_MAX/2) {
-+				zend_error_noreturn(E_ERROR, "Field width %d is too long", req_size); 
-+			}
- 			*size <<= 1;
- 		}
- 		PRINTF_DEBUG(("sprintf ereallocing buffer to %d bytes\n", *size));

Deleted: php5/branches/lenny/debian/patches/CVE-2008-2050.patch
===================================================================
--- php5/branches/lenny/debian/patches/CVE-2008-2050.patch	2008-12-06 16:20:16 UTC (rev 1179)
+++ php5/branches/lenny/debian/patches/CVE-2008-2050.patch	2008-12-06 16:24:16 UTC (rev 1180)
@@ -1,22 +0,0 @@
-http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&view=patch
---- old/sapi/cgi/fastcgi.c	2008/02/15 14:51:52	1.44
-+++ new/sapi/cgi/fastcgi.c	2008/04/03 10:25:08	1.45
-@@ -593,6 +593,9 @@
- 	hdr->reserved = 0;
- 	hdr->type = type;
- 	hdr->version = FCGI_VERSION_1;
-+	if (pad) {
-+		memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad);
-+	}
- 	return pad;
- }
- 
-@@ -777,7 +780,7 @@
- {
- 	int ret, n, rest;
- 	fcgi_header hdr;
--	unsigned char buf[8];
-+	unsigned char buf[255];
- 
- 	n = 0;
- 	rest = len;

Deleted: php5/branches/lenny/debian/patches/CVE-2008-2051.patch
===================================================================
--- php5/branches/lenny/debian/patches/CVE-2008-2051.patch	2008-12-06 16:20:16 UTC (rev 1179)
+++ php5/branches/lenny/debian/patches/CVE-2008-2051.patch	2008-12-06 16:24:16 UTC (rev 1180)
@@ -1,17 +0,0 @@
-http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.1.2.3&r2=1.113.2.3.2.1.2.4&view=patch
-Index: php5-5.2.5/ext/standard/exec.c
-===================================================================
---- php5-5.2.5.orig/ext/standard/exec.c
-+++ php5-5.2.5/ext/standard/exec.c
-@@ -270,6 +270,11 @@ char *php_escape_shell_cmd(char *str) {
- 	cmd = safe_emalloc(2, l, 1);
- 	
- 	for (x = 0, y = 0; x < l; x++) {
-+		/* skip non-valid multibyte characters */
-+		if (php_mblen(str + x, (l - x)) < 0) {
-+			continue;
-+		}
-+
- 		switch (str[x]) {
- 			case '"':
- 			case '\'':

More information about the Pkg-php-commits mailing list