[Pkg-php-commits] r1183 - in php5/trunk/debian: . patches

Sean Finney seanius at alioth.debian.org
Wed Dec 10 20:22:03 UTC 2008 

Author: seanius
Date: 2008-12-10 20:22:02 +0000 (Wed, 10 Dec 2008)
New Revision: 1183

Added:
   php5/trunk/debian/patches/BG-initializing-fix.patch
Modified:
   php5/trunk/debian/changelog
   php5/trunk/debian/patches/series
Log:
BG uid/gid init fix

Modified: php5/trunk/debian/changelog
===================================================================
--- php5/trunk/debian/changelog	2008-12-06 16:36:22 UTC (rev 1182)
+++ php5/trunk/debian/changelog	2008-12-10 20:22:02 UTC (rev 1183)
@@ -1,10 +1,13 @@
-php5 (5.2.6.dfsg.1-1) UNRELEASED; urgency=low
+php5 (5.2.6.dfsg.1-1) UNRELEASED; urgency=high
 
   * Not released yet.
   * Incorporate previous NMU.
   * Updated system tzdata patch from Joe Orton.
   * Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated 
     into Joe's patch.
+  * Incorporate fix from 5.3 for proper initialization of uid/gid for
+    apache2 sapi.  This has security implications and therefore bumps
+    the severity.
 
  -- Sean Finney <seanius at debian.org>  Thu, 06 Nov 2008 08:23:12 +0100
 

Added: php5/trunk/debian/patches/BG-initializing-fix.patch
===================================================================
--- php5/trunk/debian/patches/BG-initializing-fix.patch	                        (rev 0)
+++ php5/trunk/debian/patches/BG-initializing-fix.patch	2008-12-10 20:22:02 UTC (rev 1183)
@@ -0,0 +1,23 @@
+proper initialization for uid/gid in apache sapis.
+downloaded from
+http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&view=patch
+--- php5-5.2.6.dfsg.1.orig/ext/standard/basic_functions.c
++++ php5-5.2.6.dfsg.1/ext/standard/basic_functions.c
+@@ -3919,6 +3919,8 @@ static void basic_globals_ctor(php_basic
+ 	memset(&BG(mblen_state), 0, sizeof(BG(mblen_state)));
+ #endif
+ 	BG(incomplete_class) = incomplete_class_entry;
++	BG(page_uid) = -1;
++	BG(page_gid) = -1;
+ }
+ 
+ 
+@@ -4221,6 +4223,8 @@ PHP_RSHUTDOWN_FUNCTION(basic)
+ 
+ 	PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
+ 	
++	BG(page_uid) = -1;
++	BG(page_gid) = -1;
+ 	return SUCCESS;
+ }
+ 

Modified: php5/trunk/debian/patches/series
===================================================================
--- php5/trunk/debian/patches/series	2008-12-06 16:36:22 UTC (rev 1182)
+++ php5/trunk/debian/patches/series	2008-12-10 20:22:02 UTC (rev 1183)
@@ -38,3 +38,4 @@
 CVE-2008-3658.patch
 CVE-2008-3659.patch
 CVE-2008-3660.patch
+BG-initializing-fix.patch

More information about the Pkg-php-commits mailing list