[Pkg-php-commits] r1183 - in php5/trunk/debian: . patches
Sean Finney
seanius at alioth.debian.org
Wed Dec 10 20:22:03 UTC 2008
Author: seanius
Date: 2008-12-10 20:22:02 +0000 (Wed, 10 Dec 2008)
New Revision: 1183
Added:
php5/trunk/debian/patches/BG-initializing-fix.patch
Modified:
php5/trunk/debian/changelog
php5/trunk/debian/patches/series
Log:
BG uid/gid init fix
Modified: php5/trunk/debian/changelog
===================================================================
--- php5/trunk/debian/changelog 2008-12-06 16:36:22 UTC (rev 1182)
+++ php5/trunk/debian/changelog 2008-12-10 20:22:02 UTC (rev 1183)
@@ -1,10 +1,13 @@
-php5 (5.2.6.dfsg.1-1) UNRELEASED; urgency=low
+php5 (5.2.6.dfsg.1-1) UNRELEASED; urgency=high
* Not released yet.
* Incorporate previous NMU.
* Updated system tzdata patch from Joe Orton.
* Removed tzdb-nofree_ents_ifnotzdata.patch, which is now incorporated
into Joe's patch.
+ * Incorporate fix from 5.3 for proper initialization of uid/gid for
+ apache2 sapi. This has security implications and therefore bumps
+ the severity.
-- Sean Finney <seanius at debian.org> Thu, 06 Nov 2008 08:23:12 +0100
Added: php5/trunk/debian/patches/BG-initializing-fix.patch
===================================================================
--- php5/trunk/debian/patches/BG-initializing-fix.patch (rev 0)
+++ php5/trunk/debian/patches/BG-initializing-fix.patch 2008-12-10 20:22:02 UTC (rev 1183)
@@ -0,0 +1,23 @@
+proper initialization for uid/gid in apache sapis.
+downloaded from
+http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&view=patch
+--- php5-5.2.6.dfsg.1.orig/ext/standard/basic_functions.c
++++ php5-5.2.6.dfsg.1/ext/standard/basic_functions.c
+@@ -3919,6 +3919,8 @@ static void basic_globals_ctor(php_basic
+ memset(&BG(mblen_state), 0, sizeof(BG(mblen_state)));
+ #endif
+ BG(incomplete_class) = incomplete_class_entry;
++ BG(page_uid) = -1;
++ BG(page_gid) = -1;
+ }
+
+
+@@ -4221,6 +4223,8 @@ PHP_RSHUTDOWN_FUNCTION(basic)
+
+ PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
+
++ BG(page_uid) = -1;
++ BG(page_gid) = -1;
+ return SUCCESS;
+ }
+
Modified: php5/trunk/debian/patches/series
===================================================================
--- php5/trunk/debian/patches/series 2008-12-06 16:36:22 UTC (rev 1182)
+++ php5/trunk/debian/patches/series 2008-12-10 20:22:02 UTC (rev 1183)
@@ -38,3 +38,4 @@
CVE-2008-3658.patch
CVE-2008-3659.patch
CVE-2008-3660.patch
+BG-initializing-fix.patch
More information about the Pkg-php-commits
mailing list