[Pkg-php-commits] r1105 - in php5/branches/etch/debian: . patches
Sean Finney
seanius at alioth.debian.org
Mon Jun 30 20:10:33 UTC 2008
Author: seanius
Date: 2008-06-30 20:10:33 +0000 (Mon, 30 Jun 2008)
New Revision: 1105
Added:
php5/branches/etch/debian/patches/138-CVE-2008-2829.patch
Modified:
php5/branches/etch/debian/changelog
Log:
backport CVE-2008-2829 from unstable
Modified: php5/branches/etch/debian/changelog
===================================================================
--- php5/branches/etch/debian/changelog 2008-06-30 19:53:45 UTC (rev 1104)
+++ php5/branches/etch/debian/changelog 2008-06-30 20:10:33 UTC (rev 1105)
@@ -1,3 +1,12 @@
+php5 (5.2.0-8+etch12) stable-security; urgency=high
+
+ * Upload to etch for security issues.
+ * The following security issues are addressed with this update:
+ - CVE-2008-2829: unsafe usage of deprecated imap functions.
+ Patch: 138-CVE-2008-2829.patch
+
+ -- Sean Finney <seanius at debian.org> Mon, 30 Jun 2008 22:09:53 +0200
+
php5 (5.2.0-8+etch11) stable-security; urgency=high
* Upload to etch for security issues.
Added: php5/branches/etch/debian/patches/138-CVE-2008-2829.patch
===================================================================
--- php5/branches/etch/debian/patches/138-CVE-2008-2829.patch (rev 0)
+++ php5/branches/etch/debian/patches/138-CVE-2008-2829.patch 2008-06-30 20:10:33 UTC (rev 1105)
@@ -0,0 +1,79 @@
+--- php5-5.2.6.orig/ext/imap/php_imap.c
++++ php5-5.2.6/ext/imap/php_imap.c
+@@ -70,6 +70,7 @@ static void _php_make_header_object(zval
+ static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
+ static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC);
+ static int _php_imap_address_size(ADDRESS *addresslist);
++static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len);
+
+ /* the gets we use */
+ static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md);
+@@ -2142,7 +2143,7 @@ PHP_FUNCTION(imap_rfc822_write_address)
+ }
+
+ string[0]='\0';
+- rfc822_write_address(string, addr);
++ _php_rfc822_write_address_len(string, addr, sizeof(string));
+ RETVAL_STRING(string, 1);
+ }
+ /* }}} */
+@@ -2911,13 +2912,13 @@ PHP_FUNCTION(imap_fetch_overview)
+ if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) {
+ env->from->next=NULL;
+ address[0] = '\0';
+- rfc822_write_address(address, env->from);
++ _php_rfc822_write_address_len(address, env->from, sizeof(address));
+ add_property_string(myoverview, "from", address, 1);
+ }
+ if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) {
+ env->to->next = NULL;
+ address[0] = '\0';
+- rfc822_write_address(address, env->to);
++ _php_rfc822_write_address_len(address, env->to, sizeof(address));
+ add_property_string(myoverview, "to", address, 1);
+ }
+ if (env->date) {
+@@ -3888,6 +3889,34 @@ static int _php_imap_address_size (ADDRE
+ /* }}} */
+
+
++/* {{{ _php_rfc822_soutr
++ */
++static long _php_rfc822_soutr (void *stream,char *string)
++{
++ return NIL;
++}
++
++/* }}} */
++
++
++/* {{{ _php_rfc822_write_address_len
++ */
++static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len)
++{
++ RFC822BUFFER buf;
++
++ buf.beg = dest;
++ buf.cur = buf.beg;
++ buf.end = buf.beg + len - 1;
++ buf.s = NIL;
++ buf.f = _php_rfc822_soutr;
++ rfc822_output_address_list (&buf, adr, 0, NIL);
++ *buf.cur = '\0';
++}
++
++/* }}} */
++
++
+ /* {{{ _php_imap_parse_address
+ */
+ static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC)
+@@ -3902,7 +3931,7 @@ static void _php_imap_parse_address (ADD
+ if ((len = _php_imap_address_size(addresstmp))) {
+ tmpstr = (char *) pemalloc(len + 1, 1);
+ tmpstr[0] = '\0';
+- rfc822_write_address(tmpstr, addresstmp);
++ _php_rfc822_write_address_len(tmpstr, addresstmp, len);
+ *fulladdress = tmpstr;
+ } else {
+ *fulladdress = NULL;
More information about the Pkg-php-commits
mailing list