[Pkg-php-commits] [php/debian-etch] rename patch with a ordered/sortable name for old etch patch system
Sean Finney
seanius at debian.org
Wed Apr 29 17:35:20 UTC 2009
---
debian/patches/149-CVE-2009-1271.patch | 50 ++++++++++++++++++++++++++++++++
debian/patches/CVE-2009-1271.patch | 50 --------------------------------
2 files changed, 50 insertions(+), 50 deletions(-)
create mode 100644 debian/patches/149-CVE-2009-1271.patch
delete mode 100644 debian/patches/CVE-2009-1271.patch
diff --git a/debian/patches/149-CVE-2009-1271.patch b/debian/patches/149-CVE-2009-1271.patch
new file mode 100644
index 0000000..2a53de0
--- /dev/null
+++ b/debian/patches/149-CVE-2009-1271.patch
@@ -0,0 +1,50 @@
+#
+# Description: fix denial of service via malformed string to the json_decode API function.
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
+#
+Index: php5-5.2.4/ext/json/JSON_parser.c
+===================================================================
+--- php5-5.2.4.orig/ext/json/JSON_parser.c 2007-06-13 13:56:41.000000000 -0400
++++ php5-5.2.4/ext/json/JSON_parser.c 2009-04-17 08:12:58.000000000 -0400
+@@ -494,9 +494,7 @@
+ }
+ */
+ case -7:
+- if (type != -1 &&
+- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_OBJECT)
+ {
+ zval *mval;
+ smart_str_0(&buf);
+@@ -566,9 +564,7 @@
+ */
+ case -5:
+ {
+- if (type != -1 &&
+- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_ARRAY)
+ {
+ zval *mval;
+ smart_str_0(&buf);
+Index: php5-5.2.4/ext/json/tests/001.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/json/tests/001.phpt 2009-04-17 08:13:05.000000000 -0400
++++ php5-5.2.4/ext/json/tests/001.phpt 2009-04-17 08:13:30.000000000 -0400
+@@ -16,6 +16,7 @@
+ var_dump(json_decode("ÑÑÑÑиÑ"));
+ var_dump(json_decode("blah"));
+ var_dump(json_decode(NULL));
++var_dump(json_decode('[1}'));
+ var_dump(json_decode('{ "test": { "foo": "bar" } }'));
+ var_dump(json_decode('{ "test": { "foo": "" } }'));
+ var_dump(json_decode('{ "": { "foo": "" } }'));
+@@ -38,6 +39,7 @@
+ string(12) "ÑÑÑÑиÑ"
+ string(4) "blah"
+ NULL
++NULL
+ object(stdClass)#1 (1) {
+ ["test"]=>
+ object(stdClass)#2 (1) {
diff --git a/debian/patches/CVE-2009-1271.patch b/debian/patches/CVE-2009-1271.patch
deleted file mode 100644
index 2a53de0..0000000
--- a/debian/patches/CVE-2009-1271.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# Description: fix denial of service via malformed string to the json_decode API function.
-# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
-#
-Index: php5-5.2.4/ext/json/JSON_parser.c
-===================================================================
---- php5-5.2.4.orig/ext/json/JSON_parser.c 2007-06-13 13:56:41.000000000 -0400
-+++ php5-5.2.4/ext/json/JSON_parser.c 2009-04-17 08:12:58.000000000 -0400
-@@ -494,9 +494,7 @@
- }
- */
- case -7:
-- if (type != -1 &&
-- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
-- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
-+ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_OBJECT)
- {
- zval *mval;
- smart_str_0(&buf);
-@@ -566,9 +564,7 @@
- */
- case -5:
- {
-- if (type != -1 &&
-- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
-- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
-+ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_ARRAY)
- {
- zval *mval;
- smart_str_0(&buf);
-Index: php5-5.2.4/ext/json/tests/001.phpt
-===================================================================
---- php5-5.2.4.orig/ext/json/tests/001.phpt 2009-04-17 08:13:05.000000000 -0400
-+++ php5-5.2.4/ext/json/tests/001.phpt 2009-04-17 08:13:30.000000000 -0400
-@@ -16,6 +16,7 @@
- var_dump(json_decode("ÑÑÑÑиÑ"));
- var_dump(json_decode("blah"));
- var_dump(json_decode(NULL));
-+var_dump(json_decode('[1}'));
- var_dump(json_decode('{ "test": { "foo": "bar" } }'));
- var_dump(json_decode('{ "test": { "foo": "" } }'));
- var_dump(json_decode('{ "": { "foo": "" } }'));
-@@ -38,6 +39,7 @@
- string(12) "ÑÑÑÑиÑ"
- string(4) "blah"
- NULL
-+NULL
- object(stdClass)#1 (1) {
- ["test"]=>
- object(stdClass)#2 (1) {
--
1.5.6.5
More information about the Pkg-php-commits
mailing list