[Pkg-php-commits] r1219 - in php5/trunk/debian: . patches

Sean Finney seanius at alioth.debian.org
Wed Jan 14 22:48:38 UTC 2009 

tags 507101 pending
thanks

Author: seanius
Date: 2009-01-14 22:48:37 +0000 (Wed, 14 Jan 2009)
New Revision: 1219

Added:
   php5/trunk/debian/patches/dba-inifile-truncation.patch
Modified:
   php5/trunk/debian/changelog
   php5/trunk/debian/patches/series
Log:
dba inifile truncation fix

Modified: php5/trunk/debian/changelog
===================================================================
--- php5/trunk/debian/changelog	2009-01-13 21:23:26 UTC (rev 1218)
+++ php5/trunk/debian/changelog	2009-01-14 22:48:37 UTC (rev 1219)
@@ -2,8 +2,13 @@
 
   * NOT RELEASED YET
 
- -- Sean Finney <seanius at debian.org>  Tue, 13 Jan 2009 21:11:39 +0100
+  [ Sean Finney ]
+  * Security related fixes:
+    - php: inifile handler for the dba functions can be used to truncate a file
+      Patch: dba-inifile-truncation.patch (closes: #507101).
 
+ -- Sean Finney <seanius at debian.org>  Wed, 14 Jan 2009 23:48:00 +0100
+
 php5 (5.2.6.dfsg.1-2) unstable; urgency=low
 
   [ Sean Finney ]

Added: php5/trunk/debian/patches/dba-inifile-truncation.patch
===================================================================
--- php5/trunk/debian/patches/dba-inifile-truncation.patch	                        (rev 0)
+++ php5/trunk/debian/patches/dba-inifile-truncation.patch	2009-01-14 22:48:37 UTC (rev 1219)
@@ -0,0 +1,13 @@
+--- php5-5.2.6.dfsg.1.orig/ext/dba/libinifile/inifile.c
++++ php5-5.2.6.dfsg.1/ext/dba/libinifile/inifile.c
+@@ -508,7 +508,9 @@ static int inifile_delete_replace_append
+ 	
+ 	/* 5 */
+ 	if (ret == SUCCESS) {
+-		ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */
++		if (!value || (key->name && strlen(key->name))) {
++			ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */
++		}
+ 	}
+ 
+ 	if (ret == SUCCESS) {

Modified: php5/trunk/debian/patches/series
===================================================================
--- php5/trunk/debian/patches/series	2009-01-13 21:23:26 UTC (rev 1218)
+++ php5/trunk/debian/patches/series	2009-01-14 22:48:37 UTC (rev 1219)
@@ -42,3 +42,4 @@
 CVE-2008-5557.patch
 pdo-fetchobject-prototype-error.patch
 zend_object_handlers-invalid-write.patch
+dba-inifile-truncation.patch

More information about the Pkg-php-commits mailing list