[Pkg-php-commits] r1235 - in php5/branches/lenny/debian: . patches
Sean Finney
seanius at alioth.debian.org
Sun Jan 25 13:23:33 UTC 2009
tags 507101 pending
tags 507857 pending
thanks
Author: seanius
Date: 2009-01-25 13:23:32 +0000 (Sun, 25 Jan 2009)
New Revision: 1235
Added:
php5/branches/lenny/debian/patches/CVE-2008-5658.patch
php5/branches/lenny/debian/patches/dba-inifile-truncation.patch
php5/branches/lenny/debian/patches/gentoo/
Removed:
php5/branches/lenny/debian/patches/deprecated_freetds_check.patch
Modified:
php5/branches/lenny/debian/changelog
php5/branches/lenny/debian/patches/series
php5/branches/lenny/debian/rules
Log:
merge from sid
Modified: php5/branches/lenny/debian/changelog
===================================================================
--- php5/branches/lenny/debian/changelog 2009-01-24 22:03:37 UTC (rev 1234)
+++ php5/branches/lenny/debian/changelog 2009-01-25 13:23:32 UTC (rev 1235)
@@ -2,8 +2,30 @@
* NOT RELEASED YET
- -- Sean Finney <seanius at debian.org> Tue, 13 Jan 2009 22:04:35 +0100
+ [ Sean Finney ]
+ * Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
+ * Security related fixes:
+ - php: inifile handler for the dba functions can be used to truncate a file
+ Patch: dba-inifile-truncation.patch (closes: #507101).
+ - CVE-2008-5658.patch: ZipArchive::extractTo directory traversal
+ Patch: CVE-2008-5658.patch (closes: #507857).
+ Thanks to Pierre Joye for help with the patch.
+ [ Raphael Geissert ]
+ * Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
+ + patches/gentoo/005_stream_context_set_params-crash.patch
+ + patches/gentoo/006_PDORow-crash.patch
+ + patches/gentoo/007_dom-setAttributeNode-crash.patch
+ + patches/gentoo/009_array-function-crashes.patch
+ + patches/gentoo/010_ticks-zts-crashes.patch
+ + patches/gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+ + patches/gentoo/017_xmlrpc-invalid-callback-crash.patch
+ + patches/gentoo/019_new-memory-corruption.patch
+ + patches/gentoo/freetds-compat.patch
+ - was deprecated_freetds_check.patch
+
+ -- Sean Finney <seanius at debian.org> Sat, 24 Jan 2009 21:17:13 +0100
+
php5 (5.2.6.dfsg.1-1+lenny1) testing; urgency=low
[ Sean Finney ]
@@ -20,8 +42,8 @@
- Upstream bug #46308 (Invalid write in zend object handler / getter)
Patch: zend_object_handlers-invalid-write.patch
* Security related fixes:
- - Incorporate fix from 5.3 for proper initialization of uid/gid for
- apache2 sapi.
+ - CVE-2008-5624: Incorporate fix from 5.3 for proper initialization of
+ uid/gid for apache2 sapi.
- CVE-2008-5557: heap overflows in the mbstring extension.
Patch: CVE-2008-5557.patch (closes: #511493).
Copied: php5/branches/lenny/debian/patches/CVE-2008-5658.patch (from rev 1234, php5/trunk/debian/patches/CVE-2008-5658.patch)
===================================================================
--- php5/branches/lenny/debian/patches/CVE-2008-5658.patch (rev 0)
+++ php5/branches/lenny/debian/patches/CVE-2008-5658.patch 2009-01-25 13:23:32 UTC (rev 1235)
@@ -0,0 +1,357 @@
+backported patch to fix CVE-2008-5658.
+unfortunately there is so much noise in TSRM that a more surgical fix does not
+seem possible according to upstream, so the new versions of the function are
+copied as local static functions to minimize the impact elsewhere.
+--- php5-5.2.6.dfsg.1.orig/ext/zip/php_zip.c
++++ php5-5.2.6.dfsg.1/ext/zip/php_zip.c
+@@ -82,6 +82,231 @@ static int le_zip_entry;
+
+ /* }}} */
+
++static int php_zip_realpath_r(char *path, int start, int len, int *ll, time_t *t, int use_realpath, int is_dir, int *link_is_dir TSRMLS_DC) /* {{{ */
++{
++ int i, j;
++ int directory = 0;
++ struct stat st;
++ realpath_cache_bucket *bucket;
++ char *tmp;
++
++ while (1) {
++ if (len <= start) {
++ return start;
++ }
++
++ i = len;
++ while (i > start && !IS_SLASH(path[i-1])) {
++ i--;
++ }
++
++ if (i == len ||
++ (i == len - 1 && path[i] == '.')) {
++ /* remove double slashes and '.' */
++ len = i - 1;
++ is_dir = 1;
++ continue;
++ } else if (i == len - 2 && path[i] == '.' && path[i+1] == '.') {
++ /* remove '..' and previous directory */
++ if (i - 1 <= start) {
++ return start ? start : len;
++ }
++ j = php_zip_realpath_r(path, start, i-1, ll, t, use_realpath, 1, NULL TSRMLS_CC);
++ if (j > start) {
++ j--;
++ while (j > start && !IS_SLASH(path[j])) {
++ j--;
++ }
++ if (!start) {
++ /* leading '..' must not be removed in case of relative path */
++ if (j == 0 && path[0] == '.' && path[1] == '.' &&
++ IS_SLASH(path[2])) {
++ path[3] = '.';
++ path[4] = '.';
++ path[5] = DEFAULT_SLASH;
++ j = 5;
++ } else if (j > 0 &&
++ path[j+1] == '.' && path[j+2] == '.' &&
++ IS_SLASH(path[j+3])) {
++ j += 4;
++ path[j++] = '.';
++ path[j++] = '.';
++ path[j] = DEFAULT_SLASH;
++ }
++ }
++ } else if (!start && !j) {
++ /* leading '..' must not be removed in case of relative path */
++ path[0] = '.';
++ path[1] = '.';
++ path[2] = DEFAULT_SLASH;
++ j = 2;
++ }
++ return j;
++ }
++
++ path[len] = 0;
++
++ tmp = tsrm_do_alloca(len+1);
++ memcpy(tmp, path, len+1);
++
++ {
++ if (i - 1 <= start) {
++ j = start;
++ } else {
++ /* some leading directories may be unaccessable */
++ j = php_zip_realpath_r(path, start, i-1, ll, t, use_realpath, 1, NULL TSRMLS_CC);
++ if (j > start) {
++ path[j++] = DEFAULT_SLASH;
++ }
++ }
++ if (j < 0 || j + len - i >= MAXPATHLEN-1) {
++ tsrm_free_alloca(tmp);
++ return -1;
++ }
++ memcpy(path+j, tmp+i, len-i+1);
++ j += (len-i);
++ }
++
++ tsrm_free_alloca(tmp);
++ return j;
++ }
++}
++/* }}} */
++
++#define CWD_STATE_FREE(s) \
++ free((s)->cwd);
++
++
++#define CWD_STATE_COPY(d, s) \
++ (d)->cwd_length = (s)->cwd_length; \
++ (d)->cwd = (char *) malloc((s)->cwd_length+1); \
++ memcpy((d)->cwd, (s)->cwd, (s)->cwd_length+1);
++
++/* Resolve path relatively to state and put the real path into state */
++/* returns 0 for ok, 1 for error */
++int php_zip_virtual_file_ex(cwd_state *state, const char *path, verify_path_func verify_path, int use_realpath) /* {{{ */
++{
++ int path_length = strlen(path);
++ char resolved_path[MAXPATHLEN];
++ int start = 1;
++ int ll = 0;
++ time_t t;
++ int ret;
++ int add_slash;
++ TSRMLS_FETCH();
++
++ if (path_length == 0 || path_length >= MAXPATHLEN-1) {
++ return 1;
++ }
++
++ /* cwd_length can be 0 when getcwd() fails.
++ * This can happen under solaris when a dir does not have read permissions
++ * but *does* have execute permissions */
++ if (!IS_ABSOLUTE_PATH(path, path_length)) {
++ if (state->cwd_length == 0) {
++ /* resolve relative path */
++ start = 0;
++ memcpy(resolved_path , path, path_length + 1);
++ } else {
++ int state_cwd_length = state->cwd_length;
++
++ if (path_length + state_cwd_length + 1 >= MAXPATHLEN-1) {
++ return 1;
++ }
++ memcpy(resolved_path, state->cwd, state_cwd_length);
++ resolved_path[state_cwd_length] = DEFAULT_SLASH;
++ memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1);
++ path_length += state_cwd_length + 1;
++ }
++ } else {
++ memcpy(resolved_path, path, path_length + 1);
++ }
++
++ add_slash = (use_realpath != CWD_REALPATH) && path_length > 0 && IS_SLASH(resolved_path[path_length-1]);
++ t = CWDG(realpath_cache_ttl) ? 0 : -1;
++ path_length = php_zip_realpath_r(resolved_path, start, path_length, &ll, &t, use_realpath, 0, NULL TSRMLS_CC);
++
++ if (path_length < 0) {
++ errno = ENOENT;
++ return 1;
++ }
++
++ if (!start && !path_length) {
++ resolved_path[path_length++] = '.';
++ }
++ if (add_slash && path_length && !IS_SLASH(resolved_path[path_length-1])) {
++ if (path_length >= MAXPATHLEN-1) {
++ return -1;
++ }
++ resolved_path[path_length++] = DEFAULT_SLASH;
++ }
++ resolved_path[path_length] = 0;
++
++ if (verify_path) {
++ cwd_state old_state;
++
++ CWD_STATE_COPY(&old_state, state);
++ state->cwd_length = path_length;
++ state->cwd = (char *) realloc(state->cwd, state->cwd_length+1);
++ memcpy(state->cwd, resolved_path, state->cwd_length+1);
++ if (verify_path(state)) {
++ CWD_STATE_FREE(state);
++ *state = old_state;
++ ret = 1;
++ } else {
++ CWD_STATE_FREE(&old_state);
++ ret = 0;
++ }
++ } else {
++ state->cwd_length = path_length;
++ state->cwd = (char *) realloc(state->cwd, state->cwd_length+1);
++ memcpy(state->cwd, resolved_path, state->cwd_length+1);
++ ret = 0;
++ }
++ return (ret);
++}
++/* }}} */
++
++/* Flatten a path by creating a relative path (to .) */
++static char * php_zip_make_relative_path(char *path, int path_len) /* {{{ */
++{
++ char *path_begin = path;
++ int prev_is_slash = 0;
++ char *e = path + path_len - 1;
++ size_t pos = path_len - 1;
++ size_t i;
++
++ if (IS_SLASH(path[0])) {
++ return path + 1;
++ }
++
++ if (path_len < 1 || path == NULL) {
++ return NULL;
++ }
++
++ i = path_len;
++
++ while (1) {
++ while (i > 0 && !IS_SLASH(path[i])) {
++ i--;
++ }
++
++ if (!i) {
++ return path;
++ }
++
++ if (i >= 2 && (path[i -1] == '.' || path[i -1] == ':')) {
++ /* i is the position of . or :, add 1 for / */
++ path_begin = path + i + 1;
++ break;
++ }
++ i--;
++ }
++
++ return path_begin;
++}
++/* }}} */
++
+ /* {{{ php_zip_extract_file */
+ /* TODO: Simplify it */
+ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int file_len TSRMLS_DC)
+@@ -103,57 +328,80 @@ static int php_zip_extract_file(struct z
+ char *file_basename;
+ size_t file_basename_len;
+ int is_dir_only = 0;
++ char *path_cleaned;
++ size_t path_cleaned_len;
++ cwd_state new_state;
++
++ new_state.cwd = (char*)malloc(1);
++ new_state.cwd[0] = '\0';
++ new_state.cwd_length = 0;
++
++ /* Clean/normlize the path and then transform any path (absolute or relative)
++ to a path relative to cwd (../../mydir/foo.txt > mydir/foo.txt)
++ */
++ if (php_zip_virtual_file_ex(&new_state, file, NULL, CWD_EXPAND) == 1) {
++ return 0;
++ }
++ path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length);
++ path_cleaned_len = strlen(path_cleaned);
+
+- if (file_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
++ if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
+ return 0;
+ }
+
+- if (file_len > 1 && file[file_len - 1] == '/') {
++ /* it is a directory only, see #40228 */
++ if (path_cleaned_len > 1 && IS_SLASH(path_cleaned[path_cleaned_len - 1])) {
+ len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file);
+ is_dir_only = 1;
+ } else {
+- memcpy(file_dirname, file, file_len);
+- dir_len = php_dirname(file_dirname, file_len);
++ memcpy(file_dirname, path_cleaned, path_cleaned_len);
++ dir_len = php_dirname(file_dirname, path_cleaned_len);
+
+- if (dir_len > 0) {
+- len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file_dirname);
+- } else {
++ if (dir_len <= 0 || (dir_len == 1 && file_dirname[0] == '.')) {
+ len = spprintf(&file_dirname_fullpath, 0, "%s", dest);
++ } else {
++ len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file_dirname);
+ }
+
+- php_basename(file, file_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
++ php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
+
+ if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
+ }
+ }
+
+ /* let see if the path already exists */
+ if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
+- ret = php_stream_mkdir(file_dirname_fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL);
++
++ ret = php_stream_mkdir(file_dirname_fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE|REPORT_ERRORS, NULL);
+ if (!ret) {
+ efree(file_dirname_fullpath);
++ if (!is_dir_only) {
+ efree(file_basename);
++ free(new_state.cwd);
++ }
+ return 0;
+ }
+ }
+
+ /* it is a standalone directory, job done */
+- if (file[file_len - 1] == '/') {
++ if (is_dir_only) {
+ efree(file_dirname_fullpath);
+- if (!is_dir_only) {
+- efree(file_basename);
+- }
++ free(new_state.cwd);
+ return 1;
+ }
+
+- len = spprintf(&fullpath, 0, "%s/%s/%s", dest, file_dirname, file_basename);
++ len = spprintf(&fullpath, 0, "%s/%s", file_dirname_fullpath, file_basename);
+ if (!len) {
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
++ } else if (len > MAXPATHLEN) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ }
+
+ /* check again the full path, not sure if it
+@@ -164,6 +412,7 @@ static int php_zip_extract_file(struct z
+ efree(fullpath);
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
+ }
+
+@@ -172,6 +421,7 @@ static int php_zip_extract_file(struct z
+ efree(fullpath);
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
+ }
+
+@@ -186,6 +436,7 @@ static int php_zip_extract_file(struct z
+ efree(fullpath);
+ efree(file_basename);
+ efree(file_dirname_fullpath);
++ free(new_state.cwd);
+
+ if (n<0) {
+ return 0;
Copied: php5/branches/lenny/debian/patches/dba-inifile-truncation.patch (from rev 1234, php5/trunk/debian/patches/dba-inifile-truncation.patch)
===================================================================
--- php5/branches/lenny/debian/patches/dba-inifile-truncation.patch (rev 0)
+++ php5/branches/lenny/debian/patches/dba-inifile-truncation.patch 2009-01-25 13:23:32 UTC (rev 1235)
@@ -0,0 +1,13 @@
+--- php5-5.2.6.dfsg.1.orig/ext/dba/libinifile/inifile.c
++++ php5-5.2.6.dfsg.1/ext/dba/libinifile/inifile.c
+@@ -508,7 +508,9 @@ static int inifile_delete_replace_append
+
+ /* 5 */
+ if (ret == SUCCESS) {
+- ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */
++ if (!value || (key->name && strlen(key->name))) {
++ ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */
++ }
+ }
+
+ if (ret == SUCCESS) {
Deleted: php5/branches/lenny/debian/patches/deprecated_freetds_check.patch
===================================================================
--- php5/branches/lenny/debian/patches/deprecated_freetds_check.patch 2009-01-24 22:03:37 UTC (rev 1234)
+++ php5/branches/lenny/debian/patches/deprecated_freetds_check.patch 2009-01-25 13:23:32 UTC (rev 1235)
@@ -1,88 +0,0 @@
-Allow ext/mssql and ext/pdo_dblib to build with >=freetds-0.82
-Original patch by jklowden at freetds dot org
-ext/pdo_dblib patch by matthias at dsx ado at
-Rediffed for Gentoo (wrong direction)
-http://bugs.php.net/bug.php?id=44991
-
-diff -r 57e37b68a255 -r f1222f67e562 ext/mssql/config.m4
---- a/ext/mssql/config.m4 Tue Jul 01 19:37:24 2008 +0200
-+++ b/ext/mssql/config.m4 Thu Jul 17 11:35:57 2008 +0200
-@@ -10,11 +10,11 @@
-
- if test "$PHP_MSSQL" = "yes"; then
- for i in /usr/local /usr; do
-- if test -f $i/include/tds.h; then
-+ if test -f $i/include/sybdb.h; then
- FREETDS_INSTALLATION_DIR=$i
- FREETDS_INCLUDE_DIR=$i/include
- break
-- elif test -f $i/include/freetds/tds.h; then
-+ elif test -f $i/include/freetds/sybdb.h; then
- FREETDS_INSTALLATION_DIR=$i
- FREETDS_INCLUDE_DIR=$i/include/freetds
- break
-@@ -27,10 +27,10 @@
-
- elif test "$PHP_MSSQL" != "no"; then
-
-- if test -f $PHP_MSSQL/include/tds.h; then
-+ if test -f $PHP_MSSQL/include/sybdb.h; then
- FREETDS_INSTALLATION_DIR=$PHP_MSSQL
- FREETDS_INCLUDE_DIR=$PHP_MSSQL/include
-- elif test -f $PHP_MSSQL/include/freetds/tds.h; then
-+ elif test -f $PHP_MSSQL/include/freetds/sybdb.h; then
- FREETDS_INSTALLATION_DIR=$PHP_MSSQL
- FREETDS_INCLUDE_DIR=$PHP_MSSQL/include/freetds
- else
-@@ -38,8 +38,8 @@
- fi
- fi
-
-- if test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libtds.a" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libtds.so"; then
-- AC_MSG_ERROR(Could not find $FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libtds.[a|so])
-+ if test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then
-+ AC_MSG_ERROR(Could not find $FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.[a|so])
- fi
-
- PHP_ADD_INCLUDE($FREETDS_INCLUDE_DIR)
-diff -r 57e37b68a255 -r f1222f67e562 ext/pdo_dblib/config.m4
---- a/ext/pdo_dblib/config.m4 Tue Jul 01 19:37:24 2008 +0200
-+++ b/ext/pdo_dblib/config.m4 Thu Jul 17 11:35:57 2008 +0200
-@@ -13,11 +13,11 @@
- if test "$PHP_PDO_DBLIB" = "yes"; then
-
- for i in /usr/local /usr; do
-- if test -f $i/include/tds.h; then
-+ if test -f $i/include/sybdb.h; then
- PDO_FREETDS_INSTALLATION_DIR=$i
- PDO_FREETDS_INCLUDE_DIR=$i/include
- break
-- elif test -f $i/include/freetds/tds.h; then
-+ elif test -f $i/include/freetds/sybdb.h; then
- PDO_FREETDS_INSTALLATION_DIR=$i
- PDO_FREETDS_INCLUDE_DIR=$i/include/freetds
- break;
-@@ -30,10 +30,10 @@
-
- elif test "$PHP_PDO_DBLIB" != "no"; then
-
-- if test -f $PHP_PDO_DBLIB/include/tds.h; then
-+ if test -f $PHP_PDO_DBLIB/include/sybdb.h; then
- PDO_FREETDS_INSTALLATION_DIR=$PHP_PDO_DBLIB
- PDO_FREETDS_INCLUDE_DIR=$PHP_PDO_DBLIB/include
-- elif test -f $PHP_PDO_DBLIB/include/freetds/tds.h; then
-+ elif test -f $PHP_PDO_DBLIB/include/freetds/sybdb.h; then
- PDO_FREETDS_INSTALLATION_DIR=$PHP_PDO_DBLIB
- PDO_FREETDS_INCLUDE_DIR=$PHP_PDO_DBLIB/include/freetds
- else
-@@ -45,8 +45,8 @@
- PHP_LIBDIR=lib
- fi
-
-- if test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libtds.a" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libtds.so"; then
-- AC_MSG_ERROR(Could not find $PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libtds.[a|so])
-+ if test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.a" && test ! -r "$PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.so"; then
-+ AC_MSG_ERROR(Could not find $PDO_FREETDS_INSTALLATION_DIR/$PHP_LIBDIR/libsybdb.[a|so])
- fi
-
- PHP_ADD_INCLUDE($PDO_FREETDS_INCLUDE_DIR)
Copied: php5/branches/lenny/debian/patches/gentoo (from rev 1234, php5/trunk/debian/patches/gentoo)
Modified: php5/branches/lenny/debian/patches/series
===================================================================
--- php5/branches/lenny/debian/patches/series 2009-01-24 22:03:37 UTC (rev 1234)
+++ php5/branches/lenny/debian/patches/series 2009-01-25 13:23:32 UTC (rev 1235)
@@ -33,7 +33,7 @@
CVE-2008-2829.patch
libedit_is_editline.patch
bad_whatis_entries.patch
-deprecated_freetds_check.patch
+gentoo/freetds-compat.patch
snmp_leaks.patch
CVE-2008-3658.patch
CVE-2008-3659.patch
@@ -42,3 +42,13 @@
CVE-2008-5557.patch
pdo-fetchobject-prototype-error.patch
zend_object_handlers-invalid-write.patch
+dba-inifile-truncation.patch
+gentoo/010_ticks-zts-crashes.patch
+gentoo/019_new-memory-corruption.patch
+gentoo/009_array-function-crashes.patch
+gentoo/015_CVE-2008-2665-wrapper-safemode-bypass.patch
+gentoo/017_xmlrpc-invalid-callback-crash.patch
+gentoo/007_dom-setAttributeNode-crash.patch
+gentoo/006_PDORow-crash.patch
+gentoo/005_stream_context_set_params-crash.patch
+CVE-2008-5658.patch
Modified: php5/branches/lenny/debian/rules
===================================================================
--- php5/branches/lenny/debian/rules 2009-01-24 22:03:37 UTC (rev 1234)
+++ php5/branches/lenny/debian/rules 2009-01-25 13:23:32 UTC (rev 1235)
@@ -30,7 +30,10 @@
export QUILT_DIFF_OPTS QUILT_NO_DIFF_TIMESTAMPS
PROG_SENDMAIL = /usr/sbin/sendmail
-CFLAGS += -O2 -Wall -fsigned-char -fno-strict-aliasing
+ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O2
+endif
+CFLAGS += -Wall -fsigned-char -fno-strict-aliasing
# LFS support
ifneq (yes,$(PHP5_COMPAT))
CFLAGS += $(shell getconf LFS_CFLAGS)
More information about the Pkg-php-commits
mailing list