[Pkg-php-commits] r1240 - in php5/branches/etch/debian: . patches

Sean Finney seanius at alioth.debian.org
Tue Jan 27 21:52:49 UTC 2009 

Author: seanius
Date: 2009-01-27 21:52:49 +0000 (Tue, 27 Jan 2009)
New Revision: 1240

Added:
   php5/branches/etch/debian/patches/142-CVE-2008-5624.patch
Removed:
   php5/branches/etch/debian/patches/142-BG-initialization-fix.patch
Modified:
   php5/branches/etch/debian/changelog
Log:
CVE-2008-5624: rename apache fix to include CVE id

Modified: php5/branches/etch/debian/changelog
===================================================================
--- php5/branches/etch/debian/changelog	2009-01-25 23:33:01 UTC (rev 1239)
+++ php5/branches/etch/debian/changelog	2009-01-27 21:52:49 UTC (rev 1240)
@@ -1,8 +1,9 @@
 php5 (5.2.0-8+etch14) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
-  * Include backported fixes for uid/gid initialization in apache/apache2
-    modules.
+  * The following security issues are addressed with this update:
+    - CVE-2008-5624: proper initialization of uid/gid for apache2 sapi.
+      Patch: 142-CVE-2008-5624.patch
 
  -- Sean Finney <seanius at debian.org>  Tue, 30 Sep 2008 20:38:57 +0200
 

Deleted: php5/branches/etch/debian/patches/142-BG-initialization-fix.patch
===================================================================
--- php5/branches/etch/debian/patches/142-BG-initialization-fix.patch	2009-01-25 23:33:01 UTC (rev 1239)
+++ php5/branches/etch/debian/patches/142-BG-initialization-fix.patch	2009-01-27 21:52:49 UTC (rev 1240)
@@ -1,44 +0,0 @@
-proper initialization for uid/gid in apache sapis.
-downloaded from
-http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&view=patch
-http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&view=patch
---- old/ext/standard/basic_functions.c
-+++ new/ext/standard/basic_functions.c
-@@ -3919,6 +3919,8 @@ static void basic_globals_ctor(php_basic
- 	memset(&BG(mblen_state), 0, sizeof(BG(mblen_state)));
- #endif
- 	BG(incomplete_class) = incomplete_class_entry;
-+	BG(page_uid) = -1;
-+	BG(page_gid) = -1;
- }
- 
- 
-@@ -4221,6 +4223,8 @@ PHP_RSHUTDOWN_FUNCTION(basic)
- 
- 	PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
- 	
-+	BG(page_uid) = -1;
-+	BG(page_gid) = -1;
- 	return SUCCESS;
- }
- 
---- old/sapi/apache/mod_php5.c	2008/11/24 22:18:25	1.19.2.7.2.15
-+++ new/sapi/apache/mod_php5.c	2008/11/28 23:22:39	1.19.2.7.2.16
-@@ -597,6 +597,8 @@
- 		return OK;
- 	}
- 
-+	SG(server_context) = r;
-+
- 	zend_first_try {
- 
- 		/* Make sure file exists */
-@@ -654,8 +656,6 @@
- 		/* Init timeout */
- 		hard_timeout("send", r);
- 
--		SG(server_context) = r;
--		
- 		php_save_umask();
- 		add_common_vars(r);
- 		add_cgi_vars(r);

Copied: php5/branches/etch/debian/patches/142-CVE-2008-5624.patch (from rev 1239, php5/branches/etch/debian/patches/142-BG-initialization-fix.patch)
===================================================================
--- php5/branches/etch/debian/patches/142-CVE-2008-5624.patch	                        (rev 0)
+++ php5/branches/etch/debian/patches/142-CVE-2008-5624.patch	2009-01-27 21:52:49 UTC (rev 1240)
@@ -0,0 +1,44 @@
+proper initialization for uid/gid in apache sapis.
+downloaded from
+http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&view=patch
+http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&view=patch
+--- old/ext/standard/basic_functions.c
++++ new/ext/standard/basic_functions.c
+@@ -3919,6 +3919,8 @@ static void basic_globals_ctor(php_basic
+ 	memset(&BG(mblen_state), 0, sizeof(BG(mblen_state)));
+ #endif
+ 	BG(incomplete_class) = incomplete_class_entry;
++	BG(page_uid) = -1;
++	BG(page_gid) = -1;
+ }
+ 
+ 
+@@ -4221,6 +4223,8 @@ PHP_RSHUTDOWN_FUNCTION(basic)
+ 
+ 	PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
+ 	
++	BG(page_uid) = -1;
++	BG(page_gid) = -1;
+ 	return SUCCESS;
+ }
+ 
+--- old/sapi/apache/mod_php5.c	2008/11/24 22:18:25	1.19.2.7.2.15
++++ new/sapi/apache/mod_php5.c	2008/11/28 23:22:39	1.19.2.7.2.16
+@@ -597,6 +597,8 @@
+ 		return OK;
+ 	}
+ 
++	SG(server_context) = r;
++
+ 	zend_first_try {
+ 
+ 		/* Make sure file exists */
+@@ -654,8 +656,6 @@
+ 		/* Init timeout */
+ 		hard_timeout("send", r);
+ 
+-		SG(server_context) = r;
+-		
+ 		php_save_umask();
+ 		add_common_vars(r);
+ 		add_cgi_vars(r);


Property changes on: php5/branches/etch/debian/patches/142-CVE-2008-5624.patch
___________________________________________________________________
Name: svn:mergeinfo
   +

More information about the Pkg-php-commits mailing list