[Pkg-php-commits] r1244 - in php5/branches/etch/debian: . patches

[Sean Finney]

Author: seanius
Date: 2009-01-27 23:11:29 +0000 (Tue, 27 Jan 2009)
New Revision: 1244

Added:
   php5/branches/etch/debian/patches/145-dba-inifile-truncation.patch
Modified:
   php5/branches/etch/debian/changelog
Log:
dba-inifile-truncation

Modified: php5/branches/etch/debian/changelog
===================================================================
--- php5/branches/etch/debian/changelog	2009-01-27 22:54:22 UTC (rev 1243)
+++ php5/branches/etch/debian/changelog	2009-01-27 23:11:29 UTC (rev 1244)
@@ -6,6 +6,8 @@
       Patch: 142-CVE-2008-5624.patch
     - CVE-2008-5557: heap overflows in the mbstring extension.
       Patch: 144-CVE-2008-5557.patch (closes: #511493).
+    - (no CVE): file truncation via inifile handler for the dba functions.
+      Patch: 145-dba-inifile-truncation.patch (closes: #507101).
   * Backport the patch from lenny/sid to use the system timezone database
     instead of the embedded php timezone database which is out of date.
     Patch: 143-use_embedded_timezonedb.patch (closes: #471104).

Added: php5/branches/etch/debian/patches/145-dba-inifile-truncation.patch
===================================================================
--- php5/branches/etch/debian/patches/145-dba-inifile-truncation.patch	                        (rev 0)
+++ php5/branches/etch/debian/patches/145-dba-inifile-truncation.patch	2009-01-27 23:11:29 UTC (rev 1244)
@@ -0,0 +1,13 @@
+--- php5-5.2.6.dfsg.1.orig/ext/dba/libinifile/inifile.c
++++ php5-5.2.6.dfsg.1/ext/dba/libinifile/inifile.c
+@@ -508,7 +508,9 @@ static int inifile_delete_replace_append
+ 	
+ 	/* 5 */
+ 	if (ret == SUCCESS) {
+-		ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */
++		if (!value || (key->name && strlen(key->name))) {
++			ret = inifile_truncate(dba, append ? pos_grp_next : pos_grp_start TSRMLS_CC); /* writes error on fail */
++		}
+ 	}
+ 
+ 	if (ret == SUCCESS) {