[Pkg-php-commits] [php/debian-sid] Remove CVE-2010-2950 from suhosin patch
Ondřej Surý
ondrej at sury.org
Mon Jan 24 07:53:32 UTC 2011
---
debian/patches/suhosin.patch | 12 ------------
1 files changed, 0 insertions(+), 12 deletions(-)
diff --git a/debian/patches/suhosin.patch b/debian/patches/suhosin.patch
index 2516d97..94e0709 100644
--- a/debian/patches/suhosin.patch
+++ b/debian/patches/suhosin.patch
@@ -4500,18 +4500,6 @@ the following modifications have been made:
if test -r "$abs_srcdir/Zend/zend_objects.c"; then
PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c)
---- a/ext/phar/stream.c
-+++ b/ext/phar/stream.c
-@@ -470,7 +470,8 @@ static int phar_stream_flush(php_stream
- if (stream->mode[0] == 'w' || (stream->mode[0] == 'r' && stream->mode[1] == '+')) {
- ret = phar_flush(((phar_entry_data *)stream->abstract)->phar, 0, 0, 0, &error TSRMLS_CC);
- if (error) {
-- php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, error);
-+ /* Fix format string vulnerability here, too because PHP.net did not */
-+ php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, "%s", error);
- efree(error);
- }
- return ret;
--- a/ext/standard/dl.c
+++ b/ext/standard/dl.c
@@ -249,6 +249,23 @@ PHPAPI int php_load_extension(char *file
--
1.7.1
More information about the Pkg-php-commits
mailing list