[Pkg-php-commits] [php/debian-sid] Remove CVE-2010-2950 from suhosin patch

Ondřej Surý ondrej at sury.org
Mon Jan 24 07:53:32 UTC 2011


---
 debian/patches/suhosin.patch |   12 ------------
 1 files changed, 0 insertions(+), 12 deletions(-)

diff --git a/debian/patches/suhosin.patch b/debian/patches/suhosin.patch
index 2516d97..94e0709 100644
--- a/debian/patches/suhosin.patch
+++ b/debian/patches/suhosin.patch
@@ -4500,18 +4500,6 @@ the following modifications have been made:
  
  if test -r "$abs_srcdir/Zend/zend_objects.c"; then
    PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c zend_default_classes.c)
---- a/ext/phar/stream.c
-+++ b/ext/phar/stream.c
-@@ -470,7 +470,8 @@ static int phar_stream_flush(php_stream
- 	if (stream->mode[0] == 'w' || (stream->mode[0] == 'r' && stream->mode[1] == '+')) {
- 		ret = phar_flush(((phar_entry_data *)stream->abstract)->phar, 0, 0, 0, &error TSRMLS_CC);
- 		if (error) {
--			php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, error);
-+			/* Fix format string vulnerability here, too because PHP.net did not */
-+			php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, "%s", error);
- 			efree(error);
- 		}
- 		return ret;
 --- a/ext/standard/dl.c
 +++ b/ext/standard/dl.c
 @@ -249,6 +249,23 @@ PHPAPI int php_load_extension(char *file
-- 
1.7.1





More information about the Pkg-php-commits mailing list