commit php5 for openSUSE:12.2

Thu, 09 Aug 2012 08:56:40 -0700 

Hello community,

here is the log from the commit of package php5 for openSUSE:12.2 checked in at 
2012-08-09 17:55:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2/php5 (Old)
 and      /work/SRC/openSUSE:12.2/.php5.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "php5", Maintainer is "[email protected]"

Changes:
--------
--- /work/SRC/openSUSE:12.2/php5/php5.changes   2012-07-30 20:39:03.000000000 
+0200
+++ /work/SRC/openSUSE:12.2/.php5.new/php5.changes      2012-08-09 
17:56:07.000000000 +0200
@@ -1,0 +2,5 @@
+Tue Jul 31 14:38:00 UTC 2012 - [email protected]
+
+- fix CVE-2012-3365 [bnc#772582] (only sqlite extension)
+
+-------------------------------------------------------------------

New:
----
  php-5.3.15-CVE-2012-3365.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ php5.spec ++++++
--- /var/tmp/diff_new_pack.6UMcr7/_old  2012-08-09 17:56:08.000000000 +0200
+++ /var/tmp/diff_new_pack.6UMcr7/_new  2012-08-09 17:56:08.000000000 +0200
@@ -179,6 +179,7 @@
 Patch36:        php-5.3.8-crypt-tests.patch
 # related to previous patch; !(defined(_REENTRANT) || defined(_THREAD_SAFE))
 Patch37:        php-5.3.8-no-reentrant-crypt.patch
+Patch40:        php-5.3.15-CVE-2012-3365.patch
 Url:            http://www.php.net
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Summary:        PHP5 Core Files
@@ -1281,6 +1282,7 @@
 %endif
 %patch36
 %patch37
+%patch40
 # Safety check for API version change.
 vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h`
 if test "x${vapi}" != "x%{apiver}"; then


++++++ php-5.3.15-CVE-2012-3365.patch ++++++
http://git.php.net/?p=php-src.git;a=commit;h=055ecbc62878e86287d742c7246c21606cee8183
Index: ext/sqlite/pdo_sqlite2.c
===================================================================
--- ext/sqlite/pdo_sqlite2.c.orig
+++ ext/sqlite/pdo_sqlite2.c
@@ -515,7 +515,7 @@ static struct pdo_dbh_methods sqlite2_me
 
 static char *make_filename_safe(const char *filename TSRMLS_DC)
 {
-       if (*filename && strncmp(filename, ":memory:", sizeof(":memory:")-1)) {
+       if (*filename && memcmp(filename, ":memory:", sizeof(":memory:"))) {
                char *fullpath = expand_filepath(filename, NULL TSRMLS_CC);
 
                if (!fullpath) {
Index: ext/sqlite/sqlite.c
===================================================================
--- ext/sqlite/sqlite.c.orig
+++ ext/sqlite/sqlite.c
@@ -1064,7 +1064,7 @@ static int php_sqlite_authorizer(void *a
 {
        switch (access_type) {
                case SQLITE_COPY:
-                       if (strncmp(arg4, ":memory:", sizeof(":memory:") - 1)) {
+                       if (memcmp(arg4, ":memory:", sizeof(":memory:"))) {
                                TSRMLS_FETCH();
                                if (PG(safe_mode) && (!php_checkuid(arg4, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                                        return SQLITE_DENY;
@@ -1077,7 +1077,7 @@ static int php_sqlite_authorizer(void *a
                        return SQLITE_OK;
 #ifdef SQLITE_ATTACH
                case SQLITE_ATTACH:
-                       if (strncmp(arg3, ":memory:", sizeof(":memory:") - 1)) {
+                       if (memcmp(arg3, ":memory:", sizeof(":memory:"))) {
                                TSRMLS_FETCH();
                                if (PG(safe_mode) && (!php_checkuid(arg3, NULL, 
CHECKUID_CHECK_FILE_AND_DIR))) {
                                        return SQLITE_DENY;
@@ -1563,7 +1563,7 @@ PHP_FUNCTION(sqlite_popen)
        if (strlen(filename) != filename_len) {
                RETURN_FALSE;
        }
-       if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
+       if (memcmp(filename, ":memory:", sizeof(":memory:"))) {
                /* resolve the fully-qualified path name to use as the hash key 
*/
                if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
                        RETURN_FALSE;
@@ -1645,7 +1645,7 @@ PHP_FUNCTION(sqlite_open)
                RETURN_FALSE;
        }
 
-       if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
+       if (memcmp(filename, ":memory:", sizeof(":memory:"))) {
                /* resolve the fully-qualified path name to use as the hash key 
*/
                if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
                        zend_restore_error_handling(&error_handling TSRMLS_CC);
@@ -1703,7 +1703,7 @@ PHP_FUNCTION(sqlite_factory)
                RETURN_FALSE;
        }
 
-       if (strncmp(filename, ":memory:", sizeof(":memory:") - 1)) {
+       if (memcmp(filename, ":memory:", sizeof(":memory:"))) {
                /* resolve the fully-qualified path name to use as the hash key 
*/
                if (!(fullpath = expand_filepath(filename, NULL TSRMLS_CC))) {
                        zend_restore_error_handling(&error_handling TSRMLS_CC);
-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to