Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=d9c1d6eb1c06b820b918ad881cdf8f6161df0b82

commit d9c1d6eb1c06b820b918ad881cdf8f6161df0b82
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Wed Mar 31 21:58:19 2010 +0200

php-5.3.2-2-i686

- add CVE-2010-0397.patch
- closes #4165

diff --git a/source/devel/php/CVE-2010-0397.patch 
b/source/devel/php/CVE-2010-0397.patch
new file mode 100644
index 0000000..74bd96d
--- /dev/null
+++ b/source/devel/php/CVE-2010-0397.patch
@@ -0,0 +1,32 @@
+Index: php/ext/xmlrpc/xmlrpc-epi-php.c
+===================================================================
+--- php.orig/ext/xmlrpc/xmlrpc-epi-php.c
++++ php/ext/xmlrpc/xmlrpc-epi-php.c
+@@ -778,6 +778,7 @@ zval* decode_request_worker(char *xml_in
+       zval* retval = NULL;
+       XMLRPC_REQUEST response;
+       STRUCT_XMLRPC_REQUEST_INPUT_OPTIONS opts = {{0}};
++      const char *method_name;
+       opts.xml_elem_opts.encoding = encoding_in ? 
utf8_get_encoding_id_from_string(encoding_in) : ENCODING_DEFAULT;
+
+       /* generate XMLRPC_REQUEST from raw xml */
+@@ -788,10 +789,15 @@ zval* decode_request_worker(char *xml_in
+
+               if (XMLRPC_RequestGetRequestType(response) == 
xmlrpc_request_call) {
+                       if (method_name_out) {
+-                              zval_dtor(method_name_out);
+-                              Z_TYPE_P(method_name_out) = IS_STRING;
+-                              Z_STRVAL_P(method_name_out) = 
estrdup(XMLRPC_RequestGetMethodName(response));
+-                              Z_STRLEN_P(method_name_out) = 
strlen(Z_STRVAL_P(method_name_out));
++                              method_name = 
XMLRPC_RequestGetMethodName(response);
++                              if (method_name) {
++                                      zval_dtor(method_name_out);
++                                      Z_TYPE_P(method_name_out) = IS_STRING;
++                                      Z_STRVAL_P(method_name_out) = 
estrdup(method_name);
++                                      Z_STRLEN_P(method_name_out) = 
strlen(Z_STRVAL_P(method_name_out));
++                              } else {
++                                      retval = NULL;
++                              }
+                       }
+               }
+
diff --git a/source/devel/php/FrugalBuild b/source/devel/php/FrugalBuild
index d6acb9d..068d1a9 100644
--- a/source/devel/php/FrugalBuild
+++ b/source/devel/php/FrugalBuild
@@ -4,7 +4,7 @@

pkgname=php
pkgver=5.3.2
-pkgrel=1
+pkgrel=2
pkgdesc="A widely-used general-purpose scripting language"
url="http://www.php.net";
backup=(etc/{php.ini,httpd/conf/modules.d/$pkgname.conf})
@@ -18,7 +18,7 @@ groups=('devel')
archs=('i686' 'x86_64')
up2date="lynx -dump http://www.php.net/downloads.php |grep 'Complete Source 
Code' -3|sed -n 's/.*P \(.*\)/\1/;2 p'"
source=(http://www.php.net/distributions/$pkgname-$pkgver.tar.gz \
-       php.ini php.conf README.Frugalware phpize.in.patch)
+       php.ini php.conf README.Frugalware phpize.in.patch CVE-2010-0397.patch)

subpkgs=("$pkgname-cgi")
suboptions=('nodocs') ## its depends on PHP and the same files are installed etc
@@ -139,6 +139,7 @@ sha1sums=('ef9e11975eee9bcd17ed535a21559a471a1061d2' \
'e5165779c0d3d7958e3a11c7f72762e911129e54' \
'0850ef23512a02e8460dc36f08f453d148dcd9df' \
'40ae88f0721e02a2c75de76be342c51c85bf734d' \
-          '4c598e1c8683518090f7a0e9fef01c57593137c8')
+          '4c598e1c8683518090f7a0e9fef01c57593137c8' \
+          '3cfe9055876f0c5b9cf3479b5918cf78c8892168')

# optimization OK
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to