Hello community, here is the log from the commit of package php5 for openSUSE:Factory checked in at 2015-01-08 23:20:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php5 (Old) and /work/SRC/openSUSE:Factory/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php5" Changes: -------- --- /work/SRC/openSUSE:Factory/php5/php5.changes 2014-12-30 00:49:18.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.php5.new/php5.changes 2015-01-09 01:11:23.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Jan 5 14:34:23 UTC 2015 - [email protected] + +- added php-CVE-2014-9426.patch [bnc#911663] +- added php-CVE-2014-9427.patch [bnc#911664] + +------------------------------------------------------------------- New: ---- php-CVE-2014-9426.patch php-CVE-2014-9427.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.q09of9/_old 2015-01-09 01:11:24.000000000 +0100 +++ /var/tmp/diff_new_pack.q09of9/_new 2015-01-09 01:11:24.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package php5 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -178,6 +178,8 @@ Patch17: php5-per-mod-log.patch Patch18: php5-apache24-updates.patch Patch19: php5-crypto-checks.patch +Patch20: php-CVE-2014-9426.patch +Patch21: php-CVE-2014-9427.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1326,6 +1328,8 @@ %patch17 -p1 %patch18 -p1 %patch19 -p1 +%patch20 +%patch21 # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then ++++++ php-CVE-2014-9426.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=a72cd07f2983dc43a6bb35209dc4687852e53c09 Index: ext/fileinfo/libmagic/apprentice.c =================================================================== --- ext/fileinfo/libmagic/apprentice.c.orig 2015-01-05 15:30:20.672600093 +0100 +++ ext/fileinfo/libmagic/apprentice.c 2015-01-05 15:31:02.829142205 +0100 @@ -1197,7 +1197,6 @@ if ((filearr = CAST(char **, erealloc(filearr, mlen))) == NULL) { file_oomem(ms, mlen); - efree(mfn); php_stream_closedir(dir); errs++; goto out; ++++++ php-CVE-2014-9427.patch ++++++ http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35 Index: sapi/cgi/cgi_main.c =================================================================== --- sapi/cgi/cgi_main.c.orig 2015-01-05 17:05:35.584546329 +0100 +++ sapi/cgi/cgi_main.c 2015-01-05 17:06:02.786896356 +0100 @@ -2435,14 +2435,17 @@ int i = 1; c = file_handle.handle.stream.mmap.buf[i++]; - while (c != '\n' && c != '\r' && c != EOF) { + while (c != '\n' && c != '\r' && i < file_handle.handle.stream.mmap.len) { c = file_handle.handle.stream.mmap.buf[i++]; } if (c == '\r') { - if (file_handle.handle.stream.mmap.buf[i] == '\n') { + if (i < file_handle.handle.stream.mmap.len && file_handle.handle.stream.mmap.buf[i] == '\n') { i++; } } + if(i > file_handle.handle.stream.mmap.len) { + i = file_handle.handle.stream.mmap.len; + } file_handle.handle.stream.mmap.buf += i; file_handle.handle.stream.mmap.len -= i; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
