Hello community, here is the log from the commit of package php5 for openSUSE:12.1:Update:Test checked in at 2012-02-03 17:05:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update:Test/php5 (Old) and /work/SRC/openSUSE:12.1:Update:Test/.php5.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "php5", Maintainer is "PGajdos@suse.com" Changes: -------- --- /work/SRC/openSUSE:12.1:Update:Test/php5/php5.changes 2012-01-30 20:40:47.000000000 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.php5.new/php5.changes 2012-02-03 17:05:23.000000000 +0100 @@ -1,0 +2,6 @@ +Fri Feb 3 08:13:16 UTC 2012 - pgajdos@suse.com + +- security update CVE-2012-0830 and other memory leaks + (fixes the fix of CVE-2011-4885) [bnc#744966] + +------------------------------------------------------------------- New: ---- php-5.3.8-CVE-2012-0830.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php5.spec ++++++ --- /var/tmp/diff_new_pack.RcXGOB/_old 2012-02-03 17:05:23.000000000 +0100 +++ /var/tmp/diff_new_pack.RcXGOB/_new 2012-02-03 17:05:23.000000000 +0100 @@ -15,6 +15,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + + Name: php5 %global apiver 20090626 %global zendver 20090626 @@ -166,6 +168,7 @@ Patch40: php-5.3.8-CVE-2012-0788.patch Patch41: php-5.3.8-memory-corruption-parse_ini_string.patch Patch42: php-5.3.8-CVE-2012-0789.patch +Patch43: php-5.3.8-CVE-2012-0830.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build Summary: PHP5 Core Files @@ -1284,6 +1287,7 @@ %patch40 %patch41 %patch42 +%patch43 -p1 # Safety check for API version change. vapi=`sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h` if test "x${vapi}" != "x%{apiver}"; then ++++++ php-5.3.8-CVE-2012-0830.patch ++++++ Index: php-5.3.8/main/php_variables.c =================================================================== --- php-5.3.8.orig/main/php_variables.c +++ php-5.3.8/main/php_variables.c @@ -182,7 +182,13 @@ PHPAPI void php_register_variable_ex(cha if (!index) { MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + zval_dtor(val); + efree(var_orig); + return; + } + } else { if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); @@ -197,6 +203,13 @@ PHPAPI void php_register_variable_ex(cha MAKE_STD_ZVAL(gpc_element); array_init(gpc_element); zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + } else { + if (index != escaped_index) { + efree(escaped_index); + } + zval_dtor(val); + efree(var_orig); + return; } if (index != escaped_index) { efree(escaped_index); @@ -221,7 +234,9 @@ plain_var: gpc_element->value = val->value; Z_TYPE_P(gpc_element) = Z_TYPE_P(val); if (!index) { - zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p); + if (zend_hash_next_index_insert(symtable1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p) == FAILURE) { + zval_ptr_dtor(&gpc_element); + } } else { if (PG(magic_quotes_gpc)) { escaped_index = php_addslashes(index, index_len, &index_len, 0 TSRMLS_CC); -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org