Changes - j0ke.net Open Build Service

Changes of Revision 3

[-] [+]	Changed	php5.changes
@@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Mon Jun 2 19:51:27 UTC 2014 - cs@linux-administrator.com + +- added CVE-2014-0237.patch +- added CVE-2014-0238.patch + +------------------------------------------------------------------- Fri May 2 20:41:21 UTC 2014 - cs@linux-administrator.com - added CVE-2014-0185.patch
[-] [+]	Changed	php5.spec ^
@@ -128,6 +128,8 @@ Patch22: php-5.3.10-maillog-httphost.patch Patch50: CVE-2014-0185.patch +Patch51: CVE-2014-0237.patch +Patch52: CVE-2014-0238.patch Url: http://www.php.net BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -1229,6 +1231,8 @@ %patch22 %patch50 -p1 +%patch51 -p1 +%patch52 -p2 # we build three SAPI %{__mkdir_p} build-apache2 build-fpm
[-] [+]	Added	CVE-2014-0237.patch ^
@@ -0,0 +1,41 @@ +X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Ffileinfo%2Flibmagic%2Fcdf.c;h=8dacd2f93294ea9fdf2dfe740a8151698fe4efb3;hp=dd7177ed9002a82f5596c5a81b95fcd809e78811;hb=68ce2d0ea6da79b12a365e375e1c2ce882c77480;hpb=41f01c28bc266631e742713add1f8f184284636a + +diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c +index dd7177e..8dacd2f 100644 +--- a/ext/fileinfo/libmagic/cdf.c ++++ b/ext/fileinfo/libmagic/cdf.c +@@ -942,7 +942,7 @@ int + cdf_unpack_summary_info(const cdf_stream_t sst, const cdf_header_t h, + cdf_summary_info_header_t ssi, cdf_property_info_t info, size_t count) + { +- size_t i, maxcount; ++ size_t maxcount; + const cdf_summary_info_header_t si = + CAST(const cdf_summary_info_header_t , sst->sst_tab); + const cdf_section_declaration_t sd = +@@ -957,21 +957,13 @@ cdf_unpack_summary_info(const cdf_stream_t sst, const cdf_header_t h, + ssi->si_os = CDF_TOLE2(si->si_os); + ssi->si_class = si->si_class; + cdf_swap_class(&ssi->si_class); +- ssi->si_count = CDF_TOLE2(si->si_count); ++ ssi->si_count = CDF_TOLE4(si->si_count); + count = 0; + maxcount = 0; + *info = NULL; +- for (i = 0; i < CDF_TOLE4(si->si_count); i++) { +- if (i >= CDF_LOOP_LIMIT) { +- DPRINTF(("Unpack summary info loop limit")); +- errno = EFTYPE; +- return -1; +- } +- if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), +- info, count, &maxcount) == -1) { ++ if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), info, ++ count, &maxcount) == -1) + return -1; +- } +- } + return 0; + } + +
[-] [+]	Added	CVE-2014-0238.patch ^
@@ -0,0 +1,29 @@ +X-Git-Url: http://72.52.91.13:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Ffileinfo%2Flibmagic%2Fcdf.c;h=4712e84942eae72ce63a85a5ea5109cfd7ffe386;hp=8dacd2f93294ea9fdf2dfe740a8151698fe4efb3;hb=22736b7c56d678f142d5dd21f4996e5819507a2b;hpb=68ce2d0ea6da79b12a365e375e1c2ce882c77480 + +diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c +index 8dacd2f..4712e84 100644 +--- a/ext/fileinfo/libmagic/cdf.c ++++ b/ext/fileinfo/libmagic/cdf.c +@@ -823,6 +823,10 @@ cdf_read_property_info(const cdf_stream_t sst, const cdf_header_t h, + i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); + if (inp[i].pi_type & CDF_VECTOR) { + nelements = CDF_GETUINT32(q, 1); ++ if (nelements == 0) { ++ DPRINTF(("CDF_VECTOR with nelements == 0\n")); ++ goto out; ++ } + o = 2; + } else { + nelements = 1; +@@ -897,7 +901,9 @@ cdf_read_property_info(const cdf_stream_t sst, const cdf_header_t h, + } + DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", + nelements)); +- for (j = 0; j < nelements; j++, i++) { ++ for (j = 0; j < nelements && i < sh.sh_properties; ++ j++, i++) ++ { + uint32_t l = CDF_GETUINT32(q, o); + inp[i].pi_str.s_len = l; + inp[i].pi_str.s_buf = (const char *) +