Tags 359904 + patch
Found 359904 4:4.3.10-16
Thanks
Hi.
Patch ported to 4.3.10-16 is attached. Actually, I also allowed myself
to fix a small possible bug in debian/rules way of applying patches. The
problem here is that you assume the patches to have appliled in
alphabetical order when trying to deapply them. However, the shell is
not guaranteed to expand patterns in alphabetical order, so sorting the
patches explicitly is the safer option. Out of habit, I also created
changelog entries for the two changes (which are much longer than the
changes themselves).
All changes are small and easy enough to get seperated should you want that.
Regards,
Dven
diff -urN php4-4.3.10-orig/debian/changelog php4-4.3.10/debian/changelog
--- php4-4.3.10-orig/debian/changelog 2006-03-31 17:02:02.000000000 +0200
+++ php4-4.3.10/debian/changelog 2006-03-31 17:25:25.000000000 +0200
@@ -1,3 +1,14 @@
+php4 (4:4.3.10-17) stable-security; urgency=low
+
+ Sven Mueller <[EMAIL PROTECTED]>:
+ * Patch ext/standard/html.c to fix a possible information disclosure bug in
+ html_entity_decode() (closes: #359904)
+ * Fix a small issue in debian/rules regarding the order in which patches are
+ applied (`ls` as well as shell pattern expansion might sort differently
+ than `sort`)
+
+ -- Sven Mueller <[EMAIL PROTECTED]> Fri, 31 Mar 2006 17:24:18 +0200
+
php4 (4:4.3.10-16) stable-security; urgency=high
Adam Conrad <[EMAIL PROTECTED]>:
diff -urN php4-4.3.10-orig/debian/patches/052-html_entity_decode_fix.patch php4-4.3.10/debian/patches/052-html_entity_decode_fix.patch
--- php4-4.3.10-orig/debian/patches/052-html_entity_decode_fix.patch 1970-01-01 01:00:00.000000000 +0100
+++ php4-4.3.10/debian/patches/052-html_entity_decode_fix.patch 2006-03-31 17:21:13.000000000 +0200
@@ -0,0 +1,12 @@
+diff -ur php4-4.3.10-orig/ext/standard/html.c php4-4.3.10/ext/standard/html.c
+--- php4-4.3.10-orig/ext/standard/html.c 2004-07-13 19:15:13.000000000 +0200
++++ php4-4.3.10/ext/standard/html.c 2006-03-31 17:15:33.000000000 +0200
+@@ -791,7 +791,7 @@
+ enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
+ unsigned char replacement[15];
+
+- ret = estrdup(old);
++ ret = estrdup(old,oldlen);
+ retlen = oldlen;
+ if (!retlen) {
+ goto empty_source;
diff -urN php4-4.3.10-orig/debian/rules php4-4.3.10/debian/rules
--- php4-4.3.10-orig/debian/rules 2006-03-31 17:02:02.000000000 +0200
+++ php4-4.3.10/debian/rules 2006-03-31 17:24:02.000000000 +0200
@@ -85,7 +85,7 @@
patch: patch-stamp
patch-stamp:
dh_testdir
- for patch in debian/patches/*.patch; do \
+ for patch in `ls debian/patches/*.patch | sort`; do \
echo '->'`basename $$patch`:; \
if ! patch -p1 --ignore-whitespace --dry-run < $$patch; \
then \
