[php-pecl-apc/el5/master] add patch for XSS vulnerability
Remi Collet
remi at fedoraproject.org
Sat Sep 18 09:18:48 UTC 2010
commit ef62db3383ce7626e08944316505c95b049671d1
Author: remi <fedora at famillecollet.com>
Date: Sat Sep 18 11:18:41 2010 +0200
add patch for XSS vulnerability
apc-xss.patch | 11 +++++++++++
php-pecl-apc.spec | 18 +++++++++++++++---
2 files changed, 26 insertions(+), 3 deletions(-)
---
diff --git a/apc-xss.patch b/apc-xss.patch
new file mode 100644
index 0000000..142f2ba
--- /dev/null
+++ b/apc-xss.patch
@@ -0,0 +1,11 @@
+--- pecl/apc/trunk/apc.php 2010/07/25 19:58:43 301548
++++ pecl/apc/trunk/apc.php 2010/08/05 09:10:58 301867
+@@ -991,7 +991,7 @@
+ echo
+ "<tr class=tr-$m>",
+ "<td class=td-0>",ucwords(preg_replace("/_/"," ",$k)),"</td>",
+- "<td class=td-last>",(preg_match("/time/",$k) && $value!='None') ? date(DATE_FORMAT,$value) : $value,"</td>",
++ "<td class=td-last>",(preg_match("/time/",$k) && $value!='None') ? date(DATE_FORMAT,$value) : htmlspecialchars($value, ENT_QUOTES, 'UTF-8'),"</td>",
+ "</tr>";
+ $m=1-$m;
+ }
diff --git a/php-pecl-apc.spec b/php-pecl-apc.spec
index 199212f..de12759 100644
--- a/php-pecl-apc.spec
+++ b/php-pecl-apc.spec
@@ -1,20 +1,26 @@
%{!?__pecl: %{expand: %%global __pecl %{_bindir}/pecl}}
-%define php_extdir %(php-config --extension-dir 2>/dev/null || echo %{_libdir}/php4)
+%global php_extdir %(php-config --extension-dir 2>/dev/null || echo %{_libdir}/php4)
%global php_zendabiver %((echo 0; php -i 2>/dev/null | sed -n 's/^PHP Extension => //p') | tail -1)
%global php_version %((echo 0; php-config --version 2>/dev/null) | tail -1)
-%define pecl_name APC
+%global pecl_name APC
Summary: APC caches and optimizes PHP intermediate code
Name: php-pecl-apc
Version: 3.0.19
-Release: 1%{?dist}
+Release: 2%{?dist}
License: PHP
Group: Development/Languages
URL: http://pecl.php.net/package/APC
Source: http://pecl.php.net/get/APC-%{version}.tgz
+
+# Upstream patch for CVE-2010-3294
+# http://svn.php.net/viewvc/pecl/apc/trunk/apc.php?r1=301548&r2=301867&view=patch
+Patch0: apc-xss.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Conflicts: php-mmcache php-eaccelerator
BuildRequires: php-devel httpd-devel php-pear
+
%if %{?php_zend_api}0
# Require clean ABI/API versions if available (Fedora)
Requires: php(zend-abi) = %{php_zend_api}
@@ -40,6 +46,9 @@ intermediate code.
%prep
%setup -q -n %{pecl_name}-%{version}
+%patch0 -p3 -b .xss
+
+
%build
%{_bindir}/phpize
%configure --enable-apc-mmap --with-apxs=%{_sbindir}/apxs --with-php-config=%{_bindir}/php-config
@@ -95,6 +104,9 @@ fi
%{pecl_xmldir}/%{pecl_name}.xml
%changelog
+* Sat Sep 18 2010 Remi Collet <fedora at famillecollet.com> - 3.0.19-2
+- add patch for CVE-2010-3294 (#634336)
+
* Wed Jun 25 2008 Tim Jackson <rpm at timj.co.uk> - 3.0.19-1
- Update to 3.0.19
- Fix PHP Zend API/ABI dependencies to work on EL-4/5
More information about the scm-commits
mailing list