-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi. Gero Treuner
On Sunday 18 March 2018 02:32 PM, Gero Treuner wrote: > Hi all, > > Attached is a wheezy patch for a security issue: > https://security-tracker.debian.org/tracker/CVE-2018-7490 > Thanks for the patch :) > The upstream patch was backported, and source code apparently > didn't change much. Only a small section (~10 lines) from the > current uwsgi had to be added additionally. > It look like ( and also you mentioned) you have added following lines from master branch. But I don't see the point of doing these other than that the upstream patch applies perfectly now. Can you provide little more information. + // fix docroot + if (uphp.docroot) { + char *orig_docroot = uphp.docroot; + uphp.docroot = uwsgi_expand_path(uphp.docroot, strlen(uphp.docroot), NULL); + if (!uphp.docroot) { + uwsgi_log("unable to set php docroot to %s\n", orig_docroot); + exit(1); + } + uwsgi_log("PHP document root set to %s\n", uphp.docroot); + uphp.docroot_len = strlen(uphp.docroot); + } + > It build and runs fine here. But PHP ist not the backend I am > using, so: Anyone with PHP to test? > > > Kind regards, Gero > Regards. - --abhijith -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlquUPgACgkQhj1N8u2c KO9FPw//W8JE+wcuQFrBZezAquFdyRiMh7kcT5B0tN9ziY7GqOxn7ennxi1K2qiG 0IELFwjY7E5Qxy1nCY04ipNp4cpNf0p6Ejg4ikfzUwPbMeroTTEz/7l6VG0hQf6P 8gk9UQIcyPxUTE6rY8DXchHkRKlZlgPoOzXVPItKxksa6DNss+0oTRucb65I/EJ1 UYW8DraPzjGHYs3BKU4sOBhta7u2xaSXbyLoNKtdDt9H7xBdRvBPMh2kMG9Ectjy r4T2bE+uedg2hF7FYUcXLEL7nTZhXAH4MQamVQ3Kj+ba2Gkzh/aKq1gFe1w/ZRsD 0ASf1KmLZxJtvTCoRFla5wg8jccn25/nzPl5+7hfPFouJQ32seDKTNis/NOtmoKn Y2Mi68IWD4K5qPyhHPDnChTzmAM+or7nVUO9HZ4JnzY8/LEjJHRzBa7k4FRhx3M6 lsIapKWWqQWNp+i9bMGY4mQiRPNPTT1WZZ+R4RuEwpiw/pMGEi4GCM5dgIieopJA RvMX5nDUK/mFl80ZWg614cfFVwV3ALDQZH62D7MCsqMRASL08BVfd1gJcrwKepfC qwfhHtngtlVx66Vrr0ypFJy64II3ushcCvz7oFL3DXMuk1RTbluKm3vgyh36Xrx2 3x8T5UWWVAu9r79Gl6ZU0ehc0YsWpyRluzlzc4WMwSKfnQ4bO5o= =ISzU -----END PGP SIGNATURE-----
