--- rpms/php/sme8/php-5.3.3-CVE-2011-1471.patch	2011/11/03 22:49:53	1.1
+++ rpms/php/sme8/php-5.3.3-CVE-2011-1471.patch	2011/11/03 22:54:19	1.2
@@ -0,0 +1,41 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=690915
+
+http://svn.php.net/viewvc/?view=revision&revision=307917
+
+(r287095 already included in 5.3.3)
+
+--- php-5.3.3/ext/zip/zip_stream.c.cve1471
++++ php-5.3.3/ext/zip/zip_stream.c
+@@ -30,11 +30,11 @@ struct php_zip_stream_data_t {
+ /* {{{ php_zip_ops_read */
+ static size_t php_zip_ops_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
+ {
+-	int n = 0;
++	ssize_t n = 0;
+ 	STREAM_DATA_FROM_STREAM();
+ 
+ 	if (self->za && self->zf) {
+-		n = (size_t)zip_fread(self->zf, buf, (int)count);
++		n = zip_fread(self->zf, buf, count);
+ 		if (n < 0) {
+ 			int ze, se;
+ 			zip_file_error_get(self->zf, &ze, &se);
+@@ -42,13 +42,15 @@ static size_t php_zip_ops_read(php_strea
+ 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "Zip stream error: %s", zip_file_strerror(self->zf));
+ 			return 0;
+ 		}
+-		if (n == 0 || n < count) {
++		/* cast count to signed value to avoid possibly negative n
++		 * being cast to unsigned value */
++		if (n == 0 || n < (ssize_t)count) {
+ 			stream->eof = 1;
+ 		} else {
+ 			self->cursor += n;
+ 		}
+ 	}
+-	return (n < 1 ? 0 : n);
++	return (n < 1 ? 0 : (size_t)n);
+ }
+ /* }}} */
+