--- rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch	2012/06/29 14:45:08	1.1
+++ rpms/php/sme8/php-5.3.3-CVE-2012-2336.patch	2012/06/29 14:54:00	1.2
@@ -0,0 +1,39 @@
+
+The first hunk of this patch is *mitigation* for use of bad wrappers
+scripts which are vulnerable to CVE-2012-2335.
+
+The second hunk of this patch fixes CVE-2012-2336:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2336
+
+http://git.php.net/?p=php-src.git;a=commitdiff;h=7de4b75f74a817c3fead32710e04cd015bcc5360
+
+--- php-5.3.3/sapi/cgi/cgi_main.c.cve2311
++++ php-5.3.3/sapi/cgi/cgi_main.c
+@@ -1553,10 +1553,15 @@ int main(int argc, char *argv[])
+ 		}
+ 	}
+ 
+-	if((query_string = getenv("QUERY_STRING")) != NULL) {
++	if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
++		/* we've got query string that has no = - apache CGI will pass it to command line */
++		unsigned char *p;
+ 		decoded_query_string = strdup(query_string);
+ 		php_url_decode(decoded_query_string, strlen(decoded_query_string));
+-		if(*decoded_query_string == '-' && strchr(query_string, '=') == NULL) {
++		for (p = decoded_query_string; *p &&  *p <= ' '; p++) {
++			/* skip all leading spaces */
++		}
++		if(*p == '-') {
+ 			skip_getopt = 1;
+ 		}
+ 		free(decoded_query_string);
+@@ -1811,7 +1816,7 @@ consult the installation file that came 
+ 	}
+ 
+ 	zend_first_try {
+-		while ((c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
++		while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 1, 2)) != -1) {
+ 			switch (c) {
+ 				case 'T':
+ 					benchmark = 1;