packages/php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 8.0.0

Browse Source
This commit is contained in:
panxiaohe 2020-12-31 17:40:28 +08:00
parent 6babe6f5a9
commit 391e81d7c9
47 changed files with 337 additions and 2364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
20-ffi.ini Normal file
View File

@ -0,0 +1,13 @@
; Enable ffi extension module
extension=ffi
; FFI API restriction. Possibe values:
; "preload" - enabled in CLI scripts and preloaded files (default)
; "false" - always disabled
; "true" - always enabled
;ffi.enable=preload
; List of headers files to preload, wildcard patterns allowed.
; /usr/share/php/preload used by for RPM packages
; /usr/local/share/php/preload may be used for local files
ffi.preload=/usr/share/php/preload/*.h:/usr/local/share/php/preload/*.h

103
CVE-2018-19518.patch
View File

@ -1,103 +0,0 @@
From 336d2086a9189006909ae06c7e95902d7d5ff77e Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 18 Nov 2018 17:10:43 -0800
Subject: [PATCH] Disable rsh/ssh functionality in imap by default (bug #77153)
---
NEWS | 4 ++++
UPGRADING | 7 +++++++
ext/imap/php_imap.c | 17 +++++++++++++++++
ext/imap/php_imap.h | 1 +
ext/imap/tests/bug77153.phpt | 24 ++++++++++++++++++++++++
5 files changed, 53 insertions(+)
create mode 100644 ext/imap/tests/bug77153.phpt
index ec2d8f46ed..52968a3857 100644
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index e1adcf2264..42e7d8611c 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -562,6 +562,15 @@ static const zend_module_dep imap_deps[] = {
};
/* }}} */
+
+/* {{{ PHP_INI
+ */
+PHP_INI_BEGIN()
+STD_PHP_INI_BOOLEAN("imap.enable_insecure_rsh", "0", PHP_INI_SYSTEM, OnUpdateBool, enable_rsh, zend_imap_globals, imap_globals)
+PHP_INI_END()
+/* }}} */
+
+
/* {{{ imap_module_entry
*/
zend_module_entry imap_module_entry = {
@@ -832,6 +841,8 @@ PHP_MINIT_FUNCTION(imap)
{
unsigned long sa_all = SA_MESSAGES | SA_RECENT | SA_UNSEEN | SA_UIDNEXT | SA_UIDVALIDITY;
+ REGISTER_INI_ENTRIES();
+
#ifndef PHP_WIN32
mail_link(&unixdriver); /* link in the unix driver */
mail_link(&mhdriver); /* link in the mh driver */
@@ -1049,6 +1060,12 @@ PHP_MINIT_FUNCTION(imap)
GC_TEXTS texts
*/
+ if (!IMAPG(enable_rsh)) {
+ /* disable SSH and RSH, see https://bugs.php.net/bug.php?id=77153 */
+ mail_parameters (NIL, SET_RSHTIMEOUT, 0);
+ mail_parameters (NIL, SET_SSHTIMEOUT, 0);
+ }
+
le_imap = zend_register_list_destructors_ex(mail_close_it, NULL, "imap", module_number);
return SUCCESS;
}
diff --git a/ext/imap/php_imap.h b/ext/imap/php_imap.h
index 7691d1fdd7..556163ed2d 100644
--- a/ext/imap/php_imap.h
+++ b/ext/imap/php_imap.h
@@ -231,6 +231,7 @@ ZEND_BEGIN_MODULE_GLOBALS(imap)
#endif
/* php_stream for php_mail_gets() */
php_stream *gets_stream;
+ zend_bool enable_rsh;
ZEND_END_MODULE_GLOBALS(imap)
#ifdef ZTS
diff --git a/ext/imap/tests/bug77153.phpt b/ext/imap/tests/bug77153.phpt
new file mode 100644
index 0000000000..63590aee1d
--- /dev/null
+++ b/ext/imap/tests/bug77153.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter)
+--SKIPIF--
+<?php
+ if (!extension_loaded("imap")) {
+ die("skip imap extension not available");
+ }
+?>
+--FILE--
+<?php
+$payload = "echo 'BUG'> " . __DIR__ . '/__bug';
+$payloadb64 = base64_encode($payload);
+$server = "x -oProxyCommand=echo\t$payloadb64|base64\t-d|sh}";
+@imap_open('{'.$server.':143/imap}INBOX', '', '');
+// clean
+imap_errors();
+var_dump(file_exists(__DIR__ . '/__bug'));
+?>
+--EXPECT--
+bool(false)
+--CLEAN--
+<?php
+if(file_exists(__DIR__ . '/__bug')) unlink(__DIR__ . '/__bug');
+?>
\ No newline at end of file
--
2.11.0

50
CVE-2018-19935.patch
View File

@ -1,50 +0,0 @@
From 3329e30a0c631753980757045ddfcc7b356a34a2 Mon Sep 17 00:00:00 2001
Date: Wed, 4 Dec 2019 17:50:56 +0800
Subject: Fix #77020: null pointer dereference in imap_mail
If an empty $message is passed to imap_mail(), we must not set message
to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
(opposed to pointers to NUL).
---
ext/imap/php_imap.c | 1 -
ext/imap/tests/bug77020.phpt | 15 +++++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
create mode 100644 php-7.2.10/ext/imap/tests/bug77020.phpt
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index e1adcf22..56126a0c 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -4106,7 +4106,6 @@ PHP_FUNCTION(imap_mail)
if (!ZSTR_LEN(message)) {
/* this is not really an error, so it is allowed. */
php_error_docref(NULL, E_WARNING, "No message string in mail command");
- message = NULL;
}
if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL,
diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt
new file mode 100644
index 00000000..76386a09
--- /dev/null
+++ b/ext/imap/tests/bug77020.phpt
@@ -0,0 +1,15 @@
+ --TEST--
+Bug #77020 (null pointer dereference in imap_mail)
+--SKIPIF--
+<?php
+if (!extension_loaded('imap')) die('skip imap extension not available');
+?>
+--FILE--
+<?php
+imap_mail('1', 1, NULL);
+?>
+===DONE===
+--EXPECTF--
+Warning: imap_mail(): No message string in mail command in %s on line %d
+%s
+===DONE===
--
2.19.1

55
CVE-2019-11034.patch
View File

@ -1,55 +0,0 @@
From f3aefc6d071b807ddacae0a0bc49f09c38e18490 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 17 Mar 2019 22:54:46 -0700
Subject: [PATCH] Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s
---
ext/exif/exif.c | 4 ++++
ext/exif/tests/bug77753.phpt | 16 ++++++++++++++++
ext/exif/tests/bug77753.tiff | Bin 0 -> 873 bytes
3 files changed, 20 insertions(+)
create mode 100644 ext/exif/tests/bug77753.phpt
create mode 100644 ext/exif/tests/bug77753.tiff
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index fe89b85..0b5bb5a 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2802,6 +2802,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len);
return FALSE;
}
+ if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) {
+ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len);
+ return FALSE;
+ }
for (de=0;de<NumDirEntries;de++) {
if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,
diff --git a/ext/exif/tests/bug77753.phpt b/ext/exif/tests/bug77753.phpt
new file mode 100644
index 0000000..d987a5c
--- /dev/null
+++ b/ext/exif/tests/bug77753.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #77753 (Heap-buffer-overflow in php_ifd_get32s)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+var_dump(exif_read_data(__DIR__."/bug77753.tiff"));
+?>
+DONE
+--EXPECTF--
+%A
+Warning: exif_read_data(bug77753.tiff): Illegal IFD size: 0x006A > 0x0065 in %sbug77753.php on line %d
+
+Warning: exif_read_data(bug77753.tiff): Invalid TIFF file in %sbug77753.php on line %d
+bool(false)
+DONE
\ No newline at end of file
--
2.1.4

185
CVE-2019-11035.patch
View File

@ -1,185 +0,0 @@
From 887a7b571407f7a49a5e7cf1e612d21ef83fedb4 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 2 Apr 2019 00:12:26 -0700
Subject: [PATCH] Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value
in EXIF
---
NEWS | 1 +
ext/exif/exif.c | 43 ++++++++++++++++++++++++++++---------------
ext/exif/tests/bug77831.phpt | 13 +++++++++++++
ext/exif/tests/bug77831.tiff | Bin 0 -> 49 bytes
4 files changed, 42 insertions(+), 15 deletions(-)
create mode 100644 ext/exif/tests/bug77831.phpt
create mode 100644 ext/exif/tests/bug77831.tiff
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 0b5bb5a..408bf03 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -1654,10 +1654,10 @@ static int exif_file_sections_free(image_info_type *ImageInfo)
/* {{{ exif_iif_add_value
Add a value to image_info
*/
-static void exif_iif_add_value(image_info_type *image_info, int section_index, char *name, int tag, int format, int length, void* value, int motorola_intel)
+static void exif_iif_add_value(image_info_type *image_info, int section_index, char *name, int tag, int format, int length, void* value, size_t value_len, int motorola_intel)
{
size_t idex;
- void *vptr;
+ void *vptr, *vptr_end;
image_info_value *info_value;
image_info_data *info_data;
image_info_data *list;
@@ -1679,8 +1679,12 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c
switch (format) {
case TAG_FMT_STRING:
+ if (length > value_len) {
+ exif_error_docref("exif_iif_add_value" EXIFERR_CC, image_info, E_WARNING, "length > value_len: %d > %zu", length, value_len);
+ value = NULL;
+ }
if (value) {
- length = php_strnlen(value, length);
+ length = (int)php_strnlen(value, length);
info_value->s = estrndup(value, length);
info_data->length = length;
} else {
@@ -1702,6 +1706,10 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c
if (!length)
break;
case TAG_FMT_UNDEFINED:
+ if (length > value_len) {
+ exif_error_docref("exif_iif_add_value" EXIFERR_CC, image_info, E_WARNING, "length > value_len: %d > %zu", length, value_len);
+ value = NULL;
+ }
if (value) {
if (tag == TAG_MAKER_NOTE) {
length = (int) php_strnlen(value, length);
@@ -1732,7 +1740,12 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c
} else {
info_value = &info_data->value;
}
+ vptr_end = value+value_len;
for (idex=0,vptr=value; idex<(size_t)length; idex++,vptr=(char *) vptr + php_tiff_bytes_per_format[format]) {
+ if (vptr_end - vptr < php_tiff_bytes_per_format[format]) {
+ exif_error_docref("exif_iif_add_value" EXIFERR_CC, image_info, E_WARNING, "Value too short");
+ break;
+ }
if (length>1) {
info_value = &info_data->value.list[idex];
}
@@ -1768,7 +1781,7 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c
php_error_docref(NULL, E_WARNING, "Found value of type single");
#endif
info_value->f = *(float *)value;
-
+ break;
case TAG_FMT_DOUBLE:
#ifdef EXIF_DEBUG
php_error_docref(NULL, E_WARNING, "Found value of type double");
@@ -1786,9 +1799,9 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c
/* {{{ exif_iif_add_tag
Add a tag from IFD to image_info
*/
-static void exif_iif_add_tag(image_info_type *image_info, int section_index, char *name, int tag, int format, size_t length, void* value)
+static void exif_iif_add_tag(image_info_type *image_info, int section_index, char *name, int tag, int format, size_t length, void* value, size_t value_len)
{
- exif_iif_add_value(image_info, section_index, name, tag, format, (int)length, value, image_info->motorola_intel);
+ exif_iif_add_value(image_info, section_index, name, tag, format, (int)length, value, value_len, image_info->motorola_intel);
}
/* }}} */
@@ -2209,7 +2222,7 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im
*/
static void exif_process_COM (image_info_type *image_info, char *value, size_t length)
{
- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length-2, value+2);
+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length-2, value+2, length-2);
}
/* }}} */
@@ -2224,17 +2237,17 @@ static void exif_process_CME (image_info_type *image_info, char *value, size_t l
if (length>3) {
switch(value[2]) {
case 0:
- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, length, value);
+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, length, value), length;
break;
case 1:
- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length, value);
+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length, value, length);
break;
default:
php_error_docref(NULL, E_NOTICE, "Undefined JPEG2000 comment encoding");
break;
}
} else {
- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, 0, NULL);
+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, 0, NULL, 0);
php_error_docref(NULL, E_NOTICE, "JPEG2000 comment section too small");
}
}
@@ -2827,7 +2840,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, char *offset_base, size_t IFDlength, size_t displacement, int section_index, int ReadNextIFD, tag_table_type tag_table)
{
size_t length;
- int tag, format, components;
+ unsigned int tag, format, components;
char *value_ptr, tagname[64], cbuf[32], *outside=NULL;
size_t byte_count, offset_val, fpos, fgot;
int64_t byte_count_signed;
@@ -3138,7 +3151,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
}
}
}
- exif_iif_add_tag(ImageInfo, section_index, exif_get_tagname(tag, tagname, sizeof(tagname), tag_table), tag, format, components, value_ptr);
+ exif_iif_add_tag(ImageInfo, section_index, exif_get_tagname(tag, tagname, sizeof(tagname), tag_table), tag, format, components, value_ptr, byte_count);
EFREE_IF(outside);
return TRUE;
}
@@ -3296,10 +3309,10 @@ static void exif_process_APP12(image_info_type *ImageInfo, char *buffer, size_t
size_t l1, l2=0;
if ((l1 = php_strnlen(buffer+2, length-2)) > 0) {
- exif_iif_add_tag(ImageInfo, SECTION_APP12, "Company", TAG_NONE, TAG_FMT_STRING, l1, buffer+2);
+ exif_iif_add_tag(ImageInfo, SECTION_APP12, "Company", TAG_NONE, TAG_FMT_STRING, l1, buffer+2, l1);
if (length > 2+l1+1) {
l2 = php_strnlen(buffer+2+l1+1, length-2-l1-1);
- exif_iif_add_tag(ImageInfo, SECTION_APP12, "Info", TAG_NONE, TAG_FMT_STRING, l2, buffer+2+l1+1);
+ exif_iif_add_tag(ImageInfo, SECTION_APP12, "Info", TAG_NONE, TAG_FMT_STRING, l2, buffer+2+l1+1, l2);
}
}
#ifdef EXIF_DEBUG
@@ -4100,7 +4113,7 @@ PHP_FUNCTION(exif_read_data)
if (ImageInfo.Thumbnail.size) {
if (read_thumbnail) {
/* not exif_iif_add_str : this is a buffer */
- exif_iif_add_tag(&ImageInfo, SECTION_THUMBNAIL, "THUMBNAIL", TAG_NONE, TAG_FMT_UNDEFINED, ImageInfo.Thumbnail.size, ImageInfo.Thumbnail.data);
+ exif_iif_add_tag(&ImageInfo, SECTION_THUMBNAIL, "THUMBNAIL", TAG_NONE, TAG_FMT_UNDEFINED, ImageInfo.Thumbnail.size, ImageInfo.Thumbnail.data, ImageInfo.Thumbnail.size);
}
if (!ImageInfo.Thumbnail.width || !ImageInfo.Thumbnail.height) {
/* try to evaluate if thumbnail data is present */
diff --git a/ext/exif/tests/bug77831.phpt b/ext/exif/tests/bug77831.phpt
new file mode 100644
index 0000000..d868d47
--- /dev/null
+++ b/ext/exif/tests/bug77831.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #77831 (Heap-buffer-overflow in exif_iif_add_value in EXIF)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+var_dump(exif_read_data(__DIR__."/bug77831.tiff"));
+?>
+DONE
+--EXPECTF--
+%A
+bool(false)
+DONE
\ No newline at end of file
--
2.1.4

27
CVE-2019-11036.patch
View File

@ -1,27 +0,0 @@
From f80ad18afae2230c2c1802c7d829100af646874e Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 29 Apr 2019 23:38:12 -0700
Subject: [PATCH] Fix bug #77950 - Heap-buffer-overflow in _estrndup via
exif_process_IFD_TAG
I do not completely understand what is going on there, but I am pretty
sure dir_entry <= offset_base if not a normal situation, so we better not
to rely on such dir_entry.
---
ext/exif/exif.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index a763f6c..d174def 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -2891,7 +2891,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha
offset_base is ImageInfo->file.list[sn].data-dir_offset
dir_entry - offset_base is dir_offset+2+i*12
*/
- if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry || offset_val < (size_t)(dir_entry-offset_base)) {
+ if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry || offset_val < (size_t)(dir_entry-offset_base) || dir_entry <= offset_base) {
/* It is important to check for IMAGE_FILETYPE_TIFF
* JPEG does not use absolute pointers instead its pointers are
* relative to the start of the TIFF header in APP1 section. */

45
CVE-2019-11041.patch
View File

@ -1,45 +0,0 @@
From dea2989ab8ba87a6180af497b2efaf0527e985c5 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 7 Jul 2019 17:01:01 -0700
Subject: [PATCH] Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
---
ext/exif/exif.c | 2 +-
ext/exif/tests/bug78222.phpt | 11 +++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
create mode 100644 ext/exif/tests/bug78222.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 605b37923f..cd7975a9f5 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3498,7 +3498,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo)
size_t length=2, pos=0;
jpeg_sof_info sof_info;
- if (!data) {
+ if (!data || ImageInfo->Thumbnail.size < 4) {
return FALSE; /* nothing to do here */
}
if (memcmp(data, "\xFF\xD8\xFF", 3)) {
diff --git a/ext/exif/tests/bug78222.phpt b/ext/exif/tests/bug78222.phpt
new file mode 100644
index 0000000000..0e4ead33e4
--- /dev/null
+++ b/ext/exif/tests/bug78222.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #78222 (heap-buffer-overflow on exif_scan_thumbnail)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+exif_read_data(__DIR__."/bug78222.jpg", 'THUMBNAIL', FALSE, TRUE);
+?>
+DONE
+--EXPECTF--
+DONE
\ No newline at end of file
--
2.21.0

51
CVE-2019-11042.patch
View File

@ -1,51 +0,0 @@
From 99b7ef940e04cd273d03c5fa93bf182db2d7ce8d Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 7 Jul 2019 17:39:59 -0700
Subject: [PATCH] Fix bug #78256 (heap-buffer-overflow on
exif_process_user_comment)
---
ext/exif/exif.c | 4 ++--
ext/exif/tests/bug78256.phpt | 11 +++++++++++
2 files changed, 13 insertions(+), 2 deletions(-)
create mode 100644 ext/exif/tests/bug78256.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 77a11300..a80f2c2a 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3040,11 +3040,11 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP
/* First try to detect BOM: ZERO WIDTH NOBREAK SPACE (FEFF 16)
* since we have no encoding support for the BOM yet we skip that.
*/
- if (!memcmp(szValuePtr, "\xFE\xFF", 2)) {
+ if (ByteCount >=2 && !memcmp(szValuePtr, "\xFE\xFF", 2)) {
decode = "UCS-2BE";
szValuePtr = szValuePtr+2;
ByteCount -= 2;
- } else if (!memcmp(szValuePtr, "\xFF\xFE", 2)) {
+ } else if (ByteCount >=2 && !memcmp(szValuePtr, "\xFF\xFE", 2)) {
decode = "UCS-2LE";
szValuePtr = szValuePtr+2;
ByteCount -= 2;
diff --git a/ext/exif/tests/bug78256.phpt b/ext/exif/tests/bug78256.phpt
new file mode 100644
index 00000000..37a3f1d8
--- /dev/null
+++ b/ext/exif/tests/bug78256.phpt
@@ -0,0 +1,11 @@
+--TEST--
+Bug #78256 (heap-buffer-overflow on exif_process_user_comment)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+@exif_read_data(__DIR__."/bug78256.jpg", 'COMMENT', FALSE, TRUE);
+?>
+DONE
+--EXPECTF--
+DONE
\ No newline at end of file
--
2.21.0

131
CVE-2019-11043.patch
View File

@ -1,131 +0,0 @@
From ab061f95ca966731b1c84cf5b7b20155c0a1c06a Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sat, 12 Oct 2019 15:56:16 +0100
Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE)
(CVE-2019-11043)
---
sapi/fpm/fpm/fpm_main.c | 4 +-
.../tests/bug78599-path-info-underflow.phpt | 61 +++++++++++++++++++
sapi/fpm/tests/tester.inc | 11 +++-
3 files changed, 72 insertions(+), 4 deletions(-)
create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt
diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
index 24a7e5d56ac6..50f92981f1fb 100644
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1209,8 +1209,8 @@ static void init_request_info(void)
path_info = script_path_translated + ptlen;
tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
} else {
- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
- tflag = (orig_path_info != path_info);
+ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
+ tflag = path_info && (orig_path_info != path_info);
}
if (tflag) {
diff --git a/sapi/fpm/tests/bug78599-path-info-underflow.phpt b/sapi/fpm/tests/bug78599-path-info-underflow.phpt
new file mode 100644
index 000000000000..edd4e0d49699
--- /dev/null
+++ b/sapi/fpm/tests/bug78599-path-info-underflow.phpt
@@ -0,0 +1,61 @@
+--TEST--
+FPM: bug78599 - env_path_info underflow - CVE-2019-11043
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+require_once "tester.inc";
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+EOT;
+
+$code = <<<EOT
+<?php
+echo "Test Start\n";
+var_dump(\$_SERVER["PATH_INFO"]);
+echo "Test End\n";
+EOT;
+
+$tester = new FPM\Tester($cfg, $code);
+$tester->start();
+$tester->expectLogStartNotices();
+$uri = $tester->makeSourceFile();
+$tester
+ ->request(
+ '',
+ [
+ 'SCRIPT_FILENAME' => $uri . "/" . str_repeat('A', 35),
+ 'PATH_INFO' => '',
+ 'HTTP_HUI' => str_repeat('PTEST', 1000),
+ ],
+ $uri
+ )
+ ->expectBody(
+ [
+ 'Test Start',
+ 'string(0) ""',
+ 'Test End'
+ ]
+ );
+$tester->terminate();
+$tester->close();
+
+?>
+Done
+--EXPECT--
+Done
+--CLEAN--
+<?php
+require_once "tester.inc";
+FPM\Tester::clean();
+?>
diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc
index 70c03ad70f1c..3b6702866cc1 100644
--- a/sapi/fpm/tests/tester.inc
+++ b/sapi/fpm/tests/tester.inc
@@ -513,7 +513,7 @@ class Tester
return new Response(null, true);
}
if (is_null($uri)) {
- $uri = $this->makeFile('src.php', $this->code);
+ $uri = $this->makeSourceFile();
}
$params = array_merge(
@@ -538,7 +538,6 @@ class Tester
],
$headers
);
-
try {
$this->response = new Response(
$this->getClient($address, $connKeepAlive)->request_data($params, false)
@@ -944,6 +943,14 @@ class Tester
return $filePath;
}
+ /**
+ * @return string
+ */
+ public function makeSourceFile()
+ {
+ return $this->makeFile('src.php', $this->code);
+ }
+
/**
* @param string|null $msg
*/

72
CVE-2019-11045.patch
View File

@ -1,72 +0,0 @@
From a5a15965da23c8e97657278fc8dfbf1dfb20c016 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Mon, 25 Nov 2019 16:56:34 +0100
Subject: [PATCH] Fix #78863: DirectoryIterator class silently truncates after
a null byte
Since the constructor of DirectoryIterator and friends is supposed to
accepts paths (i.e. strings without NUL bytes), we must not accept
arbitrary strings.
---
ext/spl/spl_directory.c | 4 ++--
ext/spl/tests/bug78863.phpt | 31 +++++++++++++++++++++++++++++++
2 files changed, 33 insertions(+), 2 deletions(-)
create mode 100644 ext/spl/tests/bug78863.phpt
diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
index 91ea2e0265..56e809b1c7 100644
--- a/ext/spl/spl_directory.c
+++ b/ext/spl/spl_directory.c
@@ -701,10 +701,10 @@ void spl_filesystem_object_construct(INTERNAL_FUNCTION_PARAMETERS, zend_long cto
if (SPL_HAS_FLAG(ctor_flags, DIT_CTOR_FLAGS)) {
flags = SPL_FILE_DIR_KEY_AS_PATHNAME|SPL_FILE_DIR_CURRENT_AS_FILEINFO;
- parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &path, &len, &flags);
+ parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p|l", &path, &len, &flags);
} else {
flags = SPL_FILE_DIR_KEY_AS_PATHNAME|SPL_FILE_DIR_CURRENT_AS_SELF;
- parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s", &path, &len);
+ parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p", &path, &len);
}
if (SPL_HAS_FLAG(ctor_flags, SPL_FILE_DIR_SKIPDOTS)) {
flags |= SPL_FILE_DIR_SKIPDOTS;
diff --git a/ext/spl/tests/bug78863.phpt b/ext/spl/tests/bug78863.phpt
new file mode 100644
index 0000000000..dc88d98dee
--- /dev/null
+++ b/ext/spl/tests/bug78863.phpt
@@ -0,0 +1,31 @@
+--TEST--
+Bug #78863 (DirectoryIterator class silently truncates after a null byte)
+--FILE--
+<?php
+$dir = __DIR__ . '/bug78863';
+mkdir($dir);
+touch("$dir/bad");
+mkdir("$dir/sub");
+touch("$dir/sub/good");
+
+$it = new DirectoryIterator(__DIR__ . "/bug78863\0/sub");
+foreach ($it as $fileinfo) {
+ if (!$fileinfo->isDot()) {
+ var_dump($fileinfo->getFilename());
+ }
+}
+?>
+--EXPECTF--
+Fatal error: Uncaught UnexpectedValueException: DirectoryIterator::__construct() expects parameter 1 to be a valid path, string given in %s:%d
+Stack trace:
+#0 %s(%d): DirectoryIterator->__construct('%s')
+#1 {main}
+ thrown in %s on line %d
+--CLEAN--
+<?php
+$dir = __DIR__ . '/bug78863';
+unlink("$dir/sub/good");
+rmdir("$dir/sub");
+unlink("$dir/bad");
+rmdir($dir);
+?>
--
2.19.1

51
CVE-2019-11046.patch
View File

@ -1,51 +0,0 @@
From eb23c6008753b1cdc5359dead3a096dce46c9018 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sat, 30 Nov 2019 12:26:37 +0100
Subject: [PATCH] Fix #78878: Buffer underflow in bc_shift_addsub
We must not rely on `isdigit()` to detect digits, since we only support
decimal ASCII digits in the following processing.
---
ext/bcmath/libbcmath/src/str2num.c | 4 ++--
ext/bcmath/tests/bug78878.phpt | 13 +++++++++++++
2 files changed, 15 insertions(+), 2 deletions(-)
create mode 100644 ext/bcmath/tests/bug78878.phpt
diff --git a/ext/bcmath/libbcmath/src/str2num.c b/ext/bcmath/libbcmath/src/str2num.c
index f38d341570..03aec15930 100644
--- a/ext/bcmath/libbcmath/src/str2num.c
+++ b/ext/bcmath/libbcmath/src/str2num.c
@@ -57,9 +57,9 @@ bc_str2num (bc_num *num, char *str, int scale)
zero_int = FALSE;
if ( (*ptr == '+') || (*ptr == '-')) ptr++; /* Sign */
while (*ptr == '0') ptr++; /* Skip leading zeros. */
- while (isdigit((int)*ptr)) ptr++, digits++; /* digits */
+ while (*ptr >= '0' && *ptr <= '9') ptr++, digits++; /* digits */
if (*ptr == '.') ptr++; /* decimal point */
- while (isdigit((int)*ptr)) ptr++, strscale++; /* digits */
+ while (*ptr >= '0' && *ptr <= '9') ptr++, strscale++; /* digits */
if ((*ptr != '\0') || (digits+strscale == 0))
{
*num = bc_copy_num (BCG(_zero_));
diff --git a/ext/bcmath/tests/bug78878.phpt b/ext/bcmath/tests/bug78878.phpt
new file mode 100644
index 0000000000..2c9d72b946
--- /dev/null
+++ b/ext/bcmath/tests/bug78878.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Bug #78878 (Buffer underflow in bc_shift_addsub)
+--SKIPIF--
+<?php
+if (!extension_loaded('bcmath')) die('skip bcmath extension not available');
+?>
+--FILE--
+<?php
+print @bcmul("\xB26483605105519922841849335928742092", bcpowmod(2, 65535, -4e-4));
+?>
+--EXPECT--
+bc math warning: non-zero scale in modulus
+0
--
2.19.1

50
CVE-2019-11047.patch
View File

@ -1,50 +0,0 @@
From d348cfb96f2543565691010ade5e0346338be5a7 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 16 Dec 2019 00:10:39 -0800
Subject: [PATCH] Fixed bug #78910
---
ext/exif/exif.c | 3 ++-
ext/exif/tests/bug78910.phpt | 17 +++++++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
create mode 100644 ext/exif/tests/bug78910.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index f961f44a46c..c0be05922fb 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3154,7 +3154,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
continue;
if (maker_note->model && (!ImageInfo->model || strcmp(maker_note->model, ImageInfo->model)))
continue;
- if (maker_note->id_string && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
+ if (maker_note->id_string && value_len >= maker_note->id_string_len
+ && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
continue;
break;
}
diff --git a/ext/exif/tests/bug78910.phpt b/ext/exif/tests/bug78910.phpt
new file mode 100644
index 00000000000..f5b1c32c1bd
--- /dev/null
+++ b/ext/exif/tests/bug78910.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Bug #78910: Heap-buffer-overflow READ in exif (OSS-Fuzz #19044)
+--FILE--
+<?php
+
+var_dump(exif_read_data('data:image/jpg;base64,TU0AKgAAAAwgICAgAAIBDwAEAAAAAgAAACKSfCAgAAAAAEZVSklGSUxN'));
+
+?>
+--EXPECTF--
+Notice: exif_read_data(): Read from TIFF: tag(0x927C, MakerNote ): Illegal format code 0x2020, switching to BYTE in %s on line %d
+
+Warning: exif_read_data(): Process tag(x927C=MakerNote ): Illegal format code 0x2020, suppose BYTE in %s on line %d
+
+Warning: exif_read_data(): IFD data too short: 0x0000 offset 0x000C in %s on line %d
+
+Warning: exif_read_data(): Invalid TIFF file in %s on line %d
+bool(false)
--
2.11.0

36
CVE-2019-11048.patch
View File

@ -1,36 +0,0 @@
From 1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Wed, 18 Mar 2020 10:26:53 +0100
Subject: [PATCH] Fix #78875: Long filenames cause OOM and temp files are not
cleaned
We must not cast `size_t` to `int` (unless the `size_t` value is
guaranteed to be less than or equal to `INT_MAX`). In this case we can
declare `array_len` as `size_t` in the first place.
---
main/rfc1867.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/main/rfc1867.c b/main/rfc1867.c
index bd01b34cf070..783eab4175d5 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -692,7 +692,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL;
char *lbuf = NULL, *abuf = NULL;
zend_string *temp_filename = NULL;
- int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0;
+ int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0;
+ size_t array_len = 0;
int64_t total_bytes = 0, max_file_size = 0;
int skip_upload = 0, anonindex = 0, is_anonymous;
HashTable *uploaded_files = NULL;
@@ -1126,7 +1127,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
is_arr_upload = (start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']');
if (is_arr_upload) {
- array_len = (int)strlen(start_arr);
+ array_len = strlen(start_arr);
if (array_index) {
efree(array_index);
}

48
CVE-2019-11050.patch
View File

@ -1,48 +0,0 @@
From c14eb8de974fc8a4d74f3515424c293bc7a40fba Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 16 Dec 2019 01:14:38 -0800
Subject: [PATCH] Fix bug #78793
---
ext/exif/exif.c | 5 +++--
ext/exif/tests/bug78793.phpt | 12 ++++++++++++
2 files changed, 15 insertions(+), 2 deletions(-)
create mode 100644 ext/exif/tests/bug78793.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index c0be05922f..7fe055f381 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3235,8 +3235,9 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
}
for (de=0;de<NumDirEntries;de++) {
- if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,
- offset_base, data_len, displacement, section_index, 0, maker_note->tag_table)) {
+ size_t offset = 2 + 12 * de;
+ if (!exif_process_IFD_TAG(ImageInfo, dir_start + offset,
+ offset_base, data_len - offset, displacement, section_index, 0, maker_note->tag_table)) {
return FALSE;
}
}
diff --git a/ext/exif/tests/bug78793.phpt b/ext/exif/tests/bug78793.phpt
new file mode 100644
index 0000000000..033f255ace
--- /dev/null
+++ b/ext/exif/tests/bug78793.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug #78793: Use-after-free in exif parsing under memory sanitizer
+--FILE--
+<?php
+$f = "ext/exif/tests/bug77950.tiff";
+for ($i = 0; $i < 10; $i++) {
+ @exif_read_data($f);
+}
+?>
+===DONE===
+--EXPECT--
+===DONE===
--
2.19.1

59
CVE-2019-6977.patch
View File

@ -1,59 +0,0 @@
From a15af81b5f0058e020eda0f109f51a3c863f5212 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Sun, 30 Dec 2018 13:59:26 +0100
Subject: [PATCH] Fix #77270: imagecolormatch Out Of Bounds Write on Heap
At least some of the image reading functions may return images which
use color indexes greater than or equal to im->colorsTotal. We cater
to this by always using a buffer size which is sufficient for
`gdMaxColors` in `gdImageColorMatch()`.
(cherry picked from commit 7a12dad4dd6c370835b13afae214b240082c7538)
---
NEWS | 1 +
ext/gd/libgd/gd_color_match.c | 4 ++--
ext/gd/tests/bug77270.phpt | 18 ++++++++++++++++++
3 files changed, 21 insertions(+), 2 deletions(-)
create mode 100644 ext/gd/tests/bug77270.phpt
diff --git a/ext/gd/libgd/gd_color_match.c b/ext/gd/libgd/gd_color_match.c
index a4e56b1c40..e6f539bc75 100644
--- a/ext/gd/libgd/gd_color_match.c
+++ b/ext/gd/libgd/gd_color_match.c
@@ -33,8 +33,8 @@ int gdImageColorMatch (gdImagePtr im1, gdImagePtr im2)
return -4; /* At least 1 color must be allocated */
}
- buf = (unsigned long *)safe_emalloc(sizeof(unsigned long), 5 * im2->colorsTotal, 0);
- memset( buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal );
+ buf = (unsigned long *)safe_emalloc(sizeof(unsigned long), 5 * gdMaxColors, 0);
+ memset( buf, 0, sizeof(unsigned long) * 5 * gdMaxColors );
for (x=0; x<im1->sx; x++) {
for( y=0; y<im1->sy; y++ ) {
diff --git a/ext/gd/tests/bug77270.phpt b/ext/gd/tests/bug77270.phpt
new file mode 100644
index 0000000000..1c4555a64d
--- /dev/null
+++ b/ext/gd/tests/bug77270.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Bug #77270 (imagecolormatch Out Of Bounds Write on Heap)
+--SKIPIF--
+<?php
+if (!extension_loaded('gd')) die('skip gd extension not available');
+if (!GD_BUNDLED && version_compare(GD_VERSION, '2.2.5', '<=')) die('skip upstream bugfix has not been released');
+?>
+--FILE--
+<?php
+$img1 = imagecreatetruecolor(0xfff, 0xfff);
+$img2 = imagecreate(0xfff, 0xfff);
+imagecolorallocate($img2, 0, 0, 0);
+imagesetpixel($img2, 0, 0, 255);
+imagecolormatch($img1, $img2);
+?>
+===DONE===
+--EXPECT--
+===DONE===
--
2.11.0

14
CVE-2019-9021.patch
View File

@ -1,14 +0,0 @@
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 4d5988eaa9..812720a011 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -2026,7 +2026,7 @@ next_extension:
}
while (pos != filename && (*(pos - 1) == '/' || *(pos - 1) == '\0')) {
- pos = memchr(pos + 1, '.', filename_len - (pos - filename) + 1);
+ pos = memchr(pos + 1, '.', filename_len - (pos - filename) - 1);
if (!pos) {
return FAILURE;
}

37
CVE-2019-9022.patch
View File

@ -1,37 +0,0 @@
From 8d3dfabef459fe7815e8ea2fd68753fd17859d7b Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sat, 29 Dec 2018 20:39:08 -0800
Subject: [PATCH] Fix #77369 - memcpy with negative length via crafted DNS
response
---
ext/standard/dns.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index 8e102f8..b5fbcb9 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -459,6 +459,10 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
GETLONG(ttl, cp);
GETSHORT(dlen, cp);
CHECKCP(dlen);
+ if (dlen == 0) {
+ /* No data in the response - nothing to do */
+ return NULL;
+ }
if (type_to_fetch != T_ANY && type != type_to_fetch) {
cp += dlen;
return cp;
@@ -549,6 +553,9 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t
CHECKCP(n);
add_assoc_stringl(subarray, "tag", (char*)cp, n);
cp += n;
+ if ( (size_t) dlen < ((size_t)n) + 2 ) {
+ return NULL;
+ }
n = dlen - n - 2;
CHECKCP(n);
add_assoc_stringl(subarray, "value", (char*)cp, n);
--
2.1.4

91
CVE-2019-9023.patch
View File

@ -1,91 +0,0 @@
From 9a96e864885ccc3b19d360ba410a562eb7c5dc45 Mon Sep 17 00:00:00 2001
From: gwx620998 <gulining1@huawei.com>
Date: Sat, 23 Mar 2019 03:34:11 -0400
Subject: [PATCH] CVE-2019-9023
Signed-off-by: gwx620998 <gulining1@huawei.com>
---
ext/mbstring/oniguruma/src/regcomp.c | 3 +++
ext/mbstring/oniguruma/src/regparse.c | 2 ++
ext/mbstring/oniguruma/src/unicode.c | 1 +
ext/mbstring/oniguruma/src/utf32_be.c | 3 ++-
4 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/ext/mbstring/oniguruma/src/regcomp.c b/ext/mbstring/oniguruma/src/regcomp.c
index 0e9a9ab..cf914cc 100644
--- a/ext/mbstring/oniguruma/src/regcomp.c
+++ b/ext/mbstring/oniguruma/src/regcomp.c
@@ -476,6 +476,7 @@ compile_length_string_node(Node* node, regex_t* reg)
for (; p < sn->end; ) {
len = enclen(enc, p);
+ if (p + len > sn->end) len = sn->end - p;
if (len == prev_len) {
slen++;
}
@@ -524,6 +525,7 @@ compile_string_node(Node* node, regex_t* reg)
for (; p < end; ) {
len = enclen(enc, p);
+ if (p + len > end) len = end - p;
if (len == prev_len) {
slen++;
}
@@ -3436,6 +3438,7 @@ expand_case_fold_string(Node* node, regex_t* reg)
}
len = enclen(reg->enc, p);
+ if (p + len > end) len = end - p;
if (n == 0) {
if (IS_NULL(snode)) {
diff --git a/ext/mbstring/oniguruma/src/regparse.c b/ext/mbstring/oniguruma/src/regparse.c
index 8153513..9393b9d 100644
--- a/ext/mbstring/oniguruma/src/regparse.c
+++ b/ext/mbstring/oniguruma/src/regparse.c
@@ -3594,6 +3594,7 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
}
else { /* string */
p = tok->backp + enclen(enc, tok->backp);
+ if (p > end) p = end;
}
}
break;
@@ -3763,6 +3764,7 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
out:
#endif
*src = p;
+ if (*src > end) *src = end;
return tok->type;
}
diff --git a/ext/mbstring/oniguruma/src/unicode.c b/ext/mbstring/oniguruma/src/unicode.c
index 8812ca2..cbdc42f 100644
--- a/ext/mbstring/oniguruma/src/unicode.c
+++ b/ext/mbstring/oniguruma/src/unicode.c
@@ -255,6 +255,7 @@ onigenc_unicode_mbc_case_fold(OnigEncoding enc,
code = ONIGENC_MBC_TO_CODE(enc, p, end);
len = enclen(enc, p);
+ if (*pp + len > end) len = end - *pp;
*pp += len;
#ifdef USE_UNICODE_CASE_FOLD_TURKISH_AZERI
diff --git a/ext/mbstring/oniguruma/src/utf32_be.c b/ext/mbstring/oniguruma/src/utf32_be.c
index d0c7f39..4cf6fed 100644
--- a/ext/mbstring/oniguruma/src/utf32_be.c
+++ b/ext/mbstring/oniguruma/src/utf32_be.c
@@ -65,8 +65,9 @@ utf32be_is_mbc_newline(const UChar* p, const UChar* end)
}
static OnigCodePoint
-utf32be_mbc_to_code(const UChar* p, const UChar* end ARG_UNUSED)
+utf32be_mbc_to_code(const UChar* p, const UChar* end)
{
+ if (p + 4 > end) return (OnigCodePoint ) NULL;
return (OnigCodePoint )(((p[0] * 256 + p[1]) * 256 + p[2]) * 256 + p[3]);
}
--
1.8.3.1

23
CVE-2019-9024.patch
View File

@ -1,23 +0,0 @@
From 1cc2182bcc81e185c14837e659d12b268cb99d63 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Tue, 1 Jan 2019 17:15:20 -0800
Subject: [PATCH] Fix bug #77380 (Global out of bounds read in xmlrpc base64
code)
---
diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c
index 5ebdf31..a4fa193 100644
--- a/ext/xmlrpc/libxmlrpc/base64.c
+++ b/ext/xmlrpc/libxmlrpc/base64.c
@@ -169,7 +169,7 @@ void base64_decode_xmlrpc(struct buffer_st *bfr, const char *source, int length)
return;
}
- if (dtable[c] & 0x80) {
+ if (dtable[(unsigned char)c] & 0x80) {
/*
fprintf(stderr, "Offset %i length %i\n", offset, length);
fprintf(stderr, "character '%c:%x:%c' in input file.\n", c, c, dtable[c]);
--
2.1.4

85
CVE-2019-9637.patch
View File

@ -1,85 +0,0 @@
From 40f6425978917209cb0c2c3be05a25c65c9a900e Mon Sep 17 00:00:00 2001
From: gwx620998 <gulining1@huawei.com>
Date: Sat, 23 Mar 2019 07:14:35 -0400
Subject: [PATCH] CVE-2019-9637
Signed-off-by: gwx620998 <gulining1@huawei.com>
---
main/streams/plain_wrapper.c | 50 +++++++++++++++++++++++++++++---------------
1 file changed, 33 insertions(+), 17 deletions(-)
diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c
index 9b36d00..cb9e642 100644
--- a/main/streams/plain_wrapper.c
+++ b/main/streams/plain_wrapper.c
@@ -1168,34 +1168,50 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, const char *url_f
# ifdef EXDEV
if (errno == EXDEV) {
zend_stat_t sb;
+# if !defined(ZTS) && !defined(TSRM_WIN32) && !defined(NETWARE)
+ /* not sure what to do in ZTS case, umask is not thread-safe */
+ int oldmask = umask(077);
+# endif
+ int success = 0;
if (php_copy_file(url_from, url_to) == SUCCESS) {
if (VCWD_STAT(url_from, &sb) == 0) {
+ success = 1;
# ifndef TSRM_WIN32
- if (VCWD_CHMOD(url_to, sb.st_mode)) {
- if (errno == EPERM) {
- php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno));
- VCWD_UNLINK(url_from);
- return 1;
- }
+ /*
+ * Try to set user and permission info on the target.
+ * If we're not root, then some of these may fail.
+ * We try chown first, to set proper group info, relying
+ * on the system environment to have proper umask to not allow
+ * access to the file in the meantime.
+ */
+ if (VCWD_CHOWN(url_to, sb.st_uid, sb.st_gid)) {
php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno));
- return 0;
+ if (errno != EPERM) {
+ success = 0;
+ }
}
- if (VCWD_CHOWN(url_to, sb.st_uid, sb.st_gid)) {
- if (errno == EPERM) {
+ if (success) {
+ if (VCWD_CHMOD(url_to, sb.st_mode)) {
php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno));
- VCWD_UNLINK(url_from);
- return 1;
+ if (errno != EPERM) {
+ success = 0;
+ }
}
- php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno));
- return 0;
}
# endif
- VCWD_UNLINK(url_from);
- return 1;
+ if (success) {
+ VCWD_UNLINK(url_from);
+ }
+ } else {
+ php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno));
}
+ } else {
+ php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno));
}
- php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno));
- return 0;
+# if !defined(ZTS) && !defined(TSRM_WIN32) && !defined(NETWARE)
+ umask(oldmask);
+# endif
+ return success;
}
# endif
#endif
--
1.8.3.1

60
CVE-2019-9638-CVE-2019-9639.patch
View File

@ -1,60 +0,0 @@
From 7168d3dc576344f7e55fac81d86304d2421ffe93 Mon Sep 17 00:00:00 2001
From: gwx620998 <gulining1@huawei.com>
Date: Sat, 23 Mar 2019 07:42:34 -0400
Subject: [PATCH] CVE-2019-9638
Signed-off-by: gwx620998 <gulining1@huawei.com>
---
ext/exif/exif.c | 5 +++--
ext/exif/tests/bug77563.phpt | 16 ++++++++++++++++
2 files changed, 19 insertions(+), 2 deletions(-)
create mode 100644 ext/exif/tests/bug77563.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 3a76d8f..d82b5ae 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3151,8 +3151,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
continue;
break;
}
-
- if (maker_note->offset >= value_len) {
+
+ if (value_len < 2 || maker_note->offset >= value_len - 1) {
/* Do not go past the value end */
exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data too short: 0x%04X offset 0x%04X", value_len, maker_note->offset);
return FALSE;
@@ -3207,6 +3207,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
#endif
default:
case MN_OFFSET_NORMAL:
+ data_len = value_len;
break;
}
diff --git a/ext/exif/tests/bug77563.phpt b/ext/exif/tests/bug77563.phpt
new file mode 100644
index 0000000..d1c5b9f
--- /dev/null
+++ b/ext/exif/tests/bug77563.phpt
@@ -0,0 +1,16 @@
++--TEST--
++Bug 77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE)
++--SKIPIF--
++<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
++--FILE--
++<?php
++$s = exif_thumbnail(__DIR__."/bug77563.jpg");
++?>
++DONE
++--EXPECTF--
++Warning: exif_thumbnail(bug77563.jpg): Illegal IFD offset in %s/bug77563.php on line %d
++
++Warning: exif_thumbnail(bug77563.jpg): File structure corrupted in %s/bug77563.php on line %d
++
++Warning: exif_thumbnail(bug77563.jpg): Invalid JPEG file in %s/bug77563.php on line %d
++DONE
--
1.8.3.1

74
CVE-2019-9640.patch
View File

@ -1,74 +0,0 @@
From 30d2b94a2e88021b77b07149e1f4438662ca8e5e Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sat, 2 Mar 2019 13:38:00 -0800
Subject: [PATCH] Fix bug #77540 - Invalid Read on exif_process_SOFn
---
ext/exif/exif.c | 10 ++++++++--
ext/exif/tests/bug77540.jpg | Bin 0 -> 91 bytes
ext/exif/tests/bug77540.phpt | 16 ++++++++++++++++
3 files changed, 24 insertions(+), 2 deletions(-)
create mode 100644 ext/exif/tests/bug77540.jpg
create mode 100644 ext/exif/tests/bug77540.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 4f2f660..8ed9c85 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3902,7 +3902,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo)
return FALSE;
marker = c;
length = php_jpg_get16(data+pos);
- if (pos+length>=ImageInfo->Thumbnail.size) {
+ if (length > ImageInfo->Thumbnail.size || pos >= ImageInfo->Thumbnail.size - length) {
return FALSE;
}
#ifdef EXIF_DEBUG
@@ -3923,6 +3923,10 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo)
case M_SOF14:
case M_SOF15:
/* handle SOFn block */
+ if (length < 8 || ImageInfo->Thumbnail.size - 8 < pos) {
+ /* exif_process_SOFn needs 8 bytes */
+ return FALSE;
+ }
exif_process_SOFn(data+pos, marker, &sof_info);
ImageInfo->Thumbnail.height = sof_info.height;
ImageInfo->Thumbnail.width = sof_info.width;
@@ -4654,7 +4658,9 @@ PHP_FUNCTION(exif_thumbnail)
ZVAL_STRINGL(return_value, ImageInfo.Thumbnail.data, ImageInfo.Thumbnail.size);
if (arg_c >= 3) {
if (!ImageInfo.Thumbnail.width || !ImageInfo.Thumbnail.height) {
- exif_scan_thumbnail(&ImageInfo);
+ if (!exif_scan_thumbnail(&ImageInfo)) {
+ ImageInfo.Thumbnail.width = ImageInfo.Thumbnail.height = 0;
+ }
}
zval_dtor(z_width);
zval_dtor(z_height);
--
diff --git a/ext/exif/tests/bug77540.phpt b/ext/exif/tests/bug77540.phpt
new file mode 100644
index 0000000..8702e0c
--- /dev/null
+++ b/ext/exif/tests/bug77540.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug 77540 (Invalid Read on exif_process_SOFn)
+--SKIPIF--
+<?php if (!extension_loaded('exif')) print 'skip exif extension not available';?>
+--FILE--
+<?php
+$width = $height = 42;
+$s = exif_thumbnail(__DIR__."/bug77540.jpg", $width, $height);
+echo "Width ".$width."\n";
+echo "Height ".$height."\n";
+?>
+DONE
+--EXPECTF--
+Width 0
+Height 0
+DONE
--
2.1.4

60
CVE-2020-7064.patch
View File

@ -1,60 +0,0 @@
From 0c77b4307df73217283a4aaf9313e1a33a0967ff Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 15 Mar 2020 17:26:00 -0700
Subject: [PATCH] Fixed bug #79282
---
ext/exif/exif.c | 7 ++++++-
ext/exif/tests/bug79282.phpt | 15 +++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)
create mode 100644 ext/exif/tests/bug79282.phpt
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index a63e0c1..b85ac19 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3660,6 +3660,11 @@ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf,
{
unsigned exif_value_2a, offset_of_ifd;
+ if (length < 2) {
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Missing TIFF alignment marker");
+ return;
+ }
+
/* set the thumbnail stuff to nothing so we can test to see if they get set up */
if (memcmp(CharBuf, "II", 2) == 0) {
ImageInfo->motorola_intel = 0;
@@ -3812,7 +3817,7 @@ static int exif_scan_JPEG_header(image_info_type *ImageInfo)
return FALSE;
}
- sn = exif_file_sections_add(ImageInfo, marker, itemlen+1, NULL);
+ sn = exif_file_sections_add(ImageInfo, marker, itemlen, NULL);
Data = ImageInfo->file.list[sn].data;
/* Store first two pre-read bytes. */
diff --git a/ext/exif/tests/bug79282.phpt b/ext/exif/tests/bug79282.phpt
new file mode 100644
index 0000000..7b7e365
--- /dev/null
+++ b/ext/exif/tests/bug79282.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #79282: Use-of-uninitialized-value in exif
+--FILE--
+<?php
+
+var_dump(exif_read_data('data://image/jpeg;base64,/9jhAAlFeGlmAAAg'));
+
+?>
+--EXPECTF--
+Warning: exif_read_data(): Invalid TIFF alignment marker in %s on line %d
+
+Warning: exif_read_data(): File structure corrupted in %s on line %d
+
+Warning: exif_read_data(): Invalid JPEG file in %s on line %d
+bool(false)
--
1.8.3.1

25
CVE-2020-7066.patch
View File

@ -1,25 +0,0 @@
From 0181cb204b54ee08710147338b76dc0845aba4f9 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 15 Mar 2020 17:30:44 -0700
Subject: [PATCH] Fix bug #79329 - get_headers should not accept \0
---
ext/standard/url.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/standard/url.c b/ext/standard/url.c
index 57fd80c..fe6d7f9 100644
--- a/ext/standard/url.c
+++ b/ext/standard/url.c
@@ -680,7 +680,7 @@ PHP_FUNCTION(get_headers)
php_stream_context *context;
ZEND_PARSE_PARAMETERS_START(1, 3)
- Z_PARAM_STRING(url, url_len)
+ Z_PARAM_PATH(url, url_len)
Z_PARAM_OPTIONAL
Z_PARAM_LONG(format)
Z_PARAM_RESOURCE_EX(zcontext, 1, 0)
--
1.8.3.1

26
CVE-2020-7068.patch
View File

@ -1,26 +0,0 @@
From 7355ab81763a3d6a04ac11660e6a16d58838d187 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker"<cmbecker69@gmx.de>
Date: Tue, 14 Jul 2020 17:04:24 +0200
Subject: [PATCH] Fix #79797: Use of freed hash key in the
phar_parse_zipfile funtion
---
ext/phar/zip.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/phar/zip.c b/ext/phar/zip.c
index d615e8ad..50c5d69e 100644
--- a/ext/phar/zip.c
+++ b/ext/phar/zip.c
@@ -703,7 +703,7 @@ foundit:
efree(actual_alias);
}
- zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata);
+ zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), mydata->alias, mydata->alias_len, mydata);
} else {
phar_archive_data *fd_ptr;
--
2.23.0

37
be50a72715c141befe6f34ece660745da894aaf3.patch
View File

@ -1,37 +0,0 @@
From be50a72715c141befe6f34ece660745da894aaf3 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sun, 9 Sep 2018 18:53:37 +0100
Subject: [PATCH] Fix ssl stream reneg limit test to print only after first
renegotiation
It has been reported that in some setup the test does multiple
renegotiations which is allowed.
---
ext/openssl/tests/stream_server_reneg_limit.phpt | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt
index f0353351a23a..f033cbabe343 100644
--- a/ext/openssl/tests/stream_server_reneg_limit.phpt
+++ b/ext/openssl/tests/stream_server_reneg_limit.phpt
@@ -22,14 +22,18 @@ if(substr(PHP_OS, 0, 3) == 'WIN') {
*/
$serverCode = <<<'CODE'
+ $printed = false;
$serverUri = "ssl://127.0.0.1:64321";
$serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
$serverCtx = stream_context_create(['ssl' => [
'local_cert' => __DIR__ . '/bug54992.pem',
'reneg_limit' => 0,
'reneg_window' => 30,
- 'reneg_limit_callback' => function($stream) {
- var_dump($stream);
+ 'reneg_limit_callback' => function($stream) use (&$printed) {
+ if (!$printed) {
+ $printed = true;
+ var_dump($stream);
+ }
}
]]);

22
c1729272b17a1fe893d1a54e423d3b71470f3ee8.patch
View File

@ -1,22 +0,0 @@
From c1729272b17a1fe893d1a54e423d3b71470f3ee8 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 29 Aug 2018 09:10:59 +0200
Subject: [PATCH] fix double cast to int on 32-bit
---
Zend/zend_operators.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c
index cafb14d4cc25..9a8a40142433 100644
--- a/Zend/zend_operators.c
+++ b/Zend/zend_operators.c
@@ -3101,7 +3101,7 @@ ZEND_API zend_long ZEND_FASTCALL zend_dval_to_lval_slow(double d)
if (dmod < 0) {
/* we're going to make this number positive; call ceil()
* to simulate rounding towards 0 of the negative number */
- dmod = ceil(dmod);// + two_pow_32;
+ dmod = ceil(dmod) + two_pow_32;
}
return (zend_long)(zend_ulong)dmod;
}

38
cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch
View File

@ -1,38 +0,0 @@
From cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Sun, 2 Sep 2018 20:00:08 +0100
Subject: [PATCH] Fix stream_security_level.phpt with OpenSSL 1.1.1
---
ext/openssl/tests/stream_security_level.phpt | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt
index fb1d36a58624..26fedcf670e9 100644
--- a/ext/openssl/tests/stream_security_level.phpt
+++ b/ext/openssl/tests/stream_security_level.phpt
@@ -5,6 +5,7 @@ security_level setting to prohibit cert
if (!extension_loaded("openssl")) die("skip openssl not loaded");
if (OPENSSL_VERSION_NUMBER < 0x10100000) die("skip OpenSSL >= v1.1.0 required");
if (!function_exists("proc_open")) die("skip no proc_open");
+?>
--FILE--
<?php
$serverCode = <<<'CODE'
@@ -24,7 +25,7 @@ $clientCode = <<<'CODE'
$serverUri = "ssl://127.0.0.1:64322";
$clientFlags = STREAM_CLIENT_CONNECT;
$clientCtx = stream_context_create(['ssl' => [
- 'security_level' => 3,
+ 'security_level' => 2,
'verify_peer' => true,
'cafile' => __DIR__ . '/bug54992-ca.pem',
'verify_peer_name' => false
@@ -38,6 +39,7 @@ CODE;
include 'ServerClientTestCase.inc';
ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+?>
--EXPECTF--
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d

17
php-5.3.0-recode.patch
View File

@ -1,17 +0,0 @@
diff -up php-5.3.0beta1/ext/recode/config9.m4.recode php-5.3.0beta1/ext/recode/config9.m4
--- php-5.3.0beta1/ext/recode/config9.m4.recode 2008-12-02 00:30:21.000000000 +0100
+++ php-5.3.0beta1/ext/recode/config9.m4 2009-02-28 09:46:50.000000000 +0100
@@ -4,13 +4,6 @@ dnl
dnl Check for extensions with which Recode can not work
if test "$PHP_RECODE" != "no"; then
- test "$PHP_IMAP" != "no" && recode_conflict="$recode_conflict imap"
-
- if test -n "$MYSQL_LIBNAME"; then
- PHP_CHECK_LIBRARY($MYSQL_LIBNAME, hash_insert, [
- recode_conflict="$recode_conflict mysql"
- ])
- fi
if test -n "$recode_conflict"; then
AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict])

23
php-5.6.3-datetests.patch
View File

@ -1,23 +0,0 @@
--- a/ext/date/tests/bug66985.phpt 2014-10-30 07:32:03.297693403 +0100
+++ b/ext/date/tests/bug66985.phpt 2014-10-30 07:32:45.138877977 +0100
@@ -3,7 +3,7 @@
--FILE--
<?php
$zones = array(
- "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "Factory", "GB-Eire",
+ "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "GB-Eire",
"GMT0", "Greenwich", "Hongkong", "Iceland", "Iran", "Israel", "Jamaica",
"Japan", "Kwajalein", "Libya", "MST7MDT", "Navajo", "NZ-CHAT", "Poland",
"Portugal", "PST8PDT", "Singapore", "Turkey", "Universal", "W-SU",
@@ -45,11 +45,6 @@
)
DateTimeZone Object
(
- [timezone_type] => 3
- [timezone] => Factory
-)
-DateTimeZone Object
-(
[timezone_type] => 3
[timezone] => GB-Eire
)

27
php-5.6.3-phpinfo.patch
View File

@ -1,27 +0,0 @@
Drop "Configure Command" from phpinfo as it doesn't
provide any useful information.
The available extensions are not related to this command.
--- php-5.4.9/ext/standard/info.c.orig 2012-12-11 10:43:02.450578276 +0100
+++ php-5.4.9/ext/standard/info.c 2012-12-11 10:44:12.530820821 +0100
@@ -743,9 +743,6 @@
#ifdef ARCHITECTURE
php_info_print_table_row(2, "Architecture", ARCHITECTURE);
#endif
-#ifdef CONFIGURE_COMMAND
- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
-#endif
if (sapi_module.pretty_name) {
php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
--- php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt.orig 2012-12-11 11:07:26.959156091 +0100
+++ php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt 2012-12-11 11:07:30.899170970 +0100
@@ -20,7 +20,6 @@
System => %s
Build Date => %s%a
-Configure Command => %s
Server API => Command Line Interface
Virtual Directory Support => %s
Configuration File (php.ini) Path => %s

2
php-7.2.0-includedir.patch
View File

@ -5,7 +5,7 @@
EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"`
EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"`
-INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR
+INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:${EXPANDED_DATADIR}/php
+INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:${EXPANDED_DATADIR}/php:/usr/share/pear:/usr/share/php
exec_prefix=$old_exec_prefix
libdir=$old_libdir

30
php-7.2.4-dlopen.patch
View File

@ -1,30 +0,0 @@
diff -up php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen php-7.2.4RC1/sapi/litespeed/lsapilib.c
--- php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen 2018-03-13 12:40:25.330885880 +0100
+++ php-7.2.4RC1/sapi/litespeed/lsapilib.c 2018-03-13 12:41:35.797251042 +0100
@@ -755,7 +755,7 @@ static int (*fp_lve_leave)(struct liblve
static int (*fp_lve_jail)( struct passwd *, char *) = NULL;
static int lsapi_load_lve_lib(void)
{
- s_liblve = dlopen("liblve.so.0", RTLD_LAZY);
+ s_liblve = dlopen("liblve.so.0", RTLD_NOW);
if (s_liblve)
{
fp_lve_is_available = dlsym(s_liblve, "lve_is_available");
diff -up php-7.2.4RC1/Zend/zend_portability.h.dlopen php-7.2.4RC1/Zend/zend_portability.h
--- php-7.2.4RC1/Zend/zend_portability.h.dlopen 2018-03-13 12:33:38.000000000 +0100
+++ php-7.2.4RC1/Zend/zend_portability.h 2018-03-13 12:40:25.330885880 +0100
@@ -144,11 +144,11 @@
# endif
# if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT)
-# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT)
+# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT)
# elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__)
-# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_DEEPBIND)
+# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL | RTLD_DEEPBIND)
# else
-# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL)
+# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL)
# endif
# define DL_UNLOAD dlclose
# if defined(DLSYM_NEEDS_UNDERSCORE)

12
php-7.2.4-fixheader.patch
View File

@ -1,12 +0,0 @@
diff -up php-7.2.4RC1/configure.ac.fixheader php-7.2.4RC1/configure.ac
--- php-7.2.4RC1/configure.ac.fixheader 2018-03-13 12:42:47.594623100 +0100
+++ php-7.2.4RC1/configure.ac 2018-03-13 12:43:35.591871825 +0100
@@ -1275,7 +1275,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d`
fi
AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date])
-PHP_UNAME=`uname -a | xargs`
+PHP_UNAME=`uname | xargs`
AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output])
PHP_OS=`uname | xargs`
AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output])

280
php-7.2.8-getallheaders.patch
View File

@ -1,280 +0,0 @@
Adapted for 7.2 from 7.3 by remi
From 0ea4013f101d64fbeb9221260b36e98f10ed1ddd Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 4 Jul 2018 08:48:38 +0200
Subject: [PATCH] Fixed bug #62596 add getallheaders (apache_request_headers)
missing function in FPM add sapi_add_request_header in public API (was
add_request_header) fix arginfo for fastcgi_finish_request fucntion
---
main/SAPI.c | 50 +++++++++++++++++++++++++++++
main/SAPI.h | 1 +
sapi/cgi/cgi_main.c | 51 +----------------------------
sapi/fpm/fpm/fpm_main.c | 25 ++++++++++++++-
sapi/fpm/tests/getallheaders.phpt | 67 +++++++++++++++++++++++++++++++++++++++
5 files changed, 143 insertions(+), 51 deletions(-)
create mode 100644 sapi/fpm/tests/getallheaders.phpt
diff --git a/main/SAPI.c b/main/SAPI.c
index b6c3329..7e0c7c8 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -1104,6 +1104,56 @@ SAPI_API void sapi_terminate_process(void) {
}
}
+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */
+{
+ zval *return_value = (zval*)arg;
+ char *str = NULL;
+
+ ALLOCA_FLAG(use_heap)
+
+ if (var_len > 5 &&
+ var[0] == 'H' &&
+ var[1] == 'T' &&
+ var[2] == 'T' &&
+ var[3] == 'P' &&
+ var[4] == '_') {
+
+ char *p;
+
+ var_len -= 5;
+ p = var + 5;
+ var = str = do_alloca(var_len + 1, use_heap);
+ *str++ = *p++;
+ while (*p) {
+ if (*p == '_') {
+ *str++ = '-';
+ p++;
+ if (*p) {
+ *str++ = *p++;
+ }
+ } else if (*p >= 'A' && *p <= 'Z') {
+ *str++ = (*p++ - 'A' + 'a');
+ } else {
+ *str++ = *p++;
+ }
+ }
+ *str = 0;
+ } else if (var_len == sizeof("CONTENT_TYPE")-1 &&
+ memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) {
+ var = "Content-Type";
+ } else if (var_len == sizeof("CONTENT_LENGTH")-1 &&
+ memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) {
+ var = "Content-Length";
+ } else {
+ return;
+ }
+ add_assoc_stringl_ex(return_value, var, var_len, val, val_len);
+ if (str) {
+ free_alloca(var, use_heap);
+ }
+}
+/* }}} */
+
/*
* Local variables:
* tab-width: 4
diff --git a/main/SAPI.h b/main/SAPI.h
index f829fd7..4b8e223 100644
--- a/main/SAPI.h
+++ b/main/SAPI.h
@@ -151,6 +151,7 @@ SAPI_API void sapi_shutdown(void);
SAPI_API void sapi_activate(void);
SAPI_API void sapi_deactivate(void);
SAPI_API void sapi_initialize_empty_request(void);
+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg);
END_EXTERN_C()
/*
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
index 2e9cefe..350846d 100644
--- a/sapi/cgi/cgi_main.c
+++ b/sapi/cgi/cgi_main.c
@@ -1591,54 +1591,6 @@ PHP_FUNCTION(apache_child_terminate) /*
}
/* }}} */
-static void add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */
-{
- zval *return_value = (zval*)arg;
- char *str = NULL;
- char *p;
- ALLOCA_FLAG(use_heap)
-
- if (var_len > 5 &&
- var[0] == 'H' &&
- var[1] == 'T' &&
- var[2] == 'T' &&
- var[3] == 'P' &&
- var[4] == '_') {
-
- var_len -= 5;
- p = var + 5;
- var = str = do_alloca(var_len + 1, use_heap);
- *str++ = *p++;
- while (*p) {
- if (*p == '_') {
- *str++ = '-';
- p++;
- if (*p) {
- *str++ = *p++;
- }
- } else if (*p >= 'A' && *p <= 'Z') {
- *str++ = (*p++ - 'A' + 'a');
- } else {
- *str++ = *p++;
- }
- }
- *str = 0;
- } else if (var_len == sizeof("CONTENT_TYPE")-1 &&
- memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) {
- var = "Content-Type";
- } else if (var_len == sizeof("CONTENT_LENGTH")-1 &&
- memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) {
- var = "Content-Length";
- } else {
- return;
- }
- add_assoc_stringl_ex(return_value, var, var_len, val, val_len);
- if (str) {
- free_alloca(var, use_heap);
- }
-}
-/* }}} */
-
PHP_FUNCTION(apache_request_headers) /* {{{ */
{
if (zend_parse_parameters_none()) {
@@ -1648,7 +1600,7 @@ PHP_FUNCTION(apache_request_headers) /*
if (fcgi_is_fastcgi()) {
fcgi_request *request = (fcgi_request*) SG(server_context);
- fcgi_loadenv(request, add_request_header, return_value);
+ fcgi_loadenv(request, sapi_add_request_header, return_value);
} else {
char buf[128];
char **env, *p, *q, *var, *val, *t = buf;
diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
index 3256660..e815be4 100644
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1533,6 +1533,10 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */
{
fcgi_request *request = (fcgi_request*) SG(server_context);
+ if (zend_parse_parameters_none() == FAILURE) {
+ return;
+ }
+
if (!fcgi_is_closed(request)) {
php_output_end_all();
php_header();
@@ -1547,8 +1551,27 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */
}
/* }}} */
+ZEND_BEGIN_ARG_INFO(cgi_fcgi_sapi_no_arginfo, 0)
+ZEND_END_ARG_INFO()
+
+PHP_FUNCTION(apache_request_headers) /* {{{ */
+{
+ fcgi_request *request;
+
+ if (zend_parse_parameters_none() == FAILURE) {
+ return;
+ }
+
+ array_init(return_value);
+ if ((request = (fcgi_request*) SG(server_context))) {
+ fcgi_loadenv(request, sapi_add_request_header, return_value);
+ }
+} /* }}} */
+
static const zend_function_entry cgi_fcgi_sapi_functions[] = {
- PHP_FE(fastcgi_finish_request, NULL)
+ PHP_FE(fastcgi_finish_request, cgi_fcgi_sapi_no_arginfo)
+ PHP_FE(apache_request_headers, cgi_fcgi_sapi_no_arginfo)
+ PHP_FALIAS(getallheaders, apache_request_headers, cgi_fcgi_sapi_no_arginfo)
PHP_FE_END
};
diff --git a/sapi/fpm/tests/getallheaders.phpt b/sapi/fpm/tests/getallheaders.phpt
new file mode 100644
index 0000000..b41f1c6
--- /dev/null
+++ b/sapi/fpm/tests/getallheaders.phpt
@@ -0,0 +1,67 @@
+--TEST--
+FPM: Function getallheaders basic test
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+require_once "tester.inc";
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+EOT;
+
+$code = <<<EOT
+<?php
+echo "Test Start\n";
+var_dump(getallheaders());
+echo "Test End\n";
+EOT;
+
+$headers = [];
+$tester = new FPM\Tester($cfg, $code);
+$tester->start();
+$tester->expectLogStartNotices();
+$tester->request(
+ '',
+ [
+ 'HTTP_X_FOO' => 'BAR',
+ 'HTTP_FOO' => 'foo'
+ ]
+ )->expectBody(
+ [
+ 'Test Start',
+ 'array(4) {',
+ ' ["Foo"]=>',
+ ' string(3) "foo"',
+ ' ["X-Foo"]=>',
+ ' string(3) "BAR"',
+ ' ["Content-Length"]=>',
+ ' string(1) "0"',
+ ' ["Content-Type"]=>',
+ ' string(0) ""',
+ '}',
+ 'Test End',
+ ]
+ );
+$tester->terminate();
+$tester->expectLogTerminatingNotices();
+$tester->close();
+
+?>
+Done
+--EXPECT--
+Done
+--CLEAN--
+<?php
+require_once "tester.inc";
+FPM\Tester::clean();
+?>
--
2.1.4

98
php-7.4.0-datetests.patch Normal file
View File

@ -0,0 +1,98 @@
diff -up ./ext/date/tests/bug33414-2.phpt.datetests ./ext/date/tests/bug33414-2.phpt
--- ./ext/date/tests/bug33414-2.phpt.datetests 2020-04-09 14:06:11.000000000 +0200
+++ ./ext/date/tests/bug33414-2.phpt 2020-04-09 14:40:00.809433489 +0200
@@ -74,10 +74,10 @@ $strtotime_tstamp = strtotime("next Frid
print "result=".date("l Y-m-d H:i:s T I", $strtotime_tstamp)."\n";
print "wanted=Friday 00:00:00\n\n";
?>
---EXPECT--
+--EXPECTF--
TZ=Pacific/Rarotonga - wrong day.
-tStamp=Thursday 1970-01-01 17:17:17 -1030 0
-result=Tuesday 1970-01-06 00:00:00 -1030 0
+tStamp=Thursday 1970-01-01 17:17:17 %s
+result=Tuesday 1970-01-06 00:00:00 %s
wanted=Tuesday 00:00:00
TZ=Atlantic/South_Georgia - wrong day.
@@ -91,13 +91,13 @@ result=Monday 2005-04-04 00:00:00 EDT 1
wanted=Monday 00:00:00
TZ=Pacific/Enderbury - wrong day, off by 2 days.
-tStamp=Thursday 1970-01-01 17:17:17 -12 0
-result=Monday 1970-01-05 00:00:00 -12 0
+tStamp=Thursday 1970-01-01 17:17:17 %s
+result=Monday 1970-01-05 00:00:00 %s
wanted=Monday 00:00:00
TZ=Pacific/Kiritimati - wrong day, off by 2 days.
-tStamp=Thursday 1970-01-01 17:17:17 -1040 0
-result=Monday 1970-01-05 00:00:00 -1040 0
+tStamp=Thursday 1970-01-01 17:17:17 %s
+result=Monday 1970-01-05 00:00:00 %s
wanted=Monday 00:00:00
TZ=America/Managua - wrong day.
@@ -106,13 +106,13 @@ result=Tuesday 2005-04-12 00:00:00 CDT 1
wanted=Tuesday 00:00:00
TZ=Pacific/Pitcairn - wrong day.
-tStamp=Thursday 1970-01-01 17:17:17 -0830 0
-result=Wednesday 1970-01-07 00:00:00 -0830 0
+tStamp=Thursday 1970-01-01 17:17:17 %s
+result=Wednesday 1970-01-07 00:00:00 %s
wanted=Wednesday 00:00:00
TZ=Pacific/Fakaofo - wrong day.
-tStamp=Thursday 1970-01-01 17:17:17 -11 0
-result=Saturday 1970-01-03 00:00:00 -11 0
+tStamp=Thursday 1970-01-01 17:17:17 %s
+result=Saturday 1970-01-03 00:00:00 %s
wanted=Saturday 00:00:00
TZ=Pacific/Johnston - wrong day.
diff -up ./ext/date/tests/bug66985.phpt.datetests ./ext/date/tests/bug66985.phpt
--- ./ext/date/tests/bug66985.phpt.datetests 2020-04-09 14:06:11.000000000 +0200
+++ ./ext/date/tests/bug66985.phpt 2020-04-09 14:40:37.099288185 +0200
@@ -3,7 +3,7 @@ Bug #66985 (Some timezones are no longer
--FILE--
<?php
$zones = array(
- "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "Factory", "GB-Eire",
+ "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "GB-Eire",
"GMT0", "Greenwich", "Hongkong", "Iceland", "Iran", "Israel", "Jamaica",
"Japan", "Kwajalein", "Libya", "MST7MDT", "Navajo", "NZ-CHAT", "Poland",
"Portugal", "PST8PDT", "Singapore", "Turkey", "Universal", "W-SU",
@@ -45,11 +45,6 @@ DateTimeZone Object
)
DateTimeZone Object
(
- [timezone_type] => 3
- [timezone] => Factory
-)
-DateTimeZone Object
-(
[timezone_type] => 3
[timezone] => GB-Eire
)
diff -up ./ext/date/tests/strtotime3-64bit.phpt.datetests ./ext/date/tests/strtotime3-64bit.phpt
--- ./ext/date/tests/strtotime3-64bit.phpt.datetests 2020-04-09 14:06:11.000000000 +0200
+++ ./ext/date/tests/strtotime3-64bit.phpt 2020-04-09 14:40:00.809433489 +0200
@@ -44,7 +44,7 @@ foreach ($strs as $str) {
}
?>
---EXPECT--
+--EXPECTF--
bool(false)
bool(false)
string(31) "Thu, 15 Jun 2006 00:00:00 +0100"
@@ -53,7 +53,7 @@ bool(false)
string(31) "Fri, 16 Jun 2006 23:49:12 +0100"
bool(false)
string(31) "Fri, 16 Jun 2006 02:22:00 +0100"
-string(31) "Sun, 16 Jun 0222 02:22:00 -0036"
+string(31) "Sun, 16 Jun 0222 02:22:00 %s"
string(31) "Fri, 16 Jun 2006 02:22:33 +0100"
bool(false)
string(31) "Tue, 02 Mar 2004 00:00:00 +0000"

5
php-7.1.7-httpd.patch → php-7.4.0-httpd.patch
View File

@ -5,10 +5,9 @@ mod_php is build twice
- as ZTS using --enable-maintainer-zts
diff --git a/sapi/apache2handler/config.m4 b/sapi/apache2handler/config.m4
index 2e64b21..ec4799f 100644
--- a/sapi/apache2handler/config.m4
+++ b/sapi/apache2handler/config.m4
@@ -116,17 +116,6 @@ if test "$PHP_APXS2" != "no"; then
@@ -105,17 +105,6 @@ if test "$PHP_APXS2" != "no"; then
;;
esac
@ -18,7 +17,7 @@ index 2e64b21..ec4799f 100644
- PHP_BUILD_THREAD_SAFE
- fi
- else
- APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'`
- APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'`
- if test -n "$APACHE_THREADED_MPM"; then
- PHP_BUILD_THREAD_SAFE
- fi

12
php-7.2.3-ldap_r.patch → php-7.4.0-ldap_r.patch
View File

@ -1,12 +1,12 @@
Use -lldap_r by default.
diff -up php-7.2.3RC1/ext/ldap/config.m4.ldap_r php-7.2.3RC1/ext/ldap/config.m4
--- php-7.2.3RC1/ext/ldap/config.m4.ldap_r 2018-02-14 06:05:11.553142812 +0100
+++ php-7.2.3RC1/ext/ldap/config.m4 2018-02-14 06:07:31.179816122 +0100
@@ -119,7 +119,11 @@ if test "$PHP_LDAP" != "no"; then
MACHINE_INCLUDES=$($CC -dumpmachine)
diff -up php-7.4.0RC2/ext/ldap/config.m4.ldap_r php-7.4.0RC2/ext/ldap/config.m4
--- php-7.4.0RC2/ext/ldap/config.m4.ldap_r 2019-09-17 10:21:24.769200812 +0200
+++ php-7.4.0RC2/ext/ldap/config.m4 2019-09-17 10:21:30.658181771 +0200
@@ -68,7 +68,11 @@ if test "$PHP_LDAP" != "no"; then
dnl -pc removal is a hack for clang
MACHINE_INCLUDES=$($CC -dumpmachine | $SED 's/-pc//')
- if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.a || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.$SHLIB_SUFFIX_NAME; then
+ if test -f $LDAP_LIBDIR/libldap_r.$SHLIB_SUFFIX_NAME; then

26
php-7.2.0-libdb.patch → php-7.4.0-libdb.patch
View File

@ -1,7 +1,7 @@
diff -up php-7.2.0alpha0/ext/dba/config.m4.libdb php-7.2.0alpha0/ext/dba/config.m4
--- php-7.2.0alpha0/ext/dba/config.m4.libdb 2017-05-29 08:56:06.000000000 +0200
+++ php-7.2.0alpha0/ext/dba/config.m4 2017-05-29 09:13:52.014823282 +0200
@@ -346,61 +346,13 @@ if test "$PHP_DB4" != "no"; then
diff -up ./ext/dba/config.m4.libdb ./ext/dba/config.m4
--- ./ext/dba/config.m4.libdb 2020-04-09 14:06:11.000000000 +0200
+++ ./ext/dba/config.m4 2020-04-09 14:35:08.208605065 +0200
@@ -375,61 +375,13 @@ if test "$PHP_DB4" != "no"; then
dbdp4="/usr/local/BerkeleyDB.4."
dbdp5="/usr/local/BerkeleyDB.5."
for i in $PHP_DB4 ${dbdp5}1 ${dbdp5}0 ${dbdp4}8 ${dbdp4}7 ${dbdp4}6 ${dbdp4}5 ${dbdp4}4 ${dbdp4}3 ${dbdp4}2 ${dbdp4}1 ${dbdp}0 /usr/local /usr; do
@ -65,21 +65,21 @@ diff -up php-7.2.0alpha0/ext/dba/config.m4.libdb php-7.2.0alpha0/ext/dba/config.
fi
PHP_DBA_STD_RESULT(db4,Berkeley DB4)
diff -up php-7.2.0alpha0/ext/dba/dba.c.libdb php-7.2.0alpha0/ext/dba/dba.c
--- php-7.2.0alpha0/ext/dba/dba.c.libdb 2017-05-29 09:16:15.736628202 +0200
+++ php-7.2.0alpha0/ext/dba/dba.c 2017-05-29 09:16:20.494654746 +0200
@@ -53,6 +53,10 @@
#include "php_tcadb.h"
diff -up ./ext/dba/dba.c.libdb ./ext/dba/dba.c
--- ./ext/dba/dba.c.libdb 2020-04-09 14:06:11.000000000 +0200
+++ ./ext/dba/dba.c 2020-04-09 14:36:30.593275190 +0200
@@ -50,6 +50,10 @@
#include "php_lmdb.h"
#include "dba_arginfo.h"
+#ifdef DB4_INCLUDE_FILE
+#include DB4_INCLUDE_FILE
+#endif
+
/* {{{ arginfo */
ZEND_BEGIN_ARG_INFO_EX(arginfo_dba_popen, 0, 0, 2)
ZEND_ARG_INFO(0, path)
@@ -558,6 +562,10 @@ PHP_MINFO_FUNCTION(dba)
PHP_MINIT_FUNCTION(dba);
PHP_MSHUTDOWN_FUNCTION(dba);
PHP_MINFO_FUNCTION(dba);
@@ -459,6 +463,10 @@ PHP_MINFO_FUNCTION(dba)
php_info_print_table_start();
php_info_print_table_row(2, "DBA support", "enabled");

11
php-5.4.0-phpize.patch → php-7.4.0-phpize.patch
View File

@ -1,6 +1,7 @@
--- php-5.4.0RC5/scripts/phpize.in.orig 2012-01-18 17:13:54.018022983 +0100
+++ php-5.4.0RC5/scripts/phpize.in 2012-01-18 17:14:40.614024941 +0100
@@ -162,6 +162,15 @@
diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
--- ./scripts/phpize.in.headers 2019-07-23 10:05:11.000000000 +0200
+++ ./scripts/phpize.in 2019-07-23 10:18:13.648098089 +0200
@@ -165,6 +165,15 @@ phpize_autotools()
$PHP_AUTOHEADER || exit 1
}
@ -15,8 +16,8 @@
+
# Main script
case "$1" in
@@ -180,12 +189,15 @@
case "$1" in
@@ -183,12 +192,15 @@ case "$1" in
# Version
--version|-v)

21
php-5.6.3-embed.patch → php-8.0.0-embed.patch
View File

@ -1,24 +1,25 @@
--- php-5.6.3/sapi/embed/config.m4.embed
+++ php-5.6.3/sapi/embed/config.m4
diff -up ./sapi/embed/config.m4.embed ./sapi/embed/config.m4
--- ./sapi/embed/config.m4.embed 2020-07-07 13:51:05.879764972 +0200
+++ ./sapi/embed/config.m4 2020-07-07 13:52:50.128412148 +0200
@@ -12,7 +12,8 @@ if test "$PHP_EMBED" != "no"; then
case "$PHP_EMBED" in
yes|shared)
LIBPHP_CFLAGS="-shared"
PHP_EMBED_TYPE=shared
- INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(prefix)/lib; \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)\$(prefix)/lib"
+ EXTRA_LDFLAGS="$EXTRA_LDFLAGS -release \$(PHP_MAJOR_VERSION).\$(PHP_MINOR_VERSION)"
+ INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(libdir); \$(LIBTOOL) --mode=install \$(INSTALL) -m 0755 \$(OVERALL_TARGET) \$(INSTALL_ROOT)\$(libdir)"
;;
static)
PHP_EMBED_TYPE=static
diff -up php-5.5.30/scripts/php-config.in.old php-5.5.30/scripts/php-config.in
--- php-5.5.30/scripts/php-config.in.old 2015-10-19 15:17:31.944747715 +0200
+++ php-5.5.30/scripts/php-config.in 2015-10-19 15:17:58.278858083 +0200
LIBPHP_CFLAGS="-static"
diff -up ./scripts/php-config.in.embed ./scripts/php-config.in
--- ./scripts/php-config.in.embed 2020-07-07 12:54:42.000000000 +0200
+++ ./scripts/php-config.in 2020-07-07 13:51:05.880764968 +0200
@@ -18,7 +18,7 @@ exe_extension="@EXEEXT@"
php_cli_binary=NONE
php_cgi_binary=NONE
configure_options="@CONFIGURE_OPTIONS@"
-php_sapis="@PHP_INSTALLED_SAPIS@"
+php_sapis="apache2handler embed fpm @PHP_INSTALLED_SAPIS@"
+php_sapis="apache2handler litespeed fpm phpdbg @PHP_INSTALLED_SAPIS@"
ini_dir="@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@"
ini_path="@EXPANDED_PHP_CONFIG_FILE_PATH@"
# Set php_cli_binary and php_cgi_binary if available
for sapi in $php_sapis; do

44
php-8.0.0-phpinfo.patch Normal file
View File

@ -0,0 +1,44 @@
Drop "Configure Command" from phpinfo as it doesn't
provide any useful information.
The available extensions are not related to this command.
Replace full GCC name by gcc in php -v output
diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c
--- ./ext/standard/info.c.phpinfo 2020-07-21 10:49:31.000000000 +0200
+++ ./ext/standard/info.c 2020-07-21 11:41:56.295633523 +0200
@@ -804,9 +804,6 @@ PHPAPI ZEND_COLD void php_print_info(int
#ifdef ARCHITECTURE
php_info_print_table_row(2, "Architecture", ARCHITECTURE);
#endif
-#ifdef CONFIGURE_COMMAND
- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
-#endif
if (sapi_module.pretty_name) {
php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt
--- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2020-07-21 10:49:31.000000000 +0200
+++ ./ext/standard/tests/general_functions/phpinfo.phpt 2020-07-21 11:41:56.296633522 +0200
@@ -17,7 +17,6 @@ PHP Version => %s
System => %s
Build Date => %s%a
-Configure Command => %s
Server API => Command Line Interface
Virtual Directory Support => %s
Configuration File (php.ini) Path => %s
diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c
--- ./sapi/cli/php_cli.c.phpinfo 2020-07-21 11:43:38.812475300 +0200
+++ ./sapi/cli/php_cli.c 2020-07-21 11:43:45.783464540 +0200
@@ -643,8 +643,7 @@ static int do_cli(int argc, char **argv)
"NTS "
#endif
#ifdef COMPILER
- COMPILER
- " "
+ "gcc "
#endif
#ifdef ARCHITECTURE
ARCHITECTURE

87
php-7.2.3-systzdata-v16.patch → php-8.0.0-systzdata-v19.patch
View File

@ -5,6 +5,9 @@ Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired.
History:
r19: adapt for timelib 2020.02 (in 8.0.0beta2)
r18: adapt for autotool change in 7.3.3RC1
r17: adapt for timelib 2018.01 (in 7.3.2RC1)
r16: adapt for timelib 2017.06 (in 7.2.3RC1)
r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1)
r14: improve check for valid tz file
@ -27,10 +30,33 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
r2: add filesystem trawl to set up name alias index
r1: initial revision
diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/lib/parse_tz.c
--- php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata 2018-02-13 20:18:34.000000000 +0100
+++ php-7.2.3RC1/ext/date/lib/parse_tz.c 2018-02-14 06:14:23.484804852 +0100
@@ -25,8 +25,21 @@
diff -up php-8.0.0beta3/ext/date/config0.m4.systzdata php-8.0.0beta3/ext/date/config0.m4
--- php-8.0.0beta3/ext/date/config0.m4.systzdata 2020-09-01 19:13:26.000000000 +0200
+++ php-8.0.0beta3/ext/date/config0.m4 2020-09-02 08:07:51.039979873 +0200
@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
dnl Check for strtoll, atoll
AC_CHECK_FUNCS(strtoll atoll)
+PHP_ARG_WITH(system-tzdata, for use of system timezone data,
+[ --with-system-tzdata[=DIR] to specify use of system timezone data],
+no, no)
+
+if test "$PHP_SYSTEM_TZDATA" != "no"; then
+ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
+
+ if test "$PHP_SYSTEM_TZDATA" != "yes"; then
+ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
+ [Define for location of system timezone data])
+ fi
+fi
+
PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/date/lib/parse_tz.c
--- php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata 2020-09-01 19:13:26.000000000 +0200
+++ php-8.0.0beta3/ext/date/lib/parse_tz.c 2020-09-02 08:07:51.039979873 +0200
@@ -26,8 +26,21 @@
#include "timelib.h"
#include "timelib_private.h"
@ -52,7 +78,7 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
#if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
# if defined(__LITTLE_ENDIAN__)
@@ -67,6 +80,11 @@ static int read_php_preamble(const unsig
@@ -94,6 +107,11 @@ static int read_php_preamble(const unsig
{
uint32_t version;
@ -64,11 +90,11 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
/* read ID */
version = (*tzf)[3] - '0';
*tzf += 4;
@@ -374,7 +392,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
@@ -418,7 +436,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
}
}
-static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
-static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
+#ifdef HAVE_SYSTEM_TZDATA
+
+#ifdef HAVE_SYSTEM_TZDATA_PREFIX
@ -491,15 +517,15 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
+
+#endif
+
+static int inmem_seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
+static int inmem_seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
{
int left = 0, right = tzdb->index_size - 1;
@@ -400,9 +840,48 @@ static int seek_to_tz_position(const uns
@@ -444,9 +884,48 @@ static int seek_to_tz_position(const uns
return 0;
}
+static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
+static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
+ char **map, size_t *maplen,
+ const timelib_tzdb *tzdb)
+{
@ -544,8 +570,8 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
}
const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
@@ -414,7 +893,30 @@ const timelib_tzdb_index_entry *timelib_
int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb)
@@ -458,7 +937,30 @@ const timelib_tzdb_index_entry *timelib_
int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
{
const unsigned char *tzf;
- return (seek_to_tz_position(&tzf, timezone, tzdb));
@ -576,8 +602,8 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
}
static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
@@ -456,12 +958,14 @@ static timelib_tzinfo* timelib_tzinfo_ct
timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, int *error_code)
@@ -500,12 +1002,14 @@ static timelib_tzinfo* timelib_tzinfo_ct
timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
{
const unsigned char *tzf;
+ char *memmap = NULL;
@ -592,11 +618,10 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
tmp = timelib_tzinfo_ctor(timezone);
version = read_preamble(&tzf, tmp, &type);
@@ -484,6 +988,29 @@ timelib_tzinfo *timelib_parse_tzfile(cha
timelib_tzinfo_dtor(tmp);
return NULL;
@@ -540,11 +1044,36 @@ timelib_tzinfo *timelib_parse_tzfile(con
}
+
skip_posix_string(&tzf, tmp);
+#ifdef HAVE_SYSTEM_TZDATA
+ if (memmap) {
+ const struct location_info *li;
@ -619,10 +644,8 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
+ munmap(memmap, maplen);
+ } else {
+#endif
if (version == 2 || version == 3) {
if (!skip_64bit_preamble(&tzf, tmp)) {
/* 64 bit preamble is not in place */
@@ -501,6 +1028,9 @@ timelib_tzinfo *timelib_parse_tzfile(cha
if (type == TIMELIB_TZINFO_PHP) {
read_location(&tzf, tmp);
} else {
set_default_location_and_comments(&tzf, tmp);
}
@ -632,23 +655,3 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
} else {
*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
tmp = NULL;
diff -up php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata php-7.2.3RC1/ext/date/lib/timelib.m4
--- php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata 2018-02-13 20:18:34.000000000 +0100
+++ php-7.2.3RC1/ext/date/lib/timelib.m4 2018-02-14 06:11:54.273089963 +0100
@@ -81,3 +81,16 @@ io.h
dnl Check for strtoll, atoll
AC_CHECK_FUNCS(strtoll atoll strftime gettimeofday)
+
+PHP_ARG_WITH(system-tzdata, for use of system timezone data,
+[ --with-system-tzdata[=DIR] to specify use of system timezone data],
+no, no)
+
+if test "$PHP_SYSTEM_TZDATA" != "no"; then
+ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
+
+ if test "$PHP_SYSTEM_TZDATA" != "yes"; then
+ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
+ [Define for location of system timezone data])
+ fi
+fi

BIN
php-7.2.10.tar.xz → php-8.0.0.tar.xz
View File

Binary file not shown.

146
php-CVE-2018-20783.patch
View File

@ -1,146 +0,0 @@
From e7c8e6cde021afd637ea535b0641a1851e57fb2a Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 12 Nov 2018 14:02:26 -0800
Subject: [PATCH] Fix bug #77143 - add more checks to buffer reads
---
NEWS | 4 ++++
ext/phar/phar.c | 30 +++++++++++++++++++++---------
ext/phar/tests/bug73768.phpt | 2 +-
ext/phar/tests/bug77143.phar | Bin 0 -> 50 bytes
ext/phar/tests/bug77143.phpt | 18 ++++++++++++++++++
5 files changed, 44 insertions(+), 10 deletions(-)
create mode 100644 ext/phar/tests/bug77143.phar
create mode 100644 ext/phar/tests/bug77143.phpt
diff -Nur php-7.2.10/NEWS php-7.2.10_bak/NEWS
--- php-7.2.10/NEWS 2018-09-11 15:06:00.000000000 +0800
+++ php-7.2.10_bak/NEWS 2019-04-04 17:41:54.869000000 +0800
@@ -136,6 +136,10 @@
. Fixed bug #76477 (Opcache causes empty return value).
(Nikita, Laruence)
+- Phar:
+ . Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
+ (Stas)
+
- PGSQL:
. Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)
diff -Nur php-7.2.10/ext/phar/phar.c php-7.2.10_bak/ext/phar/phar.c
--- php-7.2.10/ext/phar/phar.c 2019-04-04 17:39:04.158000000 +0800
+++ php-7.2.10_bak/ext/phar/phar.c 2019-04-04 17:49:51.807000000 +0800
@@ -643,6 +643,18 @@
/* }}}*/
/**
+ * Size of fixed fields in the manifest.
+ * See: http://php.net/manual/en/phar.fileformat.phar.php
+ */
+#define MANIFEST_FIXED_LEN 18
+
+#define SAFE_PHAR_GET_32(buffer, endbuffer, var) \
+ if (UNEXPECTED(buffer + 4 > endbuffer)) { \
+ MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest header)"); \
+ } \
+ PHAR_GET_32(buffer, var);
+
+/**
* Does not check for a previously opened phar in the cache.
*
* Parse a new one and add it to the cache, returning either SUCCESS or
@@ -725,7 +737,7 @@
savebuf = buffer;
endbuffer = buffer + manifest_len;
- if (manifest_len < 10 || manifest_len != php_stream_read(fp, buffer, manifest_len)) {
+ if (manifest_len < MANIFEST_FIXED_LEN || manifest_len != php_stream_read(fp, buffer, manifest_len)) {
MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest header)")
}
@@ -750,7 +762,7 @@
return FAILURE;
}
- PHAR_GET_32(buffer, manifest_flags);
+ SAFE_PHAR_GET_32(buffer, endbuffer, manifest_flags);
manifest_flags &= ~PHAR_HDR_COMPRESSION_MASK;
manifest_flags &= ~PHAR_FILE_COMPRESSION_MASK;
@@ -970,13 +982,13 @@
}
/* extract alias */
- PHAR_GET_32(buffer, tmp_len);
+ SAFE_PHAR_GET_32(buffer, endbuffer, tmp_len);
if (buffer + tmp_len > endbuffer) {
MAPPHAR_FAIL("internal corruption of phar \"%s\" (buffer overrun)");
}
- if (manifest_len < 10 + tmp_len) {
+ if (manifest_len < MANIFEST_FIXED_LEN + tmp_len) {
MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest header)")
}
@@ -1014,7 +1026,7 @@
}
/* we have 5 32-bit items plus 1 byte at least */
- if (manifest_count > ((manifest_len - 10 - tmp_len) / (5 * 4 + 1))) {
+ if (manifest_count > ((manifest_len - MANIFEST_FIXED_LEN - tmp_len) / (5 * 4 + 1))) {
/* prevent serious memory issues */
MAPPHAR_FAIL("internal corruption of phar \"%s\" (too many manifest entries for size of manifest)")
}
@@ -1023,12 +1035,12 @@
mydata->is_persistent = PHAR_G(persist);
/* check whether we have meta data, zero check works regardless of byte order */
- PHAR_GET_32(buffer, len);
+ SAFE_PHAR_GET_32(buffer, endbuffer, len);
if (mydata->is_persistent) {
mydata->metadata_len = len;
- if(!len) {
+ if (!len) {
/* FIXME: not sure why this is needed but removing it breaks tests */
- PHAR_GET_32(buffer, len);
+ SAFE_PHAR_GET_32(buffer, endbuffer, len);
}
}
if(len > (size_t)(endbuffer - buffer)) {
diff -Nur php-7.2.10/ext/phar/tests/bug73768.phpt php-7.2.10_bak/ext/phar/tests/bug73768.phpt
--- php-7.2.10/ext/phar/tests/bug73768.phpt 2018-09-11 15:06:03.000000000 +0800
+++ php-7.2.10_bak/ext/phar/tests/bug73768.phpt 2019-04-04 17:50:51.796000000 +0800
@@ -13,4 +13,4 @@
}
?>
--EXPECTF--
-cannot load phar "%sbug73768.phar" with implicit alias "" under different alias "alias.phar"
+internal corruption of phar "%sbug73768.phar" (truncated manifest header)
diff --git a/ext/phar/tests/bug77143.phpt b/ext/phar/tests/bug77143.phpt
new file mode 100644
index 0000000..f9f80fc
--- /dev/null
+++ b/ext/phar/tests/bug77143.phpt
@@ -0,0 +1,18 @@
+--TEST--
+PHP bug #77143: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile
+--INI--
+phar.readonly=0
+--SKIPIF--
+<?php if (!extension_loaded("phar")) die("skip"); ?>
+--FILE--
+<?php
+chdir(__DIR__);
+try {
+var_dump(new Phar('bug77143.phar',0,'project.phar'));
+echo "OK\n";
+} catch(UnexpectedValueException $e) {
+ echo $e->getMessage();
+}
+?>
+--EXPECTF--
+internal corruption of phar "%sbug77143.phar" (truncated manifest header)
--
2.1.4

47
php-CVE-2019-9641.patch
View File

@ -1,47 +0,0 @@
commit 25aa5f434dfb3337a6617b46224f1b505053d8e9
Author: Stanislav Malyshev <stas@php.net>
Date: Fri Mar 1 23:25:45 2019 -0800
Fix integer overflows on 32-bits
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index cbde3effed..b4563927a5 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -3567,10 +3567,10 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
tag_table_type tag_table = exif_get_tag_table(section_index);
if (ImageInfo->ifd_nesting_level > MAX_IFD_NESTING_LEVEL) {
- return FALSE;
- }
+ return FALSE;
+ }
- if (ImageInfo->FileSize >= dir_offset+2) {
+ if (ImageInfo->FileSize >= 2 && ImageInfo->FileSize - 2 >= dir_offset) {
sn = exif_file_sections_add(ImageInfo, M_PSEUDO, 2, NULL);
#ifdef EXIF_DEBUG
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read from TIFF: filesize(x%04X), IFD dir(x%04X + x%04X)", ImageInfo->FileSize, dir_offset, 2);
@@ -3578,8 +3578,8 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
php_stream_seek(ImageInfo->infile, dir_offset, SEEK_SET); /* we do not know the order of sections */
php_stream_read(ImageInfo->infile, (char*)ImageInfo->file.list[sn].data, 2);
num_entries = php_ifd_get16u(ImageInfo->file.list[sn].data, ImageInfo->motorola_intel);
- dir_size = 2/*num dir entries*/ +12/*length of entry*/*num_entries +4/* offset to next ifd (points to thumbnail or NULL)*/;
- if (ImageInfo->FileSize >= dir_offset+dir_size) {
+ dir_size = 2/*num dir entries*/ +12/*length of entry*/*(size_t)num_entries +4/* offset to next ifd (points to thumbnail or NULL)*/;
+ if (ImageInfo->FileSize >= dir_size && ImageInfo->FileSize - dir_size >= dir_offset) {
#ifdef EXIF_DEBUG
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read from TIFF: filesize(x%04X), IFD dir(x%04X + x%04X), IFD entries(%d)", ImageInfo->FileSize, dir_offset+2, dir_size-2, num_entries);
#endif
@@ -3662,9 +3662,9 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse
}
}
}
- if (ImageInfo->FileSize >= dir_offset + ImageInfo->file.list[sn].size) {
+ if (ImageInfo->FileSize >= ImageInfo->file.list[sn].size && ImageInfo->FileSize - ImageInfo->file.list[sn].size >= dir_offset) {
if (ifd_size > dir_size) {
- if (dir_offset + ifd_size > ImageInfo->FileSize) {
+ if (ImageInfo->FileSize < ifd_size || dir_offset > ImageInfo->FileSize - ifd_size) {
exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Error in TIFF: filesize(x%04X) less than size of IFD(x%04X + x%04X)", ImageInfo->FileSize, dir_offset, ifd_size);
return FALSE;
}

245
php.spec
View File

@ -1,9 +1,8 @@
%global apiver 20170718
%global zendver 20170718
%global apiver 20200930
%global zendver 20200930
%global pdover 20170320
%global jsonver 1.6.0
%global _hardened_build 1
%global embed_version 7.2
%global embed_version 8.0
%global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
%global mysql_config %{_libdir}/mysql/mysql_config
@ -24,11 +23,11 @@
%global with_sodium 0
%global with_pspell 0
%global with_lmdb 0
%global upver 7.2.10
%global upver 8.0.0
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
Release: 6
Release: 1
Summary: PHP scripting language for creating dynamic web sites
License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
URL: http://www.php.net/
@ -47,52 +46,17 @@ Source13: nginx-fpm.conf
Source14: nginx-php.conf
Source50: 10-opcache.ini
Source51: opcache-default.blacklist
Source52: 20-ffi.ini
Patch0001: php-7.1.7-httpd.patch
Patch0001: php-7.4.0-httpd.patch
Patch0002: php-7.2.0-includedir.patch
Patch0003: php-5.6.3-embed.patch
Patch0004: php-5.3.0-recode.patch
Patch0005: php-7.2.0-libdb.patch
Patch0006: php-7.2.4-dlopen.patch
Patch0007: php-7.2.3-systzdata-v16.patch
Patch0008: php-5.4.0-phpize.patch
Patch0009: php-7.2.3-ldap_r.patch
Patch0010: php-7.2.4-fixheader.patch
Patch0011: php-5.6.3-phpinfo.patch
Patch0012: php-7.2.8-getallheaders.patch
Patch0013: https://github.com/php/php-src/commit/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch
Patch0014: https://github.com/php/php-src/commit/be50a72715c141befe6f34ece660745da894aaf3.patch
Patch0015: https://github.com/php/php-src/commit/c1729272b17a1fe893d1a54e423d3b71470f3ee8.patch
Patch0016: php-5.6.3-datetests.patch
Patch6000: CVE-2019-9021.patch
Patch6001: CVE-2019-9022.patch
Patch6002: CVE-2019-9023.patch
Patch6003: CVE-2019-9024.patch
Patch6004: CVE-2019-9637.patch
Patch6005: CVE-2019-9638-CVE-2019-9639.patch
Patch6006: CVE-2019-9640.patch
Patch6007: php-CVE-2018-20783.patch
Patch6008: php-CVE-2019-9641.patch
Patch6009: CVE-2019-11034.patch
Patch6010: CVE-2019-11035.patch
Patch6011: CVE-2019-11036.patch
Patch6012: CVE-2019-11041.patch
Patch6013: CVE-2019-11042.patch
Patch6014: CVE-2019-11043.patch
Patch6015: CVE-2018-19935.patch
Patch6016: CVE-2019-11045.patch
Patch6017: CVE-2019-11046.patch
Patch6018: CVE-2019-11050.patch
Patch6019: CVE-2019-11047.patch
#git.php.net/?p=php-src.git;a=patch;h=336d2086a9189006909ae06c7e95902d7d5ff77e
Patch6020: CVE-2018-19518.patch
#git.php.net/?p=php-src.git;a=patch;h=a15af81b5f0058e020eda0f109f51a3c863f5212
Patch6021: CVE-2019-6977.patch
Patch6022: CVE-2020-7064.patch
Patch6023: CVE-2020-7066.patch
Patch6024: CVE-2019-11048.patch
Patch6025: CVE-2020-7068.patch
Patch0003: php-8.0.0-embed.patch
Patch0004: php-7.4.0-libdb.patch
Patch0005: php-8.0.0-systzdata-v19.patch
Patch0006: php-7.4.0-phpize.patch
Patch0007: php-7.4.0-ldap_r.patch
Patch0008: php-8.0.0-phpinfo.patch
Patch0009: php-7.4.0-datetests.patch
BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
@ -112,7 +76,7 @@ Provides: php-zts = %{version}-%{release}, php-zts%{?_isa} = %{version}-%{releas
Requires: httpd-mmn = %{_httpd_mmn}, php-common%{?_isa} = %{version}-%{release}, php-cli%{?_isa} = %{version}-%{release}
Provides: mod_php = %{version}-%{release}, php(httpd)
#Recommends: php-fpm%{?_isa} = %{version}-%{release}
Recommends: php-fpm%{?_isa} = %{version}-%{release}
Requires(pre): httpd-filesystem
%description
@ -173,6 +137,7 @@ Provides: php-iconv, php-iconv%{?_isa}, php-libxml, php-libxml%{?_isa}, php-ope
Provides: php-phar, php-phar%{?_isa}, php-pcre, php-pcre%{?_isa}, php-reflection, php-reflection%{?_isa}
Provides: php-session, php-session%{?_isa}, php-sockets, php-sockets%{?_isa}, php-spl, php-spl%{?_isa}
Provides: php-standard = %{version}, php-standard%{?_isa} = %{version}, php-tokenizer, php-tokenizer%{?_isa}
Obsoletes: php-json < %{version}-%{release}, php-recode < %{version}-%{release}, php-xmlrpc < %{version}-%{release}
%if %{with_zip}
Provides: php-zip, php-zip%{?_isa}
Obsoletes: php-pecl-zip < 1.11
@ -185,7 +150,7 @@ package and the php-cli package.
%package devel
Summary: Files needed for building PHP extensions
Requires: php-cli%{?_isa} = %{version}-%{release}, autoconf, automake, gcc, gcc-c++, libtool, pcre-devel%{?_isa}
Obsoletes: php-pecl-json-devel < %{jsonver}, php-pecl-jsonc-devel < %{jsonver}
Obsoletes: php-pecl-json-devel < %{version}-%{release}, php-pecl-jsonc-devel < %{version}-%{release}
%if %{with_zts}
Provides: php-zts-devel = %{version}-%{release}, php-zts-devel%{?_isa} = %{version}-%{release}
%endif
@ -352,8 +317,9 @@ Summary: A module for PHP applications which use XML
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-dom, php-dom%{?_isa}, php-domxml, php-domxml%{?_isa}, php-simplexml, php-simplexml%{?_isa}
Provides: php-wddx, php-wddx%{?_isa}, php-xmlreader, php-xmlreader%{?_isa}, php-xmlwriter, php-xmlwriter%{?_isa}
Provides: php-xmlreader, php-xmlreader%{?_isa}, php-xmlwriter, php-xmlwriter%{?_isa}
Provides: php-xsl, php-xsl%{?_isa}
Obsoletes: php-wddx < %{version}-%{release}
BuildRequires: libxslt-devel >= 1.0.18-1, libxml2-devel >= 2.4.14-1
%description xml
@ -361,15 +327,6 @@ The php-xml package contains dynamic shared objects which add support
to PHP for manipulating XML documents using the DOM tree,
and performing XSL transformations on XML documents.
%package xmlrpc
Summary: A module for PHP applications which use the XML-RPC protocol
License: PHP and BSD
Requires: php-xml%{?_isa} = %{version}-%{release}
%description xmlrpc
The php-xmlrpc package contains a dynamic shared object that will add
support for the XML-RPC protocol to PHP.
%package mbstring
Summary: A module for PHP applications which need multi-byte string handling
License: PHP and LGPLv2 and OpenLDAP
@ -477,16 +434,6 @@ The php-pspell package contains a dynamic shared object that will add
support for using the pspell library to PHP.
%endif
%package recode
Summary: A module for PHP applications for using the recode library
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: recode-devel
%description recode
The php-recode package contains a dynamic shared object that will add
support for using the recode library to PHP.
%package intl
Summary: Internationalization extension for PHP applications
License: PHP
@ -501,25 +448,12 @@ support for using the ICU library to PHP.
Summary: Enchant spelling extension for PHP applications
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: enchant-devel >= 1.2.4
BuildRequires: enchant2-devel
%description enchant
The php-enchant package contains a dynamic shared object that will add
support for using the enchant library to PHP.
%package json
Summary: JavaScript Object Notation extension for PHP
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
Obsoletes: php-pecl-json < %{jsonver}
Obsoletes: php-pecl-jsonc < %{jsonver}
Provides: php-pecl(json) = %{jsonver}, php-pecl(json)%{?_isa} = %{jsonver}, php-pecl-json = %{jsonver}
Provides: php-pecl-json%{?_isa} = %{jsonver}
%description json
The php-json package provides an extension that will add
support for JavaScript Object Notation (JSON) to PHP.
%if %{with_sodium}
%package sodium
Summary: Wrapper for the Sodium cryptographic library
@ -535,6 +469,21 @@ The php-sodium package provides a simple,
low-level PHP extension for the libsodium cryptographic library.
%endif
%package ffi
Summary: Foreign Function Interface
# All files licensed under PHP version 3.0.1
License: PHP
Group: System Environment/Libraries
BuildRequires: pkgconfig(libffi)
Requires: php-common%{?_isa} = %{version}-%{release}
%description ffi
FFI is one of the features that made Python and LuaJIT very useful for fast
prototyping. It allows calling C functions and using C data types from pure
scripting language and therefore develop “system code” more productively.
For PHP, FFI opens a way to write PHP extensions and bindings to C libraries
in pure PHP.
%package help
Summary: help
@ -552,10 +501,8 @@ cp ext/gd/libgd/COPYING libgd_COPYING
%endif
cp sapi/fpm/LICENSE fpm_LICENSE
cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE
cp ext/mbstring/ucgendat/OPENLDAP_LICENSE ucgendat_LICENSE
cp ext/fileinfo/libmagic/LICENSE libmagic_LICENSE
cp ext/phar/LICENSE phar_LICENSE
cp ext/bcmath/libbcmath/COPYING.LIB libbcmath_COPYING
cp ext/bcmath/libbcmath/LICENSE libbcmath_LICENSE
cp ext/date/lib/LICENSE.rst timelib_LICENSE
mkdir build-cgi build-apache build-embedded \
@ -570,6 +517,7 @@ rm ext/date/tests/timezone_version_get_basic1.phpt
rm ext/sockets/tests/mcast_ipv?_recv.phpt
rm Zend/tests/bug54268.phpt
rm Zend/tests/bug68412.phpt
rm ext/zlib/tests/004-mb.phpt
pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h)
if test "x${pver}" != "x%{upver}%{?rcver}"; then
@ -599,20 +547,13 @@ if test "x${vpdo}" != "x%{pdover}"; then
exit 1
fi
ver=$(sed -n '/#define PHP_JSON_VERSION /{s/.* "//;s/".*$//;p}' ext/json/php_json.h)
if test "$ver" != "%{jsonver}"; then
: Error: Upstream JSON version is now ${ver}, expecting %{jsonver}.
: Update the %{jsonver} macro and rebuild.
exit 1
fi
rm -f TSRM/tsrm_win32.h TSRM/tsrm_config.w32.h Zend/zend_config.w32.h ext/mysqlnd/config-win.h \
ext/standard/winver.h main/win32_internal_function_disabled.h main/win95nt.h
find . -name \*.[ch] -exec chmod 644 {} \;
chmod 644 README.*
cp %{SOURCE50} 10-opcache.ini
cp %{SOURCE50} %{SOURCE51} %{SOURCE52} .
%ifarch x86_64
sed -e '/opcache.huge_code_pages/s/0/1/' -i 10-opcache.ini
@ -641,12 +582,12 @@ mkdir Zend && cp ../Zend/zend_{language,ini}_{parser,scanner}.[ch] Zend
ln -sf ../configure
%configure \
--enable-rtld-now \
--cache-file=../config.cache --with-libdir=%{_lib} --with-config-file-path=%{_sysconfdir} \
--with-config-file-scan-dir=%{_sysconfdir}/php.d --disable-debug --with-pic --disable-rpath \
--without-pear --with-exec-dir=%{_bindir} --with-freetype-dir=%{_prefix} --with-png-dir=%{_prefix} \
--with-xpm-dir=%{_prefix} --without-gdbm --with-jpeg-dir=%{_prefix} --with-openssl --with-system-ciphers \
--with-pcre-regex=%{_prefix} --with-zlib --with-layout=GNU --with-kerberos --with-libxml-dir=%{_prefix} \
--with-system-tzdata --with-mhash \
--without-pear --with-exec-dir=%{_bindir} --without-gdbm --with-openssl \
--with-system-ciphers --with-pcre-regex=%{_prefix} --with-zlib --with-layout=GNU --with-kerberos \
--with-libxml-dir=%{_prefix} --with-system-tzdata --with-mhash \
%if %{with_argon2}
--with-password-argon2 \
%endif
@ -665,28 +606,29 @@ make %{?_smp_mflags}
pushd build-cgi
build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-opcache-file --enable-phpdbg \
build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-phpdbg \
%if %{with_imap}
--with-imap=shared --with-imap-ssl \
%endif
--enable-mbstring=shared --with-onig=%{_prefix} --enable-mbregex \
--enable-mbstring=shared --enable-mbregex \
%if %{with_libgd}
--with-gd=shared,%{_prefix} \
--enable-gd=shared,%{_prefix} \
%else
--with-gd=shared \
--enable-gd=shared \
%endif
--with-external-gd \
--with-gmp=shared --enable-calendar=shared --enable-bcmath=shared --with-bz2=shared --enable-ctype=shared \
--enable-dba=shared --with-db4=%{_prefix} --with-tcadb=%{_prefix} \
%if %{with_lmdb}
--with-lmdb=%{_prefix} \
%endif
--enable-exif=shared --enable-ftp=shared --with-gettext=shared --with-iconv=shared --enable-sockets=shared \
--enable-tokenizer=shared --with-xmlrpc=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \
--enable-tokenizer=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \
--with-mysqli=shared,mysqlnd --with-mysql-sock=%{mysql_sock} \
%if %{with_firebird}
--with-interbase=shared --with-pdo-firebird=shared \
--with-pdo-firebird=shared \
%endif
--enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared --enable-wddx=shared \
--enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared \
--with-snmp=shared,%{_prefix} --enable-soap=shared --with-xsl=shared,%{_prefix} --enable-xmlreader=shared \
--enable-xmlwriter=shared --with-curl=shared,%{_prefix} --enable-pdo=shared \
--with-pdo-odbc=shared,unixODBC,%{_prefix} --with-pdo-mysql=shared,mysqlnd --with-pdo-pgsql=shared,%{_prefix} \
@ -694,7 +636,7 @@ build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-opcache-f
%if %{with_freetds}
--with-pdo-dblib=shared,%{_prefix} \
%endif
--with-sqlite3=shared,%{_prefix} --enable-json=shared \
--with-sqlite3=shared \
%if %{with_zip}
--enable-zip=shared \
%if %{with_libzip}
@ -708,17 +650,19 @@ build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-opcache-f
--enable-phar=shared --with-tidy=shared,%{_prefix} --enable-sysvmsg=shared --enable-sysvshm=shared \
--enable-sysvsem=shared --enable-shmop=shared --enable-posix=shared --with-unixODBC=shared,%{_prefix} \
--enable-fileinfo=shared \
--with-ffi=shared \
%if %{with_sodium}
--with-sodium=shared \
%else
--without-sodium \
%endif
--enable-intl=shared --with-icu-dir=%{_prefix} --with-enchant=shared,%{_prefix} --with-recode=shared,%{_prefix}
--enable-intl=shared --with-enchant=shared,%{_prefix}
popd
without_shared="--without-gd --disable-dom --disable-dba --without-unixODBC --disable-opcache --disable-json \
without_shared="--without-gd --disable-dom --disable-dba --without-unixODBC --disable-opcache \
--disable-opcache --disable-phpdbg --without-ffi \
--disable-xmlreader --disable-xmlwriter --without-sodium --without-sqlite3 --disable-phar --disable-fileinfo \
--without-pspell --disable-wddx --without-curl --disable-posix --disable-xml --disable-simplexml --disable-exif \
--without-pspell --without-curl --disable-posix --disable-xml --disable-simplexml --disable-exif \
--without-gettext --without-iconv --disable-ftp --without-bz2 --disable-ctype --disable-shmop --disable-sockets \
--disable-tokenizer --disable-sysvmsg --disable-sysvshm --disable-sysvsem"
@ -747,24 +691,25 @@ build --includedir=%{_includedir}/php-zts --libdir=%{_libdir}/php-zts --enable-m
%if %{with_imap}
--with-imap=shared --with-imap-ssl \
%endif
--enable-mbstring=shared --with-onig=%{_prefix} --enable-mbregex \
--enable-mbstring=shared --enable-mbregex \
%if %{with_libgd}
--with-gd=shared,%{_prefix} \
--enable-gd=shared,%{_prefix} \
%else
--with-gd=shared \
--enable-gd=shared \
%endif
--with-external-gc \
--with-gmp=shared --enable-calendar=shared --enable-bcmath=shared --with-bz2=shared --enable-ctype=shared \
--enable-dba=shared --with-db4=%{_prefix} --with-tcadb=%{_prefix} \
%if %{with_lmdb}
--with-lmdb=%{_prefix} \
%endif
--with-gettext=shared --with-iconv=shared --enable-sockets=shared --enable-tokenizer=shared --enable-exif=shared \
--enable-ftp=shared --with-xmlrpc=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \
--enable-ftp=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \
--with-mysqli=shared,mysqlnd --with-mysql-sock=%{mysql_sock} --enable-mysqlnd-threading \
%if %{with_firebird}
--with-interbase=shared --with-pdo-firebird=shared \
--with-pdo-firebird=shared \
%endif
--enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared --enable-wddx=shared \
--enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared \
--with-snmp=shared,%{_prefix} --enable-soap=shared --with-xsl=shared,%{_prefix} --enable-xmlreader=shared \
--enable-xmlwriter=shared --with-curl=shared,%{_prefix} --enable-pdo=shared \
--with-pdo-odbc=shared,unixODBC,%{_prefix} --with-pdo-mysql=shared,mysqlnd --with-pdo-pgsql=shared,%{_prefix} \
@ -772,7 +717,7 @@ build --includedir=%{_includedir}/php-zts --libdir=%{_libdir}/php-zts --enable-m
%if %{with_freetds}
--with-pdo-dblib=shared,%{_prefix} \
%endif
--with-sqlite3=shared,%{_prefix} --enable-json=shared \
--with-sqlite3=shared \
%if %{with_zip}
--enable-zip=shared \
%if %{with_libzip}
@ -786,12 +731,13 @@ build --includedir=%{_includedir}/php-zts --libdir=%{_libdir}/php-zts --enable-m
--enable-phar=shared --with-tidy=shared,%{_prefix} --enable-sysvmsg=shared --enable-sysvshm=shared \
--enable-sysvsem=shared --enable-shmop=shared --enable-posix=shared --with-unixODBC=shared,%{_prefix} \
--enable-fileinfo=shared \
--with-ffi=shared \
%if %{with_sodium}
--with-sodium=shared \
%else
--without-sodium \
%endif
--enable-intl=shared --with-icu-dir=%{_prefix} --with-enchant=shared,%{_prefix} --with-recode=shared,%{_prefix}
--enable-intl=shared --with-enchant=shared,%{_prefix}
popd
pushd build-zts
@ -840,16 +786,16 @@ make -C build-fpm install-fpm \
make -C build-cgi install \
INSTALL_ROOT=$RPM_BUILD_ROOT
install -m 755 build-embedded/scripts/php-config $RPM_BUILD_ROOT%{_bindir}/php-config
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/
install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/php.ini
install -m 755 -d $RPM_BUILD_ROOT%{_httpd_contentdir}/icons
install -m 644 php.gif $RPM_BUILD_ROOT%{_httpd_contentdir}/icons/php.gif
install -m 755 -d $RPM_BUILD_ROOT%{_datadir}/php
install -m 755 -d $RPM_BUILD_ROOT%{_datadir}/php/preload
install -m 755 -d $RPM_BUILD_ROOT%{_httpd_moddir}
install -m 755 build-apache/libs/libphp7.so $RPM_BUILD_ROOT%{_httpd_moddir}
install -m 755 build-apache/libs/libphp.so $RPM_BUILD_ROOT%{_httpd_moddir}
%if %{with_zts}
install -m 755 build-zts/libs/libphp7.so $RPM_BUILD_ROOT%{_httpd_moddir}/libphp7-zts.so
install -m 755 build-zts/libs/libphp.so $RPM_BUILD_ROOT%{_httpd_moddir}/libphp-zts.so
%endif
install -D -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_httpd_modconfdir}/15-php.conf
@ -885,11 +831,10 @@ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/php-fpm
install -D -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{_sysconfdir}/nginx/conf.d/php-fpm.conf
install -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/nginx/default.d/php.conf
for mod in pgsql odbc ldap snmp xmlrpc \
for mod in pgsql odbc ldap snmp \
%if %{with_imap}
imap \
%endif
json \
mysqlnd mysqli pdo_mysql \
mbstring gd dom xsl soap bcmath dba xmlreader xmlwriter \
simplexml bz2 calendar ctype exif ftp gettext gmp iconv \
@ -903,23 +848,23 @@ for mod in pgsql odbc ldap snmp xmlrpc \
%endif
sqlite3 \
enchant phar fileinfo intl \
tidy \
tidy ffi \
%if %{with_freetds}
pdo_dblib \
%endif
%if %{with_pspell}
pspell \
%endif
curl wddx \
curl \
%if %{with_sodium}
sodium \
%endif
posix shmop sysvshm sysvsem sysvmsg recode xml \
posix shmop sysvshm sysvsem sysvmsg xml \
; do
case $mod in
opcache)
ini=10-${mod}.ini;;
pdo_*|mysqli|wddx|xmlreader|xmlrpc)
pdo_*|mysqli|xmlreader)
ini=30-${mod}.ini;;
*)
ini=20-${mod}.ini;;
@ -951,7 +896,7 @@ EOF
EOF
done
cat files.dom files.xsl files.xml{reader,writer} files.wddx \
cat files.dom files.xsl files.xml{reader,writer} \
files.simplexml >> files.xml
cat files.mysqli \
@ -997,7 +942,8 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/php/modules/*.a \
$RPM_BUILD_ROOT%{_libdir}/php-zts/modules/*.a \
$RPM_BUILD_ROOT%{_bindir}/{phptar} \
$RPM_BUILD_ROOT%{_datadir}/pear \
$RPM_BUILD_ROOT%{_libdir}/libphp7.la
$RPM_BUILD_ROOT%{_libdir}/libphp.a \
$RPM_BUILD_ROOT%{_libdir}/libphp.la
rm -f README.{Zeus,QNX,CVS-RULES}
@ -1011,21 +957,19 @@ rm -f README.{Zeus,QNX,CVS-RULES}
systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%files
%{_httpd_moddir}/libphp7.so
%{_httpd_moddir}/libphp.so
%if %{with_zts}
%{_httpd_moddir}/libphp7-zts.so
%{_httpd_moddir}/libphp-zts.so
%endif
%attr(0770,root,apache) %dir %{_sharedstatedir}/php/session
%attr(0770,root,apache) %dir %{_sharedstatedir}/php/wsdlcache
%attr(0770,root,apache) %dir %{_sharedstatedir}/php/opcache
%config(noreplace) %{_httpd_confdir}/php.conf
%config(noreplace) %{_httpd_modconfdir}/15-php.conf
%{_httpd_contentdir}/icons/php.gif
%files common -f files.common
%license LICENSE TSRM_LICENSE
%license libmagic_LICENSE
%license phar_LICENSE
%license timelib_LICENSE
%config(noreplace) %{_sysconfdir}/php.ini
%dir %{_sysconfdir}/php.d
@ -1094,8 +1038,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%{_rpmconfigdir}/macros.d/macros.php
%files embedded
%{_libdir}/libphp7.so
%{_libdir}/libphp7-%{embed_version}.so
%{_libdir}/libphp.so
%{_libdir}/libphp-%{embed_version}.so
%files pgsql -f files.pgsql
%files odbc -f files.odbc
@ -1105,10 +1049,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%files ldap -f files.ldap
%files snmp -f files.snmp
%files xml -f files.xml
%files xmlrpc -f files.xmlrpc
%files mbstring -f files.mbstring
%license libmbfl_LICENSE
%license ucgendat_LICENSE
%files gd -f files.gd
%if ! %{with_libgd}
%license libgd_README
@ -1116,7 +1058,7 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%endif
%files soap -f files.soap
%files bcmath -f files.bcmath
%license libbcmath_COPYING
%license libbcmath_LICENSE
%files gmp -f files.gmp
%files dba -f files.dba
%files pdo -f files.pdo
@ -1129,9 +1071,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%endif
%files intl -f files.intl
%files process -f files.process
%files recode -f files.recode
%if %{with_firebird}
%files interbase -f files.interbase
%files pdo-firebird -f files.pdo_firebird
%endif
%files enchant -f files.enchant
%files mysqlnd -f files.mysqlnd
@ -1140,19 +1081,23 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%if %{with_zts}
%config(noreplace) %{_sysconfdir}/php-zts.d/opcache-default.blacklist
%endif
%files json -f files.json
%if %{with_sodium}
%files sodium -f files.sodium
%endif
%files ffi -f files.ffi
%dir %{_datadir}/php/preload
%files help
%defattr(-,root,root)
%doc CODING_STANDARDS CREDITS EXTENSIONS NEWS README* sapi/cgi/README* sapi/cli/README sapi/phpdbg/{README.md,CREDITS}
%doc php-fpm.conf.default www.conf.default php.ini-*
%doc EXTENSIONS NEWS README* UPGRADING* *md docs
%doc php-fpm.conf.default www.conf.default php.ini-*
%{_mandir}/*
%changelog
* Thu Dec 31 2020 panxiaohe <panxiaohe@huawei.com> - 8.0.0-1
- Update to 8.0.0
* Mon Sep 21 2020 shaoqiang kang <kangshaoqiang1@huawei.com> - 7.2.10-6
- Fix CVE-2020-7068
@ -1176,6 +1121,12 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
* Thu Mar 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.2.10-2
- Add CVE patches
- Fix CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024
CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640
CVE-2018-20783 CVE-2019-9641 CVE-2019-11034 CVE-2019-11035
CVE-2019-11036 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043
CVE-2018-19935 CVE-2019-11045 CVE-2019-11046 CVE-2019-11050
CVE-2019-11047
* Fri Feb 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.2.10-1
- Package init