openeuler-ci-bot
Gitee
commit
823fc3e99b
141
CVE-2019-11048.patch
Normal file
141
CVE-2019-11048.patch
Normal file
@ -0,0 +1,141 @@
|
||||
From cf083535f8ba49e6812b4bf22c2e95dfe46d8ecd Mon Sep 17 00:00:00 2001
|
||||
From: Sara Golemon <pollita@php.net>
|
||||
Date: Tue, 14 Apr 2020 15:16:26 +0000
|
||||
Subject: [PATCH 2/5] Update CREDITS for PHP 7.2.30
|
||||
|
||||
---
|
||||
ext/standard/credits_ext.h | 12 ++++++------
|
||||
ext/standard/credits_sapi.h | 10 +++++-----
|
||||
2 files changed, 11 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/ext/standard/credits_ext.h b/ext/standard/credits_ext.h
|
||||
index cf4262497746..6baede162b5c 100644
|
||||
--- a/ext/standard/credits_ext.h
|
||||
+++ b/ext/standard/credits_ext.h
|
||||
@@ -1,11 +1,11 @@
|
||||
-/*
|
||||
+/*
|
||||
DO NOT EDIT THIS FILE!
|
||||
|
||||
- it has been automaticaly created by php7/scripts/credits from
|
||||
+ it has been automaticaly created by php7/scripts/credits from
|
||||
the information found in the various php7/ext/.../CREDITS and
|
||||
- php7/sapi/.../CREDITS files
|
||||
-
|
||||
- if you want to change an entry you have to edit the appropriate
|
||||
+ php7/sapi/.../CREDITS files
|
||||
+
|
||||
+ if you want to change an entry you have to edit the appropriate
|
||||
CREDITS file instead
|
||||
|
||||
*/
|
||||
@@ -28,7 +28,7 @@ CREDIT_LINE("FTP", "Stefan Esser, Andrew Skalski");
|
||||
CREDIT_LINE("GD imaging", "Rasmus Lerdorf, Stig Bakken, Jim Winstead, Jouni Ahto, Ilia Alshanetsky, Pierre-Alain Joye, Marcus Boerger");
|
||||
CREDIT_LINE("GetText", "Alex Plotnick");
|
||||
CREDIT_LINE("GNU GMP support", "Stanislav Malyshev");
|
||||
-CREDIT_LINE("Iconv", "Rui Hirokawa, Stig Bakken, Moriyoshi Koizumi ");
|
||||
+CREDIT_LINE("Iconv", "Rui Hirokawa, Stig Bakken, Moriyoshi Koizumi");
|
||||
CREDIT_LINE("IMAP", "Rex Logan, Mark Musone, Brian Wang, Kaj-Michael Lang, Antoni Pamies Olive, Rasmus Lerdorf, Andrew Skalski, Chuck Hagenbuch, Daniel R Kalowsky");
|
||||
CREDIT_LINE("Input Filter", "Rasmus Lerdorf, Derick Rethans, Pierre-Alain Joye, Ilia Alshanetsky");
|
||||
CREDIT_LINE("InterBase", "Jouni Ahto, Andrew Avdeev, Ard Biesheuvel");
|
||||
diff --git a/ext/standard/credits_sapi.h b/ext/standard/credits_sapi.h
|
||||
index f677344a54a6..471724f70f85 100644
|
||||
--- a/ext/standard/credits_sapi.h
|
||||
+++ b/ext/standard/credits_sapi.h
|
||||
@@ -1,11 +1,11 @@
|
||||
-/*
|
||||
+/*
|
||||
DO NOT EDIT THIS FILE!
|
||||
|
||||
- it has been automaticaly created by php7/scripts/credits from
|
||||
+ it has been automaticaly created by php7/scripts/credits from
|
||||
the information found in the various php7/ext/.../CREDITS and
|
||||
- php7/sapi/.../CREDITS files
|
||||
-
|
||||
- if you want to change an entry you have to edit the appropriate
|
||||
+ php7/sapi/.../CREDITS files
|
||||
+
|
||||
+ if you want to change an entry you have to edit the appropriate
|
||||
CREDITS file instead
|
||||
|
||||
*/
|
||||
|
||||
From 1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Wed, 18 Mar 2020 10:26:53 +0100
|
||||
Subject: [PATCH 4/5] Fix #78875: Long filenames cause OOM and temp files are
|
||||
not cleaned
|
||||
|
||||
We must not cast `size_t` to `int` (unless the `size_t` value is
|
||||
guaranteed to be less than or equal to `INT_MAX`). In this case we can
|
||||
declare `array_len` as `size_t` in the first place.
|
||||
---
|
||||
main/rfc1867.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/main/rfc1867.c b/main/rfc1867.c
|
||||
index bd01b34cf070..783eab4175d5 100644
|
||||
--- a/main/rfc1867.c
|
||||
+++ b/main/rfc1867.c
|
||||
@@ -692,7 +692,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
|
||||
char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL;
|
||||
char *lbuf = NULL, *abuf = NULL;
|
||||
zend_string *temp_filename = NULL;
|
||||
- int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0;
|
||||
+ int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0;
|
||||
+ size_t array_len = 0;
|
||||
int64_t total_bytes = 0, max_file_size = 0;
|
||||
int skip_upload = 0, anonindex = 0, is_anonymous;
|
||||
HashTable *uploaded_files = NULL;
|
||||
@@ -1126,7 +1127,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
|
||||
is_arr_upload = (start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']');
|
||||
|
||||
if (is_arr_upload) {
|
||||
- array_len = (int)strlen(start_arr);
|
||||
+ array_len = strlen(start_arr);
|
||||
if (array_index) {
|
||||
efree(array_index);
|
||||
}
|
||||
|
||||
From 3c8582ca4b8e84e5647220b647914876d2c3b124 Mon Sep 17 00:00:00 2001
|
||||
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||
Date: Wed, 18 Mar 2020 10:57:42 +0100
|
||||
Subject: [PATCH 5/5] Fix #78876: Long variables cause OOM and temp files are
|
||||
not cleaned
|
||||
|
||||
We use the proper type for size calculations, which is `size_t`.
|
||||
---
|
||||
main/rfc1867.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/main/rfc1867.c b/main/rfc1867.c
|
||||
index 783eab4175d5..27718e72a4f9 100644
|
||||
--- a/main/rfc1867.c
|
||||
+++ b/main/rfc1867.c
|
||||
@@ -616,7 +616,7 @@ static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int ne
|
||||
}
|
||||
|
||||
/* read until a boundary condition */
|
||||
-static int multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes, int *end)
|
||||
+static size_t multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes, int *end)
|
||||
{
|
||||
size_t len, max;
|
||||
char *bound;
|
||||
@@ -655,7 +655,7 @@ static int multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes
|
||||
self->buf_begin += len;
|
||||
}
|
||||
|
||||
- return (int)len;
|
||||
+ return len;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -665,7 +665,7 @@ static int multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes
|
||||
static char *multipart_buffer_read_body(multipart_buffer *self, size_t *len)
|
||||
{
|
||||
char buf[FILLUNIT], *out=NULL;
|
||||
- int total_bytes=0, read_bytes=0;
|
||||
+ size_t total_bytes=0, read_bytes=0;
|
||||
|
||||
while((read_bytes = multipart_buffer_read(self, buf, sizeof(buf), NULL))) {
|
||||
out = erealloc(out, total_bytes + read_bytes + 1);
|
||||
9
php.spec
9
php.spec
@ -28,7 +28,7 @@
|
||||
|
||||
Name: php
|
||||
Version: %{upver}%{?rcver:~%{rcver}}
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: PHP scripting language for creating dynamic web sites
|
||||
License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
|
||||
URL: http://www.php.net/
|
||||
@ -91,6 +91,7 @@ Patch6020: CVE-2018-19518.patch
|
||||
Patch6021: CVE-2019-6977.patch
|
||||
Patch6022: CVE-2020-7064.patch
|
||||
Patch6023: CVE-2020-7066.patch
|
||||
Patch6024: CVE-2019-11048.patch
|
||||
|
||||
BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
|
||||
BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
|
||||
@ -1151,6 +1152,12 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jul 20 2020 wangyue <wangyue92@huawei.com> - 7.2.10-5
|
||||
- Type:cves
|
||||
- ID:CVE-2019-11048
|
||||
- SUG:restart
|
||||
- DESC:fix CVE-2019-11048
|
||||
|
||||
* Fri Apr 24 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.2.10-4
|
||||
- Type:cves
|
||||
- ID:CVE-2020-7064 CVE-2020-7066
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user