From 0c9fc790189dd45e4cc91311adaa60896cba4625 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sun, 5 Feb 2017 18:20:51 +0100 Subject: php-pecl-trace: add securty fix --- php-pecl-trace.spec | 20 +++++++++++++++++++- trace-pr76.patch | 27 +++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 trace-pr76.patch diff --git a/php-pecl-trace.spec b/php-pecl-trace.spec index 3c736e8..93b52f4 100644 --- a/php-pecl-trace.spec +++ b/php-pecl-trace.spec @@ -22,13 +22,17 @@ Summary: Trace is a low-overhead tracing tool for PHP Name: %{?sub_prefix}php-pecl-%{pecl_name} Version: 1.0.0 -Release: 1%{?dist}%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')} +Release: 2%{?dist}%{!?nophptag:%(%{__php} -r 'echo ".".PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;')} # common/sds is BSD-2, other is ASL 2.0 License: ASL 2.0 and BSD Group: Development/Languages URL: http://pecl.php.net/package/%{pecl_name} Source0: http://pecl.php.net/get/%{pecl_name}-%{version}.tgz +# https://github.com/Qihoo360/phptrace/issues/75 +# https://github.com/Qihoo360/phptrace/pull/76 +Patch0: %{pecl_name}-pr76.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) # https://github.com/Qihoo360/phptrace/issues/71 # PHP 7.1 build broken @@ -64,6 +68,10 @@ Obsoletes: php56w-pecl-%{pecl_name} <= %{version} %endif %if "%{php_version}" > "7.0" Obsoletes: php70u-pecl-%{pecl_name} <= %{version} +Obsoletes: php70w-pecl-%{pecl_name} <= %{version} +%endif +%if "%{php_version}" > "7.1" +Obsoletes: php71u-pecl-%{pecl_name} <= %{version} Obsoletes: php71w-pecl-%{pecl_name} <= %{version} %endif %endif @@ -90,6 +98,9 @@ Package built for PHP %(%{__php} -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSIO %prep %setup -q -c +pushd %{pecl_name}-%{version} +%patch0 -p1 -b .pr76 +popd # Don't install tests sed -e 's/role="test"/role="src"/' \ @@ -123,6 +134,7 @@ EOF %build +%{?dtsenable} cd %{pecl_name}-%{version}/extension %{_bindir}/phpize @@ -135,6 +147,7 @@ make cli %{?_smp_mflags} %install rm -rf %{buildroot} +%{?dtsenable} make -C %{pecl_name}-%{version}/extension install-all INSTALL_ROOT=%{buildroot} @@ -213,6 +226,11 @@ rm -rf %{buildroot} %changelog +* Sun Feb 5 2017 Remi Collet - 1.0.0-2 +- add patch for security issue (umask=0) + patch from https://github.com/Qihoo360/phptrace/pull/76 + see https://github.com/Qihoo360/phptrace/issues/75 + * Thu Jan 19 2017 Remi Collet - 1.0.0-1 - Update to 1.0.0 (beta) - open https://github.com/Qihoo360/phptrace/issues/71: PHP 7.1 build broken diff --git a/trace-pr76.patch b/trace-pr76.patch new file mode 100644 index 0000000..5df2a3e --- /dev/null +++ b/trace-pr76.patch @@ -0,0 +1,27 @@ +From cf9e59ad032a56ee14d96f2a6adb6e17f51fa852 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Sat, 4 Feb 2017 10:39:23 +0100 +Subject: [PATCH] Fix #75: don't change umask value + +--- + common/trace_mmap.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/common/trace_mmap.c b/common/trace_mmap.c +index a051ecd..02a433c 100644 +--- a/common/trace_mmap.c ++++ b/common/trace_mmap.c +@@ -77,10 +77,12 @@ int pt_mmap_open(pt_segment_t *seg, const char *file, size_t size) + int pt_mmap_create(pt_segment_t *seg, const char *file, size_t size) + { + int fd; ++ mode_t um; + + /* file open */ +- umask(0000); ++ um = umask(0000); + fd = open(file, O_RDWR | O_CREAT, DEFFILEMODE); ++ umask(um); + if (fd == -1) { + return reset_with_retval(seg, -1); + } -- cgit