From e6cc33acf2855264341a9ababbd4a9cdeeb7f42e Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 8 Apr 2015 13:45:58 +0200 Subject: php-pecl-zendopcache: CVE-2015-1351 --- php-pecl-zendopcache-CVE-2015-1352.patch | 26 ++++++++++++++++++++++++++ php-pecl-zendopcache.spec | 30 +++++++++++++++++++++++------- 2 files changed, 49 insertions(+), 7 deletions(-) create mode 100644 php-pecl-zendopcache-CVE-2015-1352.patch diff --git a/php-pecl-zendopcache-CVE-2015-1352.patch b/php-pecl-zendopcache-CVE-2015-1352.patch new file mode 100644 index 0000000..c6d8d28 --- /dev/null +++ b/php-pecl-zendopcache-CVE-2015-1352.patch @@ -0,0 +1,26 @@ +From 9a88100573c40b9f59baa2f2d138809eb47b4317 Mon Sep 17 00:00:00 2001 +From: Xinchen Hui +Date: Thu, 8 Jan 2015 16:32:20 +0800 +Subject: [PATCH] Fixed bug #68677 (Use After Free in OPcache) + +(cherry picked from commit 777c39f4042327eac4b63c7ee87dc1c7a09a3115) +--- + zend_shared_alloc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/zend_shared_alloc.c b/zend_shared_alloc.c +index bbe26e8..8880b88 100644 +--- a/zend_shared_alloc.c ++++ b/zend_shared_alloc.c +@@ -346,10 +346,10 @@ void *_zend_shared_memdup(void *source, size_t size, zend_bool free_source TSRML + retval = ZCG(mem);; + ZCG(mem) = (void*)(((char*)ZCG(mem)) + ZEND_ALIGNED_SIZE(size)); + memcpy(retval, source, size); ++ zend_shared_alloc_register_xlat_entry(source, retval); + if (free_source) { + interned_efree((char*)source); + } +- zend_shared_alloc_register_xlat_entry(source, retval); + return retval; + } + diff --git a/php-pecl-zendopcache.spec b/php-pecl-zendopcache.spec index 5d1681f..4dfd9e1 100644 --- a/php-pecl-zendopcache.spec +++ b/php-pecl-zendopcache.spec @@ -15,7 +15,7 @@ Name: %{?scl_prefix}php-pecl-%{pecl_name} Version: 7.0.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Zend OPcache Group: Development/Libraries @@ -27,12 +27,12 @@ Source0: http://pecl.php.net/get/%{pecl_name}-%{version}.tgz Source1: %{plug_name}.ini Source2: %{plug_name}-default.blacklist +Patch0: %{name}-CVE-2015-1352.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: %{?scl_prefix}php-devel >= 5.2.0 BuildRequires: %{?scl_prefix}php-pear -Requires(post): %{__pecl} -Requires(postun): %{__pecl} Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api} Requires: %{?scl_prefix}php(api) = %{php_core_api} %{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}} @@ -74,12 +74,16 @@ bytecode optimization patterns that make code execution faster. %setup -q -c mv %{pecl_name}-%{version} NTS +pushd NTS +%patch0 -p1 -b .cve1352 + # Sanity check, really often broken -extver=$(sed -n '/#define PHP_ZENDOPCACHE_VERSION/{s/.* "//;s/".*$//;p}' NTS/ZendAccelerator.h) +extver=$(sed -n '/#define PHP_ZENDOPCACHE_VERSION/{s/.* "//;s/".*$//;p}' ZendAccelerator.h) if test "x${extver}" != "x%{version}%{?prever:-%{prever}}"; then : Error: Upstream extension version is ${extver}, expecting %{version}%{?prever:-%{prever}}. exit 1 fi +popd %if %{with_zts} # Duplicate source tree for NTS / ZTS build @@ -168,12 +172,20 @@ REPORT_EXIT_STATUS=1 \ %endif -%post -%{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || : +# when pear installed alone, after us +%triggerin -- %{?scl_prefix}php-pear +if [ -x %{__pecl} ] ; then + %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || : +fi +# posttrans as pear can be installed after us +%posttrans +if [ -x %{__pecl} ] ; then + %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || : +fi %postun -if [ $1 -eq 0 ] ; then +if [ $1 -eq 0 -a -x %{__pecl} ] ; then %{pecl_uninstall} %{pecl_name} >/dev/null || : fi @@ -195,6 +207,10 @@ fi %changelog +* Wed Apr 8 2015 Remi Collet - 7.0.4-2 +- fix use after free in opcache CVE-2015-1351 +- drop runtime dependency on pear, new scriptlets + * Mon Jan 12 2015 Remi Collet - 7.0.4-1 - Update to 7.0.4 - disable opcache.fast_shutdown in default configuration -- cgit