summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2015-09-30 16:18:02 +0200
committerRemi Collet <fedora@famillecollet.com>2015-09-30 16:18:02 +0200
commit18c59487150c2cb3d7f1292086398a78aa7905da (patch)
tree25874e5b5794c4264ab609b6a230c3d5c917dbe3
parent24c490cfb50b4fac731ed7624229c332b11e0bcb (diff)
PHP 5.4: backport fix for #70433 and #69720
-rw-r--r--bug69720.patch62
-rw-r--r--bug70433.patch52
-rw-r--r--php54.spec32
3 files changed, 139 insertions, 7 deletions
diff --git a/bug69720.patch b/bug69720.patch
new file mode 100644
index 0000000..bfcd058
--- /dev/null
+++ b/bug69720.patch
@@ -0,0 +1,62 @@
+Backported from 5.5 for 5.4
+binary patch dropped
+
+
+From d698f0ae51f67c9cce870b09c59df3d6ba959244 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 15:51:59 -0700
+Subject: [PATCH] Fix bug #69720: Null pointer dereference in
+ phar_get_fp_offset()
+
+---
+ ext/phar/tests/bug69720.phar | Bin 0 -> 8192 bytes
+ ext/phar/tests/bug69720.phpt | 40 ++++++++++++++++++++++++++++++++++++++++
+ ext/phar/util.c | 6 +++++-
+ 3 files changed, 45 insertions(+), 1 deletion(-)
+ create mode 100644 ext/phar/tests/bug69720.phar
+ create mode 100644 ext/phar/tests/bug69720.phpt
+
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index 2c41adf..69da7b9 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -716,7 +716,11 @@ really_get_entry:
+ (*ret)->is_tar = entry->is_tar;
+ (*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC);
+ if (entry->link) {
+- (*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry TSRMLS_CC) TSRMLS_CC);
++ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC);
++ if(!link) {
++ return FAILURE;
++ }
++ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC);
+ } else {
+ (*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC);
+ }
+--
+2.1.4
+
+From f98ab19dc0c978e3caaa2614579e4a61f2c317f5 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 20:43:18 -0700
+Subject: [PATCH] fix memory leak
+
+---
+ ext/phar/util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index 69da7b9..e7decda 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -718,6 +718,7 @@ really_get_entry:
+ if (entry->link) {
+ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC);
+ if(!link) {
++ efree(*ret);
+ return FAILURE;
+ }
+ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC);
+--
+2.1.4
+
diff --git a/bug70433.patch b/bug70433.patch
new file mode 100644
index 0000000..d4a4335
--- /dev/null
+++ b/bug70433.patch
@@ -0,0 +1,52 @@
+Backported from 5.5 for 5.4
+binary patch dropped
+
+
+From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 17:12:35 -0700
+Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
+ when zip entry filename is "/"
+
+From 1ddf72180a52d247db88ea42a3e35f824a8fbda1 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 21:37:26 -0700
+Subject: [PATCH] Better fix for bug #70433
+
+---
+ ext/phar/dirstream.c | 2 +-
+ ext/phar/util.c | 2 +-
+ ext/phar/zip.c | 4 +++-
+ 3 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index e7decda..303daed 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -2248,7 +2248,7 @@ void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename
+
+ while ((s = zend_memrchr(filename, '/', filename_len))) {
+ filename_len = s - filename;
+- if (FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) {
++ if (!filename_len || FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) {
+ break;
+ }
+ }
+diff --git a/ext/phar/zip.c b/ext/phar/zip.c
+index 142165c..e4883d3 100644
+--- a/ext/phar/zip.c
++++ b/ext/phar/zip.c
+@@ -396,7 +396,9 @@ foundit:
+
+ if (entry.filename[entry.filename_len - 1] == '/') {
+ entry.is_dir = 1;
+- entry.filename_len--;
++ if(entry.filename_len > 1) {
++ entry.filename_len--;
++ }
+ entry.flags |= PHAR_ENT_PERM_DEF_DIR;
+ } else {
+ entry.is_dir = 0;
+--
+2.1.4
+
diff --git a/php54.spec b/php54.spec
index fa642ff..28ac867 100644
--- a/php54.spec
+++ b/php54.spec
@@ -98,7 +98,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: 5.4.45
-Release: 1%{?dist}
+Release: 2%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -154,6 +154,8 @@ Patch100: php-5.4.33-bug65641.patch
Patch102: php-5.4.39-bug50444.patch
# Security fixes
+Patch200: bug69720.patch
+Patch201: bug70433.patch
# Fixes for tests
# no_NO issue
@@ -856,6 +858,8 @@ rm -f ext/json/utf8_to_utf16.*
%patch102 -p1 -b .bug50444
# security patches
+%patch200 -p1 -b .bug69720
+%patch201 -p1 -b .bug70433
# Fixes for tests
%patch301 -p1 -b .datetests2
@@ -1513,14 +1517,23 @@ rm -f README.{Zeus,QNX,CVS-RULES}
%pre common
-echo -e "\nWARNING : These %{name}-* RPMs are not official Fedora / Red Hat build and"
-echo -e "overrides the official ones. Don't file bugs on Fedora Project nor Red Hat.\n"
-echo -e "Use dedicated forum at http://forum.remirepo.net/\n"
+cat << EOF
+==========================================================================
-%if %{?fedora}%{!?fedora:99} < 18
-echo -e "WARNING : Fedora %{fedora} is now EOL :"
-echo -e "You should consider upgrading to a supported release.\n"
+WARNING : PHP 5.4 have reached its "End of Life".
+Even, if this package includes some security fix, backported from 5.5,
+The upgrade to a maintained version is very strongly recommended.
+
+WARNING : These php-* RPMs are not official Fedora / Red Hat build and
+overrides the official ones. Don't file bugs on Fedora Project nor Red Hat.
+
+Use dedicated forum at http://forum.remirepo.net/
+%if %{?fedora}%{!?fedora:99} < 21
+WARNING : Fedora %{fedora} is now EOL :
+You should consider upgrading to a supported release
%endif
+==========================================================================
+EOF
%if %{with_fpm}
@@ -1736,6 +1749,11 @@ fi
%changelog
+* Wed Sep 30 2015 Remi Collet <remi@fedoraproject.org> 5.4.45-2
+- Fix bug #70433 - Uninitialized pointer in phar_make_dirstream
+ when zip entry filename is "/"
+- Fix bug #69720: Null pointer dereference in phar_get_fp_offset()
+
* Wed Sep 2 2015 Remi Collet <remi@fedoraproject.org> 5.4.45-1
- Update to 5.4.45
http://www.php.net/releases/5_4_45.php