PHP 5.4: backport fix for #70433 and #69720

3 files changed, 139 insertions, 7 deletions

diff --git a/bug69720.patch b/bug69720.patch
new file mode 100644
index 0000000..bfcd058
--- /dev/null
+++ b/bug69720.patch
@@ -0,0 +1,62 @@
+Backported from 5.5 for 5.4
+binary patch dropped
+
+
+From d698f0ae51f67c9cce870b09c59df3d6ba959244 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 15:51:59 -0700
+Subject: [PATCH] Fix bug #69720: Null pointer dereference in
+ phar_get_fp_offset()
+
+---
+ ext/phar/tests/bug69720.phar | Bin 0 -> 8192 bytes
+ ext/phar/tests/bug69720.phpt |  40 ++++++++++++++++++++++++++++++++++++++++
+ ext/phar/util.c              |   6 +++++-
+ 3 files changed, 45 insertions(+), 1 deletion(-)
+ create mode 100644 ext/phar/tests/bug69720.phar
+ create mode 100644 ext/phar/tests/bug69720.phpt
+
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index 2c41adf..69da7b9 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -716,7 +716,11 @@ really_get_entry:
+ 	(*ret)->is_tar = entry->is_tar;
+ 	(*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC);
+ 	if (entry->link) {
+-		(*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry TSRMLS_CC) TSRMLS_CC);
++		phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC);
++		if(!link) {
++			return FAILURE;
++		}
++		(*ret)->zero = phar_get_fp_offset(link TSRMLS_CC);
+ 	} else {
+ 		(*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC);
+ 	}
+-- 
+2.1.4
+
+From f98ab19dc0c978e3caaa2614579e4a61f2c317f5 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 20:43:18 -0700
+Subject: [PATCH] fix memory leak
+
+---
+ ext/phar/util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index 69da7b9..e7decda 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -718,6 +718,7 @@ really_get_entry:
+ 	if (entry->link) {
+ 		phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC);
+ 		if(!link) {
++			efree(*ret);
+ 			return FAILURE;
+ 		}
+ 		(*ret)->zero = phar_get_fp_offset(link TSRMLS_CC);
+-- 
+2.1.4
+
diff --git a/bug70433.patch b/bug70433.patch
new file mode 100644
index 0000000..d4a4335
--- /dev/null
+++ b/bug70433.patch
@@ -0,0 +1,52 @@
+Backported from 5.5 for 5.4
+binary patch dropped
+
+
+From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 17:12:35 -0700
+Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
+ when zip entry filename is "/"
+
+From 1ddf72180a52d247db88ea42a3e35f824a8fbda1 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 28 Sep 2015 21:37:26 -0700
+Subject: [PATCH] Better fix for bug #70433
+
+---
+ ext/phar/dirstream.c | 2 +-
+ ext/phar/util.c      | 2 +-
+ ext/phar/zip.c       | 4 +++-
+ 3 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/ext/phar/util.c b/ext/phar/util.c
+index e7decda..303daed 100644
+--- a/ext/phar/util.c
++++ b/ext/phar/util.c
+@@ -2248,7 +2248,7 @@ void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename
+
+ 	while ((s = zend_memrchr(filename, '/', filename_len))) {
+ 		filename_len = s - filename;
+-		if (FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) {
++		if (!filename_len || FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) {
+ 			break;
+ 		}
+ 	}
+diff --git a/ext/phar/zip.c b/ext/phar/zip.c
+index 142165c..e4883d3 100644
+--- a/ext/phar/zip.c
++++ b/ext/phar/zip.c
+@@ -396,7 +396,9 @@ foundit:
+ 
+ 		if (entry.filename[entry.filename_len - 1] == '/') {
+ 			entry.is_dir = 1;
+-			entry.filename_len--;
++			if(entry.filename_len > 1) {
++				entry.filename_len--;
++			}
+ 			entry.flags |= PHAR_ENT_PERM_DEF_DIR;
+ 		} else {
+ 			entry.is_dir = 0;
+-- 
+2.1.4
+
diff --git a/php54.spec b/php54.spec
index fa642ff..28ac867 100644
--- a/php54.spec
+++ b/php54.spec
@@ -98,7 +98,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.4.45
-Release: 1%{?dist}
+Release: 2%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -154,6 +154,8 @@ Patch100: php-5.4.33-bug65641.patch
 Patch102: php-5.4.39-bug50444.patch
 
 # Security fixes
+Patch200: bug69720.patch
+Patch201: bug70433.patch
 
 # Fixes for tests
 # no_NO issue
@@ -856,6 +858,8 @@ rm -f ext/json/utf8_to_utf16.*
 %patch102 -p1 -b .bug50444
 
 # security patches
+%patch200 -p1 -b .bug69720
+%patch201 -p1 -b .bug70433
 
 # Fixes for tests
 %patch301 -p1 -b .datetests2
@@ -1513,14 +1517,23 @@ rm -f README.{Zeus,QNX,CVS-RULES}
 
 
 %pre common
-echo -e "\nWARNING : These %{name}-* RPMs are not official Fedora / Red Hat build and"
-echo -e "overrides the official ones. Don't file bugs on Fedora Project nor Red Hat.\n"
-echo -e "Use dedicated forum at http://forum.remirepo.net/\n"
+cat << EOF
+==========================================================================
 
-%if %{?fedora}%{!?fedora:99} < 18
-echo -e "WARNING : Fedora %{fedora} is now EOL :"
-echo -e "You should consider upgrading to a supported release.\n"
+WARNING : PHP 5.4 have reached its "End of Life".
+Even, if this package includes some security fix, backported from 5.5,
+The upgrade to a maintained version is very strongly recommended.
+
+WARNING : These php-* RPMs are not official Fedora / Red Hat build and
+overrides the official ones. Don't file bugs on Fedora Project nor Red Hat.
+
+Use dedicated forum at http://forum.remirepo.net/
+%if %{?fedora}%{!?fedora:99} < 21
+WARNING : Fedora %{fedora} is now EOL :
+You should consider upgrading to a supported release
 %endif
+==========================================================================
+EOF
 
 
 %if %{with_fpm}
@@ -1736,6 +1749,11 @@ fi
 
 
 %changelog
+* Wed Sep 30 2015 Remi Collet <remi@fedoraproject.org> 5.4.45-2
+- Fix bug #70433 - Uninitialized pointer in phar_make_dirstream
+  when zip entry filename is "/"
+- Fix bug #69720: Null pointer dereference in phar_get_fp_offset()
+
 * Wed Sep  2 2015 Remi Collet <remi@fedoraproject.org> 5.4.45-1
 - Update to 5.4.45
   http://www.php.net/releases/5_4_45.php