summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--bug64938.patch42
-rw-r--r--php54.spec8
2 files changed, 49 insertions, 1 deletions
diff --git a/bug64938.patch b/bug64938.patch
new file mode 100644
index 0000000..8986b58
--- /dev/null
+++ b/bug64938.patch
@@ -0,0 +1,42 @@
+Backported for 5.4 by Remi Collet
+
+
+From de31324c221c1791b26350ba106cc26bad23ace9 Mon Sep 17 00:00:00 2001
+From: Martin Jansen <martin@divbyzero.net>
+Date: Thu, 22 Jan 2015 20:58:15 +0100
+Subject: [PATCH] Fix bug #64938: libxml_disable_entity_loader setting is
+ shared between threads
+
+The availability of entity loading is stored in a module global which
+previously was only initialized in the GINIT constructor. This had the
+effect that disabling the entity loader in one request caused
+subsequent requests hitting the same Apache child process to also have
+the loader disabled.
+
+With this change the loader is explicitely enabled in the request init
+phase.
+---
+ NEWS | 4 ++++
+ ext/libxml/libxml.c | 6 ++++++
+ 2 files changed, 10 insertions(+)
+
+diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c
+index 4b7a36a..5f0da89 100644
+--- a/ext/libxml/libxml.c
++++ b/ext/libxml/libxml.c
+@@ -851,6 +851,12 @@ static PHP_RINIT_FUNCTION(libxml)
+ xmlSetGenericErrorFunc(NULL, php_libxml_error_handler);
+ xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename);
+ xmlOutputBufferCreateFilenameDefault(php_libxml_output_buffer_create_filename);
++
++ /* Enable the entity loader by default. This ensure that
++ * other threads/requests that might have disable the loader
++ * do not affect the current request.
++ */
++ LIBXML(entity_loader_disabled) = 0;
+ }
+ return SUCCESS;
+ }
+--
+2.1.4
+
diff --git a/php54.spec b/php54.spec
index c4bec50..2cd459a 100644
--- a/php54.spec
+++ b/php54.spec
@@ -98,7 +98,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: 5.4.45
-Release: 7%{?dist}
+Release: 8%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -177,6 +177,7 @@ Patch217: bug71906.patch
Patch218: bug71798.patch
Patch219: bug71704.patch
Patch220: bug71527.patch
+Patch221: bug64938.patch
# Fixes for tests
# no_NO issue
@@ -905,6 +906,7 @@ rm -f ext/json/utf8_to_utf16.*
%patch218 -p1 -b .bug71798
%patch219 -p1 -b .bug71704
%patch220 -p1 -b .bug71527
+%patch221 -p1 -b .bug64938
# Fixes for tests
%patch301 -p1 -b .datetests2
@@ -1794,6 +1796,10 @@ fi
%changelog
+* Tue Apr 26 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-8
+- Fix #64938: libxml_disable_entity_loader setting is shared
+ between threads CVE-2015-8866
+
* Tue Mar 29 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-7
- Fix #71860: Require valid paths for phar filenames
CVE-2016-4072