From 18c59487150c2cb3d7f1292086398a78aa7905da Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 30 Sep 2015 16:18:02 +0200 Subject: PHP 5.4: backport fix for #70433 and #69720 --- bug69720.patch | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ bug70433.patch | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ php54.spec | 32 +++++++++++++++++++++++------- 3 files changed, 139 insertions(+), 7 deletions(-) create mode 100644 bug69720.patch create mode 100644 bug70433.patch diff --git a/bug69720.patch b/bug69720.patch new file mode 100644 index 0000000..bfcd058 --- /dev/null +++ b/bug69720.patch @@ -0,0 +1,62 @@ +Backported from 5.5 for 5.4 +binary patch dropped + + +From d698f0ae51f67c9cce870b09c59df3d6ba959244 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 28 Sep 2015 15:51:59 -0700 +Subject: [PATCH] Fix bug #69720: Null pointer dereference in + phar_get_fp_offset() + +--- + ext/phar/tests/bug69720.phar | Bin 0 -> 8192 bytes + ext/phar/tests/bug69720.phpt | 40 ++++++++++++++++++++++++++++++++++++++++ + ext/phar/util.c | 6 +++++- + 3 files changed, 45 insertions(+), 1 deletion(-) + create mode 100644 ext/phar/tests/bug69720.phar + create mode 100644 ext/phar/tests/bug69720.phpt + +diff --git a/ext/phar/util.c b/ext/phar/util.c +index 2c41adf..69da7b9 100644 +--- a/ext/phar/util.c ++++ b/ext/phar/util.c +@@ -716,7 +716,11 @@ really_get_entry: + (*ret)->is_tar = entry->is_tar; + (*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC); + if (entry->link) { +- (*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry TSRMLS_CC) TSRMLS_CC); ++ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC); ++ if(!link) { ++ return FAILURE; ++ } ++ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC); + } else { + (*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC); + } +-- +2.1.4 + +From f98ab19dc0c978e3caaa2614579e4a61f2c317f5 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 28 Sep 2015 20:43:18 -0700 +Subject: [PATCH] fix memory leak + +--- + ext/phar/util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ext/phar/util.c b/ext/phar/util.c +index 69da7b9..e7decda 100644 +--- a/ext/phar/util.c ++++ b/ext/phar/util.c +@@ -718,6 +718,7 @@ really_get_entry: + if (entry->link) { + phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC); + if(!link) { ++ efree(*ret); + return FAILURE; + } + (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC); +-- +2.1.4 + diff --git a/bug70433.patch b/bug70433.patch new file mode 100644 index 0000000..d4a4335 --- /dev/null +++ b/bug70433.patch @@ -0,0 +1,52 @@ +Backported from 5.5 for 5.4 +binary patch dropped + + +From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 28 Sep 2015 17:12:35 -0700 +Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream + when zip entry filename is "/" + +From 1ddf72180a52d247db88ea42a3e35f824a8fbda1 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Mon, 28 Sep 2015 21:37:26 -0700 +Subject: [PATCH] Better fix for bug #70433 + +--- + ext/phar/dirstream.c | 2 +- + ext/phar/util.c | 2 +- + ext/phar/zip.c | 4 +++- + 3 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/ext/phar/util.c b/ext/phar/util.c +index e7decda..303daed 100644 +--- a/ext/phar/util.c ++++ b/ext/phar/util.c +@@ -2248,7 +2248,7 @@ void phar_add_virtual_dirs(phar_archive_data *phar, char *filename, int filename + + while ((s = zend_memrchr(filename, '/', filename_len))) { + filename_len = s - filename; +- if (FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) { ++ if (!filename_len || FAILURE == zend_hash_add_empty_element(&phar->virtual_dirs, filename, filename_len)) { + break; + } + } +diff --git a/ext/phar/zip.c b/ext/phar/zip.c +index 142165c..e4883d3 100644 +--- a/ext/phar/zip.c ++++ b/ext/phar/zip.c +@@ -396,7 +396,9 @@ foundit: + + if (entry.filename[entry.filename_len - 1] == '/') { + entry.is_dir = 1; +- entry.filename_len--; ++ if(entry.filename_len > 1) { ++ entry.filename_len--; ++ } + entry.flags |= PHAR_ENT_PERM_DEF_DIR; + } else { + entry.is_dir = 0; +-- +2.1.4 + diff --git a/php54.spec b/php54.spec index fa642ff..28ac867 100644 --- a/php54.spec +++ b/php54.spec @@ -98,7 +98,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.4.45 -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -154,6 +154,8 @@ Patch100: php-5.4.33-bug65641.patch Patch102: php-5.4.39-bug50444.patch # Security fixes +Patch200: bug69720.patch +Patch201: bug70433.patch # Fixes for tests # no_NO issue @@ -856,6 +858,8 @@ rm -f ext/json/utf8_to_utf16.* %patch102 -p1 -b .bug50444 # security patches +%patch200 -p1 -b .bug69720 +%patch201 -p1 -b .bug70433 # Fixes for tests %patch301 -p1 -b .datetests2 @@ -1513,14 +1517,23 @@ rm -f README.{Zeus,QNX,CVS-RULES} %pre common -echo -e "\nWARNING : These %{name}-* RPMs are not official Fedora / Red Hat build and" -echo -e "overrides the official ones. Don't file bugs on Fedora Project nor Red Hat.\n" -echo -e "Use dedicated forum at http://forum.remirepo.net/\n" +cat << EOF +========================================================================== -%if %{?fedora}%{!?fedora:99} < 18 -echo -e "WARNING : Fedora %{fedora} is now EOL :" -echo -e "You should consider upgrading to a supported release.\n" +WARNING : PHP 5.4 have reached its "End of Life". +Even, if this package includes some security fix, backported from 5.5, +The upgrade to a maintained version is very strongly recommended. + +WARNING : These php-* RPMs are not official Fedora / Red Hat build and +overrides the official ones. Don't file bugs on Fedora Project nor Red Hat. + +Use dedicated forum at http://forum.remirepo.net/ +%if %{?fedora}%{!?fedora:99} < 21 +WARNING : Fedora %{fedora} is now EOL : +You should consider upgrading to a supported release %endif +========================================================================== +EOF %if %{with_fpm} @@ -1736,6 +1749,11 @@ fi %changelog +* Wed Sep 30 2015 Remi Collet 5.4.45-2 +- Fix bug #70433 - Uninitialized pointer in phar_make_dirstream + when zip entry filename is "/" +- Fix bug #69720: Null pointer dereference in phar_get_fp_offset() + * Wed Sep 2 2015 Remi Collet 5.4.45-1 - Update to 5.4.45 http://www.php.net/releases/5_4_45.php -- cgit