From e3c0a2ba77c93252efd1c70ffab1b2ade30c9d14 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 26 Apr 2016 11:13:11 +0200 Subject: php 5.4: add fix for #64938 --- bug64938.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ php54.spec | 8 +++++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 bug64938.patch diff --git a/bug64938.patch b/bug64938.patch new file mode 100644 index 0000000..8986b58 --- /dev/null +++ b/bug64938.patch @@ -0,0 +1,42 @@ +Backported for 5.4 by Remi Collet + + +From de31324c221c1791b26350ba106cc26bad23ace9 Mon Sep 17 00:00:00 2001 +From: Martin Jansen +Date: Thu, 22 Jan 2015 20:58:15 +0100 +Subject: [PATCH] Fix bug #64938: libxml_disable_entity_loader setting is + shared between threads + +The availability of entity loading is stored in a module global which +previously was only initialized in the GINIT constructor. This had the +effect that disabling the entity loader in one request caused +subsequent requests hitting the same Apache child process to also have +the loader disabled. + +With this change the loader is explicitely enabled in the request init +phase. +--- + NEWS | 4 ++++ + ext/libxml/libxml.c | 6 ++++++ + 2 files changed, 10 insertions(+) + +diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c +index 4b7a36a..5f0da89 100644 +--- a/ext/libxml/libxml.c ++++ b/ext/libxml/libxml.c +@@ -851,6 +851,12 @@ static PHP_RINIT_FUNCTION(libxml) + xmlSetGenericErrorFunc(NULL, php_libxml_error_handler); + xmlParserInputBufferCreateFilenameDefault(php_libxml_input_buffer_create_filename); + xmlOutputBufferCreateFilenameDefault(php_libxml_output_buffer_create_filename); ++ ++ /* Enable the entity loader by default. This ensure that ++ * other threads/requests that might have disable the loader ++ * do not affect the current request. ++ */ ++ LIBXML(entity_loader_disabled) = 0; + } + return SUCCESS; + } +-- +2.1.4 + diff --git a/php54.spec b/php54.spec index c4bec50..2cd459a 100644 --- a/php54.spec +++ b/php54.spec @@ -98,7 +98,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.4.45 -Release: 7%{?dist} +Release: 8%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -177,6 +177,7 @@ Patch217: bug71906.patch Patch218: bug71798.patch Patch219: bug71704.patch Patch220: bug71527.patch +Patch221: bug64938.patch # Fixes for tests # no_NO issue @@ -905,6 +906,7 @@ rm -f ext/json/utf8_to_utf16.* %patch218 -p1 -b .bug71798 %patch219 -p1 -b .bug71704 %patch220 -p1 -b .bug71527 +%patch221 -p1 -b .bug64938 # Fixes for tests %patch301 -p1 -b .datetests2 @@ -1794,6 +1796,10 @@ fi %changelog +* Tue Apr 26 2016 Remi Collet 5.4.45-8 +- Fix #64938: libxml_disable_entity_loader setting is shared + between threads CVE-2015-8866 + * Tue Mar 29 2016 Remi Collet 5.4.45-7 - Fix #71860: Require valid paths for phar filenames CVE-2016-4072 -- cgit