summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--php-bug66060.patch40
-rw-r--r--php-bug66218.patch (renamed from php-wip2.patch)263
-rw-r--r--php-bugarm.patch41
-rw-r--r--php-wip.patch24
-rw-r--r--php55.spec18
5 files changed, 241 insertions, 145 deletions
diff --git a/php-bug66060.patch b/php-bug66060.patch
new file mode 100644
index 0000000..553f708
--- /dev/null
+++ b/php-bug66060.patch
@@ -0,0 +1,40 @@
+From 12fe4e90be7bfa2a763197079f68f5568a14e071 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Wed, 27 Nov 2013 11:13:16 +0100
+Subject: [PATCH] Fixed bug #66060 (Heap buffer over-read in DateInterval)
+
+---
+ NEWS | 3 +++
+ ext/date/lib/parse_iso_intervals.c | 4 ++--
+ ext/date/lib/parse_iso_intervals.re | 2 +-
+ 3 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/ext/date/lib/parse_iso_intervals.c b/ext/date/lib/parse_iso_intervals.c
+index bd1ad05..480ea38 100644
+--- a/ext/date/lib/parse_iso_intervals.c
++++ b/ext/date/lib/parse_iso_intervals.c
+@@ -380,7 +380,7 @@ yy6:
+ break;
+ }
+ ptr++;
+- } while (*ptr);
++ } while (!s->errors->error_count && *ptr);
+ s->have_period = 1;
+ TIMELIB_DEINIT;
+ return TIMELIB_PERIOD;
+diff --git a/ext/date/lib/parse_iso_intervals.re b/ext/date/lib/parse_iso_intervals.re
+index 56aa34d..c5e9f67 100644
+--- a/ext/date/lib/parse_iso_intervals.re
++++ b/ext/date/lib/parse_iso_intervals.re
+@@ -348,7 +348,7 @@ isoweek = year4 "-"? "W" weekofyear;
+ break;
+ }
+ ptr++;
+- } while (*ptr);
++ } while (!s->errors->error_count && *ptr);
+ s->have_period = 1;
+ TIMELIB_DEINIT;
+ return TIMELIB_PERIOD;
+--
+1.8.4.3
+
diff --git a/php-wip2.patch b/php-bug66218.patch
index 7618661..848ab5a 100644
--- a/php-wip2.patch
+++ b/php-bug66218.patch
@@ -1,7 +1,133 @@
-diff -up php-5.5.7RC1/ext/reflection/php_reflection.c.prev php-5.5.7RC1/ext/reflection/php_reflection.c
---- php-5.5.7RC1/ext/reflection/php_reflection.c.prev 2013-12-02 14:32:21.349858888 +0100
-+++ php-5.5.7RC1/ext/reflection/php_reflection.c 2013-12-02 15:11:13.073610775 +0100
-@@ -1105,29 +1105,26 @@ static void _extension_string(string *st
+From 3e963f8eb44863ef3d758eabe791190b0fd7bb9a Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 10 Dec 2013 16:07:16 +0100
+Subject: [PATCH] Fixed Bug #66218 zend_register_functions breaks reflection
+
+Functions registered using zend_register_functions instead of zend_module_entry.functions are not seen on reflection.
+
+Ex: additional_functions from api_module_entry.
+Ex: in CLI, dl, cli_set_process_title and cli_get_process_title
+
+Note:
+- also affects functions overrided in extension
+ (should be be reported in extension, where overrided, not in original extension)
+- also allow extension to call zend_register_functions for various list
+ (instead of having a single bug list)
+---
+ NEWS | 1 +
+ Zend/tests/bug66218.phpt | 21 +++++++
+ Zend/zend_builtin_functions.c | 51 ++++++++++-------
+ ext/reflection/php_reflection.c | 66 +++++++++-------------
+ .../tests/ReflectionExtension_bug66218.phpt | 21 +++++++
+ 5 files changed, 101 insertions(+), 59 deletions(-)
+ create mode 100644 Zend/tests/bug66218.phpt
+ create mode 100644 ext/reflection/tests/ReflectionExtension_bug66218.phpt
+
+diff --git a/Zend/tests/bug66218.phpt b/Zend/tests/bug66218.phpt
+new file mode 100644
+index 0000000..af7a5ab
+--- /dev/null
++++ b/Zend/tests/bug66218.phpt
+@@ -0,0 +1,21 @@
++--TEST--
++Bug #66218 zend_register_functions breaks reflection
++--SKIPIF--
++<?php
++if (PHP_SAPI != "cli") die("skip CLI only test");
++if (!function_exists("dl")) die("skip need dl");
++?>
++--FILE--
++<?php
++$tab = get_extension_funcs("standard");
++$fcts = array("dl");
++foreach ($fcts as $fct) {
++ if (in_array($fct, $tab)) {
++ echo "$fct Ok\n";
++ }
++}
++?>
++Done
++--EXPECTF--
++dl Ok
++Done
+diff --git a/Zend/zend_builtin_functions.c b/Zend/zend_builtin_functions.c
+index 04f4ebe..12a8fb2 100644
+--- a/Zend/zend_builtin_functions.c
++++ b/Zend/zend_builtin_functions.c
+@@ -2442,36 +2442,49 @@ ZEND_FUNCTION(extension_loaded)
+ Returns an array with the names of functions belonging to the named extension */
+ ZEND_FUNCTION(get_extension_funcs)
+ {
+- char *extension_name;
+- int extension_name_len;
++ char *extension_name, *lcname;
++ int extension_name_len, array;
+ zend_module_entry *module;
+- const zend_function_entry *func;
+-
++ HashPosition iterator;
++ zend_function *zif;
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &extension_name, &extension_name_len) == FAILURE) {
+ return;
+ }
+-
+ if (strncasecmp(extension_name, "zend", sizeof("zend"))) {
+- char *lcname = zend_str_tolower_dup(extension_name, extension_name_len);
+- if (zend_hash_find(&module_registry, lcname,
+- extension_name_len+1, (void**)&module) == FAILURE) {
+- efree(lcname);
+- RETURN_FALSE;
+- }
++ lcname = zend_str_tolower_dup(extension_name, extension_name_len);
++ } else {
++ lcname = estrdup("core");
++ }
++ if (zend_hash_find(&module_registry, lcname,
++ extension_name_len+1, (void**)&module) == FAILURE) {
+ efree(lcname);
++ RETURN_FALSE;
++ }
+
+- if (!(func = module->functions)) {
+- RETURN_FALSE;
+- }
++ zend_hash_internal_pointer_reset_ex(CG(function_table), &iterator);
++ if (module->functions) {
++ /* avoid BC break, if functions list is empty, will return an empty array */
++ array_init(return_value);
++ array = 1;
+ } else {
+- func = builtin_functions;
++ array = 0;
++ }
++ while (zend_hash_get_current_data_ex(CG(function_table), (void **) &zif, &iterator) == SUCCESS) {
++ if (zif->common.type==ZEND_INTERNAL_FUNCTION
++ && zif->internal_function.module == module) {
++ if (!array) {
++ array_init(return_value);
++ array = 1;
++ }
++ add_next_index_string(return_value, zif->common.function_name, 1);
++ }
++ zend_hash_move_forward_ex(CG(function_table), &iterator);
+ }
+
+- array_init(return_value);
++ efree(lcname);
+
+- while (func->fname) {
+- add_next_index_string(return_value, func->fname, 1);
+- func++;
++ if (!array) {
++ RETURN_FALSE;
+ }
+ }
+ /* }}} */
+diff --git a/ext/reflection/php_reflection.c b/ext/reflection/php_reflection.c
+index c4a7c55..803b12b 100644
+--- a/ext/reflection/php_reflection.c
++++ b/ext/reflection/php_reflection.c
+@@ -1105,29 +1105,26 @@
string_free(&str_constants);
}
@@ -47,7 +173,7 @@ diff -up php-5.5.7RC1/ext/reflection/php_reflection.c.prev php-5.5.7RC1/ext/refl
}
{
-@@ -5264,6 +5261,9 @@ ZEND_METHOD(reflection_extension, getFun
+@@ -5264,6 +5261,9 @@
{
reflection_object *intern;
zend_module_entry *module;
@@ -57,7 +183,7 @@ diff -up php-5.5.7RC1/ext/reflection/php_reflection.c.prev php-5.5.7RC1/ext/refl
if (zend_parse_parameters_none() == FAILURE) {
return;
-@@ -5271,29 +5271,15 @@ ZEND_METHOD(reflection_extension, getFun
+@@ -5271,29 +5271,15 @@
GET_REFLECTION_OBJECT_PTR(module);
array_init(return_value);
@@ -93,130 +219,33 @@ diff -up php-5.5.7RC1/ext/reflection/php_reflection.c.prev php-5.5.7RC1/ext/refl
}
}
/* }}} */
-diff -up php-5.5.7RC1/ext/reflection/tests/ReflectionExtension_bug66218.phpt.prev php-5.5.7RC1/ext/reflection/tests/ReflectionExtension_bug66218.phpt
---- php-5.5.7RC1/ext/reflection/tests/ReflectionExtension_bug66218.phpt.prev 2013-12-02 16:31:00.840348312 +0100
-+++ php-5.5.7RC1/ext/reflection/tests/ReflectionExtension_bug66218.phpt 2013-12-02 15:42:47.726878417 +0100
-@@ -0,0 +1,25 @@
+ diff --git a/ext/reflection/tests/ReflectionExtension_bug66218.phpt b/ext/reflection/tests/ReflectionExtension_bug66218.phpt
+new file mode 100644
+index 0000000..e263624
+--- /dev/null
++++ b/ext/reflection/tests/ReflectionExtension_bug66218.phpt
+@@ -0,0 +1,21 @@
+--TEST--
+ReflectionExtension::getFunctions() ##6218 zend_register_functions breaks reflection
+--SKIPIF--
+<?php
-+if (!extension_loaded('reflection')) print 'skip: missing reflection extension';
-+if (PHP_SAPI != "cli") die("Skip: CLI only test");
++if (!extension_loaded('reflection')) print 'skip missing reflection extension';
++if (PHP_SAPI != "cli") die("skip CLI only test");
++if (!function_exists("dl")) die("skip need dl");
+?>
+--FILE--
+<?php
+$r = new ReflectionExtension('standard');
+$t = $r->getFunctions();
-+var_dump($t['cli_set_process_title']);
-+var_dump($t['cli_get_process_title']);
++var_dump($t['dl']);
+?>
+Done
+--EXPECTF--
+object(ReflectionFunction)#%d (1) {
+ ["name"]=>
-+ string(21) "cli_set_process_title"
++ string(2) "dl"
+}
-+object(ReflectionFunction)#%d (1) {
-+ ["name"]=>
-+ string(21) "cli_get_process_title"
-+}
-+Done
-diff -up php-5.5.7RC1/Zend/tests/bug66218.phpt.prev php-5.5.7RC1/Zend/tests/bug66218.phpt
---- php-5.5.7RC1/Zend/tests/bug66218.phpt.prev 2013-12-02 16:31:15.704395109 +0100
-+++ php-5.5.7RC1/Zend/tests/bug66218.phpt 2013-12-02 14:41:49.085440975 +0100
-@@ -0,0 +1,22 @@
-+--TEST--
-+Bug #66218 zend_register_functions breaks reflection
-+--SKIPIF--
-+<?php
-+if (PHP_SAPI != "cli") die("Skip: CLI only test");
-+?>
-+--FILE--
-+<?php
-+$tab = get_extension_funcs("standard");
-+$fcts = array("dl", "cli_set_process_title", "cli_get_process_title");
-+foreach ($fcts as $fct) {
-+ if (in_array($fct, $tab)) {
-+ echo "$fct Ok\n";
-+ }
-+}
-+?>
+Done
-+--EXPECTF--
-+dl Ok
-+cli_set_process_title Ok
-+cli_get_process_title Ok
-+Done
-diff -up php-5.5.7RC1/Zend/zend_builtin_functions.c.prev php-5.5.7RC1/Zend/zend_builtin_functions.c
---- php-5.5.7RC1/Zend/zend_builtin_functions.c.prev 2013-12-02 11:29:44.399427824 +0100
-+++ php-5.5.7RC1/Zend/zend_builtin_functions.c 2013-12-02 15:08:21.889226383 +0100
-@@ -2442,36 +2442,49 @@ ZEND_FUNCTION(extension_loaded)
- Returns an array with the names of functions belonging to the named extension */
- ZEND_FUNCTION(get_extension_funcs)
- {
-- char *extension_name;
-- int extension_name_len;
-+ char *extension_name, *lcname;
-+ int extension_name_len, array;
- zend_module_entry *module;
-- const zend_function_entry *func;
--
-+ HashPosition iterator;
-+ zend_function *zif;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &extension_name, &extension_name_len) == FAILURE) {
- return;
- }
--
- if (strncasecmp(extension_name, "zend", sizeof("zend"))) {
-- char *lcname = zend_str_tolower_dup(extension_name, extension_name_len);
-- if (zend_hash_find(&module_registry, lcname,
-- extension_name_len+1, (void**)&module) == FAILURE) {
-- efree(lcname);
-- RETURN_FALSE;
-- }
-+ lcname = zend_str_tolower_dup(extension_name, extension_name_len);
-+ } else {
-+ lcname = estrdup("core");
-+ }
-+ if (zend_hash_find(&module_registry, lcname,
-+ extension_name_len+1, (void**)&module) == FAILURE) {
- efree(lcname);
-+ RETURN_FALSE;
-+ }
-
-- if (!(func = module->functions)) {
-- RETURN_FALSE;
-- }
-+ zend_hash_internal_pointer_reset_ex(CG(function_table), &iterator);
-+ if (module->functions) {
-+ /* avoid BC break, if functions list is empty, will return an empty array */
-+ array_init(return_value);
-+ array = 1;
- } else {
-- func = builtin_functions;
-+ array = 0;
-+ }
-+ while (zend_hash_get_current_data_ex(CG(function_table), (void **) &zif, &iterator) == SUCCESS) {
-+ if (zif->common.type==ZEND_INTERNAL_FUNCTION
-+ && zif->internal_function.module == module) {
-+ if (!array) {
-+ array_init(return_value);
-+ array = 1;
-+ }
-+ add_next_index_string(return_value, zif->common.function_name, 1);
-+ }
-+ zend_hash_move_forward_ex(CG(function_table), &iterator);
- }
-
-- array_init(return_value);
-+ efree(lcname);
-
-- while (func->fname) {
-- add_next_index_string(return_value, func->fname, 1);
-- func++;
-+ if (!array) {
-+ RETURN_FALSE;
- }
- }
- /* }}} */
+--
+1.8.4.3
+
diff --git a/php-bugarm.patch b/php-bugarm.patch
new file mode 100644
index 0000000..6bd63b3
--- /dev/null
+++ b/php-bugarm.patch
@@ -0,0 +1,41 @@
+From 60d2e70c062e436a6c6cd3c8a17469a083a38b46 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 10 Dec 2013 12:07:46 +0100
+Subject: [PATCH] Zend: fix overflow handling bug in non-x86
+ fast_add_function()
+
+The 'result' argument of fast_add_function() may alias with either
+of its operands (or both). Take care not to write to 'result' before
+reading op1 and op2.
+---
+ Zend/zend_operators.h | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/Zend/zend_operators.h b/Zend/zend_operators.h
+index 0152e03..5c6fc86 100644
+--- a/Zend/zend_operators.h
++++ b/Zend/zend_operators.h
+@@ -640,13 +640,18 @@ static zend_always_inline int fast_add_function(zval *result, zval *op1, zval *o
+ "n"(ZVAL_OFFSETOF_TYPE)
+ : "rax","cc");
+ #else
+- Z_LVAL_P(result) = Z_LVAL_P(op1) + Z_LVAL_P(op2);
++ /*
++ * 'result' may alias with op1 or op2, so we need to
++ * ensure that 'result' is not updated until after we
++ * have read the values of op1 and op2.
++ */
+
+ if (UNEXPECTED((Z_LVAL_P(op1) & LONG_SIGN_MASK) == (Z_LVAL_P(op2) & LONG_SIGN_MASK)
+- && (Z_LVAL_P(op1) & LONG_SIGN_MASK) != (Z_LVAL_P(result) & LONG_SIGN_MASK))) {
++ && (Z_LVAL_P(op1) & LONG_SIGN_MASK) != ((Z_LVAL_P(op1) + Z_LVAL_P(op2)) & LONG_SIGN_MASK))) {
+ Z_DVAL_P(result) = (double) Z_LVAL_P(op1) + (double) Z_LVAL_P(op2);
+ Z_TYPE_P(result) = IS_DOUBLE;
+ } else {
++ Z_LVAL_P(result) = Z_LVAL_P(op1) + Z_LVAL_P(op2);
+ Z_TYPE_P(result) = IS_LONG;
+ }
+ #endif
+--
+1.8.4.3
+
diff --git a/php-wip.patch b/php-wip.patch
deleted file mode 100644
index 4cdda16..0000000
--- a/php-wip.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -up ext/date/lib/parse_iso_intervals.c.old ext/date/lib/parse_iso_intervals.c
---- a/ext/date/lib/parse_iso_intervals.c.old 2013-11-08 18:22:12.225586458 +0100
-+++ b/ext/date/lib/parse_iso_intervals.c 2013-11-08 18:22:47.484721897 +0100
-@@ -380,7 +380,7 @@ yy6:
- break;
- }
- ptr++;
-- } while (*ptr);
-+ } while (!s->errors->error_count && *ptr);
- s->have_period = 1;
- TIMELIB_DEINIT;
- return TIMELIB_PERIOD;
-diff -up ext/date/lib/parse_iso_intervals.re.old ext/date/lib/parse_iso_intervals.re
---- a/ext/date/lib/parse_iso_intervals.re.old 2013-11-08 18:09:18.815549958 +0100
-+++ b/ext/date/lib/parse_iso_intervals.re 2013-11-08 18:09:34.461608419 +0100
-@@ -348,7 +348,7 @@ isoweek = year4 "-"? "W" weekof
- break;
- }
- ptr++;
-- } while (*ptr);
-+ } while (!s->errors->error_count && *ptr);
- s->have_period = 1;
- TIMELIB_DEINIT;
- return TIMELIB_PERIOD;
diff --git a/php55.spec b/php55.spec
index f2b9b93..06c88db 100644
--- a/php55.spec
+++ b/php55.spec
@@ -106,7 +106,7 @@ Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: 5.5.7
%if 0%{?snapdate:1}%{?rcver:1}
-Release: 0.3.%{?snapdate}%{?rcver}%{?dist}
+Release: 0.4.%{?snapdate}%{?rcver}%{?dist}
%else
Release: 1%{?dist}
%endif
@@ -165,6 +165,14 @@ Patch46: php-5.4.9-fixheader.patch
# drop "Configure command" from phpinfo output
Patch47: php-5.4.9-phpinfo.patch
+# Upstream fixes
+# 66060 Heap buffer over-read in DateInterval
+Patch100: php-bug66060.patch
+# 66218 zend_register_functions breaks reflection
+Patch101: php-bug66218.patch
+# Zend: fix overflow handling bug in non-x86
+Patch103: php-bugarm.patch
+
# Security fixes
# Fixes for tests
@@ -173,8 +181,6 @@ Patch47: php-5.4.9-phpinfo.patch
Patch91: php-5.3.7-oci8conf.patch
# WIP
-Patch100: php-wip.patch
-Patch101: php-wip2.patch
Patch102: php-wip3.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -884,9 +890,10 @@ rm -rf ext/json
%patch91 -p1 -b .remi-oci8
# wip patches
-%patch100 -p1 -b .wip1
+%patch100 -p1 -b .bug66060
%patch101 -p1 -b .bug66218
%patch102 -p1 -b .wip3
+%patch103 -p1 -b .bugarm
# Prevent %%doc confusion over LICENSE files
cp Zend/LICENSE Zend/ZEND_LICENSE
@@ -1861,6 +1868,9 @@ fi
%changelog
+* Tue Dec 10 2013 Remi Collet <rcollet@redhat.com> 5.5.7-0.4.RC1
+- test build
+
* Wed Dec 04 2013 Remi Collet <rcollet@redhat.com> 5.5.7-0.3.RC1
- test build