From 725130ba0bb06a3954b3e81c385bea0bca36324e Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 28 Aug 2019 15:33:56 +0200
Subject: From 7.1.32

- mbstring:
  Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe
- pcre:
  Fix #75457 heap use-after-free in pcrelib
---
 php-bug78380.patch | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 php-bug78380.patch

(limited to 'php-bug78380.patch')

diff --git a/php-bug78380.patch b/php-bug78380.patch
new file mode 100644
index 0000000..4d7db35
--- /dev/null
+++ b/php-bug78380.patch
@@ -0,0 +1,78 @@
+From 8cc1b123b05c51442b9a4fc4ea61d7719ee96e0e Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sat, 24 Aug 2019 23:11:45 -0700
+Subject: [PATCH 2/3] Fix CVE-2019-13224: don't allow different encodings for
+ onig_new_deluxe()
+
+Backport from https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
+
+(cherry picked from commit 1258303e66d8dede4f02347334b9f6576e98a21b)
+---
+ ext/mbstring/oniguruma/regext.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ext/mbstring/oniguruma/regext.c b/ext/mbstring/oniguruma/regext.c
+index b1b957b40c..b108e638c6 100644
+--- a/ext/mbstring/oniguruma/regext.c
++++ b/ext/mbstring/oniguruma/regext.c
+@@ -29,6 +29,7 @@
+ 
+ #include "regint.h"
+ 
++#if 0
+ static void
+ conv_ext0be32(const UChar* s, const UChar* end, UChar* conv)
+ {
+@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e
+ 
+   return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
+ }
++#endif
+ 
+ extern int
+ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
+@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end,
+   if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL;
+ 
+   if (ci->pattern_enc != ci->target_enc) {
+-    r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end,
+-                      &cpat, &cpat_end);
+-    if (r) return r;
++    return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION;
+   }
+   else {
+     cpat     = (UChar* )pattern;
+-- 
+2.20.1
+
+From b0aa68eade0d15274465136a6d6b84edd8ab6e4b Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 28 Aug 2019 14:06:50 +0200
+Subject: [PATCH 3/3] NEWS
+
+---
+ NEWS | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/NEWS b/NEWS
+index 5039cdf59d..cb7919bafc 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,6 +1,14 @@
+ PHP                                                                        NEWS
+ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+ 
++Backported from 7.1.32
++
++- mbstring:
++  . Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) (stas)
++
++- pcre:
++  . Fixed bug #75457 (heap use-after-free in pcrelib) (cmb)
++
+ Backported from 7.1.31
+ 
+ - EXIF:
+-- 
+2.20.1
+
-- 
cgit