From e5ccdc6a2543267ddac51a9032b53d568516f36e Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 23 Jan 2020 10:24:32 +0100 Subject: rebuild with 1 more fix --- php-bug79099.patch | 32 ++++++++++++++++++++++++++++++++ php70.spec | 5 +++-- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/php-bug79099.patch b/php-bug79099.patch index c0b5e72..3de1998 100644 --- a/php-bug79099.patch +++ b/php-bug79099.patch @@ -79,3 +79,35 @@ index 0000000000..7c842f4654 +string(0) "" +string(0) "" +string(0) "" +From 740b58637d71aade0a748117b7fbe9a21a1fab70 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Wed, 22 Jan 2020 22:36:53 -0800 +Subject: [PATCH] More checks for php_strip_tags_ex + +(cherry picked from commit 2dc170e25d86a725fefd4c08f2bd8378820b28f5) +--- + ext/standard/string.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ext/standard/string.c b/ext/standard/string.c +index c4b5e031ed..7c044af0fd 100644 +--- a/ext/standard/string.c ++++ b/ext/standard/string.c +@@ -4707,7 +4707,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, int *stateptr, const cha + switch (state) { + case 1: /* HTML/XML */ + lc = '>'; +- if (is_xml && *(p -1) == '-') { ++ if (is_xml && p >= buf + 1 && *(p-1) == '-') { + break; + } + in_q = state = is_xml = 0; +@@ -4728,7 +4728,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, int *stateptr, const cha + break; + + case 2: /* PHP */ +- if (!br && lc != '\"' && *(p-1) == '?') { ++ if (!br && lc != '\"' && p >= buf + 1 && *(p-1) == '?') { + in_q = state = 0; + tp = tbuf; + } diff --git a/php70.spec b/php70.spec index 8b2d831..f6c8d50 100644 --- a/php70.spec +++ b/php70.spec @@ -118,7 +118,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 16%{?dist} +Release: 17%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -1609,6 +1609,7 @@ cd build-apache # Run tests, using the CLI SAPI export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2 export SKIP_ONLINE_TESTS=1 +export SKIP_SLOW_TESTS=1 unset TZ LANG LC_ALL if ! make test; then set +x @@ -2135,7 +2136,7 @@ fi %changelog -* Tue Jan 21 2020 Remi Collet - 7.0.33-16 +* Thu Jan 23 2020 Remi Collet - 7.0.33-17 - mbstring: Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar CVE-2020-7060 -- cgit