summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2020-01-23 09:32:25 +0100
committerRemi Collet <remi@remirepo.net>2020-01-23 09:32:25 +0100
commita547e76e0f73ce594b9dff90133a8f829093a1ff (patch)
treed5ed05e73e9c63cbf67d04752609bdaa205128b0
parent9fd633180dddf5573aa49084454a9357b29b06bb (diff)
rebuild with 1 more fix
-rw-r--r--php-bug79099.patch32
-rw-r--r--php71.spec5
2 files changed, 35 insertions, 2 deletions
diff --git a/php-bug79099.patch b/php-bug79099.patch
index 2e42a70..5bdd647 100644
--- a/php-bug79099.patch
+++ b/php-bug79099.patch
@@ -79,3 +79,35 @@ index 0000000000..7c842f4654
+string(0) ""
+string(0) ""
+string(0) ""
+From a9620f5c7f2d55ca90552d3eb44d0980f10deec3 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Wed, 22 Jan 2020 22:36:53 -0800
+Subject: [PATCH] More checks for php_strip_tags_ex
+
+(cherry picked from commit 2dc170e25d86a725fefd4c08f2bd8378820b28f5)
+---
+ ext/standard/string.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/standard/string.c b/ext/standard/string.c
+index c88135da6f..018e919cbf 100644
+--- a/ext/standard/string.c
++++ b/ext/standard/string.c
+@@ -4731,7 +4731,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, int *stateptr, const cha
+ switch (state) {
+ case 1: /* HTML/XML */
+ lc = '>';
+- if (is_xml && *(p -1) == '-') {
++ if (is_xml && p >= buf + 1 && *(p-1) == '-') {
+ break;
+ }
+ in_q = state = is_xml = 0;
+@@ -4752,7 +4752,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, int *stateptr, const cha
+ break;
+
+ case 2: /* PHP */
+- if (!br && lc != '\"' && *(p-1) == '?') {
++ if (!br && lc != '\"' && p >= buf + 1 && *(p-1) == '?') {
+ in_q = state = 0;
+ tp = tbuf;
+ }
diff --git a/php71.spec b/php71.spec
index 37a4fa1..bf6cfee 100644
--- a/php71.spec
+++ b/php71.spec
@@ -118,7 +118,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
-Release: 3%{?dist}
+Release: 4%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -1559,6 +1559,7 @@ cd build-apache
# Run tests, using the CLI SAPI
export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2
export SKIP_ONLINE_TESTS=1
+export SKIP_SLOW_TESTS=1
unset TZ LANG LC_ALL
if ! make test; then
set +x
@@ -2118,7 +2119,7 @@ EOF
%changelog
-* Tue Jan 21 2020 Remi Collet <remi@remirepo.net> - 7.1.33-3
+* Thu Jan 23 2020 Remi Collet <remi@remirepo.net> - 7.1.33-4
- mbstring:
Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar
CVE-2020-7060