From b7eb647b5e66bca77ad22954493129b027e78586 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 7 Jun 2017 12:52:00 +0200 Subject: v7.1.6 --- failed.txt | 10 +-- php-onigurama.patch | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++ php71.spec | 8 ++- 3 files changed, 193 insertions(+), 6 deletions(-) create mode 100644 php-onigurama.patch diff --git a/failed.txt b/failed.txt index 2d279ae..7fd708c 100644 --- a/failed.txt +++ b/failed.txt @@ -1,22 +1,22 @@ -===== 7.1.6RC1 (2017-05-25) +===== 7.1.6 (2017-06-08) $ grep -r 'Tests failed' /var/lib/mock/*/build.log /var/lib/mock/el6i/build.log:Tests failed : 0 /var/lib/mock/el6x/build.log:Tests failed : 0 /var/lib/mock/el7x/build.log:Tests failed : 0 -/var/lib/mock/fc23i/build.log:Tests failed : 1 +/var/lib/mock/fc23i/build.log:Tests failed : 0 /var/lib/mock/fc23x/build.log:Tests failed : 0 /var/lib/mock/fc24i/build.log:Tests failed : 0 /var/lib/mock/fc24x/build.log:Tests failed : 0 /var/lib/mock/fc25i/build.log:Tests failed : 0 /var/lib/mock/fc25x/build.log:Tests failed : 0 -/var/lib/mock/fc26i/build.log:Tests failed : 0 +/var/lib/mock/fc26i/build.log:Tests failed : 1 /var/lib/mock/fc26x/build.log:Tests failed : 0 -fc23i - Bug #70198 Checking liveness does not work as expected [ext/standard/tests/streams/bug70198.phpt] +fc26i + (1) Bug #60120 proc_open hangs with stdin/out with 2048+ bytes [ext/standard/tests/streams/proc_open_bug60120.phpt] (1) proc_open give erratic test results :( diff --git a/php-onigurama.patch b/php-onigurama.patch new file mode 100644 index 0000000..f4e3c1f --- /dev/null +++ b/php-onigurama.patch @@ -0,0 +1,181 @@ +From 1e0c4386ab87c6f6392933450130470cbd1a2b19 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 30 May 2017 15:35:42 +0200 +Subject: [PATCH] Patch from the upstream git + https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226) + b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6 + f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6 + +Thanks to Mamoru TASAKA +--- + ext/mbstring/oniguruma/regparse.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/ext/mbstring/oniguruma/regparse.c b/ext/mbstring/oniguruma/regparse.c +index bf72300..c6822e6 100644 +--- a/ext/mbstring/oniguruma/regparse.c ++++ b/ext/mbstring/oniguruma/regparse.c +@@ -3064,7 +3064,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) + PUNFETCH; + prev = p; + num = scan_unsigned_octal_number(&p, end, 3, enc); +- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; ++ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; + if (p == prev) { /* can't read nothing. */ + num = 0; /* but, it's not error */ + } +@@ -3436,7 +3436,7 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) + if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { + prev = p; + num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); +- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; ++ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; + if (p == prev) { /* can't read nothing. */ + num = 0; /* but, it's not error */ + } +@@ -4084,7 +4084,11 @@ next_state_val(CClassNode* cc, OnigCodePoint *vs, OnigCodePoint v, + switch (*state) { + case CCS_VALUE: + if (*type == CCV_SB) ++ { ++ if (*vs > 0xff) ++ return ONIGERR_INVALID_CODE_POINT_VALUE; + BITSET_SET_BIT(cc->bs, (int )(*vs)); ++ } + else if (*type == CCV_CODE_POINT) { + r = add_code_range(&(cc->mbuf), env, *vs, *vs); + if (r < 0) return r; +-- +2.1.4 + +From 60b1829e1cd18facc696264fd830c4bbd593cfa9 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 30 May 2017 15:37:11 +0200 +Subject: [PATCH] Patch from the upstream git + https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224) + +Thanks to Mamoru TASAKA +--- + ext/mbstring/oniguruma/regexec.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c +index 7430d78..5e26896 100644 +--- a/ext/mbstring/oniguruma/regexec.c ++++ b/ext/mbstring/oniguruma/regexec.c +@@ -1425,14 +1425,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, + break; + + case OP_EXACT1: MOP_IN(OP_EXACT1); +-#if 0 + DATA_ENSURE(1); + if (*p != *s) goto fail; + p++; s++; +-#endif +- if (*p != *s++) goto fail; +- DATA_ENSURE(0); +- p++; + MOP_OUT; + break; + +-- +2.1.4 + +From 6a8ae7cf8db3ec8dabfd027e01cdbcbb52654c90 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 30 May 2017 15:38:17 +0200 +Subject: [PATCH] Patch from the upstream git + https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227) + +Thanks to Mamoru TASAKA +--- + ext/mbstring/oniguruma/regexec.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c +index 5e26896..97d5f32 100644 +--- a/ext/mbstring/oniguruma/regexec.c ++++ b/ext/mbstring/oniguruma/regexec.c +@@ -3123,6 +3123,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, + } + else { + UChar *q = p + reg->dmin; ++ ++ if (q >= end) return 0; /* fail */ + while (p < q) p += enclen(reg->enc, p); + } + } +-- +2.1.4 + +From 5416deec665db293ae25548828791453d776a6bf Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 30 May 2017 15:39:21 +0200 +Subject: [PATCH] Patch from the upstream git + https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229) + b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6 + +Thanks to Mamoru TASAKA +--- + ext/mbstring/oniguruma/regexec.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c +index 97d5f32..42a31bd 100644 +--- a/ext/mbstring/oniguruma/regexec.c ++++ b/ext/mbstring/oniguruma/regexec.c +@@ -3205,7 +3205,13 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, + else { + if (reg->dmax != ONIG_INFINITE_DISTANCE) { + *low = p - reg->dmax; +- if (*low > s) { ++ if (p - str < reg->dmax) { ++ *low = (UChar* )str; ++ if (low_prev) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low); ++ } ++ else { ++ if (*low > s) { + *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, + *low, (const UChar** )low_prev); + if (low_prev && IS_NULL(*low_prev)) +@@ -3218,6 +3224,7 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, + (pprev ? pprev : str), *low); + } + } ++ } + } + /* no needs to adjust *high, *high is used as range check only */ + *high = p - reg->dmin; +-- +2.1.4 + +From 1c845d295037702d63097e2216b3c5db53f79273 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 30 May 2017 15:40:32 +0200 +Subject: [PATCH] Patch from the upstream git + https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228) + +Thanks to Mamoru TASAKA +--- + ext/mbstring/oniguruma/regparse.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/ext/mbstring/oniguruma/regparse.c b/ext/mbstring/oniguruma/regparse.c +index c6822e6..d2925f1 100644 +--- a/ext/mbstring/oniguruma/regparse.c ++++ b/ext/mbstring/oniguruma/regparse.c +@@ -4068,7 +4068,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type, + } + } + +- *state = CCS_VALUE; ++ if (*state != CCS_START) ++ *state = CCS_VALUE; ++ + *type = CCV_CLASS; + return 0; + } +-- +2.1.4 + diff --git a/php71.spec b/php71.spec index 7d09e8d..4891123 100644 --- a/php71.spec +++ b/php71.spec @@ -121,7 +121,7 @@ %endif %global upver 7.1.6 -%global rcver RC1 +#global rcver RC1 Summary: PHP scripting language for creating dynamic web sites Name: php @@ -181,6 +181,7 @@ Patch91: php-5.6.3-oci8conf.patch # Upstream fixes (100+) # Security fixes (200+) +Patch200: php-onigurama.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1025,6 +1026,7 @@ httpd -V | grep -q 'threaded:.*yes' && exit 1 # upstream patches # security patches +%patch200 -p1 -b .onig # Fixes for tests %if 0%{?fedora} >= 24 || 0%{?rhel} >= 5 @@ -2057,6 +2059,10 @@ fi %changelog +* Wed Jun 7 2017 Remi Collet - 7.1.6-1 +- Update to 7.1.6 - http://www.php.net/releases/7_1_6.php +- add upstream security patches for oniguruma + * Wed May 24 2017 Remi Collet - 7.1.6~RC1-1 - Update to 7.1.6RC1 -- cgit