From a49c6c5a453edf008ea33de49d45857b073cca5a Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Fri, 22 Jul 2016 19:29:20 +0200
Subject: PHP 5.4.45 with security fix from 5.5.38

---
 bug72613.patch | 281 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 281 insertions(+)
 create mode 100644 bug72613.patch

(limited to 'bug72613.patch')

diff --git a/bug72613.patch b/bug72613.patch
new file mode 100644
index 0000000..231f573
--- /dev/null
+++ b/bug72613.patch
@@ -0,0 +1,281 @@
+Adapted for 5.4, by Remi Collet, binary patch removed, from:
+
+
+From f3feddb5b45b5abd93abb1a95044b7e099d51c84 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 18 Jul 2016 22:20:45 -0700
+Subject: [PATCH] Partial fix for bug #72613 - do not treat negative returns
+ from bz2 as size_t
+
+---
+ ext/bz2/bz2.c               |  80 +++++++++++++++++++++++---------------------
+ ext/bz2/tests/72613.bz2     | Bin 0 -> 351 bytes
+ ext/bz2/tests/bug72613.phpt |  23 +++++++++++++
+ 3 files changed, 65 insertions(+), 38 deletions(-)
+ create mode 100644 ext/bz2/tests/72613.bz2
+ create mode 100644 ext/bz2/tests/bug72613.phpt
+
+diff --git a/ext/bz2/bz2.c b/ext/bz2/bz2.c
+index de3250e..7cfcaa8 100644
+--- a/ext/bz2/bz2.c
++++ b/ext/bz2/bz2.c
+@@ -15,7 +15,7 @@
+   | Author: Sterling Hughes <sterling@php.net>                           |
+   +----------------------------------------------------------------------+
+ */
+- 
++
+ /* $Id$ */
+ 
+ #ifdef HAVE_CONFIG_H
+@@ -137,29 +137,33 @@ struct php_bz2_stream_data_t {
+ static size_t php_bz2iop_read(php_stream *stream, char *buf, size_t count TSRMLS_DC)
+ {
+ 	struct php_bz2_stream_data_t *self = (struct php_bz2_stream_data_t *) stream->abstract;
+-	size_t ret;
+-	
+-	ret = BZ2_bzread(self->bz_file, buf, count);
++	int bz2_ret;
++
++	bz2_ret = BZ2_bzread(self->bz_file, buf, count);
+ 
+-	if (ret == 0) {
++	if (bz2_ret < 0) {
++		stream->eof = 1;
++		return -1;
++	}
++	if (bz2_ret == 0) {
+ 		stream->eof = 1;
+ 	}
+ 
+-	return ret;
++	return (size_t)bz2_ret;
+ }
+ 
+ static size_t php_bz2iop_write(php_stream *stream, const char *buf, size_t count TSRMLS_DC)
+ {
+ 	struct php_bz2_stream_data_t *self = (struct php_bz2_stream_data_t *) stream->abstract;
+ 
+-	return BZ2_bzwrite(self->bz_file, (char*)buf, count); 
++	return BZ2_bzwrite(self->bz_file, (char*)buf, count);
+ }
+ 
+ static int php_bz2iop_close(php_stream *stream, int close_handle TSRMLS_DC)
+ {
+ 	struct php_bz2_stream_data_t *self = (struct php_bz2_stream_data_t *)stream->abstract;
+ 	int ret = EOF;
+-	
++
+ 	if (close_handle) {
+ 		BZ2_bzclose(self->bz_file);
+ 	}
+@@ -191,11 +195,11 @@ php_stream_ops php_stream_bz2io_ops = {
+ };
+ 
+ /* {{{ Bzip2 stream openers */
+-PHP_BZ2_API php_stream *_php_stream_bz2open_from_BZFILE(BZFILE *bz, 
++PHP_BZ2_API php_stream *_php_stream_bz2open_from_BZFILE(BZFILE *bz,
+ 														char *mode, php_stream *innerstream STREAMS_DC TSRMLS_DC)
+ {
+ 	struct php_bz2_stream_data_t *self;
+-	
++
+ 	self = emalloc(sizeof(*self));
+ 
+ 	self->stream = innerstream;
+@@ -226,7 +230,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
+ 	virtual_filepath_ex(path, &path_copy, NULL TSRMLS_CC);
+ #else
+ 	path_copy = path;
+-#endif  
++#endif
+ 
+ 	if (php_check_open_basedir(path_copy TSRMLS_CC)) {
+ #ifdef VIRTUAL_DIR
+@@ -234,7 +238,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
+ #endif
+ 		return NULL;
+ 	}
+-	
++
+ 	/* try and open it directly first */
+ 	bz_file = BZ2_bzopen(path_copy, mode);
+ 
+@@ -245,11 +249,11 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
+ 	free(path_copy);
+ #endif
+ 	path_copy = NULL;
+-	
++
+ 	if (bz_file == NULL) {
+ 		/* that didn't work, so try and get something from the network/wrapper */
+ 		stream = php_stream_open_wrapper(path, mode, options | STREAM_WILL_CAST, opened_path);
+-	
++
+ 		if (stream) {
+ 			int fd;
+ 			if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD, (void **) &fd, REPORT_ERRORS)) {
+@@ -264,7 +268,7 @@ PHP_BZ2_API php_stream *_php_stream_bz2open(php_stream_wrapper *wrapper,
+ 			VCWD_UNLINK(*opened_path);
+ 		}
+ 	}
+-	
++
+ 	if (bz_file) {
+ 		retstream = _php_stream_bz2open_from_BZFILE(bz_file, mode, stream STREAMS_REL_CC TSRMLS_CC);
+ 		if (retstream) {
+@@ -340,7 +344,7 @@ static PHP_FUNCTION(bzread)
+ 	if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r|l", &bz, &len)) {
+ 		RETURN_FALSE;
+ 	}
+-	
++
+ 	php_stream_from_zval(stream, &bz);
+ 
+ 	if ((len + 1) < 1) {
+@@ -350,13 +354,13 @@ static PHP_FUNCTION(bzread)
+ 
+ 	Z_STRVAL_P(return_value) = emalloc(len + 1);
+ 	Z_STRLEN_P(return_value) = php_stream_read(stream, Z_STRVAL_P(return_value), len);
+-	
++
+ 	if (Z_STRLEN_P(return_value) < 0) {
+ 		efree(Z_STRVAL_P(return_value));
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "could not read valid bz2 data from stream");
+-		RETURN_FALSE;		
++		RETURN_FALSE;
+ 	}
+-	
++
+ 	Z_STRVAL_P(return_value)[Z_STRLEN_P(return_value)] = 0;
+ 	Z_TYPE_P(return_value) = IS_STRING;
+ }
+@@ -372,7 +376,7 @@ static PHP_FUNCTION(bzopen)
+ 
+ 	BZFILE   *bz;     /* The compressed file stream */
+ 	php_stream *stream = NULL;
+-	
++
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "Zs", &file, &mode, &mode_len) == FAILURE) {
+ 		return;
+ 	}
+@@ -388,15 +392,15 @@ static PHP_FUNCTION(bzopen)
+ 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "filename cannot be empty");
+ 			RETURN_FALSE;
+ 		}
+-		
++
+ 		if (CHECK_ZVAL_NULL_PATH(*file)) {
+ 			RETURN_FALSE;
+ 		}
+ 
+ 		stream = php_stream_bz2open(NULL,
+-									Z_STRVAL_PP(file), 
+-									mode, 
+-									REPORT_ERRORS, 
++									Z_STRVAL_PP(file),
++									mode,
++									REPORT_ERRORS,
+ 									NULL);
+ 	} else if (Z_TYPE_PP(file) == IS_RESOURCE) {
+ 		/* If it is a resource, than its a stream resource */
+@@ -405,7 +409,7 @@ static PHP_FUNCTION(bzopen)
+ 
+ 		php_stream_from_zval(stream, file);
+ 		stream_mode_len = strlen(stream->mode);
+-		
++
+ 		if (stream_mode_len != 1 && !(stream_mode_len == 2 && memchr(stream->mode, 'b', 2))) {
+ 			php_error_docref(NULL TSRMLS_CC, E_WARNING, "cannot use stream opened in mode '%s'", stream->mode);
+ 			RETURN_FALSE;
+@@ -439,7 +443,7 @@ static PHP_FUNCTION(bzopen)
+ 		if (FAILURE == php_stream_cast(stream, PHP_STREAM_AS_FD, (void *) &fd, REPORT_ERRORS)) {
+ 			RETURN_FALSE;
+ 		}
+-		
++
+ 		bz = BZ2_bzdopen(fd, mode);
+ 
+ 		stream = php_stream_bz2open_from_BZFILE(bz, mode, stream);
+@@ -493,7 +497,7 @@ static PHP_FUNCTION(bzcompress)
+ 					  work_factor = 0, /* Work factor for compression algorithm */
+ 					  argc;            /* Argument count */
+ 	int               source_len;      /* Length of the source data */
+-	unsigned int      dest_len;        /* Length of the destination buffer */ 
++	unsigned int      dest_len;        /* Length of the destination buffer */
+ 
+ 	argc = ZEND_NUM_ARGS();
+ 
+@@ -502,19 +506,19 @@ static PHP_FUNCTION(bzcompress)
+ 	}
+ 
+ 	/* Assign them to easy to use variables, dest_len is initially the length of the data
+-	   + .01 x length of data + 600 which is the largest size the results of the compression 
+-	   could possibly be, at least that's what the libbz2 docs say (thanks to jeremy@nirvani.net 
++	   + .01 x length of data + 600 which is the largest size the results of the compression
++	   could possibly be, at least that's what the libbz2 docs say (thanks to jeremy@nirvani.net
+ 	   for pointing this out).  */
+ 	dest_len   = (unsigned int) (source_len + (0.01 * source_len) + 600);
+-	
++
+ 	/* Allocate the destination buffer */
+ 	dest = emalloc(dest_len + 1);
+-	
++
+ 	/* Handle the optional arguments */
+ 	if (argc > 1) {
+ 		block_size = zblock_size;
+ 	}
+-	
++
+ 	if (argc > 2) {
+ 		work_factor = zwork_factor;
+ 	}
+@@ -564,7 +568,7 @@ static PHP_FUNCTION(bzdecompress)
+ 	/* in most cases bz2 offers at least 2:1 compression, so we use that as our base */
+ 	bzs.avail_out = source_len * 2;
+ 	bzs.next_out = dest = emalloc(bzs.avail_out + 1);
+-	
++
+ 	while ((error = BZ2_bzDecompress(&bzs)) == BZ_OK && bzs.avail_in > 0) {
+ 		/* compression is better then 2:1, need to allocate more memory */
+ 		bzs.avail_out = source_len;
+@@ -590,13 +594,13 @@ static PHP_FUNCTION(bzdecompress)
+ /* {{{ php_bz2_error()
+    The central error handling interface, does the work for bzerrno, bzerrstr and bzerror */
+ static void php_bz2_error(INTERNAL_FUNCTION_PARAMETERS, int opt)
+-{ 
++{
+ 	zval         *bzp;     /* BZip2 Resource Pointer */
+ 	php_stream   *stream;
+ 	const char   *errstr;  /* Error string */
+ 	int           errnum;  /* Error number */
+ 	struct php_bz2_stream_data_t *self;
+-	
++
+ 	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "r", &bzp) == FAILURE) {
+ 		return;
+ 	}
+@@ -608,10 +612,10 @@ static void php_bz2_error(INTERNAL_FUNCTION_PARAMETERS, int opt)
+ 	}
+ 
+ 	self = (struct php_bz2_stream_data_t *) stream->abstract;
+-	
++
+ 	/* Fetch the error information */
+ 	errstr = BZ2_bzerror(self->bz_file, &errnum);
+-	
++
+ 	/* Determine what to return */
+ 	switch (opt) {
+ 		case PHP_BZ_ERRNO:
+@@ -622,7 +626,7 @@ static void php_bz2_error(INTERNAL_FUNCTION_PARAMETERS, int opt)
+ 			break;
+ 		case PHP_BZ_ERRBOTH:
+ 			array_init(return_value);
+-		
++
+ 			add_assoc_long  (return_value, "errno",  errnum);
+ 			add_assoc_string(return_value, "errstr", (char*)errstr, 1);
+ 			break;
+
-- 
cgit