From b24f881bfb8a7ee8b17c9a8168aa8675d761ecf9 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 2 Apr 2019 16:05:14 +0200 Subject: - exif: Fix #77753 Heap-buffer-overflow in php_ifd_get32s Fix #77831 Heap-buffer-overflow in exif_iif_add_value - sqlite3: Added sqlite3.defensive INI directive --- php-news.patch | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 php-news.patch (limited to 'php-news.patch') diff --git a/php-news.patch b/php-news.patch new file mode 100644 index 0000000..eb02c6c --- /dev/null +++ b/php-news.patch @@ -0,0 +1,96 @@ +From 2701c18b3f5edcff2b08839c9e18b93b77ec7a81 Mon Sep 17 00:00:00 2001 +From: Anatol Belski +Date: Thu, 7 Mar 2019 16:30:16 +0100 +Subject: [PATCH] Update NEWS + +--- + NEWS | 46 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 46 insertions(+) + +diff --git a/NEWS b/NEWS +index 5b0aeb597b..bdefc0ede2 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,5 +1,51 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ++ ++Backported from 7.2.27 ++ ++- Core: ++ . Fixed bug #77630 (rename() across the device may allow unwanted access during ++ processing). (Stas) ++ ++- EXIF: ++ . Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas) ++ . Fixed bug #77540 (Invalid Read on exif_process_SOFn). (Stas) ++ . Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas) ++ . Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas) ++ ++- PHAR: ++ . Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename). ++ (bishop) ++ . Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). (bishop) ++ ++- SPL: ++ . Fixed bug #77431 (openFile() silently truncates after a null byte). (cmb) ++ ++Backported from 7.2.26 ++ ++- GD: ++ . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to ++ use-after-free). (cmb) ++ . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb) ++ ++- Mbstring: ++ . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas) ++ . Fixed bug #77371 (heap buffer overflow in mb regex functions ++ - compile_string_node). (Stas) ++ . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas) ++ . Fixed bug #77382 (heap buffer overflow due to incorrect length in ++ expand_case_fold_string). (Stas) ++ . Fixed bug #77385 (buffer overflow in fetch_token). (Stas) ++ . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas) ++ . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas) ++ ++- Phar: ++ . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas) ++ ++- Xmlrpc: ++ . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb) ++ . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas) ++ + 06 Dec 2018 PHP 7.0.33 + + - Core: +From bffa56dcaafe01686d2b975f7a2e9f740d25e0bb Mon Sep 17 00:00:00 2001 +From: Anatol Belski +Date: Thu, 7 Mar 2019 16:31:43 +0100 +Subject: [PATCH] Fix version in NEWS + +--- + NEWS | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/NEWS b/NEWS +index bdefc0ede2..d21699c54b 100644 +--- a/NEWS ++++ b/NEWS +@@ -1,7 +1,7 @@ + PHP NEWS + ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| + +-Backported from 7.2.27 ++Backported from 7.1.27 + + - Core: + . Fixed bug #77630 (rename() across the device may allow unwanted access during +@@ -21,7 +21,7 @@ Backported from 7.2.27 + - SPL: + . Fixed bug #77431 (openFile() silently truncates after a null byte). (cmb) + +-Backported from 7.2.26 ++Backported from 7.1.26 + + - GD: + . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to -- cgit