diff options
-rw-r--r-- | bug75579.patch | 76 | ||||
-rw-r--r-- | failed.txt | 2 | ||||
-rw-r--r-- | php.spec | 9 |
3 files changed, 6 insertions, 81 deletions
diff --git a/bug75579.patch b/bug75579.patch deleted file mode 100644 index f69c853..0000000 --- a/bug75579.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 841e7a192259e3e8ec34645176a2f4565e7e8877 Mon Sep 17 00:00:00 2001 -From: Dmitry Stogov <dmitry@zend.com> -Date: Thu, 21 Dec 2017 23:34:21 +0300 -Subject: [PATCH] Fixed bug #75579 (Interned strings buffer overflow may cause - crash) - ---- - NEWS | 4 ++++ - ext/opcache/zend_file_cache.c | 32 ++++++++++++++++++++++++++++++-- - 2 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/ext/opcache/zend_file_cache.c b/ext/opcache/zend_file_cache.c -index fb6827a9fd70..344851ec44a2 100644 ---- a/ext/opcache/zend_file_cache.c -+++ b/ext/opcache/zend_file_cache.c -@@ -227,8 +227,17 @@ static void *zend_file_cache_unserialize_interned(zend_string *str, int in_shm) - if (in_shm) { - ret = accel_new_interned_string(str); - if (ret == str) { -+ /* We have to create new SHM allocated string */ -+ size_t size = _ZSTR_STRUCT_SIZE(ZSTR_LEN(str)); -+ ret = zend_shared_alloc(size); -+ if (!ret) { -+ zend_accel_schedule_restart_if_necessary(ACCEL_RESTART_OOM); -+ LONGJMP(*EG(bailout), FAILURE); -+ } -+ memcpy(ret, str, size); - /* String wasn't interned but we will use it as interned anyway */ -- GC_FLAGS(ret) |= IS_STR_INTERNED | IS_STR_PERMANENT; -+ GC_REFCOUNT(ret) = 1; -+ GC_TYPE_INFO(ret) = IS_STRING | ((IS_STR_INTERNED | IS_STR_PERSISTENT | IS_STR_PERMANENT) << 8); - } - } else { - ret = str; -@@ -1303,6 +1312,7 @@ zend_persistent_script *zend_file_cache_script_load(zend_file_handle *file_handl - zend_accel_hash_entry *bucket; - void *mem, *checkpoint, *buf; - int cache_it = 1; -+ int ok; - - if (!full_path) { - return NULL; -@@ -1395,6 +1405,7 @@ zend_persistent_script *zend_file_cache_script_load(zend_file_handle *file_handl - - if (!ZCG(accel_directives).file_cache_only && - !ZCSG(restart_in_progress) && -+ !ZSMMG(memory_exhausted) && - accelerator_shm_read_lock() == SUCCESS) { - /* exclusive lock */ - zend_shared_alloc_lock(); -@@ -1444,7 +1455,24 @@ zend_persistent_script *zend_file_cache_script_load(zend_file_handle *file_handl - ZCG(mem) = ((char*)mem + info.mem_size); - script = (zend_persistent_script*)((char*)buf + info.script_offset); - script->corrupted = !cache_it; /* used to check if script restored to SHM or process memory */ -- zend_file_cache_unserialize(script, buf); -+ -+ ok = 1; -+ zend_try { -+ zend_file_cache_unserialize(script, buf); -+ } zend_catch { -+ ok = 0; -+ } zend_end_try(); -+ if (!ok) { -+ if (cache_it) { -+ zend_shared_alloc_unlock(); -+ goto use_process_mem; -+ } else { -+ zend_arena_release(&CG(arena), checkpoint); -+ efree(filename); -+ return NULL; -+ } -+ } -+ - script->corrupted = 0; - - if (cache_it) { @@ -1,4 +1,4 @@ -===== 7.2.1RC1 (2017-12-14) +===== 7.2.1 (2018-01-04) $ grep -r 'Tests failed' /var/lib/mock/scl72*/build.log /var/lib/mock/scl72el6x/build.log:Tests failed : 0 @@ -125,12 +125,12 @@ %endif %global upver 7.2.1 -%global rcver RC1 +#global rcver RC1 Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 2%{?dist} +Release: 1%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -182,7 +182,6 @@ Patch47: php-5.6.3-phpinfo.patch Patch91: php-7.2.0-oci8conf.patch # Upstream fixes (100+) -Patch100: bug75579.patch # Security fixes (200+) @@ -915,7 +914,6 @@ low-level PHP extension for the libsodium cryptographic library. %patch91 -p1 -b .remi-oci8 # upstream patches -%patch100 -p1 -b .upstream # security patches @@ -1841,6 +1839,9 @@ fi %changelog +* Wed Jan 3 2018 Remi Collet <remi@remirepo.net> - 7.2.1-1 +- Update to 7.2.1 - http://www.php.net/releases/7_2_1.php + * Fri Dec 29 2017 Remi Collet <remi@remirepo.net> - 7.2.1~RC1-2 - add upstream patch for https://bugs.php.net/75579 |