From 1d2e8718a57750a6d8de0cca2c3b20b269484c20 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 7 Jun 2017 11:21:04 +0200
Subject: v7.1.6

---
 php-onigurama.patch | 181 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 181 insertions(+)
 create mode 100644 php-onigurama.patch

(limited to 'php-onigurama.patch')

diff --git a/php-onigurama.patch b/php-onigurama.patch
new file mode 100644
index 0000000..f4e3c1f
--- /dev/null
+++ b/php-onigurama.patch
@@ -0,0 +1,181 @@
+From 1e0c4386ab87c6f6392933450130470cbd1a2b19 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 30 May 2017 15:35:42 +0200
+Subject: [PATCH] Patch from the upstream git
+ https://github.com/kkos/oniguruma/issues/55 (CVE-2017-9226)
+ b4bf968ad52afe14e60a2dc8a95d3555c543353a Modified for onig 5.9.6
+ f015fbdd95f76438cd86366467bb2b39870dd7c6 Modified for onig 5.9.6
+
+Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
+---
+ ext/mbstring/oniguruma/regparse.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/ext/mbstring/oniguruma/regparse.c b/ext/mbstring/oniguruma/regparse.c
+index bf72300..c6822e6 100644
+--- a/ext/mbstring/oniguruma/regparse.c
++++ b/ext/mbstring/oniguruma/regparse.c
+@@ -3064,7 +3064,7 @@ fetch_token_in_cc(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
+ 	PUNFETCH;
+ 	prev = p;
+ 	num = scan_unsigned_octal_number(&p, end, 3, enc);
+-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
++	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
+ 	if (p == prev) {  /* can't read nothing. */
+ 	  num = 0; /* but, it's not error */
+ 	}
+@@ -3436,7 +3436,7 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env)
+       if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
+ 	prev = p;
+ 	num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
+-	if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
++	if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER;
+ 	if (p == prev) {  /* can't read nothing. */
+ 	  num = 0; /* but, it's not error */
+ 	}
+@@ -4084,7 +4084,11 @@ next_state_val(CClassNode* cc, OnigCodePoint *vs, OnigCodePoint v,
+   switch (*state) {
+   case CCS_VALUE:
+     if (*type == CCV_SB)
++    {
++    if (*vs > 0xff)
++      return ONIGERR_INVALID_CODE_POINT_VALUE;
+       BITSET_SET_BIT(cc->bs, (int )(*vs));
++    }
+     else if (*type == CCV_CODE_POINT) {
+       r = add_code_range(&(cc->mbuf), env, *vs, *vs);
+       if (r < 0) return r;
+-- 
+2.1.4
+
+From 60b1829e1cd18facc696264fd830c4bbd593cfa9 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 30 May 2017 15:37:11 +0200
+Subject: [PATCH] Patch from the upstream git
+ https://github.com/kkos/oniguruma/issues/57 (CVE-2017-9224)
+
+Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
+---
+ ext/mbstring/oniguruma/regexec.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c
+index 7430d78..5e26896 100644
+--- a/ext/mbstring/oniguruma/regexec.c
++++ b/ext/mbstring/oniguruma/regexec.c
+@@ -1425,14 +1425,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+       break;
+ 
+     case OP_EXACT1:  MOP_IN(OP_EXACT1);
+-#if 0
+       DATA_ENSURE(1);
+       if (*p != *s) goto fail;
+       p++; s++;
+-#endif
+-      if (*p != *s++) goto fail;
+-      DATA_ENSURE(0);
+-      p++;
+       MOP_OUT;
+       break;
+ 
+-- 
+2.1.4
+
+From 6a8ae7cf8db3ec8dabfd027e01cdbcbb52654c90 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 30 May 2017 15:38:17 +0200
+Subject: [PATCH] Patch from the upstream git
+ https://github.com/kkos/oniguruma/issues/58 (CVE-2017-9227)
+
+Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
+---
+ ext/mbstring/oniguruma/regexec.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c
+index 5e26896..97d5f32 100644
+--- a/ext/mbstring/oniguruma/regexec.c
++++ b/ext/mbstring/oniguruma/regexec.c
+@@ -3123,6 +3123,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
+     }
+     else {
+       UChar *q = p + reg->dmin;
++
++      if (q >= end) return 0; /* fail */
+       while (p < q) p += enclen(reg->enc, p);
+     }
+   }
+-- 
+2.1.4
+
+From 5416deec665db293ae25548828791453d776a6bf Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 30 May 2017 15:39:21 +0200
+Subject: [PATCH] Patch from the upstream git
+ https://github.com/kkos/oniguruma/issues/59 (CVE-2017-9229)
+ b690371bbf97794b4a1d3f295d4fb9a8b05d402d Modified for onig 5.9.6
+
+Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
+---
+ ext/mbstring/oniguruma/regexec.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/ext/mbstring/oniguruma/regexec.c b/ext/mbstring/oniguruma/regexec.c
+index 97d5f32..42a31bd 100644
+--- a/ext/mbstring/oniguruma/regexec.c
++++ b/ext/mbstring/oniguruma/regexec.c
+@@ -3205,7 +3205,13 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
+     else {
+       if (reg->dmax != ONIG_INFINITE_DISTANCE) {
+ 	*low = p - reg->dmax;
+-	if (*low > s) {
++	if (p - str < reg->dmax) {
++	  *low = (UChar* )str;
++	  if (low_prev)
++	    *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low);
++	}
++	else {
++ 	if (*low > s) {
+ 	  *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
+ 							      *low, (const UChar** )low_prev);
+ 	  if (low_prev && IS_NULL(*low_prev))
+@@ -3218,6 +3224,7 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
+ 					       (pprev ? pprev : str), *low);
+ 	}
+       }
++      }
+     }
+     /* no needs to adjust *high, *high is used as range check only */
+     *high = p - reg->dmin;
+-- 
+2.1.4
+
+From 1c845d295037702d63097e2216b3c5db53f79273 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 30 May 2017 15:40:32 +0200
+Subject: [PATCH] Patch from the upstream git
+ https://github.com/kkos/oniguruma/issues/60 (CVE-2017-9228)
+
+Thanks to Mamoru TASAKA <mtasaka@fedoraproject.org>
+---
+ ext/mbstring/oniguruma/regparse.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/ext/mbstring/oniguruma/regparse.c b/ext/mbstring/oniguruma/regparse.c
+index c6822e6..d2925f1 100644
+--- a/ext/mbstring/oniguruma/regparse.c
++++ b/ext/mbstring/oniguruma/regparse.c
+@@ -4068,7 +4068,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type,
+     }
+   }
+ 
+-  *state = CCS_VALUE;
++  if (*state != CCS_START)
++    *state = CCS_VALUE;
++
+   *type  = CCV_CLASS;
+   return 0;
+ }
+-- 
+2.1.4
+
-- 
cgit