From 3e68e215f31973b11121aec8d62c720c74744b6a Mon Sep 17 00:00:00 2001
From: small_leek <xiasenlin1@huawei.com>
Date: Tue, 21 Jul 2020 11:44:20 +0800
Subject: [PATCH] =?UTF-8?q?=E5=9B=9E=E9=80=80=20'Pull=20Request=20!9=20:?=
 =?UTF-8?q?=20fix=20CVE-2019-11048'?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CVE-2019-11048.patch | 141 -------------------------------------------
 php.spec             |   9 +--
 2 files changed, 1 insertion(+), 149 deletions(-)
 delete mode 100644 CVE-2019-11048.patch

diff --git a/CVE-2019-11048.patch b/CVE-2019-11048.patch
deleted file mode 100644
index de500ba..0000000
--- a/CVE-2019-11048.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-From cf083535f8ba49e6812b4bf22c2e95dfe46d8ecd Mon Sep 17 00:00:00 2001
-From: Sara Golemon <pollita@php.net>
-Date: Tue, 14 Apr 2020 15:16:26 +0000
-Subject: [PATCH 2/5] Update CREDITS for PHP 7.2.30
-
----
- ext/standard/credits_ext.h  | 12 ++++++------
- ext/standard/credits_sapi.h | 10 +++++-----
- 2 files changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/ext/standard/credits_ext.h b/ext/standard/credits_ext.h
-index cf4262497746..6baede162b5c 100644
---- a/ext/standard/credits_ext.h
-+++ b/ext/standard/credits_ext.h
-@@ -1,11 +1,11 @@
--/* 
-+/*
-                       DO NOT EDIT THIS FILE!
- 
-- it has been automaticaly created by php7/scripts/credits from  
-+ it has been automaticaly created by php7/scripts/credits from
-  the information found in the various php7/ext/.../CREDITS and
-- php7/sapi/.../CREDITS files 
-- 
-- if you want to change an entry you have to edit the appropriate 
-+ php7/sapi/.../CREDITS files
-+
-+ if you want to change an entry you have to edit the appropriate
-  CREDITS file instead
- 
- */
-@@ -28,7 +28,7 @@ CREDIT_LINE("FTP", "Stefan Esser, Andrew Skalski");
- CREDIT_LINE("GD imaging", "Rasmus Lerdorf, Stig Bakken, Jim Winstead, Jouni Ahto, Ilia Alshanetsky, Pierre-Alain Joye, Marcus Boerger");
- CREDIT_LINE("GetText", "Alex Plotnick");
- CREDIT_LINE("GNU GMP support", "Stanislav Malyshev");
--CREDIT_LINE("Iconv", "Rui Hirokawa, Stig Bakken, Moriyoshi Koizumi ");
-+CREDIT_LINE("Iconv", "Rui Hirokawa, Stig Bakken, Moriyoshi Koizumi");
- CREDIT_LINE("IMAP", "Rex Logan, Mark Musone, Brian Wang, Kaj-Michael Lang, Antoni Pamies Olive, Rasmus Lerdorf, Andrew Skalski, Chuck Hagenbuch, Daniel R Kalowsky");
- CREDIT_LINE("Input Filter", "Rasmus Lerdorf, Derick Rethans, Pierre-Alain Joye, Ilia Alshanetsky");
- CREDIT_LINE("InterBase", "Jouni Ahto, Andrew Avdeev, Ard Biesheuvel");
-diff --git a/ext/standard/credits_sapi.h b/ext/standard/credits_sapi.h
-index f677344a54a6..471724f70f85 100644
---- a/ext/standard/credits_sapi.h
-+++ b/ext/standard/credits_sapi.h
-@@ -1,11 +1,11 @@
--/* 
-+/*
-                       DO NOT EDIT THIS FILE!
- 
-- it has been automaticaly created by php7/scripts/credits from  
-+ it has been automaticaly created by php7/scripts/credits from
-  the information found in the various php7/ext/.../CREDITS and
-- php7/sapi/.../CREDITS files 
-- 
-- if you want to change an entry you have to edit the appropriate 
-+ php7/sapi/.../CREDITS files
-+
-+ if you want to change an entry you have to edit the appropriate
-  CREDITS file instead
- 
- */
-
-From 1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 18 Mar 2020 10:26:53 +0100
-Subject: [PATCH 4/5] Fix #78875: Long filenames cause OOM and temp files are
- not cleaned
-
-We must not cast `size_t` to `int` (unless the `size_t` value is
-guaranteed to be less than or equal to `INT_MAX`).  In this case we can
-declare `array_len` as `size_t` in the first place.
----
- main/rfc1867.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/main/rfc1867.c b/main/rfc1867.c
-index bd01b34cf070..783eab4175d5 100644
---- a/main/rfc1867.c
-+++ b/main/rfc1867.c
-@@ -692,7 +692,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 	char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL;
- 	char *lbuf = NULL, *abuf = NULL;
- 	zend_string *temp_filename = NULL;
--	int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0;
-+	int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0;
-+	size_t array_len = 0;
- 	int64_t total_bytes = 0, max_file_size = 0;
- 	int skip_upload = 0, anonindex = 0, is_anonymous;
- 	HashTable *uploaded_files = NULL;
-@@ -1126,7 +1127,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 			is_arr_upload =	(start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']');
- 
- 			if (is_arr_upload) {
--				array_len = (int)strlen(start_arr);
-+				array_len = strlen(start_arr);
- 				if (array_index) {
- 					efree(array_index);
- 				}
-
-From 3c8582ca4b8e84e5647220b647914876d2c3b124 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 18 Mar 2020 10:57:42 +0100
-Subject: [PATCH 5/5] Fix #78876: Long variables cause OOM and temp files are
- not cleaned
-
-We use the proper type for size calculations, which is `size_t`.
----
- main/rfc1867.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/main/rfc1867.c b/main/rfc1867.c
-index 783eab4175d5..27718e72a4f9 100644
---- a/main/rfc1867.c
-+++ b/main/rfc1867.c
-@@ -616,7 +616,7 @@ static void *php_ap_memstr(char *haystack, int haystacklen, char *needle, int ne
- }
- 
- /* read until a boundary condition */
--static int multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes, int *end)
-+static size_t multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes, int *end)
- {
- 	size_t len, max;
- 	char *bound;
-@@ -655,7 +655,7 @@ static int multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes
- 		self->buf_begin += len;
- 	}
- 
--	return (int)len;
-+	return len;
- }
- 
- /*
-@@ -665,7 +665,7 @@ static int multipart_buffer_read(multipart_buffer *self, char *buf, size_t bytes
- static char *multipart_buffer_read_body(multipart_buffer *self, size_t *len)
- {
- 	char buf[FILLUNIT], *out=NULL;
--	int total_bytes=0, read_bytes=0;
-+	size_t total_bytes=0, read_bytes=0;
- 
- 	while((read_bytes = multipart_buffer_read(self, buf, sizeof(buf), NULL))) {
- 		out = erealloc(out, total_bytes + read_bytes + 1);
diff --git a/php.spec b/php.spec
index fd9ea45..a056e8c 100644
--- a/php.spec
+++ b/php.spec
@@ -28,7 +28,7 @@
 
 Name:          php
 Version:       %{upver}%{?rcver:~%{rcver}}
-Release:       5
+Release:       4
 Summary:       PHP scripting language for creating dynamic web sites
 License:       PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
 URL:           http://www.php.net/
@@ -91,7 +91,6 @@ Patch6020:     CVE-2018-19518.patch
 Patch6021:     CVE-2019-6977.patch
 Patch6022:     CVE-2020-7064.patch
 Patch6023:     CVE-2020-7066.patch
-Patch6024:     CVE-2019-11048.patch
 
 BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
 BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
@@ -1152,12 +1151,6 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
-* Mon Jul 20 2020 wangyue <wangyue92@huawei.com> - 7.2.10-5
-- Type:cves
-- ID:CVE-2019-11048
-- SUG:restart
-- DESC:fix CVE-2019-11048
-
 * Fri Apr 24 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.2.10-4
 - Type:cves
 - ID:CVE-2020-7064 CVE-2020-7066
-- 
Gitee