From cf0907c75096dad666f85f3667342af026420679 Mon Sep 17 00:00:00 2001
From: kang_xiao_qiang <kangshaoqiang1@huawei.com>
Date: Mon, 21 Sep 2020 15:13:15 +0800
Subject: [PATCH] fix cve

---
 CVE-2020-7068.patch | 26 ++++++++++++++++++++++++++
 php.spec            |  6 +++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2020-7068.patch

diff --git a/CVE-2020-7068.patch b/CVE-2020-7068.patch
new file mode 100644
index 0000000..3726e1e
--- /dev/null
+++ b/CVE-2020-7068.patch
@@ -0,0 +1,26 @@
+From 7355ab81763a3d6a04ac11660e6a16d58838d187 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker"<cmbecker69@gmx.de>
+Date: Tue, 14 Jul 2020 17:04:24 +0200
+Subject: [PATCH] Fix #79797: Use of freed hash key in the
+phar_parse_zipfile funtion
+
+---
+ ext/phar/zip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ext/phar/zip.c b/ext/phar/zip.c
+index d615e8ad..50c5d69e 100644
+--- a/ext/phar/zip.c
++++ b/ext/phar/zip.c
+@@ -703,7 +703,7 @@ foundit:
+ 			efree(actual_alias);
+ 		}
+ 
+-		zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata);
++		zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), mydata->alias, mydata->alias_len, mydata);
+ 	} else {
+ 		phar_archive_data *fd_ptr;
+ 
+-- 
+2.23.0
+
diff --git a/php.spec b/php.spec
index 097c9c2..32e36dc 100644
--- a/php.spec
+++ b/php.spec
@@ -28,7 +28,7 @@
 
 Name:          php
 Version:       %{upver}%{?rcver:~%{rcver}}
-Release:       6
+Release:       7
 Summary:       PHP scripting language for creating dynamic web sites
 License:       PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
 URL:           http://www.php.net/
@@ -92,6 +92,7 @@ Patch6021:     CVE-2019-6977.patch
 Patch6022:     CVE-2020-7064.patch
 Patch6023:     CVE-2020-7066.patch
 Patch6024:     CVE-2019-11048.patch
+Patch6025:     CVE-2020-7068.patch
 
 BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
 BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
@@ -1152,6 +1153,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Mon Sep 21 2020 shaoqiang kang <kangshqoaing1@huawei.com> - 7.2.10-7
+- Fix CVE-2020-7068
+
 * Tue Jul 21 2020 wangyue <wangyue92@huawei.com> - 7.2.10-6
 - Type:cves
 - ID:CVE-2019-11048
-- 
Gitee