diff --git a/20-ffi.ini b/20-ffi.ini new file mode 100644 index 0000000000000000000000000000000000000000..0bce40d5d767b37a5288a2f4a563ededbe9ba3a8 --- /dev/null +++ b/20-ffi.ini @@ -0,0 +1,13 @@ +; Enable ffi extension module +extension=ffi + +; FFI API restriction. Possibe values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +; /usr/share/php/preload used by for RPM packages +; /usr/local/share/php/preload may be used for local files +ffi.preload=/usr/share/php/preload/*.h:/usr/local/share/php/preload/*.h diff --git a/CVE-2018-19518.patch b/CVE-2018-19518.patch deleted file mode 100644 index 1737830bf07bde2c2d0ea290992eaf3dc4be78aa..0000000000000000000000000000000000000000 --- a/CVE-2018-19518.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 336d2086a9189006909ae06c7e95902d7d5ff77e Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sun, 18 Nov 2018 17:10:43 -0800 -Subject: [PATCH] Disable rsh/ssh functionality in imap by default (bug #77153) - ---- - NEWS | 4 ++++ - UPGRADING | 7 +++++++ - ext/imap/php_imap.c | 17 +++++++++++++++++ - ext/imap/php_imap.h | 1 + - ext/imap/tests/bug77153.phpt | 24 ++++++++++++++++++++++++ - 5 files changed, 53 insertions(+) - create mode 100644 ext/imap/tests/bug77153.phpt - -index ec2d8f46ed..52968a3857 100644 - -diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c -index e1adcf2264..42e7d8611c 100644 ---- a/ext/imap/php_imap.c -+++ b/ext/imap/php_imap.c -@@ -562,6 +562,15 @@ static const zend_module_dep imap_deps[] = { - }; - /* }}} */ - -+ -+/* {{{ PHP_INI -+ */ -+PHP_INI_BEGIN() -+STD_PHP_INI_BOOLEAN("imap.enable_insecure_rsh", "0", PHP_INI_SYSTEM, OnUpdateBool, enable_rsh, zend_imap_globals, imap_globals) -+PHP_INI_END() -+/* }}} */ -+ -+ - /* {{{ imap_module_entry - */ - zend_module_entry imap_module_entry = { -@@ -832,6 +841,8 @@ PHP_MINIT_FUNCTION(imap) - { - unsigned long sa_all = SA_MESSAGES | SA_RECENT | SA_UNSEEN | SA_UIDNEXT | SA_UIDVALIDITY; - -+ REGISTER_INI_ENTRIES(); -+ - #ifndef PHP_WIN32 - mail_link(&unixdriver); /* link in the unix driver */ - mail_link(&mhdriver); /* link in the mh driver */ -@@ -1049,6 +1060,12 @@ PHP_MINIT_FUNCTION(imap) - GC_TEXTS texts - */ - -+ if (!IMAPG(enable_rsh)) { -+ /* disable SSH and RSH, see https://bugs.php.net/bug.php?id=77153 */ -+ mail_parameters (NIL, SET_RSHTIMEOUT, 0); -+ mail_parameters (NIL, SET_SSHTIMEOUT, 0); -+ } -+ - le_imap = zend_register_list_destructors_ex(mail_close_it, NULL, "imap", module_number); - return SUCCESS; - } -diff --git a/ext/imap/php_imap.h b/ext/imap/php_imap.h -index 7691d1fdd7..556163ed2d 100644 ---- a/ext/imap/php_imap.h -+++ b/ext/imap/php_imap.h -@@ -231,6 +231,7 @@ ZEND_BEGIN_MODULE_GLOBALS(imap) - #endif - /* php_stream for php_mail_gets() */ - php_stream *gets_stream; -+ zend_bool enable_rsh; - ZEND_END_MODULE_GLOBALS(imap) - - #ifdef ZTS -diff --git a/ext/imap/tests/bug77153.phpt b/ext/imap/tests/bug77153.phpt -new file mode 100644 -index 0000000000..63590aee1d ---- /dev/null -+++ b/ext/imap/tests/bug77153.phpt -@@ -0,0 +1,24 @@ -+--TEST-- -+Bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter) -+--SKIPIF-- -+ -+--FILE-- -+ " . __DIR__ . '/__bug'; -+$payloadb64 = base64_encode($payload); -+$server = "x -oProxyCommand=echo\t$payloadb64|base64\t-d|sh}"; -+@imap_open('{'.$server.':143/imap}INBOX', '', ''); -+// clean -+imap_errors(); -+var_dump(file_exists(__DIR__ . '/__bug')); -+?> -+--EXPECT-- -+bool(false) -+--CLEAN-- -+ -\ No newline at end of file --- -2.11.0 diff --git a/CVE-2018-19935.patch b/CVE-2018-19935.patch deleted file mode 100644 index 14d72fcbfa4c62a075eeda25467ab5347a40f323..0000000000000000000000000000000000000000 --- a/CVE-2018-19935.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 3329e30a0c631753980757045ddfcc7b356a34a2 Mon Sep 17 00:00:00 2001 -Date: Wed, 4 Dec 2019 17:50:56 +0800 -Subject: Fix #77020: null pointer dereference in imap_mail - -If an empty $message is passed to imap_mail(), we must not set message -to NULL, since _php_imap_mail() is not supposed to handle NULL pointers -(opposed to pointers to NUL). - ---- - ext/imap/php_imap.c | 1 - - ext/imap/tests/bug77020.phpt | 15 +++++++++++++++ - 2 files changed, 15 insertions(+), 1 deletion(-) - create mode 100644 php-7.2.10/ext/imap/tests/bug77020.phpt - -diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c -index e1adcf22..56126a0c 100644 ---- a/ext/imap/php_imap.c -+++ b/ext/imap/php_imap.c -@@ -4106,7 +4106,6 @@ PHP_FUNCTION(imap_mail) - if (!ZSTR_LEN(message)) { - /* this is not really an error, so it is allowed. */ - php_error_docref(NULL, E_WARNING, "No message string in mail command"); -- message = NULL; - } - - if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL, -diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt -new file mode 100644 -index 00000000..76386a09 ---- /dev/null -+++ b/ext/imap/tests/bug77020.phpt -@@ -0,0 +1,15 @@ -+ --TEST-- -+Bug #77020 (null pointer dereference in imap_mail) -+--SKIPIF-- -+ -+--FILE-- -+ -+===DONE=== -+--EXPECTF-- -+Warning: imap_mail(): No message string in mail command in %s on line %d -+%s -+===DONE=== --- -2.19.1 - diff --git a/CVE-2019-11034.patch b/CVE-2019-11034.patch deleted file mode 100644 index 8bf5c9dea0bb647e8c36074e1ab1167911fc0852..0000000000000000000000000000000000000000 --- a/CVE-2019-11034.patch +++ /dev/null @@ -1,55 +0,0 @@ -From f3aefc6d071b807ddacae0a0bc49f09c38e18490 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sun, 17 Mar 2019 22:54:46 -0700 -Subject: [PATCH] Fix bug #77753 - Heap-buffer-overflow in php_ifd_get32s - ---- - ext/exif/exif.c | 4 ++++ - ext/exif/tests/bug77753.phpt | 16 ++++++++++++++++ - ext/exif/tests/bug77753.tiff | Bin 0 -> 873 bytes - 3 files changed, 20 insertions(+) - create mode 100644 ext/exif/tests/bug77753.phpt - create mode 100644 ext/exif/tests/bug77753.tiff - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index fe89b85..0b5bb5a 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -2802,6 +2802,10 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu - exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 2 + 0x%04X*12 = 0x%04X > 0x%04X", NumDirEntries, 2+NumDirEntries*12, value_len); - return FALSE; - } -+ if ((dir_start - value_ptr) > value_len - (2+NumDirEntries*12)) { -+ exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Illegal IFD size: 0x%04X > 0x%04X", (dir_start - value_ptr) + (2+NumDirEntries*12), value_len); -+ return FALSE; -+ } - - for (de=0;de -+--FILE-- -+ -+DONE -+--EXPECTF-- -+%A -+Warning: exif_read_data(bug77753.tiff): Illegal IFD size: 0x006A > 0x0065 in %sbug77753.php on line %d -+ -+Warning: exif_read_data(bug77753.tiff): Invalid TIFF file in %sbug77753.php on line %d -+bool(false) -+DONE -\ No newline at end of file - --- -2.1.4 - diff --git a/CVE-2019-11035.patch b/CVE-2019-11035.patch deleted file mode 100644 index cdd334f0f67ba414239f4fc901d2d9125967019f..0000000000000000000000000000000000000000 --- a/CVE-2019-11035.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 887a7b571407f7a49a5e7cf1e612d21ef83fedb4 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Tue, 2 Apr 2019 00:12:26 -0700 -Subject: [PATCH] Fixed bug #77831 - Heap-buffer-overflow in exif_iif_add_value - in EXIF - ---- - NEWS | 1 + - ext/exif/exif.c | 43 ++++++++++++++++++++++++++++--------------- - ext/exif/tests/bug77831.phpt | 13 +++++++++++++ - ext/exif/tests/bug77831.tiff | Bin 0 -> 49 bytes - 4 files changed, 42 insertions(+), 15 deletions(-) - create mode 100644 ext/exif/tests/bug77831.phpt - create mode 100644 ext/exif/tests/bug77831.tiff - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index 0b5bb5a..408bf03 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -1654,10 +1654,10 @@ static int exif_file_sections_free(image_info_type *ImageInfo) - /* {{{ exif_iif_add_value - Add a value to image_info - */ --static void exif_iif_add_value(image_info_type *image_info, int section_index, char *name, int tag, int format, int length, void* value, int motorola_intel) -+static void exif_iif_add_value(image_info_type *image_info, int section_index, char *name, int tag, int format, int length, void* value, size_t value_len, int motorola_intel) - { - size_t idex; -- void *vptr; -+ void *vptr, *vptr_end; - image_info_value *info_value; - image_info_data *info_data; - image_info_data *list; -@@ -1679,8 +1679,12 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c - - switch (format) { - case TAG_FMT_STRING: -+ if (length > value_len) { -+ exif_error_docref("exif_iif_add_value" EXIFERR_CC, image_info, E_WARNING, "length > value_len: %d > %zu", length, value_len); -+ value = NULL; -+ } - if (value) { -- length = php_strnlen(value, length); -+ length = (int)php_strnlen(value, length); - info_value->s = estrndup(value, length); - info_data->length = length; - } else { -@@ -1702,6 +1706,10 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c - if (!length) - break; - case TAG_FMT_UNDEFINED: -+ if (length > value_len) { -+ exif_error_docref("exif_iif_add_value" EXIFERR_CC, image_info, E_WARNING, "length > value_len: %d > %zu", length, value_len); -+ value = NULL; -+ } - if (value) { - if (tag == TAG_MAKER_NOTE) { - length = (int) php_strnlen(value, length); -@@ -1732,7 +1740,12 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c - } else { - info_value = &info_data->value; - } -+ vptr_end = value+value_len; - for (idex=0,vptr=value; idex<(size_t)length; idex++,vptr=(char *) vptr + php_tiff_bytes_per_format[format]) { -+ if (vptr_end - vptr < php_tiff_bytes_per_format[format]) { -+ exif_error_docref("exif_iif_add_value" EXIFERR_CC, image_info, E_WARNING, "Value too short"); -+ break; -+ } - if (length>1) { - info_value = &info_data->value.list[idex]; - } -@@ -1768,7 +1781,7 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c - php_error_docref(NULL, E_WARNING, "Found value of type single"); - #endif - info_value->f = *(float *)value; -- -+ break; - case TAG_FMT_DOUBLE: - #ifdef EXIF_DEBUG - php_error_docref(NULL, E_WARNING, "Found value of type double"); -@@ -1786,9 +1799,9 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c - /* {{{ exif_iif_add_tag - Add a tag from IFD to image_info - */ --static void exif_iif_add_tag(image_info_type *image_info, int section_index, char *name, int tag, int format, size_t length, void* value) -+static void exif_iif_add_tag(image_info_type *image_info, int section_index, char *name, int tag, int format, size_t length, void* value, size_t value_len) - { -- exif_iif_add_value(image_info, section_index, name, tag, format, (int)length, value, image_info->motorola_intel); -+ exif_iif_add_value(image_info, section_index, name, tag, format, (int)length, value, value_len, image_info->motorola_intel); - } - /* }}} */ - -@@ -2209,7 +2222,7 @@ static void add_assoc_image_info(zval *value, int sub_array, image_info_type *im - */ - static void exif_process_COM (image_info_type *image_info, char *value, size_t length) - { -- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length-2, value+2); -+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length-2, value+2, length-2); - } - /* }}} */ - -@@ -2224,17 +2237,17 @@ static void exif_process_CME (image_info_type *image_info, char *value, size_t l - if (length>3) { - switch(value[2]) { - case 0: -- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, length, value); -+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, length, value), length; - break; - case 1: -- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length, value); -+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_STRING, length, value, length); - break; - default: - php_error_docref(NULL, E_NOTICE, "Undefined JPEG2000 comment encoding"); - break; - } - } else { -- exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, 0, NULL); -+ exif_iif_add_tag(image_info, SECTION_COMMENT, "Comment", TAG_COMPUTED_VALUE, TAG_FMT_UNDEFINED, 0, NULL, 0); - php_error_docref(NULL, E_NOTICE, "JPEG2000 comment section too small"); - } - } -@@ -2827,7 +2840,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu - static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, char *offset_base, size_t IFDlength, size_t displacement, int section_index, int ReadNextIFD, tag_table_type tag_table) - { - size_t length; -- int tag, format, components; -+ unsigned int tag, format, components; - char *value_ptr, tagname[64], cbuf[32], *outside=NULL; - size_t byte_count, offset_val, fpos, fgot; - int64_t byte_count_signed; -@@ -3138,7 +3151,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha - } - } - } -- exif_iif_add_tag(ImageInfo, section_index, exif_get_tagname(tag, tagname, sizeof(tagname), tag_table), tag, format, components, value_ptr); -+ exif_iif_add_tag(ImageInfo, section_index, exif_get_tagname(tag, tagname, sizeof(tagname), tag_table), tag, format, components, value_ptr, byte_count); - EFREE_IF(outside); - return TRUE; - } -@@ -3296,10 +3309,10 @@ static void exif_process_APP12(image_info_type *ImageInfo, char *buffer, size_t - size_t l1, l2=0; - - if ((l1 = php_strnlen(buffer+2, length-2)) > 0) { -- exif_iif_add_tag(ImageInfo, SECTION_APP12, "Company", TAG_NONE, TAG_FMT_STRING, l1, buffer+2); -+ exif_iif_add_tag(ImageInfo, SECTION_APP12, "Company", TAG_NONE, TAG_FMT_STRING, l1, buffer+2, l1); - if (length > 2+l1+1) { - l2 = php_strnlen(buffer+2+l1+1, length-2-l1-1); -- exif_iif_add_tag(ImageInfo, SECTION_APP12, "Info", TAG_NONE, TAG_FMT_STRING, l2, buffer+2+l1+1); -+ exif_iif_add_tag(ImageInfo, SECTION_APP12, "Info", TAG_NONE, TAG_FMT_STRING, l2, buffer+2+l1+1, l2); - } - } - #ifdef EXIF_DEBUG -@@ -4100,7 +4113,7 @@ PHP_FUNCTION(exif_read_data) - if (ImageInfo.Thumbnail.size) { - if (read_thumbnail) { - /* not exif_iif_add_str : this is a buffer */ -- exif_iif_add_tag(&ImageInfo, SECTION_THUMBNAIL, "THUMBNAIL", TAG_NONE, TAG_FMT_UNDEFINED, ImageInfo.Thumbnail.size, ImageInfo.Thumbnail.data); -+ exif_iif_add_tag(&ImageInfo, SECTION_THUMBNAIL, "THUMBNAIL", TAG_NONE, TAG_FMT_UNDEFINED, ImageInfo.Thumbnail.size, ImageInfo.Thumbnail.data, ImageInfo.Thumbnail.size); - } - if (!ImageInfo.Thumbnail.width || !ImageInfo.Thumbnail.height) { - /* try to evaluate if thumbnail data is present */ -diff --git a/ext/exif/tests/bug77831.phpt b/ext/exif/tests/bug77831.phpt -new file mode 100644 -index 0000000..d868d47 ---- /dev/null -+++ b/ext/exif/tests/bug77831.phpt -@@ -0,0 +1,13 @@ -+--TEST-- -+Bug #77831 (Heap-buffer-overflow in exif_iif_add_value in EXIF) -+--SKIPIF-- -+ -+--FILE-- -+ -+DONE -+--EXPECTF-- -+%A -+bool(false) -+DONE -\ No newline at end of file - --- -2.1.4 - diff --git a/CVE-2019-11036.patch b/CVE-2019-11036.patch deleted file mode 100644 index 34861d738e688ce6957d1d62cea673e90a810740..0000000000000000000000000000000000000000 --- a/CVE-2019-11036.patch +++ /dev/null @@ -1,27 +0,0 @@ -From f80ad18afae2230c2c1802c7d829100af646874e Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 29 Apr 2019 23:38:12 -0700 -Subject: [PATCH] Fix bug #77950 - Heap-buffer-overflow in _estrndup via - exif_process_IFD_TAG - -I do not completely understand what is going on there, but I am pretty -sure dir_entry <= offset_base if not a normal situation, so we better not -to rely on such dir_entry. ---- - ext/exif/exif.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index a763f6c..d174def 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -2891,7 +2891,7 @@ static int exif_process_IFD_TAG(image_info_type *ImageInfo, char *dir_entry, cha - offset_base is ImageInfo->file.list[sn].data-dir_offset - dir_entry - offset_base is dir_offset+2+i*12 - */ -- if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry || offset_val < (size_t)(dir_entry-offset_base)) { -+ if (byte_count > IFDlength || offset_val > IFDlength-byte_count || value_ptr < dir_entry || offset_val < (size_t)(dir_entry-offset_base) || dir_entry <= offset_base) { - /* It is important to check for IMAGE_FILETYPE_TIFF - * JPEG does not use absolute pointers instead its pointers are - * relative to the start of the TIFF header in APP1 section. */ - diff --git a/CVE-2019-11041.patch b/CVE-2019-11041.patch deleted file mode 100644 index 4158d7b5d970c2d3ae22a859297df8a74a965c32..0000000000000000000000000000000000000000 --- a/CVE-2019-11041.patch +++ /dev/null @@ -1,45 +0,0 @@ -From dea2989ab8ba87a6180af497b2efaf0527e985c5 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sun, 7 Jul 2019 17:01:01 -0700 -Subject: [PATCH] Fix bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) - ---- - ext/exif/exif.c | 2 +- - ext/exif/tests/bug78222.phpt | 11 +++++++++++ - 2 files changed, 12 insertions(+), 1 deletion(-) - create mode 100644 ext/exif/tests/bug78222.phpt - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index 605b37923f..cd7975a9f5 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3498,7 +3498,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo) - size_t length=2, pos=0; - jpeg_sof_info sof_info; - -- if (!data) { -+ if (!data || ImageInfo->Thumbnail.size < 4) { - return FALSE; /* nothing to do here */ - } - if (memcmp(data, "\xFF\xD8\xFF", 3)) { -diff --git a/ext/exif/tests/bug78222.phpt b/ext/exif/tests/bug78222.phpt -new file mode 100644 -index 0000000000..0e4ead33e4 ---- /dev/null -+++ b/ext/exif/tests/bug78222.phpt -@@ -0,0 +1,11 @@ -+--TEST-- -+Bug #78222 (heap-buffer-overflow on exif_scan_thumbnail) -+--SKIPIF-- -+ -+--FILE-- -+ -+DONE -+--EXPECTF-- -+DONE -\ No newline at end of file --- -2.21.0 - diff --git a/CVE-2019-11042.patch b/CVE-2019-11042.patch deleted file mode 100644 index 3d217e535ce589e2c77d3109e7032bdb1deaa5ac..0000000000000000000000000000000000000000 --- a/CVE-2019-11042.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 99b7ef940e04cd273d03c5fa93bf182db2d7ce8d Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sun, 7 Jul 2019 17:39:59 -0700 -Subject: [PATCH] Fix bug #78256 (heap-buffer-overflow on - exif_process_user_comment) - ---- - ext/exif/exif.c | 4 ++-- - ext/exif/tests/bug78256.phpt | 11 +++++++++++ - 2 files changed, 13 insertions(+), 2 deletions(-) - create mode 100644 ext/exif/tests/bug78256.phpt - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index 77a11300..a80f2c2a 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3040,11 +3040,11 @@ static int exif_process_user_comment(image_info_type *ImageInfo, char **pszInfoP - /* First try to detect BOM: ZERO WIDTH NOBREAK SPACE (FEFF 16) - * since we have no encoding support for the BOM yet we skip that. - */ -- if (!memcmp(szValuePtr, "\xFE\xFF", 2)) { -+ if (ByteCount >=2 && !memcmp(szValuePtr, "\xFE\xFF", 2)) { - decode = "UCS-2BE"; - szValuePtr = szValuePtr+2; - ByteCount -= 2; -- } else if (!memcmp(szValuePtr, "\xFF\xFE", 2)) { -+ } else if (ByteCount >=2 && !memcmp(szValuePtr, "\xFF\xFE", 2)) { - decode = "UCS-2LE"; - szValuePtr = szValuePtr+2; - ByteCount -= 2; -diff --git a/ext/exif/tests/bug78256.phpt b/ext/exif/tests/bug78256.phpt -new file mode 100644 -index 00000000..37a3f1d8 ---- /dev/null -+++ b/ext/exif/tests/bug78256.phpt -@@ -0,0 +1,11 @@ -+--TEST-- -+Bug #78256 (heap-buffer-overflow on exif_process_user_comment) -+--SKIPIF-- -+ -+--FILE-- -+ -+DONE -+--EXPECTF-- -+DONE -\ No newline at end of file --- -2.21.0 - diff --git a/CVE-2019-11043.patch b/CVE-2019-11043.patch deleted file mode 100644 index 89e3b10b27c6f7d1f80bc106c7228dc958928697..0000000000000000000000000000000000000000 --- a/CVE-2019-11043.patch +++ /dev/null @@ -1,131 +0,0 @@ -From ab061f95ca966731b1c84cf5b7b20155c0a1c06a Mon Sep 17 00:00:00 2001 -From: Jakub Zelenka -Date: Sat, 12 Oct 2019 15:56:16 +0100 -Subject: [PATCH] Fix bug #78599 (env_path_info underflow can lead to RCE) - (CVE-2019-11043) - ---- - sapi/fpm/fpm/fpm_main.c | 4 +- - .../tests/bug78599-path-info-underflow.phpt | 61 +++++++++++++++++++ - sapi/fpm/tests/tester.inc | 11 +++- - 3 files changed, 72 insertions(+), 4 deletions(-) - create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt - -diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c -index 24a7e5d56ac6..50f92981f1fb 100644 ---- a/sapi/fpm/fpm/fpm_main.c -+++ b/sapi/fpm/fpm/fpm_main.c -@@ -1209,8 +1209,8 @@ static void init_request_info(void) - path_info = script_path_translated + ptlen; - tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0)); - } else { -- path_info = env_path_info ? env_path_info + pilen - slen : NULL; -- tflag = (orig_path_info != path_info); -+ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL; -+ tflag = path_info && (orig_path_info != path_info); - } - - if (tflag) { -diff --git a/sapi/fpm/tests/bug78599-path-info-underflow.phpt b/sapi/fpm/tests/bug78599-path-info-underflow.phpt -new file mode 100644 -index 000000000000..edd4e0d49699 ---- /dev/null -+++ b/sapi/fpm/tests/bug78599-path-info-underflow.phpt -@@ -0,0 +1,61 @@ -+--TEST-- -+FPM: bug78599 - env_path_info underflow - CVE-2019-11043 -+--SKIPIF-- -+ -+--FILE-- -+start(); -+$tester->expectLogStartNotices(); -+$uri = $tester->makeSourceFile(); -+$tester -+ ->request( -+ '', -+ [ -+ 'SCRIPT_FILENAME' => $uri . "/" . str_repeat('A', 35), -+ 'PATH_INFO' => '', -+ 'HTTP_HUI' => str_repeat('PTEST', 1000), -+ ], -+ $uri -+ ) -+ ->expectBody( -+ [ -+ 'Test Start', -+ 'string(0) ""', -+ 'Test End' -+ ] -+ ); -+$tester->terminate(); -+$tester->close(); -+ -+?> -+Done -+--EXPECT-- -+Done -+--CLEAN-- -+ -diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc -index 70c03ad70f1c..3b6702866cc1 100644 ---- a/sapi/fpm/tests/tester.inc -+++ b/sapi/fpm/tests/tester.inc -@@ -513,7 +513,7 @@ class Tester - return new Response(null, true); - } - if (is_null($uri)) { -- $uri = $this->makeFile('src.php', $this->code); -+ $uri = $this->makeSourceFile(); - } - - $params = array_merge( -@@ -538,7 +538,6 @@ class Tester - ], - $headers - ); -- - try { - $this->response = new Response( - $this->getClient($address, $connKeepAlive)->request_data($params, false) -@@ -944,6 +943,14 @@ class Tester - return $filePath; - } - -+ /** -+ * @return string -+ */ -+ public function makeSourceFile() -+ { -+ return $this->makeFile('src.php', $this->code); -+ } -+ - /** - * @param string|null $msg - */ diff --git a/CVE-2019-11045.patch b/CVE-2019-11045.patch deleted file mode 100644 index f86e68c63ca8d2aa90e7a52df239b499d2d35236..0000000000000000000000000000000000000000 --- a/CVE-2019-11045.patch +++ /dev/null @@ -1,72 +0,0 @@ -From a5a15965da23c8e97657278fc8dfbf1dfb20c016 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Mon, 25 Nov 2019 16:56:34 +0100 -Subject: [PATCH] Fix #78863: DirectoryIterator class silently truncates after - a null byte - -Since the constructor of DirectoryIterator and friends is supposed to -accepts paths (i.e. strings without NUL bytes), we must not accept -arbitrary strings. ---- - ext/spl/spl_directory.c | 4 ++-- - ext/spl/tests/bug78863.phpt | 31 +++++++++++++++++++++++++++++++ - 2 files changed, 33 insertions(+), 2 deletions(-) - create mode 100644 ext/spl/tests/bug78863.phpt - -diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c -index 91ea2e0265..56e809b1c7 100644 ---- a/ext/spl/spl_directory.c -+++ b/ext/spl/spl_directory.c -@@ -701,10 +701,10 @@ void spl_filesystem_object_construct(INTERNAL_FUNCTION_PARAMETERS, zend_long cto - - if (SPL_HAS_FLAG(ctor_flags, DIT_CTOR_FLAGS)) { - flags = SPL_FILE_DIR_KEY_AS_PATHNAME|SPL_FILE_DIR_CURRENT_AS_FILEINFO; -- parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &path, &len, &flags); -+ parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p|l", &path, &len, &flags); - } else { - flags = SPL_FILE_DIR_KEY_AS_PATHNAME|SPL_FILE_DIR_CURRENT_AS_SELF; -- parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s", &path, &len); -+ parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p", &path, &len); - } - if (SPL_HAS_FLAG(ctor_flags, SPL_FILE_DIR_SKIPDOTS)) { - flags |= SPL_FILE_DIR_SKIPDOTS; -diff --git a/ext/spl/tests/bug78863.phpt b/ext/spl/tests/bug78863.phpt -new file mode 100644 -index 0000000000..dc88d98dee ---- /dev/null -+++ b/ext/spl/tests/bug78863.phpt -@@ -0,0 +1,31 @@ -+--TEST-- -+Bug #78863 (DirectoryIterator class silently truncates after a null byte) -+--FILE-- -+isDot()) { -+ var_dump($fileinfo->getFilename()); -+ } -+} -+?> -+--EXPECTF-- -+Fatal error: Uncaught UnexpectedValueException: DirectoryIterator::__construct() expects parameter 1 to be a valid path, string given in %s:%d -+Stack trace: -+#0 %s(%d): DirectoryIterator->__construct('%s') -+#1 {main} -+ thrown in %s on line %d -+--CLEAN-- -+ --- -2.19.1 - diff --git a/CVE-2019-11046.patch b/CVE-2019-11046.patch deleted file mode 100644 index b7963df7117c88bd7a5cb17c5609750bae4ab9af..0000000000000000000000000000000000000000 --- a/CVE-2019-11046.patch +++ /dev/null @@ -1,51 +0,0 @@ -From eb23c6008753b1cdc5359dead3a096dce46c9018 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Sat, 30 Nov 2019 12:26:37 +0100 -Subject: [PATCH] Fix #78878: Buffer underflow in bc_shift_addsub - -We must not rely on `isdigit()` to detect digits, since we only support -decimal ASCII digits in the following processing. ---- - ext/bcmath/libbcmath/src/str2num.c | 4 ++-- - ext/bcmath/tests/bug78878.phpt | 13 +++++++++++++ - 2 files changed, 15 insertions(+), 2 deletions(-) - create mode 100644 ext/bcmath/tests/bug78878.phpt - -diff --git a/ext/bcmath/libbcmath/src/str2num.c b/ext/bcmath/libbcmath/src/str2num.c -index f38d341570..03aec15930 100644 ---- a/ext/bcmath/libbcmath/src/str2num.c -+++ b/ext/bcmath/libbcmath/src/str2num.c -@@ -57,9 +57,9 @@ bc_str2num (bc_num *num, char *str, int scale) - zero_int = FALSE; - if ( (*ptr == '+') || (*ptr == '-')) ptr++; /* Sign */ - while (*ptr == '0') ptr++; /* Skip leading zeros. */ -- while (isdigit((int)*ptr)) ptr++, digits++; /* digits */ -+ while (*ptr >= '0' && *ptr <= '9') ptr++, digits++; /* digits */ - if (*ptr == '.') ptr++; /* decimal point */ -- while (isdigit((int)*ptr)) ptr++, strscale++; /* digits */ -+ while (*ptr >= '0' && *ptr <= '9') ptr++, strscale++; /* digits */ - if ((*ptr != '\0') || (digits+strscale == 0)) - { - *num = bc_copy_num (BCG(_zero_)); -diff --git a/ext/bcmath/tests/bug78878.phpt b/ext/bcmath/tests/bug78878.phpt -new file mode 100644 -index 0000000000..2c9d72b946 ---- /dev/null -+++ b/ext/bcmath/tests/bug78878.phpt -@@ -0,0 +1,13 @@ -+--TEST-- -+Bug #78878 (Buffer underflow in bc_shift_addsub) -+--SKIPIF-- -+ -+--FILE-- -+ -+--EXPECT-- -+bc math warning: non-zero scale in modulus -+0 --- -2.19.1 - diff --git a/CVE-2019-11047.patch b/CVE-2019-11047.patch deleted file mode 100644 index 3c52d1bf11b08e215852c6f70028c3e03af55684..0000000000000000000000000000000000000000 --- a/CVE-2019-11047.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d348cfb96f2543565691010ade5e0346338be5a7 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 16 Dec 2019 00:10:39 -0800 -Subject: [PATCH] Fixed bug #78910 - ---- - ext/exif/exif.c | 3 ++- - ext/exif/tests/bug78910.phpt | 17 +++++++++++++++++ - 2 files changed, 19 insertions(+), 1 deletion(-) - create mode 100644 ext/exif/tests/bug78910.phpt - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index f961f44a46c..c0be05922fb 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3154,7 +3154,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu - continue; - if (maker_note->model && (!ImageInfo->model || strcmp(maker_note->model, ImageInfo->model))) - continue; -- if (maker_note->id_string && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len)) -+ if (maker_note->id_string && value_len >= maker_note->id_string_len -+ && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len)) - continue; - break; - } -diff --git a/ext/exif/tests/bug78910.phpt b/ext/exif/tests/bug78910.phpt -new file mode 100644 -index 00000000000..f5b1c32c1bd ---- /dev/null -+++ b/ext/exif/tests/bug78910.phpt -@@ -0,0 +1,17 @@ -+--TEST-- -+Bug #78910: Heap-buffer-overflow READ in exif (OSS-Fuzz #19044) -+--FILE-- -+ -+--EXPECTF-- -+Notice: exif_read_data(): Read from TIFF: tag(0x927C, MakerNote ): Illegal format code 0x2020, switching to BYTE in %s on line %d -+ -+Warning: exif_read_data(): Process tag(x927C=MakerNote ): Illegal format code 0x2020, suppose BYTE in %s on line %d -+ -+Warning: exif_read_data(): IFD data too short: 0x0000 offset 0x000C in %s on line %d -+ -+Warning: exif_read_data(): Invalid TIFF file in %s on line %d -+bool(false) --- -2.11.0 diff --git a/CVE-2019-11048.patch b/CVE-2019-11048.patch deleted file mode 100644 index d5849a59b51857fe90cdea6dc0e3d1b909557c97..0000000000000000000000000000000000000000 --- a/CVE-2019-11048.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 1c9bd513ac5c7c1d13d7f0dfa7c16a7ad2ce0f87 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Wed, 18 Mar 2020 10:26:53 +0100 -Subject: [PATCH] Fix #78875: Long filenames cause OOM and temp files are not - cleaned - -We must not cast `size_t` to `int` (unless the `size_t` value is -guaranteed to be less than or equal to `INT_MAX`). In this case we can -declare `array_len` as `size_t` in the first place. ---- - main/rfc1867.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/main/rfc1867.c b/main/rfc1867.c -index bd01b34cf070..783eab4175d5 100644 ---- a/main/rfc1867.c -+++ b/main/rfc1867.c -@@ -692,7 +692,8 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - char *boundary, *s = NULL, *boundary_end = NULL, *start_arr = NULL, *array_index = NULL; - char *lbuf = NULL, *abuf = NULL; - zend_string *temp_filename = NULL; -- int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0, array_len = 0; -+ int boundary_len = 0, cancel_upload = 0, is_arr_upload = 0; -+ size_t array_len = 0; - int64_t total_bytes = 0, max_file_size = 0; - int skip_upload = 0, anonindex = 0, is_anonymous; - HashTable *uploaded_files = NULL; -@@ -1126,7 +1127,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - is_arr_upload = (start_arr = strchr(param,'[')) && (param[strlen(param)-1] == ']'); - - if (is_arr_upload) { -- array_len = (int)strlen(start_arr); -+ array_len = strlen(start_arr); - if (array_index) { - efree(array_index); - } diff --git a/CVE-2019-11050.patch b/CVE-2019-11050.patch deleted file mode 100644 index 9122d878dccb2b9b1c80fe7500fa215568fa4603..0000000000000000000000000000000000000000 --- a/CVE-2019-11050.patch +++ /dev/null @@ -1,48 +0,0 @@ -From c14eb8de974fc8a4d74f3515424c293bc7a40fba Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 16 Dec 2019 01:14:38 -0800 -Subject: [PATCH] Fix bug #78793 - ---- - ext/exif/exif.c | 5 +++-- - ext/exif/tests/bug78793.phpt | 12 ++++++++++++ - 2 files changed, 15 insertions(+), 2 deletions(-) - create mode 100644 ext/exif/tests/bug78793.phpt - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index c0be05922f..7fe055f381 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3235,8 +3235,9 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu - } - - for (de=0;detag_table)) { -+ size_t offset = 2 + 12 * de; -+ if (!exif_process_IFD_TAG(ImageInfo, dir_start + offset, -+ offset_base, data_len - offset, displacement, section_index, 0, maker_note->tag_table)) { - return FALSE; - } - } -diff --git a/ext/exif/tests/bug78793.phpt b/ext/exif/tests/bug78793.phpt -new file mode 100644 -index 0000000000..033f255ace ---- /dev/null -+++ b/ext/exif/tests/bug78793.phpt -@@ -0,0 +1,12 @@ -+--TEST-- -+Bug #78793: Use-after-free in exif parsing under memory sanitizer -+--FILE-- -+ -+===DONE=== -+--EXPECT-- -+===DONE=== --- -2.19.1 - diff --git a/CVE-2019-6977.patch b/CVE-2019-6977.patch deleted file mode 100644 index a72f65ee5294a0b36dd29f54066a0dfef0ba7b17..0000000000000000000000000000000000000000 --- a/CVE-2019-6977.patch +++ /dev/null @@ -1,59 +0,0 @@ -From a15af81b5f0058e020eda0f109f51a3c863f5212 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Sun, 30 Dec 2018 13:59:26 +0100 -Subject: [PATCH] Fix #77270: imagecolormatch Out Of Bounds Write on Heap - -At least some of the image reading functions may return images which -use color indexes greater than or equal to im->colorsTotal. We cater -to this by always using a buffer size which is sufficient for -`gdMaxColors` in `gdImageColorMatch()`. - -(cherry picked from commit 7a12dad4dd6c370835b13afae214b240082c7538) ---- - NEWS | 1 + - ext/gd/libgd/gd_color_match.c | 4 ++-- - ext/gd/tests/bug77270.phpt | 18 ++++++++++++++++++ - 3 files changed, 21 insertions(+), 2 deletions(-) - create mode 100644 ext/gd/tests/bug77270.phpt - -diff --git a/ext/gd/libgd/gd_color_match.c b/ext/gd/libgd/gd_color_match.c -index a4e56b1c40..e6f539bc75 100644 ---- a/ext/gd/libgd/gd_color_match.c -+++ b/ext/gd/libgd/gd_color_match.c -@@ -33,8 +33,8 @@ int gdImageColorMatch (gdImagePtr im1, gdImagePtr im2) - return -4; /* At least 1 color must be allocated */ - } - -- buf = (unsigned long *)safe_emalloc(sizeof(unsigned long), 5 * im2->colorsTotal, 0); -- memset( buf, 0, sizeof(unsigned long) * 5 * im2->colorsTotal ); -+ buf = (unsigned long *)safe_emalloc(sizeof(unsigned long), 5 * gdMaxColors, 0); -+ memset( buf, 0, sizeof(unsigned long) * 5 * gdMaxColors ); - - for (x=0; xsx; x++) { - for( y=0; ysy; y++ ) { -diff --git a/ext/gd/tests/bug77270.phpt b/ext/gd/tests/bug77270.phpt -new file mode 100644 -index 0000000000..1c4555a64d ---- /dev/null -+++ b/ext/gd/tests/bug77270.phpt -@@ -0,0 +1,18 @@ -+--TEST-- -+Bug #77270 (imagecolormatch Out Of Bounds Write on Heap) -+--SKIPIF-- -+ -+--FILE-- -+ -+===DONE=== -+--EXPECT-- -+===DONE=== --- -2.11.0 diff --git a/CVE-2019-9021.patch b/CVE-2019-9021.patch deleted file mode 100644 index 33b39a96732f70299707715dc3d0f22a47da87a4..0000000000000000000000000000000000000000 --- a/CVE-2019-9021.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/ext/phar/phar.c b/ext/phar/phar.c -index 4d5988eaa9..812720a011 100644 ---- a/ext/phar/phar.c -+++ b/ext/phar/phar.c -@@ -2026,7 +2026,7 @@ next_extension: - } - - while (pos != filename && (*(pos - 1) == '/' || *(pos - 1) == '\0')) { -- pos = memchr(pos + 1, '.', filename_len - (pos - filename) + 1); -+ pos = memchr(pos + 1, '.', filename_len - (pos - filename) - 1); - if (!pos) { - return FAILURE; - } - diff --git a/CVE-2019-9022.patch b/CVE-2019-9022.patch deleted file mode 100644 index 0b3e03a3ba944bebf3fc8ac0acefda9a01679dca..0000000000000000000000000000000000000000 --- a/CVE-2019-9022.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 8d3dfabef459fe7815e8ea2fd68753fd17859d7b Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sat, 29 Dec 2018 20:39:08 -0800 -Subject: [PATCH] Fix #77369 - memcpy with negative length via crafted DNS - response - ---- - ext/standard/dns.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/ext/standard/dns.c b/ext/standard/dns.c -index 8e102f8..b5fbcb9 100644 ---- a/ext/standard/dns.c -+++ b/ext/standard/dns.c -@@ -459,6 +459,10 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t - GETLONG(ttl, cp); - GETSHORT(dlen, cp); - CHECKCP(dlen); -+ if (dlen == 0) { -+ /* No data in the response - nothing to do */ -+ return NULL; -+ } - if (type_to_fetch != T_ANY && type != type_to_fetch) { - cp += dlen; - return cp; -@@ -549,6 +553,9 @@ static u_char *php_parserr(u_char *cp, u_char *end, querybuf *answer, int type_t - CHECKCP(n); - add_assoc_stringl(subarray, "tag", (char*)cp, n); - cp += n; -+ if ( (size_t) dlen < ((size_t)n) + 2 ) { -+ return NULL; -+ } - n = dlen - n - 2; - CHECKCP(n); - add_assoc_stringl(subarray, "value", (char*)cp, n); --- -2.1.4 diff --git a/CVE-2019-9023.patch b/CVE-2019-9023.patch deleted file mode 100644 index a6716ffb32ba5b8c601ae003b20214e11a1b82e6..0000000000000000000000000000000000000000 --- a/CVE-2019-9023.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 9a96e864885ccc3b19d360ba410a562eb7c5dc45 Mon Sep 17 00:00:00 2001 -From: gwx620998 -Date: Sat, 23 Mar 2019 03:34:11 -0400 -Subject: [PATCH] CVE-2019-9023 - -Signed-off-by: gwx620998 ---- - ext/mbstring/oniguruma/src/regcomp.c | 3 +++ - ext/mbstring/oniguruma/src/regparse.c | 2 ++ - ext/mbstring/oniguruma/src/unicode.c | 1 + - ext/mbstring/oniguruma/src/utf32_be.c | 3 ++- - 4 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/ext/mbstring/oniguruma/src/regcomp.c b/ext/mbstring/oniguruma/src/regcomp.c -index 0e9a9ab..cf914cc 100644 ---- a/ext/mbstring/oniguruma/src/regcomp.c -+++ b/ext/mbstring/oniguruma/src/regcomp.c -@@ -476,6 +476,7 @@ compile_length_string_node(Node* node, regex_t* reg) - - for (; p < sn->end; ) { - len = enclen(enc, p); -+ if (p + len > sn->end) len = sn->end - p; - if (len == prev_len) { - slen++; - } -@@ -524,6 +525,7 @@ compile_string_node(Node* node, regex_t* reg) - - for (; p < end; ) { - len = enclen(enc, p); -+ if (p + len > end) len = end - p; - if (len == prev_len) { - slen++; - } -@@ -3436,6 +3438,7 @@ expand_case_fold_string(Node* node, regex_t* reg) - } - - len = enclen(reg->enc, p); -+ if (p + len > end) len = end - p; - - if (n == 0) { - if (IS_NULL(snode)) { -diff --git a/ext/mbstring/oniguruma/src/regparse.c b/ext/mbstring/oniguruma/src/regparse.c -index 8153513..9393b9d 100644 ---- a/ext/mbstring/oniguruma/src/regparse.c -+++ b/ext/mbstring/oniguruma/src/regparse.c -@@ -3594,6 +3594,7 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) - } - else { /* string */ - p = tok->backp + enclen(enc, tok->backp); -+ if (p > end) p = end; - } - } - break; -@@ -3763,6 +3764,7 @@ fetch_token(OnigToken* tok, UChar** src, UChar* end, ScanEnv* env) - out: - #endif - *src = p; -+ if (*src > end) *src = end; - return tok->type; - } - -diff --git a/ext/mbstring/oniguruma/src/unicode.c b/ext/mbstring/oniguruma/src/unicode.c -index 8812ca2..cbdc42f 100644 ---- a/ext/mbstring/oniguruma/src/unicode.c -+++ b/ext/mbstring/oniguruma/src/unicode.c -@@ -255,6 +255,7 @@ onigenc_unicode_mbc_case_fold(OnigEncoding enc, - - code = ONIGENC_MBC_TO_CODE(enc, p, end); - len = enclen(enc, p); -+ if (*pp + len > end) len = end - *pp; - *pp += len; - - #ifdef USE_UNICODE_CASE_FOLD_TURKISH_AZERI -diff --git a/ext/mbstring/oniguruma/src/utf32_be.c b/ext/mbstring/oniguruma/src/utf32_be.c -index d0c7f39..4cf6fed 100644 ---- a/ext/mbstring/oniguruma/src/utf32_be.c -+++ b/ext/mbstring/oniguruma/src/utf32_be.c -@@ -65,8 +65,9 @@ utf32be_is_mbc_newline(const UChar* p, const UChar* end) - } - - static OnigCodePoint --utf32be_mbc_to_code(const UChar* p, const UChar* end ARG_UNUSED) -+utf32be_mbc_to_code(const UChar* p, const UChar* end) - { -+ if (p + 4 > end) return (OnigCodePoint ) NULL; - return (OnigCodePoint )(((p[0] * 256 + p[1]) * 256 + p[2]) * 256 + p[3]); - } - --- -1.8.3.1 - diff --git a/CVE-2019-9024.patch b/CVE-2019-9024.patch deleted file mode 100644 index 5ac3f3ceb1c7fac4829ede497cd67e6385748e83..0000000000000000000000000000000000000000 --- a/CVE-2019-9024.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 1cc2182bcc81e185c14837e659d12b268cb99d63 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Tue, 1 Jan 2019 17:15:20 -0800 -Subject: [PATCH] Fix bug #77380 (Global out of bounds read in xmlrpc base64 - code) - ---- -diff --git a/ext/xmlrpc/libxmlrpc/base64.c b/ext/xmlrpc/libxmlrpc/base64.c -index 5ebdf31..a4fa193 100644 ---- a/ext/xmlrpc/libxmlrpc/base64.c -+++ b/ext/xmlrpc/libxmlrpc/base64.c -@@ -169,7 +169,7 @@ void base64_decode_xmlrpc(struct buffer_st *bfr, const char *source, int length) - return; - } - -- if (dtable[c] & 0x80) { -+ if (dtable[(unsigned char)c] & 0x80) { - /* - fprintf(stderr, "Offset %i length %i\n", offset, length); - fprintf(stderr, "character '%c:%x:%c' in input file.\n", c, c, dtable[c]); --- -2.1.4 - diff --git a/CVE-2019-9637.patch b/CVE-2019-9637.patch deleted file mode 100644 index ccc4f21328289cf75c902e7a57998c571f16eb77..0000000000000000000000000000000000000000 --- a/CVE-2019-9637.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 40f6425978917209cb0c2c3be05a25c65c9a900e Mon Sep 17 00:00:00 2001 -From: gwx620998 -Date: Sat, 23 Mar 2019 07:14:35 -0400 -Subject: [PATCH] CVE-2019-9637 - -Signed-off-by: gwx620998 ---- - main/streams/plain_wrapper.c | 50 +++++++++++++++++++++++++++++--------------- - 1 file changed, 33 insertions(+), 17 deletions(-) - -diff --git a/main/streams/plain_wrapper.c b/main/streams/plain_wrapper.c -index 9b36d00..cb9e642 100644 ---- a/main/streams/plain_wrapper.c -+++ b/main/streams/plain_wrapper.c -@@ -1168,34 +1168,50 @@ static int php_plain_files_rename(php_stream_wrapper *wrapper, const char *url_f - # ifdef EXDEV - if (errno == EXDEV) { - zend_stat_t sb; -+# if !defined(ZTS) && !defined(TSRM_WIN32) && !defined(NETWARE) -+ /* not sure what to do in ZTS case, umask is not thread-safe */ -+ int oldmask = umask(077); -+# endif -+ int success = 0; - if (php_copy_file(url_from, url_to) == SUCCESS) { - if (VCWD_STAT(url_from, &sb) == 0) { -+ success = 1; - # ifndef TSRM_WIN32 -- if (VCWD_CHMOD(url_to, sb.st_mode)) { -- if (errno == EPERM) { -- php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno)); -- VCWD_UNLINK(url_from); -- return 1; -- } -+ /* -+ * Try to set user and permission info on the target. -+ * If we're not root, then some of these may fail. -+ * We try chown first, to set proper group info, relying -+ * on the system environment to have proper umask to not allow -+ * access to the file in the meantime. -+ */ -+ if (VCWD_CHOWN(url_to, sb.st_uid, sb.st_gid)) { - php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno)); -- return 0; -+ if (errno != EPERM) { -+ success = 0; -+ } - } -- if (VCWD_CHOWN(url_to, sb.st_uid, sb.st_gid)) { -- if (errno == EPERM) { -+ if (success) { -+ if (VCWD_CHMOD(url_to, sb.st_mode)) { - php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno)); -- VCWD_UNLINK(url_from); -- return 1; -+ if (errno != EPERM) { -+ success = 0; -+ } - } -- php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno)); -- return 0; - } - # endif -- VCWD_UNLINK(url_from); -- return 1; -+ if (success) { -+ VCWD_UNLINK(url_from); -+ } -+ } else { -+ php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno)); - } -+ } else { -+ php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno)); - } -- php_error_docref2(NULL, url_from, url_to, E_WARNING, "%s", strerror(errno)); -- return 0; -+# if !defined(ZTS) && !defined(TSRM_WIN32) && !defined(NETWARE) -+ umask(oldmask); -+# endif -+ return success; - } - # endif - #endif --- -1.8.3.1 - diff --git a/CVE-2019-9638-CVE-2019-9639.patch b/CVE-2019-9638-CVE-2019-9639.patch deleted file mode 100644 index ddc1dae033259ec6c54014cd78ad2b50de43976a..0000000000000000000000000000000000000000 --- a/CVE-2019-9638-CVE-2019-9639.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 7168d3dc576344f7e55fac81d86304d2421ffe93 Mon Sep 17 00:00:00 2001 -From: gwx620998 -Date: Sat, 23 Mar 2019 07:42:34 -0400 -Subject: [PATCH] CVE-2019-9638 - -Signed-off-by: gwx620998 ---- - ext/exif/exif.c | 5 +++-- - ext/exif/tests/bug77563.phpt | 16 ++++++++++++++++ - 2 files changed, 19 insertions(+), 2 deletions(-) - create mode 100644 ext/exif/tests/bug77563.phpt - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index 3a76d8f..d82b5ae 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3151,8 +3151,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu - continue; - break; - } -- -- if (maker_note->offset >= value_len) { -+ -+ if (value_len < 2 || maker_note->offset >= value_len - 1) { - /* Do not go past the value end */ - exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "IFD data too short: 0x%04X offset 0x%04X", value_len, maker_note->offset); - return FALSE; -@@ -3207,6 +3207,7 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu - #endif - default: - case MN_OFFSET_NORMAL: -+ data_len = value_len; - break; - } - -diff --git a/ext/exif/tests/bug77563.phpt b/ext/exif/tests/bug77563.phpt -new file mode 100644 -index 0000000..d1c5b9f ---- /dev/null -+++ b/ext/exif/tests/bug77563.phpt -@@ -0,0 +1,16 @@ -++--TEST-- -++Bug 77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE) -++--SKIPIF-- -++ -++--FILE-- -++ -++DONE -++--EXPECTF-- -++Warning: exif_thumbnail(bug77563.jpg): Illegal IFD offset in %s/bug77563.php on line %d -++ -++Warning: exif_thumbnail(bug77563.jpg): File structure corrupted in %s/bug77563.php on line %d -++ -++Warning: exif_thumbnail(bug77563.jpg): Invalid JPEG file in %s/bug77563.php on line %d -++DONE --- -1.8.3.1 - diff --git a/CVE-2019-9640.patch b/CVE-2019-9640.patch deleted file mode 100644 index 4cda3bcb52ccacad2259cd9619db6720e44dad58..0000000000000000000000000000000000000000 --- a/CVE-2019-9640.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 30d2b94a2e88021b77b07149e1f4438662ca8e5e Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sat, 2 Mar 2019 13:38:00 -0800 -Subject: [PATCH] Fix bug #77540 - Invalid Read on exif_process_SOFn - ---- - ext/exif/exif.c | 10 ++++++++-- - ext/exif/tests/bug77540.jpg | Bin 0 -> 91 bytes - ext/exif/tests/bug77540.phpt | 16 ++++++++++++++++ - 3 files changed, 24 insertions(+), 2 deletions(-) - create mode 100644 ext/exif/tests/bug77540.jpg - create mode 100644 ext/exif/tests/bug77540.phpt - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index 4f2f660..8ed9c85 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3902,7 +3902,7 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo) - return FALSE; - marker = c; - length = php_jpg_get16(data+pos); -- if (pos+length>=ImageInfo->Thumbnail.size) { -+ if (length > ImageInfo->Thumbnail.size || pos >= ImageInfo->Thumbnail.size - length) { - return FALSE; - } - #ifdef EXIF_DEBUG -@@ -3923,6 +3923,10 @@ static int exif_scan_thumbnail(image_info_type *ImageInfo) - case M_SOF14: - case M_SOF15: - /* handle SOFn block */ -+ if (length < 8 || ImageInfo->Thumbnail.size - 8 < pos) { -+ /* exif_process_SOFn needs 8 bytes */ -+ return FALSE; -+ } - exif_process_SOFn(data+pos, marker, &sof_info); - ImageInfo->Thumbnail.height = sof_info.height; - ImageInfo->Thumbnail.width = sof_info.width; -@@ -4654,7 +4658,9 @@ PHP_FUNCTION(exif_thumbnail) - ZVAL_STRINGL(return_value, ImageInfo.Thumbnail.data, ImageInfo.Thumbnail.size); - if (arg_c >= 3) { - if (!ImageInfo.Thumbnail.width || !ImageInfo.Thumbnail.height) { -- exif_scan_thumbnail(&ImageInfo); -+ if (!exif_scan_thumbnail(&ImageInfo)) { -+ ImageInfo.Thumbnail.width = ImageInfo.Thumbnail.height = 0; -+ } - } - zval_dtor(z_width); - zval_dtor(z_height); --- -diff --git a/ext/exif/tests/bug77540.phpt b/ext/exif/tests/bug77540.phpt -new file mode 100644 -index 0000000..8702e0c ---- /dev/null -+++ b/ext/exif/tests/bug77540.phpt -@@ -0,0 +1,16 @@ -+--TEST-- -+Bug 77540 (Invalid Read on exif_process_SOFn) -+--SKIPIF-- -+ -+--FILE-- -+ -+DONE -+--EXPECTF-- -+Width 0 -+Height 0 -+DONE --- -2.1.4 - diff --git a/CVE-2020-7063.patch b/CVE-2020-7063.patch deleted file mode 100644 index 9eb6c50dc895cd1ff780aeb2abb3226ec331ff69..0000000000000000000000000000000000000000 --- a/CVE-2020-7063.patch +++ /dev/null @@ -1,121 +0,0 @@ -From ead40a66785aedaa393f953a0ed9224adaf040cd Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sat, 15 Feb 2020 22:17:14 -0800 -Subject: [PATCH] Fix bug #79082 - Files added to tar with - Phar::buildFromIterator have all-access permissions - ---- - ext/phar/phar_object.c | 11 ++++++ - ext/phar/tests/bug79082.phpt | 52 ++++++++++++++++++++++++++++ - ext/phar/tests/test79082/test79082-testfile | 1 + - ext/phar/tests/test79082/test79082-testfile2 | 1 + - 4 files changed, 65 insertions(+) - create mode 100644 ext/phar/tests/bug79082.phpt - create mode 100644 ext/phar/tests/test79082/test79082-testfile - create mode 100644 ext/phar/tests/test79082/test79082-testfile2 - -diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c -index 6cf097e36fe..89b553c2b91 100644 ---- a/ext/phar/phar_object.c -+++ b/ext/phar/phar_object.c -@@ -1419,6 +1419,7 @@ static int phar_build(zend_object_iterator *iter, void *puser) /* {{{ */ - char *str_key; - zend_class_entry *ce = p_obj->c; - phar_archive_object *phar_obj = p_obj->p; -+ php_stream_statbuf ssb; - - value = iter->funcs->get_current_data(iter); - -@@ -1686,6 +1687,16 @@ after_open_fp: - php_stream_copy_to_stream_ex(fp, p_obj->fp, PHP_STREAM_COPY_ALL, &contents_len); - data->internal_file->uncompressed_filesize = data->internal_file->compressed_filesize = - php_stream_tell(p_obj->fp) - data->internal_file->offset; -+ if (php_stream_stat(fp, &ssb) != -1) { -+ data->internal_file->flags = ssb.sb.st_mode & PHAR_ENT_PERM_MASK ; -+ } else { -+#ifndef _WIN32 -+ mode_t mask; -+ mask = umask(0); -+ umask(mask); -+ data->internal_file->flags &= ~mask; -+#endif -+ } - } - - if (close_fp) { -diff --git a/ext/phar/tests/bug79082.phpt b/ext/phar/tests/bug79082.phpt -new file mode 100644 -index 00000000000..ca453d1b57b ---- /dev/null -+++ b/ext/phar/tests/bug79082.phpt -@@ -0,0 +1,52 @@ -+--TEST-- -+Phar: Bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions -+--SKIPIF-- -+ -+--FILE-- -+ 'tar', Phar::ZIP => 'zip'] as $mode => $ext) { -+ clearstatcache(); -+ $phar = new PharData(__DIR__ . '/test79082.' . $ext, null, null, $mode); -+ $phar->buildFromIterator(new \RecursiveDirectoryIterator(__DIR__ . '/test79082', \FilesystemIterator::SKIP_DOTS), __DIR__ . '/test79082'); -+ $phar->extractTo(__DIR__); -+ var_dump(decoct(stat(__DIR__ . '/test79082-testfile')['mode'])); -+ var_dump(decoct(stat(__DIR__ . '/test79082-testfile2')['mode'])); -+ unlink(__DIR__ . '/test79082-testfile'); -+ unlink(__DIR__ . '/test79082-testfile2'); -+} -+foreach([Phar::TAR => 'tar', Phar::ZIP => 'zip'] as $mode => $ext) { -+ clearstatcache(); -+ $phar = new PharData(__DIR__ . '/test79082-d.' . $ext, null, null, $mode); -+ $phar->buildFromDirectory(__DIR__ . '/test79082'); -+ $phar->extractTo(__DIR__); -+ var_dump(decoct(stat(__DIR__ . '/test79082-testfile')['mode'])); -+ var_dump(decoct(stat(__DIR__ . '/test79082-testfile2')['mode'])); -+ unlink(__DIR__ . '/test79082-testfile'); -+ unlink(__DIR__ . '/test79082-testfile2'); -+} -+?> -+--CLEAN-- -+ -+--EXPECT-- -+string(2) "22" -+string(6) "100644" -+string(6) "100400" -+string(6) "100644" -+string(6) "100400" -+string(6) "100644" -+string(6) "100400" -+string(6) "100644" -+string(6) "100400" -diff --git a/ext/phar/tests/test79082/test79082-testfile b/ext/phar/tests/test79082/test79082-testfile -new file mode 100644 -index 00000000000..9daeafb9864 ---- /dev/null -+++ b/ext/phar/tests/test79082/test79082-testfile -@@ -0,0 +1 @@ -+test -diff --git a/ext/phar/tests/test79082/test79082-testfile2 b/ext/phar/tests/test79082/test79082-testfile2 -new file mode 100644 -index 00000000000..9daeafb9864 ---- /dev/null -+++ b/ext/phar/tests/test79082/test79082-testfile2 -@@ -0,0 +1 @@ -+test --- -2.11.0 - - diff --git a/CVE-2020-7064.patch b/CVE-2020-7064.patch deleted file mode 100644 index 3cce2dcb164482871902fc562447b5b2769cdd4d..0000000000000000000000000000000000000000 --- a/CVE-2020-7064.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 0c77b4307df73217283a4aaf9313e1a33a0967ff Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sun, 15 Mar 2020 17:26:00 -0700 -Subject: [PATCH] Fixed bug #79282 - ---- - ext/exif/exif.c | 7 ++++++- - ext/exif/tests/bug79282.phpt | 15 +++++++++++++++ - 2 files changed, 21 insertions(+), 1 deletion(-) - create mode 100644 ext/exif/tests/bug79282.phpt - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index a63e0c1..b85ac19 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3660,6 +3660,11 @@ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf, - { - unsigned exif_value_2a, offset_of_ifd; - -+ if (length < 2) { -+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Missing TIFF alignment marker"); -+ return; -+ } -+ - /* set the thumbnail stuff to nothing so we can test to see if they get set up */ - if (memcmp(CharBuf, "II", 2) == 0) { - ImageInfo->motorola_intel = 0; -@@ -3812,7 +3817,7 @@ static int exif_scan_JPEG_header(image_info_type *ImageInfo) - return FALSE; - } - -- sn = exif_file_sections_add(ImageInfo, marker, itemlen+1, NULL); -+ sn = exif_file_sections_add(ImageInfo, marker, itemlen, NULL); - Data = ImageInfo->file.list[sn].data; - - /* Store first two pre-read bytes. */ -diff --git a/ext/exif/tests/bug79282.phpt b/ext/exif/tests/bug79282.phpt -new file mode 100644 -index 0000000..7b7e365 ---- /dev/null -+++ b/ext/exif/tests/bug79282.phpt -@@ -0,0 +1,15 @@ -+--TEST-- -+Bug #79282: Use-of-uninitialized-value in exif -+--FILE-- -+ -+--EXPECTF-- -+Warning: exif_read_data(): Invalid TIFF alignment marker in %s on line %d -+ -+Warning: exif_read_data(): File structure corrupted in %s on line %d -+ -+Warning: exif_read_data(): Invalid JPEG file in %s on line %d -+bool(false) --- -1.8.3.1 - diff --git a/CVE-2020-7066.patch b/CVE-2020-7066.patch deleted file mode 100644 index 63200d170b36d4b4b306d8e7da34eb0ffa071d49..0000000000000000000000000000000000000000 --- a/CVE-2020-7066.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0181cb204b54ee08710147338b76dc0845aba4f9 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sun, 15 Mar 2020 17:30:44 -0700 -Subject: [PATCH] Fix bug #79329 - get_headers should not accept \0 - ---- - ext/standard/url.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ext/standard/url.c b/ext/standard/url.c -index 57fd80c..fe6d7f9 100644 ---- a/ext/standard/url.c -+++ b/ext/standard/url.c -@@ -680,7 +680,7 @@ PHP_FUNCTION(get_headers) - php_stream_context *context; - - ZEND_PARSE_PARAMETERS_START(1, 3) -- Z_PARAM_STRING(url, url_len) -+ Z_PARAM_PATH(url, url_len) - Z_PARAM_OPTIONAL - Z_PARAM_LONG(format) - Z_PARAM_RESOURCE_EX(zcontext, 1, 0) --- -1.8.3.1 - diff --git a/CVE-2020-7068.patch b/CVE-2020-7068.patch deleted file mode 100644 index 3726e1e1dce479fb189dfb26b01f79c08224c702..0000000000000000000000000000000000000000 --- a/CVE-2020-7068.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 7355ab81763a3d6a04ac11660e6a16d58838d187 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Tue, 14 Jul 2020 17:04:24 +0200 -Subject: [PATCH] Fix #79797: Use of freed hash key in the -phar_parse_zipfile funtion - ---- - ext/phar/zip.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ext/phar/zip.c b/ext/phar/zip.c -index d615e8ad..50c5d69e 100644 ---- a/ext/phar/zip.c -+++ b/ext/phar/zip.c -@@ -703,7 +703,7 @@ foundit: - efree(actual_alias); - } - -- zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata); -+ zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), mydata->alias, mydata->alias_len, mydata); - } else { - phar_archive_data *fd_ptr; - --- -2.23.0 - diff --git a/backport-CVE-2020-7059-Fix-79099-OOB-read.patch b/backport-CVE-2020-7059-Fix-79099-OOB-read.patch deleted file mode 100644 index 38fcfa2be43d77a18ec8d5e34530c6e0917ab6de..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-7059-Fix-79099-OOB-read.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 0f79b1bf301f455967676b5129240140c5c45b09 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 20 Jan 2020 21:33:17 -0800 -Subject: [PATCH] Fix #79099: OOB read in php_strip_tags_ex - ---- - ext/standard/string.c | 6 ++--- - ext/standard/tests/file/bug79099.phpt | 32 +++++++++++++++++++++++++++ - 2 files changed, 35 insertions(+), 3 deletions(-) - create mode 100644 ext/standard/tests/file/bug79099.phpt - -diff --git a/ext/standard/string.c b/ext/standard/string.c -index da51cd0966fc..fb44cc505d9d 100644 ---- a/ext/standard/string.c -+++ b/ext/standard/string.c -@@ -4866,7 +4866,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const - if (state == 4) { - /* Inside */ - break; -- } else if (state == 2 && *(p-1) != '\\') { -+ } else if (state == 2 && p >= buf + 1 && *(p-1) != '\\') { - if (lc == c) { - lc = '\0'; - } else if (lc != '\\') { -@@ -4893,7 +4893,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const - - case '!': - /* JavaScript & Other HTML scripting languages */ -- if (state == 1 && *(p-1) == '<') { -+ if (state == 1 && p >= buf + 1 && *(p-1) == '<') { - state = 3; - lc = c; - } else { -@@ -4920,7 +4920,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, uint8_t *stateptr, const - - case '?': - -- if (state == 1 && *(p-1) == '<') { -+ if (state == 1 && p >= buf + 1 && *(p-1) == '<') { - br=0; - state=2; - break; -diff --git a/ext/standard/tests/file/bug79099.phpt b/ext/standard/tests/file/bug79099.phpt -new file mode 100644 -index 000000000000..7c842f4654f0 ---- /dev/null -+++ b/ext/standard/tests/file/bug79099.phpt -@@ -0,0 +1,32 @@ -+--TEST-- -+Bug #79099 (OOB read in php_strip_tags_ex) -+--FILE-- -+ -+--EXPECT-- -+string(0) "" -+string(0) "" -+string(0) "" -+string(0) "" -+string(0) "" -+string(0) "" diff --git a/backport-CVE-2020-7062-Fix-bug-79221.patch b/backport-CVE-2020-7062-Fix-bug-79221.patch deleted file mode 100644 index 58805deef5ffc366f62e38062616d49b8ff4afd7..0000000000000000000000000000000000000000 --- a/backport-CVE-2020-7062-Fix-bug-79221.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 90ae1818d54b3017ed114d45e83924eebafdb7d7 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Sat, 15 Feb 2020 20:52:19 -0800 -Subject: [PATCH] Fix bug #79221 - Null Pointer Dereference in PHP Session - Upload Progress - ---- - ext/session/session.c | 10 +++++--- - ext/session/tests/bug79221.phpt | 45 +++++++++++++++++++++++++++++++++ - 2 files changed, 51 insertions(+), 4 deletions(-) - create mode 100644 ext/session/tests/bug79221.phpt - -diff --git a/ext/session/session.c b/ext/session/session.c -index 0470ba1fc645..ad299209b6a4 100644 ---- a/ext/session/session.c -+++ b/ext/session/session.c -@@ -3217,10 +3217,12 @@ static int php_session_rfc1867_callback(unsigned int event, void *event_data, vo - if (PS(rfc1867_cleanup)) { - php_session_rfc1867_cleanup(progress); - } else { -- SEPARATE_ARRAY(&progress->data); -- add_assoc_bool_ex(&progress->data, "done", sizeof("done") - 1, 1); -- Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed; -- php_session_rfc1867_update(progress, 1); -+ if (!Z_ISUNDEF(progress->data)) { -+ SEPARATE_ARRAY(&progress->data); -+ add_assoc_bool_ex(&progress->data, "done", sizeof("done") - 1, 1); -+ Z_LVAL_P(progress->post_bytes_processed) = data->post_bytes_processed; -+ php_session_rfc1867_update(progress, 1); -+ } - } - php_rshutdown_session_globals(); - } -diff --git a/ext/session/tests/bug79221.phpt b/ext/session/tests/bug79221.phpt -new file mode 100644 -index 000000000000..b0972c469705 ---- /dev/null -+++ b/ext/session/tests/bug79221.phpt -@@ -0,0 +1,45 @@ -+--TEST-- -+Null Pointer Dereference in PHP Session Upload Progress -+--INI-- -+error_reporting=0 -+file_uploads=1 -+upload_max_filesize=1024 -+session.save_path= -+session.name=PHPSESSID -+session.serialize_handler=php -+session.use_strict_mode=0 -+session.use_cookies=1 -+session.use_only_cookies=0 -+session.upload_progress.enabled=1 -+session.upload_progress.cleanup=0 -+session.upload_progress.prefix=upload_progress_ -+session.upload_progress.name=PHP_SESSION_UPLOAD_PROGRESS -+session.upload_progress.freq=1% -+session.upload_progress.min_freq=0.000000001 -+--COOKIE-- -+PHPSESSID=session-upload -+--POST_RAW-- -+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737 -+-----------------------------20896060251896012921717172737 -+Content-Disposition: form-data; name="PHPSESSID" -+ -+session-upload -+-----------------------------20896060251896012921717172737 -+Content-Disposition: form-data; name="PHP_SESSION_UPLOAD_PROGRESS" -+ -+ryat -+-----------------------------20896060251896012921717172737 -+Content-Disposition: form-data; file="file"; ryat="filename" -+ -+1 -+-----------------------------20896060251896012921717172737-- -+--FILE-- -+ Date: Wed, 13 May 2020 09:36:52 +0200 Subject: [PATCH] Fix #77423: parse_url() will deliver a wrong host to user @@ -16,15 +16,15 @@ functions, although that is not necessarily correct. .../tests/url/parse_url_basic_003.phpt | 2 +- .../tests/url/parse_url_basic_005.phpt | 2 +- .../tests/url/parse_url_unterminated.phpt | 6 ++-- - ext/standard/url.c | 21 +++++++++++++ - 7 files changed, 59 insertions(+), 14 deletions(-) + ext/standard/url.c | 24 +++++++++++++-- + 7 files changed, 60 insertions(+), 16 deletions(-) create mode 100644 ext/standard/tests/url/bug77423.phpt diff --git a/ext/standard/tests/strings/url_t.phpt b/ext/standard/tests/strings/url_t.phpt -index 79ff3bc4a8e3..f564f59f0632 100644 +index caa93cb9cf01..dc13018b14a0 100644 --- a/ext/standard/tests/strings/url_t.phpt +++ b/ext/standard/tests/strings/url_t.phpt -@@ -575,15 +575,13 @@ $sample_urls = array ( +@@ -589,15 +589,13 @@ $sample_urls = array ( string(16) "some_page_ref123" } @@ -79,10 +79,10 @@ index 000000000000..be03fe95e24e + string(26) "example.com\uFF03@bing.com" +} diff --git a/ext/standard/tests/url/parse_url_basic_001.phpt b/ext/standard/tests/url/parse_url_basic_001.phpt -index 4606849c5781..51010991326c 100644 +index f3abd703b263..89b1b7b3d683 100644 --- a/ext/standard/tests/url/parse_url_basic_001.phpt +++ b/ext/standard/tests/url/parse_url_basic_001.phpt -@@ -506,15 +506,13 @@ echo "Done"; +@@ -514,15 +514,13 @@ echo "Done"; string(16) "some_page_ref123" } @@ -101,10 +101,10 @@ index 4606849c5781..51010991326c 100644 string(10) "/index.php" ["query"]=> diff --git a/ext/standard/tests/url/parse_url_basic_003.phpt b/ext/standard/tests/url/parse_url_basic_003.phpt -index 3d5a4a344afd..7968fd3f09fd 100644 +index 1eb64d6a1b1c..da35b927821a 100644 --- a/ext/standard/tests/url/parse_url_basic_003.phpt +++ b/ext/standard/tests/url/parse_url_basic_003.phpt -@@ -68,7 +68,7 @@ echo "Done"; +@@ -62,7 +62,7 @@ echo "Done"; --> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" --> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" --> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(11) "www.php.net" @@ -114,10 +114,10 @@ index 3d5a4a344afd..7968fd3f09fd 100644 --> nntp://news.php.net : string(12) "news.php.net" --> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : string(11) "ftp.gnu.org" diff --git a/ext/standard/tests/url/parse_url_basic_005.phpt b/ext/standard/tests/url/parse_url_basic_005.phpt -index aefb33964bc4..ba778bf9035d 100644 +index dfbe7e7971e4..731a4adb3149 100644 --- a/ext/standard/tests/url/parse_url_basic_005.phpt +++ b/ext/standard/tests/url/parse_url_basic_005.phpt -@@ -68,7 +68,7 @@ echo "Done"; +@@ -62,7 +62,7 @@ echo "Done"; --> http://secret:@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret" --> http://:hideout@www.php.net:80/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(0) "" --> http://secret:hideout@www.php.net/index.php?test=1&test2=char&test3=mixesCI#some_page_ref123 : string(6) "secret" @@ -127,10 +127,10 @@ index aefb33964bc4..ba778bf9035d 100644 --> nntp://news.php.net : NULL --> ftp://ftp.gnu.org/gnu/glic/glibc.tar.gz : NULL diff --git a/ext/standard/tests/url/parse_url_unterminated.phpt b/ext/standard/tests/url/parse_url_unterminated.phpt -index 912b6a5641e8..875d93a10948 100644 +index 7c9150a513d9..f859fc7d407f 100644 --- a/ext/standard/tests/url/parse_url_unterminated.phpt +++ b/ext/standard/tests/url/parse_url_unterminated.phpt -@@ -508,15 +508,13 @@ echo "Done"; +@@ -522,15 +522,13 @@ echo "Done"; string(16) "some_page_ref123" } @@ -149,17 +149,17 @@ index 912b6a5641e8..875d93a10948 100644 string(10) "/index.php" ["query"]=> diff --git a/ext/standard/url.c b/ext/standard/url.c -index 1dd073e2bb42..8d155bb9846c 100644 +index a33091a86b75..113e0100243a 100644 --- a/ext/standard/url.c +++ b/ext/standard/url.c -@@ -92,6 +92,22 @@ PHPAPI php_url *php_url_parse(char const *str) - return php_url_parse_ex(str, strlen(str)); +@@ -92,6 +92,22 @@ static const char *binary_strcspn(const char *s, const char *e, const char *char + return e; } +static int is_userinfo_valid(const char *str, size_t len) +{ -+ char *valid = "-._~!$&'()*+,;=:"; -+ char *p = str; ++ const char *valid = "-._~!$&'()*+,;=:"; ++ const char *p = str; + while (p - str < len) { + if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { + p++; @@ -172,19 +172,20 @@ index 1dd073e2bb42..8d155bb9846c 100644 + return 1; +} + - /* {{{ php_url_parse - */ + /* {{{ php_url_parse */ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length) -@@ -235,13 +251,18 @@ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length) - ret->pass = estrndup(pp, (p-pp)); - php_replace_controlchars_ex(ret->pass, (p-pp)); + { +@@ -233,13 +249,17 @@ PHPAPI php_url *php_url_parse_ex2(char const *str, size_t length, zend_bool *has + ret->pass = zend_string_init(pp, (p-pp), 0); + php_replace_controlchars_ex(ZSTR_VAL(ret->pass), ZSTR_LEN(ret->pass)); } else { +- ret->user = zend_string_init(s, (p-s), 0); +- php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user)); + if (!is_userinfo_valid(s, p-s)) { + goto check_port; + } - ret->user = estrndup(s, (p-s)); - php_replace_controlchars_ex(ret->user, (p-s)); -+ ++ ret->user = zend_string_init(s, (p-s), 0); ++ php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user)); } s = p + 1; diff --git a/be50a72715c141befe6f34ece660745da894aaf3.patch b/be50a72715c141befe6f34ece660745da894aaf3.patch deleted file mode 100644 index 2bcf82df4cad8095e39fc216713174403af3dec2..0000000000000000000000000000000000000000 --- a/be50a72715c141befe6f34ece660745da894aaf3.patch +++ /dev/null @@ -1,37 +0,0 @@ -From be50a72715c141befe6f34ece660745da894aaf3 Mon Sep 17 00:00:00 2001 -From: Jakub Zelenka -Date: Sun, 9 Sep 2018 18:53:37 +0100 -Subject: [PATCH] Fix ssl stream reneg limit test to print only after first - renegotiation - -It has been reported that in some setup the test does multiple -renegotiations which is allowed. ---- - ext/openssl/tests/stream_server_reneg_limit.phpt | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/ext/openssl/tests/stream_server_reneg_limit.phpt b/ext/openssl/tests/stream_server_reneg_limit.phpt -index f0353351a23a..f033cbabe343 100644 ---- a/ext/openssl/tests/stream_server_reneg_limit.phpt -+++ b/ext/openssl/tests/stream_server_reneg_limit.phpt -@@ -22,14 +22,18 @@ if(substr(PHP_OS, 0, 3) == 'WIN') { - */ - - $serverCode = <<<'CODE' -+ $printed = false; - $serverUri = "ssl://127.0.0.1:64321"; - $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; - $serverCtx = stream_context_create(['ssl' => [ - 'local_cert' => __DIR__ . '/bug54992.pem', - 'reneg_limit' => 0, - 'reneg_window' => 30, -- 'reneg_limit_callback' => function($stream) { -- var_dump($stream); -+ 'reneg_limit_callback' => function($stream) use (&$printed) { -+ if (!$printed) { -+ $printed = true; -+ var_dump($stream); -+ } - } - ]]); - diff --git a/c1729272b17a1fe893d1a54e423d3b71470f3ee8.patch b/c1729272b17a1fe893d1a54e423d3b71470f3ee8.patch deleted file mode 100644 index d9451923904982c815027a6029126c3e00f08628..0000000000000000000000000000000000000000 --- a/c1729272b17a1fe893d1a54e423d3b71470f3ee8.patch +++ /dev/null @@ -1,22 +0,0 @@ -From c1729272b17a1fe893d1a54e423d3b71470f3ee8 Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Wed, 29 Aug 2018 09:10:59 +0200 -Subject: [PATCH] fix double cast to int on 32-bit - ---- - Zend/zend_operators.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Zend/zend_operators.c b/Zend/zend_operators.c -index cafb14d4cc25..9a8a40142433 100644 ---- a/Zend/zend_operators.c -+++ b/Zend/zend_operators.c -@@ -3101,7 +3101,7 @@ ZEND_API zend_long ZEND_FASTCALL zend_dval_to_lval_slow(double d) - if (dmod < 0) { - /* we're going to make this number positive; call ceil() - * to simulate rounding towards 0 of the negative number */ -- dmod = ceil(dmod);// + two_pow_32; -+ dmod = ceil(dmod) + two_pow_32; - } - return (zend_long)(zend_ulong)dmod; - } diff --git a/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch b/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch deleted file mode 100644 index 0cb89c82dcc057e7aef48f6543658df8dff556af..0000000000000000000000000000000000000000 --- a/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch +++ /dev/null @@ -1,38 +0,0 @@ -From cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a Mon Sep 17 00:00:00 2001 -From: Jakub Zelenka -Date: Sun, 2 Sep 2018 20:00:08 +0100 -Subject: [PATCH] Fix stream_security_level.phpt with OpenSSL 1.1.1 - ---- - ext/openssl/tests/stream_security_level.phpt | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/ext/openssl/tests/stream_security_level.phpt b/ext/openssl/tests/stream_security_level.phpt -index fb1d36a58624..26fedcf670e9 100644 ---- a/ext/openssl/tests/stream_security_level.phpt -+++ b/ext/openssl/tests/stream_security_level.phpt -@@ -5,6 +5,7 @@ security_level setting to prohibit cert - if (!extension_loaded("openssl")) die("skip openssl not loaded"); - if (OPENSSL_VERSION_NUMBER < 0x10100000) die("skip OpenSSL >= v1.1.0 required"); - if (!function_exists("proc_open")) die("skip no proc_open"); -+?> - --FILE-- - [ -- 'security_level' => 3, -+ 'security_level' => 2, - 'verify_peer' => true, - 'cafile' => __DIR__ . '/bug54992-ca.pem', - 'verify_peer_name' => false -@@ -38,6 +39,7 @@ CODE; - - include 'ServerClientTestCase.inc'; - ServerClientTestCase::getInstance()->run($clientCode, $serverCode); -+?> - --EXPECTF-- - Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: - error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in %s : eval()'d code on line %d diff --git a/php-5.3.0-recode.patch b/php-5.3.0-recode.patch deleted file mode 100644 index 86f75a57af637c5237d77d5346139f3c0401a412..0000000000000000000000000000000000000000 --- a/php-5.3.0-recode.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up php-5.3.0beta1/ext/recode/config9.m4.recode php-5.3.0beta1/ext/recode/config9.m4 ---- php-5.3.0beta1/ext/recode/config9.m4.recode 2008-12-02 00:30:21.000000000 +0100 -+++ php-5.3.0beta1/ext/recode/config9.m4 2009-02-28 09:46:50.000000000 +0100 -@@ -4,13 +4,6 @@ dnl - - dnl Check for extensions with which Recode can not work - if test "$PHP_RECODE" != "no"; then -- test "$PHP_IMAP" != "no" && recode_conflict="$recode_conflict imap" -- -- if test -n "$MYSQL_LIBNAME"; then -- PHP_CHECK_LIBRARY($MYSQL_LIBNAME, hash_insert, [ -- recode_conflict="$recode_conflict mysql" -- ]) -- fi - - if test -n "$recode_conflict"; then - AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict]) diff --git a/php-5.6.3-datetests.patch b/php-5.6.3-datetests.patch deleted file mode 100644 index a29bb636383139518c6296c2661813f964e8237f..0000000000000000000000000000000000000000 --- a/php-5.6.3-datetests.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- a/ext/date/tests/bug66985.phpt 2014-10-30 07:32:03.297693403 +0100 -+++ b/ext/date/tests/bug66985.phpt 2014-10-30 07:32:45.138877977 +0100 -@@ -3,7 +3,7 @@ - --FILE-- - 3 -- [timezone] => Factory --) --DateTimeZone Object --( - [timezone_type] => 3 - [timezone] => GB-Eire - ) diff --git a/php-7.2.0-includedir.patch b/php-7.2.0-includedir.patch index 6d9a871b46cc9a1dd6a6e149e285b324fe651d6a..7a42cd66ae404456c0010f9a46f09e78286a6bb9 100644 --- a/php-7.2.0-includedir.patch +++ b/php-7.2.0-includedir.patch @@ -5,7 +5,7 @@ EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"` EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"` -INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR -+INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:${EXPANDED_DATADIR}/php ++INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:${EXPANDED_DATADIR}/php:/usr/share/pear:/usr/share/php exec_prefix=$old_exec_prefix libdir=$old_libdir diff --git a/php-7.2.4-dlopen.patch b/php-7.2.4-dlopen.patch deleted file mode 100644 index 3c764745e2a0200614d4268a6c50e296072abc94..0000000000000000000000000000000000000000 --- a/php-7.2.4-dlopen.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen php-7.2.4RC1/sapi/litespeed/lsapilib.c ---- php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen 2018-03-13 12:40:25.330885880 +0100 -+++ php-7.2.4RC1/sapi/litespeed/lsapilib.c 2018-03-13 12:41:35.797251042 +0100 -@@ -755,7 +755,7 @@ static int (*fp_lve_leave)(struct liblve - static int (*fp_lve_jail)( struct passwd *, char *) = NULL; - static int lsapi_load_lve_lib(void) - { -- s_liblve = dlopen("liblve.so.0", RTLD_LAZY); -+ s_liblve = dlopen("liblve.so.0", RTLD_NOW); - if (s_liblve) - { - fp_lve_is_available = dlsym(s_liblve, "lve_is_available"); -diff -up php-7.2.4RC1/Zend/zend_portability.h.dlopen php-7.2.4RC1/Zend/zend_portability.h ---- php-7.2.4RC1/Zend/zend_portability.h.dlopen 2018-03-13 12:33:38.000000000 +0100 -+++ php-7.2.4RC1/Zend/zend_portability.h 2018-03-13 12:40:25.330885880 +0100 -@@ -144,11 +144,11 @@ - # endif - - # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT) --# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) -+# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT) - # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__) --# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_DEEPBIND) -+# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL | RTLD_DEEPBIND) - # else --# define DL_LOAD(libname) dlopen(libname, RTLD_LAZY | RTLD_GLOBAL) -+# define DL_LOAD(libname) dlopen(libname, RTLD_NOW | RTLD_GLOBAL) - # endif - # define DL_UNLOAD dlclose - # if defined(DLSYM_NEEDS_UNDERSCORE) diff --git a/php-7.2.4-fixheader.patch b/php-7.2.4-fixheader.patch deleted file mode 100644 index 52a41214e7189d4ddf401ae2e1ae861d1d564e2a..0000000000000000000000000000000000000000 --- a/php-7.2.4-fixheader.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up php-7.2.4RC1/configure.ac.fixheader php-7.2.4RC1/configure.ac ---- php-7.2.4RC1/configure.ac.fixheader 2018-03-13 12:42:47.594623100 +0100 -+++ php-7.2.4RC1/configure.ac 2018-03-13 12:43:35.591871825 +0100 -@@ -1275,7 +1275,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d` - fi - AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) - --PHP_UNAME=`uname -a | xargs` -+PHP_UNAME=`uname | xargs` - AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) - PHP_OS=`uname | xargs` - AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) diff --git a/php-7.2.8-getallheaders.patch b/php-7.2.8-getallheaders.patch deleted file mode 100644 index ef44d5d9fd8472fd2b802f693d3eee7a883b53b3..0000000000000000000000000000000000000000 --- a/php-7.2.8-getallheaders.patch +++ /dev/null @@ -1,280 +0,0 @@ -Adapted for 7.2 from 7.3 by remi - - -From 0ea4013f101d64fbeb9221260b36e98f10ed1ddd Mon Sep 17 00:00:00 2001 -From: Remi Collet -Date: Wed, 4 Jul 2018 08:48:38 +0200 -Subject: [PATCH] Fixed bug #62596 add getallheaders (apache_request_headers) - missing function in FPM add sapi_add_request_header in public API (was - add_request_header) fix arginfo for fastcgi_finish_request fucntion - ---- - main/SAPI.c | 50 +++++++++++++++++++++++++++++ - main/SAPI.h | 1 + - sapi/cgi/cgi_main.c | 51 +---------------------------- - sapi/fpm/fpm/fpm_main.c | 25 ++++++++++++++- - sapi/fpm/tests/getallheaders.phpt | 67 +++++++++++++++++++++++++++++++++++++++ - 5 files changed, 143 insertions(+), 51 deletions(-) - create mode 100644 sapi/fpm/tests/getallheaders.phpt - -diff --git a/main/SAPI.c b/main/SAPI.c -index b6c3329..7e0c7c8 100644 ---- a/main/SAPI.c -+++ b/main/SAPI.c -@@ -1104,6 +1104,56 @@ SAPI_API void sapi_terminate_process(void) { - } - } - -+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */ -+{ -+ zval *return_value = (zval*)arg; -+ char *str = NULL; -+ -+ ALLOCA_FLAG(use_heap) -+ -+ if (var_len > 5 && -+ var[0] == 'H' && -+ var[1] == 'T' && -+ var[2] == 'T' && -+ var[3] == 'P' && -+ var[4] == '_') { -+ -+ char *p; -+ -+ var_len -= 5; -+ p = var + 5; -+ var = str = do_alloca(var_len + 1, use_heap); -+ *str++ = *p++; -+ while (*p) { -+ if (*p == '_') { -+ *str++ = '-'; -+ p++; -+ if (*p) { -+ *str++ = *p++; -+ } -+ } else if (*p >= 'A' && *p <= 'Z') { -+ *str++ = (*p++ - 'A' + 'a'); -+ } else { -+ *str++ = *p++; -+ } -+ } -+ *str = 0; -+ } else if (var_len == sizeof("CONTENT_TYPE")-1 && -+ memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) { -+ var = "Content-Type"; -+ } else if (var_len == sizeof("CONTENT_LENGTH")-1 && -+ memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) { -+ var = "Content-Length"; -+ } else { -+ return; -+ } -+ add_assoc_stringl_ex(return_value, var, var_len, val, val_len); -+ if (str) { -+ free_alloca(var, use_heap); -+ } -+} -+/* }}} */ -+ - /* - * Local variables: - * tab-width: 4 -diff --git a/main/SAPI.h b/main/SAPI.h -index f829fd7..4b8e223 100644 ---- a/main/SAPI.h -+++ b/main/SAPI.h -@@ -151,6 +151,7 @@ SAPI_API void sapi_shutdown(void); - SAPI_API void sapi_activate(void); - SAPI_API void sapi_deactivate(void); - SAPI_API void sapi_initialize_empty_request(void); -+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg); - END_EXTERN_C() - - /* -diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c -index 2e9cefe..350846d 100644 ---- a/sapi/cgi/cgi_main.c -+++ b/sapi/cgi/cgi_main.c -@@ -1591,54 +1591,6 @@ PHP_FUNCTION(apache_child_terminate) /* - } - /* }}} */ - --static void add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */ --{ -- zval *return_value = (zval*)arg; -- char *str = NULL; -- char *p; -- ALLOCA_FLAG(use_heap) -- -- if (var_len > 5 && -- var[0] == 'H' && -- var[1] == 'T' && -- var[2] == 'T' && -- var[3] == 'P' && -- var[4] == '_') { -- -- var_len -= 5; -- p = var + 5; -- var = str = do_alloca(var_len + 1, use_heap); -- *str++ = *p++; -- while (*p) { -- if (*p == '_') { -- *str++ = '-'; -- p++; -- if (*p) { -- *str++ = *p++; -- } -- } else if (*p >= 'A' && *p <= 'Z') { -- *str++ = (*p++ - 'A' + 'a'); -- } else { -- *str++ = *p++; -- } -- } -- *str = 0; -- } else if (var_len == sizeof("CONTENT_TYPE")-1 && -- memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) { -- var = "Content-Type"; -- } else if (var_len == sizeof("CONTENT_LENGTH")-1 && -- memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) { -- var = "Content-Length"; -- } else { -- return; -- } -- add_assoc_stringl_ex(return_value, var, var_len, val, val_len); -- if (str) { -- free_alloca(var, use_heap); -- } --} --/* }}} */ -- - PHP_FUNCTION(apache_request_headers) /* {{{ */ - { - if (zend_parse_parameters_none()) { -@@ -1648,7 +1600,7 @@ PHP_FUNCTION(apache_request_headers) /* - if (fcgi_is_fastcgi()) { - fcgi_request *request = (fcgi_request*) SG(server_context); - -- fcgi_loadenv(request, add_request_header, return_value); -+ fcgi_loadenv(request, sapi_add_request_header, return_value); - } else { - char buf[128]; - char **env, *p, *q, *var, *val, *t = buf; -diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c -index 3256660..e815be4 100644 ---- a/sapi/fpm/fpm/fpm_main.c -+++ b/sapi/fpm/fpm/fpm_main.c -@@ -1533,6 +1533,10 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */ - { - fcgi_request *request = (fcgi_request*) SG(server_context); - -+ if (zend_parse_parameters_none() == FAILURE) { -+ return; -+ } -+ - if (!fcgi_is_closed(request)) { - php_output_end_all(); - php_header(); -@@ -1547,8 +1551,27 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */ - } - /* }}} */ - -+ZEND_BEGIN_ARG_INFO(cgi_fcgi_sapi_no_arginfo, 0) -+ZEND_END_ARG_INFO() -+ -+PHP_FUNCTION(apache_request_headers) /* {{{ */ -+{ -+ fcgi_request *request; -+ -+ if (zend_parse_parameters_none() == FAILURE) { -+ return; -+ } -+ -+ array_init(return_value); -+ if ((request = (fcgi_request*) SG(server_context))) { -+ fcgi_loadenv(request, sapi_add_request_header, return_value); -+ } -+} /* }}} */ -+ - static const zend_function_entry cgi_fcgi_sapi_functions[] = { -- PHP_FE(fastcgi_finish_request, NULL) -+ PHP_FE(fastcgi_finish_request, cgi_fcgi_sapi_no_arginfo) -+ PHP_FE(apache_request_headers, cgi_fcgi_sapi_no_arginfo) -+ PHP_FALIAS(getallheaders, apache_request_headers, cgi_fcgi_sapi_no_arginfo) - PHP_FE_END - }; - -diff --git a/sapi/fpm/tests/getallheaders.phpt b/sapi/fpm/tests/getallheaders.phpt -new file mode 100644 -index 0000000..b41f1c6 ---- /dev/null -+++ b/sapi/fpm/tests/getallheaders.phpt -@@ -0,0 +1,67 @@ -+--TEST-- -+FPM: Function getallheaders basic test -+--SKIPIF-- -+ -+--FILE-- -+start(); -+$tester->expectLogStartNotices(); -+$tester->request( -+ '', -+ [ -+ 'HTTP_X_FOO' => 'BAR', -+ 'HTTP_FOO' => 'foo' -+ ] -+ )->expectBody( -+ [ -+ 'Test Start', -+ 'array(4) {', -+ ' ["Foo"]=>', -+ ' string(3) "foo"', -+ ' ["X-Foo"]=>', -+ ' string(3) "BAR"', -+ ' ["Content-Length"]=>', -+ ' string(1) "0"', -+ ' ["Content-Type"]=>', -+ ' string(0) ""', -+ '}', -+ 'Test End', -+ ] -+ ); -+$tester->terminate(); -+$tester->expectLogTerminatingNotices(); -+$tester->close(); -+ -+?> -+Done -+--EXPECT-- -+Done -+--CLEAN-- -+ --- -2.1.4 - diff --git a/php-7.4.0-datetests.patch b/php-7.4.0-datetests.patch new file mode 100644 index 0000000000000000000000000000000000000000..8c437e50dd7e5ddba0322c520c0c1e177f2a78d1 --- /dev/null +++ b/php-7.4.0-datetests.patch @@ -0,0 +1,98 @@ +diff -up ./ext/date/tests/bug33414-2.phpt.datetests ./ext/date/tests/bug33414-2.phpt +--- ./ext/date/tests/bug33414-2.phpt.datetests 2020-04-09 14:06:11.000000000 +0200 ++++ ./ext/date/tests/bug33414-2.phpt 2020-04-09 14:40:00.809433489 +0200 +@@ -74,10 +74,10 @@ $strtotime_tstamp = strtotime("next Frid + print "result=".date("l Y-m-d H:i:s T I", $strtotime_tstamp)."\n"; + print "wanted=Friday 00:00:00\n\n"; + ?> +---EXPECT-- ++--EXPECTF-- + TZ=Pacific/Rarotonga - wrong day. +-tStamp=Thursday 1970-01-01 17:17:17 -1030 0 +-result=Tuesday 1970-01-06 00:00:00 -1030 0 ++tStamp=Thursday 1970-01-01 17:17:17 %s ++result=Tuesday 1970-01-06 00:00:00 %s + wanted=Tuesday 00:00:00 + + TZ=Atlantic/South_Georgia - wrong day. +@@ -91,13 +91,13 @@ result=Monday 2005-04-04 00:00:00 EDT 1 + wanted=Monday 00:00:00 + + TZ=Pacific/Enderbury - wrong day, off by 2 days. +-tStamp=Thursday 1970-01-01 17:17:17 -12 0 +-result=Monday 1970-01-05 00:00:00 -12 0 ++tStamp=Thursday 1970-01-01 17:17:17 %s ++result=Monday 1970-01-05 00:00:00 %s + wanted=Monday 00:00:00 + + TZ=Pacific/Kiritimati - wrong day, off by 2 days. +-tStamp=Thursday 1970-01-01 17:17:17 -1040 0 +-result=Monday 1970-01-05 00:00:00 -1040 0 ++tStamp=Thursday 1970-01-01 17:17:17 %s ++result=Monday 1970-01-05 00:00:00 %s + wanted=Monday 00:00:00 + + TZ=America/Managua - wrong day. +@@ -106,13 +106,13 @@ result=Tuesday 2005-04-12 00:00:00 CDT 1 + wanted=Tuesday 00:00:00 + + TZ=Pacific/Pitcairn - wrong day. +-tStamp=Thursday 1970-01-01 17:17:17 -0830 0 +-result=Wednesday 1970-01-07 00:00:00 -0830 0 ++tStamp=Thursday 1970-01-01 17:17:17 %s ++result=Wednesday 1970-01-07 00:00:00 %s + wanted=Wednesday 00:00:00 + + TZ=Pacific/Fakaofo - wrong day. +-tStamp=Thursday 1970-01-01 17:17:17 -11 0 +-result=Saturday 1970-01-03 00:00:00 -11 0 ++tStamp=Thursday 1970-01-01 17:17:17 %s ++result=Saturday 1970-01-03 00:00:00 %s + wanted=Saturday 00:00:00 + + TZ=Pacific/Johnston - wrong day. +diff -up ./ext/date/tests/bug66985.phpt.datetests ./ext/date/tests/bug66985.phpt +--- ./ext/date/tests/bug66985.phpt.datetests 2020-04-09 14:06:11.000000000 +0200 ++++ ./ext/date/tests/bug66985.phpt 2020-04-09 14:40:37.099288185 +0200 +@@ -3,7 +3,7 @@ Bug #66985 (Some timezones are no longer + --FILE-- + 3 +- [timezone] => Factory +-) +-DateTimeZone Object +-( + [timezone_type] => 3 + [timezone] => GB-Eire + ) +diff -up ./ext/date/tests/strtotime3-64bit.phpt.datetests ./ext/date/tests/strtotime3-64bit.phpt +--- ./ext/date/tests/strtotime3-64bit.phpt.datetests 2020-04-09 14:06:11.000000000 +0200 ++++ ./ext/date/tests/strtotime3-64bit.phpt 2020-04-09 14:40:00.809433489 +0200 +@@ -44,7 +44,7 @@ foreach ($strs as $str) { + } + + ?> +---EXPECT-- ++--EXPECTF-- + bool(false) + bool(false) + string(31) "Thu, 15 Jun 2006 00:00:00 +0100" +@@ -53,7 +53,7 @@ bool(false) + string(31) "Fri, 16 Jun 2006 23:49:12 +0100" + bool(false) + string(31) "Fri, 16 Jun 2006 02:22:00 +0100" +-string(31) "Sun, 16 Jun 0222 02:22:00 -0036" ++string(31) "Sun, 16 Jun 0222 02:22:00 %s" + string(31) "Fri, 16 Jun 2006 02:22:33 +0100" + bool(false) + string(31) "Tue, 02 Mar 2004 00:00:00 +0000" diff --git a/php-7.1.7-httpd.patch b/php-7.4.0-httpd.patch similarity index 80% rename from php-7.1.7-httpd.patch rename to php-7.4.0-httpd.patch index acb3d2c6e9a042dbfa289aab6d19d0746cba74a9..34f7c8ab34353f7d33afd8908e5a5d8b14455994 100644 --- a/php-7.1.7-httpd.patch +++ b/php-7.4.0-httpd.patch @@ -5,10 +5,9 @@ mod_php is build twice - as ZTS using --enable-maintainer-zts diff --git a/sapi/apache2handler/config.m4 b/sapi/apache2handler/config.m4 -index 2e64b21..ec4799f 100644 --- a/sapi/apache2handler/config.m4 +++ b/sapi/apache2handler/config.m4 -@@ -116,17 +116,6 @@ if test "$PHP_APXS2" != "no"; then +@@ -105,17 +105,6 @@ if test "$PHP_APXS2" != "no"; then ;; esac @@ -18,7 +17,7 @@ index 2e64b21..ec4799f 100644 - PHP_BUILD_THREAD_SAFE - fi - else -- APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'` +- APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'` - if test -n "$APACHE_THREADED_MPM"; then - PHP_BUILD_THREAD_SAFE - fi diff --git a/php-7.2.3-ldap_r.patch b/php-7.4.0-ldap_r.patch similarity index 69% rename from php-7.2.3-ldap_r.patch rename to php-7.4.0-ldap_r.patch index 5e947cfcd7f909025ea716d10188de6f007520bb..13566b40ef5c414febc1c602b5edad4b6fa1bad4 100644 --- a/php-7.2.3-ldap_r.patch +++ b/php-7.4.0-ldap_r.patch @@ -1,12 +1,12 @@ Use -lldap_r by default. -diff -up php-7.2.3RC1/ext/ldap/config.m4.ldap_r php-7.2.3RC1/ext/ldap/config.m4 ---- php-7.2.3RC1/ext/ldap/config.m4.ldap_r 2018-02-14 06:05:11.553142812 +0100 -+++ php-7.2.3RC1/ext/ldap/config.m4 2018-02-14 06:07:31.179816122 +0100 -@@ -119,7 +119,11 @@ if test "$PHP_LDAP" != "no"; then - - MACHINE_INCLUDES=$($CC -dumpmachine) +diff -up php-7.4.0RC2/ext/ldap/config.m4.ldap_r php-7.4.0RC2/ext/ldap/config.m4 +--- php-7.4.0RC2/ext/ldap/config.m4.ldap_r 2019-09-17 10:21:24.769200812 +0200 ++++ php-7.4.0RC2/ext/ldap/config.m4 2019-09-17 10:21:30.658181771 +0200 +@@ -68,7 +68,11 @@ if test "$PHP_LDAP" != "no"; then + dnl -pc removal is a hack for clang + MACHINE_INCLUDES=$($CC -dumpmachine | $SED 's/-pc//') - if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.a || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.$SHLIB_SUFFIX_NAME; then + if test -f $LDAP_LIBDIR/libldap_r.$SHLIB_SUFFIX_NAME; then diff --git a/php-7.2.0-libdb.patch b/php-7.4.0-libdb.patch similarity index 78% rename from php-7.2.0-libdb.patch rename to php-7.4.0-libdb.patch index ca36d1a33004c20e6dec6d847acf39dde2902f02..d7c6289f5281e3786373d4f7cf20319cba0cac15 100644 --- a/php-7.2.0-libdb.patch +++ b/php-7.4.0-libdb.patch @@ -1,7 +1,7 @@ -diff -up php-7.2.0alpha0/ext/dba/config.m4.libdb php-7.2.0alpha0/ext/dba/config.m4 ---- php-7.2.0alpha0/ext/dba/config.m4.libdb 2017-05-29 08:56:06.000000000 +0200 -+++ php-7.2.0alpha0/ext/dba/config.m4 2017-05-29 09:13:52.014823282 +0200 -@@ -346,61 +346,13 @@ if test "$PHP_DB4" != "no"; then +diff -up ./ext/dba/config.m4.libdb ./ext/dba/config.m4 +--- ./ext/dba/config.m4.libdb 2020-04-09 14:06:11.000000000 +0200 ++++ ./ext/dba/config.m4 2020-04-09 14:35:08.208605065 +0200 +@@ -375,61 +375,13 @@ if test "$PHP_DB4" != "no"; then dbdp4="/usr/local/BerkeleyDB.4." dbdp5="/usr/local/BerkeleyDB.5." for i in $PHP_DB4 ${dbdp5}1 ${dbdp5}0 ${dbdp4}8 ${dbdp4}7 ${dbdp4}6 ${dbdp4}5 ${dbdp4}4 ${dbdp4}3 ${dbdp4}2 ${dbdp4}1 ${dbdp}0 /usr/local /usr; do @@ -65,21 +65,21 @@ diff -up php-7.2.0alpha0/ext/dba/config.m4.libdb php-7.2.0alpha0/ext/dba/config. fi PHP_DBA_STD_RESULT(db4,Berkeley DB4) -diff -up php-7.2.0alpha0/ext/dba/dba.c.libdb php-7.2.0alpha0/ext/dba/dba.c ---- php-7.2.0alpha0/ext/dba/dba.c.libdb 2017-05-29 09:16:15.736628202 +0200 -+++ php-7.2.0alpha0/ext/dba/dba.c 2017-05-29 09:16:20.494654746 +0200 -@@ -53,6 +53,10 @@ - #include "php_tcadb.h" +diff -up ./ext/dba/dba.c.libdb ./ext/dba/dba.c +--- ./ext/dba/dba.c.libdb 2020-04-09 14:06:11.000000000 +0200 ++++ ./ext/dba/dba.c 2020-04-09 14:36:30.593275190 +0200 +@@ -50,6 +50,10 @@ #include "php_lmdb.h" + #include "dba_arginfo.h" +#ifdef DB4_INCLUDE_FILE +#include DB4_INCLUDE_FILE +#endif + - /* {{{ arginfo */ - ZEND_BEGIN_ARG_INFO_EX(arginfo_dba_popen, 0, 0, 2) - ZEND_ARG_INFO(0, path) -@@ -558,6 +562,10 @@ PHP_MINFO_FUNCTION(dba) + PHP_MINIT_FUNCTION(dba); + PHP_MSHUTDOWN_FUNCTION(dba); + PHP_MINFO_FUNCTION(dba); +@@ -459,6 +463,10 @@ PHP_MINFO_FUNCTION(dba) php_info_print_table_start(); php_info_print_table_row(2, "DBA support", "enabled"); diff --git a/php-5.4.0-phpize.patch b/php-7.4.0-phpize.patch similarity index 63% rename from php-5.4.0-phpize.patch rename to php-7.4.0-phpize.patch index e666e45b64ffcdab87f00e77091dbb441fc5f5fc..fb99f3e619ac6053bb58922f1d786dc756658aeb 100644 --- a/php-5.4.0-phpize.patch +++ b/php-7.4.0-phpize.patch @@ -1,6 +1,7 @@ ---- php-5.4.0RC5/scripts/phpize.in.orig 2012-01-18 17:13:54.018022983 +0100 -+++ php-5.4.0RC5/scripts/phpize.in 2012-01-18 17:14:40.614024941 +0100 -@@ -162,6 +162,15 @@ +diff -up ./scripts/phpize.in.headers ./scripts/phpize.in +--- ./scripts/phpize.in.headers 2019-07-23 10:05:11.000000000 +0200 ++++ ./scripts/phpize.in 2019-07-23 10:18:13.648098089 +0200 +@@ -165,6 +165,15 @@ phpize_autotools() $PHP_AUTOHEADER || exit 1 } @@ -15,8 +16,8 @@ + # Main script - case "$1" in -@@ -180,12 +189,15 @@ + case "$1" in +@@ -183,12 +192,15 @@ case "$1" in # Version --version|-v) diff --git a/php-5.6.3-embed.patch b/php-8.0.0-embed.patch similarity index 52% rename from php-5.6.3-embed.patch rename to php-8.0.0-embed.patch index d9c04f6f3ff8aa444b63fbc3df96a4b332787d41..27533ea4e5e11214ffea6f2d8d0390abae7abbe0 100644 --- a/php-5.6.3-embed.patch +++ b/php-8.0.0-embed.patch @@ -1,24 +1,25 @@ ---- php-5.6.3/sapi/embed/config.m4.embed -+++ php-5.6.3/sapi/embed/config.m4 +diff -up ./sapi/embed/config.m4.embed ./sapi/embed/config.m4 +--- ./sapi/embed/config.m4.embed 2020-07-07 13:51:05.879764972 +0200 ++++ ./sapi/embed/config.m4 2020-07-07 13:52:50.128412148 +0200 @@ -12,7 +12,8 @@ if test "$PHP_EMBED" != "no"; then - case "$PHP_EMBED" in yes|shared) + LIBPHP_CFLAGS="-shared" PHP_EMBED_TYPE=shared - INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(prefix)/lib; \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)\$(prefix)/lib" + EXTRA_LDFLAGS="$EXTRA_LDFLAGS -release \$(PHP_MAJOR_VERSION).\$(PHP_MINOR_VERSION)" + INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(libdir); \$(LIBTOOL) --mode=install \$(INSTALL) -m 0755 \$(OVERALL_TARGET) \$(INSTALL_ROOT)\$(libdir)" ;; static) - PHP_EMBED_TYPE=static -diff -up php-5.5.30/scripts/php-config.in.old php-5.5.30/scripts/php-config.in ---- php-5.5.30/scripts/php-config.in.old 2015-10-19 15:17:31.944747715 +0200 -+++ php-5.5.30/scripts/php-config.in 2015-10-19 15:17:58.278858083 +0200 + LIBPHP_CFLAGS="-static" +diff -up ./scripts/php-config.in.embed ./scripts/php-config.in +--- ./scripts/php-config.in.embed 2020-07-07 12:54:42.000000000 +0200 ++++ ./scripts/php-config.in 2020-07-07 13:51:05.880764968 +0200 @@ -18,7 +18,7 @@ exe_extension="@EXEEXT@" php_cli_binary=NONE php_cgi_binary=NONE configure_options="@CONFIGURE_OPTIONS@" -php_sapis="@PHP_INSTALLED_SAPIS@" -+php_sapis="apache2handler embed fpm @PHP_INSTALLED_SAPIS@" ++php_sapis="apache2handler litespeed fpm phpdbg @PHP_INSTALLED_SAPIS@" + ini_dir="@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@" + ini_path="@EXPANDED_PHP_CONFIG_FILE_PATH@" - # Set php_cli_binary and php_cgi_binary if available - for sapi in $php_sapis; do diff --git a/php-5.6.3-phpinfo.patch b/php-8.0.0-phpinfo.patch similarity index 37% rename from php-5.6.3-phpinfo.patch rename to php-8.0.0-phpinfo.patch index a11a29805b532b3906fbf0618d0da86c0452df9a..e86af790f2d2b150d1e97d771107b84a051f749e 100644 --- a/php-5.6.3-phpinfo.patch +++ b/php-8.0.0-phpinfo.patch @@ -3,9 +3,12 @@ Drop "Configure Command" from phpinfo as it doesn't provide any useful information. The available extensions are not related to this command. ---- php-5.4.9/ext/standard/info.c.orig 2012-12-11 10:43:02.450578276 +0100 -+++ php-5.4.9/ext/standard/info.c 2012-12-11 10:44:12.530820821 +0100 -@@ -743,9 +743,6 @@ +Replace full GCC name by gcc in php -v output + +diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c +--- ./ext/standard/info.c.phpinfo 2020-07-21 10:49:31.000000000 +0200 ++++ ./ext/standard/info.c 2020-07-21 11:41:56.295633523 +0200 +@@ -804,9 +804,6 @@ PHPAPI ZEND_COLD void php_print_info(int #ifdef ARCHITECTURE php_info_print_table_row(2, "Architecture", ARCHITECTURE); #endif @@ -15,9 +18,10 @@ The available extensions are not related to this command. if (sapi_module.pretty_name) { php_info_print_table_row(2, "Server API", sapi_module.pretty_name ); ---- php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt.orig 2012-12-11 11:07:26.959156091 +0100 -+++ php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt 2012-12-11 11:07:30.899170970 +0100 -@@ -20,7 +20,6 @@ +diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt +--- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2020-07-21 10:49:31.000000000 +0200 ++++ ./ext/standard/tests/general_functions/phpinfo.phpt 2020-07-21 11:41:56.296633522 +0200 +@@ -17,7 +17,6 @@ PHP Version => %s System => %s Build Date => %s%a @@ -25,3 +29,16 @@ The available extensions are not related to this command. Server API => Command Line Interface Virtual Directory Support => %s Configuration File (php.ini) Path => %s +diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c +--- ./sapi/cli/php_cli.c.phpinfo 2020-07-21 11:43:38.812475300 +0200 ++++ ./sapi/cli/php_cli.c 2020-07-21 11:43:45.783464540 +0200 +@@ -643,8 +643,7 @@ static int do_cli(int argc, char **argv) + "NTS " + #endif + #ifdef COMPILER +- COMPILER +- " " ++ "gcc " + #endif + #ifdef ARCHITECTURE + ARCHITECTURE diff --git a/php-7.2.3-systzdata-v16.patch b/php-8.0.0-systzdata-v19.patch similarity index 89% rename from php-7.2.3-systzdata-v16.patch rename to php-8.0.0-systzdata-v19.patch index e488beb9c503de63308e32743ea5a522b4b3498f..902d3cee75fef7f2eadc7f69a9edb2ba95fe4ee3 100644 --- a/php-7.2.3-systzdata-v16.patch +++ b/php-8.0.0-systzdata-v19.patch @@ -5,6 +5,9 @@ Add support for use of the system timezone database, rather than embedding a copy. Discussed upstream but was not desired. History: +r19: adapt for timelib 2020.02 (in 8.0.0beta2) +r18: adapt for autotool change in 7.3.3RC1 +r17: adapt for timelib 2018.01 (in 7.3.2RC1) r16: adapt for timelib 2017.06 (in 7.2.3RC1) r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1) r14: improve check for valid tz file @@ -27,10 +30,33 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) r2: add filesystem trawl to set up name alias index r1: initial revision -diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/lib/parse_tz.c ---- php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata 2018-02-13 20:18:34.000000000 +0100 -+++ php-7.2.3RC1/ext/date/lib/parse_tz.c 2018-02-14 06:14:23.484804852 +0100 -@@ -25,8 +25,21 @@ +diff -up php-8.0.0beta3/ext/date/config0.m4.systzdata php-8.0.0beta3/ext/date/config0.m4 +--- php-8.0.0beta3/ext/date/config0.m4.systzdata 2020-09-01 19:13:26.000000000 +0200 ++++ php-8.0.0beta3/ext/date/config0.m4 2020-09-02 08:07:51.039979873 +0200 +@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h]) + dnl Check for strtoll, atoll + AC_CHECK_FUNCS(strtoll atoll) + ++PHP_ARG_WITH(system-tzdata, for use of system timezone data, ++[ --with-system-tzdata[=DIR] to specify use of system timezone data], ++no, no) ++ ++if test "$PHP_SYSTEM_TZDATA" != "no"; then ++ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used]) ++ ++ if test "$PHP_SYSTEM_TZDATA" != "yes"; then ++ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA", ++ [Define for location of system timezone data]) ++ fi ++fi ++ + PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1" + timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c + lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c" +diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/date/lib/parse_tz.c +--- php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata 2020-09-01 19:13:26.000000000 +0200 ++++ php-8.0.0beta3/ext/date/lib/parse_tz.c 2020-09-02 08:07:51.039979873 +0200 +@@ -26,8 +26,21 @@ #include "timelib.h" #include "timelib_private.h" @@ -52,7 +78,7 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) # if defined(__LITTLE_ENDIAN__) -@@ -67,6 +80,11 @@ static int read_php_preamble(const unsig +@@ -94,6 +107,11 @@ static int read_php_preamble(const unsig { uint32_t version; @@ -64,11 +90,11 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li /* read ID */ version = (*tzf)[3] - '0'; *tzf += 4; -@@ -374,7 +392,429 @@ void timelib_dump_tzinfo(timelib_tzinfo +@@ -418,7 +436,429 @@ void timelib_dump_tzinfo(timelib_tzinfo } } --static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb) +-static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb) +#ifdef HAVE_SYSTEM_TZDATA + +#ifdef HAVE_SYSTEM_TZDATA_PREFIX @@ -491,15 +517,15 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li + +#endif + -+static int inmem_seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb) ++static int inmem_seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb) { int left = 0, right = tzdb->index_size - 1; -@@ -400,9 +840,48 @@ static int seek_to_tz_position(const uns +@@ -444,9 +884,48 @@ static int seek_to_tz_position(const uns return 0; } -+static int seek_to_tz_position(const unsigned char **tzf, char *timezone, ++static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, + char **map, size_t *maplen, + const timelib_tzdb *tzdb) +{ @@ -544,8 +570,8 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li } const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count) -@@ -414,7 +893,30 @@ const timelib_tzdb_index_entry *timelib_ - int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb) +@@ -458,7 +937,30 @@ const timelib_tzdb_index_entry *timelib_ + int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb) { const unsigned char *tzf; - return (seek_to_tz_position(&tzf, timezone, tzdb)); @@ -576,8 +602,8 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li } static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz) -@@ -456,12 +958,14 @@ static timelib_tzinfo* timelib_tzinfo_ct - timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, int *error_code) +@@ -500,12 +1002,14 @@ static timelib_tzinfo* timelib_tzinfo_ct + timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code) { const unsigned char *tzf; + char *memmap = NULL; @@ -592,11 +618,10 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li tmp = timelib_tzinfo_ctor(timezone); version = read_preamble(&tzf, tmp, &type); -@@ -484,6 +988,29 @@ timelib_tzinfo *timelib_parse_tzfile(cha - timelib_tzinfo_dtor(tmp); - return NULL; +@@ -540,11 +1044,36 @@ timelib_tzinfo *timelib_parse_tzfile(con } -+ + skip_posix_string(&tzf, tmp); + +#ifdef HAVE_SYSTEM_TZDATA + if (memmap) { + const struct location_info *li; @@ -619,10 +644,8 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li + munmap(memmap, maplen); + } else { +#endif - if (version == 2 || version == 3) { - if (!skip_64bit_preamble(&tzf, tmp)) { - /* 64 bit preamble is not in place */ -@@ -501,6 +1028,9 @@ timelib_tzinfo *timelib_parse_tzfile(cha + if (type == TIMELIB_TZINFO_PHP) { + read_location(&tzf, tmp); } else { set_default_location_and_comments(&tzf, tmp); } @@ -632,23 +655,3 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li } else { *error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE; tmp = NULL; -diff -up php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata php-7.2.3RC1/ext/date/lib/timelib.m4 ---- php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata 2018-02-13 20:18:34.000000000 +0100 -+++ php-7.2.3RC1/ext/date/lib/timelib.m4 2018-02-14 06:11:54.273089963 +0100 -@@ -81,3 +81,16 @@ io.h - - dnl Check for strtoll, atoll - AC_CHECK_FUNCS(strtoll atoll strftime gettimeofday) -+ -+PHP_ARG_WITH(system-tzdata, for use of system timezone data, -+[ --with-system-tzdata[=DIR] to specify use of system timezone data], -+no, no) -+ -+if test "$PHP_SYSTEM_TZDATA" != "no"; then -+ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used]) -+ -+ if test "$PHP_SYSTEM_TZDATA" != "yes"; then -+ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA", -+ [Define for location of system timezone data]) -+ fi -+fi diff --git a/php-7.2.10.tar.xz b/php-8.0.0.tar.xz similarity index 54% rename from php-7.2.10.tar.xz rename to php-8.0.0.tar.xz index f1cae0ba6eb3bd3fa124ad1e2025cbeeb3a628d4..38f8b184071ccf13118407a927edcbbb4fb7d7a5 100644 Binary files a/php-7.2.10.tar.xz and b/php-8.0.0.tar.xz differ diff --git a/php-CVE-2018-20783.patch b/php-CVE-2018-20783.patch deleted file mode 100644 index 7511507b9ad19331f6d194cba37b10460bc6362d..0000000000000000000000000000000000000000 --- a/php-CVE-2018-20783.patch +++ /dev/null @@ -1,146 +0,0 @@ -From e7c8e6cde021afd637ea535b0641a1851e57fb2a Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 12 Nov 2018 14:02:26 -0800 -Subject: [PATCH] Fix bug #77143 - add more checks to buffer reads - ---- - NEWS | 4 ++++ - ext/phar/phar.c | 30 +++++++++++++++++++++--------- - ext/phar/tests/bug73768.phpt | 2 +- - ext/phar/tests/bug77143.phar | Bin 0 -> 50 bytes - ext/phar/tests/bug77143.phpt | 18 ++++++++++++++++++ - 5 files changed, 44 insertions(+), 10 deletions(-) - create mode 100644 ext/phar/tests/bug77143.phar - create mode 100644 ext/phar/tests/bug77143.phpt - -diff -Nur php-7.2.10/NEWS php-7.2.10_bak/NEWS ---- php-7.2.10/NEWS 2018-09-11 15:06:00.000000000 +0800 -+++ php-7.2.10_bak/NEWS 2019-04-04 17:41:54.869000000 +0800 -@@ -136,6 +136,10 @@ - . Fixed bug #76477 (Opcache causes empty return value). - (Nikita, Laruence) - -+- Phar: -+ . Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). -+ (Stas) -+ - - PGSQL: - . Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol) - -diff -Nur php-7.2.10/ext/phar/phar.c php-7.2.10_bak/ext/phar/phar.c ---- php-7.2.10/ext/phar/phar.c 2019-04-04 17:39:04.158000000 +0800 -+++ php-7.2.10_bak/ext/phar/phar.c 2019-04-04 17:49:51.807000000 +0800 -@@ -643,6 +643,18 @@ - /* }}}*/ - - /** -+ * Size of fixed fields in the manifest. -+ * See: http://php.net/manual/en/phar.fileformat.phar.php -+ */ -+#define MANIFEST_FIXED_LEN 18 -+ -+#define SAFE_PHAR_GET_32(buffer, endbuffer, var) \ -+ if (UNEXPECTED(buffer + 4 > endbuffer)) { \ -+ MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest header)"); \ -+ } \ -+ PHAR_GET_32(buffer, var); -+ -+/** - * Does not check for a previously opened phar in the cache. - * - * Parse a new one and add it to the cache, returning either SUCCESS or -@@ -725,7 +737,7 @@ - savebuf = buffer; - endbuffer = buffer + manifest_len; - -- if (manifest_len < 10 || manifest_len != php_stream_read(fp, buffer, manifest_len)) { -+ if (manifest_len < MANIFEST_FIXED_LEN || manifest_len != php_stream_read(fp, buffer, manifest_len)) { - MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest header)") - } - -@@ -750,7 +762,7 @@ - return FAILURE; - } - -- PHAR_GET_32(buffer, manifest_flags); -+ SAFE_PHAR_GET_32(buffer, endbuffer, manifest_flags); - - manifest_flags &= ~PHAR_HDR_COMPRESSION_MASK; - manifest_flags &= ~PHAR_FILE_COMPRESSION_MASK; -@@ -970,13 +982,13 @@ - } - - /* extract alias */ -- PHAR_GET_32(buffer, tmp_len); -+ SAFE_PHAR_GET_32(buffer, endbuffer, tmp_len); - - if (buffer + tmp_len > endbuffer) { - MAPPHAR_FAIL("internal corruption of phar \"%s\" (buffer overrun)"); - } - -- if (manifest_len < 10 + tmp_len) { -+ if (manifest_len < MANIFEST_FIXED_LEN + tmp_len) { - MAPPHAR_FAIL("internal corruption of phar \"%s\" (truncated manifest header)") - } - -@@ -1014,7 +1026,7 @@ - } - - /* we have 5 32-bit items plus 1 byte at least */ -- if (manifest_count > ((manifest_len - 10 - tmp_len) / (5 * 4 + 1))) { -+ if (manifest_count > ((manifest_len - MANIFEST_FIXED_LEN - tmp_len) / (5 * 4 + 1))) { - /* prevent serious memory issues */ - MAPPHAR_FAIL("internal corruption of phar \"%s\" (too many manifest entries for size of manifest)") - } -@@ -1023,12 +1035,12 @@ - mydata->is_persistent = PHAR_G(persist); - - /* check whether we have meta data, zero check works regardless of byte order */ -- PHAR_GET_32(buffer, len); -+ SAFE_PHAR_GET_32(buffer, endbuffer, len); - if (mydata->is_persistent) { - mydata->metadata_len = len; -- if(!len) { -+ if (!len) { - /* FIXME: not sure why this is needed but removing it breaks tests */ -- PHAR_GET_32(buffer, len); -+ SAFE_PHAR_GET_32(buffer, endbuffer, len); - } - } - if(len > (size_t)(endbuffer - buffer)) { -diff -Nur php-7.2.10/ext/phar/tests/bug73768.phpt php-7.2.10_bak/ext/phar/tests/bug73768.phpt ---- php-7.2.10/ext/phar/tests/bug73768.phpt 2018-09-11 15:06:03.000000000 +0800 -+++ php-7.2.10_bak/ext/phar/tests/bug73768.phpt 2019-04-04 17:50:51.796000000 +0800 -@@ -13,4 +13,4 @@ - } - ?> - --EXPECTF-- --cannot load phar "%sbug73768.phar" with implicit alias "" under different alias "alias.phar" -+internal corruption of phar "%sbug73768.phar" (truncated manifest header) -diff --git a/ext/phar/tests/bug77143.phpt b/ext/phar/tests/bug77143.phpt -new file mode 100644 -index 0000000..f9f80fc ---- /dev/null -+++ b/ext/phar/tests/bug77143.phpt -@@ -0,0 +1,18 @@ -+--TEST-- -+PHP bug #77143: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile -+--INI-- -+phar.readonly=0 -+--SKIPIF-- -+ -+--FILE-- -+getMessage(); -+} -+?> -+--EXPECTF-- -+internal corruption of phar "%sbug77143.phar" (truncated manifest header) --- -2.1.4 - diff --git a/php-CVE-2019-9641.patch b/php-CVE-2019-9641.patch deleted file mode 100644 index e49b455e44ebc11de19a5e56afb17a4b5695851a..0000000000000000000000000000000000000000 --- a/php-CVE-2019-9641.patch +++ /dev/null @@ -1,47 +0,0 @@ -commit 25aa5f434dfb3337a6617b46224f1b505053d8e9 -Author: Stanislav Malyshev -Date: Fri Mar 1 23:25:45 2019 -0800 - - Fix integer overflows on 32-bits - -diff --git a/ext/exif/exif.c b/ext/exif/exif.c -index cbde3effed..b4563927a5 100644 ---- a/ext/exif/exif.c -+++ b/ext/exif/exif.c -@@ -3567,10 +3567,10 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse - tag_table_type tag_table = exif_get_tag_table(section_index); - - if (ImageInfo->ifd_nesting_level > MAX_IFD_NESTING_LEVEL) { -- return FALSE; -- } -+ return FALSE; -+ } - -- if (ImageInfo->FileSize >= dir_offset+2) { -+ if (ImageInfo->FileSize >= 2 && ImageInfo->FileSize - 2 >= dir_offset) { - sn = exif_file_sections_add(ImageInfo, M_PSEUDO, 2, NULL); - #ifdef EXIF_DEBUG - exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read from TIFF: filesize(x%04X), IFD dir(x%04X + x%04X)", ImageInfo->FileSize, dir_offset, 2); -@@ -3578,8 +3578,8 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse - php_stream_seek(ImageInfo->infile, dir_offset, SEEK_SET); /* we do not know the order of sections */ - php_stream_read(ImageInfo->infile, (char*)ImageInfo->file.list[sn].data, 2); - num_entries = php_ifd_get16u(ImageInfo->file.list[sn].data, ImageInfo->motorola_intel); -- dir_size = 2/*num dir entries*/ +12/*length of entry*/*num_entries +4/* offset to next ifd (points to thumbnail or NULL)*/; -- if (ImageInfo->FileSize >= dir_offset+dir_size) { -+ dir_size = 2/*num dir entries*/ +12/*length of entry*/*(size_t)num_entries +4/* offset to next ifd (points to thumbnail or NULL)*/; -+ if (ImageInfo->FileSize >= dir_size && ImageInfo->FileSize - dir_size >= dir_offset) { - #ifdef EXIF_DEBUG - exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "Read from TIFF: filesize(x%04X), IFD dir(x%04X + x%04X), IFD entries(%d)", ImageInfo->FileSize, dir_offset+2, dir_size-2, num_entries); - #endif -@@ -3662,9 +3662,9 @@ static int exif_process_IFD_in_TIFF(image_info_type *ImageInfo, size_t dir_offse - } - } - } -- if (ImageInfo->FileSize >= dir_offset + ImageInfo->file.list[sn].size) { -+ if (ImageInfo->FileSize >= ImageInfo->file.list[sn].size && ImageInfo->FileSize - ImageInfo->file.list[sn].size >= dir_offset) { - if (ifd_size > dir_size) { -- if (dir_offset + ifd_size > ImageInfo->FileSize) { -+ if (ImageInfo->FileSize < ifd_size || dir_offset > ImageInfo->FileSize - ifd_size) { - exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Error in TIFF: filesize(x%04X) less than size of IFD(x%04X + x%04X)", ImageInfo->FileSize, dir_offset, ifd_size); - return FALSE; - } diff --git a/php.spec b/php.spec index 88430a5f281796d600434768658cc638473e273d..8e730d79aa9dba424fca9c90ec9b0209b6e3c251 100644 --- a/php.spec +++ b/php.spec @@ -1,9 +1,8 @@ -%global apiver 20170718 -%global zendver 20170718 +%global apiver 20200930 +%global zendver 20200930 %global pdover 20170320 -%global jsonver 1.6.0 %global _hardened_build 1 -%global embed_version 7.2 +%global embed_version 8.0 %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) %global mysql_config %{_libdir}/mysql/mysql_config @@ -24,13 +23,13 @@ %global with_sodium 0 %global with_pspell 0 %global with_lmdb 0 -%global upver 7.2.10 +%global upver 8.0.0 Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 11 +Release: 1 Summary: PHP scripting language for creating dynamic web sites -License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA +License: PHP and Zend-2.0 and BSD and MIT and ASL 1.0 and NCSA URL: http://www.php.net/ Source0: http://www.php.net/distributions/php-%{upver}%{?rcver}.tar.xz Source1: php.conf @@ -47,59 +46,18 @@ Source13: nginx-fpm.conf Source14: nginx-php.conf Source50: 10-opcache.ini Source51: opcache-default.blacklist - -Patch0001: php-7.1.7-httpd.patch -Patch0002: php-7.2.0-includedir.patch -Patch0003: php-5.6.3-embed.patch -Patch0004: php-5.3.0-recode.patch -Patch0005: php-7.2.0-libdb.patch -Patch0006: php-7.2.4-dlopen.patch -Patch0007: php-7.2.3-systzdata-v16.patch -Patch0008: php-5.4.0-phpize.patch -Patch0009: php-7.2.3-ldap_r.patch -Patch0010: php-7.2.4-fixheader.patch -Patch0011: php-5.6.3-phpinfo.patch -Patch0012: php-7.2.8-getallheaders.patch -#https://github.com/php/php-src/commit/cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch -Patch0013: cd0a37994e3cbf1f0aa1174155d3d662cefe2e7a.patch -#https://github.com/php/php-src/commit/be50a72715c141befe6f34ece660745da894aaf3.patch -Patch0014: be50a72715c141befe6f34ece660745da894aaf3.patch -#https://github.com/php/php-src/commit/c1729272b17a1fe893d1a54e423d3b71470f3ee8.patch -Patch0015: c1729272b17a1fe893d1a54e423d3b71470f3ee8.patch -Patch0016: php-5.6.3-datetests.patch - -Patch6000: CVE-2019-9021.patch -Patch6001: CVE-2019-9022.patch -Patch6002: CVE-2019-9023.patch -Patch6003: CVE-2019-9024.patch -Patch6004: CVE-2019-9637.patch -Patch6005: CVE-2019-9638-CVE-2019-9639.patch -Patch6006: CVE-2019-9640.patch -Patch6007: php-CVE-2018-20783.patch -Patch6008: php-CVE-2019-9641.patch -Patch6009: CVE-2019-11034.patch -Patch6010: CVE-2019-11035.patch -Patch6011: CVE-2019-11036.patch -Patch6012: CVE-2019-11041.patch -Patch6013: CVE-2019-11042.patch -Patch6014: CVE-2019-11043.patch -Patch6015: CVE-2018-19935.patch -Patch6016: CVE-2019-11045.patch -Patch6017: CVE-2019-11046.patch -Patch6018: CVE-2019-11050.patch -Patch6019: CVE-2019-11047.patch -#git.php.net/?p=php-src.git;a=patch;h=336d2086a9189006909ae06c7e95902d7d5ff77e -Patch6020: CVE-2018-19518.patch -#git.php.net/?p=php-src.git;a=patch;h=a15af81b5f0058e020eda0f109f51a3c863f5212 -Patch6021: CVE-2019-6977.patch -Patch6022: CVE-2020-7064.patch -Patch6023: CVE-2020-7066.patch -Patch6024: CVE-2019-11048.patch -Patch6025: CVE-2020-7068.patch -Patch6026: CVE-2020-7063.patch -Patch6027: backport-CVE-2020-7059-Fix-79099-OOB-read.patch -Patch6028: backport-CVE-2020-7062-Fix-bug-79221.patch -Patch6029: backport-CVE-2020-7071-Fix-bug-77423.patch +Source52: 20-ffi.ini + +Patch0: php-7.4.0-httpd.patch +Patch1: php-7.2.0-includedir.patch +Patch2: php-8.0.0-embed.patch +Patch3: php-7.4.0-libdb.patch +Patch4: php-8.0.0-systzdata-v19.patch +Patch5: php-7.4.0-phpize.patch +Patch6: php-7.4.0-ldap_r.patch +Patch7: php-8.0.0-phpinfo.patch +Patch8: php-7.4.0-datetests.patch +Patch9: backport-CVE-2020-7071-Fix-bug-77423.patch BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel @@ -119,9 +77,8 @@ Provides: php-zts = %{version}-%{release}, php-zts%{?_isa} = %{version}-%{releas Requires: httpd-mmn = %{_httpd_mmn}, php-common%{?_isa} = %{version}-%{release}, php-cli%{?_isa} = %{version}-%{release} Provides: mod_php = %{version}-%{release}, php(httpd) -#Recommends: php-fpm%{?_isa} = %{version}-%{release} +Recommends: php-fpm%{?_isa} = %{version}-%{release} Requires(pre): httpd-filesystem -Recommends: %{name}-help = %{version}-%{release} %description PHP is an HTML-embedded scripting language. PHP attempts to make it @@ -181,6 +138,7 @@ Provides: php-iconv, php-iconv%{?_isa}, php-libxml, php-libxml%{?_isa}, php-ope Provides: php-phar, php-phar%{?_isa}, php-pcre, php-pcre%{?_isa}, php-reflection, php-reflection%{?_isa} Provides: php-session, php-session%{?_isa}, php-sockets, php-sockets%{?_isa}, php-spl, php-spl%{?_isa} Provides: php-standard = %{version}, php-standard%{?_isa} = %{version}, php-tokenizer, php-tokenizer%{?_isa} +Obsoletes: php-json < %{version}-%{release}, php-recode < %{version}-%{release}, php-xmlrpc < %{version}-%{release} %if %{with_zip} Provides: php-zip, php-zip%{?_isa} Obsoletes: php-pecl-zip < 1.11 @@ -193,7 +151,7 @@ package and the php-cli package. %package devel Summary: Files needed for building PHP extensions Requires: php-cli%{?_isa} = %{version}-%{release}, autoconf, automake, gcc, gcc-c++, libtool, pcre-devel%{?_isa} -Obsoletes: php-pecl-json-devel < %{jsonver}, php-pecl-jsonc-devel < %{jsonver} +Obsoletes: php-pecl-json-devel < %{version}-%{release}, php-pecl-jsonc-devel < %{version}-%{release} %if %{with_zts} Provides: php-zts-devel = %{version}-%{release}, php-zts-devel%{?_isa} = %{version}-%{release} %endif @@ -360,8 +318,9 @@ Summary: A module for PHP applications which use XML License: PHP Requires: php-common%{?_isa} = %{version}-%{release} Provides: php-dom, php-dom%{?_isa}, php-domxml, php-domxml%{?_isa}, php-simplexml, php-simplexml%{?_isa} -Provides: php-wddx, php-wddx%{?_isa}, php-xmlreader, php-xmlreader%{?_isa}, php-xmlwriter, php-xmlwriter%{?_isa} +Provides: php-xmlreader, php-xmlreader%{?_isa}, php-xmlwriter, php-xmlwriter%{?_isa} Provides: php-xsl, php-xsl%{?_isa} +Obsoletes: php-wddx < %{version}-%{release} BuildRequires: libxslt-devel >= 1.0.18-1, libxml2-devel >= 2.4.14-1 %description xml @@ -369,15 +328,6 @@ The php-xml package contains dynamic shared objects which add support to PHP for manipulating XML documents using the DOM tree, and performing XSL transformations on XML documents. -%package xmlrpc -Summary: A module for PHP applications which use the XML-RPC protocol -License: PHP and BSD -Requires: php-xml%{?_isa} = %{version}-%{release} - -%description xmlrpc -The php-xmlrpc package contains a dynamic shared object that will add -support for the XML-RPC protocol to PHP. - %package mbstring Summary: A module for PHP applications which need multi-byte string handling License: PHP and LGPLv2 and OpenLDAP @@ -485,16 +435,6 @@ The php-pspell package contains a dynamic shared object that will add support for using the pspell library to PHP. %endif -%package recode -Summary: A module for PHP applications for using the recode library -License: PHP -Requires: php-common%{?_isa} = %{version}-%{release} -BuildRequires: recode-devel - -%description recode -The php-recode package contains a dynamic shared object that will add -support for using the recode library to PHP. - %package intl Summary: Internationalization extension for PHP applications License: PHP @@ -509,25 +449,12 @@ support for using the ICU library to PHP. Summary: Enchant spelling extension for PHP applications License: PHP Requires: php-common%{?_isa} = %{version}-%{release} -BuildRequires: enchant-devel >= 1.2.4 +BuildRequires: enchant2-devel %description enchant The php-enchant package contains a dynamic shared object that will add support for using the enchant library to PHP. -%package json -Summary: JavaScript Object Notation extension for PHP -License: PHP -Requires: php-common%{?_isa} = %{version}-%{release} -Obsoletes: php-pecl-json < %{jsonver} -Obsoletes: php-pecl-jsonc < %{jsonver} -Provides: php-pecl(json) = %{jsonver}, php-pecl(json)%{?_isa} = %{jsonver}, php-pecl-json = %{jsonver} -Provides: php-pecl-json%{?_isa} = %{jsonver} - -%description json -The php-json package provides an extension that will add -support for JavaScript Object Notation (JSON) to PHP. - %if %{with_sodium} %package sodium Summary: Wrapper for the Sodium cryptographic library @@ -543,6 +470,21 @@ The php-sodium package provides a simple, low-level PHP extension for the libsodium cryptographic library. %endif +%package ffi +Summary: Foreign Function Interface +# All files licensed under PHP version 3.0.1 +License: PHP +Group: System Environment/Libraries +BuildRequires: pkgconfig(libffi) +Requires: php-common%{?_isa} = %{version}-%{release} + +%description ffi +FFI is one of the features that made Python and LuaJIT very useful for fast +prototyping. It allows calling C functions and using C data types from pure +scripting language and therefore develop “system code” more productively. +For PHP, FFI opens a way to write PHP extensions and bindings to C libraries +in pure PHP. + %package help Summary: help @@ -560,10 +502,8 @@ cp ext/gd/libgd/COPYING libgd_COPYING %endif cp sapi/fpm/LICENSE fpm_LICENSE cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE -cp ext/mbstring/ucgendat/OPENLDAP_LICENSE ucgendat_LICENSE cp ext/fileinfo/libmagic/LICENSE libmagic_LICENSE -cp ext/phar/LICENSE phar_LICENSE -cp ext/bcmath/libbcmath/COPYING.LIB libbcmath_COPYING +cp ext/bcmath/libbcmath/LICENSE libbcmath_LICENSE cp ext/date/lib/LICENSE.rst timelib_LICENSE mkdir build-cgi build-apache build-embedded \ @@ -578,6 +518,7 @@ rm ext/date/tests/timezone_version_get_basic1.phpt rm ext/sockets/tests/mcast_ipv?_recv.phpt rm Zend/tests/bug54268.phpt rm Zend/tests/bug68412.phpt +rm ext/zlib/tests/004-mb.phpt pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h) if test "x${pver}" != "x%{upver}%{?rcver}"; then @@ -607,20 +548,13 @@ if test "x${vpdo}" != "x%{pdover}"; then exit 1 fi -ver=$(sed -n '/#define PHP_JSON_VERSION /{s/.* "//;s/".*$//;p}' ext/json/php_json.h) -if test "$ver" != "%{jsonver}"; then - : Error: Upstream JSON version is now ${ver}, expecting %{jsonver}. - : Update the %{jsonver} macro and rebuild. - exit 1 -fi - rm -f TSRM/tsrm_win32.h TSRM/tsrm_config.w32.h Zend/zend_config.w32.h ext/mysqlnd/config-win.h \ ext/standard/winver.h main/win32_internal_function_disabled.h main/win95nt.h find . -name \*.[ch] -exec chmod 644 {} \; chmod 644 README.* -cp %{SOURCE50} 10-opcache.ini +cp %{SOURCE50} %{SOURCE51} %{SOURCE52} . %ifarch x86_64 sed -e '/opcache.huge_code_pages/s/0/1/' -i 10-opcache.ini @@ -649,12 +583,12 @@ mkdir Zend && cp ../Zend/zend_{language,ini}_{parser,scanner}.[ch] Zend ln -sf ../configure %configure \ + --enable-rtld-now \ --cache-file=../config.cache --with-libdir=%{_lib} --with-config-file-path=%{_sysconfdir} \ --with-config-file-scan-dir=%{_sysconfdir}/php.d --disable-debug --with-pic --disable-rpath \ - --without-pear --with-exec-dir=%{_bindir} --with-freetype-dir=%{_prefix} --with-png-dir=%{_prefix} \ - --with-xpm-dir=%{_prefix} --without-gdbm --with-jpeg-dir=%{_prefix} --with-openssl --with-system-ciphers \ - --with-pcre-regex=%{_prefix} --with-zlib --with-layout=GNU --with-kerberos --with-libxml-dir=%{_prefix} \ - --with-system-tzdata --with-mhash \ + --without-pear --with-exec-dir=%{_bindir} --without-gdbm --with-openssl \ + --with-system-ciphers --with-pcre-regex=%{_prefix} --with-zlib --with-layout=GNU --with-kerberos \ + --with-libxml-dir=%{_prefix} --with-system-tzdata --with-mhash \ %if %{with_argon2} --with-password-argon2 \ %endif @@ -673,28 +607,29 @@ make %{?_smp_mflags} pushd build-cgi -build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-opcache-file --enable-phpdbg \ +build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-phpdbg \ %if %{with_imap} --with-imap=shared --with-imap-ssl \ %endif - --enable-mbstring=shared --with-onig=%{_prefix} --enable-mbregex \ + --enable-mbstring=shared --enable-mbregex \ %if %{with_libgd} - --with-gd=shared,%{_prefix} \ + --enable-gd=shared,%{_prefix} \ %else - --with-gd=shared \ + --enable-gd=shared \ %endif + --with-external-gd \ --with-gmp=shared --enable-calendar=shared --enable-bcmath=shared --with-bz2=shared --enable-ctype=shared \ --enable-dba=shared --with-db4=%{_prefix} --with-tcadb=%{_prefix} \ %if %{with_lmdb} --with-lmdb=%{_prefix} \ %endif --enable-exif=shared --enable-ftp=shared --with-gettext=shared --with-iconv=shared --enable-sockets=shared \ - --enable-tokenizer=shared --with-xmlrpc=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \ + --enable-tokenizer=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \ --with-mysqli=shared,mysqlnd --with-mysql-sock=%{mysql_sock} \ %if %{with_firebird} - --with-interbase=shared --with-pdo-firebird=shared \ + --with-pdo-firebird=shared \ %endif - --enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared --enable-wddx=shared \ + --enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared \ --with-snmp=shared,%{_prefix} --enable-soap=shared --with-xsl=shared,%{_prefix} --enable-xmlreader=shared \ --enable-xmlwriter=shared --with-curl=shared,%{_prefix} --enable-pdo=shared \ --with-pdo-odbc=shared,unixODBC,%{_prefix} --with-pdo-mysql=shared,mysqlnd --with-pdo-pgsql=shared,%{_prefix} \ @@ -702,7 +637,7 @@ build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-opcache-f %if %{with_freetds} --with-pdo-dblib=shared,%{_prefix} \ %endif - --with-sqlite3=shared,%{_prefix} --enable-json=shared \ + --with-sqlite3=shared \ %if %{with_zip} --enable-zip=shared \ %if %{with_libzip} @@ -716,17 +651,19 @@ build --libdir=%{_libdir}/php --enable-pcntl --enable-opcache --enable-opcache-f --enable-phar=shared --with-tidy=shared,%{_prefix} --enable-sysvmsg=shared --enable-sysvshm=shared \ --enable-sysvsem=shared --enable-shmop=shared --enable-posix=shared --with-unixODBC=shared,%{_prefix} \ --enable-fileinfo=shared \ + --with-ffi=shared \ %if %{with_sodium} --with-sodium=shared \ %else --without-sodium \ %endif - --enable-intl=shared --with-icu-dir=%{_prefix} --with-enchant=shared,%{_prefix} --with-recode=shared,%{_prefix} + --enable-intl=shared --with-enchant=shared,%{_prefix} popd -without_shared="--without-gd --disable-dom --disable-dba --without-unixODBC --disable-opcache --disable-json \ +without_shared="--without-gd --disable-dom --disable-dba --without-unixODBC --disable-opcache \ + --disable-opcache --disable-phpdbg --without-ffi \ --disable-xmlreader --disable-xmlwriter --without-sodium --without-sqlite3 --disable-phar --disable-fileinfo \ - --without-pspell --disable-wddx --without-curl --disable-posix --disable-xml --disable-simplexml --disable-exif \ + --without-pspell --without-curl --disable-posix --disable-xml --disable-simplexml --disable-exif \ --without-gettext --without-iconv --disable-ftp --without-bz2 --disable-ctype --disable-shmop --disable-sockets \ --disable-tokenizer --disable-sysvmsg --disable-sysvshm --disable-sysvsem" @@ -755,24 +692,25 @@ build --includedir=%{_includedir}/php-zts --libdir=%{_libdir}/php-zts --enable-m %if %{with_imap} --with-imap=shared --with-imap-ssl \ %endif - --enable-mbstring=shared --with-onig=%{_prefix} --enable-mbregex \ + --enable-mbstring=shared --enable-mbregex \ %if %{with_libgd} - --with-gd=shared,%{_prefix} \ + --enable-gd=shared,%{_prefix} \ %else - --with-gd=shared \ + --enable-gd=shared \ %endif + --with-external-gc \ --with-gmp=shared --enable-calendar=shared --enable-bcmath=shared --with-bz2=shared --enable-ctype=shared \ --enable-dba=shared --with-db4=%{_prefix} --with-tcadb=%{_prefix} \ %if %{with_lmdb} --with-lmdb=%{_prefix} \ %endif --with-gettext=shared --with-iconv=shared --enable-sockets=shared --enable-tokenizer=shared --enable-exif=shared \ - --enable-ftp=shared --with-xmlrpc=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \ + --enable-ftp=shared --with-ldap=shared --with-ldap-sasl --enable-mysqlnd=shared \ --with-mysqli=shared,mysqlnd --with-mysql-sock=%{mysql_sock} --enable-mysqlnd-threading \ %if %{with_firebird} - --with-interbase=shared --with-pdo-firebird=shared \ + --with-pdo-firebird=shared \ %endif - --enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared --enable-wddx=shared \ + --enable-dom=shared --with-pgsql=shared --enable-simplexml=shared --enable-xml=shared \ --with-snmp=shared,%{_prefix} --enable-soap=shared --with-xsl=shared,%{_prefix} --enable-xmlreader=shared \ --enable-xmlwriter=shared --with-curl=shared,%{_prefix} --enable-pdo=shared \ --with-pdo-odbc=shared,unixODBC,%{_prefix} --with-pdo-mysql=shared,mysqlnd --with-pdo-pgsql=shared,%{_prefix} \ @@ -780,7 +718,7 @@ build --includedir=%{_includedir}/php-zts --libdir=%{_libdir}/php-zts --enable-m %if %{with_freetds} --with-pdo-dblib=shared,%{_prefix} \ %endif - --with-sqlite3=shared,%{_prefix} --enable-json=shared \ + --with-sqlite3=shared \ %if %{with_zip} --enable-zip=shared \ %if %{with_libzip} @@ -794,12 +732,13 @@ build --includedir=%{_includedir}/php-zts --libdir=%{_libdir}/php-zts --enable-m --enable-phar=shared --with-tidy=shared,%{_prefix} --enable-sysvmsg=shared --enable-sysvshm=shared \ --enable-sysvsem=shared --enable-shmop=shared --enable-posix=shared --with-unixODBC=shared,%{_prefix} \ --enable-fileinfo=shared \ + --with-ffi=shared \ %if %{with_sodium} --with-sodium=shared \ %else --without-sodium \ %endif - --enable-intl=shared --with-icu-dir=%{_prefix} --with-enchant=shared,%{_prefix} --with-recode=shared,%{_prefix} + --enable-intl=shared --with-enchant=shared,%{_prefix} popd pushd build-zts @@ -848,16 +787,16 @@ make -C build-fpm install-fpm \ make -C build-cgi install \ INSTALL_ROOT=$RPM_BUILD_ROOT +install -m 755 build-embedded/scripts/php-config $RPM_BUILD_ROOT%{_bindir}/php-config + install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/ install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/php.ini -install -m 755 -d $RPM_BUILD_ROOT%{_httpd_contentdir}/icons -install -m 644 php.gif $RPM_BUILD_ROOT%{_httpd_contentdir}/icons/php.gif -install -m 755 -d $RPM_BUILD_ROOT%{_datadir}/php +install -m 755 -d $RPM_BUILD_ROOT%{_datadir}/php/preload install -m 755 -d $RPM_BUILD_ROOT%{_httpd_moddir} -install -m 755 build-apache/libs/libphp7.so $RPM_BUILD_ROOT%{_httpd_moddir} +install -m 755 build-apache/libs/libphp.so $RPM_BUILD_ROOT%{_httpd_moddir} %if %{with_zts} -install -m 755 build-zts/libs/libphp7.so $RPM_BUILD_ROOT%{_httpd_moddir}/libphp7-zts.so +install -m 755 build-zts/libs/libphp.so $RPM_BUILD_ROOT%{_httpd_moddir}/libphp-zts.so %endif install -D -m 644 %{SOURCE9} $RPM_BUILD_ROOT%{_httpd_modconfdir}/15-php.conf @@ -893,11 +832,10 @@ install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/php-fpm install -D -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{_sysconfdir}/nginx/conf.d/php-fpm.conf install -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/nginx/default.d/php.conf -for mod in pgsql odbc ldap snmp xmlrpc \ +for mod in pgsql odbc ldap snmp \ %if %{with_imap} imap \ %endif - json \ mysqlnd mysqli pdo_mysql \ mbstring gd dom xsl soap bcmath dba xmlreader xmlwriter \ simplexml bz2 calendar ctype exif ftp gettext gmp iconv \ @@ -911,23 +849,23 @@ for mod in pgsql odbc ldap snmp xmlrpc \ %endif sqlite3 \ enchant phar fileinfo intl \ - tidy \ + tidy ffi \ %if %{with_freetds} pdo_dblib \ %endif %if %{with_pspell} pspell \ %endif - curl wddx \ + curl \ %if %{with_sodium} sodium \ %endif - posix shmop sysvshm sysvsem sysvmsg recode xml \ + posix shmop sysvshm sysvsem sysvmsg xml \ ; do case $mod in opcache) ini=10-${mod}.ini;; - pdo_*|mysqli|wddx|xmlreader|xmlrpc) + pdo_*|mysqli|xmlreader) ini=30-${mod}.ini;; *) ini=20-${mod}.ini;; @@ -959,7 +897,7 @@ EOF EOF done -cat files.dom files.xsl files.xml{reader,writer} files.wddx \ +cat files.dom files.xsl files.xml{reader,writer} \ files.simplexml >> files.xml cat files.mysqli \ @@ -1005,7 +943,8 @@ rm -rf $RPM_BUILD_ROOT%{_libdir}/php/modules/*.a \ $RPM_BUILD_ROOT%{_libdir}/php-zts/modules/*.a \ $RPM_BUILD_ROOT%{_bindir}/{phptar} \ $RPM_BUILD_ROOT%{_datadir}/pear \ - $RPM_BUILD_ROOT%{_libdir}/libphp7.la + $RPM_BUILD_ROOT%{_libdir}/libphp.a \ + $RPM_BUILD_ROOT%{_libdir}/libphp.la rm -f README.{Zeus,QNX,CVS-RULES} @@ -1019,21 +958,19 @@ rm -f README.{Zeus,QNX,CVS-RULES} systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %files -%{_httpd_moddir}/libphp7.so +%{_httpd_moddir}/libphp.so %if %{with_zts} -%{_httpd_moddir}/libphp7-zts.so +%{_httpd_moddir}/libphp-zts.so %endif %attr(0770,root,apache) %dir %{_sharedstatedir}/php/session %attr(0770,root,apache) %dir %{_sharedstatedir}/php/wsdlcache %attr(0770,root,apache) %dir %{_sharedstatedir}/php/opcache %config(noreplace) %{_httpd_confdir}/php.conf %config(noreplace) %{_httpd_modconfdir}/15-php.conf -%{_httpd_contentdir}/icons/php.gif %files common -f files.common %license LICENSE TSRM_LICENSE %license libmagic_LICENSE -%license phar_LICENSE %license timelib_LICENSE %config(noreplace) %{_sysconfdir}/php.ini %dir %{_sysconfdir}/php.d @@ -1102,8 +1039,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %{_rpmconfigdir}/macros.d/macros.php %files embedded -%{_libdir}/libphp7.so -%{_libdir}/libphp7-%{embed_version}.so +%{_libdir}/libphp.so +%{_libdir}/libphp-%{embed_version}.so %files pgsql -f files.pgsql %files odbc -f files.odbc @@ -1113,10 +1050,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %files ldap -f files.ldap %files snmp -f files.snmp %files xml -f files.xml -%files xmlrpc -f files.xmlrpc %files mbstring -f files.mbstring %license libmbfl_LICENSE -%license ucgendat_LICENSE %files gd -f files.gd %if ! %{with_libgd} %license libgd_README @@ -1124,7 +1059,7 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %endif %files soap -f files.soap %files bcmath -f files.bcmath -%license libbcmath_COPYING +%license libbcmath_LICENSE %files gmp -f files.gmp %files dba -f files.dba %files pdo -f files.pdo @@ -1137,9 +1072,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %endif %files intl -f files.intl %files process -f files.process -%files recode -f files.recode %if %{with_firebird} -%files interbase -f files.interbase +%files pdo-firebird -f files.pdo_firebird %endif %files enchant -f files.enchant %files mysqlnd -f files.mysqlnd @@ -1148,19 +1082,23 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %if %{with_zts} %config(noreplace) %{_sysconfdir}/php-zts.d/opcache-default.blacklist %endif -%files json -f files.json %if %{with_sodium} %files sodium -f files.sodium %endif +%files ffi -f files.ffi +%dir %{_datadir}/php/preload %files help %defattr(-,root,root) -%doc CODING_STANDARDS CREDITS EXTENSIONS NEWS README* sapi/cgi/README* sapi/cli/README sapi/phpdbg/{README.md,CREDITS} -%doc php-fpm.conf.default www.conf.default php.ini-* +%doc EXTENSIONS NEWS README* UPGRADING* *md docs +%doc php-fpm.conf.default www.conf.default php.ini-* %{_mandir}/* - %changelog +* Thu Feb 4 2021 panxiaohe - 8.0.0-1 +- Update to 8.0.0 +- Fix CVE-2020-7060 CVE-2020-7069 CVE-2020-7070 + * Wed Jan 20 2021 Hugel - 7.2.10-11 - Fix CVE-2020-7062 CVE-2020-7071 @@ -1170,7 +1108,7 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : * Thu Dec 17 2020 wangchen - 7.2.10-9 - Fix CVE-2020-7063 -* Mon Nov 07 2020 liuweibo - 7.2.10-8 +* Sat Nov 07 2020 liuweibo - 7.2.10-8 - Append help recommends to main package * Mon Sep 21 2020 shaoqiang kang - 7.2.10-7 @@ -1199,6 +1137,12 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : * Thu Mar 12 2020 openEuler Buildteam - 7.2.10-2 - Add CVE patches +- Fix CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 + CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 + CVE-2018-20783 CVE-2019-9641 CVE-2019-11034 CVE-2019-11035 + CVE-2019-11036 CVE-2019-11041 CVE-2019-11042 CVE-2019-11043 + CVE-2018-19935 CVE-2019-11045 CVE-2019-11046 CVE-2019-11050 + CVE-2019-11047 * Fri Feb 14 2020 openEuler Buildteam - 7.2.10-1 - Package init