diff --git a/CVE-2020-7064.patch b/CVE-2020-7064.patch new file mode 100644 index 0000000000000000000000000000000000000000..3cce2dcb164482871902fc562447b5b2769cdd4d --- /dev/null +++ b/CVE-2020-7064.patch @@ -0,0 +1,60 @@ +From 0c77b4307df73217283a4aaf9313e1a33a0967ff Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 15 Mar 2020 17:26:00 -0700 +Subject: [PATCH] Fixed bug #79282 + +--- + ext/exif/exif.c | 7 ++++++- + ext/exif/tests/bug79282.phpt | 15 +++++++++++++++ + 2 files changed, 21 insertions(+), 1 deletion(-) + create mode 100644 ext/exif/tests/bug79282.phpt + +diff --git a/ext/exif/exif.c b/ext/exif/exif.c +index a63e0c1..b85ac19 100644 +--- a/ext/exif/exif.c ++++ b/ext/exif/exif.c +@@ -3660,6 +3660,11 @@ static void exif_process_TIFF_in_JPEG(image_info_type *ImageInfo, char *CharBuf, + { + unsigned exif_value_2a, offset_of_ifd; + ++ if (length < 2) { ++ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Missing TIFF alignment marker"); ++ return; ++ } ++ + /* set the thumbnail stuff to nothing so we can test to see if they get set up */ + if (memcmp(CharBuf, "II", 2) == 0) { + ImageInfo->motorola_intel = 0; +@@ -3812,7 +3817,7 @@ static int exif_scan_JPEG_header(image_info_type *ImageInfo) + return FALSE; + } + +- sn = exif_file_sections_add(ImageInfo, marker, itemlen+1, NULL); ++ sn = exif_file_sections_add(ImageInfo, marker, itemlen, NULL); + Data = ImageInfo->file.list[sn].data; + + /* Store first two pre-read bytes. */ +diff --git a/ext/exif/tests/bug79282.phpt b/ext/exif/tests/bug79282.phpt +new file mode 100644 +index 0000000..7b7e365 +--- /dev/null ++++ b/ext/exif/tests/bug79282.phpt +@@ -0,0 +1,15 @@ ++--TEST-- ++Bug #79282: Use-of-uninitialized-value in exif ++--FILE-- ++ ++--EXPECTF-- ++Warning: exif_read_data(): Invalid TIFF alignment marker in %s on line %d ++ ++Warning: exif_read_data(): File structure corrupted in %s on line %d ++ ++Warning: exif_read_data(): Invalid JPEG file in %s on line %d ++bool(false) +-- +1.8.3.1 + diff --git a/CVE-2020-7066.patch b/CVE-2020-7066.patch new file mode 100644 index 0000000000000000000000000000000000000000..63200d170b36d4b4b306d8e7da34eb0ffa071d49 --- /dev/null +++ b/CVE-2020-7066.patch @@ -0,0 +1,25 @@ +From 0181cb204b54ee08710147338b76dc0845aba4f9 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Sun, 15 Mar 2020 17:30:44 -0700 +Subject: [PATCH] Fix bug #79329 - get_headers should not accept \0 + +--- + ext/standard/url.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/standard/url.c b/ext/standard/url.c +index 57fd80c..fe6d7f9 100644 +--- a/ext/standard/url.c ++++ b/ext/standard/url.c +@@ -680,7 +680,7 @@ PHP_FUNCTION(get_headers) + php_stream_context *context; + + ZEND_PARSE_PARAMETERS_START(1, 3) +- Z_PARAM_STRING(url, url_len) ++ Z_PARAM_PATH(url, url_len) + Z_PARAM_OPTIONAL + Z_PARAM_LONG(format) + Z_PARAM_RESOURCE_EX(zcontext, 1, 0) +-- +1.8.3.1 + diff --git a/php.spec b/php.spec index fd650a834fdb3c5e39419dbfcd86288223ebd8e9..a056e8c56d202d9985fe5aa88bb3cb7cd8ca6808 100644 --- a/php.spec +++ b/php.spec @@ -28,7 +28,7 @@ Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 3 +Release: 4 Summary: PHP scripting language for creating dynamic web sites License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA URL: http://www.php.net/ @@ -89,6 +89,8 @@ Patch6019: CVE-2019-11047.patch Patch6020: CVE-2018-19518.patch #git.php.net/?p=php-src.git;a=patch;h=a15af81b5f0058e020eda0f109f51a3c863f5212 Patch6021: CVE-2019-6977.patch +Patch6022: CVE-2020-7064.patch +Patch6023: CVE-2020-7066.patch BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel @@ -1149,6 +1151,12 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog +* Fri Apr 24 2020 openEuler Buildteam - 7.2.10-4 +- Type:cves +- ID:CVE-2020-7064 CVE-2020-7066 +- SUG:restart +- DESC:fix CVE-2020-7064 CVE-2020-7066 + * Mon Mar 16 2020 shijian - 7.2.10-3 - Type:cves - ID:CVE-2018-19518 CVE-2019-6977