import php-7.2.24-1.module+el8.2.0+4601+7c76a223

This commit is contained in:
CentOS Sources 2020-04-28 04:49:11 -04:00 committed by Andrew Lukoshko
parent 9b15c6be93
commit 3e68679d8e
6 changed files with 48 additions and 172 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/php-7.2.11.tar.xz SOURCES/php-7.2.24.tar.xz

View File

@ -1 +1 @@
4fd355950fdbe39cdab1b2bac03f25160bd441ec SOURCES/php-7.2.11.tar.xz d31628bdc89a724a2a0950c2ed7d79b40cf489a7 SOURCES/php-7.2.24.tar.xz

View File

@ -1,134 +0,0 @@
From 7a990257a05c725d53ca91bc9d080c99102f4e5e Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Mon, 21 Oct 2019 13:17:09 -0700
Subject: [PATCH] Merge branch 'PHP-7.1' into PHP-7.2
* PHP-7.1:
Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
bump versions after release
set versions for release
---
sapi/fpm/fpm/fpm_main.c | 4 +-
.../tests/bug78599-path-info-underflow.phpt | 61 +++++++++++++++++++
sapi/fpm/tests/tester.inc | 11 +++-
3 files changed, 72 insertions(+), 4 deletions(-)
create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt
diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
index f0cc3a07a485..b0e6226d9ad8 100644
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1209,8 +1209,8 @@ static void init_request_info(void)
path_info = script_path_translated + ptlen;
tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
} else {
- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
- tflag = (orig_path_info != path_info);
+ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
+ tflag = path_info && (orig_path_info != path_info);
}
if (tflag) {
diff --git a/sapi/fpm/tests/bug78599-path-info-underflow.phpt b/sapi/fpm/tests/bug78599-path-info-underflow.phpt
new file mode 100644
index 000000000000..edd4e0d49699
--- /dev/null
+++ b/sapi/fpm/tests/bug78599-path-info-underflow.phpt
@@ -0,0 +1,61 @@
+--TEST--
+FPM: bug78599 - env_path_info underflow - CVE-2019-11043
+--SKIPIF--
+<?php include "skipif.inc"; ?>
+--FILE--
+<?php
+
+require_once "tester.inc";
+
+$cfg = <<<EOT
+[global]
+error_log = {{FILE:LOG}}
+[unconfined]
+listen = {{ADDR}}
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+EOT;
+
+$code = <<<EOT
+<?php
+echo "Test Start\n";
+var_dump(\$_SERVER["PATH_INFO"]);
+echo "Test End\n";
+EOT;
+
+$tester = new FPM\Tester($cfg, $code);
+$tester->start();
+$tester->expectLogStartNotices();
+$uri = $tester->makeSourceFile();
+$tester
+ ->request(
+ '',
+ [
+ 'SCRIPT_FILENAME' => $uri . "/" . str_repeat('A', 35),
+ 'PATH_INFO' => '',
+ 'HTTP_HUI' => str_repeat('PTEST', 1000),
+ ],
+ $uri
+ )
+ ->expectBody(
+ [
+ 'Test Start',
+ 'string(0) ""',
+ 'Test End'
+ ]
+ );
+$tester->terminate();
+$tester->close();
+
+?>
+Done
+--EXPECT--
+Done
+--CLEAN--
+<?php
+require_once "tester.inc";
+FPM\Tester::clean();
+?>
diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc
index 70c03ad70f1c..3b6702866cc1 100644
--- a/sapi/fpm/tests/tester.inc
+++ b/sapi/fpm/tests/tester.inc
@@ -513,7 +513,7 @@ class Tester
return new Response(null, true);
}
if (is_null($uri)) {
- $uri = $this->makeFile('src.php', $this->code);
+ $uri = $this->makeSourceFile();
}
$params = array_merge(
@@ -538,7 +538,6 @@ class Tester
],
$headers
);
-
try {
$this->response = new Response(
$this->getClient($address, $connKeepAlive)->request_data($params, false)
@@ -944,6 +943,14 @@ class Tester
return $filePath;
}
+ /**
+ * @return string
+ */
+ public function makeSourceFile()
+ {
+ return $this->makeFile('src.php', $this->code);
+ }
+
/**
* @param string|null $msg
*/

View File

@ -1,6 +1,7 @@
--- php-5.4.0RC5/scripts/phpize.in.orig 2012-01-18 17:13:54.018022983 +0100 diff -up php-7.2.12RC1/scripts/phpize.in.headers php-7.2.12RC1/scripts/phpize.in
+++ php-5.4.0RC5/scripts/phpize.in 2012-01-18 17:14:40.614024941 +0100 --- php-7.2.12RC1/scripts/phpize.in.headers 2018-10-23 11:47:43.000000000 +0200
@@ -162,6 +162,15 @@ +++ php-7.2.12RC1/scripts/phpize.in 2018-10-23 11:49:51.651818777 +0200
@@ -162,6 +162,15 @@ phpize_autotools()
$PHP_AUTOHEADER || exit 1 $PHP_AUTOHEADER || exit 1
} }
@ -16,7 +17,7 @@
# Main script # Main script
case "$1" in case "$1" in
@@ -180,12 +189,15 @@ @@ -180,12 +189,15 @@ case "$1" in
# Version # Version
--version|-v) --version|-v)

View File

@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired. than embedding a copy. Discussed upstream but was not desired.
History: History:
r17: adapt for autotool change in 7.2.16RC1
r16: adapt for timelib 2017.06 (in 7.2.3RC1) r16: adapt for timelib 2017.06 (in 7.2.3RC1)
r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1) r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1)
r14: improve check for valid tz file r14: improve check for valid tz file
@ -27,9 +28,32 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
r2: add filesystem trawl to set up name alias index r2: add filesystem trawl to set up name alias index
r1: initial revision r1: initial revision
diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/lib/parse_tz.c diff -up php-7.2.16RC1/ext/date/config0.m4.systzdata php-7.2.16RC1/ext/date/config0.m4
--- php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata 2018-02-13 20:18:34.000000000 +0100 --- php-7.2.16RC1/ext/date/config0.m4.systzdata 2019-02-19 11:22:22.223741585 +0100
+++ php-7.2.3RC1/ext/date/lib/parse_tz.c 2018-02-14 06:14:23.484804852 +0100 +++ php-7.2.16RC1/ext/date/config0.m4 2019-02-19 11:23:05.089111556 +0100
@@ -10,6 +10,19 @@ io.h
dnl Check for strtoll, atoll
AC_CHECK_FUNCS(strtoll atoll)
+PHP_ARG_WITH(system-tzdata, for use of system timezone data,
+[ --with-system-tzdata[=DIR] to specify use of system timezone data],
+no, no)
+
+if test "$PHP_SYSTEM_TZDATA" != "no"; then
+ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
+
+ if test "$PHP_SYSTEM_TZDATA" != "yes"; then
+ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
+ [Define for location of system timezone data])
+ fi
+fi
+
PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/lib/parse_tz.c
--- php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata 2019-02-19 11:13:22.000000000 +0100
+++ php-7.2.16RC1/ext/date/lib/parse_tz.c 2019-02-19 11:19:40.245313535 +0100
@@ -25,8 +25,21 @@ @@ -25,8 +25,21 @@
#include "timelib.h" #include "timelib.h"
#include "timelib_private.h" #include "timelib_private.h"
@ -632,23 +656,3 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
} else { } else {
*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE; *error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
tmp = NULL; tmp = NULL;
diff -up php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata php-7.2.3RC1/ext/date/lib/timelib.m4
--- php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata 2018-02-13 20:18:34.000000000 +0100
+++ php-7.2.3RC1/ext/date/lib/timelib.m4 2018-02-14 06:11:54.273089963 +0100
@@ -81,3 +81,16 @@ io.h
dnl Check for strtoll, atoll
AC_CHECK_FUNCS(strtoll atoll strftime gettimeofday)
+
+PHP_ARG_WITH(system-tzdata, for use of system timezone data,
+[ --with-system-tzdata[=DIR] to specify use of system timezone data],
+no, no)
+
+if test "$PHP_SYSTEM_TZDATA" != "no"; then
+ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
+
+ if test "$PHP_SYSTEM_TZDATA" != "yes"; then
+ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
+ [Define for location of system timezone data])
+ fi
+fi

View File

@ -60,13 +60,12 @@
%global with_tidy 0 %global with_tidy 0
%endif %endif
%global upver 7.2.11 %global upver 7.2.24
#global rcver RC1
Summary: PHP scripting language for creating dynamic web sites Summary: PHP scripting language for creating dynamic web sites
Name: php Name: php
Version: %{upver}%{?rcver:~%{rcver}} Version: %{upver}%{?rcver:~%{rcver}}
Release: 4%{?dist} Release: 1%{?dist}
# All files licensed under PHP version 3.01, except # All files licensed under PHP version 3.01, except
# Zend is licensed under Zend # Zend is licensed under Zend
# TSRM is licensed under BSD # TSRM is licensed under BSD
@ -101,9 +100,9 @@ Patch8: php-7.2.0-libdb.patch
# Functional changes # Functional changes
Patch40: php-7.2.4-dlopen.patch Patch40: php-7.2.4-dlopen.patch
Patch42: php-7.2.3-systzdata-v16.patch Patch42: php-7.2.16-systzdata-v17.patch
# See http://bugs.php.net/53436 # See http://bugs.php.net/53436
Patch43: php-5.4.0-phpize.patch Patch43: php-7.2.12-phpize.patch
# Use -lldap_r for OpenLDAP # Use -lldap_r for OpenLDAP
Patch45: php-7.2.3-ldap_r.patch Patch45: php-7.2.3-ldap_r.patch
# Make php_config.h constant across builds # Make php_config.h constant across builds
@ -116,7 +115,6 @@ Patch48: php-7.2.7-getallheaders.patch
# Upstream fixes (100+) # Upstream fixes (100+)
# Security fixes (200+) # Security fixes (200+)
Patch200: php-7.2.11-CVE-2019-11043.patch
# Fixes for tests (300+) # Fixes for tests (300+)
# Factory is droped from system tzdata # Factory is droped from system tzdata
@ -603,7 +601,7 @@ Provides: php-pdo_dblib, php-pdo_dblib%{?_isa}
%description pdo-dblib %description pdo-dblib
The php-pdo-dblib package contains a dynamic shared object The php-pdo-dblib package contains a dynamic shared object
that implements the PHP Data Objects (PDO) interface to enable access from that implements the PHP Data Objects (PDO) interface to enable access from
PHP to Microsoft SQL Server and Sybase databases through the FreeTDS libary. PHP to Microsoft SQL Server and Sybase databases through the FreeTDS library.
%endif %endif
%package embedded %package embedded
@ -719,7 +717,6 @@ low-level PHP extension for the libsodium cryptographic library.
# upstream patches # upstream patches
# security patches # security patches
%patch200 -p1 -b .cve11043
# Fixes for tests # Fixes for tests
%patch300 -p1 -b .datetests %patch300 -p1 -b .datetests
@ -753,8 +750,13 @@ mkdir build-cgi build-apache build-embedded \
rm ext/date/tests/timezone_location_get.phpt rm ext/date/tests/timezone_location_get.phpt
rm ext/date/tests/timezone_version_get.phpt rm ext/date/tests/timezone_version_get.phpt
rm ext/date/tests/timezone_version_get_basic1.phpt rm ext/date/tests/timezone_version_get_basic1.phpt
rm ext/date/tests/bug33414-1.phpt
rm ext/date/tests/bug33415-2.phpt
rm ext/date/tests/date_modify-1.phpt
# fails sometime # fails sometime
rm ext/date/tests/bug73837.phpt
rm ext/sockets/tests/mcast_ipv?_recv.phpt rm ext/sockets/tests/mcast_ipv?_recv.phpt
rm sapi/cli/tests/upload_2G.phpt
# cause stack exhausion # cause stack exhausion
rm Zend/tests/bug54268.phpt rm Zend/tests/bug54268.phpt
rm Zend/tests/bug68412.phpt rm Zend/tests/bug68412.phpt
@ -1567,6 +1569,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%changelog %changelog
* Thu Nov 7 2019 Remi Collet <rcollet@redhat.com> - 7.2.24-1
- update to 7.2.24 #1726981
* Tue Oct 29 2019 Remi Collet <rcollet@redhat.com> - 7.2.11-4 * Tue Oct 29 2019 Remi Collet <rcollet@redhat.com> - 7.2.11-4
- fix underflow in env_path_info in fpm_main.c CVE-2019-11043 - fix underflow in env_path_info in fpm_main.c CVE-2019-11043