Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package php7.17250 for openSUSE:Leap:15.2:Update checked in at 2021-12-10 18:06:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/php7.17250 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.php7.17250.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php7.17250" Fri Dec 10 18:06:21 2021 rev:1 rq:936274 version:7.4.6 Changes: -------- New Changes file: --- /dev/null 2021-12-09 00:52:20.582305468 +0100 +++ /work/SRC/openSUSE:Leap:15.2:Update/.php7.17250.new.2520/php7.changes 2021-12-10 18:06:22.804790852 +0100 @@ -0,0 +1,4662 @@ +------------------------------------------------------------------- +Fri Nov 26 10:50:27 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-21707 [bsc#1193041], special character breaks path in xml parsing + + php7-CVE-2021-21707.patch + +------------------------------------------------------------------- +Fri Oct 29 09:07:08 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-21703 [bsc#1192050], Local privilege escalation via PHP-FPM + + php7-CVE-2021-21703.patch + +------------------------------------------------------------------- +Mon Oct 4 10:59:24 UTC 2021 - pgaj...@suse.com + +- added patches [bsc#1175508] + fix https://github.com/php/php-src/pull/7428 + + php7-bsc1175508.patch + +------------------------------------------------------------------- +Mon Aug 2 13:01:48 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-21704 [bsc#1188035], security issues in pdo_firebase module + + php7-CVE-2021-21704.patch + +------------------------------------------------------------------- +Fri Jul 9 14:40:47 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-21705 [bsc#1188037], SSRF bypass in FILTER_VALIDATE_URL + + php7-CVE-2021-21705.patch + +------------------------------------------------------------------- +Thu Feb 11 10:52:26 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2021-21702 [bsc#1182049], NULL pointer dereference in SoapClient + + php7-CVE-2021-21702.patch + +------------------------------------------------------------------- +Mon Jan 11 12:02:58 UTC 2021 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2020-7071 [bsc#1180706], FILTER_VALIDATE_URL accepts URLs with invalid userinfo + + php7-CVE-2020-7071.patch + +------------------------------------------------------------------- +Fri Oct 9 11:07:42 UTC 2020 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2020-7069 [bsc#1177351], when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is used + + php7-CVE-2020-7069.patch + fix CVE-2020-7070 [bsc#1177352], Percent-encoded cookies can be used to overwrite existing prefixed cookie names + + php7-CVE-2020-7070.patch + +------------------------------------------------------------------- +Thu Aug 13 14:01:39 UTC 2020 - pgaj...@suse.com + +- security update +- added patches + fix CVE-2020-7068 [bsc#1175223], Use of freed hash key in the phar_parse_zipfile function + + php7-CVE-2020-7068.patch + +------------------------------------------------------------------- +Thu Jul 9 13:13:48 UTC 2020 - pgaj...@suse.com + +- Use /run/php-fpm instead of /run/php +- modified sources + % php-fpm.tmpfiles.d + +------------------------------------------------------------------- +Thu Jul 9 12:23:52 UTC 2020 - pgaj...@suse.com + +- do not install %{_tmpfilesdir}, %{_tmpfilesdir}/php-fpm.conf in + test favour + +------------------------------------------------------------------- +Mon Jul 6 21:21:45 UTC 2020 - Daniel Molkentin <daniel.molken...@suse.com> + +- added tmpfiles.d for php-fpm to provide a base base for a socket + (boo#1173786) + +------------------------------------------------------------------- +Thu May 14 09:05:51 UTC 2020 - Arjen de Korte <suse+bu...@de-korte.org> + +- updated to 7.4.6: This is a security release which also contains + several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.6 + +------------------------------------------------------------------- +Wed May 13 11:42:01 UTC 2020 - pgaj...@suse.com + +- added patches + build fixes in SLE12 + + php7-arm-build-fixes.patch + +------------------------------------------------------------------- +Tue May 12 13:28:05 UTC 2020 - pgaj...@suse.com + +- added to SLE-12 [jsc#SLE-12474] + +------------------------------------------------------------------- +Tue May 12 13:11:31 UTC 2020 - pgaj...@suse.com + +- spec file usable under SLE12 again and better prepared for + phpM -> phpMN transition + +------------------------------------------------------------------- +Mon May 11 09:59:41 UTC 2020 - pgaj...@suse.com + +- added to SLE-15-SP2 [jsc#SLE-12482], including fixes for: + CVE-2020-7063 [bsc#1165289] + CVE-2020-7062 [bsc#1165280] + CVE-2019-11046, CVE-2019-11050, CVE-2019-11047, CVE-2019-11045 + +------------------------------------------------------------------- +Tue Apr 14 14:40:32 UTC 2020 - Arjen de Korte <suse+bu...@de-korte.org> + +- updated to 7.4.5: This is a security release which also contains + several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.5 + +------------------------------------------------------------------- +Thu Apr 2 11:14:13 UTC 2020 - pgaj...@suse.com + +- remove Berkeley DB Database support [jsc#SLE-12210] + +------------------------------------------------------------------- +Fri Mar 20 07:39:34 UTC 2020 - pgaj...@suse.com + +- build firebird extension in any case + +------------------------------------------------------------------- +Tue Mar 17 19:48:01 UTC 2020 - Arjen de Korte <suse+bu...@de-korte.org> + +- updated to 7.4.4: This is a security release which also contains + several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.4 + +------------------------------------------------------------------- +Thu Mar 12 08:47:27 UTC 2020 - Martin Li??ka <mli...@suse.cz> + +- Enable LTO as it works now (boo#1133275). + +------------------------------------------------------------------- +Wed Feb 19 09:11:21 UTC 2020 - Arjen de Korte <suse+bu...@de-korte.org> + +- updated to 7.4.3: This is a security release which also contains + several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.3 + +------------------------------------------------------------------- +Mon Feb 10 16:25:11 UTC 2020 - pgaj...@suse.com + +- add %apache_rex_deps + +------------------------------------------------------------------- +Thu Jan 23 11:08:54 UTC 2020 - Arjen de Korte <suse+bu...@de-korte.org> + +- updated to 7.4.2: This is a security release which also contains + several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.2 + +------------------------------------------------------------------- +Wed Dec 18 13:35:41 UTC 2019 - Arjen de Korte <suse+bu...@de-korte.org> + +- updated to 7.4.1: This is a security release which also contains + several bug fixes. See https://www.php.net/ChangeLog-7.php#7.4.1 +- deleted patches + - php-fix-mysqlnd-compression-library.patch + - php-fpm-service-fails-to-start.patch + +------------------------------------------------------------------- +Tue Dec 10 13:24:53 UTC 2019 - pgaj...@suse.com + +- php7-devel requires glibc-devel, libxml2-devel, pcre2-devel + again + +------------------------------------------------------------------- +Thu Dec 5 09:27:35 UTC 2019 - Arjen de Korte <suse+bu...@de-korte.org> + +- relax systemd restrictions for FPM as they were too strict in + some applications +- change leftover Requires php7-<extension> to php-<extension> +- remove external libraries from -devel subpackage +- added patches + + php-fpm-service-fails-to-start.patch + +------------------------------------------------------------------- +Thu Nov 28 10:16:27 UTC 2019 - Arjen de Korte <suse+bu...@de-korte.org> + +- update to 7.4.0: ++++ 4465 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.php7.17250.new.2520/php7.changes New: ---- README.macros _multibuild build-test.sh macros.php mod_php7.conf php-7.4.6.tar.xz php-7.4.6.tar.xz.asc php-crypt-tests.patch php-date-regenerate-lexers.patch php-embed.patch php-fix_net-snmp_disable_MD5.patch php-fpm.tmpfiles.d php-ini.patch php-no-build-date.patch php-odbc-cmp-int-cast.patch php-openssl.patch php-php-config.patch php-phpize.patch php-pts.patch php-systemd-unit.patch php-systzdata-v19.patch php7-CVE-2020-7068.patch php7-CVE-2020-7069.patch php7-CVE-2020-7070.patch php7-CVE-2020-7071.patch php7-CVE-2021-21702.patch php7-CVE-2021-21703.patch php7-CVE-2021-21704.patch php7-CVE-2021-21705.patch php7-CVE-2021-21707.patch php7-arm-build-fixes.patch php7-bsc1175508.patch php7.changes php7.keyring php7.rpmlintrc php7.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php7.spec ++++++ ++++ 1650 lines (skipped) ++++++ README.macros ++++++ README for php-macros Author: Christian Wittmer <ch...@computersalat.de> Author: Johannes Weberhofer <jweberho...@weberhofer.at> %php_pear_gen_filelist generates an rpmlint happy filelist of your installed files In most cases you only need to check the %doc part sometimes there is a "Changes" or "ChangeLog",.... Requirements for %php_pear_gen_filelist You have to define following parts inside your spec file Example: # # spec file for package php7-pear-Auth_SASL # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define php_name php7 %define pear_name Auth_SASL Name: php7-pear-Auth_SASL Version: 1.1.0 Release: 0 Summary: Abstraction of various SASL mechanism responses License: BSD-3-Clause Group: Productivity/Networking/Web/Servers Url: http://pear.php.net/package/%{pear_name} Source: http://pear.php.net/get/%{pear_name}-%{version}.tgz BuildRequires: %{php_name}-devel BuildRequires: %{php_name}-pear >= 1.10.1 Requires: %{php_name}-pear >= 1.10.1 Provides: php-pear-%{pear_name} = %{version} Provides: php-pear(%{pear_name}) = %{version} Obsoletes: php5-pear-Auth_SASL BuildArch: noarch %if 0%{?suse_version} < 1330 BuildRequires: %{php_name}-macros BuildRequires: %{php_name}-pear-Archive_Tar Requires: %{php_name}-pear-Archive_Tar %endif %description Provides code to generate responses to common SASL mechanisms, including: - Digest-MD5 - CramMD5 - Plain - Anonymous - Login (Pseudo mechanism) %prep %setup -q %setup -q -n %{pear_name}-%{version} mv ../package.xml . %build %install %{__pear} install --nodeps --offline --packagingroot %{buildroot} package.xml install -D -m 0644 package.xml %{buildroot}%{pear_xmldir}/%{pear_name}.xml rm -rf %{buildroot}/{doc,tmp} rm -rf %{buildroot}/%{php_peardir}/.{filemap,lock,registry,channels,depdb,depdblock} %php_pear_gen_filelist %post if [ "$1" = "1" ]; then # on "rpm -ivh" %{__pear} install --nodeps --soft --force --register-only %{pear_xmldir}/%{pear_name}.xml fi if [ "$1" = "2" ]; then # on "rpm -Uvh" %{__pear} upgrade --offline --register-only %{pear_xmldir}/%{pear_name}.xml fi %postun if [ "$1" = "0" ]; then # on "rpm -e" %{__pear} uninstall --nodeps --ignore-errors --register-only pear.php.net/%{pear_name} fi %files -f %{name}.files %changelog ############################################################################# And here an Example of the generated filelist (does not match above package): /usr/share/php5/PEAR/Date.php %dir /usr/share/php5/PEAR/Date /usr/share/php5/PEAR/Date/Calc.php /usr/share/php5/PEAR/Date/Human.php /usr/share/php5/PEAR/Date/Span.php /usr/share/php5/PEAR/Date/TimeZone.php %dir /usr/share/php5/PEAR/test %dir /usr/share/php5/PEAR/test/Date %dir /usr/share/php5/PEAR/test/Date/tests /usr/share/php5/PEAR/test/Date/tests/test_date_methods_span.php /usr/share/php5/PEAR/test/Date/tests/testunit_date_span.php /usr/share/php5/PEAR/test/Date/tests/test_calc.php /usr/share/php5/PEAR/test/Date/tests/calc.php /usr/share/php5/PEAR/test/Date/tests/testunit_date.php /usr/share/php5/PEAR/test/Date/tests/testunit.php %dir /usr/share/php5/PEAR/test/Date/tests/bugs /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-1.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-2.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-3.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-727-4.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-674.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9213.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-9414.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-8912.phpt /usr/share/php5/PEAR/test/Date/tests/bugs/bug-967.phpt /var/lib/pear/Date.xml ++++++ _multibuild ++++++ <multibuild> <package>test</package> </multibuild> ++++++ build-test.sh ++++++ #!/bin/bash TEST_RESULT_FILE_BEFORE='test_results.before' TEST_RESULT_FILE_AFTER='test_results.after' function usage { echo "usage: $0 buildroot [osc ARGUMENTS]" echo " 1. Run first time to create ${TEST_RESULT_FILE_BEFORE}." echo " 2. Make source changes." echo " 3. Run second time to create ${TEST_RESULT_FILE_AFTER}" echo " and see changes in test results." } if [ -z $1 ]; then echo 'ERROR: missing a parameter: buildroot' usage exit 1 fi if [ "$1" == "-h" ]; then usage exit 0 fi export OSC_BUILD_ROOT=$1 shift apiurl=`cat .osc/_apiurl 2>/dev/null` if [ ! -z "$apiurl" ]; then apiurl="-A $apiurl" fi osc $apiurl build $@ --no-verify --with make_test -x valgrind *.spec if [ $? -ne 0 ]; then echo "ERROR: build failed. See $OSC_BUILD_ROOT/.build.log for details." exit 1 fi cat $OSC_BUILD_ROOT/.build.log \ | sed 's:^\[[ 0-9]\+s\] ::' \ | egrep 'TEST [0-9]+\/[0-9]+|SKIP.*reason' \ | sed 's:.*\r::' \ | sort \ > ${TEST_RESULT_FILE_AFTER} if [ ! -e ${TEST_RESULT_FILE_BEFORE} ]; then echo "Creating ${TEST_RESULT_FILE_BEFORE}" echo "Run $0 again AFTER source changes, to create ${TEST_RESULT_FILE_AFTER}." echo "Differences will be checked then." mv ${TEST_RESULT_FILE_AFTER} ${TEST_RESULT_FILE_BEFORE} else echo --- DIFFERENCES ------------------------------------------- diff -up $TEST_RESULT_FILE_BEFORE ${TEST_RESULT_FILE_AFTER} echo ----------------------------------------------------------- echo "Do not forgot to " echo "rm ${TEST_RESULT_FILE_BEFORE} ${TEST_RESULT_FILE_AFTER}" echo fi ++++++ macros.php ++++++ # macros.php file # macros for module building. handle with care. # # Interface versions exposed by PHP: # %php_core_api @PHP_APIVER@ %php_zend_api @PHP_ZENDVER@ # Useful php macros (from Christian Wittmer <ch...@computersalat.de>) # %__php /usr/bin/php %__phpize /usr/bin/phpize %__php_config /usr/bin/php-config %php_version %(%{__php_config} --version) # pear related macros %__pear /usr/bin/pear %php_peardir %(%{__pear} config-get php_dir) # %pear_xmldir should be replaced by %php_pearxmldir %pear_xmldir /var/lib/pear %php_pearxmldir /var/lib/pear %pear_phpdir %(%{__pear} config-get php_dir 2> /dev/null || echo undefined) %pear_docdir %(%{__pear} config-get doc_dir 2> /dev/null || echo undefined) %pear_testdir %(%{__pear} config-get test_dir 2> /dev/null || echo undefined) %pear_datadir %(%{__pear} config-get data_dir 2> /dev/null || echo undefined) %pear_cfgdir %(%{__pear} config-get cfg_dir 2> /dev/null || echo undefined) %pear_wwwdir %(%{__pear} config-get www_dir 2> /dev/null || echo undefined) %pear_metadir %(%{__pear} config-get metadata_dir 2> /dev/null || echo undefined) # pecl related macros %__pecl /usr/bin/pecl %pecl_phpdir %(%{__pecl} config-get php_dir 2> /dev/null || echo undefined) %pecl_docdir %(%{__pecl} config-get doc_dir 2> /dev/null || echo undefined) %pecl_testdir %(%{__pecl} config-get test_dir 2> /dev/null || echo undefined) %pecl_datadir %(%{__pecl} config-get data_dir 2> /dev/null || echo undefined) # macro: php_pear_gen_filelist # do the rpmlint happy filelist generation # with %dir in front of directories %php_pear_gen_filelist(n)\ FILES=%{name}.files\ # fgen_dir func\ # IN: dir\ fgen_dir(){\ %{__cat} >> $FILES << EOF\ %dir ${1}\ EOF\ }\ # fgen_file func\ # IN: file\ fgen_file(){\ %{__cat} >> $FILES << EOF\ ${1}\ EOF\ }\ # check for files in %{php_peardir}\ RES=`find ${RPM_BUILD_ROOT}%{php_peardir} -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ for file in $RES; do\ fgen_file "%{php_peardir}/$(basename ${file})"\ done\ fi\ \ # get all dirs into array\ base_dir="${RPM_BUILD_ROOT}%{php_peardir}/"\ for dir in `find ${base_dir} -type d | sort`; do\ if [ "$dir" = "${base_dir}" ]; then\ continue\ else\ el=`echo $dir | %{__awk} -F"${base_dir}" '{print $2}'`\ all_dir=(${all_dir[@]} $el)\ fi\ done\ \ # build filelist\ for i in ${all_dir[@]}; do\ if [ -d ${base_dir}/${i} ]; then\ RES=`find "${base_dir}/${i}" -maxdepth 1 -type f`\ if [ -n "$RES" ]; then\ fgen_dir "%{php_peardir}/${i}"\ for file in $RES; do\ fgen_file "%{php_peardir}/${i}/$(basename ${file})"\ done\ else\ fgen_dir "%{php_peardir}/${i}"\ fi\ fi\ done\ # add xml file\ fgen_file "%php_pearxmldir/%{pear_name}.xml"\ # ++++++ mod_php7.conf ++++++ <IfModule mod_php7.c> <FilesMatch "\.ph(p[3457]?|tml)$"> SetHandler application/x-httpd-php </FilesMatch> <FilesMatch "\.php[3457]?s$"> SetHandler application/x-httpd-php-source </FilesMatch> DirectoryIndex index.php4 DirectoryIndex index.php5 DirectoryIndex index.php7 DirectoryIndex index.php </IfModule> ++++++ php-crypt-tests.patch ++++++ Index: php-7.2.12/ext/standard/config.m4 =================================================================== --- php-7.2.12.orig/ext/standard/config.m4 2018-11-06 11:48:33.000000000 +0100 +++ php-7.2.12/ext/standard/config.m4 2018-11-09 16:35:10.505160977 +0100 @@ -242,7 +242,7 @@ int main() { dnl dnl If one of them is missing, use our own implementation, portable code is then possible dnl -if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "x$php_crypt_r" = "x0"; then +if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "x$ac_cv_lib_crypt_crypt_r" = "x0"; then dnl dnl Check for __alignof__ support in the compiler ++++++ php-date-regenerate-lexers.patch ++++++ Index: php-7.1.7/ext/date/config0.m4 =================================================================== --- php-7.1.7.orig/ext/date/config0.m4 2017-07-06 11:30:06.000000000 +0200 +++ php-7.1.7/ext/date/config0.m4 2017-07-21 13:56:15.183675982 +0200 @@ -10,6 +10,8 @@ timelib_sources="lib/astro.c lib/dow.c l PHP_NEW_EXTENSION(date, php_date.c $timelib_sources, no,, $PHP_DATE_CFLAGS) +PHP_ADD_MAKEFILE_FRAGMENT() + PHP_ADD_BUILD_DIR([$ext_builddir/lib], 1) PHP_ADD_INCLUDE([$ext_builddir/lib]) PHP_ADD_INCLUDE([$ext_srcdir/lib]) Index: php-7.1.7/ext/date/Makefile.frag =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ php-7.1.7/ext/date/Makefile.frag 2017-07-21 13:58:51.986357906 +0200 @@ -0,0 +1,6 @@ +$(srcdir)/lib/parse_date.c: $(srcdir)/lib/parse_date.re + @(cd $(top_srcdir); $(RE2C) $(RE2C_FLAGS) -b --no-generation-date -o ext/date/lib/parse_date.c ext/date/lib/parse_date.re) + +$(srcdir)/lib/parse_iso_intervals.c: $(srcdir)/lib/parse_iso_intervals.re + @(cd $(top_srcdir); $(RE2C) $(RE2C_FLAGS) -b --no-generation-date -o ext/date/lib/parse_iso_intervals.c ext/date/lib/parse_iso_intervals.re) + ++++++ php-embed.patch ++++++ --- php-7.1.10/sapi/embed/config.m4.embed +++ php-7.1.10/sapi/embed/config.m4 @@ -12,7 +12,7 @@ if test "$PHP_EMBED" != "no"; then case "$PHP_EMBED" in yes|shared) PHP_EMBED_TYPE=shared - INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(prefix)/lib; \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)\$(prefix)/lib" + INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(libdir); \$(LIBTOOL) --mode=install \$(INSTALL) -m 0755 \$(OVERALL_TARGET) \$(INSTALL_ROOT)\$(libdir)" ;; static) PHP_EMBED_TYPE=static ++++++ php-fix_net-snmp_disable_MD5.patch ++++++ Index: ext/snmp/snmp.c =================================================================== --- ext/snmp/snmp.c.orig 2015-09-08 12:33:18.057282498 +0200 +++ ext/snmp/snmp.c 2015-09-08 12:35:01.717693824 +0200 @@ -1256,14 +1256,17 @@ Set the authentication protocol in the snmpv3 session */ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot) { +#ifndef DISABLE_MD5 if (!strcasecmp(prot, "MD5")) { s->securityAuthProto = usmHMACMD5AuthProtocol; s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN; - } else if (!strcasecmp(prot, "SHA")) { + } else +#endif + if (!strcasecmp(prot, "SHA")) { s->securityAuthProto = usmHMACSHA1AuthProtocol; s->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN; } else { - php_error_docref(NULL, E_WARNING, "Unknown authentication protocol '%s'", prot); + php_error_docref(NULL, E_WARNING, "Unknown or unsupported authentication protocol '%s'", prot); return (-1); } return (0); ++++++ php-fpm.tmpfiles.d ++++++ # Type Path Mode UID GID Age Argument d /run/php-fpm 0711 root root - - ++++++ php-ini.patch ++++++ Index: php-7.3.1/php.ini-production =================================================================== --- php-7.3.1.orig/php.ini-production 2019-01-08 14:55:52.000000000 +0100 +++ php-7.3.1/php.ini-production 2019-02-07 09:28:59.154542260 +0100 @@ -729,7 +729,7 @@ default_charset = "UTF-8" ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" +include_path = ".:/usr/share/php7:/usr/share/php7/PEAR" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" @@ -954,7 +954,7 @@ cli_server.color = On [Date] ; Defines the default timezone used by the date functions ; http://php.net/date.timezone -;date.timezone = +date.timezone = 'UTC' ; http://php.net/date.default-latitude ;date.default_latitude = 31.7667 @@ -1161,7 +1162,7 @@ mysqli.max_persistent = -1 ; Allow or prevent persistent links. ; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On +mysqli.allow_persistent = Off ; Maximum number of links. -1 means no limit. ; http://php.net/mysqli.max-links @@ -1354,7 +1355,7 @@ session.save_handler = files ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. ; http://php.net/session.save-path -;session.save_path = "/tmp" +session.save_path = "/var/lib/php7" ; Whether to use strict session mode. ; Strict session mode does not accept an uninitialized session ID, and ++++++ php-no-build-date.patch ++++++ Index: php-7.4.0RC6/ext/standard/info.c =================================================================== --- php-7.4.0RC6.orig/ext/standard/info.c 2019-11-11 00:33:36.000000000 +0100 +++ php-7.4.0RC6/ext/standard/info.c 2019-11-19 11:29:46.254681309 +0100 @@ -802,7 +802,7 @@ PHPAPI ZEND_COLD void php_print_info(int php_info_print_box_end(); php_info_print_table_start(); php_info_print_table_row(2, "System", ZSTR_VAL(php_uname)); - php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__); + /*php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__);*/ #ifdef COMPILER php_info_print_table_row(2, "Compiler", COMPILER); #endif @@ -810,7 +810,7 @@ PHPAPI ZEND_COLD void php_print_info(int php_info_print_table_row(2, "Architecture", ARCHITECTURE); #endif #ifdef CONFIGURE_COMMAND - php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); + /* php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND ); */ #endif if (sapi_module.pretty_name) { Index: php-7.4.0RC6/sapi/cli/php_cli.c =================================================================== --- php-7.4.0RC6.orig/sapi/cli/php_cli.c 2019-11-19 11:29:46.254681309 +0100 +++ php-7.4.0RC6/sapi/cli/php_cli.c 2019-11-19 11:30:06.350793571 +0100 @@ -645,8 +645,8 @@ static int do_cli(int argc, char **argv) goto out; case 'v': /* show php version & quit */ - php_printf("PHP %s (%s) (built: %s %s) ( %s)\nCopyright (c) The PHP Group\n%s", - PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__, + php_printf("PHP %s (%s) ( %s)\nCopyright (c) The PHP Group\n%s", + PHP_VERSION, cli_sapi_module.name, #if ZTS "ZTS " #else Index: php-7.4.0RC6/sapi/cgi/cgi_main.c =================================================================== --- php-7.4.0RC6.orig/sapi/cgi/cgi_main.c 2019-11-19 11:29:46.254681309 +0100 +++ php-7.4.0RC6/sapi/cgi/cgi_main.c 2019-11-19 11:30:26.346905278 +0100 @@ -2392,9 +2392,9 @@ parent_loop_end: SG(headers_sent) = 1; SG(request_info).no_headers = 1; #if ZEND_DEBUG - php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) \nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); Index: php-7.4.0RC6/configure.ac =================================================================== --- php-7.4.0RC6.orig/configure.ac 2019-11-19 11:29:46.258681331 +0100 +++ php-7.4.0RC6/configure.ac 2019-11-19 11:31:37.507302813 +0100 @@ -1295,13 +1295,12 @@ EXTRA_LDFLAGS_PROGRAM="$EXTRA_LDFLAGS_PR dnl SOURCE_DATE_EPOCH for reproducible builds dnl https://reproducible-builds.org/specs/source-date-epoch/ -PHP_BUILD_DATE=`date --utc --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y-%m-%d 2>/dev/null` -if test $? -ne 0 ; then -PHP_BUILD_DATE=`date -u +%Y-%m-%d` -fi +#totally fake, not used anywhere in userspace +PHP_BUILD_DATE="1970-01-01" AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date]) -PHP_UNAME=`uname -a | xargs` +dnl Totally fake, it wasnt and will never be reliable anyway. +PHP_UNAME="Linux suse 2.6.36 #1 SMP 2011-02-21 10:34:10 +0100 x86_64 x86_64 x86_64 GNU/Linux" AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output]) PHP_OS=`uname | xargs` AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output]) Index: php-7.4.0RC6/sapi/fpm/fpm/fpm_main.c =================================================================== --- php-7.4.0RC6.orig/sapi/fpm/fpm/fpm_main.c 2019-11-19 11:29:46.258681331 +0100 +++ php-7.4.0RC6/sapi/fpm/fpm/fpm_main.c 2019-11-19 11:32:27.627582756 +0100 @@ -1722,9 +1722,9 @@ int main(int argc, char *argv[]) SG(request_info).no_headers = 1; #if ZEND_DEBUG - php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) (DEBUG)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #else - php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version()); + php_printf("PHP %s (%s) \nCopyright (c) The PHP Group\n%s", PHP_VERSION, sapi_module.name, get_zend_version()); #endif php_request_shutdown((void *) 0); fcgi_shutdown(); ++++++ php-odbc-cmp-int-cast.patch ++++++ https://bugs.php.net/bug.php?id=53007 Index: php-7.3.0/ext/odbc/php_odbc.c =================================================================== --- php-7.3.0.orig/ext/odbc/php_odbc.c 2018-12-04 17:12:22.000000000 +0100 +++ php-7.3.0/ext/odbc/php_odbc.c 2018-12-10 10:19:02.668378553 +0100 @@ -1804,7 +1804,7 @@ static void php_odbc_fetch_hash(INTERNAL if (rc == SQL_SUCCESS_WITH_INFO) { ZVAL_STRINGL(&tmp, buf, result->longreadlen); - } else if (result->values[i].vallen == SQL_NULL_DATA) { + } else if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(&tmp); break; } else { @@ -1813,7 +1813,7 @@ static void php_odbc_fetch_hash(INTERNAL break; default: - if (result->values[i].vallen == SQL_NULL_DATA) { + if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(&tmp); break; } @@ -1956,7 +1956,7 @@ PHP_FUNCTION(odbc_fetch_into) } if (rc == SQL_SUCCESS_WITH_INFO) { ZVAL_STRINGL(&tmp, buf, result->longreadlen); - } else if (result->values[i].vallen == SQL_NULL_DATA) { + } else if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(&tmp); break; } else { @@ -1965,7 +1965,7 @@ PHP_FUNCTION(odbc_fetch_into) break; default: - if (result->values[i].vallen == SQL_NULL_DATA) { + if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { ZVAL_NULL(&tmp); break; } @@ -2193,7 +2193,7 @@ PHP_FUNCTION(odbc_result) RETURN_FALSE; } - if (result->values[field_ind].vallen == SQL_NULL_DATA) { + if ((int)result->values[field_ind].vallen == (int)SQL_NULL_DATA) { zend_string_efree(field_str); RETURN_NULL(); } else if (rc == SQL_NO_DATA_FOUND) { @@ -2202,7 +2202,7 @@ PHP_FUNCTION(odbc_result) } /* Reduce fieldlen by 1 if we have char data. One day we might have binary strings... */ - if ((result->values[field_ind].coltype == SQL_LONGVARCHAR) + if (((int)result->values[field_ind].coltype == (int)SQL_LONGVARCHAR) #if defined(ODBCVER) && (ODBCVER >= 0x0300) || (result->values[field_ind].coltype == SQL_WLONGVARCHAR) #endif @@ -2219,7 +2219,7 @@ PHP_FUNCTION(odbc_result) break; default: - if (result->values[field_ind].vallen == SQL_NULL_DATA) { + if ((int)result->values[field_ind].vallen == (int)SQL_NULL_DATA) { RETURN_NULL(); } else { RETURN_STRINGL(result->values[field_ind].value, result->values[field_ind].vallen); @@ -2352,7 +2352,7 @@ PHP_FUNCTION(odbc_result_all) } if (rc == SQL_SUCCESS_WITH_INFO) { PHPWRITE(buf, result->longreadlen); - } else if (result->values[i].vallen == SQL_NULL_DATA) { + } else if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { php_printf("<td>NULL</td>"); break; } else { @@ -2361,7 +2361,7 @@ PHP_FUNCTION(odbc_result_all) php_printf("</td>"); break; default: - if (result->values[i].vallen == SQL_NULL_DATA) { + if ((int)result->values[i].vallen == (int)SQL_NULL_DATA) { php_printf("<td>NULL</td>"); } else { php_printf("<td>%s</td>", result->values[i].value); ++++++ php-openssl.patch ++++++ Index: ext/openssl/openssl.c =================================================================== --- ext/openssl/openssl.c 2017-01-17 21:44:41.000000000 +0100 +++ ext/openssl/openssl.c 2017-02-13 15:25:42.219789317 +0100 @@ -1388,6 +1388,7 @@ PHP_MINIT_FUNCTION(openssl) OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); + OPENSSL_config(NULL); #if !defined(OPENSSL_NO_AES) && defined(EVP_CIPH_CCM_MODE) && OPENSSL_VERSION_NUMBER < 0x100020000 EVP_add_cipher(EVP_aes_128_ccm()); Index: ext/openssl/xp_ssl.c =================================================================== --- ext/openssl/xp_ssl.c 2017-02-13 15:25:42.219789317 +0100 +++ ext/openssl/xp_ssl.c 2017-02-13 15:33:47.520365579 +0100 @@ -1518,6 +1518,10 @@ int php_openssl_setup_crypto(php_stream return FAILURE; } +#ifdef SSL_MODE_RELEASE_BUFFERS + SSL_CTX_set_mode(sslsock->ctx, SSL_MODE_RELEASE_BUFFERS); +#endif + if (GET_VER_OPT("no_ticket") && zend_is_true(val)) { ssl_ctx_options |= SSL_OP_NO_TICKET; } ++++++ php-php-config.patch ++++++ --- scripts/php-config.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: scripts/php-config.in =================================================================== --- scripts/php-config.in.orig +++ scripts/php-config.in @@ -6,7 +6,7 @@ datarootdir="@datarootdir@" exec_prefix="@exec_prefix@" version="@PHP_VERSION@" vernum="@PHP_VERSION_ID@" -include_dir="@includedir@/php" +include_dir="@includedir@/php7" includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib" ldflags="@PHP_LDFLAGS@" libs="@EXTRA_LIBS@" ++++++ php-phpize.patch ++++++ --- scripts/Makefile.frag | 4 ++-- scripts/phpize.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) Index: scripts/Makefile.frag =================================================================== --- scripts/Makefile.frag.orig +++ scripts/Makefile.frag @@ -3,8 +3,8 @@ # Build environment install # -phpincludedir = $(includedir)/php -phpbuilddir = $(libdir)/build +phpincludedir = $(includedir)/php7 +phpbuilddir = $(datadir)/build BUILD_FILES = \ scripts/phpize.m4 \ Index: scripts/phpize.in =================================================================== --- scripts/phpize.in.orig +++ scripts/phpize.in @@ -4,8 +4,8 @@ prefix='@prefix@' datarootdir='@datarootdir@' exec_prefix="`eval echo @exec_prefix@`" -phpdir="`eval echo @libdir@`/build" -includedir="`eval echo @includedir@`/php" +phpdir="`eval echo @datadir@`/build" +includedir="`eval echo @includedir@`/php7" builddir="`pwd`" SED="@SED@" ++++++ php-pts.patch ++++++ Index: ext/standard/proc_open.c =================================================================== --- ext/standard/proc_open.c.orig +++ ext/standard/proc_open.c @@ -56,7 +56,7 @@ * */ #ifdef PHP_CAN_SUPPORT_PROC_OPEN -#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H +#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H # include <sys/ioctl.h> # include <termios.h> # define PHP_CAN_DO_PTS 1 @@ -636,14 +636,18 @@ PHP_FUNCTION(proc_open) #if PHP_CAN_DO_PTS if (dev_ptmx == -1) { /* open things up */ - dev_ptmx = open("/dev/ptmx", O_RDWR); + dev_ptmx = open("/dev/ptmx", O_RDWR|O_NOCTTY); if (dev_ptmx == -1) { php_error_docref(NULL, E_WARNING, "failed to open /dev/ptmx, errno %d", errno); goto exit_fail; } grantpt(dev_ptmx); unlockpt(dev_ptmx); +#ifdef TIOCGPTPEER + slave_pty = ioctl(dev_ptmx, TIOCGPTPEER, O_RDWR); +#else slave_pty = open(ptsname(dev_ptmx), O_RDWR); +#endif if (slave_pty == -1) { php_error_docref(NULL, E_WARNING, "failed to open slave pty, errno %d", errno); ++++++ php-systemd-unit.patch ++++++ Index: php-7.4.0RC6/sapi/fpm/php-fpm.service.in =================================================================== --- php-7.4.0RC6.orig/sapi/fpm/php-fpm.service.in 2019-11-19 11:33:35.195960137 +0100 +++ php-7.4.0RC6/sapi/fpm/php-fpm.service.in 2019-11-19 11:35:45.588688471 +0100 @@ -5,10 +5,10 @@ [Unit] Description=The PHP FastCGI Process Manager After=network.target +Before=apache2.service nginx.service lighttpd.service [Service] Type=@php_fpm_systemd@ -PIDFile=@EXPANDED_LOCALSTATEDIR@/run/php-fpm.pid ExecStart=@EXPANDED_SBINDIR@/php-fpm --nodaemonize --fpm-config @EXPANDED_SYSCONFDIR@/php-fpm.conf ExecReload=/bin/kill -USR2 $MAINPID ++++++ php-systzdata-v19.patch ++++++ ++++ 657 lines (skipped) ++++++ php7-CVE-2020-7068.patch ++++++ X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fphar%2Fzip.c;h=50c5d69e9bebb6ab9397b4a924181f9e31a6f665;hp=d615e8addaf8cf8415a994e32e8ca3007cc0fc2a;hb=7355ab81763a3d6a04ac11660e6a16d58838d187;hpb=c68d48de9e1b6b6657d11da308f8b4059ad486dd diff --git a/ext/phar/zip.c b/ext/phar/zip.c index d615e8addaf..50c5d69e9be 100644 --- a/ext/phar/zip.c +++ b/ext/phar/zip.c @@ -703,7 +703,7 @@ foundit: efree(actual_alias); } - zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), actual_alias, mydata->alias_len, mydata); + zend_hash_str_add_ptr(&(PHAR_G(phar_alias_map)), mydata->alias, mydata->alias_len, mydata); } else { phar_archive_data *fd_ptr; ++++++ php7-CVE-2020-7069.patch ++++++ Index: php-7.4.6/ext/openssl/openssl.c =================================================================== --- php-7.4.6.orig/ext/openssl/openssl.c 2020-10-09 11:20:13.026340926 +0200 +++ php-7.4.6/ext/openssl/openssl.c 2020-10-09 11:21:59.122963252 +0200 @@ -6522,11 +6522,6 @@ static int php_openssl_validate_iv(char { char *iv_new; - /* Best case scenario, user behaved */ - if (*piv_len == iv_required_len) { - return SUCCESS; - } - if (mode->is_aead) { if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) { php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed"); @@ -6535,6 +6530,11 @@ static int php_openssl_validate_iv(char return SUCCESS; } + /* Best case scenario, user behaved */ + if (*piv_len == iv_required_len) { + return SUCCESS; + } + iv_new = ecalloc(1, iv_required_len + 1); if (*piv_len == 0) { ++++++ php7-CVE-2020-7070.patch ++++++ Index: php-7.4.6/main/php_variables.c =================================================================== --- php-7.4.6.orig/main/php_variables.c 2020-10-09 10:18:38.836809981 +0200 +++ php-7.4.6/main/php_variables.c 2020-10-09 10:19:30.105107183 +0200 @@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_defaul } val = estrndup(val, val_len); - php_url_decode(var, strlen(var)); + if (arg != PARSE_COOKIE) { + php_url_decode(var, strlen(var)); + } if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { php_register_variable_safe(var, val, new_val_len, &array); } ++++++ php7-CVE-2020-7071.patch ++++++ X-Git-Url: http://208.43.231.11:8000/?p=php-src.git;a=blobdiff_plain;f=ext%2Fstandard%2Furl.c;h=113e0100243a4391a15e8fe1727867239201af7a;hp=a33091a86b75191c469a0c1dd076f0bf911af376;hb=b7f837381ef642d7fb369bfd0069e7525d4c22ea;hpb=b4b4a75afccde07724c39f8e8eb6217bab1db8bd Index: php-7.4.6/ext/standard/url.c =================================================================== --- php-7.4.6.orig/ext/standard/url.c 2020-05-12 10:09:27.000000000 +0200 +++ php-7.4.6/ext/standard/url.c 2021-01-11 12:10:00.876716443 +0100 @@ -87,6 +87,22 @@ PHPAPI php_url *php_url_parse(char const return php_url_parse_ex(str, strlen(str)); } +static int is_userinfo_valid(const char *str, size_t len) +{ + const char *valid = "-._~!$&'()*+,;=:"; + const char *p = str; + while (p - str < len) { + if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { + p++; + } else if (*p == '%' && p - str <= len - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) { + p += 3; + } else { + return 0; + } + } + return 1; +} + /* {{{ php_url_parse */ PHPAPI php_url *php_url_parse_ex(char const *str, size_t length) @@ -228,13 +244,17 @@ PHPAPI php_url *php_url_parse_ex(char co ret->pass = zend_string_init(pp, (p-pp), 0); php_replace_controlchars_ex(ZSTR_VAL(ret->pass), ZSTR_LEN(ret->pass)); } else { - ret->user = zend_string_init(s, (p-s), 0); - php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user)); + if (!is_userinfo_valid(s, p-s)) { + goto check_port; + } + ret->user = zend_string_init(s, (p-s), 0); + php_replace_controlchars_ex(ZSTR_VAL(ret->user), ZSTR_LEN(ret->user)); } s = p + 1; } +check_port: /* check for port */ if (s < ue && *s == '[' && *(e-1) == ']') { /* Short circuit portscan, ++++++ php7-CVE-2021-21702.patch ++++++ Index: php-7.4.6/ext/soap/php_sdl.c =================================================================== --- php-7.4.6.orig/ext/soap/php_sdl.c 2020-05-12 10:09:18.000000000 +0200 +++ php-7.4.6/ext/soap/php_sdl.c 2021-02-11 10:54:25.238409016 +0100 @@ -315,6 +315,8 @@ void sdl_restore_uri_credentials(sdlCtx ctx->context = NULL; } +#define SAFE_STR(a) ((a)?a:"") + static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include) { sdlPtr tmpsdl = ctx->sdl; @@ -376,7 +378,7 @@ static void load_wsdl_ex(zval *this_ptr, if (node_is_equal_ex(trav2, "schema", XSD_NAMESPACE)) { load_schema(ctx, trav2); } else if (is_wsdl_element(trav2) && !node_is_equal(trav2,"documentation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav2->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav2->name)); } trav2 = trav2->next; } @@ -437,7 +439,7 @@ static void load_wsdl_ex(zval *this_ptr, soap_error0(E_ERROR, "Parsing WSDL: <service> has no name attribute"); } } else if (!node_is_equal(trav,"documentation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav->name)); } trav = trav->next; } @@ -547,7 +549,7 @@ static sdlSoapBindingFunctionHeaderPtr w } smart_str_free(&key); } else if (is_wsdl_element(trav) && !node_is_equal(trav,"documentation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav->name)); } trav = trav->next; } @@ -649,7 +651,7 @@ static void wsdl_soap_binding_body(sdlCt } smart_str_free(&key); } else if (is_wsdl_element(trav) && !node_is_equal(trav,"documentation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav->name)); } trav = trav->next; } @@ -681,14 +683,14 @@ static HashTable* wsdl_message(sdlCtx *c sdlParamPtr param; if (trav->ns != NULL && strcmp((char*)trav->ns->href, WSDL_NAMESPACE) != 0) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected extensibility element <%s>", trav->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected extensibility element <%s>", SAFE_STR(trav->name)); } if (node_is_equal(trav,"documentation")) { trav = trav->next; continue; } if (!node_is_equal(trav,"part")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav->name)); } part = trav; param = emalloc(sizeof(sdlParam)); @@ -697,7 +699,7 @@ static HashTable* wsdl_message(sdlCtx *c name = get_attribute(part->properties, "name"); if (name == NULL) { - soap_error1(E_ERROR, "Parsing WSDL: No name associated with <part> '%s'", message->name); + soap_error1(E_ERROR, "Parsing WSDL: No name associated with <part> '%s'", SAFE_STR(message->name)); } param->paramName = estrdup((char*)name->children->content); @@ -768,7 +770,7 @@ static sdlPtr load_wsdl(zval *this_ptr, continue; } if (!node_is_equal(trav,"port")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav->name)); } port = trav; @@ -807,7 +809,7 @@ static sdlPtr load_wsdl(zval *this_ptr, } } if (trav2 != address && is_wsdl_element(trav2) && !node_is_equal(trav2,"documentation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav2->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav2->name)); } trav2 = trav2->next; } @@ -909,7 +911,7 @@ static sdlPtr load_wsdl(zval *this_ptr, continue; } if (!node_is_equal(trav2,"operation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav2->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav2->name)); } operation = trav2; @@ -928,7 +930,7 @@ static sdlPtr load_wsdl(zval *this_ptr, !node_is_equal(trav3,"output") && !node_is_equal(trav3,"fault") && !node_is_equal(trav3,"documentation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav3->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav3->name)); } trav3 = trav3->next; } @@ -1106,7 +1108,7 @@ static sdlPtr load_wsdl(zval *this_ptr, } } } else if (is_wsdl_element(trav) && !node_is_equal(trav,"documentation")) { - soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", trav->name); + soap_error1(E_ERROR, "Parsing WSDL: Unexpected WSDL element <%s>", SAFE_STR(trav->name)); } trav = trav->next; } Index: php-7.4.6/ext/soap/php_xml.c =================================================================== --- php-7.4.6.orig/ext/soap/php_xml.c 2020-05-12 10:09:18.000000000 +0200 +++ php-7.4.6/ext/soap/php_xml.c 2021-02-11 10:54:25.238409016 +0100 @@ -199,7 +199,7 @@ xmlNsPtr node_find_ns(xmlNodePtr node) int attr_is_equal_ex(xmlAttrPtr node, char *name, char *ns) { - if (name == NULL || strcmp((char*)node->name, name) == 0) { + if (name == NULL || ((node->name) && strcmp((char*)node->name, name) == 0)) { if (ns) { xmlNsPtr nsPtr = attr_find_ns(node); if (nsPtr) { @@ -215,7 +215,7 @@ int attr_is_equal_ex(xmlAttrPtr node, ch int node_is_equal_ex(xmlNodePtr node, char *name, char *ns) { - if (name == NULL || strcmp((char*)node->name, name) == 0) { + if (name == NULL || ((node->name) && strcmp((char*)node->name, name) == 0)) { if (ns) { xmlNsPtr nsPtr = node_find_ns(node); if (nsPtr) { ++++++ php7-CVE-2021-21703.patch ++++++ diff --git a/sapi/fpm/fpm/fpm_children.c b/sapi/fpm/fpm/fpm_children.c index fd121372f37c..912f77c11aa7 100644 --- a/sapi/fpm/fpm/fpm_children.c +++ b/sapi/fpm/fpm/fpm_children.c @@ -246,7 +246,7 @@ void fpm_children_bury() /* {{{ */ fpm_child_unlink(child); - fpm_scoreboard_proc_free(wp->scoreboard, child->scoreboard_i); + fpm_scoreboard_proc_free(child); fpm_clock_get(&tv1); @@ -256,9 +256,9 @@ void fpm_children_bury() /* {{{ */ if (!fpm_pctl_can_spawn_children()) { severity = ZLOG_DEBUG; } - zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", child->wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec); + zlog(severity, "[pool %s] child %d exited %s after %ld.%06d seconds from start", wp->config->name, (int) pid, buf, tv2.tv_sec, (int) tv2.tv_usec); } else { - zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", child->wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec); + zlog(ZLOG_DEBUG, "[pool %s] child %d has been killed by the process management after %ld.%06d seconds from start", wp->config->name, (int) pid, tv2.tv_sec, (int) tv2.tv_usec); } fpm_child_close(child, 1 /* in event_loop */); @@ -324,7 +324,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) / return 0; } - if (0 > fpm_scoreboard_proc_alloc(wp->scoreboard, &c->scoreboard_i)) { + if (0 > fpm_scoreboard_proc_alloc(c)) { fpm_stdio_discard_pipes(c); fpm_child_free(c); return 0; @@ -336,7 +336,7 @@ static struct fpm_child_s *fpm_resources_prepare(struct fpm_worker_pool_s *wp) / static void fpm_resources_discard(struct fpm_child_s *child) /* {{{ */ { - fpm_scoreboard_proc_free(child->wp->scoreboard, child->scoreboard_i); + fpm_scoreboard_proc_free(child); fpm_stdio_discard_pipes(child); fpm_child_free(child); } @@ -349,10 +349,10 @@ static void fpm_child_resources_use(struct fpm_child_s *child) /* {{{ */ if (wp == child->wp) { continue; } - fpm_scoreboard_free(wp->scoreboard); + fpm_scoreboard_free(wp); } - fpm_scoreboard_child_use(child->wp->scoreboard, child->scoreboard_i, getpid()); + fpm_scoreboard_child_use(child, getpid()); fpm_stdio_child_use_pipes(child); fpm_child_free(child); } diff --git a/sapi/fpm/fpm/fpm_request.c b/sapi/fpm/fpm/fpm_request.c index c80aa144628f..0a6f6a7cfbf0 100644 --- a/sapi/fpm/fpm/fpm_request.c +++ b/sapi/fpm/fpm/fpm_request.c @@ -285,7 +285,7 @@ int fpm_request_is_idle(struct fpm_child_s *child) /* {{{ */ struct fpm_scoreboard_proc_s *proc; /* no need in atomicity here */ - proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i); + proc = fpm_scoreboard_proc_get_from_child(child); if (!proc) { return 0; } @@ -300,7 +300,7 @@ int fpm_request_last_activity(struct fpm_child_s *child, struct timeval *tv) /* if (!tv) return -1; - proc = fpm_scoreboard_proc_get(child->wp->scoreboard, child->scoreboard_i); + proc = fpm_scoreboard_proc_get_from_child(child); if (!proc) { return -1; } diff --git a/sapi/fpm/fpm/fpm_scoreboard.c b/sapi/fpm/fpm/fpm_scoreboard.c index 328f999f0c9b..7e9da4d6848a 100644 --- a/sapi/fpm/fpm/fpm_scoreboard.c +++ b/sapi/fpm/fpm/fpm_scoreboard.c @@ -6,6 +6,7 @@ #include <time.h> #include "fpm_config.h" +#include "fpm_children.h" #include "fpm_scoreboard.h" #include "fpm_shm.h" #include "fpm_sockets.h" @@ -23,7 +24,6 @@ static float fpm_scoreboard_tick; int fpm_scoreboard_init_main() /* {{{ */ { struct fpm_worker_pool_s *wp; - unsigned int i; #ifdef HAVE_TIMES #if (defined(HAVE_SYSCONF) && defined(_SC_CLK_TCK)) @@ -40,7 +40,7 @@ int fpm_scoreboard_init_main() /* {{{ */ for (wp = fpm_worker_all_pools; wp; wp = wp->next) { - size_t scoreboard_size, scoreboard_nprocs_size; + size_t scoreboard_procs_size; void *shm_mem; if (wp->config->pm_max_children < 1) { @@ -53,22 +53,15 @@ int fpm_scoreboard_init_main() /* {{{ */ return -1; } - scoreboard_size = sizeof(struct fpm_scoreboard_s) + (wp->config->pm_max_children) * sizeof(struct fpm_scoreboard_proc_s *); - scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children; - shm_mem = fpm_shm_alloc(scoreboard_size + scoreboard_nprocs_size); + scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children; + shm_mem = fpm_shm_alloc(sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size); if (!shm_mem) { return -1; } - wp->scoreboard = shm_mem; + wp->scoreboard = shm_mem; + wp->scoreboard->pm = wp->config->pm; wp->scoreboard->nprocs = wp->config->pm_max_children; - shm_mem += scoreboard_size; - - for (i = 0; i < wp->scoreboard->nprocs; i++, shm_mem += sizeof(struct fpm_scoreboard_proc_s)) { - wp->scoreboard->procs[i] = shm_mem; - } - - wp->scoreboard->pm = wp->config->pm; wp->scoreboard->start_epoch = time(NULL); strlcpy(wp->scoreboard->pool, wp->config->name, sizeof(wp->scoreboard->pool)); } @@ -162,28 +155,48 @@ struct fpm_scoreboard_s *fpm_scoreboard_get() /* {{{*/ } /* }}} */ -struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/ +static inline struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_ex( + struct fpm_scoreboard_s *scoreboard, int child_index, unsigned int nprocs) /* {{{*/ { if (!scoreboard) { - scoreboard = fpm_scoreboard; + return NULL; } - if (!scoreboard) { + if (child_index < 0 || (unsigned int)child_index >= nprocs) { return NULL; } + return &scoreboard->procs[child_index]; +} +/* }}} */ + +struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get( + struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{*/ +{ + if (!scoreboard) { + scoreboard = fpm_scoreboard; + } + if (child_index < 0) { child_index = fpm_scoreboard_i; } - if (child_index < 0 || (unsigned int)child_index >= scoreboard->nprocs) { - return NULL; - } + return fpm_scoreboard_proc_get_ex(scoreboard, child_index, scoreboard->nprocs); +} +/* }}} */ - return scoreboard->procs[child_index]; +struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child) /* {{{*/ +{ + struct fpm_worker_pool_s *wp = child->wp; + unsigned int nprocs = wp->config->pm_max_children; + struct fpm_scoreboard_s *scoreboard = wp->scoreboard; + int child_index = child->scoreboard_i; + + return fpm_scoreboard_proc_get_ex(scoreboard, child_index, nprocs); } /* }}} */ + struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang) /* {{{ */ { struct fpm_scoreboard_s *s; @@ -234,28 +247,28 @@ void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc) /* {{{ */ proc->lock = 0; } -void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard) /* {{{ */ +void fpm_scoreboard_free(struct fpm_worker_pool_s *wp) /* {{{ */ { - size_t scoreboard_size, scoreboard_nprocs_size; + size_t scoreboard_procs_size; + struct fpm_scoreboard_s *scoreboard = wp->scoreboard; if (!scoreboard) { zlog(ZLOG_ERROR, "**scoreboard is NULL"); return; } - scoreboard_size = sizeof(struct fpm_scoreboard_s) + (scoreboard->nprocs) * sizeof(struct fpm_scoreboard_proc_s *); - scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) * scoreboard->nprocs; + scoreboard_procs_size = sizeof(struct fpm_scoreboard_proc_s) * wp->config->pm_max_children; - fpm_shm_free(scoreboard, scoreboard_size + scoreboard_nprocs_size); + fpm_shm_free(scoreboard, sizeof(struct fpm_scoreboard_s) + scoreboard_procs_size); } /* }}} */ -void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid) /* {{{ */ +void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid) /* {{{ */ { struct fpm_scoreboard_proc_s *proc; - fpm_scoreboard = scoreboard; - fpm_scoreboard_i = child_index; - proc = fpm_scoreboard_proc_get(scoreboard, child_index); + fpm_scoreboard = child->wp->scoreboard; + fpm_scoreboard_i = child->scoreboard_i; + proc = fpm_scoreboard_proc_get_from_child(child); if (!proc) { return; } @@ -264,18 +277,22 @@ void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_ind } /* }}} */ -void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index) /* {{{ */ +void fpm_scoreboard_proc_free(struct fpm_child_s *child) /* {{{ */ { + struct fpm_worker_pool_s *wp = child->wp; + struct fpm_scoreboard_s *scoreboard = wp->scoreboard; + int child_index = child->scoreboard_i; + if (!scoreboard) { return; } - if (child_index < 0 || (unsigned int)child_index >= scoreboard->nprocs) { + if (child_index < 0 || child_index >= wp->config->pm_max_children) { return; } - if (scoreboard->procs[child_index] && scoreboard->procs[child_index]->used > 0) { - memset(scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s)); + if (scoreboard->procs[child_index].used > 0) { + memset(&scoreboard->procs[child_index], 0, sizeof(struct fpm_scoreboard_proc_s)); } /* set this slot as free to avoid search on next alloc */ @@ -283,41 +300,44 @@ void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_ind } /* }}} */ -int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index) /* {{{ */ +int fpm_scoreboard_proc_alloc(struct fpm_child_s *child) /* {{{ */ { int i = -1; + struct fpm_worker_pool_s *wp = child->wp; + struct fpm_scoreboard_s *scoreboard = wp->scoreboard; + int nprocs = wp->config->pm_max_children; - if (!scoreboard || !child_index) { + if (!scoreboard) { return -1; } /* first try the slot which is supposed to be free */ - if (scoreboard->free_proc >= 0 && (unsigned int)scoreboard->free_proc < scoreboard->nprocs) { - if (scoreboard->procs[scoreboard->free_proc] && !scoreboard->procs[scoreboard->free_proc]->used) { + if (scoreboard->free_proc >= 0 && scoreboard->free_proc < nprocs) { + if (!scoreboard->procs[scoreboard->free_proc].used) { i = scoreboard->free_proc; } } if (i < 0) { /* the supposed free slot is not, let's search for a free slot */ zlog(ZLOG_DEBUG, "[pool %s] the proc->free_slot was not free. Let's search", scoreboard->pool); - for (i = 0; i < (int)scoreboard->nprocs; i++) { - if (scoreboard->procs[i] && !scoreboard->procs[i]->used) { /* found */ + for (i = 0; i < nprocs; i++) { + if (!scoreboard->procs[i].used) { /* found */ break; } } } /* no free slot */ - if (i < 0 || i >= (int)scoreboard->nprocs) { + if (i < 0 || i >= nprocs) { zlog(ZLOG_ERROR, "[pool %s] no free scoreboard slot", scoreboard->pool); return -1; } - scoreboard->procs[i]->used = 1; - *child_index = i; + scoreboard->procs[i].used = 1; + child->scoreboard_i = i; /* supposed next slot is free */ - if (i + 1 >= (int)scoreboard->nprocs) { + if (i + 1 >= nprocs) { scoreboard->free_proc = 0; } else { scoreboard->free_proc = i + 1; diff --git a/sapi/fpm/fpm/fpm_scoreboard.h b/sapi/fpm/fpm/fpm_scoreboard.h index 1fecde1d0feb..9d5981e1c739 100644 --- a/sapi/fpm/fpm/fpm_scoreboard.h +++ b/sapi/fpm/fpm/fpm_scoreboard.h @@ -63,7 +63,7 @@ struct fpm_scoreboard_s { unsigned int nprocs; int free_proc; unsigned long int slow_rq; - struct fpm_scoreboard_proc_s *procs[]; + struct fpm_scoreboard_proc_s procs[]; }; int fpm_scoreboard_init_main(); @@ -72,18 +72,19 @@ int fpm_scoreboard_init_child(struct fpm_worker_pool_s *wp); void fpm_scoreboard_update(int idle, int active, int lq, int lq_len, int requests, int max_children_reached, int slow_rq, int action, struct fpm_scoreboard_s *scoreboard); struct fpm_scoreboard_s *fpm_scoreboard_get(); struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get(struct fpm_scoreboard_s *scoreboard, int child_index); +struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_get_from_child(struct fpm_child_s *child); struct fpm_scoreboard_s *fpm_scoreboard_acquire(struct fpm_scoreboard_s *scoreboard, int nohang); void fpm_scoreboard_release(struct fpm_scoreboard_s *scoreboard); struct fpm_scoreboard_proc_s *fpm_scoreboard_proc_acquire(struct fpm_scoreboard_s *scoreboard, int child_index, int nohang); void fpm_scoreboard_proc_release(struct fpm_scoreboard_proc_s *proc); -void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard); +void fpm_scoreboard_free(struct fpm_worker_pool_s *wp); -void fpm_scoreboard_child_use(struct fpm_scoreboard_s *scoreboard, int child_index, pid_t pid); +void fpm_scoreboard_child_use(struct fpm_child_s *child, pid_t pid); -void fpm_scoreboard_proc_free(struct fpm_scoreboard_s *scoreboard, int child_index); -int fpm_scoreboard_proc_alloc(struct fpm_scoreboard_s *scoreboard, int *child_index); +void fpm_scoreboard_proc_free(struct fpm_child_s *child); +int fpm_scoreboard_proc_alloc(struct fpm_child_s *child); #ifdef HAVE_TIMES float fpm_scoreboard_get_tick(); diff --git a/sapi/fpm/fpm/fpm_status.c b/sapi/fpm/fpm/fpm_status.c index 36d224063583..de8db9d61a25 100644 --- a/sapi/fpm/fpm/fpm_status.c +++ b/sapi/fpm/fpm/fpm_status.c @@ -498,10 +498,10 @@ int fpm_status_handle_request(void) /* {{{ */ first = 1; for (i=0; i<scoreboard_p->nprocs; i++) { - if (!scoreboard_p->procs[i] || !scoreboard_p->procs[i]->used) { + if (!scoreboard_p->procs[i].used) { continue; } - proc = *scoreboard_p->procs[i]; + proc = scoreboard_p->procs[i]; if (first) { first = 0; diff --git a/sapi/fpm/fpm/fpm_worker_pool.c b/sapi/fpm/fpm/fpm_worker_pool.c index d04528f4e0d0..65a9b226b1ae 100644 --- a/sapi/fpm/fpm/fpm_worker_pool.c +++ b/sapi/fpm/fpm/fpm_worker_pool.c @@ -54,7 +54,7 @@ static void fpm_worker_pool_cleanup(int which, void *arg) /* {{{ */ fpm_worker_pool_config_free(wp->config); fpm_children_free(wp->children); if ((which & FPM_CLEANUP_CHILD) == 0 && fpm_globals.parent_pid == getpid()) { - fpm_scoreboard_free(wp->scoreboard); + fpm_scoreboard_free(wp); } fpm_worker_pool_free(wp); } ++++++ php7-CVE-2021-21704.patch ++++++ Index: php-7.4.6/ext/pdo_firebird/firebird_driver.c =================================================================== --- php-7.4.6.orig/ext/pdo_firebird/firebird_driver.c 2020-05-12 10:09:19.000000000 +0200 +++ php-7.4.6/ext/pdo_firebird/firebird_driver.c 2021-08-02 14:05:22.216865965 +0200 @@ -206,8 +206,17 @@ static zend_long firebird_handle_doer(pd if (result[0] == isc_info_sql_records) { unsigned i = 3, result_size = isc_vax_integer(&result[1],2); + if (result_size > sizeof(result)) { + ret = -1; + goto free_statement; + } while (result[i] != isc_info_end && i < result_size) { short len = (short)isc_vax_integer(&result[i+1],2); + /* bail out on bad len */ + if (len != 1 && len != 2 && len != 4) { + ret = -1; + goto free_statement; + } if (result[i] != isc_info_req_select_count) { ret += isc_vax_integer(&result[i+3],len); } @@ -509,14 +518,16 @@ static int firebird_handle_set_attribute } /* }}} */ +#define INFO_BUF_LEN 512 + /* callback to used to report database server info */ static void firebird_info_cb(void *arg, char const *s) /* {{{ */ { if (arg) { if (*(char*)arg) { /* second call */ - strcat(arg, " "); + strlcat(arg, " ", INFO_BUF_LEN); } - strcat(arg, s); + strlcat(arg, s, INFO_BUF_LEN); } } /* }}} */ @@ -527,7 +538,7 @@ static int firebird_handle_get_attribute pdo_firebird_db_handle *H = (pdo_firebird_db_handle *)dbh->driver_data; switch (attr) { - char tmp[512]; + char tmp[INFO_BUF_LEN]; case PDO_ATTR_AUTOCOMMIT: ZVAL_LONG(val,dbh->auto_commit); Index: php-7.4.6/ext/pdo_firebird/firebird_statement.c =================================================================== --- php-7.4.6.orig/ext/pdo_firebird/firebird_statement.c 2020-05-12 10:09:19.000000000 +0200 +++ php-7.4.6/ext/pdo_firebird/firebird_statement.c 2021-08-02 14:05:22.216865965 +0200 @@ -136,8 +136,14 @@ static int firebird_stmt_execute(pdo_stm } if (result[0] == isc_info_sql_records) { unsigned i = 3, result_size = isc_vax_integer(&result[1], 2); + if (result_size > sizeof(result)) { + goto error; + } while (result[i] != isc_info_end && i < result_size) { short len = (short) isc_vax_integer(&result[i + 1], 2); + if (len != 1 && len != 2 && len != 4) { + goto error; + } if (result[i] != isc_info_req_select_count) { affected_rows += isc_vax_integer(&result[i + 3], len); } @@ -161,6 +167,7 @@ static int firebird_stmt_execute(pdo_stm return 1; } while (0); +error: RECORD_ERROR(stmt); return 0; @@ -302,6 +309,11 @@ static int firebird_fetch_blob(pdo_stmt_ unsigned short seg_len; ISC_STATUS stat; + /* prevent overflow */ + if (*len == ZEND_ULONG_MAX) { + result = 0; + goto fetch_blob_end; + } *ptr = S->fetch_buf[colno] = erealloc(S->fetch_buf[colno], *len+1); for (cur_len = stat = 0; (!stat || stat == isc_segment) && cur_len < *len; cur_len += seg_len) { ++++++ php7-CVE-2021-21705.patch ++++++ Index: php-7.4.6/ext/filter/logical_filters.c =================================================================== --- php-7.4.6.orig/ext/filter/logical_filters.c 2020-05-12 10:09:22.000000000 +0200 +++ php-7.4.6/ext/filter/logical_filters.c 2021-07-09 14:56:54.242534739 +0200 @@ -555,6 +555,22 @@ void php_filter_validate_domain(PHP_INPU } /* }}} */ +static int is_userinfo_valid(zend_string *str) +{ + const char *valid = "-._~!$&'()*+,;=:"; + const char *p = ZSTR_VAL(str); + while (p - ZSTR_VAL(str) < ZSTR_LEN(str)) { + if (isalpha(*p) || isdigit(*p) || strchr(valid, *p)) { + p++; + } else if (*p == '%' && p - ZSTR_VAL(str) <= ZSTR_LEN(str) - 3 && isdigit(*(p+1)) && isxdigit(*(p+2))) { + p += 3; + } else { + return 0; + } + } + return 1; +} + void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; @@ -615,6 +631,15 @@ bad_url: php_url_free(url); RETURN_VALIDATION_FAILED } + + if (url->user != NULL && !is_userinfo_valid(url->user) + || url->pass != NULL && !is_userinfo_valid(url->pass) + ) { + php_url_free(url); + RETURN_VALIDATION_FAILED + + } + php_url_free(url); } /* }}} */ ++++++ php7-CVE-2021-21707.patch ++++++ Index: php-7.4.6/ext/dom/domimplementation.c =================================================================== --- php-7.4.6.orig/ext/dom/domimplementation.c 2020-05-12 10:09:21.000000000 +0200 +++ php-7.4.6/ext/dom/domimplementation.c 2021-11-26 11:22:10.118332604 +0100 @@ -112,6 +112,11 @@ PHP_METHOD(domimplementation, createDocu pch2 = (xmlChar *) systemid; } + if (strstr(name, "%00")) { + php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); + RETURN_FALSE; + } + uri = xmlParseURI(name); if (uri != NULL && uri->opaque != NULL) { localname = xmlStrdup((xmlChar *) uri->opaque); Index: php-7.4.6/ext/libxml/libxml.c =================================================================== --- php-7.4.6.orig/ext/libxml/libxml.c 2020-05-12 10:09:17.000000000 +0200 +++ php-7.4.6/ext/libxml/libxml.c 2021-11-26 11:22:10.122332630 +0100 @@ -303,6 +303,10 @@ static void *php_libxml_streams_IO_open_ int isescaped=0; xmlURI *uri; + if (strstr(filename, "%00")) { + php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); + return NULL; + } uri = xmlParseURI(filename); if (uri && (uri->scheme == NULL || @@ -434,6 +438,11 @@ php_libxml_output_buffer_create_filename if (URI == NULL) return(NULL); + if (strstr(URI, "%00")) { + php_error_docref(NULL, E_WARNING, "URI must not contain percent-encoded NUL bytes"); + return NULL; + } + puri = xmlParseURI(URI); if (puri != NULL) { if (puri->scheme != NULL) ++++++ php7-arm-build-fixes.patch ++++++ Index: php-7.4.5/ext/standard/crc32.c =================================================================== --- php-7.4.5.orig/ext/standard/crc32.c 2020-04-14 14:54:45.000000000 +0200 +++ php-7.4.5/ext/standard/crc32.c 2020-05-13 10:08:59.811448152 +0200 @@ -20,7 +20,7 @@ #include "basic_functions.h" #include "crc32.h" -#if defined(__aarch64__) && defined(HAVE_SYS_AUXV_H) +#if 0 # include <arm_acle.h> # if defined(__linux__) # include <sys/auxv.h> @@ -85,7 +85,7 @@ PHP_NAMED_FUNCTION(php_if_crc32) crc = crcinit^0xFFFFFFFF; -#if defined(__aarch64__) && defined(HAVE_SYS_AUXV_H) +#if 0 if (has_crc32_insn()) { crc = crc32_aarch64(crc, p, nr); RETURN_LONG(crc^0xFFFFFFFF); Index: php-7.4.5/Zend/zend_operators.h =================================================================== --- php-7.4.5.orig/Zend/zend_operators.h 2020-04-14 14:54:48.000000000 +0200 +++ php-7.4.5/Zend/zend_operators.h 2020-05-13 12:00:10.846071237 +0200 @@ -670,26 +670,6 @@ overflow: ZEND_ATTRIBUTE_COLD_LABEL return; overflow: ZEND_ATTRIBUTE_COLD_LABEL ZVAL_DOUBLE(result, (double) Z_LVAL_P(op1) + (double) Z_LVAL_P(op2)); -#elif ZEND_USE_ASM_ARITHMETIC && defined(__aarch64__) - __asm__ goto( - "ldr x5, [%1]\n\t" - "ldr x6, [%2]\n\t" - "adds x5, x5, x6\n\t" - "bvs %l5\n\t" - "mov w6, %3\n\t" - "str x5, [%0]\n\t" - "str w6, [%0, %c4]\n" - : - : "r"(&result->value), - "r"(&op1->value), - "r"(&op2->value), - "n"(IS_LONG), - "n"(ZVAL_OFFSETOF_TYPE) - : "x5", "x6", "cc", "memory" - : overflow); - return; -overflow: ZEND_ATTRIBUTE_COLD_LABEL - ZVAL_DOUBLE(result, (double) Z_LVAL_P(op1) + (double) Z_LVAL_P(op2)); #elif PHP_HAVE_BUILTIN_SADDL_OVERFLOW && SIZEOF_LONG == SIZEOF_ZEND_LONG long lresult; if (UNEXPECTED(__builtin_saddl_overflow(Z_LVAL_P(op1), Z_LVAL_P(op2), &lresult))) { @@ -779,26 +759,6 @@ overflow: ZEND_ATTRIBUTE_COLD_LABEL : overflow); return; overflow: ZEND_ATTRIBUTE_COLD_LABEL - ZVAL_DOUBLE(result, (double) Z_LVAL_P(op1) - (double) Z_LVAL_P(op2)); -#elif ZEND_USE_ASM_ARITHMETIC && defined(__aarch64__) - __asm__ goto( - "ldr x5, [%1]\n\t" - "ldr x6, [%2]\n\t" - "subs x5, x5, x6\n\t" - "bvs %l5\n\t" - "mov w6, %3\n\t" - "str x5, [%0]\n\t" - "str w6, [%0, %c4]\n" - : - : "r"(&result->value), - "r"(&op1->value), - "r"(&op2->value), - "n"(IS_LONG), - "n"(ZVAL_OFFSETOF_TYPE) - : "x5", "x6", "cc", "memory" - : overflow); - return; -overflow: ZEND_ATTRIBUTE_COLD_LABEL ZVAL_DOUBLE(result, (double) Z_LVAL_P(op1) - (double) Z_LVAL_P(op2)); #elif PHP_HAVE_BUILTIN_SSUBL_OVERFLOW && SIZEOF_LONG == SIZEOF_ZEND_LONG long lresult; ++++++ php7-bsc1175508.patch ++++++ >From d66e48b5b6574f91e5dbd0a73c4ae3b62874a47a Mon Sep 17 00:00:00 2001 From: Nikita Popov <nikita....@gmail.com> Date: Mon, 30 Aug 2021 16:31:28 +0200 Subject: [PATCH] Error on resource ID space overflow --- Zend/zend_list.c | 2 ++ 1 file changed, 2 insertions(+) Index: php-7.4.6/Zend/zend_list.c =================================================================== --- php-7.4.6.orig/Zend/zend_list.c 2021-10-04 13:04:05.596024043 +0200 +++ php-7.4.6/Zend/zend_list.c 2021-10-04 13:07:26.869206163 +0200 @@ -37,6 +37,8 @@ ZEND_API zval* ZEND_FASTCALL zend_list_i index = zend_hash_next_free_element(&EG(regular_list)); if (index == 0) { index = 1; + } else if (index == INT_MAX) { + zend_error_noreturn(E_ERROR, "Resource ID space overflow"); } ZVAL_NEW_RES(&zv, index, ptr, type); return zend_hash_index_add_new(&EG(regular_list), index, &zv); ++++++ php7.rpmlintrc ++++++ # Non-versioned shared library, php-embed requires # exact version of main package, parallel installation # not wanted addFilter("php.-embed.* shlib-policy-name-error") # PHP5 is obsolete, replaced by PHP7 addFilter("obsolete-not-provided php5-*") # Forgot to add category? addFilter("non-standard-group Development/Libraries/PHP")