commit 1797a3f9566209520174e724f97823cbfc760002
Author: Elan Ruusamäe <[email protected]>
Date: Fri Oct 29 12:26:02 2021 +0300
Add php-fpm-shm-corruption.patch before bug-81026-CVE-2021-21703.patch
php-fpm-shm-corruption.patch | 86 ++++++++++++++++++++++++++++++++++++++++++++
php.spec | 4 ++-
2 files changed, 89 insertions(+), 1 deletion(-)
---
diff --git a/php.spec b/php.spec
index df1035e..2b841a3 100644
--- a/php.spec
+++ b/php.spec
@@ -252,7 +252,8 @@ Patch75: openssl.patch
Patch76: php-bug-61930.patch
Patch77: php-icu64.patch
Patch78: icu69.patch
-Patch79: bug-81026-CVE-2021-21703.patch
+Patch79: php-fpm-shm-corruption.patch
+Patch80: bug-81026-CVE-2021-21703.patch
# Fixes for security bugs
# https://repo.webtatic.com/yum/centos/5/SRPMS/repoview/php.html
# also from RHEL6/CentOS7
@@ -2166,6 +2167,7 @@ gzip -dc %{SOURCE15} | tar xf - -C sapi/
%patch77 -p1
%patch78 -p1
%patch79 -p1
+%patch80 -p1
%patch220 -p1
%patch221 -p1
diff --git a/php-fpm-shm-corruption.patch b/php-fpm-shm-corruption.patch
new file mode 100644
index 0000000..c1c2ded
--- /dev/null
+++ b/php-fpm-shm-corruption.patch
@@ -0,0 +1,86 @@
+From a22175b06f22965e0d79e2b5bb6c734950adfc5d Mon Sep 17 00:00:00 2001
+From: Julien Pauli <[email protected]>
+Date: Fri, 23 Sep 2016 13:24:31 +0200
+Subject: [PATCH] Formatting. Fix possible memory corruption in FPM SHM
+ management
+
+---
+ sapi/fpm/fpm/fpm_scoreboard.c | 28 ++++++++++++++++------------
+ 1 file changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/sapi/fpm/fpm/fpm_scoreboard.c b/sapi/fpm/fpm/fpm_scoreboard.c
+index 3e57333e9f..e1e69c9780 100644
+--- a/sapi/fpm/fpm/fpm_scoreboard.c
++++ b/sapi/fpm/fpm/fpm_scoreboard.c
+@@ -25,7 +25,7 @@ static float fpm_scoreboard_tick;
+ int fpm_scoreboard_init_main() /* {{{ */
+ {
+ struct fpm_worker_pool_s *wp;
+- int i;
++ unsigned int i;
+
+ #ifdef HAVE_TIMES
+ #if (defined(HAVE_SYSCONF) && defined(_SC_CLK_TCK))
+@@ -42,6 +42,9 @@ int fpm_scoreboard_init_main() /* {{{ */
+
+
+ for (wp = fpm_worker_all_pools; wp; wp = wp->next) {
++ size_t scoreboard_size, scoreboard_nprocs_size;
++ void *shm_mem;
++
+ if (wp->config->pm_max_children < 1) {
+ zlog(ZLOG_ERROR, "[pool %s] Unable to create scoreboard
SHM because max_client is not set", wp->config->name);
+ return -1;
+@@ -52,21 +55,22 @@ int fpm_scoreboard_init_main() /* {{{ */
+ return -1;
+ }
+
+- int scoreboard_size = sizeof(struct fpm_scoreboard_s) +
(wp->config->pm_max_children) * sizeof(struct fpm_scoreboard_proc_s *);
+- int scoreboard_nprocs_size = sizeof(struct
fpm_scoreboard_proc_s) * wp->config->pm_max_children;
+- void *shm_mem = fpm_shm_alloc(scoreboard_size +
scoreboard_nprocs_size);
++ scoreboard_size = sizeof(struct fpm_scoreboard_s) +
(wp->config->pm_max_children) * sizeof(struct fpm_scoreboard_proc_s *);
++ scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) *
wp->config->pm_max_children;
++ shm_mem = fpm_shm_alloc(scoreboard_size +
scoreboard_nprocs_size);
++
+ if (!shm_mem) {
+ return -1;
+ }
+- wp->scoreboard = shm_mem;
++ wp->scoreboard = shm_mem;
+ wp->scoreboard->nprocs = wp->config->pm_max_children;
+- shm_mem += scoreboard_size;
+- for (i = 0; i < wp->scoreboard->nprocs; i++) {
++ shm_mem += scoreboard_size;
++
++ for (i = 0; i < wp->scoreboard->nprocs; i++, shm_mem +=
sizeof(struct fpm_scoreboard_proc_s)) {
+ wp->scoreboard->procs[i] = shm_mem;
+- shm_mem += sizeof(struct fpm_scoreboard_proc_s);
+ }
+
+- wp->scoreboard->pm = wp->config->pm;
++ wp->scoreboard->pm = wp->config->pm;
+ wp->scoreboard->start_epoch = time(NULL);
+ strlcpy(wp->scoreboard->pool, wp->config->name,
sizeof(wp->scoreboard->pool));
+ }
+@@ -234,15 +238,15 @@ void fpm_scoreboard_proc_release(struct
fpm_scoreboard_proc_s *proc) /* {{{ */
+
+ void fpm_scoreboard_free(struct fpm_scoreboard_s *scoreboard) /* {{{ */
+ {
+- int i;
++ size_t scoreboard_size, scoreboard_nprocs_size;
+
+ if (!scoreboard) {
+ zlog(ZLOG_ERROR, "**scoreboard is NULL");
+ return;
+ }
+
+- int scoreboard_size = sizeof(struct fpm_scoreboard_s) +
(scoreboard->nprocs) * sizeof(struct fpm_scoreboard_proc_s *);
+- int scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) *
scoreboard->nprocs;
++ scoreboard_size = sizeof(struct fpm_scoreboard_s) +
(scoreboard->nprocs) * sizeof(struct fpm_scoreboard_proc_s *);
++ scoreboard_nprocs_size = sizeof(struct fpm_scoreboard_proc_s) *
scoreboard->nprocs;
+
+ fpm_shm_free(scoreboard, scoreboard_size + scoreboard_nprocs_size);
+ }
+--
+2.33.1
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/8359939cab722919c56e747283a64e725a78dcee
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
