[packages/php/PHP_5_3] - rel 22; fix php bug 68486 visible under apache 2.4

Fri Oct 2 08:47:51 CEST 2015

commit 0e621d01c58ebdf2f8cb31ec17fd2cc432dbf89f
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Fri Oct 2 08:47:44 2015 +0200

    - rel 22; fix php bug 68486 visible under apache 2.4

 php-bug-68486.patch | 33 +++++++++++++++++++++++++++++++++
 php.spec            |  6 ++++--
 2 files changed, 37 insertions(+), 2 deletions(-)
---

diff --git a/php.spec b/php.spec
index 0e1e4c0..f9f4b3f 100644
--- a/php.spec
+++ b/php.spec
@@ -117,7 +117,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %endif
 %endif
 
-%define		rel	21
+%define		rel	22
 %define		orgname	php
 %define		ver_suffix 53
 %define		php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -217,8 +217,9 @@ Patch70:	mysql-lib-ver-mismatch.patch
 # git diff php-5.3.29..PHP-5.6 ./ext/fileinfo/Makefile.frag >> ~/rpm/packages/php/php-fileinfo.patch
 # git diff php-5.3.29..PHP-5.6 ./ext/fileinfo/data_file.c >> ~/rpm/packages/php/php-fileinfo.patch
 Patch71:	php-fileinfo.patch
+# Patch71-md5:  771e4934132c5f5c968248c954d1ef6e
 Patch72:	x32-suhosin.patch
-# Patch71-md5:	771e4934132c5f5c968248c954d1ef6e
+Patch73:	php-bug-68486.patch
 # Fixes for security bugs
 # https://repo.webtatic.com/yum/centos/5/SRPMS/repoview/php.html
 # also from RHEL6/CentOS7
@@ -2085,6 +2086,7 @@ gzip -dc %{SOURCE15} | tar xf - -C sapi/
 %patch67 -p1
 %patch70 -p1
 %patch71 -p1
+%patch73 -p1
 
 %patch220 -p1
 
diff --git a/php-bug-68486.patch b/php-bug-68486.patch
new file mode 100644
index 0000000..5048140
--- /dev/null
+++ b/php-bug-68486.patch
@@ -0,0 +1,33 @@
+commit af1cd45d171fbb06712f846cec7bf69438db8ec2
+Author: Stanislav Malyshev <stas at php.net>
+Date:   Sat Apr 4 15:03:46 2015 -0700
+
+    Fix bug #68486 and bug #69218 (segfault in apache2handler with apache 2.4)
+
+diff --git a/NEWS b/NEWS
+index 9c8e0ec..75aa306 100644
+--- a/NEWS
++++ b/NEWS
+@@ -2,6 +2,10 @@ PHP                                                                        NEWS
+ |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+ ?? ??? 2015 PHP 5.4.40
+ 
++- Apache2 Handler SAPI:
++  . Fixed bug #69218 (potential remote code execution with apache 2.4
++    apache2handler). (Patrick Schaaf)
++
+ - Fileinfo:
+   . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or 
+     segfault). (Anatol Belski))
+diff --git a/sapi/apache2handler/sapi_apache2.c b/sapi/apache2handler/sapi_apache2.c
+index e97f11c..cfebc5f 100644
+--- a/sapi/apache2handler/sapi_apache2.c
++++ b/sapi/apache2handler/sapi_apache2.c
+@@ -688,6 +688,7 @@ zend_first_try {
+ } zend_end_try();
+ 		}
+ 		apr_brigade_cleanup(brigade);
++		apr_pool_cleanup_run(r->pool, (void *)&SG(server_context), php_server_context_cleanup);
+ 	} else {
+ 		ctx->r = parent_req;
+ 	}
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/0e621d01c58ebdf2f8cb31ec17fd2cc432dbf89f

