[packages/php/PHP_7_1] - up to 7.1.13; fixes CVE-2018-5711, CVE-2018-5712

arekm arekm at pld-linux.org
Sun Jan 21 15:02:21 CET 2018 

commit 14cb48fdfaf176e791675a647ab5122f53b7989e
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Sun Jan 21 15:02:14 2018 +0100

    - up to 7.1.13; fixes CVE-2018-5711, CVE-2018-5712

 php-bug-75573.patch | 98 -----------------------------------------------------
 php.spec            |  8 ++---
 2 files changed, 3 insertions(+), 103 deletions(-)
---
diff --git a/php.spec b/php.spec
index b145936..af90320 100644
--- a/php.spec
+++ b/php.spec
@@ -149,8 +149,8 @@ Summary(pt_BR.UTF-8):	A linguagem de script PHP
 Summary(ru.UTF-8):	PHP Версии 7 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):	PHP Версії 7 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:		%{orgname}%{php_suffix}
-Version:	7.1.12
-Release:	3
+Version:	7.1.13
+Release:	1
 Epoch:		4
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
@@ -158,7 +158,7 @@ Epoch:		4
 License:	PHP 3.01 and Zend and BSD
 Group:		Libraries
 Source0:	https://php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5:	8a9c86939e067579bb4cf7683366298a
+# Source0-md5:	86ea87c65d879b8684040fe19a5fba5d
 Source2:	%{orgname}-mod_php.conf
 Source3:	%{orgname}-cgi-fcgi.ini
 Source4:	%{orgname}-apache.ini
@@ -216,7 +216,6 @@ Patch68:	php-mysql-ssl-context.patch
 Patch70:	mysqlnd-ssl.patch
 Patch71:	libdb-info.patch
 Patch72:	phar-hash-shared.patch
-Patch73:	php-bug-75573.patch
 URL:		http://php.net/
 %{?with_interbase:%{!?with_interbase_inst:BuildRequires:	Firebird-devel >= 1.0.2.908-2}}
 %{?with_pspell:BuildRequires:	aspell-devel >= 2:0.50.0}
@@ -2024,7 +2023,6 @@ cp -p php.ini-production php.ini
 %patch70 -p1
 %patch71 -p1
 %patch72 -p1
-%patch73 -p1
 
 %{__sed} -i -e '/PHP_ADD_LIBRARY_WITH_PATH/s#xmlrpc,#xmlrpc-epi,#' ext/xmlrpc/config.m4
 
diff --git a/php-bug-75573.patch b/php-bug-75573.patch
deleted file mode 100644
index 0a6aae7..0000000
--- a/php-bug-75573.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-commit 3b9ba7b6bd9e24bdbeca8e8e3f24cee2fccc51d8
-Author: Xinchen Hui <laruence at gmail.com>
-Date:   Wed Nov 29 14:46:21 2017 +0800
-
-    Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
-
-diff --git a/Zend/tests/bug75573.phpt b/Zend/tests/bug75573.phpt
-new file mode 100644
-index 0000000000..476ff6e6cf
---- /dev/null
-+++ b/Zend/tests/bug75573.phpt
-@@ -0,0 +1,64 @@
-+--TEST--
-+Bug #75573 (Segmentation fault in 7.1.12 and 7.0.26)
-+--FILE--
-+<?php
-+
-+class A
-+{
-+	var $_stdObject;
-+	function initialize($properties = FALSE) {
-+		$this->_stdObject = $properties ? (object) $properties : new stdClass();
-+		parent::initialize();
-+	}
-+	function &__get($property)
-+	{
-+		if (isset($this->_stdObject->{$property})) {
-+			$retval =& $this->_stdObject->{$property};
-+			return $retval;
-+		} else {
-+			return NULL;
-+		}
-+	}
-+	function &__set($property, $value)
-+	{
-+		return $this->_stdObject->{$property} = $value;
-+	}
-+	function __isset($property_name)
-+	{
-+		return isset($this->_stdObject->{$property_name});
-+	}
-+}
-+
-+class B extends A
-+{
-+	function initialize($properties = array())
-+	{
-+		parent::initialize($properties);
-+	}
-+	function &__get($property)
-+	{
-+		if (isset($this->settings) && isset($this->settings[$property])) {
-+			$retval =& $this->settings[$property];
-+			return $retval;
-+		} else {
-+			return parent::__get($property);
-+		}
-+	}
-+}
-+
-+$b = new B();
-+$b->settings = [ "foo" => "bar", "name" => "abc" ];
-+var_dump($b->name);
-+var_dump($b->settings);
-+?>
-+--EXPECTF--
-+Warning: Creating default object from empty value in %sbug75573.php on line %d
-+
-+Notice: Only variable references should be returned by reference in %sbug75573.php on line %d
-+string(3) "abc"
-+array(2) {
-+  ["foo"]=>
-+  string(3) "bar"
-+  ["name"]=>
-+  string(3) "abc"
-+}
-diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
-index 10045b53f1..d9ebd842eb 100644
---- a/Zend/zend_object_handlers.c
-+++ b/Zend/zend_object_handlers.c
-@@ -668,13 +668,11 @@ zval *zend_std_read_property(zval *object, zval *member, int type, void **cache_
- 			}
- 			zval_ptr_dtor(&tmp_object);
- 			goto exit;
--		} else {
-+		} else if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
- 			zval_ptr_dtor(&tmp_object);
--			if (Z_STRVAL_P(member)[0] == '\0' && Z_STRLEN_P(member) != 0) {
--				zend_throw_error(NULL, "Cannot access property started with '\\0'");
--				retval = &EG(uninitialized_zval);
--				goto exit;
--			}
-+			zend_throw_error(NULL, "Cannot access property started with '\\0'");
-+			retval = &EG(uninitialized_zval);
-+			goto exit;
- 		}
- 	}
- 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/14cb48fdfaf176e791675a647ab5122f53b7989e

More information about the pld-cvs-commit mailing list