commit: c8318763d6cb2e41173ff8813e4fdc2874b9e55e Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> AuthorDate: Tue Nov 19 10:28:16 2019 +0000 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org> CommitDate: Tue Nov 19 10:28:16 2019 +0000 URL: https://gitweb.gentoo.org/proj/php-patches.git/commit/?id=c8318763
Add backports from 7.1.32 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org> 00200_September2019-backports.patch | 223 ++++++++++++++++++++++++++++++++++++ 1 file changed, 223 insertions(+) diff --git a/00200_September2019-backports.patch b/00200_September2019-backports.patch new file mode 100644 index 0000000..47cd57c --- /dev/null +++ b/00200_September2019-backports.patch @@ -0,0 +1,223 @@ +From 127c34f2e5f9d6045971e79bdb191bc3e0519384 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <[email protected]> +Date: Sat, 24 Aug 2019 23:11:45 -0700 +Subject: [PATCH 1/6] Fix CVE-2019-13224: don't allow different encodings for + onig_new_deluxe() + +Backport from https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55 + +(cherry picked from commit 1258303e66d8dede4f02347334b9f6576e98a21b) +--- + ext/mbstring/oniguruma/regext.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/ext/mbstring/oniguruma/regext.c b/ext/mbstring/oniguruma/regext.c +index b1b957b4..b108e638 100644 +--- a/ext/mbstring/oniguruma/regext.c ++++ b/ext/mbstring/oniguruma/regext.c +@@ -29,6 +29,7 @@ + + #include "regint.h" + ++#if 0 + static void + conv_ext0be32(const UChar* s, const UChar* end, UChar* conv) + { +@@ -158,6 +159,7 @@ conv_encoding(OnigEncoding from, OnigEncoding to, const UChar* s, const UChar* e + + return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } ++#endif + + extern int + onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, +@@ -169,9 +171,7 @@ onig_new_deluxe(regex_t** reg, const UChar* pattern, const UChar* pattern_end, + if (IS_NOT_NULL(einfo)) einfo->par = (UChar* )NULL; + + if (ci->pattern_enc != ci->target_enc) { +- r = conv_encoding(ci->pattern_enc, ci->target_enc, pattern, pattern_end, +- &cpat, &cpat_end); +- if (r) return r; ++ return ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION; + } + else { + cpat = (UChar* )pattern; + +From 94445c3a85f38ffc4a3952d3fdad0fc184f92a5b Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <[email protected]> +Date: Fri, 16 Aug 2019 14:29:19 +0200 +Subject: [PATCH 2/6] Fix #75457: heap-use-after-free in php7.0.25 + +Backport <https://vcs.pcre.org/pcre?view=revision&revision=1638>. + +(cherry picked from commit 7bf1f9d561826c4a3ed748e55bb756375cdf28b9) +--- + ext/pcre/pcrelib/pcre_compile.c | 11 ++++++++++- + ext/pcre/tests/bug75457.phpt | 10 ++++++++++ + 2 files changed, 20 insertions(+), 1 deletion(-) + create mode 100644 ext/pcre/tests/bug75457.phpt + +diff --git a/ext/pcre/pcrelib/pcre_compile.c b/ext/pcre/pcrelib/pcre_compile.c +index c9171cbe..1d376716 100644 +--- a/ext/pcre/pcrelib/pcre_compile.c ++++ b/ext/pcre/pcrelib/pcre_compile.c +@@ -485,7 +485,7 @@ static const char error_texts[] = + "lookbehind assertion is not fixed length\0" + "malformed number or name after (?(\0" + "conditional group contains more than two branches\0" +- "assertion expected after (?(\0" ++ "assertion expected after (?( or (?(?C)\0" + "(?R or (?[+-]digits must be followed by )\0" + /* 30 */ + "unknown POSIX class name\0" +@@ -6734,6 +6734,15 @@ for (;; ptr++) + for (i = 3;; i++) if (!IS_DIGIT(ptr[i])) break; + if (ptr[i] == CHAR_RIGHT_PARENTHESIS) + tempptr += i + 1; ++ ++ /* tempptr should now be pointing to the opening parenthesis of the ++ assertion condition. */ ++ ++ if (*tempptr != CHAR_LEFT_PARENTHESIS) ++ { ++ *errorcodeptr = ERR28; ++ goto FAILED; ++ } + } + + /* For conditions that are assertions, check the syntax, and then exit +diff --git a/ext/pcre/tests/bug75457.phpt b/ext/pcre/tests/bug75457.phpt +new file mode 100644 +index 00000000..c7ce9ed0 +--- /dev/null ++++ b/ext/pcre/tests/bug75457.phpt +@@ -0,0 +1,10 @@ ++--TEST-- ++Bug #75457 (heap-use-after-free in php7.0.25) ++--FILE-- ++<?php ++$pattern = "/(((?(?C)0?=))(?!()0|.(?0)0)())/"; ++var_dump(preg_match($pattern, "hello")); ++?> ++--EXPECTF-- ++Warning: preg_match(): Compilation failed: assertion expected after (?( or (?(?C) at offset 4 in %sbug75457.php on line %d ++bool(false) + +From c5279f8c37ae91697f5a60e395d901394ff9e4aa Mon Sep 17 00:00:00 2001 +From: Remi Collet <[email protected]> +Date: Wed, 28 Aug 2019 14:34:48 +0200 +Subject: [PATCH 3/6] relax test, offset may be different on various system lib + versions + +--- + ext/pcre/tests/bug75457.phpt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/pcre/tests/bug75457.phpt b/ext/pcre/tests/bug75457.phpt +index c7ce9ed0..571a4bde 100644 +--- a/ext/pcre/tests/bug75457.phpt ++++ b/ext/pcre/tests/bug75457.phpt +@@ -6,5 +6,5 @@ $pattern = "/(((?(?C)0?=))(?!()0|.(?0)0)())/"; + var_dump(preg_match($pattern, "hello")); + ?> + --EXPECTF-- +-Warning: preg_match(): Compilation failed: assertion expected after (?( or (?(?C) at offset 4 in %sbug75457.php on line %d ++Warning: preg_match(): Compilation failed: assertion expected after (?( or (?(?C) at offset %d in %sbug75457.php on line %d + bool(false) + +From ca1431fe5eb5f11b20f576f8501fa60eccee0b1e Mon Sep 17 00:00:00 2001 +From: Anatol Belski <[email protected]> +Date: Fri, 18 May 2018 18:36:39 +0200 +Subject: [PATCH 4/6] Fix Opcache test fails regarding to AppVeyor image update + +(cherry picked from php/php-src@6043a2d6f74bf5125573fde198070ac9804d5e6e) +--- + ext/opcache/tests/php_cli_server.inc | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/ext/opcache/tests/php_cli_server.inc b/ext/opcache/tests/php_cli_server.inc +index 0878bfaf..e5e72c41 100644 +--- a/ext/opcache/tests/php_cli_server.inc ++++ b/ext/opcache/tests/php_cli_server.inc +@@ -7,16 +7,22 @@ function php_cli_server_start($ini = "") { + $php_executable = getenv('TEST_PHP_EXECUTABLE'); + $doc_root = __DIR__; + +- $descriptorspec = array( +- 0 => STDIN, +- 1 => STDOUT, +- 2 => STDERR, +- ); +- + if (substr(PHP_OS, 0, 3) == 'WIN') { ++ $descriptorspec = array( ++ 0 => STDIN, ++ 1 => STDOUT, ++ 2 => array("pipe", "w"), ++ ); ++ + $cmd = "{$php_executable} -t {$doc_root} $ini -S " . PHP_CLI_SERVER_ADDRESS; + $handle = proc_open(addslashes($cmd), $descriptorspec, $pipes, $doc_root, NULL, array("bypass_shell" => true, "suppress_errors" => true)); + } else { ++ $descriptorspec = array( ++ 0 => STDIN, ++ 1 => STDOUT, ++ 2 => STDERR, ++ ); ++ + $cmd = "exec {$php_executable} -t {$doc_root} $ini -S " . PHP_CLI_SERVER_ADDRESS . " 2>/dev/null"; + $handle = proc_open($cmd, $descriptorspec, $pipes, $doc_root); + } + +From 3df6c9a8acda8fc9437dd7a6b6123ab6715ef040 Mon Sep 17 00:00:00 2001 +From: Dmitry Stogov <[email protected]> +Date: Wed, 23 Dec 2015 03:52:01 +0300 +Subject: [PATCH 5/6] Fixed test on 32-bit systems + +(cherry picked from php/php-src@1e3ab158432f8d97c3561fdfc17b7e4aa3dbdd60) +--- + ext/opcache/tests/bug71127.phpt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/opcache/tests/bug71127.phpt b/ext/opcache/tests/bug71127.phpt +index 5770aea1..0c606097 100644 +--- a/ext/opcache/tests/bug71127.phpt ++++ b/ext/opcache/tests/bug71127.phpt +@@ -3,7 +3,7 @@ Bug #71127 (Define in auto_prepend_file is overwrite) + --INI-- + opcache.enable=1 + opcache.enable_cli=1 +-opcache.optimization_level=0xFFFFBFFF ++opcache.optimization_level=0x7FFFBFFF + --SKIPIF-- + <?php if (!extension_loaded('Zend OPcache')) die("skip"); ?> + --FILE-- + +From 03d9cf265a1febe21175b4cc856104e9fc9d4cdb Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <[email protected]> +Date: Tue, 21 May 2019 11:17:28 +0200 +Subject: [PATCH 6/6] Prevent test case failure + +If opcache.log_verbosity_level is greater than 1, opcache will raise +warnings, which will be written to stderr in the default case. These +warnings are actually to be expected, but would break the test, so we +make sure that the log_verbosity_level is 1 when running this test. + +(cherry picked from php/php-src@e6a191de1b73c902b631cb8f0f70ed58b81005d4) +--- + ext/opcache/tests/bug66461.phpt | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ext/opcache/tests/bug66461.phpt b/ext/opcache/tests/bug66461.phpt +index 33132abe..2d09feff 100644 +--- a/ext/opcache/tests/bug66461.phpt ++++ b/ext/opcache/tests/bug66461.phpt +@@ -4,6 +4,7 @@ Bug #66461 (PHP crashes if opcache.interned_strings_buffer=0) + opcache.enable=1 + opcache.enable_cli=1 + opcache.optimization_level=-1 ++opcache.log_verbosity_level=1 + opcache.file_update_protection=0 + opcache.interned_strings_buffer=0 + --SKIPIF-- +
