php5.4: add last debian u14 patchset

5 months ago · 5c9734c497
4 changed files with 363 additions and 1 deletions
--- a/testing/php5.4/APKBUILD
+++ b/testing/php5.4/APKBUILD
@ -26,7 +26,7 @@
 pkgname=php5.4
 _pkgreal=php
 pkgver=5.4.45
-pkgrel=13
+pkgrel=14
 _apiver=20100412
 _suffix=${pkgname#php}
 _suffixA=5
@ -221,6 +221,9 @@ source="https://www.php.net/distributions/$_pkgreal-$pkgver.tar.bz2
 	d11-u001-CVE-2017-12933.patch
 	d12-u001-CVE-2018-5712.patch
 	d13-u001-CVE-2018-7584.patch
+	d14-u001-CVE-2018-10545.patch
+	d14-u002-CVE-2018-10547.patch
+	d14-u003-CVE-2018-10548.patch
 	"

 builddir="$srcdir/$_pkgreal-$pkgver"
@ -878,4 +881,7 @@ ac65be6646776ffb94b015f877b3851c420ea08a068635cf34bd2eca14a9011b07e07f01b978ab62
 d5dd01841b845fb4a56fd7bc3be66a60c83ab45ac8a598b45e689c0bf128d19edbd5e79c961064c0a22ab95cebd079594c2d6041a55543eabb9763e165a0feb4  d11-u001-CVE-2017-12933.patch
 b2e3f017d6dd88cc04e87431b22f220d2e1217bf11fe46a7bff447c108458398f0d59c1a2c5f4264158ad02d5ae44992bcf1a378c6c4c8435d463c0e152d8d12  d12-u001-CVE-2018-5712.patch
 341b245b246abde3622a06e819181c3083266d2e66924e2617d986cf15d310f6844a604dae0bc4a844a46c1fde5f4542070c7b43b078f1229b9fe088174bfce1  d13-u001-CVE-2018-7584.patch
+85c3912f0e57ccfa576319dbc9255925e00ac49b6a88af8577e60c7261bfe5f645e0321ed84b6ab19c911ddedaf293afd1e4a151b7dd00006d6053a0ff2b0b34  d14-u001-CVE-2018-10545.patch
+e171a654fa575855401d1bb15169f6de0437a2c9c6cc51a0568609207415cd408d5b71f4b3506d9ea5773767c9dd66108780f7dc10175b6b8c370b2bd9fb8428  d14-u002-CVE-2018-10547.patch
+d5b9f500ac1a2dc781d357446e1f26c8161e7fad9b077acaa1cee984a6a9bd03317fb8ed6405d6184770396c7d7220909aa43d1fb0b091063d7fe671a5450496  d14-u003-CVE-2018-10548.patch
 "
--- a/testing/php5.4/d14-u001-CVE-2018-10545.patch
+++ b/testing/php5.4/d14-u001-CVE-2018-10545.patch
@ -0,0 +1,82 @@
+From: Markus Koschany <apo@debian.org>
+Date: Wed, 9 May 2018 15:52:36 +0200
+Subject: CVE-2018-10545
+
+Bug-Upstream: https://bugs.php.net/bug.php?id=75605
+---
+ sapi/fpm/fpm/fpm_conf.c  | 3 +++
+ sapi/fpm/fpm/fpm_conf.h  | 1 +
+ sapi/fpm/fpm/fpm_unix.c  | 2 +-
+ sapi/fpm/php-fpm.conf.in | 6 ++++++
+ 4 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/sapi/fpm/fpm/fpm_conf.c b/sapi/fpm/fpm/fpm_conf.c
+index c521f5e..60253cc 100644
+--- a/sapi/fpm/fpm/fpm_conf.c
+++ b/sapi/fpm/fpm/fpm_conf.c
+@@ -128,6 +128,7 @@ static struct ini_value_parser_s ini_fpm_pool_options[] = {
+ 	{ "listen.mode",               &fpm_conf_set_string,      WPO(listen_mode) },
+ 	{ "listen.allowed_clients",    &fpm_conf_set_string,      WPO(listen_allowed_clients) },
+ 	{ "process.priority",          &fpm_conf_set_integer,     WPO(process_priority) },
+	{ "process.dumpable",          &fpm_conf_set_boolean,     WPO(process_dumpable) },
+ 	{ "pm",                        &fpm_conf_set_pm,          WPO(pm) },
+ 	{ "pm.max_children",           &fpm_conf_set_integer,     WPO(pm_max_children) },
+ 	{ "pm.start_servers",          &fpm_conf_set_integer,     WPO(pm_start_servers) },
+@@ -604,6 +605,7 @@ static void *fpm_worker_pool_config_alloc() /* {{{ */
+ 	wp->config->listen_backlog = FPM_BACKLOG_DEFAULT;
+ 	wp->config->pm_process_idle_timeout = 10; /* 10s by default */
+ 	wp->config->process_priority = 64; /* 64 means unset */
+	wp->config->process_dumpable = 0;
+ 	wp->config->clear_env = 1;
+ 
+ 	if (!fpm_worker_all_pools) {
+@@ -1585,6 +1587,7 @@ static void fpm_conf_dump() /* {{{ */
+ 		} else {
+ 			zlog(ZLOG_NOTICE, "\tprocess.priority = %d", wp->config->process_priority);
+ 		}
+		zlog(ZLOG_NOTICE, "\tprocess.dumpable = %s",           BOOL2STR(wp->config->process_dumpable));
+ 		zlog(ZLOG_NOTICE, "\tpm = %s",                         PM2STR(wp->config->pm));
+ 		zlog(ZLOG_NOTICE, "\tpm.max_children = %d",            wp->config->pm_max_children);
+ 		zlog(ZLOG_NOTICE, "\tpm.start_servers = %d",           wp->config->pm_start_servers);
+diff --git a/sapi/fpm/fpm/fpm_conf.h b/sapi/fpm/fpm/fpm_conf.h
+index 19bd7ff..64ef11f 100644
+--- a/sapi/fpm/fpm/fpm_conf.h
+++ b/sapi/fpm/fpm/fpm_conf.h
+@@ -63,6 +63,7 @@ struct fpm_worker_pool_config_s {
+ 	char *listen_mode;
+ 	char *listen_allowed_clients;
+ 	int process_priority;
+	int process_dumpable;
+ 	int pm;
+ 	int pm_max_children;
+ 	int pm_start_servers;
+diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c
+index ea0e673..57a87be 100644
+--- a/sapi/fpm/fpm/fpm_unix.c
+++ b/sapi/fpm/fpm/fpm_unix.c
+@@ -214,7 +214,7 @@ int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */
+ 	}
+ 
+ #ifdef HAVE_PRCTL
+-	if (0 > prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)) {
+	if (wp->config->process_dumpable && 0 > prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)) {
+ 		zlog(ZLOG_SYSERROR, "[pool %s] failed to prctl(PR_SET_DUMPABLE)", wp->config->name);
+ 	}
+ #endif
+diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in
+index 58852f7..3f78ef9 100644
+--- a/sapi/fpm/php-fpm.conf.in
+++ b/sapi/fpm/php-fpm.conf.in
+@@ -191,6 +191,12 @@ listen = /var/run/php5-fpm.sock
+ ; Default Value: no set
+ ; process.priority = -19
+ 
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
+ ; Choose how the process manager will control the number of child processes.
+ ; Possible Values:
+ ;   static  - a fixed number (pm.max_children) of child processes;
--- a/testing/php5.4/d14-u002-CVE-2018-10547.patch
+++ b/testing/php5.4/d14-u002-CVE-2018-10547.patch
@ -0,0 +1,199 @@
+From: Markus Koschany <apo@debian.org>
+Date: Wed, 9 May 2018 15:23:23 +0200
+Subject: CVE-2018-10547
+
+Bug-Upstream: https://bugs.php.net/bug.php?id=76129
+---
+ ext/phar/phar_object.c                           | 6 ++----
+ ext/phar/tests/cache_list/frontcontroller10.phpt | 2 +-
+ ext/phar/tests/cache_list/frontcontroller6.phpt  | 2 +-
+ ext/phar/tests/cache_list/frontcontroller8.phpt  | 2 +-
+ ext/phar/tests/frontcontroller10.phpt            | 2 +-
+ ext/phar/tests/frontcontroller6.phpt             | 2 +-
+ ext/phar/tests/frontcontroller8.phpt             | 2 +-
+ ext/phar/tests/tar/frontcontroller10.phar.phpt   | 2 +-
+ ext/phar/tests/tar/frontcontroller6.phar.phpt    | 2 +-
+ ext/phar/tests/tar/frontcontroller8.phar.phpt    | 2 +-
+ ext/phar/tests/zip/frontcontroller10.phar.phpt   | 2 +-
+ ext/phar/tests/zip/frontcontroller6.phar.phpt    | 2 +-
+ ext/phar/tests/zip/frontcontroller8.phar.phpt    | 2 +-
+ 13 files changed, 14 insertions(+), 16 deletions(-)
+
+diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
+index 204cabb..eb23223 100644
+--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
+@@ -340,8 +340,7 @@ static void phar_do_403(char *entry, int entry_len TSRMLS_DC) /* {{{ */
+ 	sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
+ 	sapi_send_headers(TSRMLS_C);
+ 	PHPWRITE("<html>\n <head>\n  <title>Access Denied</title>\n </head>\n <body>\n  <h1>403 - File ", sizeof("<html>\n <head>\n  <title>Access Denied</title>\n </head>\n <body>\n  <h1>403 - File ") - 1);
+-	PHPWRITE(entry, entry_len);
+-	PHPWRITE(" Access Denied</h1>\n </body>\n</html>", sizeof(" Access Denied</h1>\n </body>\n</html>") - 1);
+	PHPWRITE("Access Denied</h1>\n </body>\n</html>", sizeof("Access Denied</h1>\n </body>\n</html>") - 1);
+ }
+ /* }}} */
+ 
+@@ -365,8 +364,7 @@ static void phar_do_404(phar_archive_data *phar, char *fname, int fname_len, cha
+ 	sapi_header_op(SAPI_HEADER_REPLACE, &ctr TSRMLS_CC);
+ 	sapi_send_headers(TSRMLS_C);
+ 	PHPWRITE("<html>\n <head>\n  <title>File Not Found</title>\n </head>\n <body>\n  <h1>404 - File ", sizeof("<html>\n <head>\n  <title>File Not Found</title>\n </head>\n <body>\n  <h1>404 - File ") - 1);
+-	PHPWRITE(entry, entry_len);
+-	PHPWRITE(" Not Found</h1>\n </body>\n</html>",  sizeof(" Not Found</h1>\n </body>\n</html>") - 1);
+	PHPWRITE("Not Found</h1>\n </body>\n</html>",  sizeof("Not Found</h1>\n </body>\n</html>") - 1);
+ }
+ /* }}} */
+ 
+diff --git a/ext/phar/tests/cache_list/frontcontroller10.phpt b/ext/phar/tests/cache_list/frontcontroller10.phpt
+index 00177d4..5fd9868 100644
+--- a/ext/phar/tests/cache_list/frontcontroller10.phpt
+++ b/ext/phar/tests/cache_list/frontcontroller10.phpt
+@@ -20,6 +20,6 @@ Status: 403 Access Denied
+   <title>Access Denied</title>
+  </head>
+  <body>
+-  <h1>403 - File /hi Access Denied</h1>
+  <h1>403 - File Access Denied</h1>
+  </body>
+ </html>
+diff --git a/ext/phar/tests/cache_list/frontcontroller6.phpt b/ext/phar/tests/cache_list/frontcontroller6.phpt
+index 2480be4..a79c958 100644
+--- a/ext/phar/tests/cache_list/frontcontroller6.phpt
+++ b/ext/phar/tests/cache_list/frontcontroller6.phpt
+@@ -18,6 +18,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /notfound.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/cache_list/frontcontroller8.phpt b/ext/phar/tests/cache_list/frontcontroller8.phpt
+index bf9b390..e04f9e5 100644
+--- a/ext/phar/tests/cache_list/frontcontroller8.phpt
+++ b/ext/phar/tests/cache_list/frontcontroller8.phpt
+@@ -18,6 +18,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /index.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/frontcontroller10.phpt b/ext/phar/tests/frontcontroller10.phpt
+index 667d5c2..b3f5e64 100644
+--- a/ext/phar/tests/frontcontroller10.phpt
+++ b/ext/phar/tests/frontcontroller10.phpt
+@@ -19,6 +19,6 @@ Status: 403 Access Denied
+   <title>Access Denied</title>
+  </head>
+  <body>
+-  <h1>403 - File /hi Access Denied</h1>
+  <h1>403 - File Access Denied</h1>
+  </body>
+ </html>
+diff --git a/ext/phar/tests/frontcontroller6.phpt b/ext/phar/tests/frontcontroller6.phpt
+index 1a2cc2c..c5dd382 100644
+--- a/ext/phar/tests/frontcontroller6.phpt
+++ b/ext/phar/tests/frontcontroller6.phpt
+@@ -16,6 +16,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /notfound.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/frontcontroller8.phpt b/ext/phar/tests/frontcontroller8.phpt
+index 36e3206..77d33da 100644
+--- a/ext/phar/tests/frontcontroller8.phpt
+++ b/ext/phar/tests/frontcontroller8.phpt
+@@ -16,6 +16,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /index.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/tar/frontcontroller10.phar.phpt b/ext/phar/tests/tar/frontcontroller10.phar.phpt
+index f1fc6e3..23ce6f3 100644
+--- a/ext/phar/tests/tar/frontcontroller10.phar.phpt
+++ b/ext/phar/tests/tar/frontcontroller10.phar.phpt
+@@ -19,6 +19,6 @@ Status: 403 Access Denied
+   <title>Access Denied</title>
+  </head>
+  <body>
+-  <h1>403 - File /hi Access Denied</h1>
+  <h1>403 - File Access Denied</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/tar/frontcontroller6.phar.phpt b/ext/phar/tests/tar/frontcontroller6.phar.phpt
+index 5375bee..b811f00 100644
+--- a/ext/phar/tests/tar/frontcontroller6.phar.phpt
+++ b/ext/phar/tests/tar/frontcontroller6.phar.phpt
+@@ -16,6 +16,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /notfound.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/tar/frontcontroller8.phar.phpt b/ext/phar/tests/tar/frontcontroller8.phar.phpt
+index 19844cb..a180e20 100644
+--- a/ext/phar/tests/tar/frontcontroller8.phar.phpt
+++ b/ext/phar/tests/tar/frontcontroller8.phar.phpt
+@@ -16,6 +16,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /index.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/zip/frontcontroller10.phar.phpt b/ext/phar/tests/zip/frontcontroller10.phar.phpt
+index 56d16c2..5bbe9e1 100644
+--- a/ext/phar/tests/zip/frontcontroller10.phar.phpt
+++ b/ext/phar/tests/zip/frontcontroller10.phar.phpt
+@@ -19,6 +19,6 @@ Status: 403 Access Denied
+   <title>Access Denied</title>
+  </head>
+  <body>
+-  <h1>403 - File /hi Access Denied</h1>
+  <h1>403 - File Access Denied</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/zip/frontcontroller6.phar.phpt b/ext/phar/tests/zip/frontcontroller6.phar.phpt
+index 15489f6..63f7c62 100644
+--- a/ext/phar/tests/zip/frontcontroller6.phar.phpt
+++ b/ext/phar/tests/zip/frontcontroller6.phar.phpt
+@@ -17,6 +17,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /notfound.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
+diff --git a/ext/phar/tests/zip/frontcontroller8.phar.phpt b/ext/phar/tests/zip/frontcontroller8.phar.phpt
+index 1b0d133..d4c3a3f 100644
+--- a/ext/phar/tests/zip/frontcontroller8.phar.phpt
+++ b/ext/phar/tests/zip/frontcontroller8.phar.phpt
+@@ -16,6 +16,6 @@ Status: 404 Not Found
+   <title>File Not Found</title>
+  </head>
+  <body>
+-  <h1>404 - File /index.php Not Found</h1>
+  <h1>404 - File Not Found</h1>
+  </body>
+ </html>
+\ No newline at end of file
--- a/testing/php5.4/d14-u003-CVE-2018-10548.patch
+++ b/testing/php5.4/d14-u003-CVE-2018-10548.patch
@ -0,0 +1,75 @@
+From: Markus Koschany <apo@debian.org>
+Date: Wed, 9 May 2018 15:20:34 +0200
+Subject: CVE-2018-10548
+
+Bug-Upstream: https://bugs.php.net/bug.php?id=76248
+---
+ ext/ldap/ldap.c              |  6 +++++-
+ ext/ldap/tests/bug76248.phpt | 40 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 45 insertions(+), 1 deletion(-)
+ create mode 100644 ext/ldap/tests/bug76248.phpt
+
+diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
+index 2092b5e..a3c604b 100644
+--- a/ext/ldap/ldap.c
+++ b/ext/ldap/ldap.c
+@@ -1026,7 +1026,11 @@ PHP_FUNCTION(ldap_get_entries)
+ 
+ 		add_assoc_long(tmp1, "count", num_attrib);
+ 		dn = ldap_get_dn(ldap, ldap_result_entry);
+-		add_assoc_string(tmp1, "dn", dn, 1);
+		if (dn) {
+			add_assoc_string(tmp1, "dn", dn, 1);
+		} else {
+			add_assoc_null(tmp1, "dn");
+		}
+ #if (LDAP_API_VERSION > 2000) || HAVE_NSLDAP || HAVE_ORALDAP_10 || WINDOWS
+ 		ldap_memfree(dn);
+ #else
+diff --git a/ext/ldap/tests/bug76248.phpt b/ext/ldap/tests/bug76248.phpt
+new file mode 100644
+index 0000000..45a7f83
+--- /dev/null
+++ b/ext/ldap/tests/bug76248.phpt
+@@ -0,0 +1,40 @@
+--TEST--
+Bug #76248 (Malicious LDAP-Server Response causes Crash)
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+if (!function_exists('pcntl_fork')) die('skip fork not available');
+?>
+--FILE--
+<?php
+$pid = pcntl_fork();
+const PORT = 12345;
+if ($pid == 0) {
+	// child
+    $server = stream_socket_server("tcp://127.0.0.1:12345");
+	$socket = stream_socket_accept($server, 3);
+	fwrite($socket, base64_decode("MAwCAQFhBwoBAAQABAAweQIBAmR0BJljbj1yb290LGRjPWV4YW1wbGUsZGM9Y29tMFcwIwQLb2JqZWN0Q2xhc3MxFAQSb3JnYW5pemF0aW9uYWxSb2xlMAwEAmNuMQYEBHJvb3QwIgQLZGVzY3JpcHRpb24xEwQRRGlyZWN0b3J5IE1hbmFnZXIwDAIBAmUHCgEABAAEADB5AgEDZHQEmWNuPXJvb3QsZGM9ZXhhbXBsZSxkYz1jb20wVzAjBAtvYmplY3RDbGFzczEUBBJvcmdhbml6YXRpb25hbFJvbGUwDAQCY24xBgQEcm9vdDAiBAtkZXNjcmlwdGlvbjETBBFEaXJlY3RvcnkgTWFuYWdlcjAMAgEDZQcKAQAEAAQA"));
+	fflush($socket);	
+} else {
+	// parent
+	$ds = ldap_connect("127.0.0.1", PORT);
+	ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+	$b = ldap_bind($ds, "cn=root,dc=example,dc=com", "secret");
+
+	$s = ldap_search($ds, "dc=example,dc=com", "(cn=root)"); 
+	$tt = ldap_get_entries($ds, $s);
+	var_dump($tt);
+}
+?>
+--EXPECT--
+array(2) {
+  ["count"]=>
+  int(1)
+  [0]=>
+  array(2) {
+    ["count"]=>
+    int(0)
+    ["dn"]=>
+    NULL
+  }
+}
+\ No newline at end of file