up to 5.5.22, fixes for CVE-2015-0235 and CVE-2015-0273

diff --git a/php-fcgi-error_log-no-newlines.patch b/php-fcgi-error_log-no-newlines.patch
index e35648e84bfea474782e67f04731ac581a0439df..cedf82c5ea1d9fa23880d86c550babbc97d6e935 100644 (file)
--- a/php-fcgi-error_log-no-newlines.patch
+++ b/php-fcgi-error_log-no-newlines.patch
@@ -1,16 +1,16 @@
---- ./sapi/cgi/cgi_main.c~     2007-08-09 02:51:57.000000000 +0300
-+++ ./sapi/cgi/cgi_main.c      2007-09-05 20:54:19.390089070 +0300
-@@ -558,12 +558,7 @@
+--- php-5.6.6/sapi/cgi/cgi_main.c~     2015-02-27 18:09:34.000000000 +0200
++++ php-5.6.6/sapi/cgi/cgi_main.c      2015-02-27 18:11:26.296171361 +0200
+@@ -737,12 +737,8 @@
                request = (fcgi_request*) SG(server_context);
-               if (request) {                  
-                       int len = strlen(message);
+               if (request) {
+                       int ret, len = strlen(message);
 -                      char *buf = malloc(len+2);
--
+ 
 -                      memcpy(buf, message, len);
 -                      memcpy(buf + len, "\n", sizeof("\n"));
--                      fcgi_write(request, FCGI_STDERR, buf, len+1);
+-                      ret = fcgi_write(request, FCGI_STDERR, buf, len + 1);
 -                      free(buf);
-+                      fcgi_write(request, FCGI_STDERR, message, len);
-               } else {
-                       fprintf(stderr, "%s\n", message);
-               }
++                      ret = fcgi_write(request, FCGI_STDERR, message, len);
+                       if (ret < 0) {
+                               php_handle_aborted_connection();
+                       }

diff --git a/php.spec b/php.spec
index 714710dd99471bfb6ed7851a11cc3e92929083a7..d5f6babec01d838d74af79913272d970e963a90b 100644 (file)
--- a/php.spec
+++ b/php.spec
@@ -126,7 +126,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine      with_filter
 %endif
 
-%define                rel     4
+%define                rel     1
 %define                orgname php
 %define                ver_suffix 55
 %define                php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -137,13 +137,13 @@ Summary(pt_BR.UTF-8):     A linguagem de script PHP
 Summary(ru.UTF-8):     PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):     PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:          %{orgname}%{php_suffix}
-Version:       5.5.21
+Version:       5.5.22
 Release:       %{rel}%{?with_type_hints:.th}
 Epoch:         4
 License:       PHP
 Group:         Libraries
 Source0:       http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5: 79664ce44f7c93f355a25a3fe3dcc91b
+# Source0-md5: fb1704131d495f5b3e6ab3b087a8dbe6
 Source2:       %{orgname}-mod_%{orgname}.conf
 Source3:       %{orgname}-cgi-fcgi.ini
 Source4:       %{orgname}-apache.ini

diff --git a/suhosin.patch b/suhosin.patch
index 378a4e45e429458180c8b8927b02ea7bc2618c78..932385e5f7e10b2c9037a6fec92d5a1f90b15bae 100644 (file)
--- a/suhosin.patch
+++ b/suhosin.patch
@@ -5587,17 +5587,17 @@ the following modifications have been made:
                                                        }
 +#if SUHOSIN_PATCH
  #if ZEND_DEBUG
--                                                      php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
-+                                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+-                                                      php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++                                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
  #else
--                                                      php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
-+                                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+-                                                      php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++                                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 +#endif
 +#else
 +  #if ZEND_DEBUG
-+                                                      php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++                                                      php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 +  #else
-+                                                      php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++                                                      php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 +  #endif
  #endif
                                                        php_request_shutdown((void *) 0);
@@ -5609,9 +5609,9 @@ the following modifications have been made:
  
                        case 'v': /* show php version & quit */
 +#if SUHOSIN_PATCH
-+                              php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s",
++                              php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) %s\nCopyright (c) 1997-2015 The PHP Group\n%s",
 +#else
-                               php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2014 The PHP Group\n%s",
+                               php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2015 The PHP Group\n%s",
 +#endif
                                        PHP_VERSION, cli_sapi_module.name, __DATE__, __TIME__,
  #if ZEND_DEBUG && defined(HAVE_GCOV)
@@ -5623,15 +5623,15 @@ the following modifications have been made:
                  if (php_request_startup(TSRMLS_C) != FAILURE) {
 +#if SUHOSIN_PATCH
 +#if ZEND_DEBUG
-+                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 +#else
-+                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++                                      php_printf("PHP %s with Suhosin-Patch (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 +#endif
 +#else
  #if ZEND_DEBUG
-                     php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+                     php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
  #else
-                     php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+                     php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
  #endif
 +#endif
  #ifdef PHP_OUTPUT_NEWAPI
@@ -5645,9 +5645,9 @@ the following modifications have been made:
                                SG(headers_sent) = 1;
                                SG(request_info).no_headers = 1;
 +#if SUHOSIN_PATCH
-+                              php_printf("PHP with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++                              php_printf("PHP with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 +#else
-                               php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2014 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+                               php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2015 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
 +#endif
                                php_output_teardown();
                                exit(1);