--- /dev/null
+commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a
+Author: Jakub Zelenka <bukka@php.net>
+Date: Sat Oct 12 15:56:16 2019 +0100
+
+ Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
+
+diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
+index 24a7e5d56a..50f92981f1 100644
+--- a/sapi/fpm/fpm/fpm_main.c
++++ b/sapi/fpm/fpm/fpm_main.c
+@@ -1209,8 +1209,8 @@ static void init_request_info(void)
+ path_info = script_path_translated + ptlen;
+ tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
+ } else {
+- path_info = env_path_info ? env_path_info + pilen - slen : NULL;
+- tflag = (orig_path_info != path_info);
++ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
++ tflag = path_info && (orig_path_info != path_info);
+ }
+
+ if (tflag) {
+
%undefine with_alternatives
%endif
-%define rel 49
+%define rel 50
%define orgname php
%define ver_suffix 53
%define php_suffix %{!?with_default_php:%{ver_suffix}}
# https://repo.webtatic.com/yum/centos/5/SRPMS/repoview/php.html
# also from RHEL6/CentOS7
Patch220: php-5.3.3-CVE-2011-4153.patch
+Patch221: CVE-2019-11043.patch
Patch247: php-5.3.3-CVE-2014-2497.patch
%patch77 -p1
%patch220 -p1
+%patch221 -p1
%patch247 -p1