From: Arkadiusz Miƛkiewicz Date: Fri, 25 Oct 2019 12:11:23 +0000 (+0200) Subject: - rel 50; backported fix for CVE-2019-11043 X-Git-Tag: auto/th/php53-5.3.29-50 X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=d03d1017b484b4496358c51d89fb2409a7156823;p=packages%2Fphp.git - rel 50; backported fix for CVE-2019-11043 --- diff --git a/CVE-2019-11043.patch b/CVE-2019-11043.patch new file mode 100644 index 0000000..a841677 --- /dev/null +++ b/CVE-2019-11043.patch @@ -0,0 +1,22 @@ +commit ab061f95ca966731b1c84cf5b7b20155c0a1c06a +Author: Jakub Zelenka +Date: Sat Oct 12 15:56:16 2019 +0100 + + Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043) + +diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c +index 24a7e5d56a..50f92981f1 100644 +--- a/sapi/fpm/fpm/fpm_main.c ++++ b/sapi/fpm/fpm/fpm_main.c +@@ -1209,8 +1209,8 @@ static void init_request_info(void) + path_info = script_path_translated + ptlen; + tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0)); + } else { +- path_info = env_path_info ? env_path_info + pilen - slen : NULL; +- tflag = (orig_path_info != path_info); ++ path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL; ++ tflag = path_info && (orig_path_info != path_info); + } + + if (tflag) { + diff --git a/php.spec b/php.spec index b331731..cdbc6b8 100644 --- a/php.spec +++ b/php.spec @@ -143,7 +143,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules. %undefine with_alternatives %endif -%define rel 49 +%define rel 50 %define orgname php %define ver_suffix 53 %define php_suffix %{!?with_default_php:%{ver_suffix}} @@ -255,6 +255,7 @@ Patch77: php-icu64.patch # https://repo.webtatic.com/yum/centos/5/SRPMS/repoview/php.html # also from RHEL6/CentOS7 Patch220: php-5.3.3-CVE-2011-4153.patch +Patch221: CVE-2019-11043.patch Patch247: php-5.3.3-CVE-2014-2497.patch @@ -2153,6 +2154,7 @@ gzip -dc %{SOURCE15} | tar xf - -C sapi/ %patch77 -p1 %patch220 -p1 +%patch221 -p1 %patch247 -p1