From 7991a88675a2a1d8a7683f88b301b11080b4093d Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Thu, 6 Jul 2017 00:05:14 +0200 Subject: [PATCH 1/6] move NEWS entry to the correct place, also bump the version --- NEWS | 10 +++++++--- configure.in | 2 +- main/php_version.h | 6 +++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/NEWS b/NEWS index 432cc80283b..b69d04f37c4 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| -?? ?? 2017, PHP 5.6.31 +?? ?? 2017, PHP 5.6.32 + +06 Jul 2017, PHP 5.6.31 - Core: . Fixed bug #73807 (Performance problem with processing post request over @@ -15,6 +17,10 @@ PHP NEWS GD: . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb) +mbstring: + . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, + CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) + OpenSSL: . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) @@ -259,8 +265,6 @@ WDDX: . Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb) . Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()). (Stas) - . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, - CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) - MSSQL: . Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle) diff --git a/configure.in b/configure.in index 33c771428c1..5813b5b8fff 100644 --- a/configure.in +++ b/configure.in @@ -119,7 +119,7 @@ int zend_sprintf(char *buffer, const char *format, ...); PHP_MAJOR_VERSION=5 PHP_MINOR_VERSION=6 -PHP_RELEASE_VERSION=31 +PHP_RELEASE_VERSION=32 PHP_EXTRA_VERSION="-dev" PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION" PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION` diff --git a/main/php_version.h b/main/php_version.h index becb2f7730b..3237383da17 100644 --- a/main/php_version.h +++ b/main/php_version.h @@ -2,7 +2,7 @@ /* edit configure.in to change version number */ #define PHP_MAJOR_VERSION 5 #define PHP_MINOR_VERSION 6 -#define PHP_RELEASE_VERSION 31 +#define PHP_RELEASE_VERSION 32 #define PHP_EXTRA_VERSION "-dev" -#define PHP_VERSION "5.6.31-dev" -#define PHP_VERSION_ID 50631 +#define PHP_VERSION "5.6.32-dev" +#define PHP_VERSION_ID 50632 From 390f64701de2ca12a7ece2e0df26c495900cab97 Mon Sep 17 00:00:00 2001 From: Ferenc Kovacs Date: Thu, 6 Jul 2017 00:10:07 +0200 Subject: [PATCH 2/6] add missing NEWS entry for #74087 and also fix the formatting --- NEWS | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index b69d04f37c4..7680270cba2 100644 --- a/NEWS +++ b/NEWS @@ -14,18 +14,22 @@ PHP NEWS . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (Derick) -GD: +- GD: . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb) -mbstring: +- mbstring: . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA) -OpenSSL: +- OpenSSL: . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (Stas) -WDDX: +- PCRE: + . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)). + (Stas) + +- WDDX: . Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas) 19 Jan 2017, PHP 5.6.30 From ec0ad331cd3914f2a4859f8ab159127dc6b332ac Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 6 Jul 2017 12:34:00 +0200 Subject: [PATCH 3/6] minor fix for web announce --- README.RELEASE_PROCESS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.RELEASE_PROCESS b/README.RELEASE_PROCESS index ba3019ba389..112d5036c26 100644 --- a/README.RELEASE_PROCESS +++ b/README.RELEASE_PROCESS @@ -130,8 +130,8 @@ highlight the major important things (security fixes) and when it is important to upgrade. a. Call php bin/createNewsEntry in your local phpweb checkout - Use category "releases" for all non-stable releases. - Use category "frontpage" for X.Y.0 non-stable releases only. + Use category "releases" for all stable releases. + Use category "frontpage" for X.Y.0 non-stable releases only (news only). b. Add the content for the news entry. Be sure to include the text: "THIS IS A DEVELOPMENT PREVIEW - DO NOT USE IT IN PRODUCTION!" From 9470b2016cf941732c3144598eb7db195446d910 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 6 Jul 2017 13:22:10 +0200 Subject: [PATCH 4/6] [ci skip] sync NEWS --- NEWS | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/NEWS b/NEWS index d3604ee6eb2..9c400e04374 100644 --- a/NEWS +++ b/NEWS @@ -2,6 +2,20 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? ????, PHP 7.2.0beta1 +- Core: + . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). + (Stas) + . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from + unserialize). (Nikita) + . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via + php_parse_date()). (Derick) + +- GD: + . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb) + +- OpenSSL: + . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). + (Stas) 06 Jul 2017, PHP 7.2.0alpha3 From 9ad0d0ca3c25306f78b5bf08949b10ca516f614c Mon Sep 17 00:00:00 2001 From: Anatol Belski Date: Thu, 6 Jul 2017 20:47:04 +0200 Subject: [PATCH 5/6] replace the stack var by a macro --- ext/standard/dl.c | 10 ++++------ main/build-defs.h.in | 1 + main/php_ini.c | 8 ++------ win32/build/config.w32.h.in | 1 + 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/ext/standard/dl.c b/ext/standard/dl.c index 050516639e1..5adae805ce6 100644 --- a/ext/standard/dl.c +++ b/ext/standard/dl.c @@ -116,17 +116,15 @@ PHPAPI int php_load_extension(char *filename, int type, int start_now) } else { spprintf(&libpath, 0, "%s%c%s", extension_dir, DEFAULT_SLASH, filename); /* SAFE */ } + if (VCWD_ACCESS(libpath, F_OK)) { /* If file does not exist, consider as extension name and build file name */ - const char *libpath_prefix = ""; char *orig_libpath = libpath; -#if PHP_WIN32 - libpath_prefix = "php_"; -#endif + if (slash_suffix) { - spprintf(&libpath, 0, "%s%s%s." PHP_SHLIB_SUFFIX, extension_dir, libpath_prefix, filename); /* SAFE */ + spprintf(&libpath, 0, "%s" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, filename); /* SAFE */ } else { - spprintf(&libpath, 0, "%s%c%s%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, libpath_prefix, filename); /* SAFE */ + spprintf(&libpath, 0, "%s%c" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, filename); /* SAFE */ } if (VCWD_ACCESS(libpath, F_OK)) { diff --git a/main/build-defs.h.in b/main/build-defs.h.in index c82982a32a1..fb9bc7f8818 100644 --- a/main/build-defs.h.in +++ b/main/build-defs.h.in @@ -89,3 +89,4 @@ #define PHP_CONFIG_FILE_PATH "@EXPANDED_PHP_CONFIG_FILE_PATH@" #define PHP_CONFIG_FILE_SCAN_DIR "@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@" #define PHP_SHLIB_SUFFIX "@SHLIB_DL_SUFFIX_NAME@" +#define PHP_SHLIB_EXT_PREFIX "" diff --git a/main/php_ini.c b/main/php_ini.c index 8b53f304413..98896a5f866 100644 --- a/main/php_ini.c +++ b/main/php_ini.c @@ -375,16 +375,12 @@ static void php_load_zend_extension_cb(void *arg) if (VCWD_ACCESS(libpath, F_OK)) { /* If file does not exist, consider as extension name and build file name */ - const char *libpath_prefix = ""; char *orig_libpath = libpath; -#if PHP_WIN32 - libpath_prefix = "php_"; -#endif if (slash_suffix) { - spprintf(&libpath, 0, "%s%s%s." PHP_SHLIB_SUFFIX, extension_dir, libpath_prefix, filename); /* SAFE */ + spprintf(&libpath, 0, "%s" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, filename); /* SAFE */ } else { - spprintf(&libpath, 0, "%s%c%s%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, libpath_prefix, filename); /* SAFE */ + spprintf(&libpath, 0, "%s%c" PHP_SHLIB_EXT_PREFIX "%s." PHP_SHLIB_SUFFIX, extension_dir, DEFAULT_SLASH, filename); /* SAFE */ } if (VCWD_ACCESS(libpath, F_OK)) { diff --git a/win32/build/config.w32.h.in b/win32/build/config.w32.h.in index 573eb95a94e..9572f65d821 100644 --- a/win32/build/config.w32.h.in +++ b/win32/build/config.w32.h.in @@ -136,6 +136,7 @@ #define HAVE_FNMATCH #define HAVE_GLOB #define PHP_SHLIB_SUFFIX "dll" +#define PHP_SHLIB_EXT_PREFIX "php_" #define HAVE_SQLDATASOURCES /* Win32 supports strcoll */ From fc336c78e7106d237cf98f9579790c23ca81c60a Mon Sep 17 00:00:00 2001 From: Dmitry Stogov Date: Thu, 6 Jul 2017 23:06:11 +0300 Subject: [PATCH 6/6] Added missed dump of "main" script code --- ext/opcache/Optimizer/zend_optimizer.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/opcache/Optimizer/zend_optimizer.c b/ext/opcache/Optimizer/zend_optimizer.c index cfe10185be1..89f5de800d4 100644 --- a/ext/opcache/Optimizer/zend_optimizer.c +++ b/ext/opcache/Optimizer/zend_optimizer.c @@ -1233,6 +1233,8 @@ int zend_optimize_script(zend_script *script, zend_long optimization_level, zend } if (debug_level & ZEND_DUMP_AFTER_OPTIMIZER) { + zend_dump_op_array(&script->main_op_array, ZEND_DUMP_RT_CONSTANTS, "after optimizer", NULL); + ZEND_HASH_FOREACH_PTR(&script->function_table, op_array) { zend_dump_op_array(op_array, ZEND_DUMP_RT_CONSTANTS, "after optimizer", NULL); } ZEND_HASH_FOREACH_END();