diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | php-pecl-memcache-3.0.5-get-mem-corrupt.patch | 89 | ||||
| -rw-r--r-- | php-pecl-memcache-3.0.6-fdcast.patch | 17 | ||||
| -rw-r--r-- | php-pecl-memcache.spec | 29 |
4 files changed, 128 insertions, 9 deletions
@@ -1,4 +1,4 @@ SRCDIR := $(shell pwd) NAME := $(shell basename $(SRCDIR)) -include ../common/Makefile +include ../../../common/Makefile diff --git a/php-pecl-memcache-3.0.5-get-mem-corrupt.patch b/php-pecl-memcache-3.0.5-get-mem-corrupt.patch new file mode 100644 index 0000000..0b7c66c --- /dev/null +++ b/php-pecl-memcache-3.0.5-get-mem-corrupt.patch @@ -0,0 +1,89 @@ +From 6e09e8db8d36de6a5020f5d517f62a8c16af8222 Mon Sep 17 00:00:00 2001 +From: "Vojtech Vitek (V-Teq)" <vvitek@redhat.com> +Date: Mon, 17 Oct 2011 16:17:51 +0200 +Subject: [PATCH] fix get/unserialize memory corruption + +Possible memory corruption (and segfault) after unserialising objects: +<?php +$obj = new StdClass; +$obj->obj = $obj; +$memcache = new Memcache; +$memcache->connect('127.0.0.1', 11211); +$memcache->set('x', $obj, false, 300); +$x = $memcache->get('x'); +$x = $memcache->get('x'); +$x = $memcache->get('x'); +$x = $memcache->get('x'); +$x = $memcache->get('x'); + +Patch by Paul Clifford. + +--- + memcache-3.0.5/memcache_pool.c | 15 +++++++-------- + 1 files changed, 7 insertions(+), 8 deletions(-) + +diff --git memcache-3.0.5/memcache_pool.c memcache-3.0.5/memcache_pool.c +index 420a773..e89ebce 100644 +--- memcache-3.0.5/memcache_pool.c ++++ memcache-3.0.5/memcache_pool.c +@@ -422,8 +422,8 @@ int mmc_unpack_value( + char *data = NULL; + unsigned long data_len; + +- zval value; +- INIT_ZVAL(value); ++ zval *object; ++ ALLOC_INIT_ZVAL(object); + + if (flags & MMC_COMPRESSED) { + if (mmc_uncompress(buffer->value.c, bytes, &data, &data_len) != MMC_OK) { +@@ -439,7 +439,6 @@ int mmc_unpack_value( + if (flags & MMC_SERIALIZED) { + php_unserialize_data_t var_hash; + const unsigned char *p = (unsigned char *)data; +- zval *object = &value; + + char key_tmp[MMC_MAX_KEY_LEN + 1]; + mmc_request_value_handler value_handler; +@@ -495,7 +494,7 @@ int mmc_unpack_value( + long val; + data[data_len] = '\0'; + val = strtol(data, NULL, 10); +- ZVAL_LONG(&value, val); ++ ZVAL_LONG(object, val); + break; + } + +@@ -503,17 +502,17 @@ int mmc_unpack_value( + double val = 0; + data[data_len] = '\0'; + sscanf(data, "%lg", &val); +- ZVAL_DOUBLE(&value, val); ++ ZVAL_DOUBLE(object, val); + break; + } + + case MMC_TYPE_BOOL: +- ZVAL_BOOL(&value, data_len == 1 && data[0] == '1'); ++ ZVAL_BOOL(object, data_len == 1 && data[0] == '1'); + break; + + default: + data[data_len] = '\0'; +- ZVAL_STRINGL(&value, data, data_len, 0); ++ ZVAL_STRINGL(object, data, data_len, 0); + + if (!(flags & MMC_COMPRESSED)) { + /* release buffer because it's now owned by the zval */ +@@ -522,7 +521,7 @@ int mmc_unpack_value( + } + + /* delegate to value handler */ +- return request->value_handler(key, key_len, &value, flags, cas, request->value_handler_param TSRMLS_CC); ++ return request->value_handler(key, key_len, object, flags, cas, request->value_handler_param TSRMLS_CC); + } + } + /* }}}*/ +-- +1.7.6.2 + diff --git a/php-pecl-memcache-3.0.6-fdcast.patch b/php-pecl-memcache-3.0.6-fdcast.patch new file mode 100644 index 0000000..50d3021 --- /dev/null +++ b/php-pecl-memcache-3.0.6-fdcast.patch @@ -0,0 +1,17 @@ + +Fix php_stream_cast() usage. + +--- memcache-3.0.6/memcache_pool.c.fdcast 2011-04-11 05:56:53.000000000 +0100 ++++ memcache-3.0.6/memcache_pool.c 2012-07-05 15:27:02.447511095 +0100 +@@ -746,9 +746,9 @@ static int mmc_server_connect(mmc_pool_t + } + + /* check connection and extract socket for select() purposes */ +- void *fd; ++ int fd; + +- if (!io->stream || php_stream_cast(io->stream, PHP_STREAM_AS_FD_FOR_SELECT, &fd, 1) != SUCCESS) { ++ if (!io->stream || php_stream_cast(io->stream, PHP_STREAM_AS_FD_FOR_SELECT, (void **)&fd, 1) != SUCCESS) { + mmc_server_seterror(mmc, errstr != NULL ? errstr : "Connection failed", errnum); + mmc_server_deactivate(pool, mmc TSRMLS_CC); + diff --git a/php-pecl-memcache.spec b/php-pecl-memcache.spec index 8ec62c4..33eb265 100644 --- a/php-pecl-memcache.spec +++ b/php-pecl-memcache.spec @@ -1,13 +1,12 @@ -%{!?phpname: %{expand: %%global phpname php}} %{!?__pecl: %{expand: %%global __pecl %{_bindir}/pecl}} %{!?php_extdir: %{expand: %%global php_extdir %(%{phpbindir}/php-config --extension-dir)}} %global pecl_name memcache Summary: Extension to work with the Memcached caching daemon -Name: %{phpname}-pecl-memcache +Name: php-pecl-memcache Version: 3.0.6 -Release: 3%{?dist} +Release: 4%{?dist} License: PHP Group: Development/Languages URL: http://pecl.php.net/package/%{pecl_name} @@ -17,16 +16,18 @@ Source2: xml2changelog # https://bugs.php.net/60284 Patch0: memcache-php54.patch +Patch1: php-pecl-memcache-3.0.6-fdcast.patch +Patch2: php-pecl-memcache-3.0.5-get-mem-corrupt.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: %{phpname}-devel >= 4.3.11, %{phpname}-pear, zlib-devel +BuildRequires: php-devel >= 4.3.11, php-pear, zlib-devel Requires(post): %{__pecl} Requires(postun): %{__pecl} -Requires: %{phpname}(zend-abi) = %{php_zend_api} -Requires: %{phpname}(api) = %{php_core_api} +Requires: php(zend-abi) = %{php_zend_api} +Requires: php(api) = %{php_core_api} -Provides: %{phpname}-pecl(%{pecl_name}) = %{version}-%{release} +Provides: php-pecl(%{pecl_name}) = %{version}-%{release} # RPM 4.8 @@ -50,7 +51,11 @@ Memcache can be used as a PHP session handler. %prep %setup -c -q -%patch0 -p0 -b .php54 +pushd memcache-%{version} +%patch0 -p1 -b .php54 +%patch1 -p1 -b .fdcast +%patch2 -p1 -b .get-mem-corrupt.patch +popd %{__php} -n %{SOURCE2} package.xml | tee CHANGELOG | head -n 5 @@ -165,6 +170,14 @@ fi %changelog +* Sat Jul 7 2012 Remi Collet <remi@fedoraproject.org> - 3.0.6-4 +- sync patch with rawhide + +* Thu Jul 5 2012 Joe Orton <jorton@redhat.com> - 3.0.6-4 +- fix php_stream_cast() usage +- fix memory corruption after unserialization (Paul Clifford) +- package license + * Sun Nov 13 2011 Remi Collet <remi@fedoraproject.org> - 3.0.6-3 - build against php 5.4 - add patch for ZTS build, see https://bugs.php.net/60284 |