summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--php-pecl-zendopcache-CVE-2015-1352.patch26
-rw-r--r--php-pecl-zendopcache.spec30
2 files changed, 49 insertions, 7 deletions
diff --git a/php-pecl-zendopcache-CVE-2015-1352.patch b/php-pecl-zendopcache-CVE-2015-1352.patch
new file mode 100644
index 0000000..c6d8d28
--- /dev/null
+++ b/php-pecl-zendopcache-CVE-2015-1352.patch
@@ -0,0 +1,26 @@
+From 9a88100573c40b9f59baa2f2d138809eb47b4317 Mon Sep 17 00:00:00 2001
+From: Xinchen Hui <laruence@php.net>
+Date: Thu, 8 Jan 2015 16:32:20 +0800
+Subject: [PATCH] Fixed bug #68677 (Use After Free in OPcache)
+
+(cherry picked from commit 777c39f4042327eac4b63c7ee87dc1c7a09a3115)
+---
+ zend_shared_alloc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/zend_shared_alloc.c b/zend_shared_alloc.c
+index bbe26e8..8880b88 100644
+--- a/zend_shared_alloc.c
++++ b/zend_shared_alloc.c
+@@ -346,10 +346,10 @@ void *_zend_shared_memdup(void *source, size_t size, zend_bool free_source TSRML
+ retval = ZCG(mem);;
+ ZCG(mem) = (void*)(((char*)ZCG(mem)) + ZEND_ALIGNED_SIZE(size));
+ memcpy(retval, source, size);
++ zend_shared_alloc_register_xlat_entry(source, retval);
+ if (free_source) {
+ interned_efree((char*)source);
+ }
+- zend_shared_alloc_register_xlat_entry(source, retval);
+ return retval;
+ }
+
diff --git a/php-pecl-zendopcache.spec b/php-pecl-zendopcache.spec
index 5d1681f..4dfd9e1 100644
--- a/php-pecl-zendopcache.spec
+++ b/php-pecl-zendopcache.spec
@@ -15,7 +15,7 @@
Name: %{?scl_prefix}php-pecl-%{pecl_name}
Version: 7.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Zend OPcache
Group: Development/Libraries
@@ -27,12 +27,12 @@ Source0: http://pecl.php.net/get/%{pecl_name}-%{version}.tgz
Source1: %{plug_name}.ini
Source2: %{plug_name}-default.blacklist
+Patch0: %{name}-CVE-2015-1352.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: %{?scl_prefix}php-devel >= 5.2.0
BuildRequires: %{?scl_prefix}php-pear
-Requires(post): %{__pecl}
-Requires(postun): %{__pecl}
Requires: %{?scl_prefix}php(zend-abi) = %{php_zend_api}
Requires: %{?scl_prefix}php(api) = %{php_core_api}
%{?_sclreq:Requires: %{?scl_prefix}runtime%{?_sclreq}%{?_isa}}
@@ -74,12 +74,16 @@ bytecode optimization patterns that make code execution faster.
%setup -q -c
mv %{pecl_name}-%{version} NTS
+pushd NTS
+%patch0 -p1 -b .cve1352
+
# Sanity check, really often broken
-extver=$(sed -n '/#define PHP_ZENDOPCACHE_VERSION/{s/.* "//;s/".*$//;p}' NTS/ZendAccelerator.h)
+extver=$(sed -n '/#define PHP_ZENDOPCACHE_VERSION/{s/.* "//;s/".*$//;p}' ZendAccelerator.h)
if test "x${extver}" != "x%{version}%{?prever:-%{prever}}"; then
: Error: Upstream extension version is ${extver}, expecting %{version}%{?prever:-%{prever}}.
exit 1
fi
+popd
%if %{with_zts}
# Duplicate source tree for NTS / ZTS build
@@ -168,12 +172,20 @@ REPORT_EXIT_STATUS=1 \
%endif
-%post
-%{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || :
+# when pear installed alone, after us
+%triggerin -- %{?scl_prefix}php-pear
+if [ -x %{__pecl} ] ; then
+ %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || :
+fi
+# posttrans as pear can be installed after us
+%posttrans
+if [ -x %{__pecl} ] ; then
+ %{pecl_install} %{pecl_xmldir}/%{name}.xml >/dev/null || :
+fi
%postun
-if [ $1 -eq 0 ] ; then
+if [ $1 -eq 0 -a -x %{__pecl} ] ; then
%{pecl_uninstall} %{pecl_name} >/dev/null || :
fi
@@ -195,6 +207,10 @@ fi
%changelog
+* Wed Apr 8 2015 Remi Collet <remi@fedoraproject.org> - 7.0.4-2
+- fix use after free in opcache CVE-2015-1351
+- drop runtime dependency on pear, new scriptlets
+
* Mon Jan 12 2015 Remi Collet <remi@fedoraproject.org> - 7.0.4-1
- Update to 7.0.4
- disable opcache.fast_shutdown in default configuration