remi pushed to php-pecl-zendopcache (epel7). "fix use after free in opcache CVE-2015-1351"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 8 11:56:01 UTC 2015
>From 9335c052a7504bed602069d09fb9f5b9b20f0672 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi at fedoraproject.org>
Date: Wed, 8 Apr 2015 13:55:52 +0200
Subject: fix use after free in opcache CVE-2015-1351
diff --git a/php-pecl-zendopcache.spec b/php-pecl-zendopcache.spec
index 62d4ea5..1267463 100644
--- a/php-pecl-zendopcache.spec
+++ b/php-pecl-zendopcache.spec
@@ -13,7 +13,7 @@
Name: php-pecl-%{pecl_name}
Version: 7.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The Zend OPcache
Group: Development/Libraries
@@ -25,6 +25,8 @@ Source0: http://pecl.php.net/get/%{pecl_name}-%{version}.tgz
Source1: %{plug_name}.ini
Source2: %{plug_name}-default.blacklist
+Patch0: %{pecl_name}-CVE-2015-1352.patch
+
BuildRequires: php-devel >= 5.2.0
BuildRequires: php-pear
@@ -57,6 +59,17 @@ bytecode optimization patterns that make code execution faster.
%setup -q -c
mv %{pecl_name}-%{version} NTS
+pushd NTS
+%patch0 -p1 -b .cve1352
+
+# Sanity check, really often broken
+extver=$(sed -n '/#define PHP_ZENDOPCACHE_VERSION/{s/.* "//;s/".*$//;p}' ZendAccelerator.h)
+if test "x${extver}" != "x%{version}%{?prever:-%{prever}}"; then
+ : Error: Upstream extension version is ${extver}, expecting %{version}%{?prever:-%{prever}}.
+ exit 1
+fi
+popd
+
%build
cd NTS
@@ -118,6 +131,9 @@ fi
%changelog
+* Wed Apr 8 2015 Remi Collet <remi at fedoraproject.org> - 7.0.4-2
+- fix use after free in opcache CVE-2015-1351
+
* Mon Jan 12 2015 Remi Collet <remi at fedoraproject.org> - 7.0.4-1
- Update to 7.0.4
diff --git a/zendopcache-CVE-2015-1352.patch b/zendopcache-CVE-2015-1352.patch
new file mode 100644
index 0000000..c6d8d28
--- /dev/null
+++ b/zendopcache-CVE-2015-1352.patch
@@ -0,0 +1,26 @@
+From 9a88100573c40b9f59baa2f2d138809eb47b4317 Mon Sep 17 00:00:00 2001
+From: Xinchen Hui <laruence at php.net>
+Date: Thu, 8 Jan 2015 16:32:20 +0800
+Subject: [PATCH] Fixed bug #68677 (Use After Free in OPcache)
+
+(cherry picked from commit 777c39f4042327eac4b63c7ee87dc1c7a09a3115)
+---
+ zend_shared_alloc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/zend_shared_alloc.c b/zend_shared_alloc.c
+index bbe26e8..8880b88 100644
+--- a/zend_shared_alloc.c
++++ b/zend_shared_alloc.c
+@@ -346,10 +346,10 @@ void *_zend_shared_memdup(void *source, size_t size, zend_bool free_source TSRML
+ retval = ZCG(mem);;
+ ZCG(mem) = (void*)(((char*)ZCG(mem)) + ZEND_ALIGNED_SIZE(size));
+ memcpy(retval, source, size);
++ zend_shared_alloc_register_xlat_entry(source, retval);
+ if (free_source) {
+ interned_efree((char*)source);
+ }
+- zend_shared_alloc_register_xlat_entry(source, retval);
+ return retval;
+ }
+
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/php-pecl-zendopcache.git/commit/?h=epel7&id=9335c052a7504bed602069d09fb9f5b9b20f0672
More information about the scm-commits
mailing list