Projects
home:rottame:vhosts-ng:php81
php8
Log In
Username
Password
Problem getting expanded diff: bad link: conflict in file php8.spec
×
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 13
View file
php8.changes
Changed
@@ -1,9 +1,33 @@ ------------------------------------------------------------------- +Thu Aug 29 09:38:34 UTC 2024 - Arjen de Korte <suse+build@de-korte.org> + +- Fix build with GCC14 + +------------------------------------------------------------------- +Thu Jun 20 09:40:11 UTC 2024 - pgajdos@suse.com + +- drop unmaintained apache-rex usage + +------------------------------------------------------------------- +Fri Jun 7 07:13:39 UTC 2024 - pgajdos@suse.com + +- version update to 8.1.29 + * This is a security release. +- modified patches + % php-ar-flags.patch (refreshed) + +------------------------------------------------------------------- Fri May 31 13:47:27 UTC 2024 - Angelo Grossini <angelo@intercom.it> - set session.save_path to /tmp ------------------------------------------------------------------- +Thu May 30 19:18:43 UTC 2024 - Arjen de Korte <suse+build@de-korte.org> + +- Fix check for newer versions of ICU + + php-fix-newer-versions-icu.patch + +------------------------------------------------------------------- Mon Apr 15 07:34:58 UTC 2024 - pgajdos@suse.com - version update to 8.1.28
View file
php8.spec
Changed
@@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -58,7 +58,7 @@ %bcond_without sodium Name: %{pprefix}%{php_name}%{psuffix} -Version: 8.1.28 +Version: 8.1.29 Release: 0 Summary: Interpreter for the PHP scripting language version 8 License: MIT AND PHP-3.01 @@ -95,7 +95,8 @@ Patch22: php-date-regenerate-lexers.patch # PATCH-FEATURE-UPSTREAM https://github.com/php/php-src/pull/6564 Patch19: php-build-reproducible-phar.patch -Patch1000: session-save-path.patch +# PATCH-FIX-UPSTREAM https://github.com/php/php-src/pull/14186 +Patch20: php-fix-newer-versions-icu.patch BuildRequires: apache-rpm-macros BuildRequires: autoconf BuildRequires: bison @@ -161,13 +162,13 @@ BuildRequires: pkgconfig(libargon2) %endif %if "%{flavor}" == "test" -BuildRequires: apache-rex BuildRequires: mod_php_any = %{version} BuildRequires: php-cli = %{version} BuildRequires: php-fpm = %{version} -%apache_rex_deps %endif +Patch1000: session-save-path.patch + %if "%{flavor}" == "" Requires: php-sapi = %{version} Requires: timezone @@ -1096,8 +1097,8 @@ ./buildconf --force # export flags -CFLAGS="%{optflags} -O3 -fPIE -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing" -CXXFLAGS="%{optflags} -O3 -fPIE -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing" +CFLAGS="%{optflags} -O3 -fPIE -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -fpermissive" +CXXFLAGS="%{optflags} -O3 -fPIE -fPIC -DPIC -D_GNU_SOURCE -fno-strict-aliasing -fpermissive" %if %{with firebird} CFLAGS="$CFLAGS -I/usr/include/firebird" CXXFLAGS="$CXXFLAGS -I/usr/include/firebird" @@ -1312,9 +1313,6 @@ done set -x unset NO_INTERACTION REPORT_EXIT_STATUS -# Apache HTTPD runnable examples test -%apache_rex_check -m libs mod_php-basic -%apache_rex_check -m libs -b sapi/fpm mod_proxy_fcgi-php-fpm mod_proxy_fcgi-php-fpm-auth-RewriteRule mod_proxy_fcgi-php-fpm-CGIPassAuth exit 0 %endif
View file
php-ar-flags.patch
Changed
@@ -1,8 +1,8 @@ -Index: php-8.1.19/configure.ac +Index: php-8.1.29/configure.ac =================================================================== ---- php-8.1.19.orig/configure.ac -+++ php-8.1.19/configure.ac -@@ -1543,7 +1543,7 @@ PHP_CONFIGURE_PART(Configuring libtool) +--- php-8.1.29.orig/configure.ac ++++ php-8.1.29/configure.ac +@@ -1570,7 +1570,7 @@ PHP_CONFIGURE_PART(Configuring libtool) dnl Silence warning: `ar: 'u' modifier ignored since 'D' is the default` dnl See https://github.com/php/php-src/pull/3017
View file
php-fix-newer-versions-icu.patch
Added
@@ -0,0 +1,36 @@ +diff -purN a/build/php.m4 b/build/php.m4 +--- a/build/php.m4 2024-04-10 07:53:50.000000000 +0200 ++++ b/build/php.m4 2024-05-30 21:55:29.199328943 +0200 +@@ -1929,9 +1929,8 @@ AC_DEFUN(PHP_SETUP_ICU, + ICU_CFLAGS="$ICU_CFLAGS -DU_NO_DEFAULT_INCLUDE_UTF_HEADERS=1" + ICU_CXXFLAGS="$ICU_CXXFLAGS -DUNISTR_FROM_CHAR_EXPLICIT=explicit -DUNISTR_FROM_STRING_EXPLICIT=explicit" + +- if test "$PKG_CONFIG icu-io --atleast-version=60"; then +- ICU_CFLAGS="$ICU_CFLAGS -DU_HIDE_OBSOLETE_UTF_OLD_H=1" +- fi ++ AS_IF($PKG_CONFIG icu-io --atleast-version=60, ++ ICU_CFLAGS="$ICU_CFLAGS -DU_HIDE_OBSOLETE_UTF_OLD_H=1") + ) + + dnl +diff -purN a/ext/intl/config.m4 b/ext/intl/config.m4 +--- a/ext/intl/config.m4 2024-04-10 07:53:50.000000000 +0200 ++++ b/ext/intl/config.m4 2024-05-30 21:56:24.286103723 +0200 +@@ -85,7 +85,16 @@ if test "$PHP_INTL" != "no"; then + breakiterator/codepointiterator_methods.cpp" + + PHP_REQUIRE_CXX() +- PHP_CXX_COMPILE_STDCXX(11, mandatory, PHP_INTL_STDCXX) ++ ++ AC_MSG_CHECKING(if intl requires -std=gnu++17) ++ AS_IF($PKG_CONFIG icu-uc --atleast-version=74, ++ AC_MSG_RESULT(yes) ++ PHP_CXX_COMPILE_STDCXX(17, mandatory, PHP_INTL_STDCXX) ++ , ++ AC_MSG_RESULT(no) ++ PHP_CXX_COMPILE_STDCXX(11, mandatory, PHP_INTL_STDCXX) ++ ) ++ + PHP_INTL_CXX_FLAGS="$INTL_COMMON_FLAGS $PHP_INTL_STDCXX $ICU_CXXFLAGS" + case $host_alias in + *cygwin*) PHP_INTL_CXX_FLAGS="$PHP_INTL_CXX_FLAGS -D_POSIX_C_SOURCE=200809L"
View file
_link
Changed
@@ -1,4 +1,4 @@ -<link project="openSUSE.org:devel:languages:php:php81" baserev="80ad80e92fbca1a543495e463e3ce9a9"> +<link project="openSUSE.org:devel:languages:php:php81" baserev="aa0d17ef66777d848be5e4fde1aabbf4"> <patches> <branch/> </patches>
View file
php-8.1.28.tar.xz.asc
Deleted
@@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmYWKhEACgkQ+cOdwLlp -hUT1Pw/+LcTKGIyVNKJNhpk5uyQXrXmd/5hKbHdPw7Sl6OmghVveEhBm/R3kuQv0 -8XvQ6/egdJGYVg7gVjAhIztfuZHjj5/4Se7wX9mMs+Agdh5/tobA7f1V5N4ft8RE -O2m6lFICtlbodJl1TEZYNkqOk8nQP+DQKuX/vJU96x+I0e3FDEaFmkgsSTuHboiw -VoOX2bSXYmaETNJ3cEbhirTQyRb31geXw+mwuYjEvlNg2UGwMj85mXSYmd1+T7jU -Dv3ZbVaMjsRi63K73YDKCUMI30k0FlvG51HYW+4tm3l+W9Y3bjTEfpfF+7Oy6uW7 -K/Qb/Cq1haQPj0VKzxabFnfoIoQyHlbiFPFs05pLRpM4QegvLne0ma1Ec9eOGVUe -4FNSkhnP5WFj5mwErory4BaFq9xk9TjfMSu/jLzBRXwQZWFL5hoejD0A2FzETU4x -t0/Rb3/sKRK4imZkogLnDIx7ae5FZ5exAn6sZjFg5bwd95kHwVOzT+9sOiMWAYhH -YAE5zKd6zUr7RBzuAd9okXebELdnMxEjfvVb2Ew/14E4fxHbznD3VjEEyMsF3R85 -1jPM6rYCWPXptM4AeCd/HJzCnHs5KFqNjn6FZ1yCHCW3fyLd52lhqcFMc4cRI5Aw -xJpwdMU0TvqBV8YE0rUUURvcFT9l7ArB8dBE/vHKzIZeqhK8fSI= -=jB34 ------END PGP SIGNATURE-----
View file
php-8.1.29.tar.xz.asc
Added
@@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmZgAzUACgkQ+cOdwLlp +hUQuBQ//aXhOIXcCE5eNTtFFfMgM4xyVteKm7zTVD6kJL+ibaMTDznqCEwNzcsvY +pqMm+otJydCZyfSj0gUe9LvbnoUTFNXI7UZ5HvHfZPHnG6ntRAMgXMA8+jYRaJ31 +ll6DaamGwQtbXuKurovI2Y53K1UVsc39bo71viBgnmwCS/vQWQ4se+7nChGOxjgZ +D2fZD87ytsDAY0UHRld8RLS1RAI7YTX7+I8dLBunSwvlOeNxNKKhoIuxfAii2zug +DRsAZ/bGYw632a2jhcOjNVA1c6qlzyTcYlqj7K3etvdVNc0InsqveVQkqXzmEijN ++FQ2ssp1LRm8zXf9UWLi8fWZ16pIqT9BdDY4LXoHjXGxENHMMUFnI+HDXWuyjS08 +JzKVymxaUnKCOkFmkrGIiFCftHFhPPvrTIsADam4gmyoBBBMhcyEWEoaE0ppM+Br +nEVCOCsfHyRpjUy1JaeqV4Js95+XRHrgTrbAlEMI4HGspPATYHXyJTRr9SIyxL1p +EeWzD7mJkGvV4dow2WJk2grhwVlgcQW0fzv3PCdvFXPnaBfPU8ufFXoqm6dxKwlc +6gZM9QipN5s4dqY+hjXZzRMJOAcZRdjKposQoPmpYTzZzbVSKJvb78SgO8Zd6Q4n +kqRK6oB59KGJZHdUnrJbs0goHuYT2apuA0DJryMAk3k3cB9nyTY= +=X0Js +-----END PGP SIGNATURE-----
View file
php-8.1.28.tar.xz/.github/workflows/push.yml -> php-8.1.29.tar.xz/.github/workflows/push.yml
Changed
@@ -41,6 +41,7 @@ CXX: ccache g++ jobs: LINUX_X64: + if: github.repository == 'php/php-src' || github.event_name == 'pull_request' strategy: fail-fast: false matrix: @@ -94,6 +95,7 @@ - name: Verify generated files are up to date uses: ./.github/actions/verify-generated-files MACOS_DEBUG_NTS: + if: github.repository == 'php/php-src' || github.event_name == 'pull_request' runs-on: macos-12 steps: - name: git checkout @@ -126,6 +128,7 @@ - name: Verify generated files are up to date uses: ./.github/actions/verify-generated-files WINDOWS: + if: github.repository == 'php/php-src' || github.event_name == 'pull_request' name: WINDOWS_X64_ZTS runs-on: windows-2019 env:
View file
php-8.1.28.tar.xz/NEWS -> php-8.1.29.tar.xz/NEWS
Changed
@@ -1,5 +1,29 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| +06 Jun 2024, PHP 8.1.29 + +- CGI: + . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection + in PHP-CGI). (CVE-2024-4577) (nielsdos) + +- Filter: + . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). + (CVE-2024-5458) (nielsdos) + +- OpenSSL: + . The openssl_private_decrypt function in PHP, when using PKCS1 padding + (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack + unless it is used with an OpenSSL version that includes the changes from this pull + request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). + These changes are part of OpenSSL 3.2 and have also been backported to stable + versions of various Linux distributions, as well as to the PHP builds provided for + Windows since the previous release. All distributors and builders should ensure that + this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) + +- Standard: + . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). + (CVE-2024-5585) (nielsdos) + 11 Apr 2024, PHP 8.1.28 - Standard: @@ -27,7 +51,7 @@ - FPM: . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval). (Patrick Prasse) - + - Intl: . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos)
View file
php-8.1.28.tar.xz/Zend/zend.h -> php-8.1.29.tar.xz/Zend/zend.h
Changed
@@ -20,7 +20,7 @@ #ifndef ZEND_H #define ZEND_H -#define ZEND_VERSION "4.1.28" +#define ZEND_VERSION "4.1.29" #define ZEND_ENGINE_3
View file
php-8.1.28.tar.xz/configure -> php-8.1.29.tar.xz/configure
Changed
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for PHP 8.1.28. +# Generated by GNU Autoconf 2.72 for PHP 8.1.29. # # Report bugs to <https://github.com/php/php-src/issues>. # @@ -756,8 +756,8 @@ # Identity of this package. PACKAGE_NAME='PHP' PACKAGE_TARNAME='php' -PACKAGE_VERSION='8.1.28' -PACKAGE_STRING='PHP 8.1.28' +PACKAGE_VERSION='8.1.29' +PACKAGE_STRING='PHP 8.1.29' PACKAGE_BUGREPORT='https://github.com/php/php-src/issues' PACKAGE_URL='https://www.php.net' @@ -1796,7 +1796,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures PHP 8.1.28 to adapt to many kinds of systems. +'configure' configures PHP 8.1.29 to adapt to many kinds of systems. Usage: $0 OPTION... VAR=VALUE... @@ -1868,7 +1868,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of PHP 8.1.28:";; + short | recursive ) echo "Configuration of PHP 8.1.29:";; esac cat <<\_ACEOF @@ -2333,7 +2333,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -PHP configure 8.1.28 +PHP configure 8.1.29 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -3090,7 +3090,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by PHP $as_me 8.1.28, which was +It was created by PHP $as_me 8.1.29, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -4521,7 +4521,7 @@ ac_IFS=$IFS; IFS="." -set $(echo 8.1.28 | "${SED}" 's/\(0-9\.*\)\(.*\)/\1\.\2/') +set $(echo 8.1.29 | "${SED}" 's/\(0-9\.*\)\(.*\)/\1\.\2/') IFS=$ac_IFS PHP_MAJOR_VERSION=$1 PHP_MINOR_VERSION=$2 @@ -101475,7 +101475,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by PHP $as_me 8.1.28, which was +This file was extended by PHP $as_me 8.1.29, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -101544,7 +101544,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -PHP config.status 8.1.28 +PHP config.status 8.1.29 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\"
View file
php-8.1.28.tar.xz/configure.ac -> php-8.1.29.tar.xz/configure.ac
Changed
@@ -17,7 +17,7 @@ dnl ---------------------------------------------------------------------------- AC_PREREQ(2.68) -AC_INIT(PHP,8.1.28,https://github.com/php/php-src/issues,php,https://www.php.net) +AC_INIT(PHP,8.1.29,https://github.com/php/php-src/issues,php,https://www.php.net) AC_CONFIG_SRCDIR(main/php_version.h) AC_CONFIG_AUX_DIR(build) AC_PRESERVE_HELP_ORDER
View file
php-8.1.28.tar.xz/ext/filter/logical_filters.c -> php-8.1.29.tar.xz/ext/filter/logical_filters.c
Changed
@@ -89,7 +89,7 @@ #define FORMAT_IPV4 4 #define FORMAT_IPV6 6 -static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip8); +static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip8); static int php_filter_parse_int(const char *str, size_t str_len, zend_long *ret) { /* {{{ */ zend_long ctx_value; @@ -580,6 +580,14 @@ return 1; } +static bool php_filter_is_valid_ipv6_hostname(const char *s, size_t l) +{ + const char *e = s + l; + const char *t = e - 1; + + return *s == '' && *t == '' && _php_filter_validate_ipv6(s + 1, l - 2, NULL); +} + void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ { php_url *url; @@ -600,7 +608,7 @@ if (url->scheme != NULL && (zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) { - char *e, *s, *t; + const char *s; size_t l; if (url->host == NULL) { @@ -609,17 +617,14 @@ s = ZSTR_VAL(url->host); l = ZSTR_LEN(url->host); - e = s + l; - t = e - 1; - - /* An IPv6 enclosed by square brackets is a valid hostname */ - if (*s == '' && *t == '' && _php_filter_validate_ipv6((s + 1), l - 2, NULL)) { - php_url_free(url); - return; - } - // Validate domain - if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) { + if ( + /* An IPv6 enclosed by square brackets is a valid hostname.*/ + !php_filter_is_valid_ipv6_hostname(s, l) && + /* Validate domain. + * This includes a loose check for an IPv4 address. */ + !_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME) + ) { php_url_free(url); RETURN_VALIDATION_FAILED } @@ -753,15 +758,15 @@ } /* }}} */ -static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip8) /* {{{ */ +static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip8) /* {{{ */ { int compressed_pos = -1; int blocks = 0; int num, n, i; char *ipv4; - char *end; + const char *end; int ip4elm4; - char *s = str; + const char *s = str; if (!memchr(str, ':', str_len)) { return 0;
View file
php-8.1.29.tar.xz/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
Added
@@ -0,0 +1,41 @@ +--TEST-- +GHSA-w8qr-v226-r27w +--EXTENSIONS-- +filter +--FILE-- +<?php + +function test(string $input) { + var_dump(filter_var($input, FILTER_VALIDATE_URL)); +} + +echo "--- These ones should fail ---\n"; +test("http://test@127.0.0.1"); +test("http://test@::1"); +test("http://test@::1"); +test("http://test@::1"); +test("http://php.net\\@aliyun.com/aaa.do"); +test("http://test@2001:db8:3333:4444:5555:6666:1.2.3.4"); +test("http://test@2001:db8:3333:4444:5555:6666:1.2.3.4"); +test("http://test@2001:db8:3333:4444:5555:6666:1.2.3.4"); + +echo "--- These ones should work ---\n"; +test("http://test@127.0.0.1"); +test("http://test@2001:db8:3333:4444:5555:6666:1.2.3.4"); +test("http://test@::1"); + +?> +--EXPECT-- +--- These ones should fail --- +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +bool(false) +--- These ones should work --- +string(21) "http://test@127.0.0.1" +string(50) "http://test@2001:db8:3333:4444:5555:6666:1.2.3.4" +string(17) "http://test@::1"
View file
php-8.1.28.tar.xz/ext/standard/proc_open.c -> php-8.1.29.tar.xz/ext/standard/proc_open.c
Changed
@@ -546,48 +546,39 @@ smart_str_appendc(str, '"'); } -static inline int stricmp_end(const char* suffix, const char* str) { - size_t suffix_len = strlen(suffix); - size_t str_len = strlen(str); +static bool is_executed_by_cmd(const char *prog_name, size_t prog_name_length) +{ + size_t out_len; + WCHAR long_nameMAX_PATH; + WCHAR full_nameMAX_PATH; + LPWSTR file_part = NULL; - if (suffix_len > str_len) { - return -1; /* Suffix is longer than string, cannot match. */ - } + wchar_t *prog_name_wide = php_win32_cp_conv_any_to_w(prog_name, prog_name_length, &out_len); - /* Compare the end of the string with the suffix, ignoring case. */ - return _stricmp(str + (str_len - suffix_len), suffix); -} + if (GetLongPathNameW(prog_name_wide, long_name, MAX_PATH) == 0) { + /* This can fail for example with ERROR_FILE_NOT_FOUND (short path resolution only works for existing files) + * in which case we'll pass the path verbatim to the FullPath transformation. */ + lstrcpynW(long_name, prog_name_wide, MAX_PATH); + } -static bool is_executed_by_cmd(const char *prog_name) -{ - /* If program name is cmd.exe, then return true. */ - if (_stricmp("cmd.exe", prog_name) == 0 || _stricmp("cmd", prog_name) == 0 - || stricmp_end("\\cmd.exe", prog_name) == 0 || stricmp_end("\\cmd", prog_name) == 0) { - return true; - } + free(prog_name_wide); + prog_name_wide = NULL; - /* Find the last occurrence of the directory separator (backslash or forward slash). */ - char *last_separator = strrchr(prog_name, '\\'); - char *last_separator_fwd = strrchr(prog_name, '/'); - if (last_separator_fwd && (!last_separator || last_separator < last_separator_fwd)) { - last_separator = last_separator_fwd; + if (GetFullPathNameW(long_name, MAX_PATH, full_name, &file_part) == 0 || file_part == NULL) { + return false; } - /* Find the last dot in the filename after the last directory separator. */ - char *extension = NULL; - if (last_separator != NULL) { - extension = strrchr(last_separator, '.'); + bool uses_cmd = false; + if (_wcsicmp(file_part, L"cmd.exe") == 0 || _wcsicmp(file_part, L"cmd") == 0) { + uses_cmd = true; } else { - extension = strrchr(prog_name, '.'); - } - - if (extension == NULL || extension == prog_name) { - /* No file extension found, it is not batch file. */ - return false; + const WCHAR *extension_dot = wcsrchr(file_part, L'.'); + if (extension_dot && (_wcsicmp(extension_dot, L".bat") == 0 || _wcsicmp(extension_dot, L".cmd") == 0)) { + uses_cmd = true; + } } - /* Check if the file extension is ".bat" or ".cmd" which is always executed by cmd.exe. */ - return _stricmp(extension, ".bat") == 0 || _stricmp(extension, ".cmd") == 0; + return uses_cmd; } static zend_string *create_win_command_from_args(HashTable *args) @@ -606,7 +597,7 @@ } if (is_prog_name) { - is_cmd_execution = is_executed_by_cmd(ZSTR_VAL(arg_str)); + is_cmd_execution = is_executed_by_cmd(ZSTR_VAL(arg_str), ZSTR_LEN(arg_str)); } else { smart_str_appendc(&str, ' '); }
View file
php-8.1.29.tar.xz/ext/standard/tests/general_functions/ghsa-9fcc-425m-g385_001.phpt
Added
@@ -0,0 +1,56 @@ +--TEST-- +GHSA-9fcc-425m-g385 - bypass CVE-2024-1874 - batch file variation +--SKIPIF-- +<?php +if( substr(PHP_OS, 0, 3) != "WIN" ) + die('skip Run only on Windows'); +if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); +?> +--FILE-- +<?php + +$batch_file_content = <<<EOT +@echo off +powershell -Command "Write-Output '%0%'" +powershell -Command "Write-Output '%1%'" +EOT; +$batch_file_path = __DIR__ . '/ghsa-9fcc-425m-g385_001.bat'; + +file_put_contents($batch_file_path, $batch_file_content); + +$descriptorspec = STDIN, STDOUT, STDOUT; + +$proc = proc_open($batch_file_path . ".", "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open($batch_file_path . " ", "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open($batch_file_path . ". ", "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open($batch_file_path . ". ... ", "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open($batch_file_path . ". ... . ", "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open($batch_file_path . ". ... . .", "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +proc_open($batch_file_path . ". .\\.. . .", "\"¬epad.exe", $descriptorspec, $pipes); + +?> +--EXPECTF-- +'"%sghsa-9fcc-425m-g385_001.bat."' is not recognized as an internal or external command, +operable program or batch file. +%sghsa-9fcc-425m-g385_001.bat +"¬epad.exe +%sghsa-9fcc-425m-g385_001.bat. +"¬epad.exe +%sghsa-9fcc-425m-g385_001.bat. ... +"¬epad.exe +%sghsa-9fcc-425m-g385_001.bat. ... . +"¬epad.exe +'"%sghsa-9fcc-425m-g385_001.bat. ... . ."' is not recognized as an internal or external command, +operable program or batch file. + +Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d +--CLEAN-- +<?php +@unlink(__DIR__ . '/ghsa-9fcc-425m-g385_001.bat'); +?>
View file
php-8.1.29.tar.xz/ext/standard/tests/general_functions/ghsa-9fcc-425m-g385_002.phpt
Added
@@ -0,0 +1,66 @@ +--TEST-- +GHSA-9fcc-425m-g385 - bypass CVE-2024-1874 - cmd.exe variation +--SKIPIF-- +<?php +if( substr(PHP_OS, 0, 3) != "WIN" ) + die('skip Run only on Windows'); +if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); +?> +--FILE-- +<?php + +$batch_file_content = <<<EOT +@echo off +powershell -Command "Write-Output '%0%'" +powershell -Command "Write-Output '%1%'" +EOT; +$batch_file_path = __DIR__ . '/ghsa-9fcc-425m-g385_002.bat'; + +file_put_contents($batch_file_path, $batch_file_content); + +$descriptorspec = STDIN, STDOUT, STDOUT; + +$proc = proc_open("cmd.exe", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open("cmd.exe ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open("cmd.exe. ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open("cmd.exe. ... ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open("\\cmd.exe. ... ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); + +$proc = proc_open("cmd", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open("cmd ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +proc_close($proc); +$proc = proc_open("cmd. ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +$proc = proc_open("cmd. ... ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); +$proc = proc_open("\\cmd. ... ", "/c", $batch_file_path, "\"¬epad.exe", $descriptorspec, $pipes); + +?> +--EXPECTF-- +%sghsa-9fcc-425m-g385_002.bat +"¬epad.exe +%sghsa-9fcc-425m-g385_002.bat +"¬epad.exe +%sghsa-9fcc-425m-g385_002.bat +"¬epad.exe +%sghsa-9fcc-425m-g385_002.bat +"¬epad.exe + +Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d +%sghsa-9fcc-425m-g385_002.bat +"¬epad.exe +%sghsa-9fcc-425m-g385_002.bat +"¬epad.exe + +Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d + +Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d + +Warning: proc_open(): CreateProcess failed, error code: 2 in %s on line %d +--CLEAN-- +<?php +@unlink(__DIR__ . '/ghsa-9fcc-425m-g385_002.bat'); +?>
View file
php-8.1.29.tar.xz/ext/standard/tests/general_functions/ghsa-9fcc-425m-g385_003.phpt
Added
@@ -0,0 +1,550 @@ +--TEST-- +GHSA-9fcc-425m-g385 - bypass CVE-2024-1874 - exhaustive suffix test +--SKIPIF-- +<?php +if( substr(PHP_OS, 0, 3) != "WIN" ) + die('skip Run only on Windows'); +?> +--FILE-- +<?php + +$batch_file_content = <<<EOT +@echo off +powershell -Command "Write-Output '%0%'" +powershell -Command "Write-Output '%1%'" +EOT; +$batch_file_path = __DIR__ . '/ghsa-9fcc-425m-g385_003.bat'; + +file_put_contents($batch_file_path, $batch_file_content); + +$descriptorspec = STDIN, STDOUT, STDOUT; + +for ($i = 1; $i <= 255; $i++) { + echo "Testing $i\n"; + try { + $proc = @proc_open($batch_file_path . chr($i), "\"¬epad.exe", $descriptorspec, $pipes, null, null, array("bypass_shell" => true)); + var_dump($proc); + proc_close($proc); + } catch (Error) {} +} + +?> +--EXPECTF-- +Testing 1 +bool(false) +Testing 2 +bool(false) +Testing 3 +bool(false) +Testing 4 +bool(false) +Testing 5 +bool(false) +Testing 6 +bool(false) +Testing 7 +bool(false) +Testing 8 +bool(false) +Testing 9 +bool(false) +Testing 10 +bool(false) +Testing 11 +bool(false) +Testing 12 +bool(false) +Testing 13 +bool(false) +Testing 14 +bool(false) +Testing 15 +bool(false) +Testing 16 +bool(false) +Testing 17 +bool(false) +Testing 18 +bool(false) +Testing 19 +bool(false) +Testing 20 +bool(false) +Testing 21 +bool(false) +Testing 22 +bool(false) +Testing 23 +bool(false) +Testing 24 +bool(false) +Testing 25 +bool(false) +Testing 26 +bool(false) +Testing 27 +bool(false) +Testing 28 +bool(false) +Testing 29 +bool(false) +Testing 30 +bool(false) +Testing 31 +bool(false) +Testing 32 +resource(%d) of type (process) +%s.bat +"¬epad.exe +Testing 33 +bool(false) +Testing 34 +bool(false) +Testing 35 +bool(false) +Testing 36 +bool(false) +Testing 37 +bool(false) +Testing 38 +bool(false) +Testing 39 +bool(false) +Testing 40 +bool(false) +Testing 41 +bool(false) +Testing 42 +bool(false) +Testing 43 +bool(false) +Testing 44 +bool(false) +Testing 45 +bool(false) +Testing 46 +resource(%d) of type (process) +'"%s.bat."' is not recognized as an internal or external command, +operable program or batch file. +Testing 47 +bool(false) +Testing 48 +bool(false) +Testing 49 +bool(false) +Testing 50 +bool(false) +Testing 51 +bool(false) +Testing 52 +bool(false) +Testing 53 +bool(false) +Testing 54 +bool(false) +Testing 55 +bool(false) +Testing 56 +bool(false) +Testing 57 +bool(false) +Testing 58 +bool(false) +Testing 59 +bool(false) +Testing 60 +bool(false) +Testing 61 +bool(false) +Testing 62 +bool(false) +Testing 63 +bool(false) +Testing 64 +bool(false) +Testing 65 +bool(false) +Testing 66 +bool(false) +Testing 67 +bool(false) +Testing 68 +bool(false) +Testing 69 +bool(false) +Testing 70 +bool(false) +Testing 71 +bool(false) +Testing 72 +bool(false) +Testing 73 +bool(false) +Testing 74 +bool(false) +Testing 75 +bool(false) +Testing 76 +bool(false) +Testing 77 +bool(false) +Testing 78 +bool(false) +Testing 79 +bool(false) +Testing 80 +bool(false) +Testing 81 +bool(false) +Testing 82
View file
php-8.1.28.tar.xz/main/php_version.h -> php-8.1.29.tar.xz/main/php_version.h
Changed
@@ -2,7 +2,7 @@ /* edit configure.ac to change version number */ #define PHP_MAJOR_VERSION 8 #define PHP_MINOR_VERSION 1 -#define PHP_RELEASE_VERSION 28 +#define PHP_RELEASE_VERSION 29 #define PHP_EXTRA_VERSION "" -#define PHP_VERSION "8.1.28" -#define PHP_VERSION_ID 80128 +#define PHP_VERSION "8.1.29" +#define PHP_VERSION_ID 80129
View file
php-8.1.28.tar.xz/sapi/cgi/cgi_main.c -> php-8.1.29.tar.xz/sapi/cgi/cgi_main.c
Changed
@@ -1798,8 +1798,13 @@ } } + /* Apache CGI will pass the query string to the command line if it doesn't contain a '='. + * This can create an issue where a malicious request can pass command line arguments to + * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode, + * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`. + * Therefore, this code only prevents passing arguments if the query string starts with a '-'. + * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */ if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) { - /* we've got query string that has no = - apache CGI will pass it to command line */ unsigned char *p; decoded_query_string = strdup(query_string); php_url_decode(decoded_query_string, strlen(decoded_query_string)); @@ -1809,6 +1814,22 @@ if(*p == '-') { skip_getopt = 1; } + + /* On Windows we have to take into account the "best fit" mapping behaviour. */ +#ifdef PHP_WIN32 + if (*p >= 0x80) { + wchar_t wide_buf1; + wide_buf0 = *p; + char char_buf4; + size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf0); + size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf0); + if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0 + || char_buf0 == '-') { + skip_getopt = 1; + } + } +#endif + free(decoded_query_string); }
View file
php-8.1.29.tar.xz/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
Added
@@ -0,0 +1,38 @@ +--TEST-- +GHSA-3qgc-jrrr-25jv +--SKIPIF-- +<?php +include 'skipif.inc'; +if (PHP_OS_FAMILY !== "Windows") die("skip Only for Windows"); + +$codepage = trim(shell_exec("powershell Get-ItemPropertyValue HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage ACP")); +if ($codepage !== '932' && $codepage !== '936' && $codepage !== '950') die("skip Wrong codepage"); +?> +--FILE-- +<?php +include 'include.inc'; + +$filename = __DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php"; +$script = '<?php echo "hello "; echo "world"; ?>'; +file_put_contents($filename, $script); + +$php = get_cgi_path(); +reset_env_vars(); + +putenv("SERVER_NAME=Test"); +putenv("SCRIPT_FILENAME=$filename"); +putenv("QUERY_STRING=%ads"); +putenv("REDIRECT_STATUS=1"); + +passthru("$php -s"); + +?> +--CLEAN-- +<?php +@unlink(__DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php"); +?> +--EXPECTF-- +X-Powered-By: PHP/%s +Content-type: %s + +hello world
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.