9 files changed, 2 insertions, 471 deletions
diff --git a/meta-oe/recipes-devtools/php/php/0001-acinclude.m4-skip-binconfig-check-for-libxml.patch b/meta-oe/recipes-devtools/php/php/0001-acinclude.m4-skip-binconfig-check-for-libxml.patch
deleted file mode 100644
index 15329261bf..0000000000
--- a/meta-oe/recipes-devtools/php/php/0001-acinclude.m4-skip-binconfig-check-for-libxml.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From a2d146b8dd9d02f523d1e205d79792626a71dec3 Mon Sep 17 00:00:00 2001
-From: Anuj Mittal <anuj.mittal@intel.com>
-Date: Mon, 2 Apr 2018 15:27:09 +0800
-Subject: [PATCH] acinclude.m4: skip binconfig check for libxml
-We want libxml flags to be picked up using pkg-config instead of the
-xml2-config file.
-Upstream-Status: Inappropriate [OE-specific]
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
- acinclude.m4 | 29 -----------------------------
- 1 file changed, 29 deletions(-)
-diff --git a/acinclude.m4 b/acinclude.m4
-index d42d708..d32766a 100644
--- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -2525,35 +2525,6 @@ dnl
- AC_DEFUN([PHP_SETUP_LIBXML], [
-   found_libxml=no
- 
-  dnl First try to find xml2-config
-  AC_CACHE_CHECK([for xml2-config path], ac_cv_php_xml2_config_path,
-  [
-    for i in $PHP_LIBXML_DIR /usr/local /usr; do
-      if test -x "$i/bin/xml2-config"; then
-        ac_cv_php_xml2_config_path="$i/bin/xml2-config"
-        break
-      fi
-    done
-  ])
-
-  if test -x "$ac_cv_php_xml2_config_path"; then
-    XML2_CONFIG="$ac_cv_php_xml2_config_path"
-    libxml_full_version=`$XML2_CONFIG --version`
-    ac_IFS=$IFS
-    IFS="."
-    set $libxml_full_version
-    IFS=$ac_IFS
-    LIBXML_VERSION=`expr [$]1 \* 1000000 + [$]2 \* 1000 + [$]3`
-    if test "$LIBXML_VERSION" -ge "2006011"; then
-      found_libxml=yes
-      LIBXML_LIBS=`$XML2_CONFIG --libs`
-      LIBXML_INCS=`$XML2_CONFIG --cflags`
-    else
-      AC_MSG_ERROR([libxml2 version 2.6.11 or greater required.])
-    fi
-  fi
-
-  dnl If xml2-config fails, try pkg-config
-   if test "$found_libxml" = "no"; then
-     if test -z "$PKG_CONFIG"; then
-       AC_PATH_PROG(PKG_CONFIG, pkg-config, no)
diff --git a/meta-oe/recipes-devtools/php/php/0001-main-php_ini.c-build-empty-php_load_zend_extension_c.patch b/meta-oe/recipes-devtools/php/php/0001-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
deleted file mode 100644
index fce9738f54..0000000000
--- a/meta-oe/recipes-devtools/php/php/0001-main-php_ini.c-build-empty-php_load_zend_extension_c.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 2842aa2a078eb1cad55540b61e7edf111395150d Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Mon, 26 Feb 2018 19:30:55 +0100
-Subject: [PATCH] main/php_ini.c: build empty php_load_zend_extension_cb() when
- !HAVE_LIBDL
-Commit 0782a7fc6314c8bd3cbfd57f12d0479bf9cc8dc7 ("Fixed bug #74866
-extension_dir = "./ext" now use current directory for base") modified
-the php_load_zend_extension_cb() function to use php_load_shlib(), and
-pass a handle to the newly introduced zend_load_extension_handle()
-function instead of passing the extension path to
-zend_load_extension().
-While doing so, it introduced a call to php_load_shlib() from code
-that is built even when HAVE_LIBDL is not defined. However,
-php_load_shlib() is not implemented when HAVE_LIBDL is not defined,
-for obvious reasons.
-It turns out that zend_load_extension_handle() anyway doesn't do
-anything when ZEND_EXTENSIONS_SUPPORT is defined to 0, and
-ZEND_EXTENSIONS_SUPPORT is not defined when HAVE_LIBDL is not defined
-(Zend/zend_portability.h).
-Fixes the following build failure when building on a system that
-doesn't have libdl:
-main/php_ini.o: In function `php_load_zend_extension_cb':
-php_ini.c:(.text+0x478): undefined reference to `php_load_shlib'
-php_ini.c:(.text+0x4b0): undefined reference to `php_load_shlib'
-collect2: error: ld returned 1 exit status
-Upstream-Status: Backport [http://git.php.net/?p=php-src.git;a=commit;h=2842aa2a078eb1cad55540b61e7edf111395150d]
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
- main/php_ini.c | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/main/php_ini.c b/main/php_ini.c
-index ba58eb1..fca263e 100644
--- a/main/php_ini.c
-+++ b/main/php_ini.c
-@@ -350,6 +350,7 @@ static void php_load_php_extension_cb(void *arg)
- 
- /* {{{ php_load_zend_extension_cb
-  */
-+#ifdef HAVE_LIBDL
- static void php_load_zend_extension_cb(void *arg)
- {
-        char *filename = *((char **) arg);
-@@ -409,6 +410,9 @@ static void php_load_zend_extension_cb(void *arg)
-                efree(libpath);
-        }
- }
-+#else
-+static void php_load_zend_extension_cb(void *arg) { }
-+#endif
- /* }}} */
- 
- /* {{{ php_init_config
-- 
-2.7.4
diff --git a/meta-oe/recipes-devtools/php/php/70_mod_php5.conf b/meta-oe/recipes-devtools/php/php/70_mod_php5.conf
deleted file mode 100644
index 1de6fb11ac..0000000000
--- a/meta-oe/recipes-devtools/php/php/70_mod_php5.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# vim: ft=apache sw=4 ts=4
-<IfDefine PHP5>
-        # Load the module first
-        <IfModule !sapi_apache2.c>
-                LoadModule php5_module    lib/apache2/modules/libphp5.so
-        </IfModule>
-        # Set it to handle the files
-        AddHandler php5-script .php .phtml .php3 .php4 .php5
-        AddType application/x-httpd-php-source .phps
-        DirectoryIndex index.html index.html.var index.php index.phtml
-</IfDefine>
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11045.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11045.patch
deleted file mode 100644
index 3b3c187a42..0000000000
--- a/meta-oe/recipes-devtools/php/php/CVE-2019-11045.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From a5a15965da23c8e97657278fc8dfbf1dfb20c016 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Mon, 25 Nov 2019 16:56:34 +0100
-Subject: [PATCH] Fix #78863: DirectoryIterator class silently truncates after
- a null byte
-Since the constructor of DirectoryIterator and friends is supposed to
-accepts paths (i.e. strings without NUL bytes), we must not accept
-arbitrary strings.
-Upstream-Status: Accepted
-CVE: CVE-2019-11045
-   
-Reference to upstream patch:
-http://git.php.net/?p=php-src.git;a=commit;h=a5a15965da23c8e97657278fc8dfbf1dfb20c016
-http://git.php.net/?p=php-src.git;a=commit;h=d74907b8575e6edb83b728c2a94df434c23e1f79
---
- ext/spl/spl_directory.c     |  4 ++--
- ext/spl/tests/bug78863.phpt | 31 +++++++++++++++++++++++++++++++
- 2 files changed, 33 insertions(+), 2 deletions(-)
- create mode 100644 ext/spl/tests/bug78863.phpt
-diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
-index 91ea2e0265..56e809b1c7 100644
--- a/ext/spl/spl_directory.c
-+++ b/ext/spl/spl_directory.c
-@@ -708,10 +708,10 @@ void spl_filesystem_object_construct(INTERNAL_FUNCTION_PARAMETERS, zend_long cto
- 
-        if (SPL_HAS_FLAG(ctor_flags, DIT_CTOR_FLAGS)) {
-                flags = SPL_FILE_DIR_KEY_AS_PATHNAME|SPL_FILE_DIR_CURRENT_AS_FILEINFO;
-               parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &path, &len, &flags);
-+               parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p|l", &path, &len, &flags);
-        } else {
-                flags = SPL_FILE_DIR_KEY_AS_PATHNAME|SPL_FILE_DIR_CURRENT_AS_SELF;
-               parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s", &path, &len);
-+               parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p", &path, &len);
-        }
-        if (SPL_HAS_FLAG(ctor_flags, SPL_FILE_DIR_SKIPDOTS)) {
-                flags |= SPL_FILE_DIR_SKIPDOTS;
-diff --git a/ext/spl/tests/bug78863.phpt b/ext/spl/tests/bug78863.phpt
-new file mode 100644
-index 0000000000..dc88d98dee
--- /dev/null
-+++ b/ext/spl/tests/bug78863.phpt
-@@ -0,0 +1,31 @@
-+--TEST--
-+Bug #78863 (DirectoryIterator class silently truncates after a null byte)
-+--FILE--
-+<?php
-+$dir = __DIR__ . '/bug78863';
-+mkdir($dir);
-+touch("$dir/bad");
-+mkdir("$dir/sub");
-+touch("$dir/sub/good");
-+
-+$it = new DirectoryIterator(__DIR__ . "/bug78863\0/sub");
-+foreach ($it as $fileinfo) {
-+    if (!$fileinfo->isDot()) {
-+        var_dump($fileinfo->getFilename());
-+    }
-+}
-+?>
-+--EXPECTF--
-+Fatal error: Uncaught UnexpectedValueException: DirectoryIterator::__construct() expects parameter 1 to be a valid path, string given in %s:%d
-+Stack trace:
-+#0 %s(%d): DirectoryIterator->__construct('%s')
-+#1 {main}
-+  thrown in %s on line %d
-+--CLEAN--
-+<?php
-+$dir = __DIR__ . '/bug78863';
-+unlink("$dir/sub/good");
-+rmdir("$dir/sub");
-+unlink("$dir/bad");
-+rmdir($dir);
-+?>
-- 
-2.11.0
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11046.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11046.patch
deleted file mode 100644
index 711b8525a4..0000000000
--- a/meta-oe/recipes-devtools/php/php/CVE-2019-11046.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 2d07f00b73d8f94099850e0f5983e1cc5817c196 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Sat, 30 Nov 2019 12:26:37 +0100
-Subject: [PATCH] Fix #78878: Buffer underflow in bc_shift_addsub
-We must not rely on `isdigit()` to detect digits, since we only support
-decimal ASCII digits in the following processing.
-(cherry picked from commit eb23c6008753b1cdc5359dead3a096dce46c9018)
-Upstream-Status: Accepted
-CVE: CVE-2019-11046
-   
-Reference to upstream patch:
-http://git.php.net/?p=php-src.git;a=commit;h=eb23c6008753b1cdc5359dead3a096dce46c9018
-http://git.php.net/?p=php-src.git;a=commit;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
---
- ext/bcmath/libbcmath/src/str2num.c |  4 ++--
- ext/bcmath/tests/bug78878.phpt     | 13 +++++++++++++
- 2 files changed, 15 insertions(+), 2 deletions(-)
- create mode 100644 ext/bcmath/tests/bug78878.phpt
-diff --git a/ext/bcmath/libbcmath/src/str2num.c b/ext/bcmath/libbcmath/src/str2num.c
-index f38d341570..03aec15930 100644
--- a/ext/bcmath/libbcmath/src/str2num.c
-+++ b/ext/bcmath/libbcmath/src/str2num.c
-@@ -57,9 +57,9 @@ bc_str2num (bc_num *num, char *str, int scale)
-   zero_int = FALSE;
-   if ( (*ptr == '+') || (*ptr == '-'))  ptr++;  /* Sign */
-   while (*ptr == '0') ptr++;                   /* Skip leading zeros. */
-  while (isdigit((int)*ptr)) ptr++, digits++;  /* digits */
-+  while (*ptr >= '0' && *ptr <= '9') ptr++, digits++;  /* digits */
-   if (*ptr == '.') ptr++;                      /* decimal point */
-  while (isdigit((int)*ptr)) ptr++, strscale++;        /* digits */
-+  while (*ptr >= '0' && *ptr <= '9') ptr++, strscale++;        /* digits */
-   if ((*ptr != '\0') || (digits+strscale == 0))
-     {
-       *num = bc_copy_num (BCG(_zero_));
-diff --git a/ext/bcmath/tests/bug78878.phpt b/ext/bcmath/tests/bug78878.phpt
-new file mode 100644
-index 0000000000..2c9d72b946
--- /dev/null
-+++ b/ext/bcmath/tests/bug78878.phpt
-@@ -0,0 +1,13 @@
-+--TEST--
-+Bug #78878 (Buffer underflow in bc_shift_addsub)
-+--SKIPIF--
-+<?php
-+if (!extension_loaded('bcmath')) die('skip bcmath extension not available');
-+?>
-+--FILE--
-+<?php
-+print @bcmul("\xB26483605105519922841849335928742092", bcpowmod(2, 65535, -4e-4));
-+?>
-+--EXPECT--
-+bc math warning: non-zero scale in modulus
-+0
-- 
-2.11.0
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11047.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11047.patch
deleted file mode 100644
index e2922bf8f3..0000000000
--- a/meta-oe/recipes-devtools/php/php/CVE-2019-11047.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From d348cfb96f2543565691010ade5e0346338be5a7 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <stas@php.net>
-Date: Mon, 16 Dec 2019 00:10:39 -0800
-Subject: [PATCH] Fixed bug #78910
-Upstream-Status: Accepted
-CVE-2019-11047
-   
-Reference to upstream patch:
-http://git.php.net/?p=php-src.git;a=commit;h=d348cfb96f2543565691010ade5e0346338be5a7
-http://git.php.net/?p=php-src.git;a=commit;h=57325460d2bdee01a13d8e6cf03345c90543ff4f
---
- ext/exif/exif.c              |  3 ++-
- ext/exif/tests/bug78910.phpt | 17 +++++++++++++++++
- 2 files changed, 19 insertions(+), 1 deletion(-)
- create mode 100644 ext/exif/tests/bug78910.phpt
-diff --git a/ext/exif/exif.c b/ext/exif/exif.c
-index 2804807e..a5780113 100644
--- a/ext/exif/exif.c
-+++ b/ext/exif/exif.c
-@@ -3138,7 +3138,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
-                /*exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "check (%s)", maker_note->make?maker_note->make:"");*/
-                if (maker_note->make && (!ImageInfo->make || strcmp(maker_note->make, ImageInfo->make)))
-                        continue;
-               if (maker_note->id_string && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
-+               if (maker_note->id_string && value_len >= maker_note->id_string_len
-+                               && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
-                        continue;
-                break;
-        }
-diff --git a/ext/exif/tests/bug78910.phpt b/ext/exif/tests/bug78910.phpt
-new file mode 100644
-index 00000000..f5b1c32c
--- /dev/null
-+++ b/ext/exif/tests/bug78910.phpt
-@@ -0,0 +1,17 @@
-+--TEST--
-+Bug #78910: Heap-buffer-overflow READ in exif (OSS-Fuzz #19044)
-+--FILE--
-+<?php
-+
-+var_dump(exif_read_data('data:image/jpg;base64,TU0AKgAAAAwgICAgAAIBDwAEAAAAAgAAACKSfCAgAAAAAEZVSklGSUxN'));
-+
-+?>
-+--EXPECTF--
-+Notice: exif_read_data(): Read from TIFF: tag(0x927C, MakerNote  ): Illegal format code 0x2020, switching to BYTE in %s on line %d
-+
-+Warning: exif_read_data(): Process tag(x927C=MakerNote  ): Illegal format code 0x2020, suppose BYTE in %s on line %d
-+
-+Warning: exif_read_data(): IFD data too short: 0x0000 offset 0x000C in %s on line %d
-+
-+Warning: exif_read_data(): Invalid TIFF file in %s on line %d
-+bool(false)
-- 
-2.17.1
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11050.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11050.patch
deleted file mode 100644
index 700b99bd93..0000000000
--- a/meta-oe/recipes-devtools/php/php/CVE-2019-11050.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From c14eb8de974fc8a4d74f3515424c293bc7a40fba Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <stas@php.net>
-Date: Mon, 16 Dec 2019 01:14:38 -0800
-Subject: [PATCH] Fix bug #78793
-Upstream-Status: Accepted
-CVE-2019-11050
-   
-Reference to upstream patch:
-http://git.php.net/?p=php-src.git;a=commit;h=c14eb8de974fc8a4d74f3515424c293bc7a40fba
-http://git.php.net/?p=php-src.git;a=commit;h=1b3b4a0d367b6f0b67e9f73d82f53db6c6b722b2
---
- ext/exif/exif.c              |  5 +++--
- ext/exif/tests/bug78793.phpt | 12 ++++++++++++
- 2 files changed, 15 insertions(+), 2 deletions(-)
- create mode 100644 ext/exif/tests/bug78793.phpt
-diff --git a/ext/exif/exif.c b/ext/exif/exif.c
-index c0be05922f..7fe055f381 100644
--- a/ext/exif/exif.c
-+++ b/ext/exif/exif.c
-@@ -3240,8 +3240,9 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
-        }
- 
-        for (de=0;de<NumDirEntries;de++) {
-               if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,
-                                                                 offset_base, data_len, displacement, section_index, 0, maker_note->tag_table)) {
-+               size_t offset = 2 + 12 * de;
-+               if (!exif_process_IFD_TAG(ImageInfo, dir_start + offset,
-+                                                                 offset_base, data_len - offset, displacement, section_index, 0, maker_note->tag_table)) {
-                        return FALSE;
-                }
-        }
-diff --git a/ext/exif/tests/bug78793.phpt b/ext/exif/tests/bug78793.phpt
-new file mode 100644
-index 0000000000..033f255ace
--- /dev/null
-+++ b/ext/exif/tests/bug78793.phpt
-@@ -0,0 +1,12 @@
-+--TEST--
-+Bug #78793: Use-after-free in exif parsing under memory sanitizer
-+--FILE--
-+<?php
-+$f = "ext/exif/tests/bug77950.tiff";
-+for ($i = 0; $i < 10; $i++) {
-+    @exif_read_data($f);
-+}
-+?>
-+===DONE===
-+--EXPECT--
-+===DONE===
-- 
-2.11.0
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch b/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch
deleted file mode 100644
index f7d3ab6b66..0000000000
--- a/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 1adaab3aa81fa9b48e351b5644d9fee70f2fe73f Mon Sep 17 00:00:00 2001
-From: Li Zhou <li.zhou@windriver.com>
-Date: Thu, 20 Feb 2020 02:05:52 -0800
-Subject: [PATCH] Fix #79099: OOB read in php_strip_tags_ex
-Upstream-Status: Backport
-CVE: CVE-2020-7059
-Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
- ext/standard/string.c                 |  6 +++---
- ext/standard/tests/file/bug79099.phpt | 32 ++++++++++++++++++++++++++++++++
- 2 files changed, 35 insertions(+), 3 deletions(-)
- create mode 100644 ext/standard/tests/file/bug79099.phpt
-diff --git a/ext/standard/string.c b/ext/standard/string.c
-index dde97fa..2213d8d 100644
--- a/ext/standard/string.c
-+++ b/ext/standard/string.c
-@@ -5163,7 +5163,7 @@ state_1:
-                        }
- 
-                        lc = '>';
-                       if (is_xml && *(p -1) == '-') {
-+                       if (is_xml && p >= buf + 1 && *(p -1) == '-') {
-                                break;
-                        }
-                        in_q = state = is_xml = 0;
-@@ -5195,7 +5195,7 @@ state_1:
-                        goto reg_char_1;
-                case '!':
-                        /* JavaScript & Other HTML scripting languages */
-                       if (*(p-1) == '<') {
-+                       if (p >= buf + 1 && *(p-1) == '<') {
-                                state = 3;
-                                lc = c;
-                                p++;
-@@ -5205,7 +5205,7 @@ state_1:
-                        }
-                        break;
-                case '?':
-                       if (*(p-1) == '<') {
-+                       if (p >= buf + 1 && *(p-1) == '<') {
-                                br=0;
-                                state = 2;
-                                p++;
-diff --git a/ext/standard/tests/file/bug79099.phpt b/ext/standard/tests/file/bug79099.phpt
-new file mode 100644
-index 0000000..a1f2a33
--- /dev/null
-+++ b/ext/standard/tests/file/bug79099.phpt
-@@ -0,0 +1,32 @@
-+--TEST--
-+Bug #79099 (OOB read in php_strip_tags_ex)
-+--FILE--
-+<?php
-+$stream = fopen('php://memory', 'w+');
-+fputs($stream, "<?\n\"\n");
-+rewind($stream);
-+var_dump(@fgetss($stream));
-+var_dump(@fgetss($stream));
-+fclose($stream);
-+
-+$stream = fopen('php://memory', 'w+');
-+fputs($stream, "<\0\n!\n");
-+rewind($stream);
-+var_dump(@fgetss($stream));
-+var_dump(@fgetss($stream));
-+fclose($stream);
-+
-+$stream = fopen('php://memory', 'w+');
-+fputs($stream, "<\0\n?\n");
-+rewind($stream);
-+var_dump(@fgetss($stream));
-+var_dump(@fgetss($stream));
-+fclose($stream);
-+?>
-+--EXPECT--
-+string(0) ""
-+string(0) ""
-+string(0) ""
-+string(0) ""
-+string(0) ""
-+string(0) ""
-- 
-1.9.1
diff --git a/meta-oe/recipes-devtools/php/php_7.3.11.bb b/meta-oe/recipes-devtools/php/php_7.3.16.bb
index 880ac839b2..050916bb36 100644
--- a/meta-oe/recipes-devtools/php/php_7.3.11.bb
+++ b/meta-oe/recipes-devtools/php/php_7.3.16.bb
@@ -18,11 +18,6 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
           file://0001-Use-pkg-config-for-libxml2-detection.patch \
           file://debian-php-fixheader.patch \
           file://CVE-2019-6978.patch \
-           file://CVE-2020-7059.patch \
-           file://CVE-2019-11045.patch \
-           file://CVE-2019-11046.patch \
-           file://CVE-2019-11047.patch \
-           file://CVE-2019-11050.patch \
          "
 SRC_URI_append_class-target = " \
@@ -39,8 +34,8 @@ SRC_URI_append_class-target = " \
            file://xfail_two_bug_tests.patch \
          "
 S = "${WORKDIR}/php-${PV}"
-SRC_URI[md5sum] = "21b710b4126d4d54714de9693a6c7b0d"
+SRC_URI[md5sum] = "fc72fa1c2a6da38a5a7f8797eaa08c58"
-SRC_URI[sha256sum] = "92d1ff4b13c7093635f1ec338a5e6891ca99b10e65fbcadd527e5bb84d11b5e7"
+SRC_URI[sha256sum] = "b8072d526a283182963b03960b7982392daa43cb31131eca4cf0b996764a042e"
 inherit autotools pkgconfig python3native gettext

diff --git a/meta-oe/recipes-devtools/php/php/0001-acinclude.m4-skip-binconfig-check-for-libxml.patch b/meta-oe/recipes-devtools/php/php/0001-acinclude.m4-skip-binconfig-check-for-libxml.patch deleted file mode 100644 index 15329261bf..0000000000 --- a/meta-oe/recipes-devtools/php/php/0001-acinclude.m4-skip-binconfig-check-for-libxml.patch +++ /dev/null
@@ -1,56 +0,0 @@
1	From a2d146b8dd9d02f523d1e205d79792626a71dec3 Mon Sep 17 00:00:00 2001
2	From: Anuj Mittal <anuj.mittal@intel.com>
3	Date: Mon, 2 Apr 2018 15:27:09 +0800
4	Subject: [PATCH] acinclude.m4: skip binconfig check for libxml
5
6	We want libxml flags to be picked up using pkg-config instead of the
7	xml2-config file.
8
9	Upstream-Status: Inappropriate [OE-specific]
10
11	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
12
13	---
14	acinclude.m4 \| 29 -----------------------------
15	1 file changed, 29 deletions(-)
16
17	diff --git a/acinclude.m4 b/acinclude.m4
18	index d42d708..d32766a 100644
19	--- a/acinclude.m4
20	+++ b/acinclude.m4
21	@@ -2525,35 +2525,6 @@ dnl
22	AC_DEFUN([PHP_SETUP_LIBXML], [
23	found_libxml=no
24
25	- dnl First try to find xml2-config
26	- AC_CACHE_CHECK([for xml2-config path], ac_cv_php_xml2_config_path,
27	- [
28	- for i in $PHP_LIBXML_DIR /usr/local /usr; do
29	- if test -x "$i/bin/xml2-config"; then
30	- ac_cv_php_xml2_config_path="$i/bin/xml2-config"
31	- break
32	- fi
33	- done
34	- ])
35	-
36	- if test -x "$ac_cv_php_xml2_config_path"; then
37	- XML2_CONFIG="$ac_cv_php_xml2_config_path"
38	- libxml_full_version=`$XML2_CONFIG --version`
39	- ac_IFS=$IFS
40	- IFS="."
41	- set $libxml_full_version
42	- IFS=$ac_IFS
43	- LIBXML_VERSION=`expr [$]1 \* 1000000 + [$]2 \* 1000 + [$]3`
44	- if test "$LIBXML_VERSION" -ge "2006011"; then
45	- found_libxml=yes
46	- LIBXML_LIBS=`$XML2_CONFIG --libs`
47	- LIBXML_INCS=`$XML2_CONFIG --cflags`
48	- else
49	- AC_MSG_ERROR([libxml2 version 2.6.11 or greater required.])
50	- fi
51	- fi
52	-
53	- dnl If xml2-config fails, try pkg-config
54	if test "$found_libxml" = "no"; then
55	if test -z "$PKG_CONFIG"; then
56	AC_PATH_PROG(PKG_CONFIG, pkg-config, no)


diff --git a/meta-oe/recipes-devtools/php/php/0001-main-php_ini.c-build-empty-php_load_zend_extension_c.patch b/meta-oe/recipes-devtools/php/php/0001-main-php_ini.c-build-empty-php_load_zend_extension_c.patch deleted file mode 100644 index fce9738f54..0000000000 --- a/meta-oe/recipes-devtools/php/php/0001-main-php_ini.c-build-empty-php_load_zend_extension_c.patch +++ /dev/null
@@ -1,63 +0,0 @@
1	From 2842aa2a078eb1cad55540b61e7edf111395150d Mon Sep 17 00:00:00 2001
2	From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
3	Date: Mon, 26 Feb 2018 19:30:55 +0100
4	Subject: [PATCH] main/php_ini.c: build empty php_load_zend_extension_cb() when
5	!HAVE_LIBDL
6
7	Commit 0782a7fc6314c8bd3cbfd57f12d0479bf9cc8dc7 ("Fixed bug #74866
8	extension_dir = "./ext" now use current directory for base") modified
9	the php_load_zend_extension_cb() function to use php_load_shlib(), and
10	pass a handle to the newly introduced zend_load_extension_handle()
11	function instead of passing the extension path to
12	zend_load_extension().
13
14	While doing so, it introduced a call to php_load_shlib() from code
15	that is built even when HAVE_LIBDL is not defined. However,
16	php_load_shlib() is not implemented when HAVE_LIBDL is not defined,
17	for obvious reasons.
18
19	It turns out that zend_load_extension_handle() anyway doesn't do
20	anything when ZEND_EXTENSIONS_SUPPORT is defined to 0, and
21	ZEND_EXTENSIONS_SUPPORT is not defined when HAVE_LIBDL is not defined
22	(Zend/zend_portability.h).
23
24	Fixes the following build failure when building on a system that
25	doesn't have libdl:
26
27	main/php_ini.o: In function `php_load_zend_extension_cb':
28	php_ini.c:(.text+0x478): undefined reference to `php_load_shlib'
29	php_ini.c:(.text+0x4b0): undefined reference to `php_load_shlib'
30	collect2: error: ld returned 1 exit status
31
32	Upstream-Status: Backport [http://git.php.net/?p=php-src.git;a=commit;h=2842aa2a078eb1cad55540b61e7edf111395150d]
33	Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
34	Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
35	---
36	main/php_ini.c \| 4 ++++
37	1 file changed, 4 insertions(+)
38
39	diff --git a/main/php_ini.c b/main/php_ini.c
40	index ba58eb1..fca263e 100644
41	--- a/main/php_ini.c
42	+++ b/main/php_ini.c
43	@@ -350,6 +350,7 @@ static void php_load_php_extension_cb(void *arg)
44
45	/* {{{ php_load_zend_extension_cb
46	*/
47	+#ifdef HAVE_LIBDL
48	static void php_load_zend_extension_cb(void *arg)
49	{
50	char filename = ((char **) arg);
51	@@ -409,6 +410,9 @@ static void php_load_zend_extension_cb(void *arg)
52	efree(libpath);
53	}
54	}
55	+#else
56	+static void php_load_zend_extension_cb(void *arg) { }
57	+#endif
58	/* }}} */
59
60	/* {{{ php_init_config
61	--
62	2.7.4
63


diff --git a/meta-oe/recipes-devtools/php/php/70_mod_php5.conf b/meta-oe/recipes-devtools/php/php/70_mod_php5.conf deleted file mode 100644 index 1de6fb11ac..0000000000 --- a/meta-oe/recipes-devtools/php/php/70_mod_php5.conf +++ /dev/null
@@ -1,12 +0,0 @@
1	# vim: ft=apache sw=4 ts=4
2	<IfDefine PHP5>
3	# Load the module first
4	<IfModule !sapi_apache2.c>
5	LoadModule php5_module lib/apache2/modules/libphp5.so
6	</IfModule>
7
8	# Set it to handle the files
9	AddHandler php5-script .php .phtml .php3 .php4 .php5
10	AddType application/x-httpd-php-source .phps
11	DirectoryIndex index.html index.html.var index.php index.phtml
12	</IfDefine>


diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11045.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11045.patch deleted file mode 100644 index 3b3c187a42..0000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2019-11045.patch +++ /dev/null
@@ -1,78 +0,0 @@
1	From a5a15965da23c8e97657278fc8dfbf1dfb20c016 Mon Sep 17 00:00:00 2001
2	From: "Christoph M. Becker" <cmbecker69@gmx.de>
3	Date: Mon, 25 Nov 2019 16:56:34 +0100
4	Subject: [PATCH] Fix #78863: DirectoryIterator class silently truncates after
5	a null byte
6
7	Since the constructor of DirectoryIterator and friends is supposed to
8	accepts paths (i.e. strings without NUL bytes), we must not accept
9	arbitrary strings.
10
11	Upstream-Status: Accepted
12	CVE: CVE-2019-11045
13
14	Reference to upstream patch:
15	http://git.php.net/?p=php-src.git;a=commit;h=a5a15965da23c8e97657278fc8dfbf1dfb20c016
16	http://git.php.net/?p=php-src.git;a=commit;h=d74907b8575e6edb83b728c2a94df434c23e1f79
17	---
18	ext/spl/spl_directory.c \| 4 ++--
19	ext/spl/tests/bug78863.phpt \| 31 +++++++++++++++++++++++++++++++
20	2 files changed, 33 insertions(+), 2 deletions(-)
21	create mode 100644 ext/spl/tests/bug78863.phpt
22
23	diff --git a/ext/spl/spl_directory.c b/ext/spl/spl_directory.c
24	index 91ea2e0265..56e809b1c7 100644
25	--- a/ext/spl/spl_directory.c
26	+++ b/ext/spl/spl_directory.c
27	@@ -708,10 +708,10 @@ void spl_filesystem_object_construct(INTERNAL_FUNCTION_PARAMETERS, zend_long cto
28
29	if (SPL_HAS_FLAG(ctor_flags, DIT_CTOR_FLAGS)) {
30	flags = SPL_FILE_DIR_KEY_AS_PATHNAME\|SPL_FILE_DIR_CURRENT_AS_FILEINFO;
31	- parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s\|l", &path, &len, &flags);
32	+ parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p\|l", &path, &len, &flags);
33	} else {
34	flags = SPL_FILE_DIR_KEY_AS_PATHNAME\|SPL_FILE_DIR_CURRENT_AS_SELF;
35	- parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "s", &path, &len);
36	+ parsed = zend_parse_parameters(ZEND_NUM_ARGS(), "p", &path, &len);
37	}
38	if (SPL_HAS_FLAG(ctor_flags, SPL_FILE_DIR_SKIPDOTS)) {
39	flags \|= SPL_FILE_DIR_SKIPDOTS;
40	diff --git a/ext/spl/tests/bug78863.phpt b/ext/spl/tests/bug78863.phpt
41	new file mode 100644
42	index 0000000000..dc88d98dee
43	--- /dev/null
44	+++ b/ext/spl/tests/bug78863.phpt
45	@@ -0,0 +1,31 @@
46	+--TEST--
47	+Bug #78863 (DirectoryIterator class silently truncates after a null byte)
48	+--FILE--
49	+<?php
50	+$dir = __DIR__ . '/bug78863';
51	+mkdir($dir);
52	+touch("$dir/bad");
53	+mkdir("$dir/sub");
54	+touch("$dir/sub/good");
55	+
56	+$it = new DirectoryIterator(__DIR__ . "/bug78863\0/sub");
57	+foreach ($it as $fileinfo) {
58	+ if (!$fileinfo->isDot()) {
59	+ var_dump($fileinfo->getFilename());
60	+ }
61	+}
62	+?>
63	+--EXPECTF--
64	+Fatal error: Uncaught UnexpectedValueException: DirectoryIterator::__construct() expects parameter 1 to be a valid path, string given in %s:%d
65	+Stack trace:
66	+#0 %s(%d): DirectoryIterator->__construct('%s')
67	+#1 {main}
68	+ thrown in %s on line %d
69	+--CLEAN--
70	+<?php
71	+$dir = __DIR__ . '/bug78863';
72	+unlink("$dir/sub/good");
73	+rmdir("$dir/sub");
74	+unlink("$dir/bad");
75	+rmdir($dir);
76	+?>
77	--
78	2.11.0


diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11046.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11046.patch deleted file mode 100644 index 711b8525a4..0000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2019-11046.patch +++ /dev/null
@@ -1,59 +0,0 @@
1	From 2d07f00b73d8f94099850e0f5983e1cc5817c196 Mon Sep 17 00:00:00 2001
2	From: "Christoph M. Becker" <cmbecker69@gmx.de>
3	Date: Sat, 30 Nov 2019 12:26:37 +0100
4	Subject: [PATCH] Fix #78878: Buffer underflow in bc_shift_addsub
5
6	We must not rely on `isdigit()` to detect digits, since we only support
7	decimal ASCII digits in the following processing.
8
9	(cherry picked from commit eb23c6008753b1cdc5359dead3a096dce46c9018)
10
11	Upstream-Status: Accepted
12	CVE: CVE-2019-11046
13
14	Reference to upstream patch:
15	http://git.php.net/?p=php-src.git;a=commit;h=eb23c6008753b1cdc5359dead3a096dce46c9018
16	http://git.php.net/?p=php-src.git;a=commit;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
17	---
18	ext/bcmath/libbcmath/src/str2num.c \| 4 ++--
19	ext/bcmath/tests/bug78878.phpt \| 13 +++++++++++++
20	2 files changed, 15 insertions(+), 2 deletions(-)
21	create mode 100644 ext/bcmath/tests/bug78878.phpt
22
23	diff --git a/ext/bcmath/libbcmath/src/str2num.c b/ext/bcmath/libbcmath/src/str2num.c
24	index f38d341570..03aec15930 100644
25	--- a/ext/bcmath/libbcmath/src/str2num.c
26	+++ b/ext/bcmath/libbcmath/src/str2num.c
27	@@ -57,9 +57,9 @@ bc_str2num (bc_num num, char str, int scale)
28	zero_int = FALSE;
29	if ( (ptr == '+') \|\| (ptr == '-')) ptr++; /* Sign */
30	while (ptr == '0') ptr++; / Skip leading zeros. */
31	- while (isdigit((int)ptr)) ptr++, digits++; / digits */
32	+ while (ptr >= '0' && ptr <= '9') ptr++, digits++; /* digits */
33	if (ptr == '.') ptr++; / decimal point */
34	- while (isdigit((int)ptr)) ptr++, strscale++; / digits */
35	+ while (ptr >= '0' && ptr <= '9') ptr++, strscale++; /* digits */
36	if ((*ptr != '\0') \|\| (digits+strscale == 0))
37	{
38	*num = bc_copy_num (BCG(_zero_));
39	diff --git a/ext/bcmath/tests/bug78878.phpt b/ext/bcmath/tests/bug78878.phpt
40	new file mode 100644
41	index 0000000000..2c9d72b946
42	--- /dev/null
43	+++ b/ext/bcmath/tests/bug78878.phpt
44	@@ -0,0 +1,13 @@
45	+--TEST--
46	+Bug #78878 (Buffer underflow in bc_shift_addsub)
47	+--SKIPIF--
48	+<?php
49	+if (!extension_loaded('bcmath')) die('skip bcmath extension not available');
50	+?>
51	+--FILE--
52	+<?php
53	+print @bcmul("\xB26483605105519922841849335928742092", bcpowmod(2, 65535, -4e-4));
54	+?>
55	+--EXPECT--
56	+bc math warning: non-zero scale in modulus
57	+0
58	--
59	2.11.0


diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11047.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11047.patch deleted file mode 100644 index e2922bf8f3..0000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2019-11047.patch +++ /dev/null
@@ -1,57 +0,0 @@
1	From d348cfb96f2543565691010ade5e0346338be5a7 Mon Sep 17 00:00:00 2001
2	From: Stanislav Malyshev <stas@php.net>
3	Date: Mon, 16 Dec 2019 00:10:39 -0800
4	Subject: [PATCH] Fixed bug #78910
5
6	Upstream-Status: Accepted
7	CVE-2019-11047
8
9	Reference to upstream patch:
10	http://git.php.net/?p=php-src.git;a=commit;h=d348cfb96f2543565691010ade5e0346338be5a7
11	http://git.php.net/?p=php-src.git;a=commit;h=57325460d2bdee01a13d8e6cf03345c90543ff4f
12	---
13	ext/exif/exif.c \| 3 ++-
14	ext/exif/tests/bug78910.phpt \| 17 +++++++++++++++++
15	2 files changed, 19 insertions(+), 1 deletion(-)
16	create mode 100644 ext/exif/tests/bug78910.phpt
17
18	diff --git a/ext/exif/exif.c b/ext/exif/exif.c
19	index 2804807e..a5780113 100644
20	--- a/ext/exif/exif.c
21	+++ b/ext/exif/exif.c
22	@@ -3138,7 +3138,8 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type ImageInfo, char valu
23	/exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "check (%s)", maker_note->make?maker_note->make:"");/
24	if (maker_note->make && (!ImageInfo->make \|\| strcmp(maker_note->make, ImageInfo->make)))
25	continue;
26	- if (maker_note->id_string && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
27	+ if (maker_note->id_string && value_len >= maker_note->id_string_len
28	+ && strncmp(maker_note->id_string, value_ptr, maker_note->id_string_len))
29	continue;
30	break;
31	}
32	diff --git a/ext/exif/tests/bug78910.phpt b/ext/exif/tests/bug78910.phpt
33	new file mode 100644
34	index 00000000..f5b1c32c
35	--- /dev/null
36	+++ b/ext/exif/tests/bug78910.phpt
37	@@ -0,0 +1,17 @@
38	+--TEST--
39	+Bug #78910: Heap-buffer-overflow READ in exif (OSS-Fuzz #19044)
40	+--FILE--
41	+<?php
42	+
43	+var_dump(exif_read_data('data:image/jpg;base64,TU0AKgAAAAwgICAgAAIBDwAEAAAAAgAAACKSfCAgAAAAAEZVSklGSUxN'));
44	+
45	+?>
46	+--EXPECTF--
47	+Notice: exif_read_data(): Read from TIFF: tag(0x927C, MakerNote ): Illegal format code 0x2020, switching to BYTE in %s on line %d
48	+
49	+Warning: exif_read_data(): Process tag(x927C=MakerNote ): Illegal format code 0x2020, suppose BYTE in %s on line %d
50	+
51	+Warning: exif_read_data(): IFD data too short: 0x0000 offset 0x000C in %s on line %d
52	+
53	+Warning: exif_read_data(): Invalid TIFF file in %s on line %d
54	+bool(false)
55	--
56	2.17.1
57


diff --git a/meta-oe/recipes-devtools/php/php/CVE-2019-11050.patch b/meta-oe/recipes-devtools/php/php/CVE-2019-11050.patch deleted file mode 100644 index 700b99bd93..0000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2019-11050.patch +++ /dev/null
@@ -1,53 +0,0 @@
1	From c14eb8de974fc8a4d74f3515424c293bc7a40fba Mon Sep 17 00:00:00 2001
2	From: Stanislav Malyshev <stas@php.net>
3	Date: Mon, 16 Dec 2019 01:14:38 -0800
4	Subject: [PATCH] Fix bug #78793
5
6	Upstream-Status: Accepted
7	CVE-2019-11050
8
9	Reference to upstream patch:
10	http://git.php.net/?p=php-src.git;a=commit;h=c14eb8de974fc8a4d74f3515424c293bc7a40fba
11	http://git.php.net/?p=php-src.git;a=commit;h=1b3b4a0d367b6f0b67e9f73d82f53db6c6b722b2
12	---
13	ext/exif/exif.c \| 5 +++--
14	ext/exif/tests/bug78793.phpt \| 12 ++++++++++++
15	2 files changed, 15 insertions(+), 2 deletions(-)
16	create mode 100644 ext/exif/tests/bug78793.phpt
17
18	diff --git a/ext/exif/exif.c b/ext/exif/exif.c
19	index c0be05922f..7fe055f381 100644
20	--- a/ext/exif/exif.c
21	+++ b/ext/exif/exif.c
22	@@ -3240,8 +3240,9 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type ImageInfo, char valu
23	}
24
25	for (de=0;de<NumDirEntries;de++) {
26	- if (!exif_process_IFD_TAG(ImageInfo, dir_start + 2 + 12 * de,
27	- offset_base, data_len, displacement, section_index, 0, maker_note->tag_table)) {
28	+ size_t offset = 2 + 12 * de;
29	+ if (!exif_process_IFD_TAG(ImageInfo, dir_start + offset,
30	+ offset_base, data_len - offset, displacement, section_index, 0, maker_note->tag_table)) {
31	return FALSE;
32	}
33	}
34	diff --git a/ext/exif/tests/bug78793.phpt b/ext/exif/tests/bug78793.phpt
35	new file mode 100644
36	index 0000000000..033f255ace
37	--- /dev/null
38	+++ b/ext/exif/tests/bug78793.phpt
39	@@ -0,0 +1,12 @@
40	+--TEST--
41	+Bug #78793: Use-after-free in exif parsing under memory sanitizer
42	+--FILE--
43	+<?php
44	+$f = "ext/exif/tests/bug77950.tiff";
45	+for ($i = 0; $i < 10; $i++) {
46	+ @exif_read_data($f);
47	+}
48	+?>
49	+===DONE===
50	+--EXPECT--
51	+===DONE===
52	--
53	2.11.0


diff --git a/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch b/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch deleted file mode 100644 index f7d3ab6b66..0000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2020-7059.patch +++ /dev/null
@@ -1,86 +0,0 @@
1	From 1adaab3aa81fa9b48e351b5644d9fee70f2fe73f Mon Sep 17 00:00:00 2001
2	From: Li Zhou <li.zhou@windriver.com>
3	Date: Thu, 20 Feb 2020 02:05:52 -0800
4	Subject: [PATCH] Fix #79099: OOB read in php_strip_tags_ex
5
6	Upstream-Status: Backport
7	CVE: CVE-2020-7059
8	Signed-off-by: Li Zhou <li.zhou@windriver.com>
9	---
10	ext/standard/string.c \| 6 +++---
11	ext/standard/tests/file/bug79099.phpt \| 32 ++++++++++++++++++++++++++++++++
12	2 files changed, 35 insertions(+), 3 deletions(-)
13	create mode 100644 ext/standard/tests/file/bug79099.phpt
14
15	diff --git a/ext/standard/string.c b/ext/standard/string.c
16	index dde97fa..2213d8d 100644
17	--- a/ext/standard/string.c
18	+++ b/ext/standard/string.c
19	@@ -5163,7 +5163,7 @@ state_1:
20	}
21
22	lc = '>';
23	- if (is_xml && *(p -1) == '-') {
24	+ if (is_xml && p >= buf + 1 && *(p -1) == '-') {
25	break;
26	}
27	in_q = state = is_xml = 0;
28	@@ -5195,7 +5195,7 @@ state_1:
29	goto reg_char_1;
30	case '!':
31	/* JavaScript & Other HTML scripting languages */
32	- if (*(p-1) == '<') {
33	+ if (p >= buf + 1 && *(p-1) == '<') {
34	state = 3;
35	lc = c;
36	p++;
37	@@ -5205,7 +5205,7 @@ state_1:
38	}
39	break;
40	case '?':
41	- if (*(p-1) == '<') {
42	+ if (p >= buf + 1 && *(p-1) == '<') {
43	br=0;
44	state = 2;
45	p++;
46	diff --git a/ext/standard/tests/file/bug79099.phpt b/ext/standard/tests/file/bug79099.phpt
47	new file mode 100644
48	index 0000000..a1f2a33
49	--- /dev/null
50	+++ b/ext/standard/tests/file/bug79099.phpt
51	@@ -0,0 +1,32 @@
52	+--TEST--
53	+Bug #79099 (OOB read in php_strip_tags_ex)
54	+--FILE--
55	+<?php
56	+$stream = fopen('php://memory', 'w+');
57	+fputs($stream, "<?\n\"\n");
58	+rewind($stream);
59	+var_dump(@fgetss($stream));
60	+var_dump(@fgetss($stream));
61	+fclose($stream);
62	+
63	+$stream = fopen('php://memory', 'w+');
64	+fputs($stream, "<\0\n!\n");
65	+rewind($stream);
66	+var_dump(@fgetss($stream));
67	+var_dump(@fgetss($stream));
68	+fclose($stream);
69	+
70	+$stream = fopen('php://memory', 'w+');
71	+fputs($stream, "<\0\n?\n");
72	+rewind($stream);
73	+var_dump(@fgetss($stream));
74	+var_dump(@fgetss($stream));
75	+fclose($stream);
76	+?>
77	+--EXPECT--
78	+string(0) ""
79	+string(0) ""
80	+string(0) ""
81	+string(0) ""
82	+string(0) ""
83	+string(0) ""
84	--
85	1.9.1
86


diff --git a/meta-oe/recipes-devtools/php/php_7.3.11.bb b/meta-oe/recipes-devtools/php/php_7.3.16.bb index 880ac839b2..050916bb36 100644 --- a/meta-oe/recipes-devtools/php/php_7.3.11.bb +++ b/meta-oe/recipes-devtools/php/php_7.3.16.bb
@@ -18,11 +18,6 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
18	file://0001-Use-pkg-config-for-libxml2-detection.patch \	18	file://0001-Use-pkg-config-for-libxml2-detection.patch \
19	file://debian-php-fixheader.patch \	19	file://debian-php-fixheader.patch \
20	file://CVE-2019-6978.patch \	20	file://CVE-2019-6978.patch \
21	file://CVE-2020-7059.patch \
22	file://CVE-2019-11045.patch \
23	file://CVE-2019-11046.patch \
24	file://CVE-2019-11047.patch \
25	file://CVE-2019-11050.patch \
26	"	21	"
27		22
28	SRC_URI_append_class-target = " \	23	SRC_URI_append_class-target = " \
@@ -39,8 +34,8 @@ SRC_URI_append_class-target = " \
39	file://xfail_two_bug_tests.patch \	34	file://xfail_two_bug_tests.patch \
40	"	35	"
41	S = "${WORKDIR}/php-${PV}"	36	S = "${WORKDIR}/php-${PV}"
42	SRC_URI[md5sum] = "21b710b4126d4d54714de9693a6c7b0d"	37	SRC_URI[md5sum] = "fc72fa1c2a6da38a5a7f8797eaa08c58"
43	SRC_URI[sha256sum] = "92d1ff4b13c7093635f1ec338a5e6891ca99b10e65fbcadd527e5bb84d11b5e7"	38	SRC_URI[sha256sum] = "b8072d526a283182963b03960b7982392daa43cb31131eca4cf0b996764a042e"
44		39
45	inherit autotools pkgconfig python3native gettext	40	inherit autotools pkgconfig python3native gettext
46		41