!24 Fix CVE-2020-7063.patch

From: @wangchen2020
Reviewed-by: @small_leek
Signed-off-by: @small_leek

CVE-2020-7063.patch

@@ -0,0 +1,121 @@
+From ead40a66785aedaa393f953a0ed9224adaf040cd Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sat, 15 Feb 2020 22:17:14 -0800
+Subject: [PATCH] Fix bug #79082 - Files added to tar with
+ Phar::buildFromIterator have all-access permissions
+
+---
+ ext/phar/phar_object.c                       | 11 ++++++
+ ext/phar/tests/bug79082.phpt                 | 52 ++++++++++++++++++++++++++++
+ ext/phar/tests/test79082/test79082-testfile  |  1 +
+ ext/phar/tests/test79082/test79082-testfile2 |  1 +
+ 4 files changed, 65 insertions(+)
+ create mode 100644 ext/phar/tests/bug79082.phpt
+ create mode 100644 ext/phar/tests/test79082/test79082-testfile
+ create mode 100644 ext/phar/tests/test79082/test79082-testfile2
+
+diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
+index 6cf097e36fe..89b553c2b91 100644
+--- a/ext/phar/phar_object.c
++++ b/ext/phar/phar_object.c
+@@ -1419,6 +1419,7 @@ static int phar_build(zend_object_iterator *iter, void *puser) /* {{{ */
+ 	char *str_key;
+ 	zend_class_entry *ce = p_obj->c;
+ 	phar_archive_object *phar_obj = p_obj->p;
++	php_stream_statbuf ssb;
+ 
+ 	value = iter->funcs->get_current_data(iter);
+ 
+@@ -1686,6 +1687,16 @@ after_open_fp:
+ 		php_stream_copy_to_stream_ex(fp, p_obj->fp, PHP_STREAM_COPY_ALL, &contents_len);
+ 		data->internal_file->uncompressed_filesize = data->internal_file->compressed_filesize =
+ 			php_stream_tell(p_obj->fp) - data->internal_file->offset;
++		if (php_stream_stat(fp, &ssb) != -1) {
++			data->internal_file->flags = ssb.sb.st_mode & PHAR_ENT_PERM_MASK ;
++		} else {
++#ifndef _WIN32
++			mode_t mask;
++			mask = umask(0);
++			umask(mask);
++			data->internal_file->flags &= ~mask;
++#endif
++		}
+ 	}
+ 
+ 	if (close_fp) {
+diff --git a/ext/phar/tests/bug79082.phpt b/ext/phar/tests/bug79082.phpt
+new file mode 100644
+index 00000000000..ca453d1b57b
+--- /dev/null
++++ b/ext/phar/tests/bug79082.phpt
+@@ -0,0 +1,52 @@
++--TEST--
++Phar: Bug #79082: Files added to tar with Phar::buildFromIterator have all-access permissions
++--SKIPIF--
++<?php 
++if (!extension_loaded("phar")) die("skip"); 
++if (defined("PHP_WINDOWS_VERSION_MAJOR")) die("skip not for Windows")
++?>
++--FILE--
++<?php
++umask(022);
++var_dump(decoct(umask()));
++chmod(__DIR__ . '/test79082/test79082-testfile', 0644);
++chmod(__DIR__ . '/test79082/test79082-testfile2', 0400);
++
++foreach([Phar::TAR => 'tar', Phar::ZIP => 'zip'] as $mode => $ext) {
++	clearstatcache();
++	$phar = new PharData(__DIR__ . '/test79082.' . $ext, null, null, $mode);
++	$phar->buildFromIterator(new \RecursiveDirectoryIterator(__DIR__ . '/test79082', \FilesystemIterator::SKIP_DOTS), __DIR__ . '/test79082');
++	$phar->extractTo(__DIR__);
++	var_dump(decoct(stat(__DIR__ . '/test79082-testfile')['mode']));
++	var_dump(decoct(stat(__DIR__ . '/test79082-testfile2')['mode']));
++	unlink(__DIR__ . '/test79082-testfile');
++	unlink(__DIR__ . '/test79082-testfile2');
++}
++foreach([Phar::TAR => 'tar', Phar::ZIP => 'zip'] as $mode => $ext) {
++	clearstatcache();
++	$phar = new PharData(__DIR__ . '/test79082-d.' . $ext, null, null, $mode);
++	$phar->buildFromDirectory(__DIR__ . '/test79082');
++	$phar->extractTo(__DIR__);
++	var_dump(decoct(stat(__DIR__ . '/test79082-testfile')['mode']));
++	var_dump(decoct(stat(__DIR__ . '/test79082-testfile2')['mode']));
++	unlink(__DIR__ . '/test79082-testfile');
++	unlink(__DIR__ . '/test79082-testfile2');
++}
++?>
++--CLEAN--
++<?
++unlink(__DIR__ . '/test79082.tar');
++unlink(__DIR__ . '/test79082.zip');
++unlink(__DIR__ . '/test79082-d.tar');
++unlink(__DIR__ . '/test79082-d.zip');
++?>
++--EXPECT--
++string(2) "22"
++string(6) "100644"
++string(6) "100400"
++string(6) "100644"
++string(6) "100400"
++string(6) "100644"
++string(6) "100400"
++string(6) "100644"
++string(6) "100400"
+diff --git a/ext/phar/tests/test79082/test79082-testfile b/ext/phar/tests/test79082/test79082-testfile
+new file mode 100644
+index 00000000000..9daeafb9864
+--- /dev/null
++++ b/ext/phar/tests/test79082/test79082-testfile
+@@ -0,0 +1 @@
++test
+diff --git a/ext/phar/tests/test79082/test79082-testfile2 b/ext/phar/tests/test79082/test79082-testfile2
+new file mode 100644
+index 00000000000..9daeafb9864
+--- /dev/null
++++ b/ext/phar/tests/test79082/test79082-testfile2
+@@ -0,0 +1 @@
++test
+-- 
+2.11.0
+
+

php.spec

@@ -28,7 +28,7 @@
 
 Name:          php
 Version:       %{upver}%{?rcver:~%{rcver}}
-Release:       8
+Release:       9
 Summary:       PHP scripting language for creating dynamic web sites
 License:       PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
 URL:           http://www.php.net/
@@ -96,6 +96,7 @@ Patch6022:     CVE-2020-7064.patch
 Patch6023:     CVE-2020-7066.patch
 Patch6024:     CVE-2019-11048.patch
 Patch6025:     CVE-2020-7068.patch
+Patch6026:     CVE-2020-7063.patch
 
 BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
 BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
@@ -1157,6 +1158,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Thu Dec 17 2020 wangchen <wangchen137@huawei.com> - 7.2.10-9
+- Fix CVE-2020-7063
+
 * Mon Nov 07 2020 liuweibo <liuweibo10@huawei.com> - 7.2.10-8
 - Append help recommends to main package