From 326cd05dae2eb411d5fdacede8a4bfa7a0798182 Mon Sep 17 00:00:00 2001
From: Joe Watkins <krakjoe@php.net>
Date: Tue, 22 Oct 2019 18:56:55 +0200
Subject: set versions for release

---
 NEWS               | 2 +-
 configure.in       | 2 +-
 main/php_version.h | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index 28b57bb267..7b23346fca 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,6 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-?? ??? ????, PHP 7.1.33
+24 Oct 2019, PHP 7.1.33
 
 - FPM:
   . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
diff --git a/configure.in b/configure.in
index 24e1e0f25d..cd8b8794f0 100644
--- a/configure.in
+++ b/configure.in
@@ -120,7 +120,7 @@ int zend_sprintf(char *buffer, const char *format, ...);
 PHP_MAJOR_VERSION=7
 PHP_MINOR_VERSION=1
 PHP_RELEASE_VERSION=33
-PHP_EXTRA_VERSION="dev"
+PHP_EXTRA_VERSION=""
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
 
diff --git a/main/php_version.h b/main/php_version.h
index 8def7e0f43..7338aa5461 100644
--- a/main/php_version.h
+++ b/main/php_version.h
@@ -3,6 +3,6 @@
 #define PHP_MAJOR_VERSION 7
 #define PHP_MINOR_VERSION 1
 #define PHP_RELEASE_VERSION 33
-#define PHP_EXTRA_VERSION "dev"
+#define PHP_EXTRA_VERSION ""
 #define PHP_VERSION "7.1.33"
 #define PHP_VERSION_ID 70133
-- 
cgit v1.2.1


From 52f049879a1f29bcef432ac1a1d77c84ebaa6c7b Mon Sep 17 00:00:00 2001
From: Joe Watkins <krakjoe@php.net>
Date: Tue, 22 Oct 2019 18:58:39 +0200
Subject: bump version

---
 NEWS               | 4 ++++
 configure.in       | 4 ++--
 main/php_version.h | 8 ++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/NEWS b/NEWS
index 7b23346fca..36965f1a4e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,9 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+?? ??? ????, PHP 7.1.34
+
+
+
 24 Oct 2019, PHP 7.1.33
 
 - FPM:
diff --git a/configure.in b/configure.in
index cd8b8794f0..348f23669f 100644
--- a/configure.in
+++ b/configure.in
@@ -119,8 +119,8 @@ int zend_sprintf(char *buffer, const char *format, ...);
 
 PHP_MAJOR_VERSION=7
 PHP_MINOR_VERSION=1
-PHP_RELEASE_VERSION=33
-PHP_EXTRA_VERSION=""
+PHP_RELEASE_VERSION=34
+PHP_EXTRA_VERSION="dev"
 PHP_VERSION="$PHP_MAJOR_VERSION.$PHP_MINOR_VERSION.$PHP_RELEASE_VERSION$PHP_EXTRA_VERSION"
 PHP_VERSION_ID=`expr [$]PHP_MAJOR_VERSION \* 10000 + [$]PHP_MINOR_VERSION \* 100 + [$]PHP_RELEASE_VERSION`
 
diff --git a/main/php_version.h b/main/php_version.h
index 7338aa5461..6b92c66e99 100644
--- a/main/php_version.h
+++ b/main/php_version.h
@@ -2,7 +2,7 @@
 /* edit configure.in to change version number */
 #define PHP_MAJOR_VERSION 7
 #define PHP_MINOR_VERSION 1
-#define PHP_RELEASE_VERSION 33
-#define PHP_EXTRA_VERSION ""
-#define PHP_VERSION "7.1.33"
-#define PHP_VERSION_ID 70133
+#define PHP_RELEASE_VERSION 34
+#define PHP_EXTRA_VERSION "dev"
+#define PHP_VERSION "7.1.34"
+#define PHP_VERSION_ID 70134
-- 
cgit v1.2.1


From 469820048df558040f6dec7c39471ad11e2a7cfb Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <stas@php.net>
Date: Sun, 27 Oct 2019 16:30:38 -0700
Subject: Fix libmagic buffer overflow issue (CVE-2019-18218)

Ported from https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
---
 ext/fileinfo/libmagic/cdf.c | 7 +++----
 ext/fileinfo/libmagic/cdf.h | 1 +
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
index 28084fbe44..01af1e4eda 100644
--- a/ext/fileinfo/libmagic/cdf.c
+++ b/ext/fileinfo/libmagic/cdf.c
@@ -872,8 +872,9 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
 		    i, inp[i].pi_id, inp[i].pi_type, q - p, offs));
 		if (inp[i].pi_type & CDF_VECTOR) {
 			nelements = CDF_GETUINT32(q, 1);
-			if (nelements == 0) {
-				DPRINTF(("CDF_VECTOR with nelements == 0\n"));
+			if (nelements > CDF_ELEMENT_LIMIT || nelements == 0) {
+				DPRINTF(("CDF_VECTOR with nelements == %"
+				    SIZE_T_FORMAT "u\n", nelements));
 				goto out;
 			}
 			o = 2;
@@ -948,8 +949,6 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
 				*info = inp;
 				inp = *info + nelem;
 			}
-			DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n",
-			    nelements));
 			for (j = 0; j < nelements && i < sh.sh_properties;
 			    j++, i++)
 			{
diff --git a/ext/fileinfo/libmagic/cdf.h b/ext/fileinfo/libmagic/cdf.h
index 9006a686ef..6ad5bceb75 100644
--- a/ext/fileinfo/libmagic/cdf.h
+++ b/ext/fileinfo/libmagic/cdf.h
@@ -50,6 +50,7 @@
 typedef int32_t cdf_secid_t;
 
 #define CDF_LOOP_LIMIT					10000
+#define CDF_ELEMENT_LIMIT				100000
 
 #define CDF_SECID_NULL					0
 #define CDF_SECID_FREE					-1
-- 
cgit v1.2.1