Fix null pointer dereference in imap_mail CVE-2018-19935 (Fedora)

SOURCES/php-imap.patch

@@ -0,0 +1,71 @@
+From d8765852e0400ee2ce8ae9e2177c42731d4539d8 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <[email protected]>
+Date: Wed, 28 Nov 2018 15:45:51 -0800
+Subject: [PATCH] Add DISPLAY_INI_ENTRIES for imap
+
+---
+ ext/imap/php_imap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
+index f6feebe9f769..a23e84c08521 100644
+--- a/ext/imap/php_imap.c
++++ b/ext/imap/php_imap.c
+@@ -1153,6 +1153,8 @@ PHP_MINFO_FUNCTION(imap)
+ 	php_info_print_table_row(2, "Kerberos Support", "enabled");
+ #endif
+ 	php_info_print_table_end();
++
++	DISPLAY_INI_ENTRIES();
+ }
+ /* }}} */
+
+From 7edc639b9ff1c3576773d79d016abbeed1f93846 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <[email protected]>
+Date: Sun, 11 Nov 2018 10:04:01 -0800
+Subject: [PATCH] Fix #77020: null pointer dereference in imap_mail
+
+If an empty $message is passed to imap_mail(), we must not set message
+to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
+(opposed to pointers to NUL).
+---
+ NEWS                         |  1 +
+ ext/imap/php_imap.c          |  1 -
+ ext/imap/tests/bug77020.phpt | 15 +++++++++++++++
+ 3 files changed, 16 insertions(+), 1 deletion(-)
+ create mode 100644 ext/imap/tests/bug77020.phpt
+
+diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
+index a23e84c08521..b30440f000f3 100644
+--- a/ext/imap/php_imap.c
++++ b/ext/imap/php_imap.c
+@@ -4125,7 +4125,6 @@ PHP_FUNCTION(imap_mail)
+ 	if (!ZSTR_LEN(message)) {
+ 		/* this is not really an error, so it is allowed. */
+ 		php_error_docref(NULL, E_WARNING, "No message string in mail command");
+-		message = NULL;
+ 	}
+
+ 	if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL,
+diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt
+new file mode 100644
+index 000000000000..8a65232eec6d
+--- /dev/null
++++ b/ext/imap/tests/bug77020.phpt
+@@ -0,0 +1,15 @@
++--TEST--
++Bug #77020 (null pointer dereference in imap_mail)
++--SKIPIF--
++<?php
++if (!extension_loaded('imap')) die('skip imap extension not available');
++?>
++--FILE--
++<?php
++imap_mail('1', 1, NULL);
++?>
++===DONE===
++--EXPECTF--
++Warning: imap_mail(): No message string in mail command in %s on line %d
++%s
++===DONE===
+

SPECS/php72u.spec

@@ -61,7 +61,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php72u
 Version: 7.2.13
-Release: 1.ius%{?dist}
+Release: 2.ius%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -114,6 +114,7 @@ Patch49: php-7.1.0-curltls.patch
 # Upstream fixes (100+)
 
 # Security fixes (200+)
+Patch200: php-imap.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -990,6 +991,7 @@ low-level PHP extension for the libsodium cryptographic library.
 # upstream patches
 
 # security patches
+%patch200 -p1 -b .imap
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
@@ -1786,6 +1788,9 @@ exit 0
 
 
 %changelog
+* Tue Dec 11 2018 Carl George <[email protected]> - 7.2.13-2.ius
+- Fix null pointer dereference in imap_mail CVE-2018-19935 (Fedora)
+
 * Thu Dec 06 2018 Carl George <[email protected]> - 7.2.13-1.ius
 - Latest upstream