From d73d44c23709df5b6bebf347cd98088ddd6c8091 Mon Sep 17 00:00:00 2001
From: David Zuelke <dzuelke@gmail.com>
Date: Sat, 9 Aug 2014 08:14:23 +0200
Subject: [PATCH 1/3] Revert "Merge branch 'pull-request/694' into PHP-5.6"

This reverts commit d96de86b5b4ca8adf63ac6e07ab57fc2ec9d87f4, reversing
changes made to b1e32a4f7a6c2351a2006c2c1b9085336ba513e4.
---
 sapi/fpm/fpm/fpm_main.c | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
index 2ee1456340f..93090832f50 100644
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1148,6 +1148,19 @@ static void init_request_info(TSRMLS_D)
 				TRANSLATE_SLASHES(env_document_root);
 			}
 
+			if (env_path_translated != NULL && env_redirect_url != NULL &&
+			    env_path_translated != script_path_translated &&
+			    strcmp(env_path_translated, script_path_translated) != 0) {
+				/*
+				 * pretty much apache specific.  If we have a redirect_url
+				 * then our script_filename and script_name point to the
+				 * php executable
+				 */
+				script_path_translated = env_path_translated;
+				/* we correct SCRIPT_NAME now in case we don't have PATH_INFO */
+				env_script_name = env_redirect_url;
+			}
+
 #ifdef __riscos__
 			/* Convert path to unix format*/
 			__riscosify_control |= __RISCOSIFY_DONT_CHECK_DIR;
@@ -1316,7 +1329,7 @@ static void init_request_info(TSRMLS_D)
 					efree(pt);
 				}
 			} else {
-				/* make sure original values are remembered in ORIG_ copies if we've changed them */
+				/* make sure path_info/translated are empty */
 				if (!orig_script_filename ||
 					(script_path_translated != orig_script_filename &&
 					strcmp(script_path_translated, orig_script_filename) != 0)) {
@@ -1325,6 +1338,16 @@ static void init_request_info(TSRMLS_D)
 					}
 					script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", script_path_translated TSRMLS_CC);
 				}
+				if (env_redirect_url) {
+					if (orig_path_info) {
+						_sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC);
+						_sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC);
+					}
+					if (orig_path_translated) {
+						_sapi_cgibin_putenv("ORIG_PATH_TRANSLATED", orig_path_translated TSRMLS_CC);
+						_sapi_cgibin_putenv("PATH_TRANSLATED", NULL TSRMLS_CC);
+					}
+				}
 				if (env_script_name != orig_script_name) {
 					if (orig_script_name) {
 						_sapi_cgibin_putenv("ORIG_SCRIPT_NAME", orig_script_name TSRMLS_CC);

From e6d93a11ad343efdc42315f7f69ed82515c9f374 Mon Sep 17 00:00:00 2001
From: David Zuelke <dzuelke@gmail.com>
Date: Sat, 9 Aug 2014 08:26:33 +0200
Subject: [PATCH 2/3] restore FPM compatibility with mod_fastcgi broken since
 #694 / 67541, fixes bug 67606

---
 sapi/fpm/fpm/fpm_main.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
index 93090832f50..cd5492d73d3 100644
--- a/sapi/fpm/fpm/fpm_main.c
+++ b/sapi/fpm/fpm/fpm_main.c
@@ -1148,13 +1148,16 @@ static void init_request_info(TSRMLS_D)
 				TRANSLATE_SLASHES(env_document_root);
 			}
 
-			if (env_path_translated != NULL && env_redirect_url != NULL &&
+			if (!apache_was_here && env_path_translated != NULL && env_redirect_url != NULL &&
 			    env_path_translated != script_path_translated &&
 			    strcmp(env_path_translated, script_path_translated) != 0) {
 				/*
 				 * pretty much apache specific.  If we have a redirect_url
 				 * then our script_filename and script_name point to the
 				 * php executable
+				 * we don't want to do this for the new mod_proxy_fcgi approach,
+				 * where redirect_url may also exist but the below will break
+				 * with rewrites to PATH_INFO, hence the !apache_was_here check
 				 */
 				script_path_translated = env_path_translated;
 				/* we correct SCRIPT_NAME now in case we don't have PATH_INFO */
@@ -1329,7 +1332,7 @@ static void init_request_info(TSRMLS_D)
 					efree(pt);
 				}
 			} else {
-				/* make sure path_info/translated are empty */
+				/* make sure original values are remembered in ORIG_ copies if we've changed them */
 				if (!orig_script_filename ||
 					(script_path_translated != orig_script_filename &&
 					strcmp(script_path_translated, orig_script_filename) != 0)) {
@@ -1338,7 +1341,9 @@ static void init_request_info(TSRMLS_D)
 					}
 					script_path_translated = _sapi_cgibin_putenv("SCRIPT_FILENAME", script_path_translated TSRMLS_CC);
 				}
-				if (env_redirect_url) {
+				if (!apache_was_here && env_redirect_url) {
+					/* if we used PATH_TRANSLATED to work around Apache mod_fastcgi (but not mod_proxy_fcgi,
+					 * hence !apache_was_here) weirdness, strip info accordingly */
 					if (orig_path_info) {
 						_sapi_cgibin_putenv("ORIG_PATH_INFO", orig_path_info TSRMLS_CC);
 						_sapi_cgibin_putenv("PATH_INFO", NULL TSRMLS_CC);

From 37c08f466ec1bdb0909989a2fab54352d368d37c Mon Sep 17 00:00:00 2001
From: David Zuelke <dzuelke@gmail.com>
Date: Sat, 9 Aug 2014 08:30:50 +0200
Subject: [PATCH 3/3] NEWS entry for e6d93a1 / d73d44c

---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/NEWS b/NEWS
index 6cc1304c137..e4b0ed20532 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,9 @@ PHP                                                                        NEWS
   . Fixed bug #67705 (extensive backtracking in rule regular expression).
     (CVE-2014-3538) (Remi)
 
+- FPM:
+  . Fix bug #67606 (revised fix 67541, broke mod_fastcgi BC). (David Zuelke)
+
 - GD:
   . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
     (CVE-2014-2497) (Remi)