diff options
author | Andy Postnikov <apostnikov@gmail.com> | 2022-06-09 18:14:42 +0300 |
---|---|---|
committer | Andy Postnikov <apostnikov@gmail.com> | 2022-06-09 20:54:57 +0000 |
commit | dc94611ce31e97b7062612a4da3be6c163d0111f (patch) | |
tree | 66b05fb04229182aa2756fb3ba7257c3f4c1f59c | |
parent | fe073dd480a0bc6972f245852856da2c86901c3e (diff) |
testing/php7: upgrade to 7.4.30
-rw-r--r-- | testing/php7/APKBUILD | 10 | ||||
-rw-r--r-- | testing/php7/CVE-2022-31625.patch | 23 | ||||
-rw-r--r-- | testing/php7/CVE-2022-31626.patch | 73 |
3 files changed, 3 insertions, 103 deletions
diff --git a/testing/php7/APKBUILD b/testing/php7/APKBUILD index d89530a3b6c..d646fe9169c 100644 --- a/testing/php7/APKBUILD +++ b/testing/php7/APKBUILD @@ -25,8 +25,8 @@ pkgname=php7 _pkgreal=php -pkgver=7.4.29 -pkgrel=3 +pkgver=7.4.30 +pkgrel=0 _apiver=20190902 _suffix=${pkgname#php} # Is this package the default (latest) PHP version? @@ -101,8 +101,6 @@ source="https://php.net/distributions/$_pkgreal-$pkgver.tar.xz xfail-openssl-1.1-test.patch atomic-lsapi.patch fix-curl-7.83-test.patch - CVE-2022-31625.patch - CVE-2022-31626.patch " builddir="$srcdir/$_pkgreal-$pkgver" @@ -692,7 +690,7 @@ _mv() { } sha512sums=" -cdec93b3d10b80da4a16757e60ecf8b35e78adfc57edd40917f53c4d20ce2847363ac99954cc92492cd84b81c01c4af667b16c8f4fe54aa98b9181ef5b1951ba php-7.4.29.tar.xz +7bce44a23c07193c10c57459f08b08fdce4e3a269d6829a61371d1b1f117ecf4e167805a40e1a5e7687f534aee9d5f5745a3f4dcb344e9e781c105bc964ed738 php-7.4.30.tar.xz 1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate 274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf @@ -706,6 +704,4 @@ ebf571c5e595221b9944d7e840807ebb68c1be38bf117186e19a3bd1070310ece5918bcaa5f94167 996b9a542858b0385a300265194afc57eddb72b9d7e4dcdf63b4f1ba7d3588e67309030acc73f00af1717168becd50b1d3582fcb88605e9892fd683a33cae023 xfail-openssl-1.1-test.patch 465b38c089d938a4a072b2eff3edaf928455bf873f5eeb65ff3bee9614f5f45c70f285abb50809c2e2d9d259395acae38bd649860ca3b8d65e43447082a51552 atomic-lsapi.patch be6a57063414bd255def54d5f6e42cbdc3baec55c8eaf9c8ca6e96d0cb3fec942ebb1868806850859d34c5c45d03a2abfec3fecd1aef04524da8eda01d9041ed fix-curl-7.83-test.patch -3a6ee3914b1a4e73caf19b40052cb70d1cd5716ed8b22cd83d57a52c0e6568b8960d65dba43e76cde5a19e56f318dc18d08dafb816ccd95dbc80534916a8b29a CVE-2022-31625.patch -941db4c9ce0b6f442c9d34a7cb43301d71159b968f720f8ff4be5b322393078afbfbccfcc00c7a011894139b4c27f42fb940bef122674cbbdb6142b1e38b7355 CVE-2022-31626.patch " diff --git a/testing/php7/CVE-2022-31625.patch b/testing/php7/CVE-2022-31625.patch deleted file mode 100644 index 7f89dcb3558..00000000000 --- a/testing/php7/CVE-2022-31625.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <smalyshev@gmail.com> -Date: Mon, 6 Jun 2022 00:56:51 -0600 -Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow - ---- - ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c -index 87b2e7c31331..e4a298adaea4 100644 ---- a/ext/mysqlnd/mysqlnd_wireprotocol.c -+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c -@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet) - MYSQLND_VIO * vio = conn->vio; - MYSQLND_STATS * stats = conn->stats; - MYSQLND_CONNECTION_STATE * connection_state = &conn->state; -- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len); -+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE; -+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size); - zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */ - - DBG_ENTER("php_mysqlnd_change_auth_response_write"); diff --git a/testing/php7/CVE-2022-31626.patch b/testing/php7/CVE-2022-31626.patch deleted file mode 100644 index c45fab077c8..00000000000 --- a/testing/php7/CVE-2022-31626.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 55f6895f4b4c677272fd4ee1113acdbd99c4b5ab Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Tue, 17 May 2022 12:59:23 +0200 -Subject: [PATCH] Fix #81720: Uninitialized array in pg_query_params() leading - to RCE - -We must not free parameters which we haven't initialized yet. - -We also fix the not directly related issue, that we checked for the -wrong value being `NULL`, potentially causing a segfault. ---- - ext/pgsql/pgsql.c | 6 +++--- - ext/pgsql/tests/bug81720.phpt | 27 +++++++++++++++++++++++++++ - 2 files changed, 30 insertions(+), 3 deletions(-) - create mode 100644 ext/pgsql/tests/bug81720.phpt - -diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c -index f52ff884d83c..7dcd56cf1441 100644 ---- a/ext/pgsql/pgsql.c -+++ b/ext/pgsql/pgsql.c -@@ -1994,7 +1994,7 @@ PHP_FUNCTION(pg_query_params) - if (Z_TYPE(tmp_val) != IS_STRING) { - php_error_docref(NULL, E_WARNING,"Error converting parameter"); - zval_ptr_dtor(&tmp_val); -- _php_pgsql_free_params(params, num_params); -+ _php_pgsql_free_params(params, i); - RETURN_FALSE; - } - params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val)); -@@ -5175,8 +5175,8 @@ PHP_FUNCTION(pg_send_execute) - params[i] = NULL; - } else { - zend_string *tmp_str = zval_try_get_string(tmp); -- if (UNEXPECTED(!tmp)) { -- _php_pgsql_free_params(params, num_params); -+ if (UNEXPECTED(!tmp_str)) { -+ _php_pgsql_free_params(params, i); - return; - } - params[i] = estrndup(ZSTR_VAL(tmp_str), ZSTR_LEN(tmp_str)); -diff --git a/ext/pgsql/tests/bug81720.phpt b/ext/pgsql/tests/bug81720.phpt -new file mode 100644 -index 000000000000..d79f1fcdd612 ---- /dev/null -+++ b/ext/pgsql/tests/bug81720.phpt -@@ -0,0 +1,27 @@ -+--TEST-- -+Bug #81720 (Uninitialized array in pg_query_params() leading to RCE) -+--SKIPIF-- -+<?php include("skipif.inc"); ?> -+--FILE-- -+<?php -+include('config.inc'); -+ -+$conn = pg_connect($conn_str); -+ -+try { -+ pg_query_params($conn, 'SELECT $1, $2', [1, new stdClass()]); -+} catch (Throwable $ex) { -+ echo $ex->getMessage(), PHP_EOL; -+} -+ -+try { -+ pg_send_prepare($conn, "my_query", 'SELECT $1, $2'); -+ pg_get_result($conn); -+ pg_send_execute($conn, "my_query", [1, new stdClass()]); -+} catch (Throwable $ex) { -+ echo $ex->getMessage(), PHP_EOL; -+} -+?> -+--EXPECT-- -+Object of class stdClass could not be converted to string -+Object of class stdClass could not be converted to string |