aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndy Postnikov <apostnikov@gmail.com>2022-06-09 18:14:42 +0300
committerAndy Postnikov <apostnikov@gmail.com>2022-06-09 20:54:57 +0000
commitdc94611ce31e97b7062612a4da3be6c163d0111f (patch)
tree66b05fb04229182aa2756fb3ba7257c3f4c1f59c
parentfe073dd480a0bc6972f245852856da2c86901c3e (diff)
downloadaports-dc94611ce31e97b7062612a4da3be6c163d0111f.tar.gz
aports-dc94611ce31e97b7062612a4da3be6c163d0111f.tar.bz2
aports-dc94611ce31e97b7062612a4da3be6c163d0111f.tar.xz
testing/php7: upgrade to 7.4.30
-rw-r--r--testing/php7/APKBUILD10
-rw-r--r--testing/php7/CVE-2022-31625.patch23
-rw-r--r--testing/php7/CVE-2022-31626.patch73
3 files changed, 3 insertions, 103 deletions
diff --git a/testing/php7/APKBUILD b/testing/php7/APKBUILD
index d89530a3b6..d646fe9169 100644
--- a/testing/php7/APKBUILD
+++ b/testing/php7/APKBUILD
@@ -25,8 +25,8 @@
pkgname=php7
_pkgreal=php
-pkgver=7.4.29
-pkgrel=3
+pkgver=7.4.30
+pkgrel=0
_apiver=20190902
_suffix=${pkgname#php}
# Is this package the default (latest) PHP version?
@@ -101,8 +101,6 @@ source="https://php.net/distributions/$_pkgreal-$pkgver.tar.xz
xfail-openssl-1.1-test.patch
atomic-lsapi.patch
fix-curl-7.83-test.patch
- CVE-2022-31625.patch
- CVE-2022-31626.patch
"
builddir="$srcdir/$_pkgreal-$pkgver"
@@ -692,7 +690,7 @@ _mv() {
}
sha512sums="
-cdec93b3d10b80da4a16757e60ecf8b35e78adfc57edd40917f53c4d20ce2847363ac99954cc92492cd84b81c01c4af667b16c8f4fe54aa98b9181ef5b1951ba php-7.4.29.tar.xz
+7bce44a23c07193c10c57459f08b08fdce4e3a269d6829a61371d1b1f117ecf4e167805a40e1a5e7687f534aee9d5f5745a3f4dcb344e9e781c105bc964ed738 php-7.4.30.tar.xz
1c708de82d1086f272f484faf6cf6d087af7c31750cc2550b0b94ed723961b363f28a947b015b2dfc0765caea185a75f5d2c2f2b099c948b65c290924f606e4f php7-fpm.initd
cacce7bf789467ff40647b7319e3760c6c587218720538516e8d400baa75651f72165c4e28056cd0c1dc89efecb4d00d0d7823bed80b29136262c825ce816691 php7-fpm.logrotate
274bd7b0b2b7002fa84c779640af37b59258bb37b05cb7dd5c89452977d71807f628d91b523b5039608376d1f760f3425d165242ca75ee5129b2730e71c4e198 php7-module.conf
@@ -706,6 +704,4 @@ ebf571c5e595221b9944d7e840807ebb68c1be38bf117186e19a3bd1070310ece5918bcaa5f94167
996b9a542858b0385a300265194afc57eddb72b9d7e4dcdf63b4f1ba7d3588e67309030acc73f00af1717168becd50b1d3582fcb88605e9892fd683a33cae023 xfail-openssl-1.1-test.patch
465b38c089d938a4a072b2eff3edaf928455bf873f5eeb65ff3bee9614f5f45c70f285abb50809c2e2d9d259395acae38bd649860ca3b8d65e43447082a51552 atomic-lsapi.patch
be6a57063414bd255def54d5f6e42cbdc3baec55c8eaf9c8ca6e96d0cb3fec942ebb1868806850859d34c5c45d03a2abfec3fecd1aef04524da8eda01d9041ed fix-curl-7.83-test.patch
-3a6ee3914b1a4e73caf19b40052cb70d1cd5716ed8b22cd83d57a52c0e6568b8960d65dba43e76cde5a19e56f318dc18d08dafb816ccd95dbc80534916a8b29a CVE-2022-31625.patch
-941db4c9ce0b6f442c9d34a7cb43301d71159b968f720f8ff4be5b322393078afbfbccfcc00c7a011894139b4c27f42fb940bef122674cbbdb6142b1e38b7355 CVE-2022-31626.patch
"
diff --git a/testing/php7/CVE-2022-31625.patch b/testing/php7/CVE-2022-31625.patch
deleted file mode 100644
index 7f89dcb355..0000000000
--- a/testing/php7/CVE-2022-31625.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <smalyshev@gmail.com>
-Date: Mon, 6 Jun 2022 00:56:51 -0600
-Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
-
----
- ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
-index 87b2e7c31331..e4a298adaea4 100644
---- a/ext/mysqlnd/mysqlnd_wireprotocol.c
-+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
-@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
- MYSQLND_VIO * vio = conn->vio;
- MYSQLND_STATS * stats = conn->stats;
- MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
-- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
-+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
-+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
- zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
-
- DBG_ENTER("php_mysqlnd_change_auth_response_write");
diff --git a/testing/php7/CVE-2022-31626.patch b/testing/php7/CVE-2022-31626.patch
deleted file mode 100644
index c45fab077c..0000000000
--- a/testing/php7/CVE-2022-31626.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 55f6895f4b4c677272fd4ee1113acdbd99c4b5ab Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Tue, 17 May 2022 12:59:23 +0200
-Subject: [PATCH] Fix #81720: Uninitialized array in pg_query_params() leading
- to RCE
-
-We must not free parameters which we haven't initialized yet.
-
-We also fix the not directly related issue, that we checked for the
-wrong value being `NULL`, potentially causing a segfault.
----
- ext/pgsql/pgsql.c | 6 +++---
- ext/pgsql/tests/bug81720.phpt | 27 +++++++++++++++++++++++++++
- 2 files changed, 30 insertions(+), 3 deletions(-)
- create mode 100644 ext/pgsql/tests/bug81720.phpt
-
-diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
-index f52ff884d83c..7dcd56cf1441 100644
---- a/ext/pgsql/pgsql.c
-+++ b/ext/pgsql/pgsql.c
-@@ -1994,7 +1994,7 @@ PHP_FUNCTION(pg_query_params)
- if (Z_TYPE(tmp_val) != IS_STRING) {
- php_error_docref(NULL, E_WARNING,"Error converting parameter");
- zval_ptr_dtor(&tmp_val);
-- _php_pgsql_free_params(params, num_params);
-+ _php_pgsql_free_params(params, i);
- RETURN_FALSE;
- }
- params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
-@@ -5175,8 +5175,8 @@ PHP_FUNCTION(pg_send_execute)
- params[i] = NULL;
- } else {
- zend_string *tmp_str = zval_try_get_string(tmp);
-- if (UNEXPECTED(!tmp)) {
-- _php_pgsql_free_params(params, num_params);
-+ if (UNEXPECTED(!tmp_str)) {
-+ _php_pgsql_free_params(params, i);
- return;
- }
- params[i] = estrndup(ZSTR_VAL(tmp_str), ZSTR_LEN(tmp_str));
-diff --git a/ext/pgsql/tests/bug81720.phpt b/ext/pgsql/tests/bug81720.phpt
-new file mode 100644
-index 000000000000..d79f1fcdd612
---- /dev/null
-+++ b/ext/pgsql/tests/bug81720.phpt
-@@ -0,0 +1,27 @@
-+--TEST--
-+Bug #81720 (Uninitialized array in pg_query_params() leading to RCE)
-+--SKIPIF--
-+<?php include("skipif.inc"); ?>
-+--FILE--
-+<?php
-+include('config.inc');
-+
-+$conn = pg_connect($conn_str);
-+
-+try {
-+ pg_query_params($conn, 'SELECT $1, $2', [1, new stdClass()]);
-+} catch (Throwable $ex) {
-+ echo $ex->getMessage(), PHP_EOL;
-+}
-+
-+try {
-+ pg_send_prepare($conn, "my_query", 'SELECT $1, $2');
-+ pg_get_result($conn);
-+ pg_send_execute($conn, "my_query", [1, new stdClass()]);
-+} catch (Throwable $ex) {
-+ echo $ex->getMessage(), PHP_EOL;
-+}
-+?>
-+--EXPECT--
-+Object of class stdClass could not be converted to string
-+Object of class stdClass could not be converted to string