aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/php81/APKBUILD12
-rw-r--r--community/php81/CVE-2022-31625.patch23
-rw-r--r--community/php81/CVE-2022-31626.patch65
-rw-r--r--community/php81/fix-curl-7.83-test.patch25
4 files changed, 3 insertions, 122 deletions
diff --git a/community/php81/APKBUILD b/community/php81/APKBUILD
index da7dbe4cb0..db936932f0 100644
--- a/community/php81/APKBUILD
+++ b/community/php81/APKBUILD
@@ -25,8 +25,8 @@
pkgname=php81
_pkgreal=php
-pkgver=8.1.6
-pkgrel=2
+pkgver=8.1.7
+pkgrel=0
_apiver=20210902
_suffix=${pkgname#php}
# Is this package the default (latest) PHP version?
@@ -103,9 +103,6 @@ source="https://php.net/distributions/$_pkgreal-$pkgver.tar.xz
fix-tests-devserver.patch
xfail-openssl-1.1-test.patch
atomic-lsapi.patch
- fix-curl-7.83-test.patch
- CVE-2022-31625.patch
- CVE-2022-31626.patch
"
builddir="$srcdir/$_pkgreal-$pkgver"
@@ -624,7 +621,7 @@ _mv() {
}
sha512sums="
-df5ab8e90aced1cc904c6abd25f42b0c59a327fe4f7b518591c23820e711952f3b1e70b31a1c2e90282621891400b492fb099cbadafcd0ef7991ccc2962156de php-8.1.6.tar.xz
+1d72db220f3485310e02b67c41dd6434c26b7118f673ba7f425ff6b79cc96c86fc45bfe9c90b302d719eb9b7a5334f363a92ac309c367aacc93ab31a72a63c45 php-8.1.7.tar.xz
7dc9f55b12998355a6a6b5cf277285058e66928215f8d0109448d06fb696a74c674f83d18a81bf03f4f0bee06e77979e9a4ee5c81c7fdebff91447f8e697cc69 php81-fpm.initd
98bb27864f1ece80fef18cb286885c8c18de8f9d1076507b6a24df07e33aa400623b90401375e7ebe55d9ff802069d281642ec7d3a58ef8727121aabe7643241 php81-fpm.logrotate
2e3b22b4adbc81c6120757095c89e56642f3e8bf7724af2926f2667759ef082cdcff416334aad87f704a61fcb5b2c11830f17759ac771a3dd4e47d9bc5c7cf72 php81-module.conf
@@ -636,7 +633,4 @@ f43ab399c3b4a2b9a3a329acd32d9cbc690cad697dd0a0e87f3d654028b88af7dd1cd80cbf970c6f
1b64a7cef9e81387f955cb60ffa4e3d2277b4f6072e9328d779c0d447c202c8ee9dff0d8d8c34abc82c150311f51c4e9316a3b72a383ca6c9a6e683bc5b349a0 fix-tests-devserver.patch
d90e839cfae1cbb42c1dfb0fb73defa55154dbef69bc9a8206e561c2d0ceb43ca778e35dcfa3224570deabe7d59d35dac3f21d0c4bd82ac92cebd5477a30a89d xfail-openssl-1.1-test.patch
465b38c089d938a4a072b2eff3edaf928455bf873f5eeb65ff3bee9614f5f45c70f285abb50809c2e2d9d259395acae38bd649860ca3b8d65e43447082a51552 atomic-lsapi.patch
-be6a57063414bd255def54d5f6e42cbdc3baec55c8eaf9c8ca6e96d0cb3fec942ebb1868806850859d34c5c45d03a2abfec3fecd1aef04524da8eda01d9041ed fix-curl-7.83-test.patch
-3a6ee3914b1a4e73caf19b40052cb70d1cd5716ed8b22cd83d57a52c0e6568b8960d65dba43e76cde5a19e56f318dc18d08dafb816ccd95dbc80534916a8b29a CVE-2022-31625.patch
-e7b21f0dc7afdafe36d06818819e5f51e3b5031ba9261b9f578d8def9cd458ba6d2ce5c8f38833246082d4621766005984944e381e022f9c6d2bcb8e05459ae9 CVE-2022-31626.patch
"
diff --git a/community/php81/CVE-2022-31625.patch b/community/php81/CVE-2022-31625.patch
deleted file mode 100644
index 7f89dcb355..0000000000
--- a/community/php81/CVE-2022-31625.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <smalyshev@gmail.com>
-Date: Mon, 6 Jun 2022 00:56:51 -0600
-Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
-
----
- ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
-index 87b2e7c31331..e4a298adaea4 100644
---- a/ext/mysqlnd/mysqlnd_wireprotocol.c
-+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
-@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
- MYSQLND_VIO * vio = conn->vio;
- MYSQLND_STATS * stats = conn->stats;
- MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
-- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
-+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
-+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
- zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
-
- DBG_ENTER("php_mysqlnd_change_auth_response_write");
diff --git a/community/php81/CVE-2022-31626.patch b/community/php81/CVE-2022-31626.patch
deleted file mode 100644
index 7c8770bd2b..0000000000
--- a/community/php81/CVE-2022-31626.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 55f6895f4b4c677272fd4ee1113acdbd99c4b5ab Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Tue, 17 May 2022 12:59:23 +0200
-Subject: [PATCH] Fix #81720: Uninitialized array in pg_query_params() leading
- to RCE
-
-We must not free parameters which we haven't initialized yet.
-
-We also fix the not directly related issue, that we checked for the
-wrong value being `NULL`, potentially causing a segfault.
----
- ext/pgsql/pgsql.c | 6 +++---
- ext/pgsql/tests/bug81720.phpt | 27 +++++++++++++++++++++++++++
- 2 files changed, 30 insertions(+), 3 deletions(-)
- create mode 100644 ext/pgsql/tests/bug81720.phpt
-
-diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
-index f52ff884d83c..7dcd56cf1441 100644
---- a/ext/pgsql/pgsql.c
-+++ b/ext/pgsql/pgsql.c
- params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
-@@ -3920,8 +3920,8 @@ PHP_FUNCTION(pg_send_execute)
- params[i] = NULL;
- } else {
- zend_string *tmp_str = zval_try_get_string(tmp);
-- if (UNEXPECTED(!tmp)) {
-- _php_pgsql_free_params(params, num_params);
-+ if (UNEXPECTED(!tmp_str)) {
-+ _php_pgsql_free_params(params, i);
- return;
- }
- params[i] = estrndup(ZSTR_VAL(tmp_str), ZSTR_LEN(tmp_str));
-diff --git a/ext/pgsql/tests/bug81720.phpt b/ext/pgsql/tests/bug81720.phpt
-new file mode 100644
-index 000000000000..d79f1fcdd612
---- /dev/null
-+++ b/ext/pgsql/tests/bug81720.phpt
-@@ -0,0 +1,27 @@
-+--TEST--
-+Bug #81720 (Uninitialized array in pg_query_params() leading to RCE)
-+--SKIPIF--
-+<?php include("skipif.inc"); ?>
-+--FILE--
-+<?php
-+include('config.inc');
-+
-+$conn = pg_connect($conn_str);
-+
-+try {
-+ pg_query_params($conn, 'SELECT $1, $2', [1, new stdClass()]);
-+} catch (Throwable $ex) {
-+ echo $ex->getMessage(), PHP_EOL;
-+}
-+
-+try {
-+ pg_send_prepare($conn, "my_query", 'SELECT $1, $2');
-+ pg_get_result($conn);
-+ pg_send_execute($conn, "my_query", [1, new stdClass()]);
-+} catch (Throwable $ex) {
-+ echo $ex->getMessage(), PHP_EOL;
-+}
-+?>
-+--EXPECT--
-+Object of class stdClass could not be converted to string
-+Object of class stdClass could not be converted to string
diff --git a/community/php81/fix-curl-7.83-test.patch b/community/php81/fix-curl-7.83-test.patch
deleted file mode 100644
index b087acfb28..0000000000
--- a/community/php81/fix-curl-7.83-test.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From a4179e4c92b6365d39e09cb9cd63c476848013af Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 27 Apr 2022 12:37:39 +0200
-Subject: [PATCH] Fix test for curl 7.83.0
-Patch-Source: https://github.com/php/php-src/commit/a4179e4c92b6365d39e09cb9cd63c476848013af
-
-libcurl 7.83.0 removed some trailing exclamation marks from error
-messages[1]; we have to cater to that.
-
-[1] <https://github.com/curl/curl/commit/6968fb9d54dc3a1aaa1b16088f038eaf5dd8b2d7>
----
- ext/curl/tests/curl_basic_007.phpt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/curl/tests/curl_basic_007.phpt b/ext/curl/tests/curl_basic_007.phpt
-index 3b53658d6a7e..3834e4674f82 100644
---- a/ext/curl/tests/curl_basic_007.phpt
-+++ b/ext/curl/tests/curl_basic_007.phpt
-@@ -20,5 +20,5 @@ curl_close($ch);
-
- ?>
- --EXPECTF--
--string(%d) "No URL set!%w"
-+string(%d) "No URL set%A"
- int(3)