aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/php8/APKBUILD12
-rw-r--r--community/php8/CVE-2022-31625.patch23
-rw-r--r--community/php8/CVE-2022-31626.patch65
-rw-r--r--community/php8/fix-curl-7.83-test.patch25
4 files changed, 3 insertions, 122 deletions
diff --git a/community/php8/APKBUILD b/community/php8/APKBUILD
index 83d0adaf85..5d11c1683d 100644
--- a/community/php8/APKBUILD
+++ b/community/php8/APKBUILD
@@ -25,8 +25,8 @@
pkgname=php8
_pkgreal=php
-pkgver=8.0.19
-pkgrel=2
+pkgver=8.0.20
+pkgrel=0
_apiver=20200930
_suffix=${pkgname#php}
# Is this package the default (latest) PHP version?
@@ -102,9 +102,6 @@ source="https://php.net/distributions/$_pkgreal-$pkgver.tar.xz
fix-tests-devserver.patch
xfail-openssl-1.1-test.patch
atomic-lsapi.patch
- fix-curl-7.83-test.patch
- CVE-2022-31625.patch
- CVE-2022-31626.patch
"
builddir="$srcdir/$_pkgreal-$pkgver"
@@ -625,7 +622,7 @@ _mv() {
}
sha512sums="
-106aa7c9f4804b8ce3518d7e6da4dc8f2a4df2f0b5d7369776737e0b13d4cd6be375694b78271fd1d007d4e0892009dc2a7214c1652462ebf128b74f845787e8 php-8.0.19.tar.xz
+24153733111bb5104298679fb5ee02d8abad4e6b2a8e0a07c2a6076e1c9104309abe56bcb7b5fe17670c266e5e9981c520ed0ac12b699ae0050953ff99ef04fa php-8.0.20.tar.xz
8a9a63cddfd9bdde23db85a7be0711e14688bab35b580abd0184d370c54de80b72cbdeb369570cd23927154984f024eaad5d222d53d9e19130fb2e8758dd4540 php8-fpm.initd
cd3a96d3febde3b6657ed80ff58945641443e84e5e0fd3d9df29e640e9549bc452a3412f1999fa02ae1ee2b64c08040998fa75805f67e0252741c376e26e1c3c php8-fpm.logrotate
95f536addfbb28fbca8b14da46d95a3595369d6e98d345f55f0fda1b12bdefd1579a27505424e7d1088a987d330798253cec9bd42b544bb567189cba746217c7 php8-module.conf
@@ -637,7 +634,4 @@ f634ac591576dff87487d239578420364edb56e977535c4a5ab799d360a799179edf1e7e6a4e6b6e
1b64a7cef9e81387f955cb60ffa4e3d2277b4f6072e9328d779c0d447c202c8ee9dff0d8d8c34abc82c150311f51c4e9316a3b72a383ca6c9a6e683bc5b349a0 fix-tests-devserver.patch
996b9a542858b0385a300265194afc57eddb72b9d7e4dcdf63b4f1ba7d3588e67309030acc73f00af1717168becd50b1d3582fcb88605e9892fd683a33cae023 xfail-openssl-1.1-test.patch
465b38c089d938a4a072b2eff3edaf928455bf873f5eeb65ff3bee9614f5f45c70f285abb50809c2e2d9d259395acae38bd649860ca3b8d65e43447082a51552 atomic-lsapi.patch
-be6a57063414bd255def54d5f6e42cbdc3baec55c8eaf9c8ca6e96d0cb3fec942ebb1868806850859d34c5c45d03a2abfec3fecd1aef04524da8eda01d9041ed fix-curl-7.83-test.patch
-3a6ee3914b1a4e73caf19b40052cb70d1cd5716ed8b22cd83d57a52c0e6568b8960d65dba43e76cde5a19e56f318dc18d08dafb816ccd95dbc80534916a8b29a CVE-2022-31625.patch
-e7b21f0dc7afdafe36d06818819e5f51e3b5031ba9261b9f578d8def9cd458ba6d2ce5c8f38833246082d4621766005984944e381e022f9c6d2bcb8e05459ae9 CVE-2022-31626.patch
"
diff --git a/community/php8/CVE-2022-31625.patch b/community/php8/CVE-2022-31625.patch
deleted file mode 100644
index 7f89dcb355..0000000000
--- a/community/php8/CVE-2022-31625.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <smalyshev@gmail.com>
-Date: Mon, 6 Jun 2022 00:56:51 -0600
-Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
-
----
- ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
-index 87b2e7c31331..e4a298adaea4 100644
---- a/ext/mysqlnd/mysqlnd_wireprotocol.c
-+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
-@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
- MYSQLND_VIO * vio = conn->vio;
- MYSQLND_STATS * stats = conn->stats;
- MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
-- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
-+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
-+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
- zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
-
- DBG_ENTER("php_mysqlnd_change_auth_response_write");
diff --git a/community/php8/CVE-2022-31626.patch b/community/php8/CVE-2022-31626.patch
deleted file mode 100644
index 7c8770bd2b..0000000000
--- a/community/php8/CVE-2022-31626.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 55f6895f4b4c677272fd4ee1113acdbd99c4b5ab Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Tue, 17 May 2022 12:59:23 +0200
-Subject: [PATCH] Fix #81720: Uninitialized array in pg_query_params() leading
- to RCE
-
-We must not free parameters which we haven't initialized yet.
-
-We also fix the not directly related issue, that we checked for the
-wrong value being `NULL`, potentially causing a segfault.
----
- ext/pgsql/pgsql.c | 6 +++---
- ext/pgsql/tests/bug81720.phpt | 27 +++++++++++++++++++++++++++
- 2 files changed, 30 insertions(+), 3 deletions(-)
- create mode 100644 ext/pgsql/tests/bug81720.phpt
-
-diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
-index f52ff884d83c..7dcd56cf1441 100644
---- a/ext/pgsql/pgsql.c
-+++ b/ext/pgsql/pgsql.c
- params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
-@@ -3920,8 +3920,8 @@ PHP_FUNCTION(pg_send_execute)
- params[i] = NULL;
- } else {
- zend_string *tmp_str = zval_try_get_string(tmp);
-- if (UNEXPECTED(!tmp)) {
-- _php_pgsql_free_params(params, num_params);
-+ if (UNEXPECTED(!tmp_str)) {
-+ _php_pgsql_free_params(params, i);
- return;
- }
- params[i] = estrndup(ZSTR_VAL(tmp_str), ZSTR_LEN(tmp_str));
-diff --git a/ext/pgsql/tests/bug81720.phpt b/ext/pgsql/tests/bug81720.phpt
-new file mode 100644
-index 000000000000..d79f1fcdd612
---- /dev/null
-+++ b/ext/pgsql/tests/bug81720.phpt
-@@ -0,0 +1,27 @@
-+--TEST--
-+Bug #81720 (Uninitialized array in pg_query_params() leading to RCE)
-+--SKIPIF--
-+<?php include("skipif.inc"); ?>
-+--FILE--
-+<?php
-+include('config.inc');
-+
-+$conn = pg_connect($conn_str);
-+
-+try {
-+ pg_query_params($conn, 'SELECT $1, $2', [1, new stdClass()]);
-+} catch (Throwable $ex) {
-+ echo $ex->getMessage(), PHP_EOL;
-+}
-+
-+try {
-+ pg_send_prepare($conn, "my_query", 'SELECT $1, $2');
-+ pg_get_result($conn);
-+ pg_send_execute($conn, "my_query", [1, new stdClass()]);
-+} catch (Throwable $ex) {
-+ echo $ex->getMessage(), PHP_EOL;
-+}
-+?>
-+--EXPECT--
-+Object of class stdClass could not be converted to string
-+Object of class stdClass could not be converted to string
diff --git a/community/php8/fix-curl-7.83-test.patch b/community/php8/fix-curl-7.83-test.patch
deleted file mode 100644
index b087acfb28..0000000000
--- a/community/php8/fix-curl-7.83-test.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From a4179e4c92b6365d39e09cb9cd63c476848013af Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 27 Apr 2022 12:37:39 +0200
-Subject: [PATCH] Fix test for curl 7.83.0
-Patch-Source: https://github.com/php/php-src/commit/a4179e4c92b6365d39e09cb9cd63c476848013af
-
-libcurl 7.83.0 removed some trailing exclamation marks from error
-messages[1]; we have to cater to that.
-
-[1] <https://github.com/curl/curl/commit/6968fb9d54dc3a1aaa1b16088f038eaf5dd8b2d7>
----
- ext/curl/tests/curl_basic_007.phpt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/curl/tests/curl_basic_007.phpt b/ext/curl/tests/curl_basic_007.phpt
-index 3b53658d6a7e..3834e4674f82 100644
---- a/ext/curl/tests/curl_basic_007.phpt
-+++ b/ext/curl/tests/curl_basic_007.phpt
-@@ -20,5 +20,5 @@ curl_close($ch);
-
- ?>
- --EXPECTF--
--string(%d) "No URL set!%w"
-+string(%d) "No URL set%A"
- int(3)