import php-7.4.33-1.module+el8.8.0+17865+ef7eddfa
This commit is contained in:
parent
a398276316
commit
0abd2976c9
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/php-7.4.30.tar.xz
|
SOURCES/php-7.4.33.tar.xz
|
||||||
SOURCES/php-keyring.gpg
|
SOURCES/php-keyring.gpg
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
a8ee5fe68907e229fad2939714f99726dfd8198c SOURCES/php-7.4.30.tar.xz
|
4d3152b2339332b4eef2c12931931d4a1245fdab SOURCES/php-7.4.33.tar.xz
|
||||||
35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg
|
35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmKfDuIACgkQkQ3rRvU+
|
|
||||||
oxIC7w/9H/dRdiWbNSzsyVpOR103q9iETyQX9DnweJiEqd7Ij296g4t1NRiMzjKD
|
|
||||||
UNi+LjZF85OWbtLeDWr1icdwlJJ4/4512ujl4JX+IHexa9bQzF/IZhKJElCs2q7B
|
|
||||||
wH5A/zOZS1gKNPtoum1VwRikVcDYCgXdTG77k4Y/k6LWymCea1HuJaOqVULM4vpX
|
|
||||||
1dCdZHbSnrILgpDQPgvyUSvIxuLxeRBGD8iL0N4Wk9v6OMTdIFaAoYnUFX3m4Ovm
|
|
||||||
TqToTpBPrHsgEb6Adeh2k72I6uvcBzwSlGgq0ZGKmK9CljNPVAeKy4uWi2d37zXE
|
|
||||||
H0m4pOgp8mRppYYNbulTnW3oYuJUdlRTOSlSpcmEP1IKKQPKp+9tGfmW7CXnD2cf
|
|
||||||
ozqxwLnJ1TiCpmiK+PGm0W46bw/swAgm7XTRgeWCuGig2GRMpUMUmutJOyfxiKOT
|
|
||||||
1xsG9IrptgdOjRr9dJcEzD0nYBWa8r5CMe5d7NCcy44eB4qPaL5F8QDxzLeb2+EO
|
|
||||||
OjfNvNxQpB8USkyRLxmnCNgkUOgZ17On15NvnMv37VGXs3bI+0PeSdWCz+k6fnYv
|
|
||||||
oa1FX06lUCwjqMHYX48hvn1vh+mSsUFdbHqKfGSJwFIhAPke9HOfmfH0zB/n1N04
|
|
||||||
dOvvMruqotMhe6g9vChB8h5hashDPWlzYRap1VSUuBxqcoGNjfc=
|
|
||||||
=cOPw
|
|
||||||
-----END PGP SIGNATURE-----
|
|
16
SOURCES/php-7.4.33.tar.xz.asc
Normal file
16
SOURCES/php-7.4.33.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmNftBYACgkQkQ3rRvU+
|
||||||
|
oxKEJw/7B1ynCpmaLJD9H8YB6YkRdaQ7s4jX10wHrCL2mYFcrViPokJUPHymQ4cG
|
||||||
|
LYYLDxqhziH5a61ZE0QwBqDSthMuW6KHx4bod7DPXT2vb+wI4KGWWLLjRyb36QEU
|
||||||
|
JWEYll0ITIy5SKLjQvQWz9Ti6NKs8fPDrty43rQYTXgHi4dnpC4iS1oS5bPQlozK
|
||||||
|
d9yWoclOlsD1gQvJLfGmZkBhXMVc1ndDQAwQZexU0OGvy8qiSs3BNOwTrmwHlArr
|
||||||
|
UQwBeuvQvoy7NvpMhBazkpt4VwxGx9iJkOKOBupHkqgnQRic9oFH4q1BsAoz/H27
|
||||||
|
jy9A6Qkru7x/z9tzFxGvYRa9JYu3ci+C1kNFG3IjkHpzHM9HAS1/2sXrV2RLY8DO
|
||||||
|
PagxuSt5/6fYhPTmb4msl/UWGHZlewuFP2HucnIqnCw4/PW/33bqiZpoh/vXT9CH
|
||||||
|
1adgRptXeF5MHJH95m0OtRk1Mmw9vIRd0pU8GleJbW/ny5Ki4q+WxF3rb+QFRC4Z
|
||||||
|
Mhi2trcicCNhGy2iD3bPhfCObPd9NW7csQorJUf/I7QBFZXFpVExK88axuwOwM5u
|
||||||
|
pQA72mvFqRwhSSgMEL5U9RfLG1Is8zcnARs9BqoWtgP78sTPvqKzr2nJ3fzSfglS
|
||||||
|
EQ40VNrGF4wsruOZf/Stx1v2ysrDHnZ+45Og0BxaRyfVBp+Q/70=
|
||||||
|
=lvvn
|
||||||
|
-----END PGP SIGNATURE-----
|
52
SOURCES/php-CVE-2022-31631.patch
Normal file
52
SOURCES/php-CVE-2022-31631.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
From 7cb160efe19d3dfb8b92629805733ea186b55050 Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Christoph M. Becker" <cmbecker69@gmx.de>
|
||||||
|
Date: Mon, 31 Oct 2022 17:20:23 +0100
|
||||||
|
Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string
|
||||||
|
|
||||||
|
`sqlite3_snprintf()` expects its first parameter to be `int`; we need
|
||||||
|
to avoid overflow.
|
||||||
|
|
||||||
|
(cherry picked from commit 921b6813da3237a83e908998483f46ae3d8bacba)
|
||||||
|
---
|
||||||
|
ext/pdo_sqlite/sqlite_driver.c | 3 +++
|
||||||
|
ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++
|
||||||
|
2 files changed, 20 insertions(+)
|
||||||
|
create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt
|
||||||
|
|
||||||
|
diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
|
||||||
|
index 0595bd09fe..54f9d05e1e 100644
|
||||||
|
--- a/ext/pdo_sqlite/sqlite_driver.c
|
||||||
|
+++ b/ext/pdo_sqlite/sqlite_driver.c
|
||||||
|
@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t
|
||||||
|
/* NB: doesn't handle binary strings... use prepared stmts for that */
|
||||||
|
static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
|
||||||
|
{
|
||||||
|
+ if (unquotedlen > (INT_MAX - 3) / 2) {
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
*quoted = safe_emalloc(2, unquotedlen, 3);
|
||||||
|
sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted);
|
||||||
|
*quotedlen = strlen(*quoted);
|
||||||
|
diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..99fb07c304
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/ext/pdo_sqlite/tests/bug81740.phpt
|
||||||
|
@@ -0,0 +1,17 @@
|
||||||
|
+--TEST--
|
||||||
|
+Bug #81740 (PDO::quote() may return unquoted string)
|
||||||
|
+--SKIPIF--
|
||||||
|
+<?php
|
||||||
|
+if (!extension_loaded('pdo_sqlite')) print 'skip not loaded';
|
||||||
|
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
|
||||||
|
+?>
|
||||||
|
+--INI--
|
||||||
|
+memory_limit=-1
|
||||||
|
+--FILE--
|
||||||
|
+<?php
|
||||||
|
+$pdo = new PDO("sqlite::memory:");
|
||||||
|
+$string = str_repeat("a", 0x80000000);
|
||||||
|
+var_dump($pdo->quote($string));
|
||||||
|
+?>
|
||||||
|
+--EXPECT--
|
||||||
|
+bool(false)
|
@ -54,7 +54,7 @@
|
|||||||
%global with_tidy 0
|
%global with_tidy 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%global upver 7.4.30
|
%global upver 7.4.33
|
||||||
#global rcver RC1
|
#global rcver RC1
|
||||||
|
|
||||||
Summary: PHP scripting language for creating dynamic web sites
|
Summary: PHP scripting language for creating dynamic web sites
|
||||||
@ -108,6 +108,7 @@ Patch47: php-5.6.3-phpinfo.patch
|
|||||||
# Upstream fixes (100+)
|
# Upstream fixes (100+)
|
||||||
|
|
||||||
# Security fixes (200+)
|
# Security fixes (200+)
|
||||||
|
Patch200: php-CVE-2022-31631.patch
|
||||||
|
|
||||||
# Fixes for tests (300+)
|
# Fixes for tests (300+)
|
||||||
# Factory is droped from system tzdata
|
# Factory is droped from system tzdata
|
||||||
@ -717,6 +718,7 @@ in pure PHP.
|
|||||||
# upstream patches
|
# upstream patches
|
||||||
|
|
||||||
# security patches
|
# security patches
|
||||||
|
%patch200 -p1 -b .cve31631
|
||||||
|
|
||||||
# Fixes for tests
|
# Fixes for tests
|
||||||
%patch300 -p1 -b .datetests
|
%patch300 -p1 -b .datetests
|
||||||
@ -1506,6 +1508,11 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 13 2023 Remi Collet <rcollet@redhat.com> - 7.4.33-1
|
||||||
|
- rebase to 7.4.33
|
||||||
|
- fix: due to an integer overflow PDO::quote() may return unquoted string
|
||||||
|
CVE-2022-31631
|
||||||
|
|
||||||
* Thu Jul 7 2022 Remi Collet <rcollet@redhat.com> - 7.4.30-1
|
* Thu Jul 7 2022 Remi Collet <rcollet@redhat.com> - 7.4.30-1
|
||||||
- rebase to 7.4.30 #2099615
|
- rebase to 7.4.30 #2099615
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user