import php-7.4.33-1.module+el8.8.0+17865+ef7eddfa

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/php-7.4.30.tar.xz
+SOURCES/php-7.4.33.tar.xz
 SOURCES/php-keyring.gpg

.php.metadata

@@ -1,2 +1,2 @@
-a8ee5fe68907e229fad2939714f99726dfd8198c SOURCES/php-7.4.30.tar.xz
+4d3152b2339332b4eef2c12931931d4a1245fdab SOURCES/php-7.4.33.tar.xz
 35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg

SOURCES/php-7.4.30.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmKfDuIACgkQkQ3rRvU+
-oxIC7w/9H/dRdiWbNSzsyVpOR103q9iETyQX9DnweJiEqd7Ij296g4t1NRiMzjKD
-UNi+LjZF85OWbtLeDWr1icdwlJJ4/4512ujl4JX+IHexa9bQzF/IZhKJElCs2q7B
-wH5A/zOZS1gKNPtoum1VwRikVcDYCgXdTG77k4Y/k6LWymCea1HuJaOqVULM4vpX
-1dCdZHbSnrILgpDQPgvyUSvIxuLxeRBGD8iL0N4Wk9v6OMTdIFaAoYnUFX3m4Ovm
-TqToTpBPrHsgEb6Adeh2k72I6uvcBzwSlGgq0ZGKmK9CljNPVAeKy4uWi2d37zXE
-H0m4pOgp8mRppYYNbulTnW3oYuJUdlRTOSlSpcmEP1IKKQPKp+9tGfmW7CXnD2cf
-ozqxwLnJ1TiCpmiK+PGm0W46bw/swAgm7XTRgeWCuGig2GRMpUMUmutJOyfxiKOT
-1xsG9IrptgdOjRr9dJcEzD0nYBWa8r5CMe5d7NCcy44eB4qPaL5F8QDxzLeb2+EO
-OjfNvNxQpB8USkyRLxmnCNgkUOgZ17On15NvnMv37VGXs3bI+0PeSdWCz+k6fnYv
-oa1FX06lUCwjqMHYX48hvn1vh+mSsUFdbHqKfGSJwFIhAPke9HOfmfH0zB/n1N04
-dOvvMruqotMhe6g9vChB8h5hashDPWlzYRap1VSUuBxqcoGNjfc=
-=cOPw
------END PGP SIGNATURE-----

SOURCES/php-7.4.33.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmNftBYACgkQkQ3rRvU+
+oxKEJw/7B1ynCpmaLJD9H8YB6YkRdaQ7s4jX10wHrCL2mYFcrViPokJUPHymQ4cG
+LYYLDxqhziH5a61ZE0QwBqDSthMuW6KHx4bod7DPXT2vb+wI4KGWWLLjRyb36QEU
+JWEYll0ITIy5SKLjQvQWz9Ti6NKs8fPDrty43rQYTXgHi4dnpC4iS1oS5bPQlozK
+d9yWoclOlsD1gQvJLfGmZkBhXMVc1ndDQAwQZexU0OGvy8qiSs3BNOwTrmwHlArr
+UQwBeuvQvoy7NvpMhBazkpt4VwxGx9iJkOKOBupHkqgnQRic9oFH4q1BsAoz/H27
+jy9A6Qkru7x/z9tzFxGvYRa9JYu3ci+C1kNFG3IjkHpzHM9HAS1/2sXrV2RLY8DO
+PagxuSt5/6fYhPTmb4msl/UWGHZlewuFP2HucnIqnCw4/PW/33bqiZpoh/vXT9CH
+1adgRptXeF5MHJH95m0OtRk1Mmw9vIRd0pU8GleJbW/ny5Ki4q+WxF3rb+QFRC4Z
+Mhi2trcicCNhGy2iD3bPhfCObPd9NW7csQorJUf/I7QBFZXFpVExK88axuwOwM5u
+pQA72mvFqRwhSSgMEL5U9RfLG1Is8zcnARs9BqoWtgP78sTPvqKzr2nJ3fzSfglS
+EQ40VNrGF4wsruOZf/Stx1v2ysrDHnZ+45Og0BxaRyfVBp+Q/70=
+=lvvn
+-----END PGP SIGNATURE-----

SOURCES/php-CVE-2022-31631.patch

@@ -0,0 +1,52 @@
+From 7cb160efe19d3dfb8b92629805733ea186b55050 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Mon, 31 Oct 2022 17:20:23 +0100
+Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string
+
+`sqlite3_snprintf()` expects its first parameter to be `int`; we need
+to avoid overflow.
+
+(cherry picked from commit 921b6813da3237a83e908998483f46ae3d8bacba)
+---
+ ext/pdo_sqlite/sqlite_driver.c     |  3 +++
+ ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++
+ 2 files changed, 20 insertions(+)
+ create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt
+
+diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
+index 0595bd09fe..54f9d05e1e 100644
+--- a/ext/pdo_sqlite/sqlite_driver.c
++++ b/ext/pdo_sqlite/sqlite_driver.c
+@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t
+ /* NB: doesn't handle binary strings... use prepared stmts for that */
+ static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
+ {
++	if (unquotedlen > (INT_MAX - 3) / 2) {
++		return 0;
++	}
+ 	*quoted = safe_emalloc(2, unquotedlen, 3);
+ 	sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted);
+ 	*quotedlen = strlen(*quoted);
+diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt
+new file mode 100644
+index 0000000000..99fb07c304
+--- /dev/null
++++ b/ext/pdo_sqlite/tests/bug81740.phpt
+@@ -0,0 +1,17 @@
++--TEST--
++Bug #81740 (PDO::quote() may return unquoted string)
++--SKIPIF--
++<?php
++if (!extension_loaded('pdo_sqlite')) print 'skip not loaded';
++if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
++?>
++--INI--
++memory_limit=-1
++--FILE--
++<?php
++$pdo = new PDO("sqlite::memory:");
++$string = str_repeat("a", 0x80000000);
++var_dump($pdo->quote($string));
++?>
++--EXPECT--
++bool(false)

SPECS/php.spec

@@ -54,7 +54,7 @@
 %global with_tidy     0
 %endif
 
-%global upver        7.4.30
+%global upver        7.4.33
 #global rcver        RC1
 
 Summary: PHP scripting language for creating dynamic web sites
@@ -108,6 +108,7 @@ Patch47: php-5.6.3-phpinfo.patch
 # Upstream fixes (100+)
 
 # Security fixes (200+)
+Patch200: php-CVE-2022-31631.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -717,6 +718,7 @@ in pure PHP.
 # upstream patches
 
 # security patches
+%patch200 -p1 -b .cve31631
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
@@ -1506,6 +1508,11 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Fri Jan 13 2023 Remi Collet <rcollet@redhat.com> - 7.4.33-1
+- rebase to 7.4.33
+- fix: due to an integer overflow PDO::quote() may return unquoted string
+  CVE-2022-31631
+
 * Thu Jul  7 2022 Remi Collet <rcollet@redhat.com> - 7.4.30-1
 - rebase to 7.4.30 #2099615