import php-8.0.13-2.el9_0
This commit is contained in:
parent
2ac4efb06f
commit
6ef0bfa81a
23
SOURCES/php-CVE-2022-31626.patch
Normal file
23
SOURCES/php-CVE-2022-31626.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stanislav Malyshev <smalyshev@gmail.com>
|
||||||
|
Date: Mon, 6 Jun 2022 00:56:51 -0600
|
||||||
|
Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
|
||||||
|
|
||||||
|
---
|
||||||
|
ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
|
||||||
|
index 87b2e7c31331..e4a298adaea4 100644
|
||||||
|
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
|
||||||
|
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
|
||||||
|
@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
|
||||||
|
MYSQLND_VIO * vio = conn->vio;
|
||||||
|
MYSQLND_STATS * stats = conn->stats;
|
||||||
|
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
|
||||||
|
- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
|
||||||
|
+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
|
||||||
|
+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
|
||||||
|
zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
|
||||||
|
|
||||||
|
DBG_ENTER("php_mysqlnd_change_auth_response_write");
|
@ -62,7 +62,7 @@
|
|||||||
Summary: PHP scripting language for creating dynamic web sites
|
Summary: PHP scripting language for creating dynamic web sites
|
||||||
Name: php
|
Name: php
|
||||||
Version: %{upver}%{?rcver:~%{rcver}}
|
Version: %{upver}%{?rcver:~%{rcver}}
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
# All files licensed under PHP version 3.01, except
|
# All files licensed under PHP version 3.01, except
|
||||||
# Zend is licensed under Zend
|
# Zend is licensed under Zend
|
||||||
# TSRM is licensed under BSD
|
# TSRM is licensed under BSD
|
||||||
@ -125,6 +125,7 @@ Patch51: php-8.0.13-crypt.patch
|
|||||||
# Upstream fixes (100+)
|
# Upstream fixes (100+)
|
||||||
|
|
||||||
# Security fixes (200+)
|
# Security fixes (200+)
|
||||||
|
Patch200: php-CVE-2022-31626.patch
|
||||||
|
|
||||||
# Fixes for tests (300+)
|
# Fixes for tests (300+)
|
||||||
# Factory is droped from system tzdata
|
# Factory is droped from system tzdata
|
||||||
@ -726,6 +727,7 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
|
|||||||
# upstream patches
|
# upstream patches
|
||||||
|
|
||||||
# security patches
|
# security patches
|
||||||
|
%patch200 -p1 -b .cve31626
|
||||||
|
|
||||||
# Fixes for tests
|
# Fixes for tests
|
||||||
%patch300 -p1 -b .datetests
|
%patch300 -p1 -b .datetests
|
||||||
@ -1536,6 +1538,10 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 22 2022 Remi Collet <rcollet@redhat.com> - 8.0.13-2
|
||||||
|
- fix password of excessive length triggers buffer overflow leading to RCE
|
||||||
|
CVE-2022-31626
|
||||||
|
|
||||||
* Wed Dec 15 2021 Remi Collet <rcollet@redhat.com> - 8.0.13-1
|
* Wed Dec 15 2021 Remi Collet <rcollet@redhat.com> - 8.0.13-1
|
||||||
- rebase to 8.0.13 #2032429
|
- rebase to 8.0.13 #2032429
|
||||||
- refresh configuration files from upstream
|
- refresh configuration files from upstream
|
||||||
|
Loading…
Reference in New Issue
Block a user