From 71e7fac9d9377802e60e9bbacab80f3b4aac0103 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Mar 2023 12:27:53 +0000 Subject: [PATCH] import php-7.4.33-1.module+el8.8.0+17865+ef7eddfa --- .gitignore | 2 +- .php.metadata | 2 +- SOURCES/php-7.4.30.tar.xz.asc | 16 ---------- SOURCES/php-7.4.33.tar.xz.asc | 16 ++++++++++ SOURCES/php-CVE-2022-31631.patch | 52 ++++++++++++++++++++++++++++++++ SPECS/php.spec | 9 +++++- 6 files changed, 78 insertions(+), 19 deletions(-) delete mode 100644 SOURCES/php-7.4.30.tar.xz.asc create mode 100644 SOURCES/php-7.4.33.tar.xz.asc create mode 100644 SOURCES/php-CVE-2022-31631.patch diff --git a/.gitignore b/.gitignore index 09f8b9e..6c6681b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/php-7.4.30.tar.xz +SOURCES/php-7.4.33.tar.xz SOURCES/php-keyring.gpg diff --git a/.php.metadata b/.php.metadata index cc2c317..eee580f 100644 --- a/.php.metadata +++ b/.php.metadata @@ -1,2 +1,2 @@ -a8ee5fe68907e229fad2939714f99726dfd8198c SOURCES/php-7.4.30.tar.xz +4d3152b2339332b4eef2c12931931d4a1245fdab SOURCES/php-7.4.33.tar.xz 35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg diff --git a/SOURCES/php-7.4.30.tar.xz.asc b/SOURCES/php-7.4.30.tar.xz.asc deleted file mode 100644 index c1bb5ba..0000000 --- a/SOURCES/php-7.4.30.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmKfDuIACgkQkQ3rRvU+ -oxIC7w/9H/dRdiWbNSzsyVpOR103q9iETyQX9DnweJiEqd7Ij296g4t1NRiMzjKD -UNi+LjZF85OWbtLeDWr1icdwlJJ4/4512ujl4JX+IHexa9bQzF/IZhKJElCs2q7B -wH5A/zOZS1gKNPtoum1VwRikVcDYCgXdTG77k4Y/k6LWymCea1HuJaOqVULM4vpX -1dCdZHbSnrILgpDQPgvyUSvIxuLxeRBGD8iL0N4Wk9v6OMTdIFaAoYnUFX3m4Ovm -TqToTpBPrHsgEb6Adeh2k72I6uvcBzwSlGgq0ZGKmK9CljNPVAeKy4uWi2d37zXE -H0m4pOgp8mRppYYNbulTnW3oYuJUdlRTOSlSpcmEP1IKKQPKp+9tGfmW7CXnD2cf -ozqxwLnJ1TiCpmiK+PGm0W46bw/swAgm7XTRgeWCuGig2GRMpUMUmutJOyfxiKOT -1xsG9IrptgdOjRr9dJcEzD0nYBWa8r5CMe5d7NCcy44eB4qPaL5F8QDxzLeb2+EO -OjfNvNxQpB8USkyRLxmnCNgkUOgZ17On15NvnMv37VGXs3bI+0PeSdWCz+k6fnYv -oa1FX06lUCwjqMHYX48hvn1vh+mSsUFdbHqKfGSJwFIhAPke9HOfmfH0zB/n1N04 -dOvvMruqotMhe6g9vChB8h5hashDPWlzYRap1VSUuBxqcoGNjfc= -=cOPw ------END PGP SIGNATURE----- diff --git a/SOURCES/php-7.4.33.tar.xz.asc b/SOURCES/php-7.4.33.tar.xz.asc new file mode 100644 index 0000000..c485220 --- /dev/null +++ b/SOURCES/php-7.4.33.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmNftBYACgkQkQ3rRvU+ +oxKEJw/7B1ynCpmaLJD9H8YB6YkRdaQ7s4jX10wHrCL2mYFcrViPokJUPHymQ4cG +LYYLDxqhziH5a61ZE0QwBqDSthMuW6KHx4bod7DPXT2vb+wI4KGWWLLjRyb36QEU +JWEYll0ITIy5SKLjQvQWz9Ti6NKs8fPDrty43rQYTXgHi4dnpC4iS1oS5bPQlozK +d9yWoclOlsD1gQvJLfGmZkBhXMVc1ndDQAwQZexU0OGvy8qiSs3BNOwTrmwHlArr +UQwBeuvQvoy7NvpMhBazkpt4VwxGx9iJkOKOBupHkqgnQRic9oFH4q1BsAoz/H27 +jy9A6Qkru7x/z9tzFxGvYRa9JYu3ci+C1kNFG3IjkHpzHM9HAS1/2sXrV2RLY8DO +PagxuSt5/6fYhPTmb4msl/UWGHZlewuFP2HucnIqnCw4/PW/33bqiZpoh/vXT9CH +1adgRptXeF5MHJH95m0OtRk1Mmw9vIRd0pU8GleJbW/ny5Ki4q+WxF3rb+QFRC4Z +Mhi2trcicCNhGy2iD3bPhfCObPd9NW7csQorJUf/I7QBFZXFpVExK88axuwOwM5u +pQA72mvFqRwhSSgMEL5U9RfLG1Is8zcnARs9BqoWtgP78sTPvqKzr2nJ3fzSfglS +EQ40VNrGF4wsruOZf/Stx1v2ysrDHnZ+45Og0BxaRyfVBp+Q/70= +=lvvn +-----END PGP SIGNATURE----- diff --git a/SOURCES/php-CVE-2022-31631.patch b/SOURCES/php-CVE-2022-31631.patch new file mode 100644 index 0000000..3627c23 --- /dev/null +++ b/SOURCES/php-CVE-2022-31631.patch @@ -0,0 +1,52 @@ +From 7cb160efe19d3dfb8b92629805733ea186b55050 Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" +Date: Mon, 31 Oct 2022 17:20:23 +0100 +Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string + +`sqlite3_snprintf()` expects its first parameter to be `int`; we need +to avoid overflow. + +(cherry picked from commit 921b6813da3237a83e908998483f46ae3d8bacba) +--- + ext/pdo_sqlite/sqlite_driver.c | 3 +++ + ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++ + 2 files changed, 20 insertions(+) + create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt + +diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c +index 0595bd09fe..54f9d05e1e 100644 +--- a/ext/pdo_sqlite/sqlite_driver.c ++++ b/ext/pdo_sqlite/sqlite_driver.c +@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t + /* NB: doesn't handle binary strings... use prepared stmts for that */ + static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) + { ++ if (unquotedlen > (INT_MAX - 3) / 2) { ++ return 0; ++ } + *quoted = safe_emalloc(2, unquotedlen, 3); + sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted); + *quotedlen = strlen(*quoted); +diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt +new file mode 100644 +index 0000000000..99fb07c304 +--- /dev/null ++++ b/ext/pdo_sqlite/tests/bug81740.phpt +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #81740 (PDO::quote() may return unquoted string) ++--SKIPIF-- ++ ++--INI-- ++memory_limit=-1 ++--FILE-- ++quote($string)); ++?> ++--EXPECT-- ++bool(false) diff --git a/SPECS/php.spec b/SPECS/php.spec index f316479..7ad0584 100644 --- a/SPECS/php.spec +++ b/SPECS/php.spec @@ -54,7 +54,7 @@ %global with_tidy 0 %endif -%global upver 7.4.30 +%global upver 7.4.33 #global rcver RC1 Summary: PHP scripting language for creating dynamic web sites @@ -108,6 +108,7 @@ Patch47: php-5.6.3-phpinfo.patch # Upstream fixes (100+) # Security fixes (200+) +Patch200: php-CVE-2022-31631.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -717,6 +718,7 @@ in pure PHP. # upstream patches # security patches +%patch200 -p1 -b .cve31631 # Fixes for tests %patch300 -p1 -b .datetests @@ -1506,6 +1508,11 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog +* Fri Jan 13 2023 Remi Collet - 7.4.33-1 +- rebase to 7.4.33 +- fix: due to an integer overflow PDO::quote() may return unquoted string + CVE-2022-31631 + * Thu Jul 7 2022 Remi Collet - 7.4.30-1 - rebase to 7.4.30 #2099615