diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-01-07 01:50:00 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-01-07 03:33:34 +0100 |
commit | 34e6259d47376c3e767368d52f9aa20eafa49951 (patch) | |
tree | bc6b66ee8a2bdb7f90d44178f020f9d1b6180a95 /source/n/php | |
parent | b646b608f565430ef403ed0561b83845f48ae8f8 (diff) | |
download | current-34e6259d47376c3e767368d52f9aa20eafa49951.tar.gz current-34e6259d47376c3e767368d52f9aa20eafa49951.tar.xz |
Sat Jan 7 01:50:00 UTC 202320230107015000
a/btrfs-progs-6.1.2-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.87-x86_64-1.txz: Upgraded.
Fixed memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures.
For more information, see:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/
https://www.cve.org/CVERecord?id=CVE-2021-43527
(* Security fix *)
l/nodejs-19.4.0-x86_64-1.txz: Upgraded.
n/php-7.4.33-x86_64-2.txz: Rebuilt.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
extra/php80/php80-8.0.27-x86_64-1.txz: Upgraded.
This update fixes a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
extra/php81/php81-8.1.14-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
PDO::quote() may return unquoted string.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-31631
(* Security fix *)
Diffstat (limited to 'source/n/php')
-rw-r--r-- | source/n/php/CVE-2022-31631.patch | 50 | ||||
-rwxr-xr-x | source/n/php/php.SlackBuild | 6 |
2 files changed, 54 insertions, 2 deletions
diff --git a/source/n/php/CVE-2022-31631.patch b/source/n/php/CVE-2022-31631.patch new file mode 100644 index 000000000..6aa309549 --- /dev/null +++ b/source/n/php/CVE-2022-31631.patch @@ -0,0 +1,50 @@ +From 921b6813da3237a83e908998483f46ae3d8bacba Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" <cmbecker69@gmx.de> +Date: Mon, 31 Oct 2022 17:20:23 +0100 +Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string + +`sqlite3_snprintf()` expects its first parameter to be `int`; we need +to avoid overflow. +--- + ext/pdo_sqlite/sqlite_driver.c | 3 +++ + ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++ + 2 files changed, 20 insertions(+) + create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt + +diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c +index 4233ff10ff2e..5a72a1eda23f 100644 +--- a/ext/pdo_sqlite/sqlite_driver.c ++++ b/ext/pdo_sqlite/sqlite_driver.c +@@ -232,6 +232,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t + /* NB: doesn't handle binary strings... use prepared stmts for that */ + static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) + { ++ if (unquotedlen > (INT_MAX - 3) / 2) { ++ return 0; ++ } + *quoted = safe_emalloc(2, unquotedlen, 3); + sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted); + *quotedlen = strlen(*quoted); +diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt +new file mode 100644 +index 000000000000..99fb07c3048b +--- /dev/null ++++ b/ext/pdo_sqlite/tests/bug81740.phpt +@@ -0,0 +1,17 @@ ++--TEST-- ++Bug #81740 (PDO::quote() may return unquoted string) ++--SKIPIF-- ++<?php ++if (!extension_loaded('pdo_sqlite')) print 'skip not loaded'; ++if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); ++?> ++--INI-- ++memory_limit=-1 ++--FILE-- ++<?php ++$pdo = new PDO("sqlite::memory:"); ++$string = str_repeat("a", 0x80000000); ++var_dump($pdo->quote($string)); ++?> ++--EXPECT-- ++bool(false) diff --git a/source/n/php/php.SlackBuild b/source/n/php/php.SlackBuild index c0bd2413b..7109f9586 100755 --- a/source/n/php/php.SlackBuild +++ b/source/n/php/php.SlackBuild @@ -3,7 +3,7 @@ # Build and package mod_php on Slackware. # by: David Cantrell <david@slackware.com> # Modified for PHP 4-5 by volkerdi@slackware.com -# Copyright 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2017, 2019, 2020, 2021 Patrick Volkerding, Sebeka, MN, USA +# Copyright 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2015, 2017, 2019, 2020, 2021, 2023 Patrick Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=php VERSION=${VERSION:-$(echo php-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} ALPINE=2.26 -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -127,6 +127,8 @@ rm -rf php-$VERSION tar xvf $CWD/php-$VERSION.tar.xz || exit 1 cd php-$VERSION || exit 1 +zcat $CWD/CVE-2022-31631.patch.gz | patch -p1 --verbose || exit 1 + # cleanup: find . -name "*.orig" -delete |