summaryrefslogtreecommitdiffstats
path: root/source/n
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2023-02-15 03:05:40 +0000
committer Eric Hameleers <alien@slackware.com>2023-02-15 06:50:13 +0100
commit88d937fb4e8fcda2688596b4c6dc5b24d275eb8d (patch)
treeb67ee802224a725920c55c03054f15f35e5b4466 /source/n
parent52ac228489887839cc3e509c21dc80b138bb98ed (diff)
downloadcurrent-88d937fb4e8fcda2688596b4c6dc5b24d275eb8d.tar.gz
current-88d937fb4e8fcda2688596b4c6dc5b24d275eb8d.tar.xz
Wed Feb 15 03:05:40 UTC 202320230215030540
a/kernel-firmware-20230214_a253a37-noarch-1.txz: Upgraded. a/kernel-generic-6.1.12-x86_64-1.txz: Upgraded. a/kernel-huge-6.1.12-x86_64-1.txz: Upgraded. a/kernel-modules-6.1.12-x86_64-1.txz: Upgraded. d/kernel-headers-6.1.12-x86-1.txz: Upgraded. d/rust-1.66.1-x86_64-1.txz: Upgraded. k/kernel-source-6.1.12-noarch-1.txz: Upgraded. kde/bluedevil-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-grub-5.27.0-x86_64-1.txz: Upgraded. kde/breeze-gtk-5.27.0-x86_64-1.txz: Upgraded. kde/drkonqi-5.27.0-x86_64-1.txz: Upgraded. kde/kactivitymanagerd-5.27.0-x86_64-1.txz: Upgraded. kde/kde-cli-tools-5.27.0-x86_64-1.txz: Upgraded. kde/kde-gtk-config-5.27.0-x86_64-1.txz: Upgraded. kde/kdecoration-5.27.0-x86_64-1.txz: Upgraded. kde/kdeplasma-addons-5.27.0-x86_64-1.txz: Upgraded. kde/kgamma5-5.27.0-x86_64-1.txz: Upgraded. kde/khotkeys-5.27.0-x86_64-1.txz: Upgraded. kde/kinfocenter-5.27.0-x86_64-1.txz: Upgraded. kde/kmenuedit-5.27.0-x86_64-1.txz: Upgraded. kde/kpipewire-5.27.0-x86_64-1.txz: Upgraded. kde/kscreen-5.27.0-x86_64-1.txz: Upgraded. kde/kscreenlocker-5.27.0-x86_64-1.txz: Upgraded. kde/ksshaskpass-5.27.0-x86_64-1.txz: Upgraded. kde/ksystemstats-5.27.0-x86_64-1.txz: Upgraded. kde/kwallet-pam-5.27.0-x86_64-1.txz: Upgraded. kde/kwayland-integration-5.27.0-x86_64-1.txz: Upgraded. kde/kwin-5.27.0-x86_64-1.txz: Upgraded. kde/kwrited-5.27.0-x86_64-1.txz: Upgraded. kde/layer-shell-qt-5.27.0-x86_64-1.txz: Upgraded. kde/libkscreen-5.27.0-x86_64-1.txz: Upgraded. kde/libksysguard-5.27.0-x86_64-1.txz: Upgraded. kde/milou-5.27.0-x86_64-1.txz: Upgraded. kde/oxygen-5.27.0-x86_64-1.txz: Upgraded. kde/oxygen-sounds-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-browser-integration-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-desktop-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-disks-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-firewall-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-integration-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-nm-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-pa-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-sdk-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-systemmonitor-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-vault-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-workspace-5.27.0-x86_64-1.txz: Upgraded. kde/plasma-workspace-wallpapers-5.27.0-x86_64-1.txz: Upgraded. kde/polkit-kde-agent-1-5.27.0-x86_64-1.txz: Upgraded. kde/powerdevil-5.27.0-x86_64-1.txz: Upgraded. kde/qqc2-breeze-style-5.27.0-x86_64-1.txz: Upgraded. kde/sddm-kcm-5.27.0-x86_64-1.txz: Upgraded. kde/systemsettings-5.27.0-x86_64-1.txz: Upgraded. kde/xdg-desktop-portal-kde-5.27.0-x86_64-1.txz: Upgraded. l/mozjs102-102.8.0esr-x86_64-1.txz: Upgraded. n/php-7.4.33-x86_64-3.txz: Rebuilt. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) xap/mozilla-firefox-110.0-x86_64-1.txz: Upgraded. This update contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/110.0/releasenotes/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ https://www.cve.org/CVERecord?id=CVE-2023-25728 https://www.cve.org/CVERecord?id=CVE-2023-25730 https://www.cve.org/CVERecord?id=CVE-2023-25743 https://www.cve.org/CVERecord?id=CVE-2023-0767 https://www.cve.org/CVERecord?id=CVE-2023-25735 https://www.cve.org/CVERecord?id=CVE-2023-25737 https://www.cve.org/CVERecord?id=CVE-2023-25738 https://www.cve.org/CVERecord?id=CVE-2023-25739 https://www.cve.org/CVERecord?id=CVE-2023-25729 https://www.cve.org/CVERecord?id=CVE-2023-25732 https://www.cve.org/CVERecord?id=CVE-2023-25734 https://www.cve.org/CVERecord?id=CVE-2023-25740 https://www.cve.org/CVERecord?id=CVE-2023-25731 https://www.cve.org/CVERecord?id=CVE-2023-25733 https://www.cve.org/CVERecord?id=CVE-2023-25736 https://www.cve.org/CVERecord?id=CVE-2023-25741 https://www.cve.org/CVERecord?id=CVE-2023-25742 https://www.cve.org/CVERecord?id=CVE-2023-25744 https://www.cve.org/CVERecord?id=CVE-2023-25745 (* Security fix *) extra/php80/php80-8.0.28-x86_64-1.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) extra/php81/php81-8.1.16-x86_64-1.txz: Upgraded. This update fixes security issues: Core: Password_verify() always return true with some hash. Core: 1-byte array overrun in common path resolve code. SAPI: DOS vulnerability when parsing multipart request body. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0662 (* Security fix *) isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/rust-1.67.1-x86_64-1.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/n')
-rw-r--r--source/n/php/CVE-2023-0567.patch142
-rw-r--r--source/n/php/CVE-2023-0568.patch62
-rw-r--r--source/n/php/CVE-2023-0662.patch411
-rwxr-xr-xsource/n/php/php.SlackBuild5
4 files changed, 619 insertions, 1 deletions
diff --git a/source/n/php/CVE-2023-0567.patch b/source/n/php/CVE-2023-0567.patch
new file mode 100644
index 000000000..78defd92b
--- /dev/null
+++ b/source/n/php/CVE-2023-0567.patch
@@ -0,0 +1,142 @@
+From 7882d12ff2d8d8c5a4af821464e0a5ac2cde2002 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
+Date: Mon, 23 Jan 2023 21:15:24 +0100
+Subject: [PATCH] crypt: Fix validation of malformed BCrypt hashes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+PHP’s implementation of crypt_blowfish differs from the upstream Openwall
+version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt
+by including a `$` character within the characters that represent the salt.
+
+Hashes that are affected by the “PHP Hack” may erroneously validate any
+password as valid when used with `password_verify` and when comparing the
+return value of `crypt()` against the input.
+
+The PHP Hack exists since the first version of PHP’s own crypt_blowfish
+implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5.
+
+No clear reason is given for the PHP Hack’s existence. This commit removes it,
+because BCrypt hashes containing a `$` character in their salt are not valid
+BCrypt hashes.
+---
+ ext/standard/crypt_blowfish.c | 8 --
+ .../tests/crypt/bcrypt_salt_dollar.phpt | 82 +++++++++++++++++++
+ 2 files changed, 82 insertions(+), 8 deletions(-)
+ create mode 100644 ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
+
+diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c
+index 3806a290aee4..351d40308089 100644
+--- a/ext/standard/crypt_blowfish.c
++++ b/ext/standard/crypt_blowfish.c
+@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = {
+ #define BF_safe_atoi64(dst, src) \
+ { \
+ tmp = (unsigned char)(src); \
+- if (tmp == '$') break; /* PHP hack */ \
+ if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
+ tmp = BF_atoi64[tmp]; \
+ if (tmp > 63) return -1; \
+@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size)
+ *dptr++ = ((c3 & 0x03) << 6) | c4;
+ } while (dptr < end);
+
+- if (end - dptr == size) {
+- return -1;
+- }
+-
+- while (dptr < end) /* PHP hack */
+- *dptr++ = 0;
+-
+ return 0;
+ }
+
+diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
+new file mode 100644
+index 000000000000..32e335f4b087
+--- /dev/null
++++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt
+@@ -0,0 +1,82 @@
++--TEST--
++bcrypt correctly rejects salts containing $
++--FILE--
++<?php
++for ($i = 0; $i < 23; $i++) {
++ $salt = '$2y$04$' . str_repeat('0', $i) . '$';
++ $result = crypt("foo", $salt);
++ var_dump($salt);
++ var_dump($result);
++ var_dump($result === $salt);
++}
++?>
++--EXPECT--
++string(8) "$2y$04$$"
++string(2) "*0"
++bool(false)
++string(9) "$2y$04$0$"
++string(2) "*0"
++bool(false)
++string(10) "$2y$04$00$"
++string(2) "*0"
++bool(false)
++string(11) "$2y$04$000$"
++string(2) "*0"
++bool(false)
++string(12) "$2y$04$0000$"
++string(2) "*0"
++bool(false)
++string(13) "$2y$04$00000$"
++string(2) "*0"
++bool(false)
++string(14) "$2y$04$000000$"
++string(2) "*0"
++bool(false)
++string(15) "$2y$04$0000000$"
++string(2) "*0"
++bool(false)
++string(16) "$2y$04$00000000$"
++string(2) "*0"
++bool(false)
++string(17) "$2y$04$000000000$"
++string(2) "*0"
++bool(false)
++string(18) "$2y$04$0000000000$"
++string(2) "*0"
++bool(false)
++string(19) "$2y$04$00000000000$"
++string(2) "*0"
++bool(false)
++string(20) "$2y$04$000000000000$"
++string(2) "*0"
++bool(false)
++string(21) "$2y$04$0000000000000$"
++string(2) "*0"
++bool(false)
++string(22) "$2y$04$00000000000000$"
++string(2) "*0"
++bool(false)
++string(23) "$2y$04$000000000000000$"
++string(2) "*0"
++bool(false)
++string(24) "$2y$04$0000000000000000$"
++string(2) "*0"
++bool(false)
++string(25) "$2y$04$00000000000000000$"
++string(2) "*0"
++bool(false)
++string(26) "$2y$04$000000000000000000$"
++string(2) "*0"
++bool(false)
++string(27) "$2y$04$0000000000000000000$"
++string(2) "*0"
++bool(false)
++string(28) "$2y$04$00000000000000000000$"
++string(2) "*0"
++bool(false)
++string(29) "$2y$04$000000000000000000000$"
++string(2) "*0"
++bool(false)
++string(30) "$2y$04$0000000000000000000000$"
++string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K"
++bool(false)
diff --git a/source/n/php/CVE-2023-0568.patch b/source/n/php/CVE-2023-0568.patch
new file mode 100644
index 000000000..3b8440926
--- /dev/null
+++ b/source/n/php/CVE-2023-0568.patch
@@ -0,0 +1,62 @@
+From c0fceebfa195b8e56a7108cb731b5ea7afbef70c Mon Sep 17 00:00:00 2001
+From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
+Date: Fri, 27 Jan 2023 19:28:27 +0100
+Subject: [PATCH] Fix array overrun when appending slash to paths
+
+Fix it by extending the array sizes by one character. As the input is
+limited to the maximum path length, there will always be place to append
+the slash. As the php_check_specific_open_basedir() simply uses the
+strings to compare against each other, no new failures related to too
+long paths are introduced.
+We'll let the DOM and XML case handle a potentially too long path in the
+library code.
+---
+ ext/dom/document.c | 2 +-
+ ext/xmlreader/php_xmlreader.c | 2 +-
+ main/fopen_wrappers.c | 6 +++---
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/ext/dom/document.c b/ext/dom/document.c
+index 4dee5548f188..c60198a3be11 100644
+--- a/ext/dom/document.c
++++ b/ext/dom/document.c
+@@ -1182,7 +1182,7 @@ static xmlDocPtr dom_document_parser(zval *id, int mode, char *source, size_t so
+ int validate, recover, resolve_externals, keep_blanks, substitute_ent;
+ int resolved_path_len;
+ int old_error_reporting = 0;
+- char *directory=NULL, resolved_path[MAXPATHLEN];
++ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
+
+ if (id != NULL) {
+ intern = Z_DOMOBJ_P(id);
+diff --git a/ext/xmlreader/php_xmlreader.c b/ext/xmlreader/php_xmlreader.c
+index c17884d960cb..39141c8c1223 100644
+--- a/ext/xmlreader/php_xmlreader.c
++++ b/ext/xmlreader/php_xmlreader.c
+@@ -1017,7 +1017,7 @@ PHP_METHOD(XMLReader, XML)
+ xmlreader_object *intern = NULL;
+ char *source, *uri = NULL, *encoding = NULL;
+ int resolved_path_len, ret = 0;
+- char *directory=NULL, resolved_path[MAXPATHLEN];
++ char *directory=NULL, resolved_path[MAXPATHLEN + 1];
+ xmlParserInputBufferPtr inputbfr;
+ xmlTextReaderPtr reader;
+
+diff --git a/main/fopen_wrappers.c b/main/fopen_wrappers.c
+index f6ce26e104be..12cc9c8b10c0 100644
+--- a/main/fopen_wrappers.c
++++ b/main/fopen_wrappers.c
+@@ -129,10 +129,10 @@ PHPAPI ZEND_INI_MH(OnUpdateBaseDir)
+ */
+ PHPAPI int php_check_specific_open_basedir(const char *basedir, const char *path)
+ {
+- char resolved_name[MAXPATHLEN];
+- char resolved_basedir[MAXPATHLEN];
++ char resolved_name[MAXPATHLEN + 1];
++ char resolved_basedir[MAXPATHLEN + 1];
+ char local_open_basedir[MAXPATHLEN];
+- char path_tmp[MAXPATHLEN];
++ char path_tmp[MAXPATHLEN + 1];
+ char *path_file;
+ size_t resolved_basedir_len;
+ size_t resolved_name_len;
diff --git a/source/n/php/CVE-2023-0662.patch b/source/n/php/CVE-2023-0662.patch
new file mode 100644
index 000000000..e9cada2c9
--- /dev/null
+++ b/source/n/php/CVE-2023-0662.patch
@@ -0,0 +1,411 @@
+From 716de0cff539f46294ef70fe75d548cd66766370 Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Thu, 19 Jan 2023 14:31:25 +0000
+Subject: [PATCH] Introduce max_multipart_body_parts INI
+
+This fixes GHSA-54hq-v5wp-fqgv DOS vulnerabality by limitting number of
+parsed multipart body parts as currently all parts were always parsed.
+---
+ main/main.c | 1 +
+ main/rfc1867.c | 11 ++
+ ...-54hq-v5wp-fqgv-max-body-parts-custom.phpt | 53 +++++++++
+ ...54hq-v5wp-fqgv-max-body-parts-default.phpt | 54 +++++++++
+ .../ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt | 52 +++++++++
+ sapi/fpm/tests/tester.inc | 106 +++++++++++++++---
+ 6 files changed, 262 insertions(+), 15 deletions(-)
+ create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt
+ create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt
+ create mode 100644 sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt
+
+diff --git a/main/main.c b/main/main.c
+index 40684f32dc14..c58ea58bf5ac 100644
+--- a/main/main.c
++++ b/main/main.c
+@@ -751,6 +751,7 @@ PHP_INI_BEGIN()
+ PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)
+ PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL)
+ PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL)
++ PHP_INI_ENTRY("max_multipart_body_parts", "-1", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL)
+
+ STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals)
+ STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals)
+diff --git a/main/rfc1867.c b/main/rfc1867.c
+index b43cfae5a1e2..3086e8da3dbe 100644
+--- a/main/rfc1867.c
++++ b/main/rfc1867.c
+@@ -687,6 +687,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
+ void *event_extra_data = NULL;
+ unsigned int llen = 0;
+ int upload_cnt = INI_INT("max_file_uploads");
++ int body_parts_cnt = INI_INT("max_multipart_body_parts");
+ const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding();
+ php_rfc1867_getword_t getword;
+ php_rfc1867_getword_conf_t getword_conf;
+@@ -708,6 +709,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
+ return;
+ }
+
++ if (body_parts_cnt < 0) {
++ body_parts_cnt = PG(max_input_vars) + upload_cnt;
++ }
++ int body_parts_limit = body_parts_cnt;
++
+ /* Get the boundary */
+ boundary = strstr(content_type_dup, "boundary");
+ if (!boundary) {
+@@ -792,6 +798,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
+ char *pair = NULL;
+ int end = 0;
+
++ if (--body_parts_cnt < 0) {
++ php_error_docref(NULL, E_WARNING, "Multipart body parts limit exceeded %d. To increase the limit change max_multipart_body_parts in php.ini.", body_parts_limit);
++ goto fileupload_done;
++ }
++
+ while (isspace(*cd)) {
+ ++cd;
+ }
+#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt
+#new file mode 100644
+#index 000000000000..d2239ac3c410
+#--- /dev/null
+#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-custom.phpt
+#@@ -0,0 +1,53 @@
+#+--TEST--
+#+FPM: GHSA-54hq-v5wp-fqgv - max_multipart_body_parts ini custom value
+#+--SKIPIF--
+#+<?php include "skipif.inc"; ?>
+#+--FILE--
+#+<?php
+#+
+#+require_once "tester.inc";
+#+
+#+$cfg = <<<EOT
+#+[global]
+#+error_log = {{FILE:LOG}}
+#+[unconfined]
+#+listen = {{ADDR}}
+#+pm = dynamic
+#+pm.max_children = 5
+#+pm.start_servers = 1
+#+pm.min_spare_servers = 1
+#+pm.max_spare_servers = 3
+#+php_admin_value[html_errors] = false
+#+php_admin_value[max_input_vars] = 20
+#+php_admin_value[max_file_uploads] = 5
+#+php_admin_value[max_multipart_body_parts] = 10
+#+php_flag[display_errors] = On
+#+EOT;
+#+
+#+$code = <<<EOT
+#+<?php
+#+var_dump(count(\$_POST));
+#+EOT;
+#+
+#+$tester = new FPM\Tester($cfg, $code);
+#+$tester->start();
+#+$tester->expectLogStartNotices();
+#+echo $tester
+#+ ->request(stdin: [
+#+ 'parts' => [
+#+ 'count' => 30,
+#+ ]
+#+ ])
+#+ ->getBody();
+#+$tester->terminate();
+#+$tester->close();
+#+
+#+?>
+#+--EXPECT--
+#+Warning: Unknown: Multipart body parts limit exceeded 10. To increase the limit change max_multipart_body_parts in php.ini. in Unknown on line 0
+#+int(10)
+#+--CLEAN--
+#+<?php
+#+require_once "tester.inc";
+#+FPM\Tester::clean();
+#+?>
+#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt
+#new file mode 100644
+#index 000000000000..42b5afbf9ee7
+#--- /dev/null
+#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-body-parts-default.phpt
+#@@ -0,0 +1,54 @@
+#+--TEST--
+#+FPM: GHSA-54hq-v5wp-fqgv - max_multipart_body_parts ini default
+#+--SKIPIF--
+#+<?php include "skipif.inc"; ?>
+#+--FILE--
+#+<?php
+#+
+#+require_once "tester.inc";
+#+
+#+$cfg = <<<EOT
+#+[global]
+#+error_log = {{FILE:LOG}}
+#+[unconfined]
+#+listen = {{ADDR}}
+#+pm = dynamic
+#+pm.max_children = 5
+#+pm.start_servers = 1
+#+pm.min_spare_servers = 1
+#+pm.max_spare_servers = 3
+#+php_admin_value[html_errors] = false
+#+php_admin_value[max_input_vars] = 20
+#+php_admin_value[max_file_uploads] = 5
+#+php_flag[display_errors] = On
+#+EOT;
+#+
+#+$code = <<<EOT
+#+<?php
+#+var_dump(count(\$_POST));
+#+EOT;
+#+
+#+$tester = new FPM\Tester($cfg, $code);
+#+$tester->start();
+#+$tester->expectLogStartNotices();
+#+echo $tester
+#+ ->request(stdin: [
+#+ 'parts' => [
+#+ 'count' => 30,
+#+ ]
+#+ ])
+#+ ->getBody();
+#+$tester->terminate();
+#+$tester->close();
+#+
+#+?>
+#+--EXPECT--
+#+Warning: Unknown: Input variables exceeded 20. To increase the limit change max_input_vars in php.ini. in Unknown on line 0
+#+
+#+Warning: Unknown: Multipart body parts limit exceeded 25. To increase the limit change max_multipart_body_parts in php.ini. in Unknown on line 0
+#+int(20)
+#+--CLEAN--
+#+<?php
+#+require_once "tester.inc";
+#+FPM\Tester::clean();
+#+?>
+#diff --git a/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt
+#new file mode 100644
+#index 000000000000..da81174c7280
+#--- /dev/null
+#+++ b/sapi/fpm/tests/ghsa-54hq-v5wp-fqgv-max-file-uploads.phpt
+#@@ -0,0 +1,52 @@
+#+--TEST--
+#+FPM: GHSA-54hq-v5wp-fqgv - exceeding max_file_uploads
+#+--SKIPIF--
+#+<?php include "skipif.inc"; ?>
+#+--FILE--
+#+<?php
+#+
+#+require_once "tester.inc";
+#+
+#+$cfg = <<<EOT
+#+[global]
+#+error_log = {{FILE:LOG}}
+#+[unconfined]
+#+listen = {{ADDR}}
+#+pm = dynamic
+#+pm.max_children = 5
+#+pm.start_servers = 1
+#+pm.min_spare_servers = 1
+#+pm.max_spare_servers = 3
+#+php_admin_value[html_errors] = false
+#+php_admin_value[max_file_uploads] = 5
+#+php_flag[display_errors] = On
+#+EOT;
+#+
+#+$code = <<<EOT
+#+<?php
+#+var_dump(count(\$_FILES));
+#+EOT;
+#+
+#+$tester = new FPM\Tester($cfg, $code);
+#+$tester->start();
+#+$tester->expectLogStartNotices();
+#+echo $tester
+#+ ->request(stdin: [
+#+ 'parts' => [
+#+ 'count' => 10,
+#+ 'param' => 'filename'
+#+ ]
+#+ ])
+#+ ->getBody();
+#+$tester->terminate();
+#+$tester->close();
+#+
+#+?>
+#+--EXPECT--
+#+Warning: Maximum number of allowable file uploads has been exceeded in Unknown on line 0
+#+int(5)
+#+--CLEAN--
+#+<?php
+#+require_once "tester.inc";
+#+FPM\Tester::clean();
+#+?>
+##diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc
+##index 6197cdba53f5..e51aa0f69143 100644
+##--- a/sapi/fpm/tests/tester.inc
+##+++ b/sapi/fpm/tests/tester.inc
+#@@ -567,13 +567,17 @@ class Tester
+# * @param string $query
+# * @param array $headers
+# * @param string|null $uri
+#+ * @param string|null $scriptFilename
+#+ * @param string|null $stdin
+# *
+# * @return array
+# */
+# private function getRequestParams(
+# string $query = '',
+# array $headers = [],
+#- string $uri = null
+#+ string $uri = null,
+#+ string $scriptFilename = null,
+#+ ?string $stdin = null
+# ): array {
+# if (is_null($uri)) {
+# $uri = $this->makeSourceFile();
+3@@ -582,8 +586,8 @@ class Tester
+# $params = array_merge(
+# [
+# 'GATEWAY_INTERFACE' => 'FastCGI/1.0',
+#- 'REQUEST_METHOD' => 'GET',
+#- 'SCRIPT_FILENAME' => $uri,
+#+ 'REQUEST_METHOD' => is_null($stdin) ? 'GET' : 'POST',
+#+ 'SCRIPT_FILENAME' => $scriptFilename ?: $uri,
+# 'SCRIPT_NAME' => $uri,
+# 'QUERY_STRING' => $query,
+# 'REQUEST_URI' => $uri . ($query ? '?' . $query : ""),
+#@@ -597,7 +601,7 @@ class Tester
+# 'SERVER_PROTOCOL' => 'HTTP/1.1',
+# 'DOCUMENT_ROOT' => __DIR__,
+# 'CONTENT_TYPE' => '',
+#- 'CONTENT_LENGTH' => 0
+#+ 'CONTENT_LENGTH' => strlen($stdin ?? "") // Default to 0
+# ],
+# $headers
+# );
+#@@ -607,20 +611,86 @@ class Tester
+# });
+# }
+#
+#+ /**
+#+ * Parse stdin and generate data for multipart config.
+#+ *
+#+ * @param array $stdin
+#+ * @param array $headers
+#+ *
+#+ * @return void
+#+ * @throws \Exception
+#+ */
+#+ private function parseStdin(array $stdin, array &$headers)
+#+ {
+#+ $parts = $stdin['parts'] ?? null;
+#+ if (empty($parts)) {
+#+ throw new \Exception('The stdin array needs to contain parts');
+#+ }
+#+ $boundary = $stdin['boundary'] ?? 'AaB03x';
+#+ if ( ! isset($headers['CONTENT_TYPE'])) {
+#+ $headers['CONTENT_TYPE'] = 'multipart/form-data; boundary=' . $boundary;
+#+ }
+#+ $count = $parts['count'] ?? null;
+#+ if ( ! is_null($count)) {
+#+ $dispositionType = $parts['disposition'] ?? 'form-data';
+#+ $dispositionParam = $parts['param'] ?? 'name';
+#+ $namePrefix = $parts['prefix'] ?? 'f';
+#+ $nameSuffix = $parts['suffix'] ?? '';
+#+ $value = $parts['value'] ?? 'test';
+#+ $parts = [];
+#+ for ($i = 0; $i < $count; $i++) {
+#+ $parts[] = [
+#+ 'disposition' => $dispositionType,
+#+ 'param' => $dispositionParam,
+#+ 'name' => "$namePrefix$i$nameSuffix",
+#+ 'value' => $value
+#+ ];
+#+ }
+#+ }
+#+ $out = '';
+#+ $nl = "\r\n";
+#+ foreach ($parts as $part) {
+#+ if (!is_array($part)) {
+#+ $part = ['name' => $part];
+#+ } elseif ( ! isset($part['name'])) {
+#+ throw new \Exception('Each part has to have a name');
+#+ }
+#+ $name = $part['name'];
+#+ $dispositionType = $part['disposition'] ?? 'form-data';
+#+ $dispositionParam = $part['param'] ?? 'name';
+#+ $value = $part['value'] ?? 'test';
+#+ $partHeaders = $part['headers'] ?? [];
+#+
+#+ $out .= "--$boundary$nl";
+#+ $out .= "Content-disposition: $dispositionType; $dispositionParam=\"$name\"$nl";
+#+ foreach ($partHeaders as $headerName => $headerValue) {
+#+ $out .= "$headerName: $headerValue$nl";
+#+ }
+#+ $out .= $nl;
+#+ $out .= "$value$nl";
+#+ }
+#+ $out .= "--$boundary--$nl";
+#+
+#+ return $out;
+#+ }
+#+
+# /**
+# * Execute request.
+# *
+#- * @param string $query
+#- * @param array $headers
+#- * @param string|null $uri
+#- * @param string|null $address
+#- * @param string|null $successMessage
+#- * @param string|null $errorMessage
+#- * @param bool $connKeepAlive
+#- * @param bool $expectError
+#- * @param int $readLimit
+#+ * @param string $query
+#+ * @param array $headers
+#+ * @param string|null $uri
+#+ * @param string|null $address
+#+ * @param string|null $successMessage
+#+ * @param string|null $errorMessage
+#+ * @param bool $connKeepAlive
+#+ * @param string|null $scriptFilename = null
+#+ * @param string|array|null $stdin = null
+#+ * @param bool $expectError
+#+ * @param int $readLimit
+# *
+# * @return Response
+#+ * @throws \Exception
+# */
+# public function request(
+# string $query = '',
+#@@ -630,6 +700,8 @@ class Tester
+# string $successMessage = null,
+# string $errorMessage = null,
+# bool $connKeepAlive = false,
+#+ string $scriptFilename = null,
+#+ string|array $stdin = null,
+# bool $expectError = false,
+# int $readLimit = -1,
+# ): Response {
+#@@ -637,12 +709,16 @@ class Tester
+# return new Response(null, true);
+# }
+#
+#- $params = $this->getRequestParams($query, $headers, $uri);
+#+ if (is_array($stdin)) {
+#+ $stdin = $this->parseStdin($stdin, $headers);
+#+ }
+#+
+#+ $params = $this->getRequestParams($query, $headers, $uri, $scriptFilename, $stdin);
+# $this->trace('Request params', $params);
+#
+# try {
+# $this->response = new Response(
+#- $this->getClient($address, $connKeepAlive)->request_data($params, false, $readLimit)
+#+ $this->getClient($address, $connKeepAlive)->request_data($params, $stdin, $readLimit)
+# );
+# if ($expectError) {
+# $this->error('Expected request error but the request was successful');
diff --git a/source/n/php/php.SlackBuild b/source/n/php/php.SlackBuild
index 7109f9586..c54694b16 100755
--- a/source/n/php/php.SlackBuild
+++ b/source/n/php/php.SlackBuild
@@ -28,7 +28,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=php
VERSION=${VERSION:-$(echo php-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
ALPINE=2.26
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then
@@ -128,6 +128,9 @@ tar xvf $CWD/php-$VERSION.tar.xz || exit 1
cd php-$VERSION || exit 1
zcat $CWD/CVE-2022-31631.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/CVE-2023-0567.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/CVE-2023-0568.patch.gz | patch -p1 --verbose || exit 1
+zcat $CWD/CVE-2023-0662.patch.gz | patch -p1 --verbose || exit 1
# cleanup:
find . -name "*.orig" -delete