diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-09-15 10:49:51 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-09-15 10:49:51 +0100 |
commit | ea3e1bbf643d1d8892f4df05e4f05c1b2a2125d8 (patch) | |
tree | 60dac1902fc2665fd22fc2e4e4a60186cc7e361b /dev-lang/php/files | |
parent | efca79f216bfeffd55e7731fbf24126d093e1084 (diff) |
gentoo auto-resync : 15:09:2023 - 10:49:51
Diffstat (limited to 'dev-lang/php/files')
-rw-r--r-- | dev-lang/php/files/bug81656-gcc-11.patch | 53 | ||||
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch | 50 | ||||
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch | 114 | ||||
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch | 37 | ||||
-rw-r--r-- | dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch | 48 |
5 files changed, 0 insertions, 302 deletions
diff --git a/dev-lang/php/files/bug81656-gcc-11.patch b/dev-lang/php/files/bug81656-gcc-11.patch deleted file mode 100644 index 8dfe1deb2b33..000000000000 --- a/dev-lang/php/files/bug81656-gcc-11.patch +++ /dev/null @@ -1,53 +0,0 @@ -From bb00a649e0c1ac57718cd9971e7e6f933cb2dadd Mon Sep 17 00:00:00 2001 -From: Michael Wallner <mike@php.net> -Date: Thu, 25 Nov 2021 07:43:14 +0100 -Subject: [PATCH] fix #81656: GCC-11 silently ignores -R - ---- - build/php.m4 | 28 ++++++++++++++-------------- - 1 file changed, 14 insertions(+), 14 deletions(-) - -diff --git a/build/php.m4 b/build/php.m4 -index 3af2b8b72d47..4697c5df9274 100644 ---- a/build/php.m4 -+++ b/build/php.m4 -@@ -279,25 +279,25 @@ dnl - dnl Checks for -R, etc. switch. - dnl - AC_DEFUN([PHP_RUNPATH_SWITCH],[ --AC_MSG_CHECKING([if compiler supports -R]) --AC_CACHE_VAL(php_cv_cc_dashr,[ -+AC_MSG_CHECKING([if compiler supports -Wl,-rpath,]) -+AC_CACHE_VAL(php_cv_cc_rpath,[ - SAVE_LIBS=$LIBS -- LIBS="-R /usr/$PHP_LIBDIR $LIBS" -- AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],[php_cv_cc_dashr=yes],[php_cv_cc_dashr=no]) -+ LIBS="-Wl,-rpath,/usr/$PHP_LIBDIR $LIBS" -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],[php_cv_cc_rpath=yes],[php_cv_cc_rpath=no]) - LIBS=$SAVE_LIBS]) --AC_MSG_RESULT([$php_cv_cc_dashr]) --if test $php_cv_cc_dashr = "yes"; then -- ld_runpath_switch=-R -+AC_MSG_RESULT([$php_cv_cc_rpath]) -+if test $php_cv_cc_rpath = "yes"; then -+ ld_runpath_switch=-Wl,-rpath, - else -- AC_MSG_CHECKING([if compiler supports -Wl,-rpath,]) -- AC_CACHE_VAL(php_cv_cc_rpath,[ -+ AC_MSG_CHECKING([if compiler supports -R]) -+ AC_CACHE_VAL(php_cv_cc_dashr,[ - SAVE_LIBS=$LIBS -- LIBS="-Wl,-rpath,/usr/$PHP_LIBDIR $LIBS" -- AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],[php_cv_cc_rpath=yes],[php_cv_cc_rpath=no]) -+ LIBS="-R /usr/$PHP_LIBDIR $LIBS" -+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],[php_cv_cc_dashr=yes],[php_cv_cc_dashr=no]) - LIBS=$SAVE_LIBS]) -- AC_MSG_RESULT([$php_cv_cc_rpath]) -- if test $php_cv_cc_rpath = "yes"; then -- ld_runpath_switch=-Wl,-rpath, -+ AC_MSG_RESULT([$php_cv_cc_dashr]) -+ if test $php_cv_cc_dashr = "yes"; then -+ ld_runpath_switch=-R - else - dnl Something innocuous. - ld_runpath_switch=-L diff --git a/dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch b/dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch deleted file mode 100644 index 6aa309549c88..000000000000 --- a/dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 921b6813da3237a83e908998483f46ae3d8bacba Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" <cmbecker69@gmx.de> -Date: Mon, 31 Oct 2022 17:20:23 +0100 -Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string - -`sqlite3_snprintf()` expects its first parameter to be `int`; we need -to avoid overflow. ---- - ext/pdo_sqlite/sqlite_driver.c | 3 +++ - ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++ - 2 files changed, 20 insertions(+) - create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt - -diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c -index 4233ff10ff2e..5a72a1eda23f 100644 ---- a/ext/pdo_sqlite/sqlite_driver.c -+++ b/ext/pdo_sqlite/sqlite_driver.c -@@ -232,6 +232,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t - /* NB: doesn't handle binary strings... use prepared stmts for that */ - static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype ) - { -+ if (unquotedlen > (INT_MAX - 3) / 2) { -+ return 0; -+ } - *quoted = safe_emalloc(2, unquotedlen, 3); - sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted); - *quotedlen = strlen(*quoted); -diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt -new file mode 100644 -index 000000000000..99fb07c3048b ---- /dev/null -+++ b/ext/pdo_sqlite/tests/bug81740.phpt -@@ -0,0 +1,17 @@ -+--TEST-- -+Bug #81740 (PDO::quote() may return unquoted string) -+--SKIPIF-- -+<?php -+if (!extension_loaded('pdo_sqlite')) print 'skip not loaded'; -+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test"); -+?> -+--INI-- -+memory_limit=-1 -+--FILE-- -+<?php -+$pdo = new PDO("sqlite::memory:"); -+$string = str_repeat("a", 0x80000000); -+var_dump($pdo->quote($string)); -+?> -+--EXPECT-- -+bool(false) diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch deleted file mode 100644 index a0e72f380089..000000000000 --- a/dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch +++ /dev/null @@ -1,114 +0,0 @@ -diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c -index 3806a290aee4..351d40308089 100644 ---- a/ext/standard/crypt_blowfish.c -+++ b/ext/standard/crypt_blowfish.c -@@ -371,7 +371,6 @@ static const unsigned char BF_atoi64[0x60] = { - #define BF_safe_atoi64(dst, src) \ - { \ - tmp = (unsigned char)(src); \ -- if (tmp == '$') break; /* PHP hack */ \ - if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \ - tmp = BF_atoi64[tmp]; \ - if (tmp > 63) return -1; \ -@@ -399,13 +398,6 @@ static int BF_decode(BF_word *dst, const char *src, int size) - *dptr++ = ((c3 & 0x03) << 6) | c4; - } while (dptr < end); - -- if (end - dptr == size) { -- return -1; -- } -- -- while (dptr < end) /* PHP hack */ -- *dptr++ = 0; -- - return 0; - } - -diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt -new file mode 100644 -index 000000000000..32e335f4b087 ---- /dev/null -+++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt -@@ -0,0 +1,82 @@ -+--TEST-- -+bcrypt correctly rejects salts containing $ -+--FILE-- -+<?php -+for ($i = 0; $i < 23; $i++) { -+ $salt = '$2y$04$' . str_repeat('0', $i) . '$'; -+ $result = crypt("foo", $salt); -+ var_dump($salt); -+ var_dump($result); -+ var_dump($result === $salt); -+} -+?> -+--EXPECT-- -+string(8) "$2y$04$$" -+string(2) "*0" -+bool(false) -+string(9) "$2y$04$0$" -+string(2) "*0" -+bool(false) -+string(10) "$2y$04$00$" -+string(2) "*0" -+bool(false) -+string(11) "$2y$04$000$" -+string(2) "*0" -+bool(false) -+string(12) "$2y$04$0000$" -+string(2) "*0" -+bool(false) -+string(13) "$2y$04$00000$" -+string(2) "*0" -+bool(false) -+string(14) "$2y$04$000000$" -+string(2) "*0" -+bool(false) -+string(15) "$2y$04$0000000$" -+string(2) "*0" -+bool(false) -+string(16) "$2y$04$00000000$" -+string(2) "*0" -+bool(false) -+string(17) "$2y$04$000000000$" -+string(2) "*0" -+bool(false) -+string(18) "$2y$04$0000000000$" -+string(2) "*0" -+bool(false) -+string(19) "$2y$04$00000000000$" -+string(2) "*0" -+bool(false) -+string(20) "$2y$04$000000000000$" -+string(2) "*0" -+bool(false) -+string(21) "$2y$04$0000000000000$" -+string(2) "*0" -+bool(false) -+string(22) "$2y$04$00000000000000$" -+string(2) "*0" -+bool(false) -+string(23) "$2y$04$000000000000000$" -+string(2) "*0" -+bool(false) -+string(24) "$2y$04$0000000000000000$" -+string(2) "*0" -+bool(false) -+string(25) "$2y$04$00000000000000000$" -+string(2) "*0" -+bool(false) -+string(26) "$2y$04$000000000000000000$" -+string(2) "*0" -+bool(false) -+string(27) "$2y$04$0000000000000000000$" -+string(2) "*0" -+bool(false) -+string(28) "$2y$04$00000000000000000000$" -+string(2) "*0" -+bool(false) -+string(29) "$2y$04$000000000000000000000$" -+string(2) "*0" -+bool(false) -+string(30) "$2y$04$0000000000000000000000$" -+string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K" -+bool(false) diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch deleted file mode 100644 index 67c172ae214f..000000000000 --- a/dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a92acbad873a05470af1a47cb785a18eadd827b5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be> -Date: Mon, 23 Jan 2023 22:13:57 +0100 -Subject: [PATCH] crypt: Fix possible buffer overread in php_crypt() - ---- - ext/standard/crypt.c | 1 + - ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++ - 2 files changed, 9 insertions(+) - create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt - -diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c -index 8c105cf910e8..8316c8b96063 100644 ---- a/ext/standard/crypt.c -+++ b/ext/standard/crypt.c -@@ -135,6 +135,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch - } else if ( - salt[0] == '$' && - salt[1] == '2' && -+ salt[2] != 0 && - salt[3] == '$') { - char output[PHP_MAX_SALT_LEN + 1]; - -diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt -new file mode 100644 -index 000000000000..085bc8a23904 ---- /dev/null -+++ b/ext/standard/tests/password/password_bcrypt_short.phpt -@@ -0,0 +1,8 @@ -+--TEST-- -+Test that password_hash() does not overread buffers when a short hash is passed -+--FILE-- -+<?php -+var_dump(password_verify("foo", '$2')); -+?> -+--EXPECT-- -+bool(false) diff --git a/dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch b/dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch deleted file mode 100644 index a6de37c27305..000000000000 --- a/dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git a/main/main.c b/main/main.c -index 40684f32dc14..c58ea58bf5ac 100644 ---- a/main/main.c -+++ b/main/main.c -@@ -836,6 +836,7 @@ PHP_INI_BEGIN() - PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) - PHP_INI_ENTRY("disable_classes", "", PHP_INI_SYSTEM, NULL) - PHP_INI_ENTRY("max_file_uploads", "20", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) -+ PHP_INI_ENTRY("max_multipart_body_parts", "-1", PHP_INI_SYSTEM|PHP_INI_PERDIR, NULL) - - STD_PHP_INI_BOOLEAN("allow_url_fopen", "1", PHP_INI_SYSTEM, OnUpdateBool, allow_url_fopen, php_core_globals, core_globals) - STD_PHP_INI_BOOLEAN("allow_url_include", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_url_include, php_core_globals, core_globals) -diff --git a/main/rfc1867.c b/main/rfc1867.c -index b43cfae5a1e2..3086e8da3dbe 100644 ---- a/main/rfc1867.c -+++ b/main/rfc1867.c -@@ -694,6 +694,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - void *event_extra_data = NULL; - unsigned int llen = 0; - int upload_cnt = INI_INT("max_file_uploads"); -+ int body_parts_cnt = INI_INT("max_multipart_body_parts"); - const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding(); - php_rfc1867_getword_t getword; - php_rfc1867_getword_conf_t getword_conf; -@@ -715,6 +716,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - return; - } - -+ if (body_parts_cnt < 0) { -+ body_parts_cnt = PG(max_input_vars) + upload_cnt; -+ } -+ int body_parts_limit = body_parts_cnt; -+ - /* Get the boundary */ - boundary = strstr(content_type_dup, "boundary"); - if (!boundary) { -@@ -799,6 +805,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ - char *pair = NULL; - int end = 0; - -+ if (--body_parts_cnt < 0) { -+ php_error_docref(NULL, E_WARNING, "Multipart body parts limit exceeded %d. To increase the limit change max_multipart_body_parts in php.ini.", body_parts_limit); -+ goto fileupload_done; -+ } -+ - while (isspace(*cd)) { - ++cd; - } |