summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2023-06-21 10:05:58 +0200
committerRemi Collet <remi@php.net>2023-06-21 10:05:58 +0200
commit087014d9921e0f09df40c50b865ae355026e9a6e (patch)
tree77f4e987f9ed7bd4cd467031885fb0acfb6538ec
parentbe2835c09327b5a7bd412f494c96bfb4e4b242ab (diff)
fix possible buffer overflow in date
-rw-r--r--php-7.2.16-systzdata-v17.patch2
-rw-r--r--php-cve-2023-3247.patch (renamed from php-ghsa-76gg-c692-v2mw.patch)27
-rw-r--r--php72.spec81
3 files changed, 70 insertions, 40 deletions
diff --git a/php-7.2.16-systzdata-v17.patch b/php-7.2.16-systzdata-v17.patch
index 640bff2..e8ae8b2 100644
--- a/php-7.2.16-systzdata-v17.patch
+++ b/php-7.2.16-systzdata-v17.patch
@@ -410,7 +410,7 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
+ size_t n;
+ char *data, *p;
+
-+ data = malloc(3 * sysdb->index_size + 7);
++ data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1);
+
+ p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1);
+
diff --git a/php-ghsa-76gg-c692-v2mw.patch b/php-cve-2023-3247.patch
index 7a4396c..54e8592 100644
--- a/php-ghsa-76gg-c692-v2mw.patch
+++ b/php-cve-2023-3247.patch
@@ -123,3 +123,30 @@ index 15b086e21c..6903a3b9c9 100644
static char *get_http_header_value(char *headers, char *type);
static zend_string *get_http_body(php_stream *socketd, int close, char *headers);
+From 24d822d4e70431cc6dc795f7ff5193960f385c2f Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Thu, 15 Jun 2023 08:47:55 +0200
+Subject: [PATCH] add cve
+
+(cherry picked from commit f3021d66d7bb42d2578530cc94f9bde47e58eb10)
+---
+ NEWS | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index ae5101b368..5f49a7ee04 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,7 +5,8 @@ Backported from 8.0.29
+
+ - Soap:
+ . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
+- bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla)
++ bytes in HTTP Digest authentication for SOAP).
++ (CVE-2023-3247) (nielsdos, timwolla)
+
+ Backported from 8.0.28
+
+--
+2.40.1
+
diff --git a/php72.spec b/php72.spec
index 8926e1f..ea9f245 100644
--- a/php72.spec
+++ b/php72.spec
@@ -110,7 +110,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
-Release: 17%{?dist}
+Release: 18%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -194,7 +194,7 @@ Patch213: php-bug81740.patch
Patch214: php-bug81744.patch
Patch215: php-bug81746.patch
Patch216: php-cve-2023-0662.patch
-Patch217: php-ghsa-76gg-c692-v2mw.patch
+Patch217: php-cve-2023-3247.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -1099,61 +1099,61 @@ low-level PHP extension for the libsodium cryptographic library.
%setup -q -n php-%{upver}%{?rcver}
-%patch1 -p1 -b .mpmcheck
-%patch2 -p1 -b .true
-%patch5 -p1 -b .includedir
-%patch6 -p1 -b .embed
-%patch7 -p1 -b .recode
-%patch8 -p1 -b .libdb
+%patch -P1 -p1 -b .mpmcheck
+%patch -P2 -p1 -b .true
+%patch -P5 -p1 -b .includedir
+%patch -P6 -p1 -b .embed
+%patch -P7 -p1 -b .recode
+%patch -P8 -p1 -b .libdb
%if 0%{?rhel}
-%patch9 -p1 -b .curltls
+%patch -P9 -p1 -b .curltls
%endif
-%patch40 -p1 -b .dlopen
+%patch -P40 -p1 -b .dlopen
%if 0%{?fedora} >= 28 || 0%{?rhel} >= 6
-%patch42 -p1 -b .systzdata
+%patch -P42 -p1 -b .systzdata
%endif
-%patch43 -p1 -b .headers
+%patch -P43 -p1 -b .headers
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
-%patch45 -p1 -b .ldap_r
+%patch -P45 -p1 -b .ldap_r
%endif
-%patch46 -p1 -b .fixheader
-%patch47 -p1 -b .phpinfo
-%patch48 -p1 -b .getallheaders
-%patch49 -p1 -b .pdooci
+%patch -P46 -p1 -b .fixheader
+%patch -P47 -p1 -b .phpinfo
+%patch -P48 -p1 -b .getallheaders
+%patch -P49 -p1 -b .pdooci
-%patch91 -p1 -b .remi-oci8
+%patch -P91 -p1 -b .remi-oci8
# upstream patches
# security patches
-%patch200 -p1 -b .bug77423
-%patch201 -p1 -b .bug80672
-%patch202 -p1 -b .bug80710
-%patch203 -p1 -b .bug81122
-%patch204 -p1 -b .bug76450
-%patch205 -p1 -b .bug81211
-%patch206 -p1 -b .bug81026
-%patch207 -p1 -b .bug79971
-%patch208 -p1 -b .bug81719
-%patch209 -p1 -b .bug81720
-%patch210 -p1 -b .bug81727
-%patch211 -p1 -b .bug81726
-%patch212 -p1 -b .bug81738
-%patch213 -p1 -b .bug81740
-%patch214 -p1 -b .bug81744
-%patch215 -p1 -b .bug81746
-%patch216 -p1 -b .cve0662
-%patch217 -p1 -b .ghsa-76gg-c692-v2mw
+%patch -P200 -p1 -b .bug77423
+%patch -P201 -p1 -b .bug80672
+%patch -P202 -p1 -b .bug80710
+%patch -P203 -p1 -b .bug81122
+%patch -P204 -p1 -b .bug76450
+%patch -P205 -p1 -b .bug81211
+%patch -P206 -p1 -b .bug81026
+%patch -P207 -p1 -b .bug79971
+%patch -P208 -p1 -b .bug81719
+%patch -P209 -p1 -b .bug81720
+%patch -P210 -p1 -b .bug81727
+%patch -P211 -p1 -b .bug81726
+%patch -P212 -p1 -b .bug81738
+%patch -P213 -p1 -b .bug81740
+%patch -P214 -p1 -b .bug81744
+%patch -P215 -p1 -b .bug81746
+%patch -P216 -p1 -b .cve0662
+%patch -P217 -p1 -b .cve3247
# Fixes for tests
%if 0%{?fedora} >= 25 || 0%{?rhel} >= 6
-%patch300 -p1 -b .datetests
+%patch -P300 -p1 -b .datetests
%endif
%if %{with_libpcre}
if ! pkg-config libpcre --atleast-version 8.34 ; then
# Only apply when system libpcre < 8.34
-%patch301 -p1 -b .pcre834
+%patch -P301 -p1 -b .pcre834
fi
%endif
@@ -2258,10 +2258,13 @@ EOF
%changelog
+* Tue Jun 20 2023 Remi Collet <remi@remirepo.net> - 7.2.34-18
+- fix possible buffer overflow in date
+
* Wed Jun 7 2023 Remi Collet <remi@remirepo.net> - 7.2.34-17
- Fix Missing error check and insufficient random bytes in HTTP Digest
authentication for SOAP
- GHSA-76gg-c692-v2mw
+ GHSA-76gg-c692-v2mw CVE-2023-3247
- use oracle client library version 21.10
- define __phpize and __phpconfig