diff options
| author | Remi Collet <remi@remirepo.net> | 2023-06-20 16:07:47 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2023-06-20 16:07:47 +0200 |
| commit | df2e08bb800937d9cecafb95d8786e21040a84aa (patch) | |
| tree | fb30e79fa732b1b680ca9fdc0105a89eae826aa3 | |
| parent | ad7980aa6e0f52d9a93ae2a989beb3c2ce937962 (diff) | |
fix possible buffer overflow in date
define %php73___phpize and %php73___phpconfig
| -rw-r--r-- | macros.php | 4 | ||||
| -rw-r--r-- | php-7.3.3-systzdata-v19.patch | 2 | ||||
| -rw-r--r-- | php-cve-2023-3247.patch (renamed from php-ghsa-76gg-c692-v2mw.patch) | 27 | ||||
| -rw-r--r-- | php.spec | 70 |
4 files changed, 69 insertions, 34 deletions
@@ -14,3 +14,7 @@ %@SCL@__php @BINDIR@/php +%@SCL@__phpize @BINDIR@/phpize + +%@SCL@__phpconfig @BINDIR@/php-config + diff --git a/php-7.3.3-systzdata-v19.patch b/php-7.3.3-systzdata-v19.patch index 866729b..17a01fe 100644 --- a/php-7.3.3-systzdata-v19.patch +++ b/php-7.3.3-systzdata-v19.patch @@ -452,7 +452,7 @@ index 020da3135e..12e68ef043 100644 + size_t n; + char *data, *p; + -+ data = malloc(3 * sysdb->index_size + 7); ++ data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1); + + p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); + diff --git a/php-ghsa-76gg-c692-v2mw.patch b/php-cve-2023-3247.patch index 8fe3de7..497b53e 100644 --- a/php-ghsa-76gg-c692-v2mw.patch +++ b/php-cve-2023-3247.patch @@ -121,3 +121,30 @@ index e3a9afdbe9..912b8e341d 100644 static char *get_http_header_value_nodup(char *headers, char *type, size_t *len); static char *get_http_header_value(char *headers, char *type); +From ec8afe8e559342b61a0498dcab8ce59dc6319d3e Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Thu, 15 Jun 2023 08:47:55 +0200 +Subject: [PATCH] add cve + +(cherry picked from commit f3021d66d7bb42d2578530cc94f9bde47e58eb10) +--- + NEWS | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 7ccc61e6e4..1950d841a5 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,7 +5,8 @@ Backported from 8.0.29 + + - Soap: + . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random +- bytes in HTTP Digest authentication for SOAP). (nielsdos, timwolla) ++ bytes in HTTP Digest authentication for SOAP). ++ (CVE-2023-3247) (nielsdos, timwolla) + + Backported from 8.0.28 + +-- +2.40.1 + @@ -126,7 +126,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 9%{?dist} +Release: 10%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -207,7 +207,7 @@ Patch205: php-bug81740.patch Patch206: php-bug81744.patch Patch207: php-bug81746.patch Patch208: php-cve-2023-0662.patch -Patch209: php-ghsa-76gg-c692-v2mw.patch +Patch209: php-cve-2023-3247.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -951,51 +951,51 @@ low-level PHP extension for the libsodium cryptographic library. %setup -q -n php-%{upver}%{?rcver} %endif -%patch1 -p1 -b .mpmcheck -%patch5 -p1 -b .includedir -%patch6 -p1 -b .embed -%patch7 -p1 -b .recode -%patch8 -p1 -b .libdb +%patch -P1 -p1 -b .mpmcheck +%patch -P5 -p1 -b .includedir +%patch -P6 -p1 -b .embed +%patch -P7 -p1 -b .recode +%patch -P8 -p1 -b .libdb %if 0%{?rhel} -%patch9 -p1 -b .curltls +%patch -P9 -p1 -b .curltls %endif -%patch10 -p1 -b .nodes +%patch -P10 -p1 -b .nodes -%patch40 -p1 -b .dlopen +%patch -P40 -p1 -b .dlopen %if 0%{?fedora} >= 28 || 0%{?rhel} >= 6 -%patch42 -p1 -b .systzdata +%patch -P42 -p1 -b .systzdata %endif -%patch43 -p1 -b .headers +%patch -P43 -p1 -b .headers sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 -%patch45 -p1 -b .ldap_r +%patch -P45 -p1 -b .ldap_r %endif -%patch46 -p1 -b .fixheader -%patch47 -p1 -b .phpinfo -%patch48 -p1 -b .pdooci -%patch49 -p1 -b .fpmsig +%patch -P46 -p1 -b .fixheader +%patch -P47 -p1 -b .phpinfo +%patch -P48 -p1 -b .pdooci +%patch -P49 -p1 -b .fpmsig -%patch91 -p1 -b .remi-oci8 +%patch -P91 -p1 -b .remi-oci8 # upstream patches -%patch100 -p1 -b .bug80682 -%patch101 -p1 -b .bug80783 -%patch102 -p1 -b .pcre1038 +%patch -P100 -p1 -b .bug80682 +%patch -P101 -p1 -b .bug80783 +%patch -P102 -p1 -b .pcre1038 # security patches -%patch200 -p1 -b .bug81719 -%patch201 -p1 -b .bug81720 -%patch202 -p1 -b .bug81727 -%patch203 -p1 -b .bug81726 -%patch204 -p1 -b .bug81738 -%patch205 -p1 -b .bug81740 -%patch206 -p1 -b .bug81744 -%patch207 -p1 -b .bug81746 -%patch208 -p1 -b .cve0662 -%patch209 -p1 -b .ghsa-76gg-c692-v2mw +%patch -P200 -p1 -b .bug81719 +%patch -P201 -p1 -b .bug81720 +%patch -P202 -p1 -b .bug81727 +%patch -P203 -p1 -b .bug81726 +%patch -P204 -p1 -b .bug81738 +%patch -P205 -p1 -b .bug81740 +%patch -P206 -p1 -b .bug81744 +%patch -P207 -p1 -b .bug81746 +%patch -P208 -p1 -b .cve0662 +%patch -P209 -p1 -b .cve3247 # Fixes for tests -%patch300 -p1 -b .datetests +%patch -P300 -p1 -b .datetests # WIP patch @@ -1952,10 +1952,14 @@ EOF %changelog +* Tue Jun 20 2023 Remi Collet <remi@remirepo.net> - 7.3.33-10 +- fix possible buffer overflow in date +- define %%php73___phpize and %%php73___phpconfig + * Wed Jun 7 2023 Remi Collet <remi@remirepo.net> - 7.3.33-9 - Fix Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP - GHSA-76gg-c692-v2mw + GHSA-76gg-c692-v2mw CVE-2023-3247 - use oracle client library version 21.10 * Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 7.3.33-8 |