diff options
author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-12-08 18:36:25 +0000 |
---|---|---|
committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-12-08 18:39:01 +0000 |
commit | ee427b47b91f32b36e1c03f7c114bee5410f834e (patch) | |
tree | b4f9686ba84624fb872d4aa298a916eff09f634c | |
parent | bde2825df3cba470104d79b5f7dc1c0494d17bfd (diff) | |
download | packages-ee427b47b91f32b36e1c03f7c114bee5410f834e.tar.gz packages-ee427b47b91f32b36e1c03f7c114bee5410f834e.tar.bz2 packages-ee427b47b91f32b36e1c03f7c114bee5410f834e.tar.xz packages-ee427b47b91f32b36e1c03f7c114bee5410f834e.zip |
user/php7: fix CVE-2018-19935
-rw-r--r-- | user/php7/APKBUILD | 6 | ||||
-rw-r--r-- | user/php7/CVE-2018-19935.patch | 52 |
2 files changed, 57 insertions, 1 deletions
diff --git a/user/php7/APKBUILD b/user/php7/APKBUILD index 8ed53f99d..89ab74709 100644 --- a/user/php7/APKBUILD +++ b/user/php7/APKBUILD @@ -26,7 +26,7 @@ pkgname=php7 _pkgname=php pkgver=7.2.11 -pkgrel=1 +pkgrel=2 _apiver=20170718 pkgdesc="The PHP7 language runtime engine" url="https://php.net/" @@ -76,6 +76,7 @@ source="http://php.net/distributions/$_pkgname-$pkgver.tar.bz2 $_pkgname-fpm.logrotate $_pkgname-module.conf disabled-tests.list + CVE-2018-19935.patch install-pear.patch fpm-paths.patch allow-build-recode-and-imap-together.patch @@ -223,6 +224,8 @@ enable_ext 'zip' \ # 7.2.8-r0: # - CVE-2015-9253 # - CVE-2018-12882 +# 7.2.11-r2: +# - CVE-2018-19935 prepare() { cd "$builddir" @@ -527,6 +530,7 @@ sha512sums="a6bdd639648ae7845467e01303d0b4f4b85fd541409be97a5a605e91a9c994609e4e 01d4ba3ef104ea378eb0e8cbb7bdee3fdf65e4bd6865eb3bc6c0dc4af31c2d52887abdf0150b5ef984b877860285a3b1af84b11ffebb5b8b722ea9faf83edfeb php-fpm.logrotate a7f9ba5e11652fd1cb9e756c3269269a95de083ecb5be936a85c7a09c1396db9088e0251c6a643c40235c0e776fce2a471e5c7f5a033b85c7d3b3110c2b39e48 php-module.conf b1008eabc86fcff88336fe2961e3229c159c930a05d97359136c381c5c1cc572a33110308a3e5ef5e31c60327f76c9ef02b375cd2ea8ff9caa7deeddc216f4ce disabled-tests.list +4b6e4a8062808fcc54321b159f0b8bfef93267e0824f698f6ab06fc82796d62878a2e73cb44ef4bbad231658f9c0ee819ece1f7ca7517e56eea54309c92128c7 CVE-2018-19935.patch f1177cbf6b1f44402f421c3d317aab1a2a40d0b1209c11519c1158df337c8945f3a313d689c939768584f3e4edbe52e8bd6103fb6777462326a9d94e8ab1f505 install-pear.patch a77dd3bdf9dc7a0f2c06ff3e7c425d062bbaa29902c17402ce98701dc99499be863ad543aa5e6a7d1c249702d6afb193398dd3199ae58e42b32b95d434fb1883 fpm-paths.patch f8ecae241a90cbc3e98aa4deb3d5d35ef555f51380e29f4e182a8060dffeb84be74f030a14c6b452668471030d78964f52795ca74275db05543ccad20ef1f2cc allow-build-recode-and-imap-together.patch diff --git a/user/php7/CVE-2018-19935.patch b/user/php7/CVE-2018-19935.patch new file mode 100644 index 000000000..e24310f42 --- /dev/null +++ b/user/php7/CVE-2018-19935.patch @@ -0,0 +1,52 @@ +From 648fc1e369fc05fb9200a42c7938912236b2a318 Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev <stas@php.net> +Date: Sun, 11 Nov 2018 10:04:01 -0800 +Subject: [PATCH] Fix #77020: null pointer dereference in imap_mail + +If an empty $message is passed to imap_mail(), we must not set message +to NULL, since _php_imap_mail() is not supposed to handle NULL pointers +(opposed to pointers to NUL). + +(cherry picked from commit 7edc639b9ff1c3576773d79d016abbeed1f93846) +--- + ext/imap/php_imap.c | 1 - + ext/imap/tests/bug77020.phpt | 15 +++++++++++++++ + 2 files changed, 15 insertions(+), 1 deletion(-) + create mode 100644 ext/imap/tests/bug77020.phpt + +diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c +index 9e626a4..01d1a5f 100644 +--- a/ext/imap/php_imap.c ++++ b/ext/imap/php_imap.c +@@ -4116,7 +4116,6 @@ PHP_FUNCTION(imap_mail) + if (!ZSTR_LEN(message)) { + /* this is not really an error, so it is allowed. */ + php_error_docref(NULL, E_WARNING, "No message string in mail command"); +- message = NULL; + } + + if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL, +diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt +new file mode 100644 +index 0000000..8a65232 +--- /dev/null ++++ b/ext/imap/tests/bug77020.phpt +@@ -0,0 +1,15 @@ ++--TEST-- ++Bug #77020 (null pointer dereference in imap_mail) ++--SKIPIF-- ++<?php ++if (!extension_loaded('imap')) die('skip imap extension not available'); ++?> ++--FILE-- ++<?php ++imap_mail('1', 1, NULL); ++?> ++===DONE=== ++--EXPECTF-- ++Warning: imap_mail(): No message string in mail command in %s on line %d ++%s ++===DONE=== +-- +2.1.4 + |