summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2018-12-08 18:36:25 +0000
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2018-12-08 18:39:01 +0000
commitee427b47b91f32b36e1c03f7c114bee5410f834e (patch)
treeb4f9686ba84624fb872d4aa298a916eff09f634c
parentbde2825df3cba470104d79b5f7dc1c0494d17bfd (diff)
downloadpackages-ee427b47b91f32b36e1c03f7c114bee5410f834e.tar.gz
packages-ee427b47b91f32b36e1c03f7c114bee5410f834e.tar.bz2
packages-ee427b47b91f32b36e1c03f7c114bee5410f834e.tar.xz
packages-ee427b47b91f32b36e1c03f7c114bee5410f834e.zip
user/php7: fix CVE-2018-19935
-rw-r--r--user/php7/APKBUILD6
-rw-r--r--user/php7/CVE-2018-19935.patch52
2 files changed, 57 insertions, 1 deletions
diff --git a/user/php7/APKBUILD b/user/php7/APKBUILD
index 8ed53f99d..89ab74709 100644
--- a/user/php7/APKBUILD
+++ b/user/php7/APKBUILD
@@ -26,7 +26,7 @@
pkgname=php7
_pkgname=php
pkgver=7.2.11
-pkgrel=1
+pkgrel=2
_apiver=20170718
pkgdesc="The PHP7 language runtime engine"
url="https://php.net/"
@@ -76,6 +76,7 @@ source="http://php.net/distributions/$_pkgname-$pkgver.tar.bz2
$_pkgname-fpm.logrotate
$_pkgname-module.conf
disabled-tests.list
+ CVE-2018-19935.patch
install-pear.patch
fpm-paths.patch
allow-build-recode-and-imap-together.patch
@@ -223,6 +224,8 @@ enable_ext 'zip' \
# 7.2.8-r0:
# - CVE-2015-9253
# - CVE-2018-12882
+# 7.2.11-r2:
+# - CVE-2018-19935
prepare() {
cd "$builddir"
@@ -527,6 +530,7 @@ sha512sums="a6bdd639648ae7845467e01303d0b4f4b85fd541409be97a5a605e91a9c994609e4e
01d4ba3ef104ea378eb0e8cbb7bdee3fdf65e4bd6865eb3bc6c0dc4af31c2d52887abdf0150b5ef984b877860285a3b1af84b11ffebb5b8b722ea9faf83edfeb php-fpm.logrotate
a7f9ba5e11652fd1cb9e756c3269269a95de083ecb5be936a85c7a09c1396db9088e0251c6a643c40235c0e776fce2a471e5c7f5a033b85c7d3b3110c2b39e48 php-module.conf
b1008eabc86fcff88336fe2961e3229c159c930a05d97359136c381c5c1cc572a33110308a3e5ef5e31c60327f76c9ef02b375cd2ea8ff9caa7deeddc216f4ce disabled-tests.list
+4b6e4a8062808fcc54321b159f0b8bfef93267e0824f698f6ab06fc82796d62878a2e73cb44ef4bbad231658f9c0ee819ece1f7ca7517e56eea54309c92128c7 CVE-2018-19935.patch
f1177cbf6b1f44402f421c3d317aab1a2a40d0b1209c11519c1158df337c8945f3a313d689c939768584f3e4edbe52e8bd6103fb6777462326a9d94e8ab1f505 install-pear.patch
a77dd3bdf9dc7a0f2c06ff3e7c425d062bbaa29902c17402ce98701dc99499be863ad543aa5e6a7d1c249702d6afb193398dd3199ae58e42b32b95d434fb1883 fpm-paths.patch
f8ecae241a90cbc3e98aa4deb3d5d35ef555f51380e29f4e182a8060dffeb84be74f030a14c6b452668471030d78964f52795ca74275db05543ccad20ef1f2cc allow-build-recode-and-imap-together.patch
diff --git a/user/php7/CVE-2018-19935.patch b/user/php7/CVE-2018-19935.patch
new file mode 100644
index 000000000..e24310f42
--- /dev/null
+++ b/user/php7/CVE-2018-19935.patch
@@ -0,0 +1,52 @@
+From 648fc1e369fc05fb9200a42c7938912236b2a318 Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Sun, 11 Nov 2018 10:04:01 -0800
+Subject: [PATCH] Fix #77020: null pointer dereference in imap_mail
+
+If an empty $message is passed to imap_mail(), we must not set message
+to NULL, since _php_imap_mail() is not supposed to handle NULL pointers
+(opposed to pointers to NUL).
+
+(cherry picked from commit 7edc639b9ff1c3576773d79d016abbeed1f93846)
+---
+ ext/imap/php_imap.c | 1 -
+ ext/imap/tests/bug77020.phpt | 15 +++++++++++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+ create mode 100644 ext/imap/tests/bug77020.phpt
+
+diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
+index 9e626a4..01d1a5f 100644
+--- a/ext/imap/php_imap.c
++++ b/ext/imap/php_imap.c
+@@ -4116,7 +4116,6 @@ PHP_FUNCTION(imap_mail)
+ if (!ZSTR_LEN(message)) {
+ /* this is not really an error, so it is allowed. */
+ php_error_docref(NULL, E_WARNING, "No message string in mail command");
+- message = NULL;
+ }
+
+ if (_php_imap_mail(ZSTR_VAL(to), ZSTR_VAL(subject), ZSTR_VAL(message), headers?ZSTR_VAL(headers):NULL, cc?ZSTR_VAL(cc):NULL,
+diff --git a/ext/imap/tests/bug77020.phpt b/ext/imap/tests/bug77020.phpt
+new file mode 100644
+index 0000000..8a65232
+--- /dev/null
++++ b/ext/imap/tests/bug77020.phpt
+@@ -0,0 +1,15 @@
++--TEST--
++Bug #77020 (null pointer dereference in imap_mail)
++--SKIPIF--
++<?php
++if (!extension_loaded('imap')) die('skip imap extension not available');
++?>
++--FILE--
++<?php
++imap_mail('1', 1, NULL);
++?>
++===DONE===
++--EXPECTF--
++Warning: imap_mail(): No message string in mail command in %s on line %d
++%s
++===DONE===
+--
+2.1.4
+