php7.2: add u13 patch

master
parent b01cb26b06
commit 8ba7867f60
  1. 4
      testing/php7.2/APKBUILD
  2. 38
      testing/php7.2/u13-001-CVE-2022-31625-2.patch

@ -26,7 +26,7 @@
pkgname=php7.2
_pkgreal=php
pkgver=7.2.34
pkgrel=11
pkgrel=12
_apiver=20170718
_suffix=${pkgname#php}
_suffixA=7
@ -125,6 +125,7 @@ source="https://php.net/distributions/$_pkgreal-$pkgver.tar.xz
u11-006-CVE-2021-21707.patch
u12-001-CVE-2022-31625.patch
u12-002-CVE-2022-31626.patch
u13-001-CVE-2022-31625-2.patch
"
builddir="$srcdir/$_pkgreal-$pkgver"
@ -726,4 +727,5 @@ fddf6c50682b4d778908130477a9160df68dbd257f33991262d49c3eb05a220ec608a9625ce2b7f0
64460be7ba985c5192a51badabdbec3e530e6a0818d71612f1ad2b1e5e80eedcb97bb7da3bc2b2daca2c9a610d969336432e89b7babc6aa474153f2dbe5d0451 u11-006-CVE-2021-21707.patch
bdd0212861e5b20d4420546dd20d835ad00f704c744214ba4777a534c156cc53254fd191341a96a3556c1a7ad1455be3beb31edf198a9ead77d92d569847bbdb u12-001-CVE-2022-31625.patch
9f5e5798b22e9ed4c6b9cb0fe10372a457c7cfa2fc11b6eac459a358eef9b7ed4e15682365747be431804370fb6511506728fc13ed001906fb60ee26fb3b31b8 u12-002-CVE-2022-31626.patch
06d342debefb45e5ba4b8619cf08614966b89d6eaec00d8c22f01232ef3a4f773e54dcb8a63f2d0d910f7d0f5bb779fd7a22e9bfd6070bb5e73736c358189d27 u13-001-CVE-2022-31625-2.patch
"

@ -0,0 +1,38 @@
Description: Don't free parameters which haven't been initialized yet.
In the original commit, the fix is applied on pg_query_params(). But for
this release, it can be extended for other methods with the same code.
Author: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>
Origin: backport, https://github.com/php/php-src/commit/55f6895f
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1980550
Last-Update: 2022-07-05
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- php7.2-7.2.24.orig/ext/pgsql/pgsql.c
+++ php7.2-7.2.24/ext/pgsql/pgsql.c
@@ -2191,7 +2191,7 @@ PHP_FUNCTION(pg_execute)
if (Z_TYPE(tmp_val) != IS_STRING) {
php_error_docref(NULL, E_WARNING,"Error converting parameter");
zval_ptr_dtor(&tmp_val);
- _php_pgsql_free_params(params, num_params);
+ _php_pgsql_free_params(params, i);
RETURN_FALSE;
}
params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
@@ -5011,7 +5011,7 @@ PHP_FUNCTION(pg_send_query_params)
if (Z_TYPE(tmp_val) != IS_STRING) {
php_error_docref(NULL, E_WARNING,"Error converting parameter");
zval_ptr_dtor(&tmp_val);
- _php_pgsql_free_params(params, num_params);
+ _php_pgsql_free_params(params, i);
RETURN_FALSE;
}
params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
@@ -5188,7 +5188,7 @@ PHP_FUNCTION(pg_send_execute)
if (Z_TYPE(tmp_val) != IS_STRING) {
php_error_docref(NULL, E_WARNING,"Error converting parameter");
zval_ptr_dtor(&tmp_val);
- _php_pgsql_free_params(params, num_params);
+ _php_pgsql_free_params(params, i);
RETURN_FALSE;
}
params[i] = estrndup(Z_STRVAL(tmp_val), Z_STRLEN(tmp_val));
Loading…
Cancel
Save