diff options
author | Mingli Yu <mingli.yu@windriver.com> | 2021-04-21 11:23:09 +0800 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2021-04-21 08:27:01 -0700 |
commit | e418ee4657e084c8b4d42aabf76ff6df99253e91 (patch) | |
tree | 793779090cd59ee2b44d1b5d94d4d97ee708cb55 /meta-oe/recipes-devtools | |
parent | 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7 (diff) | |
download | meta-openembedded-e418ee4657e084c8b4d42aabf76ff6df99253e91.tar.gz |
php: Upgrade to 7.4.16
License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
-rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch | 158 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch | 24 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_7.4.16.bb (renamed from meta-oe/recipes-devtools/php/php_7.4.9.bb) | 7 |
3 files changed, 2 insertions, 187 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch b/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch deleted file mode 100644 index 0cf4d5ed6..000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2020-7069.patch +++ /dev/null | |||
@@ -1,158 +0,0 @@ | |||
1 | Subject: Fix bug #79601 (Wrong ciphertext/tag in AES-CCM encryption | ||
2 | for a 12 bytes IV) | ||
3 | |||
4 | --- | ||
5 | ext/openssl/openssl.c | 10 ++++----- | ||
6 | ext/openssl/tests/cipher_tests.inc | 21 +++++++++++++++++ | ||
7 | ext/openssl/tests/openssl_decrypt_ccm.phpt | 22 +++++++++++------- | ||
8 | ext/openssl/tests/openssl_encrypt_ccm.phpt | 26 ++++++++++++++-------- | ||
9 | 4 files changed, 57 insertions(+), 22 deletions(-) | ||
10 | |||
11 | diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c | ||
12 | index 04cb9b0f..fdad2c3b 100644 | ||
13 | --- a/ext/openssl/openssl.c | ||
14 | +++ b/ext/openssl/openssl.c | ||
15 | @@ -6521,11 +6521,6 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir | ||
16 | { | ||
17 | char *iv_new; | ||
18 | |||
19 | - /* Best case scenario, user behaved */ | ||
20 | - if (*piv_len == iv_required_len) { | ||
21 | - return SUCCESS; | ||
22 | - } | ||
23 | - | ||
24 | if (mode->is_aead) { | ||
25 | if (EVP_CIPHER_CTX_ctrl(cipher_ctx, mode->aead_ivlen_flag, *piv_len, NULL) != 1) { | ||
26 | php_error_docref(NULL, E_WARNING, "Setting of IV length for AEAD mode failed"); | ||
27 | @@ -6534,6 +6529,11 @@ static int php_openssl_validate_iv(char **piv, size_t *piv_len, size_t iv_requir | ||
28 | return SUCCESS; | ||
29 | } | ||
30 | |||
31 | + /* Best case scenario, user behaved */ | ||
32 | + if (*piv_len == iv_required_len) { | ||
33 | + return SUCCESS; | ||
34 | + } | ||
35 | + | ||
36 | iv_new = ecalloc(1, iv_required_len + 1); | ||
37 | |||
38 | if (*piv_len == 0) { | ||
39 | diff --git a/ext/openssl/tests/cipher_tests.inc b/ext/openssl/tests/cipher_tests.inc | ||
40 | index b1e46b41..779bfa85 100644 | ||
41 | --- a/ext/openssl/tests/cipher_tests.inc | ||
42 | +++ b/ext/openssl/tests/cipher_tests.inc | ||
43 | @@ -1,5 +1,26 @@ | ||
44 | <?php | ||
45 | $php_openssl_cipher_tests = array( | ||
46 | + 'aes-128-ccm' => array( | ||
47 | + array( | ||
48 | + 'key' => '404142434445464748494a4b4c4d4e4f', | ||
49 | + 'iv' => '1011121314151617', | ||
50 | + 'aad' => '000102030405060708090a0b0c0d0e0f', | ||
51 | + 'tag' => '1fc64fbfaccd', | ||
52 | + 'pt' => '202122232425262728292a2b2c2d2e2f', | ||
53 | + 'ct' => 'd2a1f0e051ea5f62081a7792073d593d', | ||
54 | + ), | ||
55 | + array( | ||
56 | + 'key' => '404142434445464748494a4b4c4d4e4f', | ||
57 | + 'iv' => '101112131415161718191a1b', | ||
58 | + 'aad' => '000102030405060708090a0b0c0d0e0f' . | ||
59 | + '10111213', | ||
60 | + 'tag' => '484392fbc1b09951', | ||
61 | + 'pt' => '202122232425262728292a2b2c2d2e2f' . | ||
62 | + '3031323334353637', | ||
63 | + 'ct' => 'e3b201a9f5b71a7a9b1ceaeccd97e70b' . | ||
64 | + '6176aad9a4428aa5', | ||
65 | + ), | ||
66 | + ), | ||
67 | 'aes-256-ccm' => array( | ||
68 | array( | ||
69 | 'key' => '1bde3251d41a8b5ea013c195ae128b21' . | ||
70 | diff --git a/ext/openssl/tests/openssl_decrypt_ccm.phpt b/ext/openssl/tests/openssl_decrypt_ccm.phpt | ||
71 | index a5f01b87..08ef5bb7 100644 | ||
72 | --- a/ext/openssl/tests/openssl_decrypt_ccm.phpt | ||
73 | +++ b/ext/openssl/tests/openssl_decrypt_ccm.phpt | ||
74 | @@ -10,14 +10,16 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) | ||
75 | --FILE-- | ||
76 | <?php | ||
77 | require_once __DIR__ . "/cipher_tests.inc"; | ||
78 | -$method = 'aes-256-ccm'; | ||
79 | -$tests = openssl_get_cipher_tests($method); | ||
80 | +$methods = ['aes-128-ccm', 'aes-256-ccm']; | ||
81 | |||
82 | -foreach ($tests as $idx => $test) { | ||
83 | - echo "TEST $idx\n"; | ||
84 | - $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, | ||
85 | - $test['iv'], $test['tag'], $test['aad']); | ||
86 | - var_dump($test['pt'] === $pt); | ||
87 | +foreach ($methods as $method) { | ||
88 | + $tests = openssl_get_cipher_tests($method); | ||
89 | + foreach ($tests as $idx => $test) { | ||
90 | + echo "$method - TEST $idx\n"; | ||
91 | + $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, | ||
92 | + $test['iv'], $test['tag'], $test['aad']); | ||
93 | + var_dump($test['pt'] === $pt); | ||
94 | + } | ||
95 | } | ||
96 | |||
97 | // no IV | ||
98 | @@ -32,7 +34,11 @@ var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA, | ||
99 | |||
100 | ?> | ||
101 | --EXPECTF-- | ||
102 | -TEST 0 | ||
103 | +aes-128-ccm - TEST 0 | ||
104 | +bool(true) | ||
105 | +aes-128-ccm - TEST 1 | ||
106 | +bool(true) | ||
107 | +aes-256-ccm - TEST 0 | ||
108 | bool(true) | ||
109 | |||
110 | Warning: openssl_decrypt(): Setting of IV length for AEAD mode failed in %s on line %d | ||
111 | diff --git a/ext/openssl/tests/openssl_encrypt_ccm.phpt b/ext/openssl/tests/openssl_encrypt_ccm.phpt | ||
112 | index fb5dbbc8..8c4c41f8 100644 | ||
113 | --- a/ext/openssl/tests/openssl_encrypt_ccm.phpt | ||
114 | +++ b/ext/openssl/tests/openssl_encrypt_ccm.phpt | ||
115 | @@ -10,15 +10,17 @@ if (!in_array('aes-256-ccm', openssl_get_cipher_methods())) | ||
116 | --FILE-- | ||
117 | <?php | ||
118 | require_once __DIR__ . "/cipher_tests.inc"; | ||
119 | -$method = 'aes-256-ccm'; | ||
120 | -$tests = openssl_get_cipher_tests($method); | ||
121 | +$methods = ['aes-128-ccm', 'aes-256-ccm']; | ||
122 | |||
123 | -foreach ($tests as $idx => $test) { | ||
124 | - echo "TEST $idx\n"; | ||
125 | - $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, | ||
126 | - $test['iv'], $tag, $test['aad'], strlen($test['tag'])); | ||
127 | - var_dump($test['ct'] === $ct); | ||
128 | - var_dump($test['tag'] === $tag); | ||
129 | +foreach ($methods as $method) { | ||
130 | + $tests = openssl_get_cipher_tests($method); | ||
131 | + foreach ($tests as $idx => $test) { | ||
132 | + echo "$method - TEST $idx\n"; | ||
133 | + $ct = openssl_encrypt($test['pt'], $method, $test['key'], OPENSSL_RAW_DATA, | ||
134 | + $test['iv'], $tag, $test['aad'], strlen($test['tag'])); | ||
135 | + var_dump($test['ct'] === $ct); | ||
136 | + var_dump($test['tag'] === $tag); | ||
137 | + } | ||
138 | } | ||
139 | |||
140 | // Empty IV error | ||
141 | @@ -32,7 +34,13 @@ var_dump(strlen($tag)); | ||
142 | var_dump(openssl_encrypt('data', $method, 'password', 0, str_repeat('x', 16), $tag, '', 1024)); | ||
143 | ?> | ||
144 | --EXPECTF-- | ||
145 | -TEST 0 | ||
146 | +aes-128-ccm - TEST 0 | ||
147 | +bool(true) | ||
148 | +bool(true) | ||
149 | +aes-128-ccm - TEST 1 | ||
150 | +bool(true) | ||
151 | +bool(true) | ||
152 | +aes-256-ccm - TEST 0 | ||
153 | bool(true) | ||
154 | bool(true) | ||
155 | |||
156 | -- | ||
157 | 2.25.1 | ||
158 | |||
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch b/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch deleted file mode 100644 index e5b527f98..000000000 --- a/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | Subject: Patch fix-urldecode for HTTP related Bug #79699 | ||
2 | |||
3 | --- | ||
4 | main/php_variables.c | 4 +++- | ||
5 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
6 | |||
7 | diff --git a/main/php_variables.c b/main/php_variables.c | ||
8 | index 1a40c2a1..cbdc7cf1 100644 | ||
9 | --- a/main/php_variables.c | ||
10 | +++ b/main/php_variables.c | ||
11 | @@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data) | ||
12 | } | ||
13 | |||
14 | val = estrndup(val, val_len); | ||
15 | - php_url_decode(var, strlen(var)); | ||
16 | + if (arg != PARSE_COOKIE) { | ||
17 | + php_url_decode(var, strlen(var)); | ||
18 | + } | ||
19 | if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) { | ||
20 | php_register_variable_safe(var, val, new_val_len, &array); | ||
21 | } | ||
22 | -- | ||
23 | 2.25.1 | ||
24 | |||
diff --git a/meta-oe/recipes-devtools/php/php_7.4.9.bb b/meta-oe/recipes-devtools/php/php_7.4.16.bb index e19d5dd21..821d9cd04 100644 --- a/meta-oe/recipes-devtools/php/php_7.4.9.bb +++ b/meta-oe/recipes-devtools/php/php_7.4.16.bb | |||
@@ -3,7 +3,7 @@ HOMEPAGE = "http://www.php.net" | |||
3 | SECTION = "console/network" | 3 | SECTION = "console/network" |
4 | 4 | ||
5 | LICENSE = "PHP-3.0" | 5 | LICENSE = "PHP-3.0" |
6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=7e571b888d585b31f9ef5edcc647fa30" | 6 | LIC_FILES_CHKSUM = "file://LICENSE;md5=99532e0f6620bc9bca34f12fadaee33c" |
7 | 7 | ||
8 | BBCLASSEXTEND = "native" | 8 | BBCLASSEXTEND = "native" |
9 | DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" | 9 | DEPENDS = "zlib bzip2 libxml2 virtual/libiconv php-native lemon-native" |
@@ -30,13 +30,10 @@ SRC_URI_append_class-target = " \ | |||
30 | file://phar-makefile.patch \ | 30 | file://phar-makefile.patch \ |
31 | file://0001-opcache-config.m4-enable-opcache.patch \ | 31 | file://0001-opcache-config.m4-enable-opcache.patch \ |
32 | file://xfail_two_bug_tests.patch \ | 32 | file://xfail_two_bug_tests.patch \ |
33 | file://CVE-2020-7070.patch \ | ||
34 | file://CVE-2020-7069.patch \ | ||
35 | " | 33 | " |
36 | 34 | ||
37 | S = "${WORKDIR}/php-${PV}" | 35 | S = "${WORKDIR}/php-${PV}" |
38 | SRC_URI[md5sum] = "e68a66c54b080d108831f6dc2e1e403d" | 36 | SRC_URI[sha256sum] = "85710f007cfd0fae94e13a02a3a036f4e81ef43693260cae8a2e1ca93659ce3e" |
39 | SRC_URI[sha256sum] = "2e270958a4216480da7886743438ccc92b6acf32ea96fefda88d07e0a5095deb" | ||
40 | 37 | ||
41 | inherit autotools pkgconfig python3native gettext | 38 | inherit autotools pkgconfig python3native gettext |
42 | 39 | ||