summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-devtools
diff options
context:
space:
mode:
authorAnil Dongare <adongare@cisco.com>2026-02-04 03:43:01 -0800
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-02-09 09:35:51 +0530
commit70822f1a81f73dd07af85c843f93203f32a36ba9 (patch)
tree288ce27661edc4a292e52d68f806b1a6bb32dc2c /meta-oe/recipes-devtools
parent47502449211432157bbaeaac365d407eafc150ec (diff)
downloadmeta-openembedded-70822f1a81f73dd07af85c843f93203f32a36ba9.tar.gz
php 8.2.29: Fix CVE-2025-14180
Upstream Repository: https://github.com/php/php-src.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14180 Type: Security Fix CVE: CVE-2025-14180 Score: 7.5 Patch: https://github.com/php/php-src/commit/5797b94652c3 Signed-off-by: Anil Dongare <adongare@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
-rw-r--r--meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch69
-rw-r--r--meta-oe/recipes-devtools/php/php_8.2.29.bb1
2 files changed, 70 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch b/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch
new file mode 100644
index 0000000000..110ba99b15
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch
@@ -0,0 +1,69 @@
1From 86f18141dd016a7927083cc122c71f1a8877b414 Mon Sep 17 00:00:00 2001
2From: Jakub Zelenka <bukka@php.net>
3Date: Sat, 11 Oct 2025 19:37:26 +0200
4Subject: [PATCH] Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref
5
6CVE: CVE-2025-14180
7Upstream-Status: Backport [https://github.com/php/php-src/commit/5797b94652c3]
8
9(cherry picked from commit 5797b94652c366521bff55f8e1a26ed6188f31b8)
10Signed-off-by: Anil Dongare <adongare@cisco.com>
11---
12 ext/pdo/pdo_sql_parser.re | 6 +++++
13 ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt | 28 ++++++++++++++++++++
14 2 files changed, 34 insertions(+)
15 create mode 100644 ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt
16
17diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re
18index 6bb0837fb31..7f4721d12a6 100644
19--- a/ext/pdo/pdo_sql_parser.re
20+++ b/ext/pdo/pdo_sql_parser.re
21@@ -287,6 +287,12 @@ safe:
22 }
23
24 plc->quoted = stmt->dbh->methods->quoter(stmt->dbh, buf, param_type);
25+ if (plc->quoted == NULL) {
26+ /* bork */
27+ ret = -1;
28+ strncpy(stmt->error_code, stmt->dbh->error_code, 6);
29+ goto clean_up;
30+ }
31 }
32 }
33
34diff --git a/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt
35new file mode 100644
36index 00000000000..736354cab13
37--- /dev/null
38+++ b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt
39@@ -0,0 +1,28 @@
40+--TEST--
41+#GHSA-8xr5-qppj-gvwj: NULL Pointer Derefernce for failed user input quoting
42+--EXTENSIONS--
43+pdo
44+pdo_pgsql
45+--SKIPIF--
46+<?php
47+require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
48+require_once dirname(__FILE__) . '/config.inc';
49+PDOTest::skip();
50+?>
51+--FILE--
52+<?php
53+require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
54+require_once dirname(__FILE__) . '/config.inc';
55+$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
56+$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
57+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
58+
59+$sql = "SELECT * FROM users where username = :username";
60+$stmt = $db->prepare($sql);
61+
62+$p1 = "alice\x99";
63+var_dump($stmt->execute(['username' => $p1]));
64+
65+?>
66+--EXPECT--
67+bool(false)
68--
692.43.7
diff --git a/meta-oe/recipes-devtools/php/php_8.2.29.bb b/meta-oe/recipes-devtools/php/php_8.2.29.bb
index aa2244ce96..08e7e80c84 100644
--- a/meta-oe/recipes-devtools/php/php_8.2.29.bb
+++ b/meta-oe/recipes-devtools/php/php_8.2.29.bb
@@ -22,6 +22,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \
22 file://0001-Change-whether-to-inline-XXH3_hashLong_withSecret-to.patch \ 22 file://0001-Change-whether-to-inline-XXH3_hashLong_withSecret-to.patch \
23 file://CVE-2025-14177.patch \ 23 file://CVE-2025-14177.patch \
24 file://CVE-2025-14178.patch \ 24 file://CVE-2025-14178.patch \
25 file://CVE-2025-14180.patch \
25 " 26 "
26 27
27SRC_URI:append:class-target = " \ 28SRC_URI:append:class-target = " \