diff options
| author | Anil Dongare <adongare@cisco.com> | 2026-02-04 03:43:01 -0800 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2026-02-09 09:35:51 +0530 |
| commit | 70822f1a81f73dd07af85c843f93203f32a36ba9 (patch) | |
| tree | 288ce27661edc4a292e52d68f806b1a6bb32dc2c /meta-oe/recipes-devtools | |
| parent | 47502449211432157bbaeaac365d407eafc150ec (diff) | |
| download | meta-openembedded-70822f1a81f73dd07af85c843f93203f32a36ba9.tar.gz | |
php 8.2.29: Fix CVE-2025-14180
Upstream Repository: https://github.com/php/php-src.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14180
Type: Security Fix
CVE: CVE-2025-14180
Score: 7.5
Patch: https://github.com/php/php-src/commit/5797b94652c3
Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-oe/recipes-devtools')
| -rw-r--r-- | meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch | 69 | ||||
| -rw-r--r-- | meta-oe/recipes-devtools/php/php_8.2.29.bb | 1 |
2 files changed, 70 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch b/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch new file mode 100644 index 0000000000..110ba99b15 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php/CVE-2025-14180.patch | |||
| @@ -0,0 +1,69 @@ | |||
| 1 | From 86f18141dd016a7927083cc122c71f1a8877b414 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jakub Zelenka <bukka@php.net> | ||
| 3 | Date: Sat, 11 Oct 2025 19:37:26 +0200 | ||
| 4 | Subject: [PATCH] Fix GHSA-8xr5-qppj-gvwj: PDO quoting result null deref | ||
| 5 | |||
| 6 | CVE: CVE-2025-14180 | ||
| 7 | Upstream-Status: Backport [https://github.com/php/php-src/commit/5797b94652c3] | ||
| 8 | |||
| 9 | (cherry picked from commit 5797b94652c366521bff55f8e1a26ed6188f31b8) | ||
| 10 | Signed-off-by: Anil Dongare <adongare@cisco.com> | ||
| 11 | --- | ||
| 12 | ext/pdo/pdo_sql_parser.re | 6 +++++ | ||
| 13 | ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt | 28 ++++++++++++++++++++ | ||
| 14 | 2 files changed, 34 insertions(+) | ||
| 15 | create mode 100644 ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt | ||
| 16 | |||
| 17 | diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re | ||
| 18 | index 6bb0837fb31..7f4721d12a6 100644 | ||
| 19 | --- a/ext/pdo/pdo_sql_parser.re | ||
| 20 | +++ b/ext/pdo/pdo_sql_parser.re | ||
| 21 | @@ -287,6 +287,12 @@ safe: | ||
| 22 | } | ||
| 23 | |||
| 24 | plc->quoted = stmt->dbh->methods->quoter(stmt->dbh, buf, param_type); | ||
| 25 | + if (plc->quoted == NULL) { | ||
| 26 | + /* bork */ | ||
| 27 | + ret = -1; | ||
| 28 | + strncpy(stmt->error_code, stmt->dbh->error_code, 6); | ||
| 29 | + goto clean_up; | ||
| 30 | + } | ||
| 31 | } | ||
| 32 | } | ||
| 33 | |||
| 34 | diff --git a/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt | ||
| 35 | new file mode 100644 | ||
| 36 | index 00000000000..736354cab13 | ||
| 37 | --- /dev/null | ||
| 38 | +++ b/ext/pdo_pgsql/tests/ghsa-8xr5-qppj-gvwj.phpt | ||
| 39 | @@ -0,0 +1,28 @@ | ||
| 40 | +--TEST-- | ||
| 41 | +#GHSA-8xr5-qppj-gvwj: NULL Pointer Derefernce for failed user input quoting | ||
| 42 | +--EXTENSIONS-- | ||
| 43 | +pdo | ||
| 44 | +pdo_pgsql | ||
| 45 | +--SKIPIF-- | ||
| 46 | +<?php | ||
| 47 | +require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; | ||
| 48 | +require_once dirname(__FILE__) . '/config.inc'; | ||
| 49 | +PDOTest::skip(); | ||
| 50 | +?> | ||
| 51 | +--FILE-- | ||
| 52 | +<?php | ||
| 53 | +require_once dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc'; | ||
| 54 | +require_once dirname(__FILE__) . '/config.inc'; | ||
| 55 | +$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); | ||
| 56 | +$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); | ||
| 57 | +$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, true); | ||
| 58 | + | ||
| 59 | +$sql = "SELECT * FROM users where username = :username"; | ||
| 60 | +$stmt = $db->prepare($sql); | ||
| 61 | + | ||
| 62 | +$p1 = "alice\x99"; | ||
| 63 | +var_dump($stmt->execute(['username' => $p1])); | ||
| 64 | + | ||
| 65 | +?> | ||
| 66 | +--EXPECT-- | ||
| 67 | +bool(false) | ||
| 68 | -- | ||
| 69 | 2.43.7 | ||
diff --git a/meta-oe/recipes-devtools/php/php_8.2.29.bb b/meta-oe/recipes-devtools/php/php_8.2.29.bb index aa2244ce96..08e7e80c84 100644 --- a/meta-oe/recipes-devtools/php/php_8.2.29.bb +++ b/meta-oe/recipes-devtools/php/php_8.2.29.bb | |||
| @@ -22,6 +22,7 @@ SRC_URI = "http://php.net/distributions/php-${PV}.tar.bz2 \ | |||
| 22 | file://0001-Change-whether-to-inline-XXH3_hashLong_withSecret-to.patch \ | 22 | file://0001-Change-whether-to-inline-XXH3_hashLong_withSecret-to.patch \ |
| 23 | file://CVE-2025-14177.patch \ | 23 | file://CVE-2025-14177.patch \ |
| 24 | file://CVE-2025-14178.patch \ | 24 | file://CVE-2025-14178.patch \ |
| 25 | file://CVE-2025-14180.patch \ | ||
| 25 | " | 26 | " |
| 26 | 27 | ||
| 27 | SRC_URI:append:class-target = " \ | 28 | SRC_URI:append:class-target = " \ |
