From: "akuster" <akuster808@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [dunfell 11/28] php: CVE-2020-7070
Date: Sun, 17 Jan 2021 09:46:09 -0800 [thread overview]
Message-ID: <8d4826f656e07802cb7c2455164855aa0c5fee9c.1610905441.git.akuster808@gmail.com> (raw)
In-Reply-To: <cover.1610905441.git.akuster808@gmail.com>
From: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Security Advisory
References
https://nvd.nist.gov/vuln/detail/CVE-2020-7070
https://bugs.php.net/patch-display.php?bug=79699&patch=fix-urldecode&revision=1600650364
https://github.com/php/php-src/blob/master/main/php_variables.c
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aff8a1fefb9a1a311e5ba14ad69871514270803a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 09f5a2ac5ab8550f5f0bd05417f2f54d27995dac)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../php/php/CVE-2020-7070.patch | 24 +++++++++++++++++++
meta-oe/recipes-devtools/php/php_7.4.9.bb | 1 +
2 files changed, 25 insertions(+)
create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch
diff --git a/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch b/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch
new file mode 100644
index 0000000000..e5b527f989
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php/CVE-2020-7070.patch
@@ -0,0 +1,24 @@
+Subject: Patch fix-urldecode for HTTP related Bug #79699
+
+---
+ main/php_variables.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/main/php_variables.c b/main/php_variables.c
+index 1a40c2a1..cbdc7cf1 100644
+--- a/main/php_variables.c
++++ b/main/php_variables.c
+@@ -514,7 +514,9 @@ SAPI_API SAPI_TREAT_DATA_FUNC(php_default_treat_data)
+ }
+
+ val = estrndup(val, val_len);
+- php_url_decode(var, strlen(var));
++ if (arg != PARSE_COOKIE) {
++ php_url_decode(var, strlen(var));
++ }
+ if (sapi_module.input_filter(arg, var, &val, val_len, &new_val_len)) {
+ php_register_variable_safe(var, val, new_val_len, &array);
+ }
+--
+2.25.1
+
diff --git a/meta-oe/recipes-devtools/php/php_7.4.9.bb b/meta-oe/recipes-devtools/php/php_7.4.9.bb
index fc01ea1953..73caed6543 100644
--- a/meta-oe/recipes-devtools/php/php_7.4.9.bb
+++ b/meta-oe/recipes-devtools/php/php_7.4.9.bb
@@ -30,6 +30,7 @@ SRC_URI_append_class-target = " \
file://phar-makefile.patch \
file://0001-opcache-config.m4-enable-opcache.patch \
file://xfail_two_bug_tests.patch \
+ file://CVE-2020-7070.patch \
"
S = "${WORKDIR}/php-${PV}"
--
2.17.1
next prev parent reply other threads:[~2021-01-17 17:46 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-17 17:45 [dunfell 00/28] Patch review Jan 17th akuster
2021-01-17 17:45 ` [dunfell 01/28] tcpdump: Patch for CVE-2020-8037 akuster
2021-01-17 17:46 ` [dunfell 02/28] dlt-daemon: add upstream patch to fix CVE-2020-29394 akuster
2021-01-17 17:46 ` [dunfell 03/28] pcsc-lite: provide pcsc-lite-lib-native explicitly for native build akuster
2021-01-17 17:46 ` [dunfell 04/28] wireguard-module: fix build issue with 5.4 kernel akuster
2021-01-17 17:46 ` [dunfell 05/28] mcpp: Normalize the patch format of CVE akuster
2021-01-17 17:46 ` [dunfell 06/28] zabbix: CVE-2020-15803 Security Advisory akuster
2021-01-17 17:46 ` [dunfell 07/28] samba: CVE-2020-14318 " akuster
2021-01-17 17:46 ` [dunfell 08/28] samba: CVE-2020-14383 " akuster
2021-01-17 17:46 ` [dunfell 09/28] php: Upgrade 7.4.4 -> 7.4.9 akuster
2021-01-17 17:46 ` [dunfell 10/28] php: remove the failing ${D}/${TMPDIR} code akuster
2021-01-17 17:46 ` akuster [this message]
2021-01-17 17:46 ` [dunfell 12/28] php: CVE-2020-7069 akuster
2021-01-17 17:46 ` [dunfell 13/28] apache2: upgrade v2.4.43 -> v2.4.46 akuster
2021-01-17 17:46 ` [dunfell 14/28] mariadb: update to 10.4.17 for cve fixes akuster
2021-01-17 17:46 ` [dunfell 15/28] lua: fix CVE-2020-15945 akuster
2021-01-17 17:46 ` [dunfell 16/28] lua: fix CVE-2020-24371 akuster
2021-01-17 17:46 ` [dunfell 17/28] lua: update to 5.3.6 akuster
2021-01-17 17:46 ` [dunfell 18/28] nss: Security fix CVE-2020-12401 akuster
2021-01-17 17:46 ` [dunfell 19/28] wireshark: Several securtiy fixes akuster
2021-01-17 17:46 ` [dunfell 20/28] nodejs: Fix build with icu 67.1 akuster
2021-01-17 17:46 ` [dunfell 21/28] nodejs: Upgrade to 12.18.3 akuster
2021-01-17 17:46 ` [dunfell 22/28] nodejs: Fix arm32/thumb builds with clang akuster
2021-01-17 17:46 ` [dunfell 23/28] nodejs: Update to 12.19.0 akuster
2021-01-17 17:46 ` [dunfell 24/28] nodejs: 12.19.0 -> 12.19.1 akuster
2021-01-17 17:46 ` [dunfell 25/28] nodejs: 12.19.1 -> 12.20.1 akuster
2021-01-17 17:46 ` [dunfell 26/28] libsdl2-mixer: Fix ogg/vorbis support in libsdl2-mixer akuster
2021-01-17 17:46 ` [dunfell 27/28] libsdl2-mixer: set --disable-music-ogg-shared to link statically akuster
2021-01-17 17:46 ` [dunfell 28/28] geoclue: select avahi-daemon if nmea enabled akuster
2021-01-17 20:38 ` [oe] [dunfell 00/28] Patch review Jan 17th Andreas Müller
2021-01-18 4:09 ` akuster
2021-01-18 10:12 ` Diego Santa Cruz
2021-01-18 16:34 ` akuster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8d4826f656e07802cb7c2455164855aa0c5fee9c.1610905441.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.