Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

php: Fix CVE-2018-17082 (release-18.09) #50505

Closed
wants to merge 1 commit into from
Closed

php: Fix CVE-2018-17082 (release-18.09) #50505

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
64 changes: 34 additions & 30 deletions pkgs/development/interpreters/php/default.nix
View file
Open in desktop
Expand Up @@ -8,6 +8,17 @@

with lib;

# Because of an upstream bug: https://bugs.php.net/bug.php?id=76826
# We can't enable the intl extensions for Darwin, due to CVE-2018-17082
# forcing us to use recent versions.
#
# The bug so far is present in:
# * 7.1.21, 7.1.22, 7.1.23, 7.1.24
# * 7.2.9, 7.2.10, 7.2.11, 7.2.12
#
# Once it will be fixed, we will be able to remove the two specificities
# between Darwin and intl here.

let
generic =
{ version
Expand Down Expand Up @@ -176,6 +187,21 @@ let
--replace '@PHP_LDFLAGS@' ""
done

if [ "x${toString ((config.php.intl or true) -> !stdenv.isDarwin)}" = "x" ]; then
cat <<EOF
PHP does not support the intl extension on Darwin for recent versions of PHP.
Please set "php.intl = false;" in your nixpkgs configuration:
"nixpkgs.config.php.intl = false;" in "/etc/nixos/configuration.nix" for
NixOS, and "php.intl = false;" in "~/.config/nixpkgs/config.nix" for
non-NixOS.
If you would prefer to keep an old version of PHP with intl, please be aware
that it has known security vulnerabilities. If you really want to do it,
please see this wiki page: https://nixos.wiki/wiki/FAQ/Pinning_Nixpkgs
EOF
exit 1
fi


#[[ -z "$libxml2" ]] || addToSearchPath PATH $libxml2/bin

export EXTENSION_DIR=$out/lib/php/extensions
Expand Down Expand Up @@ -223,35 +249,13 @@ let
};

in {
# Because of an upstream bug: https://bugs.php.net/bug.php?id=76826
# We can't update the darwin versions because they simply don't compile at
# all due to a bug in the intl extensions.
#
# The bug so far is present in 7.1.21, 7.1.22, 7.2.9, 7.2.10.

php71 = generic (
if stdenv.isDarwin then
{
version = "7.1.20";
sha256 = "0i8xd6p4zdg8fl6f0j430raanlshsshr3s3jlm72b0gvi1n4f6rs";
}
else
{
version = "7.1.22";
sha256 = "0qz74qdlk19cw478f42ckyw5r074y0fg73r2bzlhm0dar0cizsf8";
}
);
php71 = generic {
version = "7.1.24";
sha256 = "02qy76krbdhlbkzs9k1sa5mgmj0qnbb8gcf1j3q0cq3z7kkj9pk6";
};

php72 = generic (
if stdenv.isDarwin then
{
version = "7.2.8";
sha256 = "1rky321gcvjm0npbfd4bznh36an0y14viqcvn4yzy3x643sni00z";
}
else
{
version = "7.2.10";
sha256 = "17fsvdi6ihjghjsz9kk2li2rwrknm2ccb6ys0xmn789116d15dh1";
}
);
php72 = generic {
version = "7.2.12";
sha256 = "1dpnbsv4bdlc5v40ddddi971f456jp1qrn89w5di1dj70g1c895p";
};
}