Page MenuHomePhabricator
Files F10722329

T180231-master.patch
Reedy (Sam Reed)
Actions

Authored By
Reedy
Nov 11 2017, 1:25 AM
Size
1 KB
Referenced Files
None
Subscribers
None

T180231-master.patch
View Options

From 0863bcf799f68948e46e0016c5525975b332527c Mon Sep 17 00:00:00 2001
From: Kunal Mehta <legoktm@member.fsf.org>
Date: Fri, 10 Nov 2017 16:53:24 -0800
Subject: [PATCH] [SECURITY] update.php: Remove eval-stdin.php if necessary
If phpunit's eval-stdin.php file exists and is one of the vulnerable
versions, delete it when running update.php as most people should run
that when updating to a new release. If the unlink() call fails, we'll
warn the user but continue with update.php processing and hope they've
mitigated it in some other way.
Bug: T180231
Change-Id: I5b838686ede9764083c52853cc05c52ea72739df
---
maintenance/update.php | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/maintenance/update.php b/maintenance/update.php
index ba66c76683..70cea516ec 100755
--- a/maintenance/update.php
+++ b/maintenance/update.php
@@ -170,6 +170,24 @@ class UpdateMediaWiki extends Maintenance {
$time1 = microtime( true );
+ $badPhpUnit = dirname( __DIR__ ) . '/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php';
+ if ( file_exists( $badPhpUnit ) ) {
+ // Bad versions of the file are:
+ // https://raw.githubusercontent.com/sebastianbergmann/phpunit/c820f915bfae34e5a836f94967a2a5ea5ef34f21/src/Util/PHP/eval-stdin.php
+ // https://raw.githubusercontent.com/sebastianbergmann/phpunit/3aaddb1c5bd9b9b8d070b4cf120e71c36fd08412/src/Util/PHP/eval-stdin.php
+ $md5 = md5_file( $badPhpUnit );
+ if ( $md5 === '120ac49800671dc383b6f3709c25c099'
+ || $md5 === '28af792cb38fc9a1b236b91c1aad2876'
+ ) {
+ $success = unlink( $badPhpUnit );
+ if ( $success ) {
+ $this->output( "Removed PHPUnit eval-stdin.php to protect against CVE-2017-9841\n" );
+ } else {
+ $this->error( "Unable to remove $badPhpUnit, you should manually. See CVE-2017-9841" );
+ }
+ }
+ }
+
$shared = $this->hasOption( 'doshared' );
$updates = [ 'core', 'extensions' ];
--
2.13.6

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5081404
Default Alt Text
T180231-master.patch (1 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL