Bug#1104611: unblock: libphp-adodb/5.22.9-0.1
Package: release.debian.org
Severity: normal
Control: affects -1 + src:libphp-adodb
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: libphp-adodb@packages.debian.org, jmv_deb@nirgal.com,
nirgal@debian.org, camrdale@gmail.com, leandrocunha016@gmail.com
Please unblock package libphp-adodb
Version 5.22.9-0.1 fixes the CVE with critical severity 10/10, defined
as CVE-2025-46337. Reported in bug #1104548 (severity: grave (RC
bug)).
[ Reason ]
ADOdb is a PHP database class library that provides abstractions for
performing queries and managing databases. Prior to version 5.22.9,
improper escaping of a query parameter may allow an attacker to
execute arbitrary SQL statements when the code using ADOdb connects to
a PostgreSQL database and calls pg_insert_id() with user-supplied
data. This issue has been patched in version 5.22.9. This as mentioned
in the bug above.
[ Impact ]
No negative impact, but positive in view of the improvement presented
in the code that resolves a serious vulnerability.
[ Tests ]
Everything from Salsa CI running on my fork. In addition to
reproducing the library in question using a package that is a
dependency, such as phppgadmin.
It is needed in data manipulation as can be seen in
https://github.com/phppgadmin/phppgadmin/issues/162.
[ Risks ]
No imminent risk was detected during the analyses.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
All information already presented.
unblock libphp-adodb/5.22.9-0.1
diffstat for libphp-adodb-5.22.8 libphp-adodb-5.22.9
adodb-active-record.inc.php | 1 +
adodb-active-recordx.inc.php | 1 +
adodb-datadict.inc.php | 20 +++++++++++++++++---
adodb.inc.php | 2 +-
datadict/datadict-access.inc.php | 2 +-
datadict/datadict-db2.inc.php | 2 +-
datadict/datadict-firebird.inc.php | 2 +-
datadict/datadict-informix.inc.php | 2 +-
datadict/datadict-mssql.inc.php | 2 +-
datadict/datadict-mssqlnative.inc.php | 2 +-
datadict/datadict-mysql.inc.php | 2 +-
datadict/datadict-oci8.inc.php | 2 +-
datadict/datadict-postgres.inc.php | 2 +-
datadict/datadict-sapdb.inc.php | 2 +-
datadict/datadict-sqlite.inc.php | 9 ++++++---
datadict/datadict-sybase.inc.php | 2 +-
debian/changelog | 7 +++++++
docs/changelog.md | 18 ++++++++++++++++++
drivers/adodb-postgres64.inc.php | 16 +++++++++++++---
drivers/adodb-sqlite3.inc.php | 20 +++++++++++++-------
20 files changed, 88 insertions(+), 28 deletions(-)
diff -Nru libphp-adodb-5.22.8/adodb-active-record.inc.php libphp-adodb-5.22.9/adodb-active-record.inc.php
--- libphp-adodb-5.22.8/adodb-active-record.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/adodb-active-record.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -74,6 +74,7 @@
}
+#[\AllowDynamicProperties]
class ADODB_Active_Record {
static $_changeNames = true; // dynamically pluralize table names
diff -Nru libphp-adodb-5.22.8/adodb-active-recordx.inc.php libphp-adodb-5.22.9/adodb-active-recordx.inc.php
--- libphp-adodb-5.22.8/adodb-active-recordx.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/adodb-active-recordx.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -82,6 +82,7 @@
}
+#[\AllowDynamicProperties]
class ADODB_Active_Record {
static $_changeNames = true; // dynamically pluralize table names
static $_foreignSuffix = '_id'; //
diff -Nru libphp-adodb-5.22.8/adodb-datadict.inc.php libphp-adodb-5.22.9/adodb-datadict.inc.php
--- libphp-adodb-5.22.8/adodb-datadict.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/adodb-datadict.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -845,7 +845,7 @@
$fdefault = $this->connection->qstr($fdefault);
}
}
- $suffix = $this->_createSuffix($fname,$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned);
+ $suffix = $this->_createSuffix($fname, $ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, $pkey);
// add index creation
if ($widespacing) $fname = str_pad($fname,24);
@@ -898,8 +898,22 @@
}
- // return string must begin with space
- function _createSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ /**
+ * Construct an database specific SQL string of constraints for column.
+ *
+ * @param string $fname column name
+ * @param string & $ftype column type
+ * @param bool $fnotnull NOT NULL flag
+ * @param string|bool $fdefault DEFAULT value
+ * @param bool $fautoinc AUTOINCREMENT flag
+ * @param string $fconstraint CONSTRAINT value
+ * @param bool $funsigned UNSIGNED flag
+ * @param string|bool $fprimary PRIMARY value
+ * @param array & $pkey array of primary key column names
+ *
+ * @return string Combined constraint string, must start with a space
+ */
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
if (strlen($fdefault)) $suffix .= " DEFAULT $fdefault";
diff -Nru libphp-adodb-5.22.8/adodb.inc.php libphp-adodb-5.22.9/adodb.inc.php
--- libphp-adodb-5.22.8/adodb.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/adodb.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -198,7 +198,7 @@
/**
* ADODB version as a string.
*/
- $ADODB_vers = 'v5.22.8 2025-01-25';
+ $ADODB_vers = 'v5.22.9 2025-05-01';
/**
* Determines whether recordset->RecordCount() is used.
diff -Nru libphp-adodb-5.22.8/datadict/datadict-access.inc.php libphp-adodb-5.22.9/datadict/datadict-access.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-access.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-access.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -69,7 +69,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname, &$ftype, $fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
if ($fautoinc) {
$ftype = 'COUNTER';
diff -Nru libphp-adodb-5.22.8/datadict/datadict-db2.inc.php libphp-adodb-5.22.9/datadict/datadict-db2.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-db2.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-db2.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -72,7 +72,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
if ($fautoinc) return ' GENERATED ALWAYS AS IDENTITY'; # as identity start with
diff -Nru libphp-adodb-5.22.8/datadict/datadict-firebird.inc.php libphp-adodb-5.22.9/datadict/datadict-firebird.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-firebird.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-firebird.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -135,7 +135,7 @@
}
- function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
diff -Nru libphp-adodb-5.22.8/datadict/datadict-informix.inc.php libphp-adodb-5.22.9/datadict/datadict-informix.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-informix.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-informix.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -81,7 +81,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname, &$ftype, $fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
if ($fautoinc) {
$ftype = 'SERIAL';
diff -Nru libphp-adodb-5.22.8/datadict/datadict-mssql.inc.php libphp-adodb-5.22.9/datadict/datadict-mssql.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-mssql.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-mssql.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -177,7 +177,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
if (strlen($fdefault)) $suffix .= " DEFAULT $fdefault";
diff -Nru libphp-adodb-5.22.8/datadict/datadict-mssqlnative.inc.php libphp-adodb-5.22.9/datadict/datadict-mssqlnative.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-mssqlnative.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-mssqlnative.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -269,7 +269,7 @@
// return string must begin with space
/** @noinspection DuplicatedCode */
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
if (strlen($fdefault)) $suffix .= " DEFAULT $fdefault";
diff -Nru libphp-adodb-5.22.8/datadict/datadict-mysql.inc.php libphp-adodb-5.22.9/datadict/datadict-mysql.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-mysql.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-mysql.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -143,7 +143,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
if ($funsigned) $suffix .= ' UNSIGNED';
diff -Nru libphp-adodb-5.22.8/datadict/datadict-oci8.inc.php libphp-adodb-5.22.9/datadict/datadict-oci8.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-oci8.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-oci8.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -199,7 +199,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
diff -Nru libphp-adodb-5.22.8/datadict/datadict-postgres.inc.php libphp-adodb-5.22.9/datadict/datadict-postgres.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-postgres.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-postgres.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -399,7 +399,7 @@
}
// return string must begin with space
- function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
if ($fautoinc) {
$ftype = 'SERIAL';
diff -Nru libphp-adodb-5.22.8/datadict/datadict-sapdb.inc.php libphp-adodb-5.22.9/datadict/datadict-sapdb.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-sapdb.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-sapdb.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -104,7 +104,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
if ($funsigned) $suffix .= ' UNSIGNED';
diff -Nru libphp-adodb-5.22.8/datadict/datadict-sqlite.inc.php libphp-adodb-5.22.9/datadict/datadict-sqlite.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-sqlite.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-sqlite.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -74,13 +74,16 @@
}
// return string must begin with space
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
- if ($funsigned) $suffix .= ' UNSIGNED';
+ if ($funsigned && !($fprimary && $fautoinc)) $suffix .= ' UNSIGNED';
if ($fnotnull) $suffix .= ' NOT NULL';
if (strlen($fdefault)) $suffix .= " DEFAULT $fdefault";
- if ($fautoinc) $suffix .= ' AUTOINCREMENT';
+ if ($fprimary && $fautoinc) {
+ $suffix .= ' PRIMARY KEY AUTOINCREMENT';
+ array_pop($pkey);
+ }
if ($fconstraint) $suffix .= ' '.$fconstraint;
return $suffix;
}
diff -Nru libphp-adodb-5.22.8/datadict/datadict-sybase.inc.php libphp-adodb-5.22.9/datadict/datadict-sybase.inc.php
--- libphp-adodb-5.22.8/datadict/datadict-sybase.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/datadict/datadict-sybase.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -139,7 +139,7 @@
}
// return string must begin with space
- function _CreateSuffix($fname,&$ftype,$fnotnull,$fdefault,$fautoinc,$fconstraint,$funsigned)
+ function _createSuffix($fname, &$ftype, $fnotnull, $fdefault, $fautoinc, $fconstraint, $funsigned, $fprimary, &$pkey)
{
$suffix = '';
if (strlen($fdefault)) $suffix .= " DEFAULT $fdefault";
diff -Nru libphp-adodb-5.22.8/debian/changelog libphp-adodb-5.22.9/debian/changelog
--- libphp-adodb-5.22.8/debian/changelog 2025-02-09 17:20:13.000000000 -0300
+++ libphp-adodb-5.22.9/debian/changelog 2025-05-02 10:48:03.000000000 -0300
@@ -1,3 +1,10 @@
+libphp-adodb (5.22.9-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * New upstream version 5.22.9 (Closes: #1104548, CVE-2025-46337)
+
+ -- Leandro Cunha <leandrocunha016@gmail.com> Fri, 02 May 2025 10:48:03 -0300
+
libphp-adodb (5.22.8-0.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru libphp-adodb-5.22.8/docs/changelog.md libphp-adodb-5.22.9/docs/changelog.md
--- libphp-adodb-5.22.8/docs/changelog.md 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/docs/changelog.md 2025-05-01 08:49:24.000000000 -0300
@@ -14,6 +14,23 @@
--------------------------------------------------------------------------------
+## [5.22.9] - 2025-05-01
+
+### Security
+
+- pgsql: SQL injection in pg_insert_id() method (CVE-2025-46337)
+ [#1070](https://github.com/ADOdb/ADOdb/issues/1070)
+
+### Fixed
+
+- sqlite: Fulfill PRIMARY KEY AUTOINCREMENT requirements
+ [#1055](https://github.com/ADOdb/ADOdb/issues/1055)
+- sqlite: fix error reporting
+ [#1061](https://github.com/ADOdb/ADOdb/issues/1061)
+- Creation of dynamic property deprecated warning with PHP 8.2
+ [#1068](https://github.com/ADOdb/ADOdb/issues/1068)
+
+
## [5.22.8] - 2025-01-25
### Added
@@ -1473,6 +1490,7 @@
- Adodb5 version,more error checking code now will use exceptions if available.
+[5.22.9]: https://github.com/adodb/adodb/compare/v5.22.8...v5.22.9
[5.22.8]: https://github.com/adodb/adodb/compare/v5.22.7...v5.22.8
[5.22.7]: https://github.com/adodb/adodb/compare/v5.22.6...v5.22.7
[5.22.6]: https://github.com/adodb/adodb/compare/v5.22.5...v5.22.6
diff -Nru libphp-adodb-5.22.8/drivers/adodb-postgres64.inc.php libphp-adodb-5.22.9/drivers/adodb-postgres64.inc.php
--- libphp-adodb-5.22.8/drivers/adodb-postgres64.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/drivers/adodb-postgres64.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -135,10 +135,20 @@
return " coalesce($field, $ifNull) ";
}
- // get the last id - never tested
- function pg_insert_id($tablename,$fieldname)
+ /**
+ * Get the last inserted id.
+ *
+ * @param string $tablename
+ * @param string $fieldname
+ * @return int|false
+ *
+ * @noinspection PhpUnused
+ * @deprecated 5.22.9 Use {@see insert_ID()} method instead.
+ */
+ function pg_insert_id($tablename, $fieldname)
{
- $result=pg_query($this->_connectionID, 'SELECT last_value FROM '. $tablename .'_'. $fieldname .'_seq');
+ $sequence = pg_escape_identifier($this->_connectionID, $tablename .'_'. $fieldname .'_seq');
+ $result = pg_query($this->_connectionID, 'SELECT last_value FROM '. $sequence);
if ($result) {
$arr = @pg_fetch_row($result,0);
pg_free_result($result);
diff -Nru libphp-adodb-5.22.8/drivers/adodb-sqlite3.inc.php libphp-adodb-5.22.9/drivers/adodb-sqlite3.inc.php
--- libphp-adodb-5.22.8/drivers/adodb-sqlite3.inc.php 2025-01-24 22:10:09.000000000 -0300
+++ libphp-adodb-5.22.9/drivers/adodb-sqlite3.inc.php 2025-05-01 08:49:24.000000000 -0300
@@ -32,7 +32,6 @@
var $dataProvider = "sqlite";
var $replaceQuote = "''"; // string to use to replace quotes
var $concat_operator='||';
- var $_errorNo = 0;
var $hasLimit = true;
var $hasInsertID = true; /// supports autoincrement ID?
var $hasAffectedRows = true; /// supports affected rows for update/delete?
@@ -276,17 +275,20 @@
return $this->_connectionID->changes();
}
+ protected function lastError()
+ {
+ $this->_errorMsg = $this->_connectionID->lastErrorMsg();
+ $this->_errorCode = $this->_connectionID->lastErrorCode();
+ }
+
function ErrorMsg()
{
- if ($this->_logsql) {
- return $this->_errorMsg;
- }
- return ($this->_errorNo) ? $this->ErrorNo() : ''; //**tochange?
+ return $this->_errorMsg;
}
function ErrorNo()
{
- return $this->_connectionID->lastErrorCode(); //**tochange??
+ return $this->_errorCode;
}
function SQLDate($fmt, $col=false)
@@ -335,7 +337,7 @@
{
$rez = $this->_connectionID->query($sql);
if ($rez === false) {
- $this->_errorNo = $this->_connectionID->lastErrorCode();
+ $this->lastError();
}
// If no data was returned, we don't need to create a real recordset
elseif ($rez->numColumns() == 0) {
@@ -647,6 +649,10 @@
// Prepare the statement
$stmt = $this->_connectionID->prepare($sql);
+ if ($stmt === false) {
+ $this->lastError();
+ return false;
+ }
// Set the first bind value equal to value we want to update
if (!$stmt->bindValue(1, $val, SQLITE3_BLOB)) {
Reply to: