diff options
author | fan.xin <fan.xin@jp.fujitsu.com> | 2015-12-14 13:37:53 +0900 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2016-09-18 12:19:15 -0700 |
commit | 7444253457e8e5581b3e48f173531f8119363fa4 (patch) | |
tree | 0d934f0eb467c322ba44142a254771dee79b947c /meta-oe | |
parent | 8d8671a31c07e5afdffd84de90fdb5a4149b818a (diff) | |
download | meta-openembedded-contrib-7444253457e8e5581b3e48f173531f8119363fa4.tar.gz |
php: Upgrade 5.6.12 -> 5.6.16
Fix CVE-2015-7803, CVE-2015-7804 and other bugs
http://php.net/ChangeLog-5.php
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ecaad588c79437be3209d987c49928ecbd907d8e)
dropped several security patch included in this update.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r-- | meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch | 85 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch | 64 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch | 55 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php-5.6.16/change-AC_TRY_RUN-to-AC_TRY_LINK.patch (renamed from meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch) | 0 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_5.6.12.bb | 9 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_5.6.16.bb | 5 |
6 files changed, 5 insertions, 213 deletions
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch deleted file mode 100644 index 223b9958b6..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch +++ /dev/null @@ -1,85 +0,0 @@ -From d698f0ae51f67c9cce870b09c59df3d6ba959244 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 28 Sep 2015 15:51:59 -0700 -Subject: [PATCH] Fix bug #69720: Null pointer dereference in - phar_get_fp_offset() - -Upstream-Status: Backport - -https://git.php.net/?p=php-src.git;a=patch;h=d698f0ae51f67c9cce870b09c59df3d6ba959244 - -excluded the binary part of the test - -CVE: CVE-2015-7803 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ext/phar/tests/bug69720.phar | Bin 0 -> 8192 bytes - ext/phar/tests/bug69720.phpt | 40 ++++++++++++++++++++++++++++++++++++++++ - ext/phar/util.c | 6 +++++- - 3 files changed, 45 insertions(+), 1 deletion(-) - create mode 100644 ext/phar/tests/bug69720.phar - create mode 100644 ext/phar/tests/bug69720.phpt - -Index: php-5.6.12/ext/phar/tests/bug69720.phpt -=================================================================== ---- /dev/null -+++ php-5.6.12/ext/phar/tests/bug69720.phpt -@@ -0,0 +1,40 @@ -+--TEST-- -+Phar - bug #69720 - Null pointer dereference in phar_get_fp_offset() -+--SKIPIF-- -+<?php if (!extension_loaded("phar")) die("skip"); ?> -+--FILE-- -+<?php -+try { -+ // open an existing phar -+ $p = new Phar(__DIR__."/bug69720.phar",0); -+ // Phar extends SPL's DirectoryIterator class -+ echo $p->getMetadata(); -+ foreach (new RecursiveIteratorIterator($p) as $file) { -+ // $file is a PharFileInfo class, and inherits from SplFileInfo -+ $temp=""; -+ $temp= $file->getFileName() . "\n"; -+ $temp.=file_get_contents($file->getPathName()) . "\n"; // display contents -+ var_dump($file->getMetadata()); -+ } -+} -+ catch (Exception $e) { -+ echo 'Could not open Phar: ', $e; -+} -+?> -+--EXPECTF-- -+ -+MY_METADATA_NULL -+ -+Warning: file_get_contents(phar:///%s): failed to open stream: phar error: "test.php" is not a file in phar "%s.phar" in %s.php on line %d -+array(1) { -+ ["whatever"]=> -+ int(123) -+} -+object(DateTime)#2 (3) { -+ ["date"]=> -+ string(26) "2000-01-01 00:00:00.000000" -+ ["timezone_type"]=> -+ int(3) -+ ["timezone"]=> -+ string(3) "UTC" -+} -Index: php-5.6.12/ext/phar/util.c -=================================================================== ---- php-5.6.12.orig/ext/phar/util.c -+++ php-5.6.12/ext/phar/util.c -@@ -494,7 +494,11 @@ really_get_entry: - (*ret)->is_tar = entry->is_tar; - (*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC); - if (entry->link) { -- (*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry TSRMLS_CC) TSRMLS_CC); -+ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC); -+ if(!link) { -+ return FAILURE; -+ } -+ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC); - } else { - (*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC); - } diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch deleted file mode 100644 index a159ac24d6..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 28 Sep 2015 17:12:35 -0700 -Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream - when zip entry filename is "/" - -Upstream-Status: Backport - -https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 - -excluded the zip part of the original patch. Hand applied dirstream change - -CVE: CVE-2015-7804 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ext/phar/dirstream.c | 2 +- - ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++ - ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes - 3 files changed, 24 insertions(+), 1 deletion(-) - create mode 100644 ext/phar/tests/bug70433.phpt - create mode 100755 ext/phar/tests/bug70433.zip - -Index: php-5.6.12/ext/phar/dirstream.c -=================================================================== ---- php-5.6.12.orig/ext/phar/dirstream.c -+++ php-5.6.12/ext/phar/dirstream.c -@@ -198,7 +198,7 @@ static php_stream *phar_make_dirstream(c - zend_hash_internal_pointer_reset(manifest); - - while (FAILURE != zend_hash_has_more_elements(manifest)) { -- if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) { -+ if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) { - break; - } - -Index: php-5.6.12/ext/phar/tests/bug70433.phpt -=================================================================== ---- /dev/null -+++ php-5.6.12/ext/phar/tests/bug70433.phpt -@@ -0,0 +1,23 @@ -+--TEST-- -+Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" -+--SKIPIF-- -+<?php if (!extension_loaded("phar")) die("skip"); ?> -+--FILE-- -+<?php -+$phar = new PharData(__DIR__."/bug70433.zip"); -+var_dump($phar); -+$meta = $phar->getMetadata(); -+var_dump($meta); -+?> -+DONE -+--EXPECTF-- -+object(PharData)#1 (3) { -+ ["pathName":"SplFileInfo":private]=> -+ string(0) "" -+ ["glob":"DirectoryIterator":private]=> -+ bool(false) -+ ["subPathName":"RecursiveDirectoryIterator":private]=> -+ string(0) "" -+} -+NULL -+DONE diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch deleted file mode 100644 index a7c35fe439..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 4b8394dd78571826ac66a69dc240c623f31d78f8 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 7 Dec 2015 23:30:49 -0800 -Subject: [PATCH] Fix bug #70976: fix boundary check on - gdImageRotateInterpolated - -Upstream-Status: Backport - -https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8 - -CVE: CVE-2016-1903 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ext/gd/libgd/gd_interpolation.c | 2 +- - ext/gd/tests/bug70976.phpt | 13 +++++++++++++ - 2 files changed, 14 insertions(+), 1 deletion(-) - create mode 100644 ext/gd/tests/bug70976.phpt - -diff --git a/ext/gd/libgd/gd_interpolation.c b/ext/gd/libgd/gd_interpolation.c -index f70169d..0f874ac 100644 ---- a/ext/gd/libgd/gd_interpolation.c -+++ b/ext/gd/libgd/gd_interpolation.c -@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(const gdImagePtr src, const float angle, in - { - const int angle_rounded = (int)floor(angle * 100); - -- if (bgcolor < 0) { -+ if (bgcolor < 0 || bgcolor >= gdMaxColors) { - return NULL; - } - -diff --git a/ext/gd/tests/bug70976.phpt b/ext/gd/tests/bug70976.phpt -new file mode 100644 -index 0000000..23af4ee ---- /dev/null -+++ b/ext/gd/tests/bug70976.phpt -@@ -0,0 +1,13 @@ -+--TEST-- -+Bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds) -+--SKIPIF-- -+<?php -+ if(!extension_loaded('gd')){ die('skip gd extension not available'); } -+?> -+--FILE-- -+<?php -+$img = imagerotate(imagecreate(1,1),45,0x7ffffff9); -+var_dump($img); -+?> -+--EXPECTF-- -+bool(false) -\ No newline at end of file --- -2.3.5 - diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch b/meta-oe/recipes-devtools/php/php-5.6.16/change-AC_TRY_RUN-to-AC_TRY_LINK.patch index 39c334f39d..39c334f39d 100644 --- a/meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch +++ b/meta-oe/recipes-devtools/php/php-5.6.16/change-AC_TRY_RUN-to-AC_TRY_LINK.patch diff --git a/meta-oe/recipes-devtools/php/php_5.6.12.bb b/meta-oe/recipes-devtools/php/php_5.6.12.bb deleted file mode 100644 index bd9a5b601c..0000000000 --- a/meta-oe/recipes-devtools/php/php_5.6.12.bb +++ /dev/null @@ -1,9 +0,0 @@ -require php.inc - -SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ - file://CVE-2015-7803.patch \ - file://CVE-2015-7804.patch \ - file://CVE-2016-1903.patch \ -" -SRC_URI[md5sum] = "4578dee9d979114610a444bee263ed9b" -SRC_URI[sha256sum] = "6f27104272af7b2a996f85e4100fac627630fbdaf39d7bd263f16cf529c8853a" diff --git a/meta-oe/recipes-devtools/php/php_5.6.16.bb b/meta-oe/recipes-devtools/php/php_5.6.16.bb new file mode 100644 index 0000000000..822c0907c8 --- /dev/null +++ b/meta-oe/recipes-devtools/php/php_5.6.16.bb @@ -0,0 +1,5 @@ +require php.inc + +SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch" +SRC_URI[md5sum] = "765b164b89af1f03ae2fdf39a4e4e1df" +SRC_URI[sha256sum] = "4fe6f40964c1bfaba05fc144ba20a2cdad33e11685f4f101ea5a48b98bbcd2ae" |