aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfan.xin <fan.xin@jp.fujitsu.com>2015-12-14 13:37:53 +0900
committerArmin Kuster <akuster808@gmail.com>2016-09-18 12:19:15 -0700
commit7444253457e8e5581b3e48f173531f8119363fa4 (patch)
tree0d934f0eb467c322ba44142a254771dee79b947c
parent8d8671a31c07e5afdffd84de90fdb5a4149b818a (diff)
downloadmeta-openembedded-7444253457e8e5581b3e48f173531f8119363fa4.tar.gz
meta-openembedded-7444253457e8e5581b3e48f173531f8119363fa4.tar.bz2
meta-openembedded-7444253457e8e5581b3e48f173531f8119363fa4.zip
php: Upgrade 5.6.12 -> 5.6.16
Fix CVE-2015-7803, CVE-2015-7804 and other bugs http://php.net/ChangeLog-5.php Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> (cherry picked from commit ecaad588c79437be3209d987c49928ecbd907d8e) dropped several security patch included in this update. Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch85
-rw-r--r--meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch64
-rw-r--r--meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch55
-rw-r--r--meta-oe/recipes-devtools/php/php-5.6.16/change-AC_TRY_RUN-to-AC_TRY_LINK.patch (renamed from meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch)0
-rw-r--r--meta-oe/recipes-devtools/php/php_5.6.12.bb9
-rw-r--r--meta-oe/recipes-devtools/php/php_5.6.16.bb5
6 files changed, 5 insertions, 213 deletions
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch
deleted file mode 100644
index 223b9958b..000000000
--- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From d698f0ae51f67c9cce870b09c59df3d6ba959244 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <stas@php.net>
-Date: Mon, 28 Sep 2015 15:51:59 -0700
-Subject: [PATCH] Fix bug #69720: Null pointer dereference in
- phar_get_fp_offset()
-
-Upstream-Status: Backport
-
-https://git.php.net/?p=php-src.git;a=patch;h=d698f0ae51f67c9cce870b09c59df3d6ba959244
-
-excluded the binary part of the test
-
-CVE: CVE-2015-7803
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ext/phar/tests/bug69720.phar | Bin 0 -> 8192 bytes
- ext/phar/tests/bug69720.phpt | 40 ++++++++++++++++++++++++++++++++++++++++
- ext/phar/util.c | 6 +++++-
- 3 files changed, 45 insertions(+), 1 deletion(-)
- create mode 100644 ext/phar/tests/bug69720.phar
- create mode 100644 ext/phar/tests/bug69720.phpt
-
-Index: php-5.6.12/ext/phar/tests/bug69720.phpt
-===================================================================
---- /dev/null
-+++ php-5.6.12/ext/phar/tests/bug69720.phpt
-@@ -0,0 +1,40 @@
-+--TEST--
-+Phar - bug #69720 - Null pointer dereference in phar_get_fp_offset()
-+--SKIPIF--
-+<?php if (!extension_loaded("phar")) die("skip"); ?>
-+--FILE--
-+<?php
-+try {
-+ // open an existing phar
-+ $p = new Phar(__DIR__."/bug69720.phar",0);
-+ // Phar extends SPL's DirectoryIterator class
-+ echo $p->getMetadata();
-+ foreach (new RecursiveIteratorIterator($p) as $file) {
-+ // $file is a PharFileInfo class, and inherits from SplFileInfo
-+ $temp="";
-+ $temp= $file->getFileName() . "\n";
-+ $temp.=file_get_contents($file->getPathName()) . "\n"; // display contents
-+ var_dump($file->getMetadata());
-+ }
-+}
-+ catch (Exception $e) {
-+ echo 'Could not open Phar: ', $e;
-+}
-+?>
-+--EXPECTF--
-+
-+MY_METADATA_NULL
-+
-+Warning: file_get_contents(phar:///%s): failed to open stream: phar error: "test.php" is not a file in phar "%s.phar" in %s.php on line %d
-+array(1) {
-+ ["whatever"]=>
-+ int(123)
-+}
-+object(DateTime)#2 (3) {
-+ ["date"]=>
-+ string(26) "2000-01-01 00:00:00.000000"
-+ ["timezone_type"]=>
-+ int(3)
-+ ["timezone"]=>
-+ string(3) "UTC"
-+}
-Index: php-5.6.12/ext/phar/util.c
-===================================================================
---- php-5.6.12.orig/ext/phar/util.c
-+++ php-5.6.12/ext/phar/util.c
-@@ -494,7 +494,11 @@ really_get_entry:
- (*ret)->is_tar = entry->is_tar;
- (*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC);
- if (entry->link) {
-- (*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry TSRMLS_CC) TSRMLS_CC);
-+ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC);
-+ if(!link) {
-+ return FAILURE;
-+ }
-+ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC);
- } else {
- (*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC);
- }
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch
deleted file mode 100644
index a159ac24d..000000000
--- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <stas@php.net>
-Date: Mon, 28 Sep 2015 17:12:35 -0700
-Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream
- when zip entry filename is "/"
-
-Upstream-Status: Backport
-
-https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183
-
-excluded the zip part of the original patch. Hand applied dirstream change
-
-CVE: CVE-2015-7804
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ext/phar/dirstream.c | 2 +-
- ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++
- ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes
- 3 files changed, 24 insertions(+), 1 deletion(-)
- create mode 100644 ext/phar/tests/bug70433.phpt
- create mode 100755 ext/phar/tests/bug70433.zip
-
-Index: php-5.6.12/ext/phar/dirstream.c
-===================================================================
---- php-5.6.12.orig/ext/phar/dirstream.c
-+++ php-5.6.12/ext/phar/dirstream.c
-@@ -198,7 +198,7 @@ static php_stream *phar_make_dirstream(c
- zend_hash_internal_pointer_reset(manifest);
-
- while (FAILURE != zend_hash_has_more_elements(manifest)) {
-- if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) {
-+ if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) {
- break;
- }
-
-Index: php-5.6.12/ext/phar/tests/bug70433.phpt
-===================================================================
---- /dev/null
-+++ php-5.6.12/ext/phar/tests/bug70433.phpt
-@@ -0,0 +1,23 @@
-+--TEST--
-+Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
-+--SKIPIF--
-+<?php if (!extension_loaded("phar")) die("skip"); ?>
-+--FILE--
-+<?php
-+$phar = new PharData(__DIR__."/bug70433.zip");
-+var_dump($phar);
-+$meta = $phar->getMetadata();
-+var_dump($meta);
-+?>
-+DONE
-+--EXPECTF--
-+object(PharData)#1 (3) {
-+ ["pathName":"SplFileInfo":private]=>
-+ string(0) ""
-+ ["glob":"DirectoryIterator":private]=>
-+ bool(false)
-+ ["subPathName":"RecursiveDirectoryIterator":private]=>
-+ string(0) ""
-+}
-+NULL
-+DONE
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch
deleted file mode 100644
index a7c35fe43..000000000
--- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 4b8394dd78571826ac66a69dc240c623f31d78f8 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <stas@php.net>
-Date: Mon, 7 Dec 2015 23:30:49 -0800
-Subject: [PATCH] Fix bug #70976: fix boundary check on
- gdImageRotateInterpolated
-
-Upstream-Status: Backport
-
-https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
-
-CVE: CVE-2016-1903
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ext/gd/libgd/gd_interpolation.c | 2 +-
- ext/gd/tests/bug70976.phpt | 13 +++++++++++++
- 2 files changed, 14 insertions(+), 1 deletion(-)
- create mode 100644 ext/gd/tests/bug70976.phpt
-
-diff --git a/ext/gd/libgd/gd_interpolation.c b/ext/gd/libgd/gd_interpolation.c
-index f70169d..0f874ac 100644
---- a/ext/gd/libgd/gd_interpolation.c
-+++ b/ext/gd/libgd/gd_interpolation.c
-@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(const gdImagePtr src, const float angle, in
- {
- const int angle_rounded = (int)floor(angle * 100);
-
-- if (bgcolor < 0) {
-+ if (bgcolor < 0 || bgcolor >= gdMaxColors) {
- return NULL;
- }
-
-diff --git a/ext/gd/tests/bug70976.phpt b/ext/gd/tests/bug70976.phpt
-new file mode 100644
-index 0000000..23af4ee
---- /dev/null
-+++ b/ext/gd/tests/bug70976.phpt
-@@ -0,0 +1,13 @@
-+--TEST--
-+Bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds)
-+--SKIPIF--
-+<?php
-+ if(!extension_loaded('gd')){ die('skip gd extension not available'); }
-+?>
-+--FILE--
-+<?php
-+$img = imagerotate(imagecreate(1,1),45,0x7ffffff9);
-+var_dump($img);
-+?>
-+--EXPECTF--
-+bool(false)
-\ No newline at end of file
---
-2.3.5
-
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch b/meta-oe/recipes-devtools/php/php-5.6.16/change-AC_TRY_RUN-to-AC_TRY_LINK.patch
index 39c334f39..39c334f39 100644
--- a/meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch
+++ b/meta-oe/recipes-devtools/php/php-5.6.16/change-AC_TRY_RUN-to-AC_TRY_LINK.patch
diff --git a/meta-oe/recipes-devtools/php/php_5.6.12.bb b/meta-oe/recipes-devtools/php/php_5.6.12.bb
deleted file mode 100644
index bd9a5b601..000000000
--- a/meta-oe/recipes-devtools/php/php_5.6.12.bb
+++ /dev/null
@@ -1,9 +0,0 @@
-require php.inc
-
-SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \
- file://CVE-2015-7803.patch \
- file://CVE-2015-7804.patch \
- file://CVE-2016-1903.patch \
-"
-SRC_URI[md5sum] = "4578dee9d979114610a444bee263ed9b"
-SRC_URI[sha256sum] = "6f27104272af7b2a996f85e4100fac627630fbdaf39d7bd263f16cf529c8853a"
diff --git a/meta-oe/recipes-devtools/php/php_5.6.16.bb b/meta-oe/recipes-devtools/php/php_5.6.16.bb
new file mode 100644
index 000000000..822c0907c
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php_5.6.16.bb
@@ -0,0 +1,5 @@
+require php.inc
+
+SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch"
+SRC_URI[md5sum] = "765b164b89af1f03ae2fdf39a4e4e1df"
+SRC_URI[sha256sum] = "4fe6f40964c1bfaba05fc144ba20a2cdad33e11685f4f101ea5a48b98bbcd2ae"