diff options
author | fan.xin <fan.xin@jp.fujitsu.com> | 2015-12-14 13:37:53 +0900 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2016-09-18 12:19:15 -0700 |
commit | 7444253457e8e5581b3e48f173531f8119363fa4 (patch) | |
tree | 0d934f0eb467c322ba44142a254771dee79b947c /meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch | |
parent | 8d8671a31c07e5afdffd84de90fdb5a4149b818a (diff) | |
download | meta-openembedded-7444253457e8e5581b3e48f173531f8119363fa4.tar.gz |
php: Upgrade 5.6.12 -> 5.6.16
Fix CVE-2015-7803, CVE-2015-7804 and other bugs
http://php.net/ChangeLog-5.php
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ecaad588c79437be3209d987c49928ecbd907d8e)
dropped several security patch included in this update.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch')
-rw-r--r-- | meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch deleted file mode 100644 index a7c35fe439..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 4b8394dd78571826ac66a69dc240c623f31d78f8 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 7 Dec 2015 23:30:49 -0800 -Subject: [PATCH] Fix bug #70976: fix boundary check on - gdImageRotateInterpolated - -Upstream-Status: Backport - -https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8 - -CVE: CVE-2016-1903 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ext/gd/libgd/gd_interpolation.c | 2 +- - ext/gd/tests/bug70976.phpt | 13 +++++++++++++ - 2 files changed, 14 insertions(+), 1 deletion(-) - create mode 100644 ext/gd/tests/bug70976.phpt - -diff --git a/ext/gd/libgd/gd_interpolation.c b/ext/gd/libgd/gd_interpolation.c -index f70169d..0f874ac 100644 ---- a/ext/gd/libgd/gd_interpolation.c -+++ b/ext/gd/libgd/gd_interpolation.c -@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(const gdImagePtr src, const float angle, in - { - const int angle_rounded = (int)floor(angle * 100); - -- if (bgcolor < 0) { -+ if (bgcolor < 0 || bgcolor >= gdMaxColors) { - return NULL; - } - -diff --git a/ext/gd/tests/bug70976.phpt b/ext/gd/tests/bug70976.phpt -new file mode 100644 -index 0000000..23af4ee ---- /dev/null -+++ b/ext/gd/tests/bug70976.phpt -@@ -0,0 +1,13 @@ -+--TEST-- -+Bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds) -+--SKIPIF-- -+<?php -+ if(!extension_loaded('gd')){ die('skip gd extension not available'); } -+?> -+--FILE-- -+<?php -+$img = imagerotate(imagecreate(1,1),45,0x7ffffff9); -+var_dump($img); -+?> -+--EXPECTF-- -+bool(false) -\ No newline at end of file --- -2.3.5 - |