diff options
author | fan.xin <fan.xin@jp.fujitsu.com> | 2015-12-14 13:37:53 +0900 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2016-09-18 12:19:15 -0700 |
commit | 7444253457e8e5581b3e48f173531f8119363fa4 (patch) | |
tree | 0d934f0eb467c322ba44142a254771dee79b947c /meta-oe/recipes-devtools/php/php-5.6.12 | |
parent | 8d8671a31c07e5afdffd84de90fdb5a4149b818a (diff) | |
download | meta-openembedded-7444253457e8e5581b3e48f173531f8119363fa4.tar.gz |
php: Upgrade 5.6.12 -> 5.6.16
Fix CVE-2015-7803, CVE-2015-7804 and other bugs
http://php.net/ChangeLog-5.php
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ecaad588c79437be3209d987c49928ecbd907d8e)
dropped several security patch included in this update.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-devtools/php/php-5.6.12')
4 files changed, 0 insertions, 260 deletions
diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch deleted file mode 100644 index 223b9958b6..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7803.patch +++ /dev/null @@ -1,85 +0,0 @@ -From d698f0ae51f67c9cce870b09c59df3d6ba959244 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 28 Sep 2015 15:51:59 -0700 -Subject: [PATCH] Fix bug #69720: Null pointer dereference in - phar_get_fp_offset() - -Upstream-Status: Backport - -https://git.php.net/?p=php-src.git;a=patch;h=d698f0ae51f67c9cce870b09c59df3d6ba959244 - -excluded the binary part of the test - -CVE: CVE-2015-7803 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ext/phar/tests/bug69720.phar | Bin 0 -> 8192 bytes - ext/phar/tests/bug69720.phpt | 40 ++++++++++++++++++++++++++++++++++++++++ - ext/phar/util.c | 6 +++++- - 3 files changed, 45 insertions(+), 1 deletion(-) - create mode 100644 ext/phar/tests/bug69720.phar - create mode 100644 ext/phar/tests/bug69720.phpt - -Index: php-5.6.12/ext/phar/tests/bug69720.phpt -=================================================================== ---- /dev/null -+++ php-5.6.12/ext/phar/tests/bug69720.phpt -@@ -0,0 +1,40 @@ -+--TEST-- -+Phar - bug #69720 - Null pointer dereference in phar_get_fp_offset() -+--SKIPIF-- -+<?php if (!extension_loaded("phar")) die("skip"); ?> -+--FILE-- -+<?php -+try { -+ // open an existing phar -+ $p = new Phar(__DIR__."/bug69720.phar",0); -+ // Phar extends SPL's DirectoryIterator class -+ echo $p->getMetadata(); -+ foreach (new RecursiveIteratorIterator($p) as $file) { -+ // $file is a PharFileInfo class, and inherits from SplFileInfo -+ $temp=""; -+ $temp= $file->getFileName() . "\n"; -+ $temp.=file_get_contents($file->getPathName()) . "\n"; // display contents -+ var_dump($file->getMetadata()); -+ } -+} -+ catch (Exception $e) { -+ echo 'Could not open Phar: ', $e; -+} -+?> -+--EXPECTF-- -+ -+MY_METADATA_NULL -+ -+Warning: file_get_contents(phar:///%s): failed to open stream: phar error: "test.php" is not a file in phar "%s.phar" in %s.php on line %d -+array(1) { -+ ["whatever"]=> -+ int(123) -+} -+object(DateTime)#2 (3) { -+ ["date"]=> -+ string(26) "2000-01-01 00:00:00.000000" -+ ["timezone_type"]=> -+ int(3) -+ ["timezone"]=> -+ string(3) "UTC" -+} -Index: php-5.6.12/ext/phar/util.c -=================================================================== ---- php-5.6.12.orig/ext/phar/util.c -+++ php-5.6.12/ext/phar/util.c -@@ -494,7 +494,11 @@ really_get_entry: - (*ret)->is_tar = entry->is_tar; - (*ret)->fp = phar_get_efp(entry, 1 TSRMLS_CC); - if (entry->link) { -- (*ret)->zero = phar_get_fp_offset(phar_get_link_source(entry TSRMLS_CC) TSRMLS_CC); -+ phar_entry_info *link = phar_get_link_source(entry TSRMLS_CC); -+ if(!link) { -+ return FAILURE; -+ } -+ (*ret)->zero = phar_get_fp_offset(link TSRMLS_CC); - } else { - (*ret)->zero = phar_get_fp_offset(entry TSRMLS_CC); - } diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch deleted file mode 100644 index a159ac24d6..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2015-7804.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 28 Sep 2015 17:12:35 -0700 -Subject: [PATCH] FIx bug #70433 - Uninitialized pointer in phar_make_dirstream - when zip entry filename is "/" - -Upstream-Status: Backport - -https://git.php.net/?p=php-src.git;a=patch;h=e78ac461dbefb7c4a3e9fde78d50fbc56b7b0183 - -excluded the zip part of the original patch. Hand applied dirstream change - -CVE: CVE-2015-7804 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ext/phar/dirstream.c | 2 +- - ext/phar/tests/bug70433.phpt | 23 +++++++++++++++++++++++ - ext/phar/tests/bug70433.zip | Bin 0 -> 264 bytes - 3 files changed, 24 insertions(+), 1 deletion(-) - create mode 100644 ext/phar/tests/bug70433.phpt - create mode 100755 ext/phar/tests/bug70433.zip - -Index: php-5.6.12/ext/phar/dirstream.c -=================================================================== ---- php-5.6.12.orig/ext/phar/dirstream.c -+++ php-5.6.12/ext/phar/dirstream.c -@@ -198,7 +198,7 @@ static php_stream *phar_make_dirstream(c - zend_hash_internal_pointer_reset(manifest); - - while (FAILURE != zend_hash_has_more_elements(manifest)) { -- if (HASH_KEY_NON_EXISTENT == zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) { -+ if (HASH_KEY_IS_STRING != zend_hash_get_current_key_ex(manifest, &str_key, &keylen, &unused, 0, NULL)) { - break; - } - -Index: php-5.6.12/ext/phar/tests/bug70433.phpt -=================================================================== ---- /dev/null -+++ php-5.6.12/ext/phar/tests/bug70433.phpt -@@ -0,0 +1,23 @@ -+--TEST-- -+Phar - bug #70433 - Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" -+--SKIPIF-- -+<?php if (!extension_loaded("phar")) die("skip"); ?> -+--FILE-- -+<?php -+$phar = new PharData(__DIR__."/bug70433.zip"); -+var_dump($phar); -+$meta = $phar->getMetadata(); -+var_dump($meta); -+?> -+DONE -+--EXPECTF-- -+object(PharData)#1 (3) { -+ ["pathName":"SplFileInfo":private]=> -+ string(0) "" -+ ["glob":"DirectoryIterator":private]=> -+ bool(false) -+ ["subPathName":"RecursiveDirectoryIterator":private]=> -+ string(0) "" -+} -+NULL -+DONE diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch b/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch deleted file mode 100644 index a7c35fe439..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/CVE-2016-1903.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 4b8394dd78571826ac66a69dc240c623f31d78f8 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev <stas@php.net> -Date: Mon, 7 Dec 2015 23:30:49 -0800 -Subject: [PATCH] Fix bug #70976: fix boundary check on - gdImageRotateInterpolated - -Upstream-Status: Backport - -https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8 - -CVE: CVE-2016-1903 -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - ext/gd/libgd/gd_interpolation.c | 2 +- - ext/gd/tests/bug70976.phpt | 13 +++++++++++++ - 2 files changed, 14 insertions(+), 1 deletion(-) - create mode 100644 ext/gd/tests/bug70976.phpt - -diff --git a/ext/gd/libgd/gd_interpolation.c b/ext/gd/libgd/gd_interpolation.c -index f70169d..0f874ac 100644 ---- a/ext/gd/libgd/gd_interpolation.c -+++ b/ext/gd/libgd/gd_interpolation.c -@@ -2162,7 +2162,7 @@ gdImagePtr gdImageRotateInterpolated(const gdImagePtr src, const float angle, in - { - const int angle_rounded = (int)floor(angle * 100); - -- if (bgcolor < 0) { -+ if (bgcolor < 0 || bgcolor >= gdMaxColors) { - return NULL; - } - -diff --git a/ext/gd/tests/bug70976.phpt b/ext/gd/tests/bug70976.phpt -new file mode 100644 -index 0000000..23af4ee ---- /dev/null -+++ b/ext/gd/tests/bug70976.phpt -@@ -0,0 +1,13 @@ -+--TEST-- -+Bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds) -+--SKIPIF-- -+<?php -+ if(!extension_loaded('gd')){ die('skip gd extension not available'); } -+?> -+--FILE-- -+<?php -+$img = imagerotate(imagecreate(1,1),45,0x7ffffff9); -+var_dump($img); -+?> -+--EXPECTF-- -+bool(false) -\ No newline at end of file --- -2.3.5 - diff --git a/meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch b/meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch deleted file mode 100644 index 39c334f39d..0000000000 --- a/meta-oe/recipes-devtools/php/php-5.6.12/change-AC_TRY_RUN-to-AC_TRY_LINK.patch +++ /dev/null @@ -1,56 +0,0 @@ -[PATCH] config.m4: change AC_TRY_RUN to AC_TRY_LINK - -Upstream-Status: Pending - -AC_TRY_RUN is not suitable for cross-compile - -Signed-off-by: Roy Li <rongqing.li@windriver.com> ---- - ext/fileinfo/config.m4 | 31 ++++++------------------------- - 1 file changed, 6 insertions(+), 25 deletions(-) - -diff --git a/ext/fileinfo/config.m4 b/ext/fileinfo/config.m4 -index 7e98d62..8a8ea0e 100644 ---- a/ext/fileinfo/config.m4 -+++ b/ext/fileinfo/config.m4 -@@ -14,31 +14,12 @@ if test "$PHP_FILEINFO" != "no"; then - libmagic/readcdf.c libmagic/softmagic.c" - - AC_MSG_CHECKING([for strcasestr]) -- AC_TRY_RUN([ --#include <string.h> --#include <strings.h> --#include <stdlib.h> -- --int main(void) --{ -- char *s0, *s1, *ret; -- -- s0 = (char *) malloc(42); -- s1 = (char *) malloc(8); -- -- memset(s0, 'X', 42); -- s0[24] = 'Y'; -- s0[26] = 'Z'; -- s0[41] = '\0'; -- memset(s1, 'x', 8); -- s1[0] = 'y'; -- s1[2] = 'Z'; -- s1[7] = '\0'; -- -- ret = strcasestr(s0, s1); -- -- return !(NULL != ret); --} -+ AC_TRY_COMPILE([ -+ #include <string.h> -+ #include <strings.h> -+ #include <stdlib.h> -+ ],[ -+ strcasestr(NULL, NULL); - ],[ - dnl using the platform implementation - AC_MSG_RESULT(yes) --- -1.9.1 - |