summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLi Zhou <li.zhou@windriver.com>2018-02-26 15:50:30 +0800
committerArmin Kuster <akuster808@gmail.com>2018-03-16 19:12:26 -0700
commit83e474f369a31eda778f2ffa5257b49e12844d2d (patch)
tree0b700fe846c392b4af353f92d6c75ee6afc919a8
parent939c85fd90bca5ab5e6dc48e6ea79d7d194e54c0 (diff)
downloadmeta-openembedded-83e474f369a31eda778f2ffa5257b49e12844d2d.tar.gz
php: Security Advisory - php - CVE-2018-5711
Porting the patch from <http://git.php.net/?p=php-src.git;a=commit; h=8d6e9588671136837533fe3785657c31c5b52767> to solve CVE-2018-5711. Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch56
-rw-r--r--meta-oe/recipes-devtools/php/php_7.1.9.bb1
2 files changed, 57 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch b/meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch
new file mode 100644
index 000000000..596244d6b
--- /dev/null
+++ b/meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch
@@ -0,0 +1,56 @@
1From b04cd19b76374ebce8f3326275bdfd7e9b9aeab5 Mon Sep 17 00:00:00 2001
2From: Li Zhou <li.zhou@windriver.com>
3Date: Sun, 11 Feb 2018 15:03:21 +0800
4Subject: [PATCH] Fixed bug #75571: Potential infinite loop in
5 gdImageCreateFromGifCtx
6
7Due to a signedness confusion in `GetCode_` a corrupt GIF file can
8trigger an infinite loop. Furthermore we make sure that a GIF without
9any palette entries is treated as invalid *after* open palette entries
10have been removed.
11
12Upstream-Status: Backport
13CVE: CVE-2018-5711
14Signed-off-by: Li Zhou <li.zhou@windriver.com>
15---
16 ext/gd/libgd/gd_gif_in.c | 10 +++++-----
17 1 file changed, 5 insertions(+), 5 deletions(-)
18
19diff --git a/ext/gd/libgd/gd_gif_in.c b/ext/gd/libgd/gd_gif_in.c
20index 76ba152..7156e4b 100644
21--- a/ext/gd/libgd/gd_gif_in.c
22+++ b/ext/gd/libgd/gd_gif_in.c
23@@ -261,10 +261,6 @@ terminated:
24 if (!im) {
25 return 0;
26 }
27- if (!im->colorsTotal) {
28- gdImageDestroy(im);
29- return 0;
30- }
31 /* Check for open colors at the end, so
32 we can reduce colorsTotal and ultimately
33 BitsPerPixel */
34@@ -275,6 +271,10 @@ terminated:
35 break;
36 }
37 }
38+ if (!im->colorsTotal) {
39+ gdImageDestroy(im);
40+ return 0;
41+ }
42 return im;
43 }
44 /* }}} */
45@@ -375,7 +375,7 @@ static int
46 GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP)
47 {
48 int i, j, ret;
49- unsigned char count;
50+ int count;
51
52 if (flag) {
53 scd->curbit = 0;
54--
551.9.1
56
diff --git a/meta-oe/recipes-devtools/php/php_7.1.9.bb b/meta-oe/recipes-devtools/php/php_7.1.9.bb
index acf68a059..1d9e35a9c 100644
--- a/meta-oe/recipes-devtools/php/php_7.1.9.bb
+++ b/meta-oe/recipes-devtools/php/php_7.1.9.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c0af599f66d0461c5837c695fcbc5c1e"
5SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ 5SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \
6 file://0001-Specify-tag-with-libtool.patch \ 6 file://0001-Specify-tag-with-libtool.patch \
7 file://CVE-2017-16642.patch \ 7 file://CVE-2017-16642.patch \
8 file://CVE-2018-5711.patch \
8 " 9 "
9SRC_URI[md5sum] = "2397be54f3281cdf30c7ef076b28f7d0" 10SRC_URI[md5sum] = "2397be54f3281cdf30c7ef076b28f7d0"
10SRC_URI[sha256sum] = "314dcc10dfdd7c4443edb4fe1e133a44f2b2a8351be8c9eb6ab9222d45fd9bae" 11SRC_URI[sha256sum] = "314dcc10dfdd7c4443edb4fe1e133a44f2b2a8351be8c9eb6ab9222d45fd9bae"