diff options
author | Li Zhou <li.zhou@windriver.com> | 2018-02-26 15:50:30 +0800 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2018-03-16 19:44:53 -0700 |
commit | f5de4a750a79fe440329d93f310c5dad8739f0d6 (patch) | |
tree | 9be0ebade528546e16535ccd64d98fc76551cc5f /meta-oe | |
parent | a0704476df0dde34e953bcb35882fd4c45efb882 (diff) | |
download | meta-openembedded-f5de4a750a79fe440329d93f310c5dad8739f0d6.tar.gz |
php: Security Advisory - php - CVE-2018-5711
Porting the patch from <http://git.php.net/?p=php-src.git;a=commit;
h=8d6e9588671136837533fe3785657c31c5b52767> to solve CVE-2018-5711.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r-- | meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch | 56 | ||||
-rw-r--r-- | meta-oe/recipes-devtools/php/php_7.1.9.bb | 1 |
2 files changed, 57 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch b/meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch new file mode 100644 index 000000000..596244d6b --- /dev/null +++ b/meta-oe/recipes-devtools/php/php-7.1.9/CVE-2018-5711.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From b04cd19b76374ebce8f3326275bdfd7e9b9aeab5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Li Zhou <li.zhou@windriver.com> | ||
3 | Date: Sun, 11 Feb 2018 15:03:21 +0800 | ||
4 | Subject: [PATCH] Fixed bug #75571: Potential infinite loop in | ||
5 | gdImageCreateFromGifCtx | ||
6 | |||
7 | Due to a signedness confusion in `GetCode_` a corrupt GIF file can | ||
8 | trigger an infinite loop. Furthermore we make sure that a GIF without | ||
9 | any palette entries is treated as invalid *after* open palette entries | ||
10 | have been removed. | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | CVE: CVE-2018-5711 | ||
14 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | ||
15 | --- | ||
16 | ext/gd/libgd/gd_gif_in.c | 10 +++++----- | ||
17 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
18 | |||
19 | diff --git a/ext/gd/libgd/gd_gif_in.c b/ext/gd/libgd/gd_gif_in.c | ||
20 | index 76ba152..7156e4b 100644 | ||
21 | --- a/ext/gd/libgd/gd_gif_in.c | ||
22 | +++ b/ext/gd/libgd/gd_gif_in.c | ||
23 | @@ -261,10 +261,6 @@ terminated: | ||
24 | if (!im) { | ||
25 | return 0; | ||
26 | } | ||
27 | - if (!im->colorsTotal) { | ||
28 | - gdImageDestroy(im); | ||
29 | - return 0; | ||
30 | - } | ||
31 | /* Check for open colors at the end, so | ||
32 | we can reduce colorsTotal and ultimately | ||
33 | BitsPerPixel */ | ||
34 | @@ -275,6 +271,10 @@ terminated: | ||
35 | break; | ||
36 | } | ||
37 | } | ||
38 | + if (!im->colorsTotal) { | ||
39 | + gdImageDestroy(im); | ||
40 | + return 0; | ||
41 | + } | ||
42 | return im; | ||
43 | } | ||
44 | /* }}} */ | ||
45 | @@ -375,7 +375,7 @@ static int | ||
46 | GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) | ||
47 | { | ||
48 | int i, j, ret; | ||
49 | - unsigned char count; | ||
50 | + int count; | ||
51 | |||
52 | if (flag) { | ||
53 | scd->curbit = 0; | ||
54 | -- | ||
55 | 1.9.1 | ||
56 | |||
diff --git a/meta-oe/recipes-devtools/php/php_7.1.9.bb b/meta-oe/recipes-devtools/php/php_7.1.9.bb index acf68a059..1d9e35a9c 100644 --- a/meta-oe/recipes-devtools/php/php_7.1.9.bb +++ b/meta-oe/recipes-devtools/php/php_7.1.9.bb | |||
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c0af599f66d0461c5837c695fcbc5c1e" | |||
5 | SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ | 5 | SRC_URI += "file://change-AC_TRY_RUN-to-AC_TRY_LINK.patch \ |
6 | file://0001-Specify-tag-with-libtool.patch \ | 6 | file://0001-Specify-tag-with-libtool.patch \ |
7 | file://CVE-2017-16642.patch \ | 7 | file://CVE-2017-16642.patch \ |
8 | file://CVE-2018-5711.patch \ | ||
8 | " | 9 | " |
9 | SRC_URI[md5sum] = "2397be54f3281cdf30c7ef076b28f7d0" | 10 | SRC_URI[md5sum] = "2397be54f3281cdf30c7ef076b28f7d0" |
10 | SRC_URI[sha256sum] = "314dcc10dfdd7c4443edb4fe1e133a44f2b2a8351be8c9eb6ab9222d45fd9bae" | 11 | SRC_URI[sha256sum] = "314dcc10dfdd7c4443edb4fe1e133a44f2b2a8351be8c9eb6ab9222d45fd9bae" |