2 files changed, 36 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
new file mode 100644
index 0000000000..f2e23b3f09
--- /dev/null
+++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
@@ -0,0 +1,35 @@
+modphp: Security Advisory - php - CVE-2014-5120
+Upstream-Status: Backport
+Signed-off-by Yue Tao <yue.tao@windriver.com>
+From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Mon, 18 Aug 2014 22:49:10 -0700
+Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx
+ functions
+---
+ ext/gd/gd_ctx.c |    5 +++++
+ 2 files changed, 7 insertions(+)
+diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
+index bff691f..eafbab5 100644
+--- a/ext/gd/gd_ctx.c
+++ b/ext/gd/gd_ctx.c
+@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
+                                RETURN_FALSE;
+                        }
+                } else if (Z_TYPE_P(to_zval) == IS_STRING) {
+                       if (CHECK_ZVAL_NULL_PATH(to_zval)) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes");
+                               RETURN_FALSE;
+                       }
+
+                        stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS|IGNORE_PATH|IGNORE_URL_WIN, NULL);
+                        if (stream == NULL) {
+                                RETURN_FALSE;
+-- 
+1.7.9.5
diff --git a/meta-webserver/recipes-php/modphp/modphp5.inc b/meta-webserver/recipes-php/modphp/modphp5.inc
index 0d7bb7a13c..6a2a61f5f7 100644
--- a/meta-webserver/recipes-php/modphp/modphp5.inc
+++ b/meta-webserver/recipes-php/modphp/modphp5.inc
@@ -9,6 +9,7 @@ SRC_URI = "http://www.php.net/distributions/php-${PV}.tar.bz2 \
           file://pthread-check-threads-m4.patch \
           file://70_mod_php5.conf \
           file://0001-using-pkgconfig-to-check-libxml.patch \
+           file://php-CVE-2014-5120.patch \
 "
 S = "${WORKDIR}/php-${PV}"

diff --git a/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch new file mode 100644 index 0000000000..f2e23b3f09 --- /dev/null +++ b/meta-webserver/recipes-php/modphp/files/php-CVE-2014-5120.patch
@@ -0,0 +1,35 @@
		1	modphp: Security Advisory - php - CVE-2014-5120
		2
		3	Upstream-Status: Backport
		4
		5	Signed-off-by Yue Tao <yue.tao@windriver.com>
		6
		7	From 706aefb78112a44d4932d4c9430c6a898696f51f Mon Sep 17 00:00:00 2001
		8	From: Stanislav Malyshev <stas@php.net>
		9	Date: Mon, 18 Aug 2014 22:49:10 -0700
		10	Subject: [PATCH] Fix bug #67730 - Null byte injection possible with imagexxx
		11	functions
		12
		13	---
		14	ext/gd/gd_ctx.c \| 5 +++++
		15	2 files changed, 7 insertions(+)
		16
		17	diff --git a/ext/gd/gd_ctx.c b/ext/gd/gd_ctx.c
		18	index bff691f..eafbab5 100644
		19	--- a/ext/gd/gd_ctx.c
		20	+++ b/ext/gd/gd_ctx.c
		21	@@ -124,6 +124,11 @@ static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type,
		22	RETURN_FALSE;
		23	}
		24	} else if (Z_TYPE_P(to_zval) == IS_STRING) {
		25	+ if (CHECK_ZVAL_NULL_PATH(to_zval)) {
		26	+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid 2nd parameter, filename must not contain null bytes");
		27	+ RETURN_FALSE;
		28	+ }
		29	+
		30	stream = php_stream_open_wrapper(Z_STRVAL_P(to_zval), "wb", REPORT_ERRORS\|IGNORE_PATH\|IGNORE_URL_WIN, NULL);
		31	if (stream == NULL) {
		32	RETURN_FALSE;
		33	--
		34	1.7.9.5
		35


diff --git a/meta-webserver/recipes-php/modphp/modphp5.inc b/meta-webserver/recipes-php/modphp/modphp5.inc index 0d7bb7a13c..6a2a61f5f7 100644 --- a/meta-webserver/recipes-php/modphp/modphp5.inc +++ b/meta-webserver/recipes-php/modphp/modphp5.inc
@@ -9,6 +9,7 @@ SRC_URI = "http://www.php.net/distributions/php-${PV}.tar.bz2 \
9	file://pthread-check-threads-m4.patch \	9	file://pthread-check-threads-m4.patch \
10	file://70_mod_php5.conf \	10	file://70_mod_php5.conf \
11	file://0001-using-pkgconfig-to-check-libxml.patch \	11	file://0001-using-pkgconfig-to-check-libxml.patch \
		12	file://php-CVE-2014-5120.patch \
12	"	13	"
13		14
14	S = "${WORKDIR}/php-${PV}"	15	S = "${WORKDIR}/php-${PV}"