gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before
5.5.16 does not ensure that pathnames lack %00 sequences, which might
allow remote attackers to overwrite arbitrary files via crafted input to
an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif,
(4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* enable mysql option in PACKAGECONFIG
* add patch to support autoconf 2.59+ so we can use
autotools do_configure to fix a libtool cross-compile issue
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
revert pthread-check.patch which hacks the old configure,
instead, add one against threads.m4 to enable pthread support
when cross-compiling.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
* Use working SRC_URI
* Fix to use correct headers and apxs script for cross-compiling
* Enable threading
* Install headers and scripts for building extension modules
* Use proper variables instead of /etc, /usr/lib etc.
* Fix rpath QA issues
* Add LIC_FILES_CHKSUM
* Put apache config file into SRC_URI instead of referring to it using
FILESDIR
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Yue Tao
Roy.Li
Marcin Juszkiewicz
Jackie Huang
Paul Eggleton