summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2014-06-03 15:17:26 +0200
committerRemi Collet <fedora@famillecollet.com>2014-06-03 15:17:26 +0200
commit76dab6ee2fb63a89f034b5fe33374d69e72e862f (patch)
tree9ae5ec6442484155af5704340858e91137793281
parent6e4d020d29c31eb67a04830875112f220a32fbdb (diff)
PHP 5.4.29: apply 2 upstream fix
-rw-r--r--php-bug67326.patch32
-rw-r--r--php-reg67072.patch26
-rw-r--r--php54.spec14
3 files changed, 71 insertions, 1 deletions
diff --git a/php-bug67326.patch b/php-bug67326.patch
new file mode 100644
index 0000000..2e7b0b1
--- /dev/null
+++ b/php-bug67326.patch
@@ -0,0 +1,32 @@
+From 4fcb9a9d1b1063a65fbeb27395de4979c75bd962 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Tue, 3 Jun 2014 11:05:00 +0200
+Subject: [PATCH] Fix bug #67326 fileinfo: cdf_read_short_sector insufficient
+ boundary check
+
+Upstream fix https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391.patch
+Only revelant part applied
+---
+ ext/fileinfo/libmagic/cdf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/fileinfo/libmagic/cdf.c b/ext/fileinfo/libmagic/cdf.c
+index 4712e84..16649f1 100644
+--- a/ext/fileinfo/libmagic/cdf.c
++++ b/ext/fileinfo/libmagic/cdf.c
+@@ -365,10 +365,10 @@ cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs,
+ size_t ss = CDF_SHORT_SEC_SIZE(h);
+ size_t pos = CDF_SHORT_SEC_POS(h, id);
+ assert(ss == len);
+- if (pos > CDF_SEC_SIZE(h) * sst->sst_len) {
++ if (pos + len > CDF_SEC_SIZE(h) * sst->sst_len) {
+ DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %"
+ SIZE_T_FORMAT "u\n",
+- pos, CDF_SEC_SIZE(h) * sst->sst_len));
++ pos + len, CDF_SEC_SIZE(h) * sst->sst_len));
+ return -1;
+ }
+ (void)memcpy(((char *)buf) + offs,
+--
+1.9.2
+
diff --git a/php-reg67072.patch b/php-reg67072.patch
new file mode 100644
index 0000000..6905db8
--- /dev/null
+++ b/php-reg67072.patch
@@ -0,0 +1,26 @@
+diff --git a/ext/standard/var_unserializer.c b/ext/standard/var_unserializer.c
+index 003bac9..ed6a69c 100644
+--- a/ext/standard/var_unserializer.c
++++ b/ext/standard/var_unserializer.c
+@@ -396,7 +396,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
+
+ (*p) += 2;
+
+- if (ce->serialize == NULL) {
++ if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) {
+ object_init_ex(*rval, ce);
+ } else {
+ /* If this class implements Serializable, it should not land here but in object_custom(). The passed string
+diff --git a/ext/standard/var_unserializer.re b/ext/standard/var_unserializer.re
+index b3f5d29..b5f092b 100644
+--- a/ext/standard/var_unserializer.re
++++ b/ext/standard/var_unserializer.re
+@@ -400,7 +400,7 @@ static inline long object_common1(UNSERIALIZE_PARAMETER, zend_class_entry *ce)
+
+ (*p) += 2;
+
+- if (ce->serialize == NULL) {
++ if (ce->serialize == NULL || ZEND_INTERNAL_CLASS != ce->type) {
+ object_init_ex(*rval, ce);
+ } else {
+ /* If this class implements Serializable, it should not land here but in object_custom(). The passed string
diff --git a/php54.spec b/php54.spec
index 68e80c7..3c55a25 100644
--- a/php54.spec
+++ b/php54.spec
@@ -85,7 +85,7 @@ Version: 5.4.29
%if 0%{?snapdate:1}%{?rcver:1}
Release: 0.1.%{?snapdate}%{?rcver}%{?dist}
%else
-Release: 1%{?dist}
+Release: 2%{?dist}
%endif
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
@@ -136,6 +136,8 @@ Patch46: php-5.4.9-fixheader.patch
Patch47: php-5.4.9-phpinfo.patch
# Upstream fixes
+Patch100: php-reg67072.patch
+Patch101: php-bug67326.patch
# Security fixes
@@ -800,6 +802,11 @@ rm -f ext/json/utf8_to_utf16.*
%patch91 -p1 -b .remi-oci8
+# upstream patches
+%patch100 -p1 -b .reg67072
+%patch101 -p1 -b .bug67326
+
+# security patches
# Prevent %%doc confusion over LICENSE files
cp Zend/LICENSE Zend/ZEND_LICENSE
@@ -1646,6 +1653,11 @@ fi
%changelog
+* Tue Jun 3 2014 Remi Collet <remi@fedoraproject.org> 5.4.29-2
+- fileinfo: fix insufficient boundary check
+- workaround regression introduce in fix for 67072 in
+ serialize/unzerialize functions
+
* Wed May 28 2014 Remi Collet <remi@fedoraproject.org> 5.4.29-1
- Update to 5.4.29
http://www.php.net/releases/5_4_29.php