summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2016-08-05 08:42:31 +0200
committerRemi Collet <fedora@famillecollet.com>2016-08-05 08:42:31 +0200
commitda28b235f7d4ff11106c2cf0e9cca49ce91a97bd (patch)
tree003098fd3304c5ae6c54841e3e8fcbaab5bccb28
parentf688deb41eec3890e4c43af78ae749fabd7fa91d (diff)
php 5.4+5.5: add upstream patch for exif regression
-rw-r--r--bug72735.patch84
-rw-r--r--php54.spec7
2 files changed, 90 insertions, 1 deletions
diff --git a/bug72735.patch b/bug72735.patch
new file mode 100644
index 0000000..eaa7e78
--- /dev/null
+++ b/bug72735.patch
@@ -0,0 +1,84 @@
+From d5796fb298abb2a3e389818ad924589fa35e58b9 Mon Sep 17 00:00:00 2001
+From: Kalle Sommer Nielsen <kalle@php.net>
+Date: Wed, 3 Aug 2016 17:05:31 +0200
+Subject: [PATCH] Changed the way MAKERNOTE is handled in case we do not have a
+ matching signature (Remi).
+
+Before this patch, exif_process_IFD_in_MAKERNOTE() would return false, then causing the rest of the EXIF parsing to be interrupted. This is a regression from earlier which was most likely a part of a security fix for MAKERNOTE.
+
+The new behavior is to instead of stopping to parse, to continue so we can still fetch data like thumbnail and GPS, thrus allowing yet unsupported formats to parse. If EXIF's debugging mode is enabled, a notice will display in case we do not match against a valid MAKERNOTE signature.
+
+This should temporarily fix bug #72682 (exif_read_data() fails to read all data for some images) until I get around to debug it further.
+
+(cherry picked from commit aabcb5481d9e717df77192dab2894468b9fc63b4)
+---
+ ext/exif/exif.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/ext/exif/exif.c b/ext/exif/exif.c
+index 5564de4..94652e9 100644
+--- a/ext/exif/exif.c
++++ b/ext/exif/exif.c
+@@ -1718,6 +1718,10 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c
+ if (!length)
+ break;
+ case TAG_FMT_UNDEFINED:
++ if (tag == TAG_MAKER_NOTE) {
++ length = MIN(length, strlen(value));
++ }
++
+ if (value) {
+ /* do not recompute length here */
+ info_value->s = estrndup(value, length);
+@@ -2733,8 +2737,14 @@ static int exif_process_IFD_in_MAKERNOTE(image_info_type *ImageInfo, char * valu
+ char *dir_start;
+
+ for (i=0; i<=sizeof(maker_note_array)/sizeof(maker_note_type); i++) {
+- if (i==sizeof(maker_note_array)/sizeof(maker_note_type))
+- return FALSE;
++ if (i==sizeof(maker_note_array)/sizeof(maker_note_type)) {
++#ifdef EXIF_DEBUG
++ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "No maker note data found. Detected maker: %s (length = %d)", ImageInfo->make, strlen(ImageInfo->make));
++#endif
++ /* unknown manufacturer, not an error, use it as a string */
++ return TRUE;
++ }
++
+ maker_note = maker_note_array+i;
+
+ /*exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_NOTICE, "check (%s,%s)", maker_note->make?maker_note->make:"", maker_note->model?maker_note->model:"");*/
+--
+2.1.4
+
+From 9667ee4f72c7dafce993b71104a52beb7c3aff15 Mon Sep 17 00:00:00 2001
+From: Anatol Belski <ab@php.net>
+Date: Wed, 3 Aug 2016 18:26:29 +0200
+Subject: [PATCH] improve the check, avoid strlen on NULL
+
+---
+ ext/exif/exif.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ext/exif/exif.c b/ext/exif/exif.c
+index 94652e9..f95de3a 100644
+--- a/ext/exif/exif.c
++++ b/ext/exif/exif.c
+@@ -1718,11 +1718,11 @@ static void exif_iif_add_value(image_info_type *image_info, int section_index, c
+ if (!length)
+ break;
+ case TAG_FMT_UNDEFINED:
+- if (tag == TAG_MAKER_NOTE) {
+- length = MIN(length, strlen(value));
+- }
+-
+ if (value) {
++ if (tag == TAG_MAKER_NOTE) {
++ length = MIN(length, strlen(value));
++ }
++
+ /* do not recompute length here */
+ info_value->s = estrndup(value, length);
+ info_data->length = length;
+--
+2.1.4
+
diff --git a/php54.spec b/php54.spec
index 2fc25c2..582c8fb 100644
--- a/php54.spec
+++ b/php54.spec
@@ -98,7 +98,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: 5.4.45
-Release: 11%{?dist}
+Release: 11%{?dist}.1
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -213,6 +213,7 @@ Patch252: bug72606.patch
Patch253: bug72613.patch
Patch254: bug72618.patch
Patch255: bug72519.patch
+Patch256: bug72735.patch
# Fixes for tests
# no_NO issue
@@ -976,6 +977,7 @@ rm -f ext/json/utf8_to_utf16.*
%patch253 -p1 -b .bug72613
%patch254 -p1 -b .bug72618
%patch255 -p1 -b .bug72519
+%patch256 -p1 -b .bug72735
# Fixes for tests
%patch301 -p1 -b .datetests2
@@ -1865,6 +1867,9 @@ fi
%changelog
+* Fri Aug 5 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-11.1
+- fix #72735 regression in exif maker note parser
+
* Fri Jul 22 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-11
- Fix #70480: php_url_parse_ex() buffer overflow read
CVE-2016-6288