From e78f08a5c94a4e0c2b77cb8a545e333068ebbe95 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 9 Jan 2019 15:17:00 +0100
Subject: - core:   Fix #77369 memcpy with negative length via crafted DNS
 response - mbstring:   Fix #77370 buffer overflow on mb regex functions -
 fetch_token   Fix #77371 heap buffer overflow in mb regex functions
 compile_string_node   Fix #77381 heap buffer overflow in multibyte match_at  
 Fix #77382 heap buffer overflow in expand_case_fold_string   Fix #77385
 buffer overflow in fetch_token   Fix #77394 buffer overflow in multibyte case
 folding - unicode   Fix #77418 heap overflow in utf32be_mbc_to_code - phar:  
 Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext - xmlrpc:   Fix
 #77242 heap out of bounds read in xmlrpc_decode   Fix #77380 global out of
 bounds read in xmlrpc base64 code

---
 php70.spec | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 'php70.spec')

diff --git a/php70.spec b/php70.spec
index 260af42..0d14216 100644
--- a/php70.spec
+++ b/php70.spec
@@ -112,7 +112,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 1%{?dist}
+Release: 2%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -167,8 +167,17 @@ Patch47: php-5.6.3-phpinfo.patch
 Patch91: php-5.6.3-oci8conf.patch
 
 # Upstream fixes (100+)
+Patch102: php-openssl-cert.patch
 
 # Security fixes (200+)
+Patch200: php-bug77242.patch
+Patch201: php-bug77247.patch
+Patch202: php-bug77370.patch
+Patch203: php-bug77371.patch
+Patch204: php-bug77380.patch
+Patch205: php-bug77381.patch
+Patch206: php-bug77369.patch
+Patch207: php-bug77418.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -1011,8 +1020,17 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
 %patch91 -p1 -b .remi-oci8
 
 # upstream patches
+%patch102 -p1 -b .up3
 
 # security patches
+%patch200 -p1 -b .bug77242
+%patch201 -p1 -b .bug77247
+%patch202 -p1 -b .bug77370
+%patch203 -p1 -b .bug77371
+%patch204 -p1 -b .bug77380
+%patch205 -p1 -b .bug77381
+%patch206 -p1 -b .bug77369
+%patch207 -p1 -b .bug77418
 
 # Fixes for tests
 %if 0%{?fedora} >= 21 || 0%{?rhel} >= 5
@@ -2026,6 +2044,23 @@ fi
 
 
 %changelog
+* Wed Jan  9 2019 Remi Collet <remi@remirepo.net> - 7.0.33-2
+- core:
+  Fix #77369 memcpy with negative length via crafted DNS response
+- mbstring:
+  Fix #77370 buffer overflow on mb regex functions - fetch_token
+  Fix #77371 heap buffer overflow in mb regex functions compile_string_node
+  Fix #77381 heap buffer overflow in multibyte match_at
+  Fix #77382 heap buffer overflow in expand_case_fold_string
+  Fix #77385 buffer overflow in fetch_token
+  Fix #77394 buffer overflow in multibyte case folding - unicode
+  Fix #77418 heap overflow in utf32be_mbc_to_code
+- phar:
+  Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext
+- xmlrpc:
+  Fix #77242 heap out of bounds read in xmlrpc_decode
+  Fix #77380 global out of bounds read in xmlrpc base64 code
+
 * Wed Dec  5 2018 Remi Collet <remi@remirepo.net> - 7.0.33-1
 - Update to 7.0.33 - http://www.php.net/releases/7_0_33.php
 - use oracle client library version 18.3
-- 
cgit