summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2014-04-01 09:22:28 +0200
committerRemi Collet <fedora@famillecollet.com>2014-04-01 09:22:28 +0200
commit45564dd2a739f737a054b9f6c78e59059ede6078 (patch)
treef990b2bc979399a38604c5cc1e557fd485f25dde
parent3391873b9c152dba92dd3fdb162c81fb50d61527 (diff)
php-ZendFramework2: 2.2.6 (security)
-rw-r--r--php-ZendFramework2.spec52
1 files changed, 49 insertions, 3 deletions
diff --git a/php-ZendFramework2.spec b/php-ZendFramework2.spec
index 7709c90..3a58c3d 100644
--- a/php-ZendFramework2.spec
+++ b/php-ZendFramework2.spec
@@ -1,5 +1,7 @@
+%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
+
Name: php-ZendFramework2
-Version: 2.2.5
+Version: 2.2.6
Release: 1%{?dist}
Summary: Zend Framework 2
@@ -741,6 +743,7 @@ URL: http://framework.zend.com/manual/2.2/en/modules/zend.json.introduction
Requires: %{name}-common = %{version}-%{release}
Requires: %{name}-Stdlib = %{version}-%{release}
+Requires: %{name}-ZendXml = %{version}-%{release}
# Optional
Requires: %{name}-Server = %{version}-%{release}
# phpcompatinfo
@@ -1490,6 +1493,7 @@ Requires: %{name}-Http = %{version}-%{release}
Requires: %{name}-Math = %{version}-%{release}
Requires: %{name}-Server = %{version}-%{release}
Requires: %{name}-Stdlib = %{version}-%{release}
+Requires: %{name}-ZendXml = %{version}-%{release}
# phpcompatinfo
Requires: php-date
Requires: php-dom
@@ -1512,6 +1516,31 @@ and building new XML-RPC servers.
[1] http://www.xmlrpc.com/
+# ------------------------------------------------------------------------------
+
+%package ZendXml
+
+Summary: Zend Framework 2: XML usage, best practices, and security in PHP
+Group: Development/Libraries
+URL: https://github.com/zendframework/ZendXml
+
+Requires: %{name}-common = %{version}-%{release}
+# phpcompatinfo
+Requires: php-dom
+Requires: php-libxml
+Requires: php-simplexml
+Requires: php-spl
+
+%description ZendXml
+This is a security component to prevent XML eXternal Entity (XXE) and
+XML Entity Expansion (XEE) attacks on XML documents.
+
+The XXE attack is prevented disabling the load of external entities in
+the libxml library used by PHP, using the function libxml_disable_entity_loader.
+
+The XEE attack is prevented looking inside the XML document for ENTITY usage.
+If the XML document uses ENTITY the library throw an Exception.
+
# ##############################################################################
@@ -1531,7 +1560,11 @@ cp -rp library/* %{buildroot}%{_datadir}/php
# Symlink package docs to common sub-package docs
mkdir -p %{buildroot}%{_docdir}
-ln -s %{name}-common-%{version} %{buildroot}%{_docdir}/%{name}-%{version}
+%if "%{_pkgdocdir}" == "%{_docdir}/%{name}"
+ln -s %{name}-common %{buildroot}%{_pkgdocdir}
+%else
+ln -s %{name}-common-%{version} %{buildroot}%{_pkgdocdir}
+%endif
%check
@@ -1548,7 +1581,7 @@ ln -s %{name}-common-%{version} %{buildroot}%{_docdir}/%{name}-%{version}
%defattr(-,root,root,-)
%doc *.md composer.json
-%doc %{_docdir}/%{name}-%{version}
+%doc %{_pkgdocdir}
%dir %{_datadir}/php/Zend
@@ -2170,9 +2203,22 @@ ln -s %{name}-common-%{version} %{buildroot}%{_docdir}/%{name}-%{version}
%exclude %{_datadir}/php/Zend/XmlRpc/*.md
%exclude %{_datadir}/php/Zend/XmlRpc/composer.json
+# ------------------------------------------------------------------------------
+
+%files ZendXml
+%defattr(-,root,root,-)
+
+%{_datadir}/php/ZendXml
+
# ##############################################################################
%changelog
+* Tue Apr 1 2014 Remi Collet <remi@fedoraproject.org> 2.2.6-1
+- Updated to 2.2.6 for CVE-2014-2681 CVE-2014-2682
+ CVE-2014-2683 CVE-2014-2684 CVE-2014-2685
+- new package ZendXml
+- fix for unversioned doc directory
+
* Mon Nov 11 2013 Remi Collet <remi@fedoraproject.org> 2.2.5-1
- backport 2.2.5 for remi repo