From 732417045101cb2248891981105c3749d01dba5a Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 23 Jun 2022 08:29:01 +0200 Subject: myqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 --- php.spec | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'php.spec') diff --git a/php.spec b/php.spec index 8509d51..49c7037 100644 --- a/php.spec +++ b/php.spec @@ -121,7 +121,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: 5.4.45 -Release: 17%{?dist} +Release: 19%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -259,6 +259,8 @@ Patch273: bug77020.patch Patch274: bug77231.patch Patch275: bug77242.patch Patch276: bug77380.patch +Patch277: bug78599.patch +Patch278: bug81719.patch # Fixes for tests (300+) # Backported from 5.5 @@ -976,6 +978,8 @@ support for using the enchant library to PHP. %patch274 -p1 -b .bug77231 %patch275 -p1 -b .bug77242 %patch276 -p1 -b .bug77380 +%patch277 -p1 -b .bug78599 +%patch278 -p1 -b .bug81719 : ------------------------ #exit 1 @@ -990,7 +994,7 @@ support for using the enchant library to PHP. %endif # Prevent %%doc confusion over LICENSE files -cp Zend/LICENSE Zend/ZEND_LICENSE +cp Zend/LICENSE ZEND_LICENSE cp TSRM/LICENSE TSRM_LICENSE cp ext/ereg/regex/COPYRIGHT regex_COPYRIGHT cp ext/gd/libgd/README libgd_README @@ -1645,7 +1649,7 @@ cat << EOF backported from 5.5 or 5.6, The UPGRADE to a maintained version is very strongly RECOMMENDED. -%if %{?fedora}%{!?fedora:99} < 26 +%if %{?fedora}%{!?fedora:99} < 28 WARNING : Fedora %{fedora} is now EOL : You should consider upgrading to a supported release %endif @@ -1674,7 +1678,7 @@ EOF %files common -f files.common %defattr(-,root,root) %doc CODING_STANDARDS CREDITS EXTENSIONS NEWS README* -%license LICENSE Zend/ZEND_* TSRM_LICENSE regex_COPYRIGHT +%license LICENSE ZEND_LICENSE TSRM_LICENSE regex_COPYRIGHT %license libmagic_LICENSE %license phar_LICENSE %doc php.ini-* @@ -1813,6 +1817,13 @@ EOF %changelog +* Thu Jun 23 2022 Remi Collet - 5.4.45-19 +- myqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 + +* Tue Oct 22 2019 Remi Collet - 5.4.45-18 +- FPM: + Fix CVE-2019-11043 env_path_info underflow in fpm_main.c + * Fri Jan 11 2019 Remi Collet - 5.4.45-17 - Fix #77242 heap out of bounds read in xmlrpc_decode - Fix #77380 Global out of bounds read in xmlrpc base64 code -- cgit