summaryrefslogtreecommitdiffstats
path: root/php.spec
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-01-09 14:51:03 +0100
committerRemi Collet <remi@remirepo.net>2019-01-09 14:51:03 +0100
commit8b6a473e92cb71c2b5d5289c050dec5b83b5fd6f (patch)
tree9dc37c9e8dd266acfd5d3c5a01907c10b34f7e9a /php.spec
parent022c16b4244a74cae83e8895cf88d32eaa5fde0e (diff)
- core:
Fix #77369 memcpy with negative length via crafted DNS response - mbstring: Fix #77370 buffer overflow on mb regex functions - fetch_token Fix #77371 heap buffer overflow in mb regex functions compile_string_node Fix #77381 heap buffer overflow in multibyte match_at Fix #77382 heap buffer overflow in expand_case_fold_string Fix #77385 buffer overflow in fetch_token Fix #77394 buffer overflow in multibyte case folding - unicode Fix #77418 heap overflow in utf32be_mbc_to_code - phar: Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext - xmlrpc: Fix #77242 heap out of bounds read in xmlrpc_decode Fix #77380 global out of bounds read in xmlrpc base64 code
Diffstat (limited to 'php.spec')
-rw-r--r--php.spec39
1 files changed, 38 insertions, 1 deletions
diff --git a/php.spec b/php.spec
index 42de827..aa82877 100644
--- a/php.spec
+++ b/php.spec
@@ -126,7 +126,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: %{upver}%{?rcver:~%{rcver}}
-Release: 1%{?dist}
+Release: 2%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -187,8 +187,17 @@ Patch91: php-5.6.3-oci8conf.patch
# Upstream fixes (100+)
Patch100: https://github.com/php/php-src/commit/be50a72715c141befe6f34ece660745da894aaf3.patch
Patch101: https://github.com/php/php-src/commit/2ef8809ef3beb5f58b81dcff49bdcde4d2cb8426.patch
+Patch102: php-openssl-cert.patch
# Security fixes (200+)
+Patch200: php-bug77242.patch
+Patch201: php-bug77247.patch
+Patch202: php-bug77370.patch
+Patch203: php-bug77371.patch
+Patch204: php-bug77380.patch
+Patch205: php-bug77381.patch
+Patch206: php-bug77369.patch
+Patch207: php-bug77418.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -919,8 +928,19 @@ support for JavaScript Object Notation (JSON) to PHP.
# upstream patches
%patch100 -p1 -b .up1
%patch101 -p1 -b .up2
+%patch102 -p1 -b .up3
# security patches
+%patch200 -p1 -b .bug77242
+%patch201 -p1 -b .bug77247
+%patch202 -p1 -b .bug77370
+%patch203 -p1 -b .bug77371
+%patch204 -p1 -b .bug77380
+%patch205 -p1 -b .bug77381
+%patch206 -p1 -b .bug77369
+%patch207 -p1 -b .bug77418
+: ---------------------------
+#exit 1
# Fixes for tests
%patch300 -p1 -b .datetests
@@ -1854,6 +1874,23 @@ fi
%changelog
+* Wed Jan 9 2019 Remi Collet <remi@remirepo.net> - 7.0.33-2
+- core:
+ Fix #77369 memcpy with negative length via crafted DNS response
+- mbstring:
+ Fix #77370 buffer overflow on mb regex functions - fetch_token
+ Fix #77371 heap buffer overflow in mb regex functions compile_string_node
+ Fix #77381 heap buffer overflow in multibyte match_at
+ Fix #77382 heap buffer overflow in expand_case_fold_string
+ Fix #77385 buffer overflow in fetch_token
+ Fix #77394 buffer overflow in multibyte case folding - unicode
+ Fix #77418 heap overflow in utf32be_mbc_to_code
+- phar:
+ Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext
+- xmlrpc:
+ Fix #77242 heap out of bounds read in xmlrpc_decode
+ Fix #77380 global out of bounds read in xmlrpc base64 code
+
* Wed Dec 5 2018 Remi Collet <remi@remirepo.net> - 7.0.33-1
- Update to 7.0.33 - http://www.php.net/releases/7_0_33.php
- use oracle client library version 18.3