From 481be4358eae0ab5fdff7f22c7bbe05aa7c9d6b0 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 26 Oct 2022 11:59:28 +0200
Subject: add upstream fix for CVE-2022-31630 and CVE-2022-37454

---
 php.spec | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'php.spec')

diff --git a/php.spec b/php.spec
index 02c4131..f0d5b15 100644
--- a/php.spec
+++ b/php.spec
@@ -110,7 +110,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name:    %{?scl_prefix}php
 Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}}
-Release: 1%{?dist}
+Release: 2%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -175,6 +175,8 @@ Patch91: php-7.2.0-oci8conf.patch
 # Upstream fixes (100+)
 
 # Security fixes (200+)
+Patch200: php-bug81738.patch
+Patch201: php-bug81739.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -953,6 +955,8 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
 # upstream patches
 
 # security patches
+%patch200 -p1 -b .81738
+%patch201 -p1 -b .81739
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
@@ -1829,6 +1833,9 @@ fi
 
 
 %changelog
+* Wed Oct 26 2022 Remi Collet <remi@remirepo.net> - 7.4.32-2
+- add upstream fix for CVE-2022-31630 and CVE-2022-37454
+
 * Wed Sep 28 2022 Remi Collet <remi@remirepo.net> - 7.4.32-1
 - Update to 7.4.32 - http://www.php.net/releases/7_4_32.php
 - use ICU 71.1
-- 
cgit