From 95899ed7c0cd80537182cf0273e1675a2814756d Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Sat, 10 Dec 2016 19:49:27 +0100
Subject: PHP 5.5.38 with 1 minor security fix from 5.6.29

---
 php55.spec | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'php55.spec')

diff --git a/php55.spec b/php55.spec
index 58e0997..e73cde6 100644
--- a/php55.spec
+++ b/php55.spec
@@ -141,7 +141,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.5.38
-Release: 5%{?dist}
+Release: 6%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -251,6 +251,7 @@ Patch145: bug73331.patch
 Patch146: bug73144.patch
 Patch147: bug73418.patch
 Patch148: bug73356.patch
+Patch149: bug73631.patch
 
 # Security fixes (200+)
 
@@ -1065,6 +1066,7 @@ rm -rf ext/json
 %patch146 -p1 -b .bug73144
 %patch147 -p1 -b .bug73418
 %patch148 -p1 -b .bug73356
+%patch149 -p1 -b .bug73631
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
@@ -2087,16 +2089,20 @@ EOF
 
 
 %changelog
-* Wed Nov  9 2016 Remi Collet <remi@remirepo.net> 5.5.38-5
+* Sat Dec 10 2016 Remi Collet <remi@remirepo.net> - 5.5.38-6
+- fix #73631: Invalid read when wddx decodes empty boolean element
+
+* Wed Nov  9 2016 Remi Collet <remi@remirepo.net> - 5.5.38-5
 - fix #73418: Integer Overflow in "_php_imap_mail" leads Heap Overflow
 - fix #73144: Use-after-free in ArrayObject Deserialization
 - fix #73356: crash in bzcompress function
 - fix #73331: NULL Pointer Deref. in WDDX Packet Deserialization with PDORow
 
-* Sat Oct 15 2016 Remi Collet <remi@remirepo.net> 5.5.38-4
+* Sat Oct 15 2016 Remi Collet <remi@remirepo.net> - 5.5.38-4
 - fix #73189: Memcpy negative size parameter php_resolve_path
 - fix #72581: previous property undefined in Exception after deserialization
 - fix #73147: Use After Free in unserialize
+  CVE-2016-9137
 - fix #73190: memcpy negative parameter _bc_new_num_ex
 - fix #73150: missing NULL check in dom_document_save_html
 - fix #73284: heap overflow in php_ereg_replace function
@@ -2106,7 +2112,6 @@ EOF
 - fix #73082: string length overflow in mb_encode_* function
 - fix #73174: heap overflow in php_pcre_replace_impl
 - fix #73275: crash in openssl_encrypt function
-- fix #73275: crash in openssl_encrypt function
 - fix #73293: NULL pointer dereference in SimpleXMLElement::asXML
 - fix #73240: Write out of bounds at number_format
 - fix #73017: memory corruption in wordwrap function
-- 
cgit