summaryrefslogtreecommitdiffstats
path: root/php56.spec
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-03-12 11:05:36 +0100
committerRemi Collet <remi@remirepo.net>2019-03-12 11:05:36 +0100
commit487228faab4397c1a4e3e396eb44a29da6b73615 (patch)
tree769a6646056dc1d4a62fb425a1e235666e6537d4 /php56.spec
parentd6aa332b0d41064fbd54fa69fd1d7ff62252ea94 (diff)
- phar:
Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename Fix #77586 - phar_tar_writeheaders_int() buffer overflow - spl: Fix #77431 openFile() silently truncates after a null byte - security fix synced with https://github.com/Microsoft/php-src/
Diffstat (limited to 'php56.spec')
-rw-r--r--php56.spec28
1 files changed, 23 insertions, 5 deletions
diff --git a/php56.spec b/php56.spec
index 945c160..d01750a 100644
--- a/php56.spec
+++ b/php56.spec
@@ -142,7 +142,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: 5.6.40
-Release: 4%{?dist}
+Release: 5%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -203,9 +203,15 @@ Patch91: php-5.6.3-oci8conf.patch
Patch100: php-5.6.31-oci.patch
# Security fixes (200+)
+# See https://github.com/Microsoft/php-src/commits/PHP-5.6-security-backports
+Patch208: php-bug77396.patch
+Patch209: php-bug77431.patch
Patch210: php-bug77540.patch
Patch211: php-bug77563.patch
+Patch212: php-bug77586.patch
Patch213: php-bug77630.patch
+# update NEWS file with backport information
+Patch299: php-news.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -965,9 +971,13 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
%patch100 -p1 -b .pdo_oci
# security patches
+%patch208 -p1 -b .bug77396
+%patch209 -p1 -b .bug77431
%patch210 -p1 -b .bug77540
%patch211 -p1 -b .bug77563
+%patch212 -p1 -b .bug77586
%patch213 -p1 -b .bug77630
+%patch299 -p1 -b .backport
# Fixes for tests
%patch300 -p1 -b .datetests
@@ -1819,10 +1829,10 @@ fi
cat << EOF
=====================================================================
- WARNING : PHP 5.6 have reached its "End of Life" in January 2019.
- Even, if this package includes some of the important security fix,
- backported from 7.1,
- The UPGRADE to a maintained version is very strongly RECOMMENDED.
+ WARNING : PHP 5.6 have reached its "End of Life" in
+ January 2019. Even, if this package includes some of
+ the important security fix, backported from 7.1, the
+ UPGRADE to a maintained version is very strongly RECOMMENDED.
=====================================================================
EOF
@@ -1998,6 +2008,14 @@ EOF
%changelog
+* Tue Mar 12 2019 Remi Collet <remi@remirepo.net> - 5.6.40-5
+- phar:
+ Fix #77396 Null Pointer Dereference in phar_create_or_parse_filename
+ Fix #77586 - phar_tar_writeheaders_int() buffer overflow
+- spl:
+ Fix #77431 openFile() silently truncates after a null byte
+- security fix synced with https://github.com/Microsoft/php-src/
+
* Tue Mar 5 2019 Remi Collet <remi@remirepo.net> - 5.6.40-4
- Fix #77630 rename() across the device may allow unwanted access
during processing