From 085dc3fefbdfe97d2b44a965081c2bd0d6a9253e Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 4 Aug 2020 07:58:28 +0200
Subject: Core:   Fix #79877 getimagesize function silently truncates after a
 null byte Phar:   Fix #79797 use of freed hash key in the phar_parse_zipfile
 function   CVE-2020-7068

---
 php56.spec | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'php56.spec')

diff --git a/php56.spec b/php56.spec
index 44749bd..465049b 100644
--- a/php56.spec
+++ b/php56.spec
@@ -152,7 +152,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.6.40
-Release: 21%{?dist}
+Release: 22%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -192,6 +192,7 @@ Patch6: php-5.6.3-embed.patch
 Patch7: php-5.3.0-recode.patch
 Patch8: php-5.6.17-libdb.patch
 Patch9: php-5.5.30-curl.patch
+Patch10: php-5.6.37-icu62.patch
 
 # Functional changes
 Patch40: php-5.4.0-dlopen.patch
@@ -249,6 +250,8 @@ Patch239: php-bug79329.patch
 Patch240: php-bug79330.patch
 Patch241: php-bug79465.patch
 Patch242: php-bug78875.patch
+Patch243: php-bug79797.patch
+Patch244: php-bug79877.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -997,6 +1000,9 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
 %if 0%{?rhel}
 %patch9 -p1 -b .curltls
 %endif
+%if 0%{?fedora} >= 29 || 0%{?rhel} >= 7
+%patch10 -p1 -b .icu62
+%endif
 
 %patch40 -p1 -b .dlopen
 %patch41 -p1 -b .dtrace
@@ -1051,6 +1057,8 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
 %patch240 -p1 -b .bug79330
 %patch241 -p1 -b .bug79465
 %patch242 -p1 -b .bug78875
+%patch243 -p1 -b .bug79797
+%patch244 -p1 -b .bug79877
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
@@ -2107,6 +2115,13 @@ EOF
 
 
 %changelog
+* Tue Aug  4 2020 Remi Collet <remi@remirepo.net> - 5.6.40-22
+- Core:
+  Fix #79877 getimagesize function silently truncates after a null byte
+- Phar:
+  Fix #79797 use of freed hash key in the phar_parse_zipfile function
+  CVE-2020-7068
+
 * Wed May 13 2020 Remi Collet <remi@remirepo.net> - 5.6.40-21
 - Core:
   Fix #78875 Long filenames cause OOM and temp files are not cleaned
-- 
cgit