summaryrefslogtreecommitdiffstats
path: root/php70.spec
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-12-17 17:00:58 +0100
committerRemi Collet <remi@remirepo.net>2019-12-17 17:00:58 +0100
commit5155e7af6ac73b0e341a5c42d1dcee4d2f13ee24 (patch)
tree3e4a58f8e73e87866a134d97dc709180881717ba /php70.spec
parent91fb9e67870e51cc69fd08e588a153c5f7e186ed (diff)
- bcmath:
Fix #78878 Buffer underflow in bc_shift_addsub CVE-2019-11046 - core: Fix #78862 link() silently truncates after a null byte on Windows CVE-2019-11044 Fix #78863 DirectoryIterator class silently truncates after a null byte CVE-2019-11045 - exif Fix #78793 Use-after-free in exif parsing under memory sanitizer CVE-2019-11050 Fix #78910 Heap-buffer-overflow READ in exif CVE-2019-11047 - use oracle client library version 19.5 (18.5 on EL-6)
Diffstat (limited to 'php70.spec')
-rw-r--r--php70.spec36
1 files changed, 33 insertions, 3 deletions
diff --git a/php70.spec b/php70.spec
index 1dfbed7..359479c 100644
--- a/php70.spec
+++ b/php70.spec
@@ -27,10 +27,14 @@
%global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
%if 0%{?rhel} == 6
+%ifarch x86_64
+%global oraclever 18.5
+%else
%global oraclever 18.3
+%endif
%global oraclelib 18.1
%else
-%global oraclever 19.3
+%global oraclever 19.5
%global oraclelib 19.1
%endif
@@ -114,7 +118,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
-Release: 14%{?dist}
+Release: 15%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -201,6 +205,11 @@ Patch224: php-bug77919.patch
Patch225: php-bug75457.patch
Patch226: php-bug78380.patch
Patch227: php-bug78599.patch
+Patch228: php-bug78878.patch
+Patch229: php-bug78862.patch
+Patch230: php-bug78863.patch
+Patch231: php-bug78793.patch
+Patch232: php-bug78910.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -1083,6 +1092,11 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
%patch225 -p1 -b .bug75457
%patch226 -p1 -b .bug78380
%patch227 -p1 -b .bug78599
+%patch228 -p1 -b .bug78878
+%patch229 -p1 -b .bug78862
+%patch230 -p1 -b .bug78863
+%patch231 -p1 -b .bug78793
+%patch232 -p1 -b .bug78910
# Fixes for tests
%if 0%{?fedora} >= 21 || 0%{?rhel} >= 5
@@ -1877,7 +1891,7 @@ cat << EOF
WARNING : PHP 7.0 have reached its "End of Life" in
December 2018. Even, if this package includes some of
- the important security fix, backported from 7.1, the
+ the important security fix, backported from 7.2, the
UPGRADE to a maintained version is very strongly RECOMMENDED.
=====================================================================
@@ -2117,6 +2131,22 @@ fi
%changelog
+* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.0.33-15
+- bcmath:
+ Fix #78878 Buffer underflow in bc_shift_addsub
+ CVE-2019-11046
+- core:
+ Fix #78862 link() silently truncates after a null byte on Windows
+ CVE-2019-11044
+ Fix #78863 DirectoryIterator class silently truncates after a null byte
+ CVE-2019-11045
+- exif
+ Fix #78793 Use-after-free in exif parsing under memory sanitizer
+ CVE-2019-11050
+ Fix #78910 Heap-buffer-overflow READ in exif
+ CVE-2019-11047
+- use oracle client library version 19.5 (18.5 on EL-6)
+
* Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 7.0.33-14
- FPM:
Fix CVE-2019-11043 env_path_info underflow in fpm_main.c