From 5155e7af6ac73b0e341a5c42d1dcee4d2f13ee24 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 17 Dec 2019 17:00:58 +0100
Subject: - bcmath:   Fix #78878 Buffer underflow in bc_shift_addsub  
 CVE-2019-11046 - core:   Fix #78862 link() silently truncates after a null
 byte on Windows   CVE-2019-11044   Fix #78863 DirectoryIterator class
 silently truncates after a null byte   CVE-2019-11045 - exif   Fix #78793
 Use-after-free in exif parsing under memory sanitizer   CVE-2019-11050   Fix
 #78910 Heap-buffer-overflow READ in exif   CVE-2019-11047 - use oracle client
 library version 19.5 (18.5 on EL-6)

---
 php70.spec | 36 +++++++++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

(limited to 'php70.spec')

diff --git a/php70.spec b/php70.spec
index 1dfbed7..359479c 100644
--- a/php70.spec
+++ b/php70.spec
@@ -27,10 +27,14 @@
 %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
 
 %if 0%{?rhel} == 6
+%ifarch x86_64
+%global oraclever 18.5
+%else
 %global oraclever 18.3
+%endif
 %global oraclelib 18.1
 %else
-%global oraclever 19.3
+%global oraclever 19.5
 %global oraclelib 19.1
 %endif
 
@@ -114,7 +118,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 14%{?dist}
+Release: 15%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -201,6 +205,11 @@ Patch224: php-bug77919.patch
 Patch225: php-bug75457.patch
 Patch226: php-bug78380.patch
 Patch227: php-bug78599.patch
+Patch228: php-bug78878.patch
+Patch229: php-bug78862.patch
+Patch230: php-bug78863.patch
+Patch231: php-bug78793.patch
+Patch232: php-bug78910.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -1083,6 +1092,11 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
 %patch225 -p1 -b .bug75457
 %patch226 -p1 -b .bug78380
 %patch227 -p1 -b .bug78599
+%patch228 -p1 -b .bug78878
+%patch229 -p1 -b .bug78862
+%patch230 -p1 -b .bug78863
+%patch231 -p1 -b .bug78793
+%patch232 -p1 -b .bug78910
 
 # Fixes for tests
 %if 0%{?fedora} >= 21 || 0%{?rhel} >= 5
@@ -1877,7 +1891,7 @@ cat << EOF
 
   WARNING : PHP 7.0 have reached its "End of Life" in
   December 2018. Even, if this package includes some of
-  the important security fix, backported from 7.1, the
+  the important security fix, backported from 7.2, the
   UPGRADE to a maintained version is very strongly RECOMMENDED.
 
 =====================================================================
@@ -2117,6 +2131,22 @@ fi
 
 
 %changelog
+* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.0.33-15
+- bcmath:
+  Fix #78878 Buffer underflow in bc_shift_addsub
+  CVE-2019-11046
+- core:
+  Fix #78862 link() silently truncates after a null byte on Windows
+  CVE-2019-11044
+  Fix #78863 DirectoryIterator class silently truncates after a null byte
+  CVE-2019-11045
+- exif
+  Fix #78793 Use-after-free in exif parsing under memory sanitizer
+  CVE-2019-11050
+  Fix #78910 Heap-buffer-overflow READ in exif
+  CVE-2019-11047
+- use oracle client library version 19.5 (18.5 on EL-6)
+
 * Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 7.0.33-14
 - FPM:
   Fix CVE-2019-11043 env_path_info underflow in fpm_main.c
-- 
cgit