From e54a5af5d27b5455ff2c895a37a047f7e8409f5d Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 4 Aug 2020 08:34:50 +0200
Subject: Core:   Fix #79877 getimagesize function silently truncates after a
 null byte Phar:   Fix #79797 use of freed hash key in the phar_parse_zipfile
 function   CVE-2020-7068

---
 php70.spec | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'php70.spec')

diff --git a/php70.spec b/php70.spec
index d73e996..4c86b72 100644
--- a/php70.spec
+++ b/php70.spec
@@ -118,7 +118,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 21%{?dist}
+Release: 22%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -156,6 +156,7 @@ Patch6: php-5.6.3-embed.patch
 Patch7: php-5.3.0-recode.patch
 Patch8: php-7.0.2-libdb.patch
 Patch9: php-7.0.7-curl.patch
+Patch10: php-7.0.31-icu62.patch
 
 # Functional changes
 Patch40: php-7.0.17-dlopen.patch
@@ -220,6 +221,8 @@ Patch240: php-bug79330.patch
 Patch241: php-bug79465.patch
 Patch242: php-bug78875.patch
 Patch243: php-bug78876.patch
+Patch244: php-bug79797.patch
+Patch245: php-bug79877.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -1057,6 +1060,9 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
 %if 0%{?rhel}
 %patch9 -p1 -b .curltls
 %endif
+%if 0%{?fedora} >= 29 || 0%{?rhel} >= 7
+%patch10 -p1 -b .icu62
+%endif
 
 %patch40 -p1 -b .dlopen
 %if 0%{?fedora} >= 28 || 0%{?rhel} >= 6
@@ -1119,6 +1125,8 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi
 %patch241 -p1 -b .bug79465
 %patch242 -p1 -b .bug78875
 %patch243 -p1 -b .bug78876
+%patch244 -p1 -b .bug79797
+%patch245 -p1 -b .bug79877
 
 # Fixes for tests
 %if 0%{?fedora} >= 21 || 0%{?rhel} >= 5
@@ -2156,6 +2164,13 @@ fi
 
 
 %changelog
+* Tue Aug  4 2020 Remi Collet <remi@remirepo.net> - 7.0.33-22
+- Core:
+  Fix #79877 getimagesize function silently truncates after a null byte
+- Phar:
+  Fix #79797 use of freed hash key in the phar_parse_zipfile function
+  CVE-2020-7068
+
 * Tue May 12 2020 Remi Collet <remi@remirepo.net> - 7.0.33-21
 - Core:
   Fix #78875 Long filenames cause OOM and temp files are not cleaned
-- 
cgit