From 0d443001c41652e457799d1134de2c2ab6420e08 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 17 Dec 2019 17:57:09 +0100
Subject: - bcmath:   Fix #78878 Buffer underflow in bc_shift_addsub  
 CVE-2019-11046 - core:   Fix #78862 link() silently truncates after a null
 byte on Windows   CVE-2019-11044   Fix #78863 DirectoryIterator class
 silently truncates after a null byte   CVE-2019-11045 - exif   Fix #78793
 Use-after-free in exif parsing under memory sanitizer   CVE-2019-11050   Fix
 #78910 Heap-buffer-overflow READ in exif   CVE-2019-11047 - use oracle client
 library version 19.5 (18.5 on EL-6)

---
 php71.spec | 37 +++++++++++++++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 2 deletions(-)

(limited to 'php71.spec')

diff --git a/php71.spec b/php71.spec
index 2e79d65..bfc90b4 100644
--- a/php71.spec
+++ b/php71.spec
@@ -27,10 +27,14 @@
 %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
 
 %if 0%{?rhel} == 6
+%ifarch x86_64
+%global oraclever 18.5
+%else
 %global oraclever 18.3
+%endif
 %global oraclelib 18.1
 %else
-%global oraclever 19.3
+%global oraclever 19.5
 %global oraclelib 19.1
 %endif
 
@@ -114,7 +118,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 1%{?dist}
+Release: 2%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -1909,6 +1913,19 @@ fi
 %postun embedded -p /sbin/ldconfig
 
 
+%posttrans common
+cat << EOF
+=====================================================================
+
+  WARNING : PHP 7.1 have reached its "End of Life" in
+  December 2019. Even, if this package includes some of
+  the important security fix, backported from 7.2, the
+  UPGRADE to a maintained version is very strongly RECOMMENDED.
+
+=====================================================================
+EOF
+
+
 %{!?_licensedir:%global license %%doc}
 
 %files
@@ -2085,6 +2102,22 @@ fi
 
 
 %changelog
+* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.1.33-2
+- bcmath:
+  Fix #78878 Buffer underflow in bc_shift_addsub
+  CVE-2019-11046
+- core:
+  Fix #78862 link() silently truncates after a null byte on Windows
+  CVE-2019-11044
+  Fix #78863 DirectoryIterator class silently truncates after a null byte
+  CVE-2019-11045
+- exif
+  Fix #78793 Use-after-free in exif parsing under memory sanitizer
+  CVE-2019-11050
+  Fix #78910 Heap-buffer-overflow READ in exif
+  CVE-2019-11047
+- use oracle client library version 19.5 (18.5 on EL-6)
+
 * Wed Oct 23 2019 Remi Collet <remi@remirepo.net> - 7.1.33-1
 - Update to 7.1.33 - http://www.php.net/releases/7_1_33.php
 
-- 
cgit