diff options
| author | Remi Collet <remi@remirepo.net> | 2026-02-18 08:12:00 +0100 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2026-02-18 08:12:00 +0100 |
| commit | 5145912848dfacc957b649c7a44c159bb1f1edf4 (patch) | |
| tree | bee015fd0f115319c074d0cccc43be2e2d3f895f /php72.spec | |
| parent | 91c8e7e3b1573d64222ecc3c2dfceabaa667f86f (diff) | |
CVE-2025-14178
use oracle client library version 23.26 on x86_64 and aarch64
Diffstat (limited to 'php72.spec')
| -rw-r--r-- | php72.spec | 25 |
1 files changed, 9 insertions, 16 deletions
@@ -25,17 +25,10 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%ifarch aarch64 -%global oraclever 19.24 -%global oraclemax 20 -%global oraclelib 19.1 -%global oracledir 19.24 -%else -%global oraclever 23.6 +%global oraclever 23.26.1 %global oraclemax 24 %global oraclelib 23.1 %global oracledir 23 -%endif # Build for LiteSpeed Web Server (LSAPI) %global with_lsws 1 @@ -123,7 +116,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 25%{?dist} +Release: 26%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -221,6 +214,7 @@ Patch227: php-cve-2024-11234.patch Patch228: php-cve-2024-8932.patch Patch229: php-cve-2024-11233.patch Patch230: php-ghsa-4w77-75f9-2c8w.patch +Patch231: php-cve-2025-14178.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -731,14 +725,7 @@ Summary: A module for PHP applications that use OCI8 databases Group: Development/Languages # All files licensed under PHP version 3.01 License: PHP -%ifarch aarch64 -BuildRequires: oracle-instantclient%{oraclever}-devel -# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM. -Requires: libclntsh.so.%{oraclelib} -AutoReq: 0 -%else BuildRequires: (oracle-instantclient-devel >= %{oraclever} with oracle-instantclient-devel < %{oraclemax}) -%endif Requires: php-pdo%{?_isa} = %{version}-%{release} Provides: php_database Provides: php-pdo_oci, php-pdo_oci%{?_isa} @@ -1187,6 +1174,7 @@ low-level PHP extension for the libsodium cryptographic library. %patch -P228 -p1 -b .cve8932 %patch -P229 -p1 -b .cve11233 %patch -P230 -p1 -b .ghsa4w77 +%patch -P231 -p1 -b .cve14178 # Fixes for tests %if 0%{?fedora} >= 25 || 0%{?rhel} >= 6 @@ -2294,6 +2282,11 @@ EOF %changelog +* Tue Feb 17 2026 Remi Collet <remi@remirepo.net> - 7.2.34-26 +- Fix Heap buffer overflow in array_merge() + CVE-2025-14178 +- use oracle client library version 23.26 on x86_64 and aarch64 + * Tue Nov 26 2024 Remi Collet <remi@remirepo.net> - 7.2.34-25 - Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w |