From dd857d5102875f14dcbd964c3c1cbe596fd6f0f9 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 3 Feb 2021 09:32:19 +0100 Subject: Fix #80672 Null Dereference in SoapClient CVE-2021-21702 better fix for #77423 --- php72.spec | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'php72.spec') diff --git a/php72.spec b/php72.spec index 5faf838..0def4b0 100644 --- a/php72.spec +++ b/php72.spec @@ -124,7 +124,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 2%{?dist} +Release: 3%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -191,6 +191,7 @@ Patch91: php-7.2.0-oci8conf.patch # Security fixes (200+) Patch200: php-bug77423.patch +Patch201: php-bug80672.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1127,6 +1128,7 @@ low-level PHP extension for the libsodium cryptographic library. # security patches %patch200 -p1 -b .bug77423 +%patch201 -p1 -b .bug80672 # Fixes for tests %if 0%{?fedora} >= 25 || 0%{?rhel} >= 6 @@ -2049,6 +2051,19 @@ fi %endif +%posttrans common +cat << EOF +===================================================================== + + WARNING : PHP 7.2 have reached its "End of Life" in + November 2020. Even, if this package includes some of + the important security fix, backported from 7.3, the + UPGRADE to a maintained version is very strongly RECOMMENDED. + +===================================================================== +EOF + + %{!?_licensedir:%global license %%doc} %files @@ -2227,6 +2242,11 @@ fi %changelog +* Wed Feb 3 2021 Remi Collet - 7.2.34-3 +- Fix #80672 Null Dereference in SoapClient + CVE-2021-21702 +- better fix for #77423 + * Mon Jan 4 2021 Remi Collet - 7.2.34-2 - Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo CVE-2020-7071 -- cgit