summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2022-10-26 12:12:29 +0200
committerRemi Collet <remi@php.net>2022-10-26 12:12:29 +0200
commit8c834989bed43ad4ee8f82cc4704acfdb2adf774 (patch)
tree9317bd8f378bab011c5efe5063af2b86dbe83b03
parent50cd071034ce4430352d4d9bdcd0fb2a5c666ef5 (diff)
add upstream fix for CVE-2022-31630 and CVE-2022-37454
-rw-r--r--php-bug81738.patch113
-rw-r--r--php-bug81739.patch70
-rw-r--r--php74.spec89
3 files changed, 229 insertions, 43 deletions
diff --git a/php-bug81738.patch b/php-bug81738.patch
new file mode 100644
index 0000000..9a3fa1c
--- /dev/null
+++ b/php-bug81738.patch
@@ -0,0 +1,113 @@
+Cleanup from upstream
+
+
+
+From 248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <smalyshev@gmail.com>
+Date: Thu, 20 Oct 2022 23:57:35 -0600
+Subject: [PATCH] Fix bug #81738 (buffer overflow in hash_update() on long
+ parameter)
+
+---
+ NEWS | 4 ++++
+ ext/hash/sha3/generic32lc/KeccakSponge.inc | 14 ++++++++------
+ ext/hash/sha3/generic64lc/KeccakSponge.inc | 14 ++++++++------
+ main/php_version.h | 10 +++++-----
+ 4 files changed, 25 insertions(+), 17 deletions(-)
+
+diff --git a/ext/hash/sha3/generic32lc/KeccakSponge.inc b/ext/hash/sha3/generic32lc/KeccakSponge.inc
+index 42a15aac6d93..f8c42ff788b7 100644
+--- a/ext/hash/sha3/generic32lc/KeccakSponge.inc
++++ b/ext/hash/sha3/generic32lc/KeccakSponge.inc
+@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
+ #ifdef SnP_FastLoop_Absorb
+ /* processing full blocks first */
+ if ((rateInBytes % (SnP_width/200)) == 0) {
+@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
+ }
+ else {
+ /* normal lane: using the message queue */
+- partialBlock = (unsigned int)(dataByteLen - i);
+- if (partialBlock+instance->byteIOIndex > rateInBytes)
++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++ else
++ partialBlock = (unsigned int)(dataByteLen - i);
+ #ifdef KeccakReference
+ displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
+ #endif
+@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
+ for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
+ SnP_Permute(instance->state);
+ SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
+@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
+ SnP_Permute(instance->state);
+ instance->byteIOIndex = 0;
+ }
+- partialBlock = (unsigned int)(dataByteLen - i);
+- if (partialBlock+instance->byteIOIndex > rateInBytes)
++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++ else
++ partialBlock = (unsigned int)(dataByteLen - i);
+ i += partialBlock;
+
+ SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);
+diff --git a/ext/hash/sha3/generic64lc/KeccakSponge.inc b/ext/hash/sha3/generic64lc/KeccakSponge.inc
+index 42a15aac6d93..f8c42ff788b7 100644
+--- a/ext/hash/sha3/generic64lc/KeccakSponge.inc
++++ b/ext/hash/sha3/generic64lc/KeccakSponge.inc
+@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) {
++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) {
+ #ifdef SnP_FastLoop_Absorb
+ /* processing full blocks first */
+ if ((rateInBytes % (SnP_width/200)) == 0) {
+@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat
+ }
+ else {
+ /* normal lane: using the message queue */
+- partialBlock = (unsigned int)(dataByteLen - i);
+- if (partialBlock+instance->byteIOIndex > rateInBytes)
++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++ else
++ partialBlock = (unsigned int)(dataByteLen - i);
+ #ifdef KeccakReference
+ displayBytes(1, "Block to be absorbed (part)", curData, partialBlock);
+ #endif
+@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
+ i = 0;
+ curData = data;
+ while(i < dataByteLen) {
+- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) {
++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) {
+ for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) {
+ SnP_Permute(instance->state);
+ SnP_ExtractBytes(instance->state, curData, 0, rateInBytes);
+@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte
+ SnP_Permute(instance->state);
+ instance->byteIOIndex = 0;
+ }
+- partialBlock = (unsigned int)(dataByteLen - i);
+- if (partialBlock+instance->byteIOIndex > rateInBytes)
++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex)
+ partialBlock = rateInBytes-instance->byteIOIndex;
++ else
++ partialBlock = (unsigned int)(dataByteLen - i);
+ i += partialBlock;
+
+ SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock);
diff --git a/php-bug81739.patch b/php-bug81739.patch
new file mode 100644
index 0000000..f76e8c0
--- /dev/null
+++ b/php-bug81739.patch
@@ -0,0 +1,70 @@
+From d50532be91f054ef9beb1afca2ea94f4a70f7c4d Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Tue, 18 Oct 2022 12:13:16 +0200
+Subject: [PATCH] Fix #81739: OOB read due to insufficient validation in
+ imageloadfont()
+
+If we swap the byte order of the relevant header bytes, we need to make
+sure again that the following multiplication does not overflow.
+---
+ ext/gd/gd.c | 7 +++++++
+ ext/gd/tests/bug81739.phpt | 24 ++++++++++++++++++++++++
+ 2 files changed, 31 insertions(+)
+ create mode 100644 ext/gd/tests/bug81739.phpt
+
+diff --git a/ext/gd/gd.c b/ext/gd/gd.c
+index 336a73969267..fde93bba496f 100644
+--- a/ext/gd/gd.c
++++ b/ext/gd/gd.c
+@@ -1485,6 +1485,12 @@ PHP_FUNCTION(imageloadfont)
+ font->w = FLIPWORD(font->w);
+ font->h = FLIPWORD(font->h);
+ font->nchars = FLIPWORD(font->nchars);
++ if (overflow2(font->nchars, font->h) || overflow2(font->nchars * font->h, font->w )) {
++ php_error_docref(NULL, E_WARNING, "Error reading font, invalid font header");
++ efree(font);
++ php_stream_close(stream);
++ RETURN_FALSE;
++ }
+ body_size = font->w * font->h * font->nchars;
+ }
+
+@@ -1495,6 +1501,7 @@ PHP_FUNCTION(imageloadfont)
+ RETURN_FALSE;
+ }
+
++ ZEND_ASSERT(body_size > 0);
+ font->data = emalloc(body_size);
+ b = 0;
+ while (b < body_size && (n = php_stream_read(stream, &font->data[b], body_size - b)) > 0) {
+diff --git a/ext/gd/tests/bug81739.phpt b/ext/gd/tests/bug81739.phpt
+new file mode 100644
+index 000000000000..cc2a90381bab
+--- /dev/null
++++ b/ext/gd/tests/bug81739.phpt
+@@ -0,0 +1,24 @@
++--TEST--
++Bug #81739 (OOB read due to insufficient validation in imageloadfont())
++--SKIPIF--
++<?php
++if (!extension_loaded("gd")) die("skip gd extension not available");
++?>
++--FILE--
++<?php
++$s = fopen(__DIR__ . "/font.font", "w");
++// header without character data
++fwrite($s, "\x01\x00\x00\x00\x20\x00\x00\x00\x08\x00\x00\x00\x08\x00\x00\x00");
++fclose($s);
++var_dump(imageloadfont(__DIR__ . "/font.font"));
++?>
++--CLEAN--
++<?php
++@unlink(__DIR__ . "/font.font");
++?>
++--EXPECTF--
++Warning: imageloadfont(): %croduct of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
++ in %s on line %d
++
++Warning: imageloadfont(): Error reading font, invalid font header in %s on line %d
++bool(false)
+\ No newline at end of file
diff --git a/php74.spec b/php74.spec
index f578d45..dd55f45 100644
--- a/php74.spec
+++ b/php74.spec
@@ -96,7 +96,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
-Release: 1%{?dist}
+Release: 2%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -160,6 +160,8 @@ Patch91: php-7.2.0-oci8conf.patch
# Upstream fixes (100+)
# Security fixes (200+)
+Patch200: php-bug81738.patch
+Patch201: php-bug81739.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -209,13 +211,11 @@ BuildRequires: %{?dtsprefix}systemtap-sdt-devel
# used for tests
BuildRequires: /bin/ps
-%if 0%{?rhel}
-Obsoletes: php53, php53u, php54w, php55u, php55w, php56u, php56w, mod_php70u, php70w, mod_php71u, mod_php71w, mod_php72u, mod_php72w
+%if 0%{?rhel} == 7
+Obsoletes: php53, php53u, php54, php54w, php55u, php55w, php56u, php56w, mod_php70u, php70w, mod_php71u, mod_php71w, mod_php72u, mod_php72w
Obsoletes: mod_php73, mod_php73w
Obsoletes: mod_php74, mod_php74w
%endif
-# Avoid obsoleting php54 from RHSCL
-Obsoletes: php54 > 5.4
%if %{with zts}
Obsoletes: php-zts < 5.3.7
Provides: php-zts = %{version}-%{release}
@@ -273,7 +273,7 @@ Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-cgi = %{version}-%{release}, php-cgi%{?_isa} = %{version}-%{release}
Provides: php-pcntl, php-pcntl%{?_isa}
Provides: php-readline, php-readline%{?_isa}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-cli, php53u-cli, php54-cli, php54w-cli, php55u-cli, php55w-cli, php56u-cli, php56w-cli
Obsoletes: php70u-cli, php70w-cli, php71u-cli, php71w-cli, php72u-cli, php72w-cli
Obsoletes: php73-cli, php73w-cli
@@ -289,7 +289,7 @@ executing PHP scripts, /usr/bin/php, and the CGI interface.
Group: Development/Languages
Summary: The interactive PHP debugger
Requires: php-common%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php56u-dbg, php56w-phpdbg, php70u-dbg, php70w-phpdbg, php71u-dbg, php71w-phpdbg, php72u-dbg, php72w-phpdbg
Obsoletes: php73-dbg, php73w-phpdbg
Obsoletes: php74-dbg, php74w-phpdbg
@@ -325,7 +325,7 @@ Requires(pre): /usr/sbin/useradd
# Temporarily not mandatory to allow nginx for nginx repo
Recommends: nginx-filesystem
%endif
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-fpm, php53u-fpm, php54-fpm, php54w-fpm, php55u-fpm, php55w-fpm, php56u-fpm, php56w-fpm
Obsoletes: php70u-fpm, php70w-fpm, php71u-fpm, php71w-fpm, php72u-fpm, php72w-fpm
Obsoletes: php73-fpm, php73w-fpm
@@ -342,7 +342,7 @@ any size, especially busier sites.
Summary: LiteSpeed Web Server PHP support
Group: Development/Languages
Requires: php-common%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-litespeed, php53u-litespeed, php54-litespeed, php54w-litespeed, php55u-litespeed, php55w-litespeed, php56u-litespeed, php56w-litespeed
Obsoletes: php70u-litespeed, php70w-litespeed, php71u-litespeed, php71w-litespeed, php72u-litespeed, php72w-litespeed
Obsoletes: php73-litespeed, php73w-litespeed
@@ -402,7 +402,7 @@ Obsoletes: php-pecl-Fileinfo < 1.0.5
Provides: php-pecl-Fileinfo = %{fileinfover}, php-pecl-Fileinfo%{?_isa} = %{fileinfover}
Provides: php-pecl(Fileinfo) = %{fileinfover}, php-pecl(Fileinfo)%{?_isa} = %{fileinfover}
Obsoletes: php-mhash < 5.3.0
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-mhash, php53u-mhash
Obsoletes: php53-common, php53u-common, php54-common, php54w-common, php55u-common, php55w-common, php56u-common, php56w-common
Obsoletes: php70u-common, php70w-common, php71u-common, php71w-common, php72u-common, php72w-common
@@ -433,14 +433,13 @@ Requires: openssl-devel%{?_isa} >= 1.0.1
Requires: pcre2-devel%{?_isa}
%endif
Requires: zlib-devel%{?_isa}
-Obsoletes: php-pecl-pdo-devel
Obsoletes: php-pecl-json-devel < %{version}
Obsoletes: php-pecl-jsonc-devel < %{version}
%if %{with zts}
Provides: php-zts-devel = %{version}-%{release}
Provides: php-zts-devel%{?_isa} = %{version}-%{release}
%endif
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-devel, php53u-devel, php54-devel, php54w-devel, php55u-devel, php55w-devel, php56u-devel, php56w-devel
Obsoletes: php55u-pecl-jsonc-devel, php56u-pecl-jsonc-devel
Obsoletes: php70u-devel, php70w-devel, php71u-devel, php71w-devel, php72u-devel, php72w-devel
@@ -458,12 +457,12 @@ Summary: The Zend OPcache
Group: Development/Languages
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
-Obsoletes: php-pecl-zendopcache
+Obsoletes: php-pecl-zendopcache < 7.0.6
Provides: php-pecl-zendopcache = %{version}
Provides: php-pecl-zendopcache%{?_isa} = %{version}
Provides: php-pecl(opcache) = %{version}
Provides: php-pecl(opcache)%{?_isa} = %{version}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php55u-opcache, php55w-opcache, php56u-opcache, php56w-opcache
Obsoletes: php70u-opcache, php70w-opcache, php71u-opcache, php71w-opcache, php72u-opcache, php72w-opcache
Obsoletes: php73-opcache, php73w-opcache
@@ -483,12 +482,11 @@ Group: Development/Languages
# All files licensed under PHP version 3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
-Obsoletes: mod_php3-imap, stronghold-php-imap
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(krb5-gssapi)
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: libc-client-devel
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-imap, php53u-imap, php54-imap, php54w-imap, php55u-imap, php55w-imap, php56u-imap, php56w-imap
Obsoletes: php70u-imap, php70w-imap, php71u-imap, php71w-imap, php72u-imap, php72w-imap
Obsoletes: php73-imap, php73w-imap
@@ -509,7 +507,7 @@ Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(libsasl2)
BuildRequires: openldap-devel
BuildRequires: openssl-devel >= 1.0.1
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-ldap, php53u-ldap, php54-ldap, php54w-ldap, php55u-ldap, php55w-ldap, php56u-ldap, php56w-ldap
Obsoletes: php70u-ldap, php70w-ldap, php71u-ldap, php71w-ldap, php72u-ldap, php72w-ldap
Obsoletes: php73-ldap, php73w-ldap
@@ -533,7 +531,7 @@ Provides: php-pdo-abi = %{pdover}-%{__isa_bits}
Provides: php(pdo-abi) = %{pdover}-%{__isa_bits}
Provides: php-sqlite3, php-sqlite3%{?_isa}
Provides: php-pdo_sqlite, php-pdo_sqlite%{?_isa}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-pdo, php53u-pdo, php54-pdo, php54w-pdo, php55u-pdo, php55w-pdo, php56u-pdo, php56w-pdo
Obsoletes: php70u-pdo, php70w-pdo, php71u-pdo, php71w-pdo, php72u-pdo, php72w-pdo
Obsoletes: php73-pdo, php73w-pdo
@@ -557,7 +555,7 @@ Provides: php-mysqli = %{version}-%{release}
Provides: php-mysqli%{?_isa} = %{version}-%{release}
Provides: php-pdo_mysql, php-pdo_mysql%{?_isa}
Obsoletes: php-mysql < %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-mysqlnd, php53u-mysqlnd, php54-mysqlnd, php54w-mysqlnd, php55u-mysqlnd, php55w-mysqlnd, php56u-mysqlnd, php56w-mysqlnd
Obsoletes: php70u-mysqlnd, php70w-mysqlnd, php71u-mysqlnd, php71w-mysqlnd, php72u-mysqlnd, php72w-mysqlnd
Obsoletes: php73-mysqlnd, php73w-mysqlnd
@@ -586,7 +584,7 @@ Provides: php-pdo_pgsql, php-pdo_pgsql%{?_isa}
BuildRequires: krb5-devel
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: postgresql-devel
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-pgsql, php53u-pgsql, php54-pgsql, php54w-pgsql, php55u-pgsql, php55w-pgsql, php56u-pgsql, php56w-pgsql
Obsoletes: php70u-pgsql, php70w-pgsql, php71u-pgsql, php71w-pgsql, php72u-pgsql, php72w-pgsql
Obsoletes: php73-pgsql, php73w-pgsql
@@ -612,7 +610,7 @@ Provides: php-shmop, php-shmop%{?_isa}
Provides: php-sysvsem, php-sysvsem%{?_isa}
Provides: php-sysvshm, php-sysvshm%{?_isa}
Provides: php-sysvmsg, php-sysvmsg%{?_isa}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-process, php53u-process, php54-process, php54w-process, php55u-process, php55w-process, php56u-process, php56w-process
Obsoletes: php70u-process, php70w-process, php71u-process, php71w-process, php72u-process, php72w-process
Obsoletes: php73-process, php73w-process
@@ -635,7 +633,7 @@ Provides: php_database
Provides: php-pdo_odbc, php-pdo_odbc%{?_isa}
# EL-7 version don't have pkgconfig
BuildRequires: unixODBC-devel
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-odbc, php53u-odbc, php54-odbc, php54w-odbc, php55u-odbc, php55w-odbc, php56u-odbc, php56w-odbc
Obsoletes: php70u-odbc, php70w-odbc, php71u-odbc, php71w-odbc, php72u-odbc, php72w-odbc
Obsoletes: php73-odbc, php73w-odbc
@@ -658,7 +656,7 @@ Group: Development/Languages
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(libxml-2.0)
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-soap, php53u-soap, php54-soap, php54w-soap, php55u-soap, php55w-soap, php56u-soap, php56w-soap
Obsoletes: php70u-soap, php70w-soap, php71u-soap, php71w-soap, php72u-soap, php72w-soap
Obsoletes: php73-soap, php73w-soap
@@ -679,7 +677,7 @@ BuildRequires: firebird-devel
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database
Provides: php-pdo_firebird, php-pdo_firebird%{?_isa}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-interbase, php53u-interbase, php54-interbase, php54w-interbase, php55u-interbase, php55w-interbase, php56u-interbase, php56w-interbase
Obsoletes: php70u-interbase, php70w-interbase, php71u-interbase, php71w-interbase, php72u-interbase, php72w-interbase
Obsoletes: php73-interbase, php73w-interbase
@@ -708,7 +706,7 @@ Provides: php-pecl(oci8) = %{oci8ver}
Provides: php-pecl(oci8)%{?_isa} = %{oci8ver}
# Should requires libclntsh.so.18.3, but it's not provided by Oracle RPM.
AutoReq: 0
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-oci8, php53u-oci8, php54-oci8, php54w-oci8, php55u-oci8, php55w-oci8, php56u-oci8, php56w-oci8
Obsoletes: php70u-oci8, php70w-oci8, php71u-oci8, php71w-oci8, php72u-oci8, php72w-oci8
Obsoletes: php73-oci8, php73w-oci8
@@ -741,7 +739,7 @@ Group: Development/Languages
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}, net-snmp
BuildRequires: net-snmp-devel
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-snmp, php53u-snmp, php54-snmp, php54w-snmp, php55u-snmp, php55w-snmp, php56u-snmp, php56w-snmp
Obsoletes: php70u-snmp, php70w-snmp, php71u-snmp, php71w-snmp, php72u-snmp, php72w-snmp
Obsoletes: php73-snmp, php73w-snmp
@@ -769,7 +767,7 @@ Provides: php-xsl, php-xsl%{?_isa}
BuildRequires: pkgconfig(libxslt) >= 1.1
BuildRequires: pkgconfig(libexslt)
BuildRequires: pkgconfig(libxml-2.0) >= 2.7.6
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-xml, php53u-xml, php54-xml, php54w-xml, php55u-xml, php55w-xml, php56u-xml, php56w-xml
Obsoletes: php70u-xml, php70w-xml, php71u-xml, php71w-xml, php72u-xml, php72w-xml
Obsoletes: php73-xml, php73w-xml
@@ -788,7 +786,7 @@ Group: Development/Languages
# libXMLRPC is licensed under BSD
License: PHP and BSD
Requires: php-xml%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-xmlrpc, php53u-xmlrpc, php54-xmlrpc, php54w-xmlrpc, php55u-xmlrpc, php55w-xmlrpc, php56u-xmlrpc, php56w-xmlrpc
Obsoletes: php70u-xmlrpc, php70w-xmlrpc, php71u-xmlrpc, php71w-xmlrpc, php72u-xmlrpc, php72w-xmlrpc
Obsoletes: php73-xmlrpc, php73w-xmlrpc
@@ -814,7 +812,7 @@ BuildRequires: oniguruma-devel
%endif
Provides: bundled(libmbfl) = 1.3.2
Requires: php-common%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-mbstring, php53u-mbstring, php54-mbstring, php54w-mbstring, php55u-mbstring, php55w-mbstring, php56u-mbstring, php56w-mbstring
Obsoletes: php70u-mbstring, php70w-mbstring, php71u-mbstring, php71w-mbstring, php72u-mbstring, php72w-mbstring
Obsoletes: php73-mbstring, php73w-mbstring
@@ -848,7 +846,7 @@ BuildRequires: pkgconfig(xpm)
BuildRequires: pkgconfig(libwebp)
Provides: bundled(gd) = 2.0.35
%endif
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-gd, php53u-gd, php54-gd, php54w-gd, php55u-gd, php55w-gd, php56u-gd, php56w-gd
Obsoletes: php70u-gd, php70w-gd, php71u-gd, php71w-gd, php72u-gd, php72w-gd
Obsoletes: php73-gd, php73w-gd
@@ -866,7 +864,7 @@ Group: Development/Languages
# libbcmath is licensed under LGPLv2+
License: PHP and LGPLv2+
Requires: php-common%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-bcmath, php53u-bcmath, php54-bcmath, php54w-bcmath, php55u-bcmath, php55w-bcmath, php56u-bcmath, php56w-bcmath
Obsoletes: php70u-bcmath, php70w-bcmath, php71u-bcmath, php71w-bcmath, php72u-bcmath, php72w-bcmath
Obsoletes: php73-bcmath, php73w-bcmath
@@ -885,7 +883,7 @@ Group: Development/Languages
License: PHP
BuildRequires: gmp-devel
Requires: php-common%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-gmp, php53u-gmp, php54-gmp, php54w-gmp, php55u-gmp, php55w-gmp, php56u-gmp, php56w-gmp
Obsoletes: php70u-gmp, php70w-gmp, php71u-gmp, php71w-gmp, php72u-gmp, php72w-gmp
Obsoletes: php73-gmp, php73w-gmp
@@ -906,7 +904,7 @@ BuildRequires: tokyocabinet-devel
BuildRequires: gdbm-devel
BuildRequires: lmdb-devel
Requires: php-common%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-dba, php53u-dba, php54-dba, php54w-dba, php55u-dba, php55w-dba, php56u-dba, php56w-dba
Obsoletes: php70u-dba, php70w-dba, php71u-dba, php71w-dba, php72u-dba, php72w-dba
Obsoletes: php73-dba, php73w-dba
@@ -924,7 +922,7 @@ Group: Development/Languages
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: libtidy-devel
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-tidy, php53u-tidy, php54-tidy, php54w-tidy, php55u-tidy, php55w-tidy, php56u-tidy, php56w-tidy
Obsoletes: php70u-tidy, php70w-tidy, php71u-tidy, php71w-tidy, php72u-tidy, php72w-tidy
Obsoletes: php73-tidy, php73w-tidy
@@ -943,7 +941,7 @@ Requires: php-pdo%{?_isa} = %{version}-%{release}
BuildRequires: freetds-devel >= 0.91
Provides: php-pdo_dblib, php-pdo_dblib%{?_isa}
Obsoletes: php-mssql < %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-mssql, php53u-mssql, php54-mssql, php54w-mssql, php55u-mssql, php55w-mssql, php56u-mssql, php56w-mssql
Obsoletes: php70u-pdo-dblib, php70w-pdo_dblib, php71u-pdo-dblib, php71w-pdo_dblib, php72u-pdo-dblib, php72w-pdo_dblib
Obsoletes: php73-pdo-dblib, php73w-pdo_dblib
@@ -962,7 +960,7 @@ Requires: php-common%{?_isa} = %{version}-%{release}
# doing a real -devel package for just the .so symlink is a bit overkill
Provides: php-embedded-devel = %{version}-%{release}
Provides: php-embedded-devel%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-embedded, php53u-embedded, php54-embedded, php54w-embedded, php55u-embedded, php55w-embedded, php56u-embedded, php56w-embedded
Obsoletes: php70u-embedded, php70w-embedded, php71u-embedded, php71w-embedded, php72u-embedded, php72w-embedded
Obsoletes: php73-embedded, php73w-embedded
@@ -980,7 +978,7 @@ Group: System Environment/Libraries
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: aspell-devel >= 0.50.0
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-pspell, php53u-pspell, php54-pspell, php54w-pspell, php55u-pspell, php55w-pspell, php56u-pspell, php56w-pspell
Obsoletes: php70u-pspell, php70w-pspell, php71u-pspell, php71w-pspell, php72u-pspell, php72w-pspell
Obsoletes: php73-pspell, php73w-pspell
@@ -1000,7 +998,7 @@ Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(icu-i18n) >= 71
BuildRequires: pkgconfig(icu-io) >= 71
BuildRequires: pkgconfig(icu-uc) >= 71
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-intl, php53u-intl, php54-intl, php54w-intl, php55u-intl, php55w-intl, php56u-intl, php56w-intl
Obsoletes: php70u-intl, php70w-intl, php71u-intl, php71w-intl, php72u-intl, php72w-intl
Obsoletes: php73-intl, php73w-intl
@@ -1018,7 +1016,7 @@ Group: System Environment/Libraries
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(enchant)
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-enchant, php53u-enchant, php54-enchant, php54w-enchant, php55u-enchant, php55w-enchant, php56u-enchant, php56w-enchant
Obsoletes: php70u-enchant, php70w-enchant, php71u-enchant, php71w-enchant, php72u-enchant, php72w-enchant
Obsoletes: php73-enchant, php73w-enchant
@@ -1041,7 +1039,7 @@ Provides: php-pecl(zip) = %{zipver}
Provides: php-pecl(zip)%{?_isa} = %{zipver}
Provides: php-pecl-zip = %{zipver}
Provides: php-pecl-zip%{?_isa} = %{zipver}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-zip, php53u-zip, php54-zip, php54w-zip, php55u-zip, php55w-zip, php56u-zip, php56w-zip
Obsoletes: php70u-zip, php70w-zip, php71u-zip, php71w-zip, php72u-zip, php72w-zip
Obsoletes: php73-zip, php73w-zip
@@ -1068,7 +1066,7 @@ Provides: php-pecl(json) = %{version}
Provides: php-pecl(json)%{?_isa} = %{version}
Provides: php-pecl-json = %{version}
Provides: php-pecl-json%{?_isa} = %{version}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php53-json, php53u-json, php54-json, php54w-json, php55u-json, php55w-json, php56u-json, php56w-json
Obsoletes: php55u-pecl-jsonc, php56u-pecl-jsonc
Obsoletes: php70u-json, php70w-json, php71u-json, php71w-json, php72u-json, php72w-json
@@ -1093,7 +1091,7 @@ Requires: php-common%{?_isa} = %{version}-%{release}
Obsoletes: php-pecl-libsodium2 < 3
Provides: php-pecl(libsodium) = %{version}
Provides: php-pecl(libsodium)%{?_isa} = %{version}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php72u-sodium, php72w-sodium
Obsoletes: php73-sodium, php73w-sodium
Obsoletes: php74-sodium, php74w-sodium
@@ -1112,7 +1110,7 @@ Group: System Environment/Libraries
BuildRequires: pkgconfig(libffi)
Requires: php-common%{?_isa} = %{version}-%{release}
-%if 0%{?rhel}
+%if 0%{?rhel} == 7
Obsoletes: php74-ffi, php74w-ffi
%endif
@@ -1158,6 +1156,8 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
# upstream patches
# security patches
+%patch200 -p1 -b .81738
+%patch201 -p1 -b .81739
# Fixes for tests related to tzdata
%if 0%{?fedora} >= 29 || 0%{?rhel} >= 6
@@ -2165,6 +2165,9 @@ fi
%changelog
+* Wed Oct 26 2022 Remi Collet <remi@remirepo.net> - 7.4.32-2
+- add upstream fix for CVE-2022-31630 and CVE-2022-37454
+
* Wed Sep 28 2022 Remi Collet <remi@remirepo.net> - 7.4.32-1
- Update to 7.4.32 - http://www.php.net/releases/7_4_32.php
- use ICU 71.1