summaryrefslogtreecommitdiffstats
path: root/php74.spec
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2024-11-22 12:00:06 +0100
committerRemi Collet <remi@php.net>2024-11-22 12:00:06 +0100
commiteae172852222d6ec6c72f93a205650dbf544321d (patch)
tree131f9697236748e166dc166f9aaec4309aa89953 /php74.spec
parent48da71cabffa853e95433f5a7127c2439eb65ea3 (diff)
Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI InterfaceHEADmaster
GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233
Diffstat (limited to 'php74.spec')
-rw-r--r--php74.spec44
1 files changed, 37 insertions, 7 deletions
diff --git a/php74.spec b/php74.spec
index 58dbc96..d3d693e 100644
--- a/php74.spec
+++ b/php74.spec
@@ -58,7 +58,12 @@
%global with_libpcre 0
%endif
-%global with_firebird 1
+# Build firebird extensions, you can disable using --without firebird
+%if 0%{?rhel} == 10
+%bcond_with firebird
+%else
+%bcond_without firebird
+%endif
# Build ZTS extension or only NTS
%ifarch x86_64
@@ -111,7 +116,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
-Release: 18%{?dist}
+Release: 20%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -192,6 +197,11 @@ Patch210: php-cve-2024-8925.patch
Patch211: php-cve-2024-8926.patch
Patch212: php-cve-2024-8927.patch
Patch213: php-cve-2024-9026.patch
+Patch214: php-cve-2024-11236.patch
+Patch215: php-cve-2024-11234.patch
+Patch216: php-cve-2024-8932.patch
+Patch217: php-cve-2024-11233.patch
+Patch218: php-ghsa-4w77-75f9-2c8w.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -713,7 +723,7 @@ Obsoletes: php74-soap, php74w-soap
The php-soap package contains a dynamic shared object that will add
support to PHP for using the SOAP web services protocol.
-%if %{with_firebird}
+%if %{with firebird}
%package pdo-firebird
Summary: PDO driver for Interbase/Firebird databases
Group: Development/Languages
@@ -1217,6 +1227,11 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
%patch -P211 -p1 -b .cve8926
%patch -P212 -p1 -b .cve8927
%patch -P213 -p1 -b .cve9026
+%patch -P214 -p1 -b .cve11236
+%patch -P215 -p1 -b .cve11234
+%patch -P216 -p1 -b .cve8932
+%patch -P217 -p1 -b .cve11233
+%patch -P218 -p1 -b .ghsa4w77
# Fixes for tests related to tzdata
%patch -P300 -p1 -b .datetests
@@ -1490,7 +1505,7 @@ build --libdir=%{_libdir}/php \
--with-oci8=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \
--with-pdo-oci=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \
%endif
-%if %{with_firebird}
+%if %{with firebird}
--with-pdo-firebird=shared \
%endif
--enable-dom=shared \
@@ -1629,7 +1644,7 @@ build --includedir=%{_includedir}/php-zts \
--with-oci8=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \
--with-pdo-oci=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \
%endif
-%if %{with_firebird}
+%if %{with firebird}
--with-pdo-firebird=shared \
%endif
--enable-dom=shared \
@@ -1878,7 +1893,7 @@ for mod in pgsql odbc ldap snmp json \
%if %{with_oci8}
oci8 pdo_oci \
%endif
-%if %{with_firebird}
+%if %{with firebird}
pdo_firebird \
%endif
xmlrpc xmlreader xmlwriter
@@ -2213,7 +2228,7 @@ EOF
%files pspell -f files.pspell
%files intl -f files.intl
%files process -f files.process
-%if %{with_firebird}
+%if %{with firebird}
%files pdo-firebird -f files.pdo_firebird
%endif
%files enchant -f files.enchant
@@ -2236,6 +2251,21 @@ EOF
%changelog
+* Fri Nov 22 2024 Remi Collet <remi@remirepo.net> - 7.4.33-20
+- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
+ GHSA-4w77-75f9-2c8w
+- Fix OOB access in ldap_escape
+ CVE-2024-8932
+- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
+ CVE-2024-11236
+- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
+ CVE-2024-11234
+- Fix Single byte overread with convert.quoted-printable-decode filter
+ CVE-2024-11233
+
+* Fri Nov 15 2024 Remi Collet <remi@remirepo.net> - 7.4.33-19
+- disable firebird on EL-10
+
* Thu Sep 26 2024 Remi Collet <remi@remirepo.net> - 7.4.33-18
- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
CVE-2024-4577