From 8c834989bed43ad4ee8f82cc4704acfdb2adf774 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 26 Oct 2022 12:12:29 +0200 Subject: add upstream fix for CVE-2022-31630 and CVE-2022-37454 --- php-bug81738.patch | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++++ php-bug81739.patch | 70 +++++++++++++++++++++++++++++++++ php74.spec | 89 +++++++++++++++++++++-------------------- 3 files changed, 229 insertions(+), 43 deletions(-) create mode 100644 php-bug81738.patch create mode 100644 php-bug81739.patch diff --git a/php-bug81738.patch b/php-bug81738.patch new file mode 100644 index 0000000..9a3fa1c --- /dev/null +++ b/php-bug81738.patch @@ -0,0 +1,113 @@ +Cleanup from upstream + + + +From 248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd Mon Sep 17 00:00:00 2001 +From: Stanislav Malyshev +Date: Thu, 20 Oct 2022 23:57:35 -0600 +Subject: [PATCH] Fix bug #81738 (buffer overflow in hash_update() on long + parameter) + +--- + NEWS | 4 ++++ + ext/hash/sha3/generic32lc/KeccakSponge.inc | 14 ++++++++------ + ext/hash/sha3/generic64lc/KeccakSponge.inc | 14 ++++++++------ + main/php_version.h | 10 +++++----- + 4 files changed, 25 insertions(+), 17 deletions(-) + +diff --git a/ext/hash/sha3/generic32lc/KeccakSponge.inc b/ext/hash/sha3/generic32lc/KeccakSponge.inc +index 42a15aac6d93..f8c42ff788b7 100644 +--- a/ext/hash/sha3/generic32lc/KeccakSponge.inc ++++ b/ext/hash/sha3/generic32lc/KeccakSponge.inc +@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) { + #ifdef SnP_FastLoop_Absorb + /* processing full blocks first */ + if ((rateInBytes % (SnP_width/200)) == 0) { +@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + } + else { + /* normal lane: using the message queue */ +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + #ifdef KeccakReference + displayBytes(1, "Block to be absorbed (part)", curData, partialBlock); + #endif +@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) { + for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) { + SnP_Permute(instance->state); + SnP_ExtractBytes(instance->state, curData, 0, rateInBytes); +@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + SnP_Permute(instance->state); + instance->byteIOIndex = 0; + } +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + i += partialBlock; + + SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock); +diff --git a/ext/hash/sha3/generic64lc/KeccakSponge.inc b/ext/hash/sha3/generic64lc/KeccakSponge.inc +index 42a15aac6d93..f8c42ff788b7 100644 +--- a/ext/hash/sha3/generic64lc/KeccakSponge.inc ++++ b/ext/hash/sha3/generic64lc/KeccakSponge.inc +@@ -160,7 +160,7 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == 0) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == 0) && (dataByteLen-i >= rateInBytes)) { + #ifdef SnP_FastLoop_Absorb + /* processing full blocks first */ + if ((rateInBytes % (SnP_width/200)) == 0) { +@@ -186,9 +186,10 @@ int SpongeAbsorb(SpongeInstance *instance, const unsigned char *data, size_t dat + } + else { + /* normal lane: using the message queue */ +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + #ifdef KeccakReference + displayBytes(1, "Block to be absorbed (part)", curData, partialBlock); + #endif +@@ -263,7 +264,7 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + i = 0; + curData = data; + while(i < dataByteLen) { +- if ((instance->byteIOIndex == rateInBytes) && (dataByteLen >= (i + rateInBytes))) { ++ if ((instance->byteIOIndex == rateInBytes) && (dataByteLen-i >= rateInBytes)) { + for(j=dataByteLen-i; j>=rateInBytes; j-=rateInBytes) { + SnP_Permute(instance->state); + SnP_ExtractBytes(instance->state, curData, 0, rateInBytes); +@@ -280,9 +281,10 @@ int SpongeSqueeze(SpongeInstance *instance, unsigned char *data, size_t dataByte + SnP_Permute(instance->state); + instance->byteIOIndex = 0; + } +- partialBlock = (unsigned int)(dataByteLen - i); +- if (partialBlock+instance->byteIOIndex > rateInBytes) ++ if (dataByteLen-i > rateInBytes-instance->byteIOIndex) + partialBlock = rateInBytes-instance->byteIOIndex; ++ else ++ partialBlock = (unsigned int)(dataByteLen - i); + i += partialBlock; + + SnP_ExtractBytes(instance->state, curData, instance->byteIOIndex, partialBlock); diff --git a/php-bug81739.patch b/php-bug81739.patch new file mode 100644 index 0000000..f76e8c0 --- /dev/null +++ b/php-bug81739.patch @@ -0,0 +1,70 @@ +From d50532be91f054ef9beb1afca2ea94f4a70f7c4d Mon Sep 17 00:00:00 2001 +From: "Christoph M. Becker" +Date: Tue, 18 Oct 2022 12:13:16 +0200 +Subject: [PATCH] Fix #81739: OOB read due to insufficient validation in + imageloadfont() + +If we swap the byte order of the relevant header bytes, we need to make +sure again that the following multiplication does not overflow. +--- + ext/gd/gd.c | 7 +++++++ + ext/gd/tests/bug81739.phpt | 24 ++++++++++++++++++++++++ + 2 files changed, 31 insertions(+) + create mode 100644 ext/gd/tests/bug81739.phpt + +diff --git a/ext/gd/gd.c b/ext/gd/gd.c +index 336a73969267..fde93bba496f 100644 +--- a/ext/gd/gd.c ++++ b/ext/gd/gd.c +@@ -1485,6 +1485,12 @@ PHP_FUNCTION(imageloadfont) + font->w = FLIPWORD(font->w); + font->h = FLIPWORD(font->h); + font->nchars = FLIPWORD(font->nchars); ++ if (overflow2(font->nchars, font->h) || overflow2(font->nchars * font->h, font->w )) { ++ php_error_docref(NULL, E_WARNING, "Error reading font, invalid font header"); ++ efree(font); ++ php_stream_close(stream); ++ RETURN_FALSE; ++ } + body_size = font->w * font->h * font->nchars; + } + +@@ -1495,6 +1501,7 @@ PHP_FUNCTION(imageloadfont) + RETURN_FALSE; + } + ++ ZEND_ASSERT(body_size > 0); + font->data = emalloc(body_size); + b = 0; + while (b < body_size && (n = php_stream_read(stream, &font->data[b], body_size - b)) > 0) { +diff --git a/ext/gd/tests/bug81739.phpt b/ext/gd/tests/bug81739.phpt +new file mode 100644 +index 000000000000..cc2a90381bab +--- /dev/null ++++ b/ext/gd/tests/bug81739.phpt +@@ -0,0 +1,24 @@ ++--TEST-- ++Bug #81739 (OOB read due to insufficient validation in imageloadfont()) ++--SKIPIF-- ++ ++--FILE-- ++ ++--CLEAN-- ++ ++--EXPECTF-- ++Warning: imageloadfont(): %croduct of memory allocation multiplication would exceed INT_MAX, failing operation gracefully ++ in %s on line %d ++ ++Warning: imageloadfont(): Error reading font, invalid font header in %s on line %d ++bool(false) +\ No newline at end of file diff --git a/php74.spec b/php74.spec index f578d45..dd55f45 100644 --- a/php74.spec +++ b/php74.spec @@ -96,7 +96,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -160,6 +160,8 @@ Patch91: php-7.2.0-oci8conf.patch # Upstream fixes (100+) # Security fixes (200+) +Patch200: php-bug81738.patch +Patch201: php-bug81739.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -209,13 +211,11 @@ BuildRequires: %{?dtsprefix}systemtap-sdt-devel # used for tests BuildRequires: /bin/ps -%if 0%{?rhel} -Obsoletes: php53, php53u, php54w, php55u, php55w, php56u, php56w, mod_php70u, php70w, mod_php71u, mod_php71w, mod_php72u, mod_php72w +%if 0%{?rhel} == 7 +Obsoletes: php53, php53u, php54, php54w, php55u, php55w, php56u, php56w, mod_php70u, php70w, mod_php71u, mod_php71w, mod_php72u, mod_php72w Obsoletes: mod_php73, mod_php73w Obsoletes: mod_php74, mod_php74w %endif -# Avoid obsoleting php54 from RHSCL -Obsoletes: php54 > 5.4 %if %{with zts} Obsoletes: php-zts < 5.3.7 Provides: php-zts = %{version}-%{release} @@ -273,7 +273,7 @@ Requires: php-common%{?_isa} = %{version}-%{release} Provides: php-cgi = %{version}-%{release}, php-cgi%{?_isa} = %{version}-%{release} Provides: php-pcntl, php-pcntl%{?_isa} Provides: php-readline, php-readline%{?_isa} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-cli, php53u-cli, php54-cli, php54w-cli, php55u-cli, php55w-cli, php56u-cli, php56w-cli Obsoletes: php70u-cli, php70w-cli, php71u-cli, php71w-cli, php72u-cli, php72w-cli Obsoletes: php73-cli, php73w-cli @@ -289,7 +289,7 @@ executing PHP scripts, /usr/bin/php, and the CGI interface. Group: Development/Languages Summary: The interactive PHP debugger Requires: php-common%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php56u-dbg, php56w-phpdbg, php70u-dbg, php70w-phpdbg, php71u-dbg, php71w-phpdbg, php72u-dbg, php72w-phpdbg Obsoletes: php73-dbg, php73w-phpdbg Obsoletes: php74-dbg, php74w-phpdbg @@ -325,7 +325,7 @@ Requires(pre): /usr/sbin/useradd # Temporarily not mandatory to allow nginx for nginx repo Recommends: nginx-filesystem %endif -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-fpm, php53u-fpm, php54-fpm, php54w-fpm, php55u-fpm, php55w-fpm, php56u-fpm, php56w-fpm Obsoletes: php70u-fpm, php70w-fpm, php71u-fpm, php71w-fpm, php72u-fpm, php72w-fpm Obsoletes: php73-fpm, php73w-fpm @@ -342,7 +342,7 @@ any size, especially busier sites. Summary: LiteSpeed Web Server PHP support Group: Development/Languages Requires: php-common%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-litespeed, php53u-litespeed, php54-litespeed, php54w-litespeed, php55u-litespeed, php55w-litespeed, php56u-litespeed, php56w-litespeed Obsoletes: php70u-litespeed, php70w-litespeed, php71u-litespeed, php71w-litespeed, php72u-litespeed, php72w-litespeed Obsoletes: php73-litespeed, php73w-litespeed @@ -402,7 +402,7 @@ Obsoletes: php-pecl-Fileinfo < 1.0.5 Provides: php-pecl-Fileinfo = %{fileinfover}, php-pecl-Fileinfo%{?_isa} = %{fileinfover} Provides: php-pecl(Fileinfo) = %{fileinfover}, php-pecl(Fileinfo)%{?_isa} = %{fileinfover} Obsoletes: php-mhash < 5.3.0 -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-mhash, php53u-mhash Obsoletes: php53-common, php53u-common, php54-common, php54w-common, php55u-common, php55w-common, php56u-common, php56w-common Obsoletes: php70u-common, php70w-common, php71u-common, php71w-common, php72u-common, php72w-common @@ -433,14 +433,13 @@ Requires: openssl-devel%{?_isa} >= 1.0.1 Requires: pcre2-devel%{?_isa} %endif Requires: zlib-devel%{?_isa} -Obsoletes: php-pecl-pdo-devel Obsoletes: php-pecl-json-devel < %{version} Obsoletes: php-pecl-jsonc-devel < %{version} %if %{with zts} Provides: php-zts-devel = %{version}-%{release} Provides: php-zts-devel%{?_isa} = %{version}-%{release} %endif -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-devel, php53u-devel, php54-devel, php54w-devel, php55u-devel, php55w-devel, php56u-devel, php56w-devel Obsoletes: php55u-pecl-jsonc-devel, php56u-pecl-jsonc-devel Obsoletes: php70u-devel, php70w-devel, php71u-devel, php71w-devel, php72u-devel, php72w-devel @@ -458,12 +457,12 @@ Summary: The Zend OPcache Group: Development/Languages License: PHP Requires: php-common%{?_isa} = %{version}-%{release} -Obsoletes: php-pecl-zendopcache +Obsoletes: php-pecl-zendopcache < 7.0.6 Provides: php-pecl-zendopcache = %{version} Provides: php-pecl-zendopcache%{?_isa} = %{version} Provides: php-pecl(opcache) = %{version} Provides: php-pecl(opcache)%{?_isa} = %{version} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php55u-opcache, php55w-opcache, php56u-opcache, php56w-opcache Obsoletes: php70u-opcache, php70w-opcache, php71u-opcache, php71w-opcache, php72u-opcache, php72w-opcache Obsoletes: php73-opcache, php73w-opcache @@ -483,12 +482,11 @@ Group: Development/Languages # All files licensed under PHP version 3.01 License: PHP Requires: php-common%{?_isa} = %{version}-%{release} -Obsoletes: mod_php3-imap, stronghold-php-imap BuildRequires: pkgconfig(krb5) BuildRequires: pkgconfig(krb5-gssapi) BuildRequires: openssl-devel >= 1.0.1 BuildRequires: libc-client-devel -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-imap, php53u-imap, php54-imap, php54w-imap, php55u-imap, php55w-imap, php56u-imap, php56w-imap Obsoletes: php70u-imap, php70w-imap, php71u-imap, php71w-imap, php72u-imap, php72w-imap Obsoletes: php73-imap, php73w-imap @@ -509,7 +507,7 @@ Requires: php-common%{?_isa} = %{version}-%{release} BuildRequires: pkgconfig(libsasl2) BuildRequires: openldap-devel BuildRequires: openssl-devel >= 1.0.1 -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-ldap, php53u-ldap, php54-ldap, php54w-ldap, php55u-ldap, php55w-ldap, php56u-ldap, php56w-ldap Obsoletes: php70u-ldap, php70w-ldap, php71u-ldap, php71w-ldap, php72u-ldap, php72w-ldap Obsoletes: php73-ldap, php73w-ldap @@ -533,7 +531,7 @@ Provides: php-pdo-abi = %{pdover}-%{__isa_bits} Provides: php(pdo-abi) = %{pdover}-%{__isa_bits} Provides: php-sqlite3, php-sqlite3%{?_isa} Provides: php-pdo_sqlite, php-pdo_sqlite%{?_isa} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-pdo, php53u-pdo, php54-pdo, php54w-pdo, php55u-pdo, php55w-pdo, php56u-pdo, php56w-pdo Obsoletes: php70u-pdo, php70w-pdo, php71u-pdo, php71w-pdo, php72u-pdo, php72w-pdo Obsoletes: php73-pdo, php73w-pdo @@ -557,7 +555,7 @@ Provides: php-mysqli = %{version}-%{release} Provides: php-mysqli%{?_isa} = %{version}-%{release} Provides: php-pdo_mysql, php-pdo_mysql%{?_isa} Obsoletes: php-mysql < %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-mysqlnd, php53u-mysqlnd, php54-mysqlnd, php54w-mysqlnd, php55u-mysqlnd, php55w-mysqlnd, php56u-mysqlnd, php56w-mysqlnd Obsoletes: php70u-mysqlnd, php70w-mysqlnd, php71u-mysqlnd, php71w-mysqlnd, php72u-mysqlnd, php72w-mysqlnd Obsoletes: php73-mysqlnd, php73w-mysqlnd @@ -586,7 +584,7 @@ Provides: php-pdo_pgsql, php-pdo_pgsql%{?_isa} BuildRequires: krb5-devel BuildRequires: openssl-devel >= 1.0.1 BuildRequires: postgresql-devel -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-pgsql, php53u-pgsql, php54-pgsql, php54w-pgsql, php55u-pgsql, php55w-pgsql, php56u-pgsql, php56w-pgsql Obsoletes: php70u-pgsql, php70w-pgsql, php71u-pgsql, php71w-pgsql, php72u-pgsql, php72w-pgsql Obsoletes: php73-pgsql, php73w-pgsql @@ -612,7 +610,7 @@ Provides: php-shmop, php-shmop%{?_isa} Provides: php-sysvsem, php-sysvsem%{?_isa} Provides: php-sysvshm, php-sysvshm%{?_isa} Provides: php-sysvmsg, php-sysvmsg%{?_isa} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-process, php53u-process, php54-process, php54w-process, php55u-process, php55w-process, php56u-process, php56w-process Obsoletes: php70u-process, php70w-process, php71u-process, php71w-process, php72u-process, php72w-process Obsoletes: php73-process, php73w-process @@ -635,7 +633,7 @@ Provides: php_database Provides: php-pdo_odbc, php-pdo_odbc%{?_isa} # EL-7 version don't have pkgconfig BuildRequires: unixODBC-devel -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-odbc, php53u-odbc, php54-odbc, php54w-odbc, php55u-odbc, php55w-odbc, php56u-odbc, php56w-odbc Obsoletes: php70u-odbc, php70w-odbc, php71u-odbc, php71w-odbc, php72u-odbc, php72w-odbc Obsoletes: php73-odbc, php73w-odbc @@ -658,7 +656,7 @@ Group: Development/Languages License: PHP Requires: php-common%{?_isa} = %{version}-%{release} BuildRequires: pkgconfig(libxml-2.0) -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-soap, php53u-soap, php54-soap, php54w-soap, php55u-soap, php55w-soap, php56u-soap, php56w-soap Obsoletes: php70u-soap, php70w-soap, php71u-soap, php71w-soap, php72u-soap, php72w-soap Obsoletes: php73-soap, php73w-soap @@ -679,7 +677,7 @@ BuildRequires: firebird-devel Requires: php-pdo%{?_isa} = %{version}-%{release} Provides: php_database Provides: php-pdo_firebird, php-pdo_firebird%{?_isa} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-interbase, php53u-interbase, php54-interbase, php54w-interbase, php55u-interbase, php55w-interbase, php56u-interbase, php56w-interbase Obsoletes: php70u-interbase, php70w-interbase, php71u-interbase, php71w-interbase, php72u-interbase, php72w-interbase Obsoletes: php73-interbase, php73w-interbase @@ -708,7 +706,7 @@ Provides: php-pecl(oci8) = %{oci8ver} Provides: php-pecl(oci8)%{?_isa} = %{oci8ver} # Should requires libclntsh.so.18.3, but it's not provided by Oracle RPM. AutoReq: 0 -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-oci8, php53u-oci8, php54-oci8, php54w-oci8, php55u-oci8, php55w-oci8, php56u-oci8, php56w-oci8 Obsoletes: php70u-oci8, php70w-oci8, php71u-oci8, php71w-oci8, php72u-oci8, php72w-oci8 Obsoletes: php73-oci8, php73w-oci8 @@ -741,7 +739,7 @@ Group: Development/Languages License: PHP Requires: php-common%{?_isa} = %{version}-%{release}, net-snmp BuildRequires: net-snmp-devel -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-snmp, php53u-snmp, php54-snmp, php54w-snmp, php55u-snmp, php55w-snmp, php56u-snmp, php56w-snmp Obsoletes: php70u-snmp, php70w-snmp, php71u-snmp, php71w-snmp, php72u-snmp, php72w-snmp Obsoletes: php73-snmp, php73w-snmp @@ -769,7 +767,7 @@ Provides: php-xsl, php-xsl%{?_isa} BuildRequires: pkgconfig(libxslt) >= 1.1 BuildRequires: pkgconfig(libexslt) BuildRequires: pkgconfig(libxml-2.0) >= 2.7.6 -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-xml, php53u-xml, php54-xml, php54w-xml, php55u-xml, php55w-xml, php56u-xml, php56w-xml Obsoletes: php70u-xml, php70w-xml, php71u-xml, php71w-xml, php72u-xml, php72w-xml Obsoletes: php73-xml, php73w-xml @@ -788,7 +786,7 @@ Group: Development/Languages # libXMLRPC is licensed under BSD License: PHP and BSD Requires: php-xml%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-xmlrpc, php53u-xmlrpc, php54-xmlrpc, php54w-xmlrpc, php55u-xmlrpc, php55w-xmlrpc, php56u-xmlrpc, php56w-xmlrpc Obsoletes: php70u-xmlrpc, php70w-xmlrpc, php71u-xmlrpc, php71w-xmlrpc, php72u-xmlrpc, php72w-xmlrpc Obsoletes: php73-xmlrpc, php73w-xmlrpc @@ -814,7 +812,7 @@ BuildRequires: oniguruma-devel %endif Provides: bundled(libmbfl) = 1.3.2 Requires: php-common%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-mbstring, php53u-mbstring, php54-mbstring, php54w-mbstring, php55u-mbstring, php55w-mbstring, php56u-mbstring, php56w-mbstring Obsoletes: php70u-mbstring, php70w-mbstring, php71u-mbstring, php71w-mbstring, php72u-mbstring, php72w-mbstring Obsoletes: php73-mbstring, php73w-mbstring @@ -848,7 +846,7 @@ BuildRequires: pkgconfig(xpm) BuildRequires: pkgconfig(libwebp) Provides: bundled(gd) = 2.0.35 %endif -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-gd, php53u-gd, php54-gd, php54w-gd, php55u-gd, php55w-gd, php56u-gd, php56w-gd Obsoletes: php70u-gd, php70w-gd, php71u-gd, php71w-gd, php72u-gd, php72w-gd Obsoletes: php73-gd, php73w-gd @@ -866,7 +864,7 @@ Group: Development/Languages # libbcmath is licensed under LGPLv2+ License: PHP and LGPLv2+ Requires: php-common%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-bcmath, php53u-bcmath, php54-bcmath, php54w-bcmath, php55u-bcmath, php55w-bcmath, php56u-bcmath, php56w-bcmath Obsoletes: php70u-bcmath, php70w-bcmath, php71u-bcmath, php71w-bcmath, php72u-bcmath, php72w-bcmath Obsoletes: php73-bcmath, php73w-bcmath @@ -885,7 +883,7 @@ Group: Development/Languages License: PHP BuildRequires: gmp-devel Requires: php-common%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-gmp, php53u-gmp, php54-gmp, php54w-gmp, php55u-gmp, php55w-gmp, php56u-gmp, php56w-gmp Obsoletes: php70u-gmp, php70w-gmp, php71u-gmp, php71w-gmp, php72u-gmp, php72w-gmp Obsoletes: php73-gmp, php73w-gmp @@ -906,7 +904,7 @@ BuildRequires: tokyocabinet-devel BuildRequires: gdbm-devel BuildRequires: lmdb-devel Requires: php-common%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-dba, php53u-dba, php54-dba, php54w-dba, php55u-dba, php55w-dba, php56u-dba, php56w-dba Obsoletes: php70u-dba, php70w-dba, php71u-dba, php71w-dba, php72u-dba, php72w-dba Obsoletes: php73-dba, php73w-dba @@ -924,7 +922,7 @@ Group: Development/Languages License: PHP Requires: php-common%{?_isa} = %{version}-%{release} BuildRequires: libtidy-devel -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-tidy, php53u-tidy, php54-tidy, php54w-tidy, php55u-tidy, php55w-tidy, php56u-tidy, php56w-tidy Obsoletes: php70u-tidy, php70w-tidy, php71u-tidy, php71w-tidy, php72u-tidy, php72w-tidy Obsoletes: php73-tidy, php73w-tidy @@ -943,7 +941,7 @@ Requires: php-pdo%{?_isa} = %{version}-%{release} BuildRequires: freetds-devel >= 0.91 Provides: php-pdo_dblib, php-pdo_dblib%{?_isa} Obsoletes: php-mssql < %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-mssql, php53u-mssql, php54-mssql, php54w-mssql, php55u-mssql, php55w-mssql, php56u-mssql, php56w-mssql Obsoletes: php70u-pdo-dblib, php70w-pdo_dblib, php71u-pdo-dblib, php71w-pdo_dblib, php72u-pdo-dblib, php72w-pdo_dblib Obsoletes: php73-pdo-dblib, php73w-pdo_dblib @@ -962,7 +960,7 @@ Requires: php-common%{?_isa} = %{version}-%{release} # doing a real -devel package for just the .so symlink is a bit overkill Provides: php-embedded-devel = %{version}-%{release} Provides: php-embedded-devel%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-embedded, php53u-embedded, php54-embedded, php54w-embedded, php55u-embedded, php55w-embedded, php56u-embedded, php56w-embedded Obsoletes: php70u-embedded, php70w-embedded, php71u-embedded, php71w-embedded, php72u-embedded, php72w-embedded Obsoletes: php73-embedded, php73w-embedded @@ -980,7 +978,7 @@ Group: System Environment/Libraries License: PHP Requires: php-common%{?_isa} = %{version}-%{release} BuildRequires: aspell-devel >= 0.50.0 -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-pspell, php53u-pspell, php54-pspell, php54w-pspell, php55u-pspell, php55w-pspell, php56u-pspell, php56w-pspell Obsoletes: php70u-pspell, php70w-pspell, php71u-pspell, php71w-pspell, php72u-pspell, php72w-pspell Obsoletes: php73-pspell, php73w-pspell @@ -1000,7 +998,7 @@ Requires: php-common%{?_isa} = %{version}-%{release} BuildRequires: pkgconfig(icu-i18n) >= 71 BuildRequires: pkgconfig(icu-io) >= 71 BuildRequires: pkgconfig(icu-uc) >= 71 -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-intl, php53u-intl, php54-intl, php54w-intl, php55u-intl, php55w-intl, php56u-intl, php56w-intl Obsoletes: php70u-intl, php70w-intl, php71u-intl, php71w-intl, php72u-intl, php72w-intl Obsoletes: php73-intl, php73w-intl @@ -1018,7 +1016,7 @@ Group: System Environment/Libraries License: PHP Requires: php-common%{?_isa} = %{version}-%{release} BuildRequires: pkgconfig(enchant) -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-enchant, php53u-enchant, php54-enchant, php54w-enchant, php55u-enchant, php55w-enchant, php56u-enchant, php56w-enchant Obsoletes: php70u-enchant, php70w-enchant, php71u-enchant, php71w-enchant, php72u-enchant, php72w-enchant Obsoletes: php73-enchant, php73w-enchant @@ -1041,7 +1039,7 @@ Provides: php-pecl(zip) = %{zipver} Provides: php-pecl(zip)%{?_isa} = %{zipver} Provides: php-pecl-zip = %{zipver} Provides: php-pecl-zip%{?_isa} = %{zipver} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-zip, php53u-zip, php54-zip, php54w-zip, php55u-zip, php55w-zip, php56u-zip, php56w-zip Obsoletes: php70u-zip, php70w-zip, php71u-zip, php71w-zip, php72u-zip, php72w-zip Obsoletes: php73-zip, php73w-zip @@ -1068,7 +1066,7 @@ Provides: php-pecl(json) = %{version} Provides: php-pecl(json)%{?_isa} = %{version} Provides: php-pecl-json = %{version} Provides: php-pecl-json%{?_isa} = %{version} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php53-json, php53u-json, php54-json, php54w-json, php55u-json, php55w-json, php56u-json, php56w-json Obsoletes: php55u-pecl-jsonc, php56u-pecl-jsonc Obsoletes: php70u-json, php70w-json, php71u-json, php71w-json, php72u-json, php72w-json @@ -1093,7 +1091,7 @@ Requires: php-common%{?_isa} = %{version}-%{release} Obsoletes: php-pecl-libsodium2 < 3 Provides: php-pecl(libsodium) = %{version} Provides: php-pecl(libsodium)%{?_isa} = %{version} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php72u-sodium, php72w-sodium Obsoletes: php73-sodium, php73w-sodium Obsoletes: php74-sodium, php74w-sodium @@ -1112,7 +1110,7 @@ Group: System Environment/Libraries BuildRequires: pkgconfig(libffi) Requires: php-common%{?_isa} = %{version}-%{release} -%if 0%{?rhel} +%if 0%{?rhel} == 7 Obsoletes: php74-ffi, php74w-ffi %endif @@ -1158,6 +1156,8 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 # upstream patches # security patches +%patch200 -p1 -b .81738 +%patch201 -p1 -b .81739 # Fixes for tests related to tzdata %if 0%{?fedora} >= 29 || 0%{?rhel} >= 6 @@ -2165,6 +2165,9 @@ fi %changelog +* Wed Oct 26 2022 Remi Collet - 7.4.32-2 +- add upstream fix for CVE-2022-31630 and CVE-2022-37454 + * Wed Sep 28 2022 Remi Collet - 7.4.32-1 - Update to 7.4.32 - http://www.php.net/releases/7_4_32.php - use ICU 71.1 -- cgit