From 85057580654db47c797b369c7804af5d92249649 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Wed, 27 Apr 2016 09:04:26 +0200
Subject: php 5.4 add security patches, backported from 5.5.35

---
 php.spec | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'php.spec')

diff --git a/php.spec b/php.spec
index 5cfb08a..3e6385a 100644
--- a/php.spec
+++ b/php.spec
@@ -201,6 +201,11 @@ Patch218: bug71798.patch
 Patch219: bug71704.patch
 Patch220: bug71527.patch
 Patch221: bug64938.patch
+Patch222: bug71912.patch
+Patch223: bug72061.patch
+Patch224: bug72093.patch
+Patch225: bug72094.patch
+Patch226: bug72099.patch
 
 # Fixes for tests (300+)
 # Backported from 5.5
@@ -860,6 +865,11 @@ support for using the enchant library to PHP.
 %patch219 -p1 -b .bug71704
 %patch220 -p1 -b .bug71527
 %patch221 -p1 -b .bug64938
+%patch222 -p1 -b .bug71912
+%patch223 -p1 -b .bug72061
+%patch224 -p1 -b .bug72093
+%patch225 -p1 -b .bug72094
+%patch226 -p1 -b .bug72099
 
 # Fixes for tests
 %patch300 -p1 -b .datetests1
@@ -1686,6 +1696,14 @@ EOF
 * Tue Apr 26 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-8
 - Fix #64938: libxml_disable_entity_loader setting is shared
   between threads  CVE-2015-8866
+- Fix #71912: libgd signedness vulnerability
+- Fix #72061: Out-of-bounds reads in zif_grapheme_stripos
+  with negative offset
+- Fix #72093: bcpowmod accepts negative scale and corrupts
+  _one_ definition
+- Fix #72094: Out of bounds heap read access in exif
+  header processing
+- Fix #72099: xml_parse_into_struct segmentation fault
 
 * Tue Mar 29 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-7
 - Fix #71860: Require valid paths for phar filenames
-- 
cgit