From 99d075ebbc87c96c18e8f8042db49ff57c5b75c6 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Tue, 16 Feb 2016 22:54:26 +0100
Subject: php 5.4.45-4 (security fix backported from 5.5.32)

---
 php.spec | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

(limited to 'php.spec')

diff --git a/php.spec b/php.spec
index 98766f3..f461b9f 100644
--- a/php.spec
+++ b/php.spec
@@ -119,7 +119,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: %{?scl_prefix}php
 Version: 5.4.45
-Release: 3%{?dist}
+Release: 4%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -185,6 +185,14 @@ Patch202: bug70755.patch
 Patch203: bug70728.patch
 Patch204: bug70741.patch
 Patch205: bug70661.patch
+Patch206: bug71354.patch
+Patch207: bug71335.patch
+Patch208: bug71391.patch
+Patch209: bug71323.patch
+Patch210: bug71459.patch
+Patch211: bug71039.patch
+Patch212: bug71488.patch
+Patch213: pcre838.patch
 
 # Fixes for tests (300+)
 # Backported from 5.5
@@ -828,6 +836,14 @@ support for using the enchant library to PHP.
 %patch203 -p1 -b .bug70728
 %patch204 -p1 -b .bug70741
 %patch205 -p1 -b .bug70661
+%patch206 -p1 -b .bug71354
+%patch207 -p1 -b .bug71335
+%patch208 -p1 -b .bug71391
+%patch209 -p1 -b .bug71323
+%patch210 -p1 -b .bug71459
+%patch211 -p1 -b .bug71039
+%patch212 -p1 -b .bug71488
+%patch213 -p1 -b .pcre838
 
 # Fixes for tests
 %patch300 -p1 -b .datetests1
@@ -1478,7 +1494,7 @@ if [ -f /etc/rc.d/init.d/%{?scl_prefix}php-fpm ]; then
 fi
 %endif
 
-%pre common
+%posttrans common
 cat << EOF
 
 WARNING : PHP 5.4 have reached its "End of Life".
@@ -1642,6 +1658,17 @@ EOF
 
 
 %changelog
+* Tue Feb 16 2016 Remi Collet <remi@remirepo.net> 5.4.45-4
+- Fix #71354: phar, remove UMR when size is 0
+- Fix #71335: type confusion in WDDX packet deserialization
+- Fix #71391: NULL pointer dereference in phar_tar_setupmetadata()
+- Fix #71323: output of stream_get_meta_data can be falsified by its input
+- Fix #71459: integer overflow in iptcembed()
+- Fix #71039: exec functions ignore length but look for NULL termination
+- Fix #71720: heap bufferover flow in escapeshell functions
+- Fix #71488: Stack overflow when decompressing tar archives
+- upgrade bundled PCRE to 8.38
+
 * Wed Jan  6 2016 Remi Collet <remi@fedoraproject.org> 5.4.45-3
 - Fix #70755: fpm_log.c memory leak and buffer overflow
 - Fix #70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker
-- 
cgit