summaryrefslogtreecommitdiffstats
path: root/php.spec
diff options
context:
space:
mode:
authorRemi Collet <fedora@famillecollet.com>2016-09-10 10:14:22 +0200
committerRemi Collet <fedora@famillecollet.com>2016-09-10 10:14:22 +0200
commit22b274864edbc4052b961c5d14beecf665b46c49 (patch)
tree51cade07b0ae4c8d112ceb52d0512f7f05e79d3c /php.spec
parent7eeeb6e96a8354ae5c553662e96a1bfcf3bb9b65 (diff)
PHP 5.5.38 + security patches from 5.6.25
Diffstat (limited to 'php.spec')
-rw-r--r--php.spec84
1 files changed, 83 insertions, 1 deletions
diff --git a/php.spec b/php.spec
index d047521..ab7de2d 100644
--- a/php.spec
+++ b/php.spec
@@ -140,7 +140,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: 5.5.38
-Release: 1%{?dist}.1
+Release: 2%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -193,6 +193,25 @@ Patch91: php-5.3.7-oci8conf.patch
# Upstream fixes (100+)
Patch100: bug72735.patch
+Patch101: bug72716.patch
+Patch102: bug72663.patch
+Patch103: bug72681.patch
+Patch104: bug72708.patch
+Patch105: bug72749.patch
+Patch106: bug70436.patch
+Patch107: bug72771.patch
+Patch108: bug72750.patch
+Patch109: bug72627.patch
+Patch110: bug72697.patch
+Patch111: bug72730.patch
+Patch112: bug72790.patch
+Patch113: bug72807.patch
+Patch114: bug72836.patch
+Patch115: bug72837.patch
+Patch116: bug72838.patch
+Patch117: bug72848.patch
+Patch118: bug72849.patch
+Patch119: bug72850.patch
# Security fixes (200+)
@@ -884,6 +903,25 @@ support for using the enchant library to PHP.
# security patches
%patch100 -p1 -b .bug72735
+%patch101 -p1 -b .bug72716
+%patch102 -p1 -b .bug72663
+%patch103 -p1 -b .bug72681
+%patch104 -p1 -b .bug72708
+%patch105 -p1 -b .bug72749
+%patch106 -p1 -b .bug70436
+%patch107 -p1 -b .bug72771
+%patch108 -p1 -b .bug72750
+%patch109 -p1 -b .bug72627
+%patch110 -p1 -b .bug72697
+%patch111 -p1 -b .bug72730
+%patch112 -p1 -b .bug72790
+%patch113 -p1 -b .bug72807
+%patch114 -p1 -b .bug72836
+%patch115 -p1 -b .bug72837
+%patch116 -p1 -b .bug72838
+%patch117 -p1 -b .bug72848
+%patch118 -p1 -b .bug72849
+%patch119 -p1 -b .bug72850
# Fixes for tests
%patch300 -p1 -b .datetests
@@ -1612,6 +1650,16 @@ fi
%endif
+%posttrans common
+cat << EOF
+
+WARNING : PHP 5.5 have reached its "End of Life" in July 2016.
+Even, if this package includes some security fix, backported from 5.6,
+The upgrade to a maintained version is very strongly recommended.
+
+EOF
+
+
%{!?_licensedir:%global license %%doc}
%files
@@ -1778,6 +1826,40 @@ fi
%changelog
+* Mon Sep 5 2016 Remi Collet <remi@remirepo.net> 5.5.38-2
+- fix #72716: initialize buffer before read (ftp)
+- fix #72663: destroy broken object when unserializing
+ CVE-2016-7124
+- fix #72681: consume data even if we're not storing them
+ CVE-2016-7125
+- fix #72708: php_snmp_parse_oid integer overflow in memory allocation
+- fix #72749: wddx_deserialize allows illegal memory access
+ CVE-2016-7129
+- fix #70436: Use After Free Vulnerability in unserialize()
+ CVE-2016-7129
+- fix #72771: ftps:// opendir wrapper is vulnerable to protocol
+ downgrade attack
+- fix #72750: wddx_deserialize null dereference
+ CVE-2016-7130
+- fix #72627: Memory Leakage In exif_process_IFD_in_TIFF
+ CVE-2016-7128
+- fix #72697: select_colors write out-of-bounds
+ CVE-2016-7126
+- fix #72730: imagegammacorrect allows arbitrary write access
+ CVE-2016-7127
+- fix #72790: wddx_deserialize null dereference with invalid xml
+ CVE-2016-7131
+- fix #72799: wddx_deserialize null dereference in php_wddx_pop_element
+ CVE-2016-7132
+- fix #72807: do not produce strings with negative length
+- fix #72836: integer overflow in base64_decode caused heap corruption
+- fix #72837: integer overflow in bzdecompress caused heap corruption
+- fix #72838: Integer overflow lead to heap corruption in sql_regcase
+- fix #72848: integer overflow in quoted_printable_encode caused
+ heap corruption
+- fix #72849: integer overflow in urlencode
+- fix #72850: integer overflow in uuencode
+
* Fri Aug 5 2016 Remi Collet <remi@fedoraproject.org> 5.5.38-1.1
- fix #72735 regression in exif maker note parser