From 10f4882e2ed191ffac0cc5e243b9ad32478c36c8 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 1 Mar 2018 10:42:24 +0100
Subject: fix #73549: Use after free when stream is passed to imagepng fix
 #75981: stack-buffer-overflow while parsing HTTP response

---
 php.spec | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

(limited to 'php.spec')

diff --git a/php.spec b/php.spec
index 1d50c18..ab7fee8 100644
--- a/php.spec
+++ b/php.spec
@@ -140,7 +140,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: %{?scl_prefix}php
 Version: 5.5.38
-Release: 7%{?dist}
+Release: 8%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -247,6 +247,8 @@ Patch151: bug73764.patch
 Patch152: bug73768.patch
 Patch153: bug73773.patch
 Patch154: bug69090.patch
+Patch155: bug73549.patch
+Patch156: bug75981.patch
 
 # Security fixes (200+)
 
@@ -994,6 +996,8 @@ support for using the enchant library to PHP.
 %patch152 -p1 -b .bug73768
 %patch153 -p1 -b .bug73773
 %patch154 -p1 -b .bug69090
+%patch155 -p1 -b .bug73549
+%patch156 -p1 -b .bug75981
 : ------------------------
 
 # Fixes for tests
@@ -1725,11 +1729,17 @@ fi
 
 %posttrans common
 cat << EOF
+==========================================================================
 
-WARNING : PHP 5.5 have reached its "End of Life" in July 2016.
-Even, if this package includes some security fix, backported from 5.6,
-The upgrade to a maintained version is very strongly recommended.
+ WARNING : PHP 5.5 have reached its "End of Life" in July 2016.
+ Even, if this package includes some security fix, backported from 5.6,
+ The UPGRADE to a maintained version is very strongly RECOMMENDED.
 
+%if %{?fedora}%{!?fedora:99} < 26
+ WARNING : Fedora %{fedora} is now EOL :
+ You should consider upgrading to a supported release
+%endif
+==========================================================================
 EOF
 
 
@@ -1899,6 +1909,10 @@ EOF
 
 
 %changelog
+* Thu Mar  1 2018 Remi Collet <remi@remirepo.net> - 5.5.38-8
+- fix #73549: Use after free when stream is passed to imagepng
+- fix #75981: stack-buffer-overflow while parsing HTTP response
+
 * Sat Feb 18 2017 Remi Collet <remi@remirepo.net> - 5.5.38-7
 - fix #73737: FPE when parsing a tag format
   CVE-2016-10158
-- 
cgit