summaryrefslogtreecommitdiffstats
path: root/php.spec
diff options
context:
space:
mode:
Diffstat (limited to 'php.spec')
-rw-r--r--php.spec144
1 files changed, 131 insertions, 13 deletions
diff --git a/php.spec b/php.spec
index 38285a0..c42059f 100644
--- a/php.spec
+++ b/php.spec
@@ -30,7 +30,7 @@
%global oci8ver 2.0.12
# Use for first build of PHP (before pecl/zip and pecl/jsonc)
-%global php_bootstrap 0
+%bcond_with bootstrap
# Adds -z now to the linker flags
%global _hardened_build 1
@@ -60,10 +60,19 @@
%global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
%if 0%{?rhel} == 6
+%ifarch x86_64
+%global oraclever 18.5
+%else
%global oraclever 18.3
+%endif
%global oraclelib 18.1
+
+%else
+%ifarch x86_64
+%global oraclever 19.8
%else
-%global oraclever 19.3
+%global oraclever 19.6
+%endif
%global oraclelib 19.1
%endif
@@ -71,7 +80,7 @@
%global with_lsws 1
# Regression tests take a long time, you can skip 'em with this
-%if %{php_bootstrap}
+%if %{with bootstrap}
%global runselftest 0
%else
%{!?runselftest: %global runselftest 1}
@@ -142,7 +151,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: 5.6.40
-Release: 14%{?dist}
+Release: 22%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -180,6 +189,7 @@ Patch7: php-5.3.0-recode.patch
Patch8: php-5.6.17-libdb.patch
Patch9: php-5.5.30-curl.patch
Patch10: php-5.6.37-icu62.patch
+Patch11: php-5.6.40-gcc10.patch
# Functional changes
Patch40: php-5.4.0-dlopen.patch
@@ -223,6 +233,22 @@ Patch224: php-bug77919.patch
Patch225: php-bug75457.patch
Patch226: php-bug78380.patch
Patch227: php-bug78599.patch
+Patch228: php-bug78878.patch
+Patch229: php-bug78862.patch
+Patch230: php-bug78863.patch
+Patch231: php-bug78793.patch
+Patch232: php-bug78910.patch
+Patch233: php-bug79099.patch
+Patch234: php-bug79037.patch
+Patch236: php-bug79221.patch
+Patch237: php-bug79082.patch
+Patch238: php-bug79282.patch
+Patch239: php-bug79329.patch
+Patch240: php-bug79330.patch
+Patch241: php-bug79465.patch
+Patch242: php-bug78875.patch
+Patch243: php-bug79797.patch
+Patch244: php-bug79877.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@@ -230,6 +256,8 @@ Patch227: php-bug78599.patch
Patch300: php-5.6.30-datetests.patch
# Revert changes for pcre < 8.34
Patch301: php-5.6.0-oldpcre.patch
+# Renew openssl certs
+Patch302: php-openssl-cert.patch
# WIP
@@ -419,13 +447,13 @@ Provides: %{?scl_prefix}php-sockets, %{?scl_prefix}php-sockets%{?_isa}
Provides: %{?scl_prefix}php-spl, %{?scl_prefix}php-spl%{?_isa}
Provides: %{?scl_prefix}php-standard = %{version}, %{?scl_prefix}php-standard%{?_isa} = %{version}
Provides: %{?scl_prefix}php-tokenizer, %{?scl_prefix}php-tokenizer%{?_isa}
-%if ! %{php_bootstrap}
+%if %{without bootstrap}
Requires: %{?scl_prefix}php-pecl-jsonc%{?_isa}
%endif
%if %{with_zip}
Provides: %{?scl_prefix}php-zip, %{?scl_prefix}php-zip%{?_isa}
%else
-%if ! %{php_bootstrap}
+%if %{without bootstrap}
Requires: %{?scl_prefix}php-pecl-zip%{?_isa}
%endif
%endif
@@ -455,7 +483,7 @@ Requires: openssl-devel%{?_isa}
Requires: pcre-devel%{?_isa} >= 8.20
%endif
Requires: zlib-devel%{?_isa}
-%if ! %{php_bootstrap}
+%if %{without bootstrap}
Requires: %{?scl_prefix}php-pecl-jsonc-devel%{?_isa}
%endif
@@ -912,6 +940,9 @@ support for using the enchant library to PHP.
%prep
+%if %{with bootstrap}
+: BOOTSTRAP BUILD
+%endif
: Building %{name}-%{version}-%{release} with systemd=%{with_systemd} imap=%{with_imap} interbase=%{with_interbase} mcrypt=%{with_mcrypt} freetds=%{with_freetds} sqlite3=%{with_sqlite3} tidy=%{with_tidy} zip=%{with_zip}
%setup -q -n php-%{version}%{?rcver}
@@ -928,9 +959,10 @@ support for using the enchant library to PHP.
%if 0%{?rhel}
%patch9 -p1 -b .curltls
%endif
-%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8
+%if 0%{?fedora} >= 29 || 0%{?rhel} >= 7
%patch10 -p1 -b .icu62
%endif
+%patch11 -p1 -b .gcc10
%patch40 -p1 -b .dlopen
%patch41 -p1 -b .dtrace
@@ -972,6 +1004,22 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in
%patch225 -p1 -b .bug75457
%patch226 -p1 -b .bug78380
%patch227 -p1 -b .bug78599
+%patch228 -p1 -b .bug78878
+%patch229 -p1 -b .bug78862
+%patch230 -p1 -b .bug78863
+%patch231 -p1 -b .bug78793
+%patch232 -p1 -b .bug78910
+%patch233 -p1 -b .bug79099
+%patch234 -p1 -b .bug79037
+%patch236 -p1 -b .bug79221
+%patch237 -p1 -b .bug79082
+%patch238 -p1 -b .bug79282
+%patch239 -p1 -b .bug79329
+%patch240 -p1 -b .bug79330
+%patch241 -p1 -b .bug79465
+%patch242 -p1 -b .bug78875
+%patch243 -p1 -b .bug79797
+%patch244 -p1 -b .bug79877
# Fixes for tests
%patch300 -p1 -b .datetests
@@ -981,6 +1029,9 @@ if ! pkg-config libpcre --atleast-version 8.34 ; then
%patch301 -p1 -b .pcre834
fi
%endif
+# New openssl certs
+%patch302 -p1 -b .renewcert
+rm ext/openssl/tests/bug65538_003.phpt
# WIP patch
@@ -1112,6 +1163,12 @@ sed -e 's:%{_root_sysconfdir}:%{_sysconfdir}:' \
%build
+# This package fails to build with LTO due to undefined symbols. LTO
+# was disabled in OpenSuSE as well, but with no real explanation why
+# beyond the undefined symbols. It really shold be investigated further.
+# Disable LTO
+%define _lto_cflags %{nil}
+
# aclocal workaround - to be improved
cat `aclocal --print-ac-dir`/{libtool,ltoptions,ltsugar,ltversion,lt~obsolete}.m4 >>aclocal.m4
@@ -1350,6 +1407,7 @@ cd build-apache
# Run tests, using the CLI SAPI
export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2
export SKIP_ONLINE_TESTS=1
+export SKIP_SLOW_TESTS=1
unset TZ LANG LC_ALL
if ! make test; then
set +x
@@ -1735,13 +1793,9 @@ cat << EOF
WARNING : PHP 5.6 have reached its "End of Life" in
January 2019. Even, if this package includes some of
- the important security fix, backported from 7.1, the
+ the important security fix, backported from 7.2, the
UPGRADE to a maintained version is very strongly RECOMMENDED.
-%if %{?fedora}%{!?fedora:99} < 28
- WARNING : Fedora %{fedora} is now EOL :
- You should consider upgrading to a supported release
-%endif
=====================================================================
EOF
@@ -1917,6 +1971,70 @@ EOF
%changelog
+* Tue Aug 4 2020 Remi Collet <remi@remirepo.net> - 5.6.40-22
+- Core:
+ Fix #79877 getimagesize function silently truncates after a null byte
+- Phar:
+ Fix #79797 use of freed hash key in the phar_parse_zipfile function
+ CVE-2020-7068
+
+* Wed May 13 2020 Remi Collet <remi@remirepo.net> - 5.6.40-21
+- Core:
+ Fix #78875 Long filenames cause OOM and temp files are not cleaned
+ CVE-2019-11048
+ Fix #78876 Long variables in multipart/form-data cause OOM and temp
+ files are not cleaned
+
+* Tue Apr 14 2020 Remi Collet <remi@remirepo.net> - 5.6.40-20
+- standard:
+ Fix #79330 shell_exec silently truncates after a null byte
+ Fix #79465 OOB Read in urldecode
+ CVE-2020-7067
+
+* Tue Mar 17 2020 Remi Collet <remi@remirepo.net> - 5.6.40-19
+- standard:
+ Fix #79329 get_headers() silently truncates after a null byte
+ CVE-2020-7066
+- exif:
+ Fix #79282 Use-of-uninitialized-value in exif
+ CVE-2020-7064
+- use oracle client library version 19.6 (18.5 on EL-6)
+
+* Wed Feb 19 2020 Remi Collet <remi@remirepo.net> - 5.6.40-18.fc32
+- add fix for GCC 10
+
+* Tue Feb 18 2020 Remi Collet <remi@remirepo.net> - 5.6.40-18
+- phar:
+ Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions
+ CVE-2020-7063
+- session:
+ Fix #79221 Null Pointer Dereference in PHP Session Upload Progress
+ CVE-2020-7062
+
+* Thu Jan 23 2020 Remi Collet <remi@remirepo.net> - 5.6.40-17
+- mbstring:
+ Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar
+ CVE-2020-7060
+- standard:
+ Fix #79099 OOB read in php_strip_tags_ex
+ CVE-2020-7059
+
+* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 5.6.40-15
+- bcmath:
+ Fix #78878 Buffer underflow in bc_shift_addsub
+ CVE-2019-11046
+- core:
+ Fix #78862 link() silently truncates after a null byte on Windows
+ CVE-2019-11044
+ Fix #78863 DirectoryIterator class silently truncates after a null byte
+ CVE-2019-11045
+- exif
+ Fix #78793 Use-after-free in exif parsing under memory sanitizer
+ CVE-2019-11050
+ Fix #78910 Heap-buffer-overflow READ in exif
+ CVE-2019-11047
+- use oracle client library version 19.5 (18.5 on EL-6)
+
* Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 5.6.40-14
- FPM:
Fix CVE-2019-11043 env_path_info underflow in fpm_main.c