diff options
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 436 |
1 files changed, 341 insertions, 95 deletions
@@ -55,12 +55,14 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%if 0%{?rhel} == 6 -%global oraclever 18.3 -%global oraclelib 18.1 -%else -%global oraclever 19.3 +%ifarch aarch64 +%global oraclever 19.19 %global oraclelib 19.1 +%global oracledir 19.19 +%else +%global oraclever 21.13 +%global oraclelib 21.1 +%global oracledir 21 %endif # Build for LiteSpeed Web Server (LSAPI) @@ -77,12 +79,7 @@ # Optional components; pass "--with mssql" etc to rpmbuild. %global with_oci8 %{?_with_oci8:1}%{!?_with_oci8:0} %global with_imap 1 -# until firebird available in EPEL -%if 0%{?rhel} == 8 -%global with_interbase 0 -%else %global with_interbase 1 -%endif %global with_mcrypt 1 %global with_freetds 1 %global with_tidy 1 @@ -137,7 +134,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 13%{?dist} +Release: 41%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -179,6 +176,8 @@ Patch7: php-5.3.0-recode.patch Patch8: php-7.0.2-libdb.patch Patch9: php-7.0.7-curl.patch Patch10: php-7.0.31-icu62.patch +# backported from 8.0 +Patch11: php-net-snmp.patch # Functional changes Patch40: php-7.0.17-dlopen.patch @@ -198,7 +197,6 @@ Patch91: php-5.6.3-oci8conf.patch # Upstream fixes (100+) Patch100: https://github.com/php/php-src/commit/be50a72715c141befe6f34ece660745da894aaf3.patch Patch101: https://github.com/php/php-src/commit/2ef8809ef3beb5f58b81dcff49bdcde4d2cb8426.patch -Patch102: php-openssl-cert.patch Patch103: php-bug76846.patch # Security fixes (200+) @@ -229,12 +227,55 @@ Patch223: php-bug78256.patch Patch224: php-bug77919.patch Patch225: php-bug75457.patch Patch226: php-bug78380.patch +Patch227: php-bug78599.patch +Patch228: php-bug78878.patch +Patch229: php-bug78862.patch +Patch230: php-bug78863.patch +Patch231: php-bug78793.patch +Patch232: php-bug78910.patch +Patch233: php-bug79099.patch +Patch234: php-bug79037.patch +Patch235: php-bug77569.patch +Patch236: php-bug79221.patch +Patch237: php-bug79082.patch +Patch238: php-bug79282.patch +Patch239: php-bug79329.patch +Patch240: php-bug79330.patch +Patch241: php-bug79465.patch +Patch242: php-bug78875.patch +Patch243: php-bug78876.patch +Patch244: php-bug79797.patch +Patch245: php-bug79877.patch +Patch246: php-bug79699.patch +Patch247: php-bug77423.patch +Patch248: php-bug80672.patch +Patch249: php-bug80710.patch +Patch250: php-bug81122.patch +Patch251: php-bug76450.patch +Patch252: php-bug81211.patch +Patch253: php-bug81026.patch +Patch254: php-bug79971.patch +Patch255: php-bug81719.patch +Patch256: php-bug81720.patch +Patch257: php-bug81727.patch +Patch258: php-bug81726.patch +Patch259: php-bug81740.patch +Patch260: php-bug81744.patch +Patch261: php-bug81746.patch +Patch262: php-cve-2023-0662.patch +Patch263: php-cve-2023-3247.patch +Patch264: php-cve-2023-3823.patch +Patch265: php-cve-2023-3824.patch +Patch266: php-cve-2024-2756.patch +Patch267: php-cve-2024-3096.patch # Fixes for tests (300+) # Factory is droped from system tzdata Patch300: php-7.0.10-datetests.patch # Revert changes for pcre < 8.34 Patch301: php-7.0.0-oldpcre.patch +# Renew openssl certs +Patch302: php-openssl-cert.patch # WIP @@ -261,6 +302,7 @@ BuildRequires: bzip2 BuildRequires: perl BuildRequires: autoconf BuildRequires: automake +BuildRequires: make BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: libtool @@ -334,7 +376,6 @@ The %{?scl_prefix}php-dbg package contains the interactive PHP debugger. Group: Development/Languages Summary: PHP FastCGI Process Manager BuildRequires: libacl-devel -Requires(pre): %{_root_sbindir}/useradd Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release} %if %{with_systemd} BuildRequires: systemd-devel @@ -358,6 +399,8 @@ Requires(pre): httpd-filesystem # For php.conf in /etc/httpd/conf.d # and version 2.4.10 for proxy support in SetHandler Requires: httpd-filesystem >= 2.4.10 +%else +Requires(pre): %{_root_sbindir}/useradd %endif %description fpm @@ -444,6 +487,7 @@ Requires: %{?scl_prefix}php-cli%{?_isa} = %{version}-%{release} # always needed to build extension Requires: autoconf Requires: automake +Requires: make Requires: gcc Requires: gcc-c++ Requires: libtool @@ -647,15 +691,20 @@ Summary: A module for PHP applications that use OCI8 databases Group: Development/Languages # All files licensed under PHP version 3.01 License: PHP +%ifarch aarch64 +BuildRequires: oracle-instantclient%{oraclever}-devel +# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM. +Requires: libclntsh.so.%{oraclelib} +AutoReq: 0 +%else BuildRequires: oracle-instantclient-devel >= %{oraclever} +%endif Requires: %{?scl_prefix}php-pdo%{?_isa} = %{version}-%{release} Provides: %{?scl_prefix}php_database Provides: %{?scl_prefix}php-pdo_oci, %{?scl_prefix}php-pdo_oci%{?_isa} Obsoletes: %{?scl_prefix}php-pecl-oci8 < %{oci8ver} Conflicts: %{?scl_prefix}php-pecl-oci8 >= %{oci8ver} Provides: %{?scl_prefix}php-pecl(oci8) = %{oci8ver}, %{?scl_prefix}php-pecl(oci8)%{?_isa} = %{oci8ver} -# Should requires libclntsh.so.12.1, but it's not provided by Oracle RPM. -AutoReq: 0 %description oci8 The %{?scl_prefix}php-oci8 packages provides the OCI8 extension version %{oci8ver} @@ -665,13 +714,9 @@ The extension is linked with Oracle client libraries %{oraclever} (Oracle Instant Client). For details, see Oracle's note "Oracle Client / Server Interoperability Support" (ID 207303.1). -You must install libclntsh.so.%{oraclelib} to use this package, provided -in the database installation, or in the free Oracle Instant Client -available from Oracle. - -Notice: -- %{?scl_prefix}php-oci8 provides oci8 and pdo_oci extensions from php sources. -- %{?scl_prefix}php-pecl-oci8 only provides oci8 extension. +You must install libclntsh.so.%{oraclelib} to use this package, +provided by Oracle Instant Client RPM available from Oracle on: +https://www.oracle.com/database/technologies/instant-client/downloads.html Documentation is at http://php.net/oci8 and http://php.net/pdo_oci %endif @@ -751,12 +796,7 @@ Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release} BuildRequires: libjpeg-devel, libpng-devel, freetype-devel BuildRequires: libXpm-devel %if %{with_libgd} -BuildRequires: gd-devel >= 2.1.1 -%if 0%{?fedora} <= 19 && 0%{?rhel} <= 7 -Requires: gd-last%{?_isa} >= 2.1.1 -%else -Requires: gd%{?_isa} >= 2.1.1 -%endif +BuildRequires: gd-devel >= 2.3.3 %else BuildRequires: libwebp-devel %endif @@ -877,8 +917,8 @@ Group: System Environment/Libraries # All files licensed under PHP version 3.01 License: PHP Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release} -# Upstream requires 4.0, we require 50 to ensure use of libicu-last -BuildRequires: libicu-devel >= 50 +# Upstream requires 4.0, we require 69.1 to ensure use of libicu69 +BuildRequires: libicu-devel = 69.1 %description intl The %{?scl_prefix}php-intl package contains a dynamic shared object that will add @@ -936,83 +976,125 @@ support for JavaScript Object Notation (JSON) to PHP. %setup -q -n php-%{upver}%{?rcver} %endif -%patch1 -p1 -b .mpmcheck -%patch2 -p1 -b .fb_config -%patch5 -p1 -b .includedir -%patch6 -p1 -b .embed -%patch7 -p1 -b .recode -%patch8 -p1 -b .libdb +%patch -P1 -p1 -b .mpmcheck +%patch -P2 -p1 -b .fb_config +%patch -P5 -p1 -b .includedir +%patch -P6 -p1 -b .embed +%patch -P7 -p1 -b .recode +%patch -P8 -p1 -b .libdb %if 0%{?rhel} -%patch9 -p1 -b .curltls +%patch -P9 -p1 -b .curltls %endif -%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8 -%patch10 -p1 -b .icu62 +%if 0%{?fedora} >= 29 || 0%{?rhel} >= 7 +%patch -P10 -p1 -b .icu62 %endif +%patch -P11 -p1 -b .nodes -%patch40 -p1 -b .dlopen +%patch -P40 -p1 -b .dlopen %if 0%{?fedora} >= 28 || 0%{?rhel} >= 6 -%patch42 -p1 -b .systzdata +%patch -P42 -p1 -b .systzdata %endif -%patch43 -p1 -b .headers +%patch -P43 -p1 -b .headers sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 -%patch45 -p1 -b .ldap_r +%patch -P45 -p1 -b .ldap_r %endif -%patch46 -p1 -b .fixheader -%patch47 -p1 -b .phpinfo +%patch -P46 -p1 -b .fixheader +%patch -P47 -p1 -b .phpinfo -%patch91 -p1 -b .remi-oci8 +%patch -P91 -p1 -b .remi-oci8 # upstream patches -%patch100 -p1 -b .up1 -%patch101 -p1 -b .up2 -%patch102 -p1 -b .up3 -%patch103 -p1 -b .bug76846 +%patch -P100 -p1 -b .up1 +%patch -P101 -p1 -b .up2 +%patch -P103 -p1 -b .bug76846 # security patches -%patch200 -p1 -b .bug77242 -%patch201 -p1 -b .bug77247 -%patch202 -p1 -b .bug77370 -%patch203 -p1 -b .bug77371 -%patch204 -p1 -b .bug77380 -%patch205 -p1 -b .bug77381 -%patch206 -p1 -b .bug77369 -%patch207 -p1 -b .bug77418 -%patch208 -p1 -b .bug77396 -%patch209 -p1 -b .bug77431 -%patch210 -p1 -b .bug77540 -%patch211 -p1 -b .bug77563 -%patch212 -p1 -b .bug77586 -%patch213 -p1 -b .bug77630 -%patch214 -p1 -b .backport -%patch215 -p1 -b .sqlite3.defensive -%patch216 -p1 -b .bug77753 -%patch217 -p1 -b .bug77831 -%patch218 -p1 -b .bug77950 -%patch219 -p1 -b .bug78069 -%patch220 -p1 -b .bug77988 -%patch221 -p1 -b .bug77967 -%patch222 -p1 -b .bug78222 -%patch223 -p1 -b .bug78256 -%patch224 -p1 -b .bug77919 -%patch225 -p1 -b .bug75457 -%patch226 -p1 -b .bug78380 -: --------------------------- -#exit 1 +%patch -P200 -p1 -b .bug77242 +%patch -P201 -p1 -b .bug77247 +%patch -P202 -p1 -b .bug77370 +%patch -P203 -p1 -b .bug77371 +%patch -P204 -p1 -b .bug77380 +%patch -P205 -p1 -b .bug77381 +%patch -P206 -p1 -b .bug77369 +%patch -P207 -p1 -b .bug77418 +%patch -P208 -p1 -b .bug77396 +%patch -P209 -p1 -b .bug77431 +%patch -P210 -p1 -b .bug77540 +%patch -P211 -p1 -b .bug77563 +%patch -P212 -p1 -b .bug77586 +%patch -P213 -p1 -b .bug77630 +%patch -P214 -p1 -b .backport +%patch -P215 -p1 -b .sqlite3.defensive +%patch -P216 -p1 -b .bug77753 +%patch -P217 -p1 -b .bug77831 +%patch -P218 -p1 -b .bug77950 +%patch -P219 -p1 -b .bug78069 +%patch -P220 -p1 -b .bug77988 +%patch -P221 -p1 -b .bug77967 +%patch -P222 -p1 -b .bug78222 +%patch -P223 -p1 -b .bug78256 +%patch -P224 -p1 -b .bug77919 +%patch -P225 -p1 -b .bug75457 +%patch -P226 -p1 -b .bug78380 +%patch -P227 -p1 -b .bug78599 +%patch -P228 -p1 -b .bug78878 +%patch -P229 -p1 -b .bug78862 +%patch -P230 -p1 -b .bug78863 +%patch -P231 -p1 -b .bug78793 +%patch -P232 -p1 -b .bug78910 +%patch -P233 -p1 -b .bug79099 +%patch -P234 -p1 -b .bug79037 +%patch -P235 -p1 -b .bug77569 +%patch -P236 -p1 -b .bug79221 +%patch -P237 -p1 -b .bug79082 +%patch -P238 -p1 -b .bug79282 +%patch -P239 -p1 -b .bug79329 +%patch -P240 -p1 -b .bug79330 +%patch -P241 -p1 -b .bug79465 +%patch -P242 -p1 -b .bug78875 +%patch -P243 -p1 -b .bug78876 +%patch -P244 -p1 -b .bug79797 +%patch -P245 -p1 -b .bug79877 +%patch -P246 -p1 -b .bug79699 +%patch -P247 -p1 -b .bug77423 +%patch -P248 -p1 -b .bug80672 +%patch -P249 -p1 -b .bug80710 +%patch -P250 -p1 -b .bug81122 +%patch -P251 -p1 -b .bug76450 +%patch -P252 -p1 -b .bug81211 +%patch -P253 -p1 -b .bug81026 +%patch -P254 -p1 -b .bug79971 +%patch -P255 -p1 -b .bug81719 +%patch -P256 -p1 -b .bug81720 +%patch -P257 -p1 -b .bug81727 +%patch -P258 -p1 -b .bug81726 +%patch -P259 -p1 -b .bug81740 +%patch -P260 -p1 -b .bug81744 +%patch -P261 -p1 -b .bug81746 +%patch -P262 -p1 -b .cve0662 +%patch -P263 -p1 -b .cve3247 +%patch -P264 -p1 -b .cve3823 +%patch -P265 -p1 -b .cve3824 +%patch -P266 -p1 -b .cve2756 +%patch -P267 -p1 -b .cve3096 # Fixes for tests -%patch300 -p1 -b .datetests +%patch -P300 -p1 -b .datetests %if %{with_libpcre} if ! pkg-config libpcre --atleast-version 8.34 ; then # Only apply when system libpcre < 8.34 -%patch301 -p1 -b .pcre834 +%patch -P301 -p1 -b .pcre834 fi %endif +# New openssl certs +%patch -P302 -p1 -b .renewcert +rm ext/openssl/tests/bug65538_003.phpt # WIP patch # Prevent %%doc confusion over LICENSE files -cp Zend/LICENSE Zend/ZEND_LICENSE +cp Zend/LICENSE ZEND_LICENSE cp TSRM/LICENSE TSRM_LICENSE %if ! %{with_libgd} cp ext/gd/libgd/README libgd_README @@ -1145,6 +1227,12 @@ exit 1 %build +# This package fails to build with LTO due to undefined symbols. LTO +# was disabled in OpenSuSE as well, but with no real explanation why +# beyond the undefined symbols. It really shold be investigated further. +# Disable LTO +%define _lto_cflags %{nil} + # aclocal workaround - to be improved cat $(aclocal --print-ac-dir)/{libtool,ltoptions,ltsugar,ltversion,lt~obsolete}.m4 >>aclocal.m4 @@ -1271,7 +1359,7 @@ build --libdir=%{_libdir}/php \ --with-mysqli=shared,mysqlnd \ --with-mysql-sock=%{mysql_sock} \ %if %{with_oci8} - --with-oci8=shared,instantclient,%{_root_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ + --with-oci8=shared,instantclient,%{_root_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ --with-pdo-oci=shared,instantclient,%{_root_prefix},%{oraclever} \ %endif %if %{with_interbase} @@ -1383,12 +1471,12 @@ popd %check %if %runselftest - -cd build-apache +cd build-fpm # Run tests, using the CLI SAPI export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2 export SKIP_ONLINE_TESTS=1 +export SKIP_SLOW_TESTS=1 unset TZ LANG LC_ALL if ! make test; then set +x @@ -1496,8 +1584,8 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/php-fpm.d/www.conf.default . %if %{with_systemd} install -Dm 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir}/%{?scl_prefix}php-fpm.service %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d/%{?scl_prefix}php-fpm.conf -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/nginx.service.d/%{?scl_prefix}php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_root_sysconfdir}/systemd/system/httpd.service.d/%{?scl_prefix}php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_root_sysconfdir}/systemd/system/nginx.service.d/%{?scl_prefix}php-fpm.conf %endif sed -e 's:/run:%{_localstatedir}/run:' \ -e 's:/etc/sysconfig:%{_sysconfdir}/sysconfig:' \ @@ -1761,13 +1849,9 @@ cat << EOF WARNING : PHP 7.0 have reached its "End of Life" in December 2018. Even, if this package includes some of - the important security fix, backported from 7.1, the + the important security fixes, backported from 8.1, the UPGRADE to a maintained version is very strongly RECOMMENDED. -%if %{?fedora}%{!?fedora:99} < 28 - WARNING : Fedora %{fedora} is now EOL : - You should consider upgrading to a supported release -%endif ===================================================================== EOF @@ -1792,7 +1876,7 @@ EOF %files common -f files.common %doc CODING_STANDARDS CREDITS EXTENSIONS NEWS README* -%license LICENSE TSRM_LICENSE +%license LICENSE TSRM_LICENSE ZEND_LICENSE %license libmagic_LICENSE %license phar_LICENSE %license timelib_LICENSE @@ -1856,8 +1940,8 @@ EOF %if %{with_systemd} %{_unitdir}/%{?scl_prefix}php-fpm.service %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -%{_unitdir}/httpd.service.d/%{?scl_prefix}php-fpm.conf -%{_unitdir}/nginx.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_root_sysconfdir}/systemd/system/httpd.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_root_sysconfdir}/systemd/system/nginx.service.d/%{?scl_prefix}php-fpm.conf %endif %dir %{_root_sysconfdir}/systemd/system/%{?scl_prefix}php-fpm.service.d %else @@ -1949,6 +2033,168 @@ EOF %changelog +* Wed Apr 10 2024 Remi Collet <remi@remirepo.net> - 7.0.33-41 +- use oracle client library version 21.13 on x86_64, 19.19 on aarch64 +- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix + CVE-2024-2756 +- Fix password_verify can erroneously return true opening ATO risk + CVE-2024-3096 + +* Wed Aug 2 2023 Remi Collet <remi@remirepo.net> - 7.0.33-40 +- Fix Security issue with external entity loading in XML without enabling it + GHSA-3qrf-m4j2-pcrr CVE-2023-3823 +- Fix Buffer mismanagement in phar_dir_read() + GHSA-jqcx-ccgc-xwhv CVE-2023-3824 +- move httpd/nginx wants directive to config files in /etc + +* Wed Jun 21 2023 Remi Collet <remi@remirepo.net> - 7.0.33-39 +- fix possible buffer overflow in date +- define %%php70___phpize and %%php70___phpconfig + +* Wed Jun 7 2023 Remi Collet <remi@remirepo.net> - 7.0.33-38 +- Fix Missing error check and insufficient random bytes in HTTP Digest + authentication for SOAP + GHSA-76gg-c692-v2mw CVE-2023-3247 +- use oracle client library version 21.10 + +* Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 7.0.33-37 +- fix #81744: Password_verify() always return true with some hash + CVE-2023-0567 +- fix #81746: 1-byte array overrun in common path resolve code + CVE-2023-0568 +- fix DOS vulnerability when parsing multipart request body + CVE-2023-0662 + +* Tue Dec 20 2022 Remi Collet <remi@remirepo.net> - 7.0.33-36 +- pdo: fix #81740: PDO::quote() may return unquoted string + CVE-2022-31631 +- use oracle client library version 21.8 + +* Tue Sep 27 2022 Remi Collet <remi@remirepo.net> - 7.0.33-35 +- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 +- core: fix #81727 Don't mangle HTTP variable names that clash with ones + that have a specific semantic meaning. CVE-2022-31629 +- use oracle client library version 21.7 + +* Tue Jun 7 2022 Remi Collet <remi@remirepo.net> - 7.0.33-33 +- use oracle client library version 21.6 +- mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 +- pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 + +* Mon Nov 15 2021 Remi Collet <remi@remirepo.net> - 7.0.33-32 +- Fix #79971 special character is breaking the path in xml function + CVE-2021-21707 + +* Wed Oct 20 2021 Remi Collet <remi@remirepo.net> - 7.0.33-31 +- fix PHP-FPM oob R/W in root process leading to priv escalation + CVE-2021-21703 +- use libicu version 69 +- use oracle client library version 21.3 + +* Tue Sep 7 2021 Remi Collet <remi@remirepo.net> - 7.0.33-30 +- fix intl build on F35 + +* Thu Aug 26 2021 Remi Collet <remi@remirepo.net> - 7.0.33-29 +- Fix #81211 Symlinks are followed when creating PHAR archive + +* Mon Jun 28 2021 Remi Collet <remi@remirepo.net> - 7.0.33-28 +- Fix #81122 SSRF bypass in FILTER_VALIDATE_URL + CVE-2021-21705 +- Fix #76488 Memory leak when fetching a BLOB field +- Fix #76448 Stack buffer overflow in firebird_info_cb +- Fix #76449 SIGSEGV in firebird_handle_doer +- Fix #76450 SIGSEGV in firebird_stmt_execute +- Fix #76452 Crash while parsing blob data in firebird_fetch_blob + CVE-2021-21704 + +* Thu May 27 2021 Remi Collet <remi@remirepo.net> - 7.0.33-27 +- fix snmp extension build with net-snmp without DES + +* Wed Apr 28 2021 Remi Collet <remi@remirepo.net> - 7.0.33-26 +- Fix #80710 imap_mail_compose() header injection +- use oracle client library version 21.1 + +* Wed Feb 3 2021 Remi Collet <remi@remirepo.net> - 7.0.33-25 +- Fix #80672 Null Dereference in SoapClient + CVE-2021-21702 +- better fix for #77423 + +* Mon Jan 4 2021 Remi Collet <remi@remirepo.net> - 7.0.33-24 +- Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo + CVE-2020-7071 + +* Tue Sep 29 2020 Remi Collet <remi@remirepo.net> - 7.0.33-23 +- Core: + Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent + CVE-2020-7070 + +* Tue Aug 4 2020 Remi Collet <remi@remirepo.net> - 7.0.33-22 +- Core: + Fix #79877 getimagesize function silently truncates after a null byte +- Phar: + Fix #79797 use of freed hash key in the phar_parse_zipfile function + CVE-2020-7068 + +* Tue May 12 2020 Remi Collet <remi@remirepo.net> - 7.0.33-21 +- Core: + Fix #78875 Long filenames cause OOM and temp files are not cleaned + CVE-2019-11048 + Fix #78876 Long variables in multipart/form-data cause OOM and temp + files are not cleaned + +* Tue Apr 14 2020 Remi Collet <remi@remirepo.net> - 7.0.33-20 +- standard: + Fix #79330 shell_exec silently truncates after a null byte + Fix #79465 OOB Read in urldecode + CVE-2020-7067 + +* Tue Mar 17 2020 Remi Collet <remi@remirepo.net> - 7.0.33-19 +- standard: + Fix #79329 get_headers() silently truncates after a null byte + CVE-2020-7066 +- exif: + Fix #79282 Use-of-uninitialized-value in exif + CVE-2020-7064 +- use oracle client library version 19.6 (18.5 on EL-6) + +* Tue Feb 18 2020 Remi Collet <remi@remirepo.net> - 7.0.33-18 +- dom: + Fix #77569 Write Access Violation in DomImplementation +- phar: + Fix #79082 Files added to tar with Phar::buildFromIterator have all-access permissions + CVE-2020-7063 +- session: + Fix #79221 Null Pointer Dereference in PHP Session Upload Progress + CVE-2020-7062 + +* Thu Jan 23 2020 Remi Collet <remi@remirepo.net> - 7.0.33-17 +- mbstring: + Fix #79037 global buffer-overflow in mbfl_filt_conv_big5_wchar + CVE-2020-7060 +- standard: + Fix #79099 OOB read in php_strip_tags_ex + CVE-2020-7059 + +* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.0.33-15 +- bcmath: + Fix #78878 Buffer underflow in bc_shift_addsub + CVE-2019-11046 +- core: + Fix #78862 link() silently truncates after a null byte on Windows + CVE-2019-11044 + Fix #78863 DirectoryIterator class silently truncates after a null byte + CVE-2019-11045 +- exif + Fix #78793 Use-after-free in exif parsing under memory sanitizer + CVE-2019-11050 + Fix #78910 Heap-buffer-overflow READ in exif + CVE-2019-11047 +- use oracle client library version 19.5 (18.5 on EL-6) + +* Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 7.0.33-14 +- FPM: + Fix CVE-2019-11043 env_path_info underflow in fpm_main.c + * Wed Aug 28 2019 Remi Collet <remi@remirepo.net> - 7.0.33-13 - mbstring: Fix CVE-2019-13224 don't allow different encodings for onig_new_deluxe |