From 8b6a473e92cb71c2b5d5289c050dec5b83b5fd6f Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Wed, 9 Jan 2019 14:51:03 +0100 Subject: - core: Fix #77369 memcpy with negative length via crafted DNS response - mbstring: Fix #77370 buffer overflow on mb regex functions - fetch_token Fix #77371 heap buffer overflow in mb regex functions compile_string_node Fix #77381 heap buffer overflow in multibyte match_at Fix #77382 heap buffer overflow in expand_case_fold_string Fix #77385 buffer overflow in fetch_token Fix #77394 buffer overflow in multibyte case folding - unicode Fix #77418 heap overflow in utf32be_mbc_to_code - phar: Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext - xmlrpc: Fix #77242 heap out of bounds read in xmlrpc_decode Fix #77380 global out of bounds read in xmlrpc base64 code --- php.spec | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) (limited to 'php.spec') diff --git a/php.spec b/php.spec index 42de827..aa82877 100644 --- a/php.spec +++ b/php.spec @@ -126,7 +126,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -187,8 +187,17 @@ Patch91: php-5.6.3-oci8conf.patch # Upstream fixes (100+) Patch100: https://github.com/php/php-src/commit/be50a72715c141befe6f34ece660745da894aaf3.patch Patch101: https://github.com/php/php-src/commit/2ef8809ef3beb5f58b81dcff49bdcde4d2cb8426.patch +Patch102: php-openssl-cert.patch # Security fixes (200+) +Patch200: php-bug77242.patch +Patch201: php-bug77247.patch +Patch202: php-bug77370.patch +Patch203: php-bug77371.patch +Patch204: php-bug77380.patch +Patch205: php-bug77381.patch +Patch206: php-bug77369.patch +Patch207: php-bug77418.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -919,8 +928,19 @@ support for JavaScript Object Notation (JSON) to PHP. # upstream patches %patch100 -p1 -b .up1 %patch101 -p1 -b .up2 +%patch102 -p1 -b .up3 # security patches +%patch200 -p1 -b .bug77242 +%patch201 -p1 -b .bug77247 +%patch202 -p1 -b .bug77370 +%patch203 -p1 -b .bug77371 +%patch204 -p1 -b .bug77380 +%patch205 -p1 -b .bug77381 +%patch206 -p1 -b .bug77369 +%patch207 -p1 -b .bug77418 +: --------------------------- +#exit 1 # Fixes for tests %patch300 -p1 -b .datetests @@ -1854,6 +1874,23 @@ fi %changelog +* Wed Jan 9 2019 Remi Collet - 7.0.33-2 +- core: + Fix #77369 memcpy with negative length via crafted DNS response +- mbstring: + Fix #77370 buffer overflow on mb regex functions - fetch_token + Fix #77371 heap buffer overflow in mb regex functions compile_string_node + Fix #77381 heap buffer overflow in multibyte match_at + Fix #77382 heap buffer overflow in expand_case_fold_string + Fix #77385 buffer overflow in fetch_token + Fix #77394 buffer overflow in multibyte case folding - unicode + Fix #77418 heap overflow in utf32be_mbc_to_code +- phar: + Fix #77247 heap buffer overflow in phar_detect_phar_fname_ext +- xmlrpc: + Fix #77242 heap out of bounds read in xmlrpc_decode + Fix #77380 global out of bounds read in xmlrpc base64 code + * Wed Dec 5 2018 Remi Collet - 7.0.33-1 - Update to 7.0.33 - http://www.php.net/releases/7_0_33.php - use oracle client library version 18.3 -- cgit