diff options
| author | Remi Collet <remi@remirepo.net> | 2021-01-04 16:15:00 +0100 |
|---|---|---|
| committer | Remi Collet <remi@remirepo.net> | 2021-01-04 16:15:00 +0100 |
| commit | 61724d92582ef36ffc6f40d08f669e8c7a9389f0 (patch) | |
| tree | 5430bff7613cbf5e95a343a420a6f43ec5e7af66 /php.spec | |
| parent | df79e9327223857efd2dbe8505dc3c32f6c36df0 (diff) | |
Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo
CVE-2020-7071
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -65,7 +65,7 @@ %else %ifarch x86_64 -%global oraclever 19.8 +%global oraclever 19.9 %else %global oraclever 19.6 %endif @@ -140,7 +140,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 10%{?dist} +Release: 11%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -222,6 +222,7 @@ Patch218: php-bug79797.patch Patch219: php-bug79877.patch Patch220: php-bug79601.patch Patch221: php-bug79699.patch +Patch222: php-bug77423.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -255,6 +256,7 @@ BuildRequires: bzip2 BuildRequires: perl BuildRequires: autoconf BuildRequires: automake +BuildRequires: make BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?dtsprefix}gcc-c++ BuildRequires: libtool @@ -434,6 +436,7 @@ Requires: %{?scl_prefix}php-cli%{?_isa} = %{version}-%{release} # always needed to build extension Requires: autoconf Requires: automake +Requires: make Requires: gcc Requires: gcc-c++ Requires: libtool @@ -974,6 +977,7 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %patch219 -p1 -b .bug79877 %patch220 -p1 -b .bug79601 %patch221 -p1 -b .bug79699 +%patch222 -p1 -b .bug77423 # Fixes for tests %patch300 -p1 -b .datetests @@ -1754,7 +1758,7 @@ cat << EOF WARNING : PHP 7.1 have reached its "End of Life" in December 2019. Even, if this package includes some of - the important security fix, backported from 7.2, the + the important security fix, backported from 7.3, the UPGRADE to a maintained version is very strongly RECOMMENDED. ===================================================================== @@ -1938,6 +1942,10 @@ EOF %changelog +* Mon Jan 4 2021 Remi Collet <remi@remirepo.net> - 7.1.33-11 +- Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo + CVE-2020-7071 + * Tue Sep 29 2020 Remi Collet <remi@remirepo.net> - 7.1.33-10 - Core: Fix #79699 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent |