diff options
author | Remi Collet <remi@remirepo.net> | 2019-12-17 16:21:44 +0100 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2019-12-17 16:21:44 +0100 |
commit | 9d0e088bae4b092768b2779b9f82cac349cb80e2 (patch) | |
tree | b4c0c7e7cd45224c1b30ea9822213557276ca7fc /php.spec | |
parent | 72995b48a28cf7c9dd8ddcf405c2ac89cf1c763e (diff) |
- bcmath:
Fix #78878 Buffer underflow in bc_shift_addsub
CVE-2019-11046
- core:
Fix #78862 link() silently truncates after a null byte on Windows
CVE-2019-11044
Fix #78863 DirectoryIterator class silently truncates after a null byte
CVE-2019-11045
- exif
Fix #78793 Use-after-free in exif parsing under memory sanitizer
CVE-2019-11050
Fix #78910 Heap-buffer-overflow READ in exif
CVE-2019-11047
- use oracle client library version 19.5 (18.5 on EL-6)
Diffstat (limited to 'php.spec')
-rw-r--r-- | php.spec | 47 |
1 files changed, 45 insertions, 2 deletions
@@ -56,10 +56,14 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) %if 0%{?rhel} == 6 +%ifarch x86_64 +%global oraclever 18.5 +%else %global oraclever 18.3 +%endif %global oraclelib 18.1 %else -%global oraclever 19.3 +%global oraclever 19.5 %global oraclelib 19.1 %endif @@ -136,7 +140,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -197,6 +201,11 @@ Patch91: php-5.6.3-oci8conf.patch # Upstream fixes (100+) # Security fixes (200+) +Patch201: php-bug78878.patch +Patch202: php-bug78862.patch +Patch203: php-bug78863.patch +Patch204: php-bug78793.patch +Patch205: php-bug78910.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -926,6 +935,11 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in # upstream patches # security patches +%patch201 -p1 -b .bug78878 +%patch202 -p1 -b .bug78862 +%patch203 -p1 -b .bug78863 +%patch204 -p1 -b .bug78793 +%patch205 -p1 -b .bug78910 # Fixes for tests %patch300 -p1 -b .datetests @@ -1690,6 +1704,19 @@ fi %endif +%posttrans common +cat << EOF +===================================================================== + + WARNING : PHP 7.1 have reached its "End of Life" in + December 2019. Even, if this package includes some of + the important security fix, backported from 7.2, the + UPGRADE to a maintained version is very strongly RECOMMENDED. + +===================================================================== +EOF + + %{!?_licensedir:%global license %%doc} %files @@ -1867,6 +1894,22 @@ fi %changelog +* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.1.33-2 +- bcmath: + Fix #78878 Buffer underflow in bc_shift_addsub + CVE-2019-11046 +- core: + Fix #78862 link() silently truncates after a null byte on Windows + CVE-2019-11044 + Fix #78863 DirectoryIterator class silently truncates after a null byte + CVE-2019-11045 +- exif + Fix #78793 Use-after-free in exif parsing under memory sanitizer + CVE-2019-11050 + Fix #78910 Heap-buffer-overflow READ in exif + CVE-2019-11047 +- use oracle client library version 19.5 (18.5 on EL-6) + * Wed Oct 23 2019 Remi Collet <remi@remirepo.net> - 7.1.33-1 - Update to 7.1.33 - http://www.php.net/releases/7_1_33.php |