diff options
| author | Remi Collet <remi@remirepo.net> | 2022-06-07 11:05:41 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2022-06-07 11:05:41 +0200 |
| commit | 9eb1d50117cb6df4f7ce70ed92813ec77a87d78e (patch) | |
| tree | afcb386d7a1ec6efe375c402a20ea9158e3a9b4e /php.spec | |
| parent | 5802be8400b50620be042bddc27e2dd708af682a (diff) | |
use oracle client library version 21.6
mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626
pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625
pcre: fix default options for pcre >= 10.38
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 19 |
1 files changed, 16 insertions, 3 deletions
@@ -55,7 +55,7 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%global oraclever 21.5 +%global oraclever 21.6 %global oraclelib 21.1 # Build for LiteSpeed Web Server (LSAPI) @@ -126,7 +126,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 2%{?dist} +Release: 3%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -194,8 +194,12 @@ Patch91: php-7.2.0-oci8conf.patch Patch100: php-bug80682.patch # Backported from 7.4.18 - pdo_odbc Patch101: php-bug80783.patch +# Backported from 7.4.26 for pcre >= 10.38 +Patch102: php-pcre1038.patch # Security fixes (200+) +Patch200: php-bug81719.patch +Patch201: php-bug81720.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -741,7 +745,7 @@ Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release} BuildRequires: libjpeg-devel, libpng-devel, freetype-devel BuildRequires: libXpm-devel %if %{with_libgd} -BuildRequires: gd-devel >= 2.3 +BuildRequires: gd-devel >= 2.3.3 %else BuildRequires: libwebp-devel Provides: bundled(gd) = 2.0.35 @@ -961,8 +965,11 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in # upstream patches %patch100 -p1 -b .bug80682 %patch101 -p1 -b .bug80783 +%patch102 -p1 -b .pcre1038 # security patches +%patch200 -p1 -b .bug81719 +%patch201 -p1 -b .bug81720 # Fixes for tests %patch300 -p1 -b .datetests @@ -1909,6 +1916,12 @@ fi %changelog +* Tue Jun 7 2022 Remi Collet <remi@remirepo.net> - 7.3.33-3 +- use oracle client library version 21.6 +- mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 +- pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 +- pcre: fix default options for pcre >= 10.38 + * Wed Feb 23 2022 Remi Collet <remi@remirepo.net> - 7.3.33-2 - retrieve tzdata version - use oracle client library version 21.5 |