diff options
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 32 |
1 files changed, 29 insertions, 3 deletions
@@ -65,7 +65,12 @@ # Optional components; pass "--with mssql" etc to rpmbuild. %global with_oci8 %{?_with_oci8:1}%{!?_with_oci8:0} +%if 0%{?fedora} >= 38 || 0%{?rhel} >= 10 +# uw-imap is not available +%global with_imap 0 +%else %global with_imap 1 +%endif %global with_interbase 1 %global with_freetds 1 %global with_tidy 1 @@ -110,7 +115,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}} -Release: 2%{?dist} +Release: 4%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -176,6 +181,9 @@ Patch91: php-7.2.0-oci8conf.patch # Security fixes (200+) Patch200: php-bug81740.patch +Patch201: php-bug81744.patch +Patch202: php-bug81746.patch +Patch203: php-cve-2023-0662.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -354,6 +362,12 @@ Summary: Common files for PHP # fileinfo is licensed under PHP version 3.0 # regex, libmagic are licensed under BSD License: PHP and BSD + +%if %{with_libpcre} +%global pcre2_buildver %(pkg-config --silence-errors --modversion libpcre2-8 2>/dev/null || echo 10.30) +Requires: pcre2%{?_isa} >= %{pcre2_buildver} +%endif + # ABI/API check - Arch specific Provides: %{?scl_prefix}php(api) = %{apiver}-%{__isa_bits} Provides: %{?scl_prefix}php(zend-abi) = %{zendver}-%{__isa_bits} @@ -955,6 +969,9 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 # security patches %patch200 -p1 -b .bug81740 +%patch201 -p1 -b .bug81744 +%patch202 -p1 -b .bug81746 +%patch203 -p1 -b .cve0662 # Fixes for tests %patch300 -p1 -b .datetests @@ -1678,7 +1695,7 @@ cat << EOF WARNING : PHP 7.4 have reached its "End of Life" in November 2022. Even, if this package includes some of - the important security fix, backported from 8.0, the + the important security fixes, backported from 8.0, the UPGRADE to a maintained version is very strongly RECOMMENDED. ===================================================================== @@ -1844,7 +1861,16 @@ EOF %changelog -* Mon Dec 19 2022 Remi Collet <remi@remirepo.net> - 7.4.33-1 +* Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 7.4.33-4 +- fix #81744: Password_verify() always return true with some hash + CVE-2023-0567 +- fix #81746: 1-byte array overrun in common path resolve code + CVE-2023-0568 +- fix DOS vulnerability when parsing multipart request body + CVE-2023-0662 +- add dependency on pcre2 minimal version + +* Mon Dec 19 2022 Remi Collet <remi@remirepo.net> - 7.4.33-2 - pdo: fix #81740: PDO::quote() may return unquoted string CVE-2022-31631 - use oracle client library version 21.8 |