From 3059a539f37babd6943bbdd0536fb14a849aab58 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 22 Nov 2024 11:59:53 +0100 Subject: Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 --- php.spec | 43 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-) (limited to 'php.spec') diff --git a/php.spec b/php.spec index ab1f9ba..efed35c 100644 --- a/php.spec +++ b/php.spec @@ -75,12 +75,18 @@ # Optional components; pass "--with mssql" etc to rpmbuild. %global with_oci8 %{?_with_oci8:1}%{!?_with_oci8:0} %global with_imap 1 -%global with_interbase 1 %global with_freetds 1 %global with_tidy 1 %global with_sqlite3 1 %global with_enchant 1 +# Build firebird extensions, you can disable using --without firebird +%if 0%{?rhel} == 10 +%bcond_with firebird +%else +%bcond_without firebird +%endif + %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 %global with_libpcre 1 %else @@ -119,7 +125,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}} -Release: 18%{?dist} +Release: 20%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -201,6 +207,11 @@ Patch210: php-cve-2024-8925.patch Patch211: php-cve-2024-8926.patch Patch212: php-cve-2024-8927.patch Patch213: php-cve-2024-9026.patch +Patch214: php-cve-2024-11236.patch +Patch215: php-cve-2024-11234.patch +Patch216: php-cve-2024-8932.patch +Patch217: php-cve-2024-11233.patch +Patch218: php-ghsa-4w77-75f9-2c8w.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -621,7 +632,7 @@ BuildRequires: pkgconfig(libxml-2.0) The %{?scl_prefix}php-soap package contains a dynamic shared object that will add support to PHP for using the SOAP web services protocol. -%if %{with_interbase} +%if %{with firebird} %package pdo-firebird Summary: PDO driver for Interbase/Firebird databases Group: Development/Languages @@ -1006,6 +1017,11 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 %patch -P211 -p1 -b .cve8926 %patch -P212 -p1 -b .cve8927 %patch -P213 -p1 -b .cve9026 +%patch -P214 -p1 -b .cve11236 +%patch -P215 -p1 -b .cve11234 +%patch -P216 -p1 -b .cve8932 +%patch -P217 -p1 -b .cve11233 +%patch -P218 -p1 -b .ghsa4w77 # Fixes for tests %patch -P300 -p1 -b .datetests @@ -1279,7 +1295,7 @@ build --libdir=%{_libdir}/php \ --with-oci8=shared,instantclient,%{_root_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ --with-pdo-oci=shared,instantclient,%{_root_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ %endif -%if %{with_interbase} +%if %{with firebird} --with-pdo-firebird=shared \ %endif --enable-dom=shared \ @@ -1584,7 +1600,7 @@ for mod in pgsql odbc ldap snmp \ %if %{with_oci8} oci8 pdo_oci \ %endif -%if %{with_interbase} +%if %{with firebird} pdo_firebird \ %endif %if %{with_freetds} @@ -1875,7 +1891,7 @@ EOF %files pspell -f files.pspell %files intl -f files.intl %files process -f files.process -%if %{with_interbase} +%if %{with firebird} %files pdo-firebird -f files.pdo_firebird %endif %if %{with_enchant} @@ -1897,6 +1913,21 @@ EOF %changelog +* Fri Nov 22 2024 Remi Collet - 7.4.33-20 +- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface + GHSA-4w77-75f9-2c8w +- Fix OOB access in ldap_escape + CVE-2024-8932 +- Fix Integer overflow in the dblib/firebird quoter causing OOB writes + CVE-2024-11236 +- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs + CVE-2024-11234 +- Fix Single byte overread with convert.quoted-printable-decode filter + CVE-2024-11233 + +* Fri Nov 15 2024 Remi Collet - 7.4.33-19 +- disable firebird on EL-10 + * Thu Sep 26 2024 Remi Collet - 7.4.33-18 - Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI CVE-2024-4577 -- cgit