diff options
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 40 |
1 files changed, 37 insertions, 3 deletions
@@ -49,7 +49,7 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%global oraclever 23.9 +%global oraclever 23.26.1 %global oraclemax 24 %global oraclelib 23.1 %global oracledir 23 @@ -125,7 +125,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}} -Release: 15%{?dist} +Release: 16%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -230,6 +230,14 @@ Patch220: php-cve-2025-1735.patch Patch221: php-cve-2025-14177.patch Patch222: php-cve-2025-14178.patch Patch223: php-ghsa-www2-q4fc-65wf.patch +Patch224: php-cve-2025-14179.patch +Patch225: php-cve-2026-6722.patch +Patch226: php-cve-2026-7261.patch +Patch227: php-cve-2026-7262.patch +Patch228: php-cve-2026-6735.patch +Patch229: php-cve-2026-7259.patch +Patch230: php-cve-2026-7568.patch +Patch231: php-cve-2026-7258.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1038,6 +1046,14 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 %patch -P221 -p1 -b .cve14177 %patch -P222 -p1 -b .cve14178 %patch -P223 -p1 -b .ghsawwww2 +%patch -P224 -p1 -b .cve14179 +%patch -P225 -p1 -b .cve6722 +%patch -P226 -p1 -b .cve7261 +%patch -P227 -p1 -b .cve7262 +%patch -P228 -p1 -b .cve6735 +%patch -P229 -p1 -b .cve7259 +%patch -P230 -p1 -b .cve7268 +%patch -P231 -p1 -b .cve7258 # Fixes for tests %patch -P300 -p1 -b .datetests @@ -1770,7 +1786,7 @@ cat << EOF WARNING : PHP 8.0 have reached its "End of Life" in November 2023. Even, if this package includes some of - the important security fixes, backported from 8.1, the + the important security fixes, backported from 8.2, the UPGRADE to a maintained version is very strongly RECOMMENDED. ===================================================================== @@ -1934,6 +1950,24 @@ EOF %changelog +* Mon May 11 2026 Remi Collet <remi@remirepo.net> - 8.0.30-16 +- Fix XSS within status endpoint + CVE-2026-6735 +- Fix Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() + CVE-2026-7259 +- Fix SQL injection via NUL bytes in quoted strings + CVE-2025-14179 +- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map + CVE-2026-6722 +- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION + CVE-2026-7261 +- Fix Broken Apache map value NULL check + CVE-2026-7262 +- Fix Signed integer overflow of char array offset + CVE-2026-7568 +- Fix Consistently pass unsigned char to ctype.h functions + CVE-2026-7258 + * Thu Dec 18 2025 Remi Collet <remi@remirepo.net> - 8.0.30-15 - Fix Null byte termination in dns_get_record() GHSA-www2-q4fc-65wf |