From 5ca2ab19abb06c678e9d85fe21020a0f7a3ad970 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 11 May 2026 09:19:42 +0200 Subject: Fix XSS within status endpoint CVE-2026-6735 Fix Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() CVE-2026-7259 Fix SQL injection via NUL bytes in quoted strings CVE-2025-14179 Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map CVE-2026-6722 Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION CVE-2026-7261 Fix Broken Apache map value NULL check CVE-2026-7262 Fix Signed integer overflow of char array offset CVE-2026-7568 Fix Consistently pass unsigned char to ctype.h functions CVE-2026-7258 --- php.spec | 40 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 37 insertions(+), 3 deletions(-) (limited to 'php.spec') diff --git a/php.spec b/php.spec index 2eb46d8..6c60c5d 100644 --- a/php.spec +++ b/php.spec @@ -49,7 +49,7 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%global oraclever 23.9 +%global oraclever 23.26.1 %global oraclemax 24 %global oraclelib 23.1 %global oracledir 23 @@ -125,7 +125,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}} -Release: 15%{?dist} +Release: 16%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -230,6 +230,14 @@ Patch220: php-cve-2025-1735.patch Patch221: php-cve-2025-14177.patch Patch222: php-cve-2025-14178.patch Patch223: php-ghsa-www2-q4fc-65wf.patch +Patch224: php-cve-2025-14179.patch +Patch225: php-cve-2026-6722.patch +Patch226: php-cve-2026-7261.patch +Patch227: php-cve-2026-7262.patch +Patch228: php-cve-2026-6735.patch +Patch229: php-cve-2026-7259.patch +Patch230: php-cve-2026-7568.patch +Patch231: php-cve-2026-7258.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1038,6 +1046,14 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 %patch -P221 -p1 -b .cve14177 %patch -P222 -p1 -b .cve14178 %patch -P223 -p1 -b .ghsawwww2 +%patch -P224 -p1 -b .cve14179 +%patch -P225 -p1 -b .cve6722 +%patch -P226 -p1 -b .cve7261 +%patch -P227 -p1 -b .cve7262 +%patch -P228 -p1 -b .cve6735 +%patch -P229 -p1 -b .cve7259 +%patch -P230 -p1 -b .cve7268 +%patch -P231 -p1 -b .cve7258 # Fixes for tests %patch -P300 -p1 -b .datetests @@ -1770,7 +1786,7 @@ cat << EOF WARNING : PHP 8.0 have reached its "End of Life" in November 2023. Even, if this package includes some of - the important security fixes, backported from 8.1, the + the important security fixes, backported from 8.2, the UPGRADE to a maintained version is very strongly RECOMMENDED. ===================================================================== @@ -1934,6 +1950,24 @@ EOF %changelog +* Mon May 11 2026 Remi Collet - 8.0.30-16 +- Fix XSS within status endpoint + CVE-2026-6735 +- Fix Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() + CVE-2026-7259 +- Fix SQL injection via NUL bytes in quoted strings + CVE-2025-14179 +- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map + CVE-2026-6722 +- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION + CVE-2026-7261 +- Fix Broken Apache map value NULL check + CVE-2026-7262 +- Fix Signed integer overflow of char array offset + CVE-2026-7568 +- Fix Consistently pass unsigned char to ctype.h functions + CVE-2026-7258 + * Thu Dec 18 2025 Remi Collet - 8.0.30-15 - Fix Null byte termination in dns_get_record() GHSA-www2-q4fc-65wf -- cgit