From 9bb72d3a0e4c9223970d3be7f8ab4fc968c819aa Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Fri, 11 Jan 2019 14:30:35 +0100
Subject: Backport xmlrpc security fix from 5.6.40 - Fix #77242 heap out of
 bounds read in xmlrpc_decode - Fix #77380 Global out of bounds read in xmlrpc
 base64 code

---
 php.spec | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'php.spec')

diff --git a/php.spec b/php.spec
index 47fc910..ea9787e 100644
--- a/php.spec
+++ b/php.spec
@@ -140,7 +140,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name: %{?scl_prefix}php
 Version: 5.5.38
-Release: 10%{?dist}
+Release: 11%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -253,6 +253,8 @@ Patch157: bug76582.patch
 Patch158: bug77153.patch
 Patch159: bug77020.patch
 Patch160: bug77231.patch
+Patch161: bug77242.patch
+Patch162: bug77380.patch
 
 # Security fixes (200+)
 
@@ -1006,6 +1008,8 @@ support for using the enchant library to PHP.
 %patch158 -p1 -b .bug77153
 %patch159 -p1 -b .bug77020
 %patch160 -p1 -b .bug77231
+%patch161 -p1 -b .bug77242
+%patch162 -p1 -b .bug77380
 
 : ------------------------
 
@@ -1918,6 +1922,10 @@ EOF
 
 
 %changelog
+* Fri Jan 11 2019 Remi Collet <remi@remirepo.net> - 5.5.38-11
+- Fix #77242 heap out of bounds read in xmlrpc_decode
+- Fix #77380 Global out of bounds read in xmlrpc base64 code
+
 * Mon Dec 10 2018 Remi Collet <remi@remirepo.net> - 5.5.38-10
 - Fix #77231 Segfault when using convert.quoted-printable-encode filter
 - Fix #77020 null pointer dereference in imap_mail
-- 
cgit