/[smeserver]/rpms/php/sme8/php.spec
ViewVC logotype

Diff of /rpms/php/sme8/php.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

Revision 1.13 by vip-ire, Mon Dec 16 10:47:16 2013 UTC Revision 1.16 by vip-ire, Sat Oct 18 10:16:16 2014 UTC
# Line 20  Line 20 
20  Summary: PHP scripting language for creating dynamic web sites  Summary: PHP scripting language for creating dynamic web sites
21  Name: php  Name: php
22  Version: 5.3.3  Version: 5.3.3
23  Release: 14%{?dist}  Release: 16%{?dist}
24  License: PHP and LGPLv2 and LGPLv2+  License: PHP and LGPLv2 and LGPLv2+
25  Group: Development/Languages  Group: Development/Languages
26  URL: http://www.php.net/  URL: http://www.php.net/
# Line 104  Patch232: php-5.3.3-CVE-2006-7243.patch Line 104  Patch232: php-5.3.3-CVE-2006-7243.patch
104  Patch233: php-5.3.3-CVE-2013-4113.patch  Patch233: php-5.3.3-CVE-2013-4113.patch
105  Patch234: php-5.3.3-CVE-2013-4248.patch  Patch234: php-5.3.3-CVE-2013-4248.patch
106  Patch235: php-5.3.3-CVE-2013-6420.patch  Patch235: php-5.3.3-CVE-2013-6420.patch
107    Patch236: php-5.3.3-CVE-2014-0237.patch
108    Patch237: php-5.3.3-CVE-2014-0238.patch
109    Patch238: php-5.3.3-CVE-2014-2270.patch
110    Patch239: php-5.3.3-CVE-2014-1943.patch
111    Patch240: php-5.3.3-CVE-2014-3479.patch
112    Patch241: php-5.3.3-CVE-2012-1571.patch
113    Patch242: php-5.3.3-CVE-2014-3480.patch
114    Patch243: php-5.3.3-CVE-2014-4721.patch
115    Patch244: php-5.3.3-CVE-2013-6712.patch
116    Patch245: php-5.3.3-CVE-2014-4049.patch
117    Patch246: php-5.3.3-CVE-2014-3515.patch
118    Patch247: php-5.3.3-CVE-2014-2497.patch
119    Patch248: php-5.3.3-CVE-2014-3587.patch
120    Patch249: php-5.3.3-CVE-2014-3597.patch
121    Patch250: php-5.3.3-CVE-2014-4698.patch
122    Patch251: php-5.3.3-CVE-2014-4670.patch
123    
124  BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)  BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
125    
# Line 463  support for using the ICU library to PHP Line 479  support for using the ICU library to PHP
479  %patch233 -p1 -b .cve4113  %patch233 -p1 -b .cve4113
480  %patch234 -p1 -b .cve4248  %patch234 -p1 -b .cve4248
481  %patch235 -p1 -b .cve6420  %patch235 -p1 -b .cve6420
482    %patch236 -p1 -b .cve0237
483    %patch237 -p1 -b .cve0238
484    %patch238 -p1 -b .cve2270
485    %patch239 -p1 -b .cve1943
486    %patch240 -p1 -b .cve3479
487    %patch241 -p1 -b .cve1571
488    %patch242 -p1 -b .cve3480
489    %patch243 -p1 -b .cve4721
490    %patch244 -p1 -b .cve6712
491    %patch245 -p1 -b .cve4049
492    %patch246 -p1 -b .cve3515
493    %patch247 -p1 -b .cve2497
494    %patch248 -p1 -b .cve3587
495    %patch249 -p1 -b .cve3597
496    %patch250 -p1 -b .cve4698
497    %patch251 -p1 -b .cve4670
498    
499  # Prevent %%doc confusion over LICENSE files  # Prevent %%doc confusion over LICENSE files
500  cp -p Zend/LICENSE Zend/ZEND_LICENSE  cp -p Zend/LICENSE Zend/ZEND_LICENSE
# Line 842  rm files.* macros.php Line 874  rm files.* macros.php
874  %files process -f files.process  %files process -f files.process
875    
876  %changelog  %changelog
877    * Sat Oct 18 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-16.sme
878    - Resync with upstream php53, which include (see [SME: 8574])
879    - spl: fix use-after-free in ArrayIterator due to object
880      change during sorting. CVE-2014-4698
881    - spl: fix use-after-free in SPL Iterators. CVE-2014-4670
882    - gd: fix NULL pointer dereference in gdImageCreateFromXpm.
883      CVE-2014-2497
884    - fileinfo: fix incomplete fix for CVE-2012-1571 in
885      cdf_read_property_info. CVE-2014-3587
886    - core: fix incomplete fix for CVE-2014-4049 DNS TXT
887      record parsing. CVE-2014-3597
888    
889    * Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme
890    - Resync with upstream php53, which include (see [SME: 8515])
891    - core: type confusion issue in phpinfo(). CVE-2014-4721
892    - date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712
893    - core: fix heap-based buffer overflow in DNS TXT record parsing.
894      CVE-2014-4049
895    - core: unserialize() SPL ArrayObject / SPLObjectStorage type
896      confusion flaw. CVE-2014-3515
897    - fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270
898    - fileinfo: unrestricted recursion in handling of indirect type
899      rules. CVE-2014-1943
900    - fileinfo: out of bounds read in CDF parser. CVE-2012-1571
901    - fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479
902    - fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480
903    - fileinfo: cdf_unpack_summary_info() excessive looping
904      DoS. CVE-2014-0237
905    - fileinfo: CDF property info parsing nelements infinite
906      loop. CVE-2014-0238
907    
908  * Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme  * Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme
909  - Resync with upstream php53, which include:  - Resync with upstream php53, which include (see [SME: 8064])
910  - add security fix for CVE-2013-6420  - add security fix for CVE-2013-6420
911  - add security fix for CVE-2013-4248  - add security fix for CVE-2013-4248
912  - add upstream reproducer for error_handler (#951075)  - add upstream reproducer for error_handler (#951075)


Legend:
Removed lines/characters  
Changed lines/characters
  Added lines/characters

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed