20 |
Summary: PHP scripting language for creating dynamic web sites |
Summary: PHP scripting language for creating dynamic web sites |
21 |
Name: php |
Name: php |
22 |
Version: 5.3.3 |
Version: 5.3.3 |
23 |
Release: 14%{?dist} |
Release: 17%{?dist} |
24 |
License: PHP and LGPLv2 and LGPLv2+ |
License: PHP and LGPLv2 and LGPLv2+ |
25 |
Group: Development/Languages |
Group: Development/Languages |
26 |
URL: http://www.php.net/ |
URL: http://www.php.net/ |
104 |
Patch233: php-5.3.3-CVE-2013-4113.patch |
Patch233: php-5.3.3-CVE-2013-4113.patch |
105 |
Patch234: php-5.3.3-CVE-2013-4248.patch |
Patch234: php-5.3.3-CVE-2013-4248.patch |
106 |
Patch235: php-5.3.3-CVE-2013-6420.patch |
Patch235: php-5.3.3-CVE-2013-6420.patch |
107 |
|
Patch236: php-5.3.3-CVE-2014-0237.patch |
108 |
|
Patch237: php-5.3.3-CVE-2014-0238.patch |
109 |
|
Patch238: php-5.3.3-CVE-2014-2270.patch |
110 |
|
Patch239: php-5.3.3-CVE-2014-1943.patch |
111 |
|
Patch240: php-5.3.3-CVE-2014-3479.patch |
112 |
|
Patch241: php-5.3.3-CVE-2012-1571.patch |
113 |
|
Patch242: php-5.3.3-CVE-2014-3480.patch |
114 |
|
Patch243: php-5.3.3-CVE-2014-4721.patch |
115 |
|
Patch244: php-5.3.3-CVE-2013-6712.patch |
116 |
|
Patch245: php-5.3.3-CVE-2014-4049.patch |
117 |
|
Patch246: php-5.3.3-CVE-2014-3515.patch |
118 |
|
Patch247: php-5.3.3-CVE-2014-2497.patch |
119 |
|
Patch248: php-5.3.3-CVE-2014-3587.patch |
120 |
|
Patch249: php-5.3.3-CVE-2014-3597.patch |
121 |
|
Patch250: php-5.3.3-CVE-2014-4698.patch |
122 |
|
Patch251: php-5.3.3-CVE-2014-4670.patch |
123 |
|
Patch252: php-5.3.3-CVE-2014-3668.patch |
124 |
|
Patch253: php-5.3.3-CVE-2014-3669.patch |
125 |
|
Patch254: php-5.3.3-CVE-2014-3670.patch |
126 |
|
Patch255: php-5.3.3-CVE-2014-3710.patch |
127 |
|
|
128 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) |
129 |
|
|
483 |
%patch233 -p1 -b .cve4113 |
%patch233 -p1 -b .cve4113 |
484 |
%patch234 -p1 -b .cve4248 |
%patch234 -p1 -b .cve4248 |
485 |
%patch235 -p1 -b .cve6420 |
%patch235 -p1 -b .cve6420 |
486 |
|
%patch236 -p1 -b .cve0237 |
487 |
|
%patch237 -p1 -b .cve0238 |
488 |
|
%patch238 -p1 -b .cve2270 |
489 |
|
%patch239 -p1 -b .cve1943 |
490 |
|
%patch240 -p1 -b .cve3479 |
491 |
|
%patch241 -p1 -b .cve1571 |
492 |
|
%patch242 -p1 -b .cve3480 |
493 |
|
%patch243 -p1 -b .cve4721 |
494 |
|
%patch244 -p1 -b .cve6712 |
495 |
|
%patch245 -p1 -b .cve4049 |
496 |
|
%patch246 -p1 -b .cve3515 |
497 |
|
%patch247 -p1 -b .cve2497 |
498 |
|
%patch248 -p1 -b .cve3587 |
499 |
|
%patch249 -p1 -b .cve3597 |
500 |
|
%patch250 -p1 -b .cve4698 |
501 |
|
%patch251 -p1 -b .cve4670 |
502 |
|
%patch252 -p1 -b .cve3668 |
503 |
|
%patch253 -p1 -b .cve3669 |
504 |
|
%patch254 -p1 -b .cve3670 |
505 |
|
%patch255 -p1 -b .cve3710 |
506 |
|
|
507 |
# Prevent %%doc confusion over LICENSE files |
# Prevent %%doc confusion over LICENSE files |
508 |
cp -p Zend/LICENSE Zend/ZEND_LICENSE |
cp -p Zend/LICENSE Zend/ZEND_LICENSE |
882 |
%files process -f files.process |
%files process -f files.process |
883 |
|
|
884 |
%changelog |
%changelog |
885 |
|
* Sat Nov 1 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-17.sme |
886 |
|
- Resync with upstream php53, which include (see [SME: 8633]) |
887 |
|
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 |
888 |
|
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 |
889 |
|
- core: fix integer overflow in unserialize() CVE-2014-3669 |
890 |
|
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 |
891 |
|
|
892 |
|
* Sat Oct 18 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-16.sme |
893 |
|
- Resync with upstream php53, which include (see [SME: 8574]) |
894 |
|
- spl: fix use-after-free in ArrayIterator due to object |
895 |
|
change during sorting. CVE-2014-4698 |
896 |
|
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670 |
897 |
|
- gd: fix NULL pointer dereference in gdImageCreateFromXpm. |
898 |
|
CVE-2014-2497 |
899 |
|
- fileinfo: fix incomplete fix for CVE-2012-1571 in |
900 |
|
cdf_read_property_info. CVE-2014-3587 |
901 |
|
- core: fix incomplete fix for CVE-2014-4049 DNS TXT |
902 |
|
record parsing. CVE-2014-3597 |
903 |
|
|
904 |
|
* Thu Aug 7 2014 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-15.sme |
905 |
|
- Resync with upstream php53, which include (see [SME: 8515]) |
906 |
|
- core: type confusion issue in phpinfo(). CVE-2014-4721 |
907 |
|
- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 |
908 |
|
- core: fix heap-based buffer overflow in DNS TXT record parsing. |
909 |
|
CVE-2014-4049 |
910 |
|
- core: unserialize() SPL ArrayObject / SPLObjectStorage type |
911 |
|
confusion flaw. CVE-2014-3515 |
912 |
|
- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 |
913 |
|
- fileinfo: unrestricted recursion in handling of indirect type |
914 |
|
rules. CVE-2014-1943 |
915 |
|
- fileinfo: out of bounds read in CDF parser. CVE-2012-1571 |
916 |
|
- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 |
917 |
|
- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 |
918 |
|
- fileinfo: cdf_unpack_summary_info() excessive looping |
919 |
|
DoS. CVE-2014-0237 |
920 |
|
- fileinfo: CDF property info parsing nelements infinite |
921 |
|
loop. CVE-2014-0238 |
922 |
|
|
923 |
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme |
* Mon Dec 16 2013 Daniel Berteaud <daniel@firewall-services.com> - 5.3.3-14.sme |
924 |
- Resync with upstream php53, which include: |
- Resync with upstream php53, which include (see [SME: 8064]) |
925 |
- add security fix for CVE-2013-6420 |
- add security fix for CVE-2013-6420 |
926 |
- add security fix for CVE-2013-4248 |
- add security fix for CVE-2013-4248 |
927 |
- add upstream reproducer for error_handler (#951075) |
- add upstream reproducer for error_handler (#951075) |
942 |
- fix setDate when DateTime created from timestamp (#869691) |
- fix setDate when DateTime created from timestamp (#869691) |
943 |
- fix permission on source files (#869688) |
- fix permission on source files (#869688) |
944 |
- add php(language) and missing provides (#837044) |
- add php(language) and missing provides (#837044) |
|
- |
|
945 |
- fix copy doesn't report failure on partial copy (#951413) |
- fix copy doesn't report failure on partial copy (#951413) |
946 |
|
|
947 |
* Mon Jul 15 2013 Shad L. Lords <slords@mail.com> - 5.3.3-13.sme.2 |
* Mon Jul 15 2013 Shad L. Lords <slords@mail.com> - 5.3.3-13.sme.2 |