--- rpms/php/sme8/php.spec 2011/09/13 14:05:18 1.4 +++ rpms/php/sme8/php.spec 2012/06/29 14:54:00 1.9 @@ -18,7 +18,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.3.3 -Release: 1%{?dist}.1.0 +Release: 13%{?dist} License: PHP and LGPLv2 and LGPLv2+ Group: Development/Languages URL: http://www.php.net/ @@ -51,13 +51,35 @@ Patch62: php-5.3.2-testfail.patch # Bug fixes Patch100: php-5.3.2-r305570.patch Patch101: php-5.3.3-r305043.patch +Patch102: php-5.3.3-varnegidx.patch # Fixes for security bugs Patch207: php-5.3.2-CVE-2010-3709.patch Patch208: php-5.3.2-CVE-2010-3870.patch -Patch209: php-5.3.3-CVE-2010-4156.patch +Patch209: php-5.3.2-CVE-2010-4645.patch Patch210: php-5.3.3-CVE-2010-3710.patch -Patch211: php-5.3.2-CVE-2010-4645.patch +Patch211: php-5.3.3-CVE-2010-4156.patch +Patch212: php-5.3.3-CVE-2011-0708.patch +Patch213: php-5.3.3-CVE-2011-1148.patch +Patch214: php-5.3.3-CVE-2011-1466.patch +Patch215: php-5.3.3-CVE-2011-1468.patch +Patch216: php-5.3.3-CVE-2011-1469.patch +Patch218: php-5.3.3-CVE-2011-1471.patch +Patch219: php-5.3.3-CVE-2011-1938.patch +Patch220: php-5.3.3-CVE-2011-2202.patch +Patch221: php-5.3.3-CVE-2011-2483.patch +Patch222: php-5.3.3-CVE-2011-4885.patch +Patch223: php-5.3.3-CVE-2011-4566.patch +Patch224: php-5.3.3-CVE-2012-0830.patch +Patch225: php-5.3.3-CVE-2012-1823.patch +Patch226: php-5.3.3-CVE-2012-2336.patch +Patch230: php-5.3.3-CVE-2011-4153.patch +Patch232: php-5.3.3-CVE-2012-1172.patch +Patch233: php-5.3.3-CVE-2012-2143.patch +Patch234: php-5.3.3-CVE-2012-2386.patch +Patch235: php-5.3.3-CVE-2012-0057.patch +Patch236: php-5.3.3-CVE-2012-0789.patch +Patch237: php-5.3.3-CVE-2010-2950.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -135,6 +157,7 @@ Summary: A module for PHP applications t Group: Development/Languages Requires: %{name}-common = %{version}-%{release} BuildRequires: krb5-devel, openssl-devel, libc-client-devel +Provides: php-imap = %{version}-%{release} %description imap The php-imap package contains a dynamic shared object that will @@ -145,6 +168,7 @@ Summary: A module for PHP applications t Group: Development/Languages Requires: %{name}-common = %{version}-%{release} BuildRequires: cyrus-sasl-devel, openldap-devel, openssl-devel +Provides: php-ldap = %{version}-%{release} %description ldap The php-ldap package is a dynamic shared object (DSO) for the Apache @@ -160,6 +184,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Provides: php-pdo-abi = %{pdover} Provides: php-pdo_sqlite +Provides: php-pdo = %{version}-%{release} %description pdo The %{name}-pdo package contains a dynamic shared object that will add @@ -173,6 +198,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release}, %{name}-pdo Provides: php_database, php-mysqli, php-pdo_mysql BuildRequires: mysql-devel >= 4.1.0 +Provides: php-mysql = %{version}-%{release} %description mysql The php-mysql package contains a dynamic shared object that will add @@ -187,6 +213,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release}, %{name}-pdo Provides: php_database, php-pdo_pgsql BuildRequires: krb5-devel, openssl-devel, postgresql-devel +Provides: php-pgsql = %{version}-%{release} %description pgsql The php-pgsql package includes a dynamic shared object (DSO) that can @@ -202,6 +229,7 @@ Summary: Modules for PHP script using sy Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Provides: php-posix, php-sysvsem, php-sysvshm, php-sysvmsg +Provides: php-process = %{version}-%{release} %description process The php-process package contains dynamic shared objects which add @@ -214,6 +242,7 @@ Requires: %{name}-common = %{version}-%{ Summary: A module for PHP applications that use ODBC databases Provides: php_database, php-pdo_odbc BuildRequires: unixODBC-devel +Provides: php-odbc = %{version}-%{release} %description odbc The php-odbc package contains a dynamic shared object that will add @@ -229,6 +258,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Summary: A module for PHP applications that use the SOAP protocol BuildRequires: libxml2-devel +Provides: php-soap = %{version}-%{release} %description soap The php-soap package contains a dynamic shared object that will add @@ -239,6 +269,7 @@ Summary: A module for PHP applications t Group: Development/Languages Requires: %{name}-common = %{version}-%{release}, net-snmp BuildRequires: net-snmp-devel +Provides: php-snmp = %{version}-%{release} %description snmp The php-snmp package contains a dynamic shared object that will add @@ -252,6 +283,8 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Provides: php-dom, php-xsl, php-domxml, php-wddx BuildRequires: libxslt-devel >= 1.0.18-1, libxml2-devel >= 2.4.14-1 +Obsoletes: php-domxml, php-dom +Provides: php-xml = %{version}-%{release} %description xml The php-xml package contains dynamic shared objects which add support @@ -262,6 +295,7 @@ and performing XSL transformations on XM Summary: A module for PHP applications which use the XML-RPC protocol Group: Development/Languages Requires: %{name}-common = %{version}-%{release} +Provides: php-xmlrpc = %{version}-%{release} %description xmlrpc The php-xmlrpc package contains a dynamic shared object that will add @@ -271,6 +305,7 @@ support for the XML-RPC protocol to PHP. Summary: A module for PHP applications which need multi-byte string handling Group: Development/Languages Requires: %{name}-common = %{version}-%{release} +Provides: php-mbstring = %{version}-%{release} %description mbstring The php-mbstring package contains a dynamic shared object that will add @@ -282,6 +317,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} # Required to build the bundled GD library BuildRequires: libXpm-devel, libjpeg-devel, libpng-devel, freetype-devel +Provides: php-gd = %{version}-%{release} %description gd The php-gd package contains a dynamic shared object that will add @@ -291,6 +327,7 @@ support for using the gd graphics librar Summary: A module for PHP applications for using the bcmath library Group: Development/Languages Requires: %{name}-common = %{version}-%{release} +Provides: php-bcmath = %{version}-%{release} %description bcmath The php-bcmath package contains a dynamic shared object that will add @@ -300,6 +337,7 @@ support for using the bcmath library to Summary: A database abstraction layer module for PHP applications Group: Development/Languages Requires: %{name}-common = %{version}-%{release} +Provides: php-dba = %{version}-%{release} %description dba The php-dba package contains a dynamic shared object that will add @@ -310,6 +348,7 @@ Summary: A module for PHP applications f Group: System Environment/Libraries Requires: %{name}-common = %{version}-%{release} BuildRequires: aspell-devel >= 0.50.0 +Provides: php-pspell = %{version}-%{release} %description pspell The php-pspell package contains a dynamic shared object that will add @@ -320,6 +359,7 @@ Summary: Internationalization extension Group: System Environment/Libraries Requires: %{name}-common = %{version}-%{release} BuildRequires: libicu-devel >= 3.6 +Provides: php-intl = %{version}-%{release} %description intl The php-intl package contains a dynamic shared object that will add @@ -345,13 +385,35 @@ support for using the ICU library to PHP %patch100 -p1 -b .r305570 %patch101 -p1 -b .r305043 +%patch102 -p1 -b .varnegidx %patch207 -p1 -b .cve3709 %patch208 -p1 -b .cve3870 - -%patch209 -p1 -b .cve4156 +%patch209 -p1 -b .cve4645 %patch210 -p1 -b .cve3710 -%patch211 -p1 -b .cve4645 +%patch211 -p1 -b .cve4156 +%patch212 -p1 -b .cve0708 +%patch213 -p1 -b .cve1148 +%patch214 -p1 -b .cve1466 +%patch215 -p1 -b .cve1468 +%patch216 -p1 -b .cve1469 +%patch218 -p1 -b .cve1471 +%patch219 -p1 -b .cve1938 +%patch220 -p1 -b .cve2202 +%patch221 -p1 -b .cve2483 +%patch222 -p1 -b .cve4885 +%patch223 -p1 -b .cve4566 +%patch224 -p1 -b .cve0830 +%patch225 -p1 -b .cve1823 +%patch226 -p1 -b .cve2336 + +%patch230 -p1 -b .cve4153 +%patch232 -p1 -b .cve1172 +%patch233 -p1 -b .cve2143 +%patch234 -p1 -b .cve2386 +%patch235 -p1 -b .cve0057 +%patch236 -p1 -b .cve0789 +%patch237 -p1 -b .cve2950 # Prevent %%doc confusion over LICENSE files cp -p Zend/LICENSE Zend/ZEND_LICENSE @@ -676,7 +738,7 @@ rm files.* macros.php %defattr(-,root,root) %doc CODING_STANDARDS CREDITS INSTALL LICENSE NEWS README* %doc Zend/ZEND_* TSRM_LICENSE regex_COPYRIGHT -%doc php.ini-* +%doc php.ini-production php.ini-development %config(noreplace) %{_sysconfdir}/php.ini %dir %{_sysconfdir}/php.d %dir %{_libdir}/php @@ -729,12 +791,45 @@ rm files.* macros.php %files process -f files.process %changelog -* Tue Sep 13 2011 Shad L. Lords - 5.3.3-1.1.0 +* Fri Jun 29 2012 Shad L. Lords - 5.3.3-13.sme +- Obsolete php-domxml and php-dom [SME: 6733] - Update Obsoletes and Conflicts [SME: 6436] -* Wed Jan 19 2011 Joe Orton - 5.3.3-1.1 -- add security fixes for CVE-2010-3710, CVE-2010-4156, - CVE-2010-4645 (#670463) +* Mon Jun 25 2012 Joe Orton - 5.3.3-13 +- add security fix for CVE-2010-2950 + +* Wed Jun 13 2012 Joe Orton - 5.3.3-11 +- fix tests for CVE-2012-2143, CVE-2012-0789 + +* Tue Jun 12 2012 Joe Orton - 5.3.3-10 +- add security fix for CVE-2012-2336 + +* Tue Jun 12 2012 Joe Orton - 5.3.3-9 +- add security fixes for CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, + CVE-2012-1172, CVE-2012-2143, CVE-2012-2386 + +* Thu May 3 2012 Joe Orton - 5.3.3-7 +- correct detection of = in CVE-2012-1823 fix (#818607) + +* Thu May 3 2012 Joe Orton - 5.3.3-6 +- add security fix for CVE-2012-1823 (#818607) + +* Thu Feb 2 2012 Joe Orton - 5.3.3-5 +- add security fix for CVE-2012-0830 (#786758) + +* Wed Jan 04 2012 Vojtech Vitek (V-Teq) - 5.3.3-4 +- remove extra php.ini-prod/devel files caused by %%patch -b + +* Tue Jan 03 2012 Vojtech Vitek (V-Teq) - 5.3.3-3 +- add security fixes for CVE-2011-4885, CVE-2011-4566 (#740734) + +* Fri Oct 28 2011 Joe Orton - 5.3.3-2 +- add php-$subpkg = V-R provides (#717158) +- add security fixes for CVE-2010-3710, CVE-2010-4156, CVE-2010-4645 (#670464) +- add security fixes for CVE-2011-2483, CVE-2011-0708, CVE-2011-1148, + CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, + CVE-2011-1938, CVE-2011-2202 (#740734) +- fix negative keys with var_export (#700724) * Wed Dec 1 2010 Joe Orton - 5.3.3-1 - update to 5.3.3 (#658315)