--- rpms/php/sme8/php.spec 2013/07/15 13:46:52 1.5.2.4 +++ rpms/php/sme8/php.spec 2014/11/01 13:01:52 1.17 @@ -15,10 +15,12 @@ # heuristic used by bindir/mysql_config. %define mysql_config %{_libdir}/mysql/mysql_config +%define _default_patch_fuzz 2 + Summary: PHP scripting language for creating dynamic web sites Name: php Version: 5.3.3 -Release: 13%{?dist}.1 +Release: 17%{?dist} License: PHP and LGPLv2 and LGPLv2+ Group: Development/Languages URL: http://www.php.net/ @@ -38,6 +40,12 @@ Patch8: php-5.3.3-aconf26x.patch # Fixes for extensions Patch20: php-4.3.11-shutdown.patch +Patch21: php-5.3.3-zipmemset.patch +Patch22: php-5.3.3-pdo-overflow.patch +Patch23: php-5.3.3-pdo-53551.patch +Patch24: php-5.3.3-fileinfo.patch +Patch25: php-5.3.3-imap.patch +Patch26: php-5.3.3-odbc.patch # Functional changes Patch40: php-5.0.4-dlopen.patch @@ -49,38 +57,73 @@ Patch61: php-5.0.4-tests-wddx.patch Patch62: php-5.3.2-testfail.patch # Bug fixes -Patch100: php-5.3.2-r305570.patch -Patch101: php-5.3.3-r305043.patch -Patch102: php-5.3.3-varnegidx.patch +Patch100: php-5.3.3-extrglob.patch +Patch101: php-5.3.3-varnegidx.patch +Patch102: php-5.3.3-setdate.patch +# 103 not needed (no php-fpm) +Patch104: php-5.3.3-zendgc.patch +Patch105: php-5.3.3-r305043.patch +Patch106: php-5.3.3-copy.patch +Patch107: php-5.3.3-errorhandler.patch +Patch108: php-5.3.3-bug54268.patch # Fixes for security bugs -Patch207: php-5.3.2-CVE-2010-3709.patch -Patch208: php-5.3.2-CVE-2010-3870.patch -Patch209: php-5.3.2-CVE-2010-4645.patch -Patch210: php-5.3.3-CVE-2010-3710.patch -Patch211: php-5.3.3-CVE-2010-4156.patch -Patch212: php-5.3.3-CVE-2011-0708.patch -Patch213: php-5.3.3-CVE-2011-1148.patch -Patch214: php-5.3.3-CVE-2011-1466.patch -Patch215: php-5.3.3-CVE-2011-1468.patch -Patch216: php-5.3.3-CVE-2011-1469.patch -Patch218: php-5.3.3-CVE-2011-1471.patch -Patch219: php-5.3.3-CVE-2011-1938.patch -Patch220: php-5.3.3-CVE-2011-2202.patch -Patch221: php-5.3.3-CVE-2011-2483.patch -Patch222: php-5.3.3-CVE-2011-4885.patch -Patch223: php-5.3.3-CVE-2011-4566.patch -Patch224: php-5.3.3-CVE-2012-0830.patch -Patch225: php-5.3.3-CVE-2012-1823.patch -Patch226: php-5.3.3-CVE-2012-2336.patch -Patch230: php-5.3.3-CVE-2011-4153.patch -Patch232: php-5.3.3-CVE-2012-1172.patch -Patch233: php-5.3.3-CVE-2012-2143.patch -Patch234: php-5.3.3-CVE-2012-2386.patch -Patch235: php-5.3.3-CVE-2012-0057.patch -Patch236: php-5.3.3-CVE-2012-0789.patch -Patch237: php-5.3.3-CVE-2010-2950.patch -Patch238: php-5.3.3-CVE-2013-4113.patch +Patch200: php-5.3.2-CVE-2010-3709.patch +Patch201: php-5.3.2-CVE-2010-3870.patch +Patch202: php-5.3.3-CVE-2010-3710.patch +Patch203: php-5.3.2-CVE-2010-4645.patch +Patch204: php-5.3.3-CVE-2010-4156.patch +Patch205: php-5.3.3-CVE-2011-0708.patch +Patch206: php-5.3.3-CVE-2011-1148.patch +Patch207: php-5.3.3-CVE-2011-1466.patch +Patch208: php-5.3.3-CVE-2011-1468.patch +Patch209: php-5.3.3-CVE-2011-1469.patch +# 210 not needed (not affected) +Patch211: php-5.3.3-CVE-2011-1471.patch +Patch212: php-5.3.3-CVE-2011-1938.patch +Patch213: php-5.3.3-CVE-2011-2202.patch +Patch214: php-5.3.3-CVE-2011-2483.patch +Patch215: php-5.3.3-CVE-2011-4885.patch +Patch216: php-5.3.3-CVE-2011-4566.patch +Patch217: php-5.3.3-CVE-2012-0830.patch +Patch218: php-5.3.3-CVE-2012-1823.patch +Patch219: php-5.3.3-CVE-2012-2336.patch +Patch220: php-5.3.3-CVE-2011-4153.patch +# 221 not needed (no php-tidy) +Patch222: php-5.3.3-CVE-2012-1172.patch +Patch223: php-5.3.3-CVE-2012-2143.patch +Patch224: php-5.3.3-CVE-2012-2386.patch +Patch225: php-5.3.3-CVE-2012-0057.patch +Patch226: php-5.3.3-CVE-2012-0789.patch +Patch227: php-5.3.3-CVE-2010-2950.patch +Patch228: php-5.3.3-CVE-2012-2688.patch +Patch229: php-5.3.3-CVE-2012-0831.patch +Patch230: php-5.3.3-CVE-2011-1398.patch +Patch231: php-5.3.3-CVE-2013-1643.patch +Patch232: php-5.3.3-CVE-2006-7243.patch +Patch233: php-5.3.3-CVE-2013-4113.patch +Patch234: php-5.3.3-CVE-2013-4248.patch +Patch235: php-5.3.3-CVE-2013-6420.patch +Patch236: php-5.3.3-CVE-2014-0237.patch +Patch237: php-5.3.3-CVE-2014-0238.patch +Patch238: php-5.3.3-CVE-2014-2270.patch +Patch239: php-5.3.3-CVE-2014-1943.patch +Patch240: php-5.3.3-CVE-2014-3479.patch +Patch241: php-5.3.3-CVE-2012-1571.patch +Patch242: php-5.3.3-CVE-2014-3480.patch +Patch243: php-5.3.3-CVE-2014-4721.patch +Patch244: php-5.3.3-CVE-2013-6712.patch +Patch245: php-5.3.3-CVE-2014-4049.patch +Patch246: php-5.3.3-CVE-2014-3515.patch +Patch247: php-5.3.3-CVE-2014-2497.patch +Patch248: php-5.3.3-CVE-2014-3587.patch +Patch249: php-5.3.3-CVE-2014-3597.patch +Patch250: php-5.3.3-CVE-2014-4698.patch +Patch251: php-5.3.3-CVE-2014-4670.patch +Patch252: php-5.3.3-CVE-2014-3668.patch +Patch253: php-5.3.3-CVE-2014-3669.patch +Patch254: php-5.3.3-CVE-2014-3670.patch +Patch255: php-5.3.3-CVE-2014-3710.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -91,6 +134,7 @@ BuildRequires: zlib-devel, pcre-devel >= BuildRequires: bzip2, perl, libtool >= 1.4.3, gcc-c++ Requires: httpd-mmn = %{httpd_mmn} Provides: mod_php = %{version}-%{release} +Provides: php53 = %{version}-%{release}, config(php53) = %{version}-%{release} Requires: %{name}-common = %{version}-%{release} # For backwards-compatibility, require php-cli for the time being: Requires: %{name}-cli = %{version}-%{release} @@ -112,7 +156,7 @@ language to Apache HTTP Server. Group: Development/Languages Summary: Command-line interface for PHP Requires: %{name}-common = %{version}-%{release} -Provides: php-cgi = %{version}-%{release}, php-cli = %{version}-%{release} +Provides: php-cgi = %{version}-%{release}, php53-cli = %{version}-%{release} Provides: php-pcntl %description cli @@ -124,18 +168,23 @@ Group: Development/Languages Summary: Common files for PHP Provides: php-api = %{apiver}, php-zend-abi = %{zendver} Provides: php(api) = %{apiver}, php(zend-abi) = %{zendver} -Conflicts: php-common +Provides: php(language) = %{version} # Provides for all builtin modules: Provides: php-bz2, php-calendar, php-ctype, php-curl, php-date, php-exif Provides: php-ftp, php-gettext, php-gmp, php-hash, php-iconv, php-libxml Provides: php-reflection, php-session, php-shmop, php-simplexml, php-sockets Provides: php-spl, php-tokenizer, php-openssl, php-pcre Provides: php-zlib, php-json, php-zip, php-fileinfo +Provides: php-core, php-ereg, php-filter, php-phar, php-standard +Provides: php53-common = %{version}-%{release}, config(php53-common) = %{version}-%{release} +Obsoletes: php-pecl-json, php-pecl-zip, php-pecl-phar, php-pecl-Fileinfo +Obsoletes: php-openssl, php-json # For obsoleted pecl extension Provides: php-pecl-json = %{jsonver}, php-pecl(json) = %{jsonver} Provides: php-pecl-zip = %{zipver}, php-pecl(zip) = %{zipver} Provides: php-pecl-phar = %{pharver}, php-pecl(phar) = %{pharver} Provides: php-pecl-Fileinfo = %{fileinfover}, php-pecl(Fileinfo) = %{fileinfover} +Obsoletes: php-pecl-json, php-pecl-zip, php-pecl-phar, php-pecl-Fileinfo %description common The %{name}-common package contains files used by both the php @@ -145,7 +194,7 @@ package and the php-cli package. Group: Development/Libraries Summary: Files needed for building PHP extensions Requires: %{name} = %{version}-%{release}, autoconf, automake -Provides: php-devel = %{version}-%{release} +Provides: php53-devel = %{version}-%{release}, config(php53-devel) = %{version}-%{release} %description devel The php-devel package contains the files needed for building PHP @@ -157,7 +206,7 @@ Summary: A module for PHP applications t Group: Development/Languages Requires: %{name}-common = %{version}-%{release} BuildRequires: krb5-devel, openssl-devel, libc-client-devel -Provides: php-imap = %{version}-%{release} +Provides: php53-imap = %{version}-%{release}, config(php53-imap) = %{version}-%{release} %description imap The php-imap package contains a dynamic shared object that will @@ -168,7 +217,7 @@ Summary: A module for PHP applications t Group: Development/Languages Requires: %{name}-common = %{version}-%{release} BuildRequires: cyrus-sasl-devel, openldap-devel, openssl-devel -Provides: php-ldap = %{version}-%{release} +Provides: php53-ldap = %{version}-%{release}, config(php53-ldap) = %{version}-%{release} %description ldap The php-ldap package is a dynamic shared object (DSO) for the Apache @@ -184,7 +233,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Provides: php-pdo-abi = %{pdover} Provides: php-pdo_sqlite -Provides: php-pdo = %{version}-%{release} +Provides: php53-pdo = %{version}-%{release}, config(php53-pdo) = %{version}-%{release} %description pdo The %{name}-pdo package contains a dynamic shared object that will add @@ -198,7 +247,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release}, %{name}-pdo Provides: php_database, php-mysqli, php-pdo_mysql BuildRequires: mysql-devel >= 4.1.0 -Provides: php-mysql = %{version}-%{release} +Provides: php53-mysql = %{version}-%{release}, config(php53-mysql) = %{version}-%{release} %description mysql The php-mysql package contains a dynamic shared object that will add @@ -213,7 +262,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release}, %{name}-pdo Provides: php_database, php-pdo_pgsql BuildRequires: krb5-devel, openssl-devel, postgresql-devel -Provides: php-pgsql = %{version}-%{release} +Provides: php53-pgsql = %{version}-%{release}, config(php53-pgsql) = %{version}-%{release} %description pgsql The php-pgsql package includes a dynamic shared object (DSO) that can @@ -229,7 +278,7 @@ Summary: Modules for PHP script using sy Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Provides: php-posix, php-sysvsem, php-sysvshm, php-sysvmsg -Provides: php-process = %{version}-%{release} +Provides: php53-process = %{version}-%{release}, config(php53-process) = %{version}-%{release} %description process The php-process package contains dynamic shared objects which add @@ -242,7 +291,7 @@ Requires: %{name}-common = %{version}-%{ Summary: A module for PHP applications that use ODBC databases Provides: php_database, php-pdo_odbc BuildRequires: unixODBC-devel -Provides: php-odbc = %{version}-%{release} +Provides: php53-odbc = %{version}-%{release}, config(php53-odbc) = %{version}-%{release} %description odbc The php-odbc package contains a dynamic shared object that will add @@ -258,7 +307,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Summary: A module for PHP applications that use the SOAP protocol BuildRequires: libxml2-devel -Provides: php-soap = %{version}-%{release} +Provides: php53-soap = %{version}-%{release}, config(php53-soap) = %{version}-%{release} %description soap The php-soap package contains a dynamic shared object that will add @@ -269,7 +318,7 @@ Summary: A module for PHP applications t Group: Development/Languages Requires: %{name}-common = %{version}-%{release}, net-snmp BuildRequires: net-snmp-devel -Provides: php-snmp = %{version}-%{release} +Provides: php53-snmp = %{version}-%{release}, config(php53-snmp) = %{version}-%{release} %description snmp The php-snmp package contains a dynamic shared object that will add @@ -283,7 +332,8 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} Provides: php-dom, php-xsl, php-domxml, php-wddx BuildRequires: libxslt-devel >= 1.0.18-1, libxml2-devel >= 2.4.14-1 -Provides: php-xml = %{version}-%{release} +Obsoletes: php-domxml, php-dom +Provides: php53-xml = %{version}-%{release}, config(php53-xml) = %{version}-%{release} %description xml The php-xml package contains dynamic shared objects which add support @@ -294,7 +344,7 @@ and performing XSL transformations on XM Summary: A module for PHP applications which use the XML-RPC protocol Group: Development/Languages Requires: %{name}-common = %{version}-%{release} -Provides: php-xmlrpc = %{version}-%{release} +Provides: php53-xmlrpc = %{version}-%{release}, config(php53-xmlrpc) = %{version}-%{release} %description xmlrpc The php-xmlrpc package contains a dynamic shared object that will add @@ -304,7 +354,7 @@ support for the XML-RPC protocol to PHP. Summary: A module for PHP applications which need multi-byte string handling Group: Development/Languages Requires: %{name}-common = %{version}-%{release} -Provides: php-mbstring = %{version}-%{release} +Provides: php53-mbstring = %{version}-%{release}, config(php53-mbstring) = %{version}-%{release} %description mbstring The php-mbstring package contains a dynamic shared object that will add @@ -316,7 +366,7 @@ Group: Development/Languages Requires: %{name}-common = %{version}-%{release} # Required to build the bundled GD library BuildRequires: libXpm-devel, libjpeg-devel, libpng-devel, freetype-devel -Provides: php-gd = %{version}-%{release} +Provides: php53-gd = %{version}-%{release}, config(php53-gd) = %{version}-%{release} %description gd The php-gd package contains a dynamic shared object that will add @@ -326,7 +376,7 @@ support for using the gd graphics librar Summary: A module for PHP applications for using the bcmath library Group: Development/Languages Requires: %{name}-common = %{version}-%{release} -Provides: php-bcmath = %{version}-%{release} +Provides: php53-bcmath = %{version}-%{release}, config(php53-bcmath) = %{version}-%{release} %description bcmath The php-bcmath package contains a dynamic shared object that will add @@ -336,7 +386,7 @@ support for using the bcmath library to Summary: A database abstraction layer module for PHP applications Group: Development/Languages Requires: %{name}-common = %{version}-%{release} -Provides: php-dba = %{version}-%{release} +Provides: php53-dba = %{version}-%{release}, config(php53-dba) = %{version}-%{release} %description dba The php-dba package contains a dynamic shared object that will add @@ -347,7 +397,7 @@ Summary: A module for PHP applications f Group: System Environment/Libraries Requires: %{name}-common = %{version}-%{release} BuildRequires: aspell-devel >= 0.50.0 -Provides: php-pspell = %{version}-%{release} +Provides: php53-pspell = %{version}-%{release}, config(php53-pspell) = %{version}-%{release} %description pspell The php-pspell package contains a dynamic shared object that will add @@ -358,7 +408,7 @@ Summary: Internationalization extension Group: System Environment/Libraries Requires: %{name}-common = %{version}-%{release} BuildRequires: libicu-devel >= 3.6 -Provides: php-intl = %{version}-%{release} +Provides: php53-intl = %{version}-%{release}, config(php53-intl) = %{version}-%{release} %description intl The php-intl package contains a dynamic shared object that will add @@ -374,6 +424,12 @@ support for using the ICU library to PHP %patch8 -p1 -b .aconf26x %patch20 -p1 -b .shutdown +%patch21 -p1 -b .zipmemset +%patch22 -p1 -b .pdooverflow +%patch23 -p1 -b .pdo53551 +%patch24 -p1 -b .streams +%patch25 -p1 -b .imapauth +%patch26 -p1 -b .pdoodbc %patch40 -p1 -b .dlopen %patch41 -p1 -b .easter @@ -382,38 +438,71 @@ support for using the ICU library to PHP %patch61 -p1 -b .tests-wddx %patch62 -p1 -b .testfail -%patch100 -p1 -b .r305570 -%patch101 -p1 -b .r305043 -%patch102 -p1 -b .varnegidx - -%patch207 -p1 -b .cve3709 -%patch208 -p1 -b .cve3870 -%patch209 -p1 -b .cve4645 -%patch210 -p1 -b .cve3710 -%patch211 -p1 -b .cve4156 -%patch212 -p1 -b .cve0708 -%patch213 -p1 -b .cve1148 -%patch214 -p1 -b .cve1466 -%patch215 -p1 -b .cve1468 -%patch216 -p1 -b .cve1469 -%patch218 -p1 -b .cve1471 -%patch219 -p1 -b .cve1938 -%patch220 -p1 -b .cve2202 -%patch221 -p1 -b .cve2483 -%patch222 -p1 -b .cve4885 -%patch223 -p1 -b .cve4566 -%patch224 -p1 -b .cve0830 -%patch225 -p1 -b .cve1823 -%patch226 -p1 -b .cve2336 - -%patch230 -p1 -b .cve4153 -%patch232 -p1 -b .cve1172 -%patch233 -p1 -b .cve2143 -%patch234 -p1 -b .cve2386 -%patch235 -p1 -b .cve0057 -%patch236 -p1 -b .cve0789 -%patch237 -p1 -b .cve2950 -%patch238 -p1 -b .cve4113 +%patch100 -p1 -b .extrglob +%patch101 -p1 -b .varnegidx +%patch102 -p1 -b .setdate + +%patch104 -p1 -b .zendgc +%patch105 -p1 -b .r305043 +%patch106 -p1 -b .copy +%patch107 -p1 -b .errorhandler +%patch108 -p1 -b .bug54268 + +%patch200 -p1 -b .cve3709 +%patch201 -p1 -b .cve3870 +%patch202 -p1 -b .cve4645 +%patch203 -p1 -b .cve3710 +%patch204 -p1 -b .cve4156 +%patch205 -p1 -b .cve0708 +%patch206 -p1 -b .cve1148 +%patch207 -p1 -b .cve1466 +%patch208 -p1 -b .cve1468 +%patch209 -p1 -b .cve1469 +%patch211 -p1 -b .cve1471 +%patch212 -p1 -b .cve1938 +%patch213 -p1 -b .cve2202 +%patch214 -p1 -b .cve2483 +%patch215 -p1 -b .cve4885 +%patch216 -p1 -b .cve4566 +%patch217 -p1 -b .cve0830 +%patch218 -p1 -b .cve1823 +%patch219 -p1 -b .cve2336 + +%patch220 -p1 -b .cve4153 +%patch222 -p1 -b .cve1172 +%patch223 -p1 -b .cve2143 +%patch224 -p1 -b .cve2386 +%patch225 -p1 -b .cve0057 +%patch226 -p1 -b .cve0789 +%patch227 -p1 -b .cve2950 +%patch228 -p1 -b .cve2688 +%patch229 -p1 -b .cve0831 +%patch230 -p1 -b .cve1398 +%patch231 -p1 -b .cve1643 +%patch232 -p1 -b .cve7243 +%patch233 -p1 -b .cve4113 +%patch234 -p1 -b .cve4248 +%patch235 -p1 -b .cve6420 +%patch236 -p1 -b .cve0237 +%patch237 -p1 -b .cve0238 +%patch238 -p1 -b .cve2270 +%patch239 -p1 -b .cve1943 +%patch240 -p1 -b .cve3479 +%patch241 -p1 -b .cve1571 +%patch242 -p1 -b .cve3480 +%patch243 -p1 -b .cve4721 +%patch244 -p1 -b .cve6712 +%patch245 -p1 -b .cve4049 +%patch246 -p1 -b .cve3515 +%patch247 -p1 -b .cve2497 +%patch248 -p1 -b .cve3587 +%patch249 -p1 -b .cve3597 +%patch250 -p1 -b .cve4698 +%patch251 -p1 -b .cve4670 +%patch252 -p1 -b .cve3668 +%patch253 -p1 -b .cve3669 +%patch254 -p1 -b .cve3670 +%patch255 -p1 -b .cve3710 # Prevent %%doc confusion over LICENSE files cp -p Zend/LICENSE Zend/ZEND_LICENSE @@ -489,6 +578,7 @@ fi # Fix some bogus permissions find . -name \*.[ch] -exec chmod 644 {} \; +find . -name \*.cpp -exec chmod 644 {} \; chmod 644 README.* %build @@ -710,6 +800,7 @@ cat files.json files.zip files.curl file install -d $RPM_BUILD_ROOT%{_sysconfdir}/rpm # %{SOURCE3} used here -> sed -e "s/@PHP_APIVER@/%{apiver}/;s/@PHP_ZENDVER@/%{zendver}/;s/@PHP_PDOVER@/%{pdover}/" \ + -e "s/@PHP_VERSION@/%{version}/" \ < $RPM_SOURCE_DIR/macros.php > macros.php install -m 644 -c macros.php \ $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.php @@ -791,6 +882,73 @@ rm files.* macros.php %files process -f files.process %changelog +* Sat Nov 1 2014 Daniel Berteaud - 5.3.3-17.sme +- Resync with upstream php53, which include (see [SME: 8633]) +- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710 +- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668 +- core: fix integer overflow in unserialize() CVE-2014-3669 +- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670 + +* Sat Oct 18 2014 Daniel Berteaud - 5.3.3-16.sme +- Resync with upstream php53, which include (see [SME: 8574]) +- spl: fix use-after-free in ArrayIterator due to object + change during sorting. CVE-2014-4698 +- spl: fix use-after-free in SPL Iterators. CVE-2014-4670 +- gd: fix NULL pointer dereference in gdImageCreateFromXpm. + CVE-2014-2497 +- fileinfo: fix incomplete fix for CVE-2012-1571 in + cdf_read_property_info. CVE-2014-3587 +- core: fix incomplete fix for CVE-2014-4049 DNS TXT + record parsing. CVE-2014-3597 + +* Thu Aug 7 2014 Daniel Berteaud - 5.3.3-15.sme +- Resync with upstream php53, which include (see [SME: 8515]) +- core: type confusion issue in phpinfo(). CVE-2014-4721 +- date: fix heap-based buffer over-read in DateInterval. CVE-2013-6712 +- core: fix heap-based buffer overflow in DNS TXT record parsing. + CVE-2014-4049 +- core: unserialize() SPL ArrayObject / SPLObjectStorage type + confusion flaw. CVE-2014-3515 +- fileinfo: out-of-bounds memory access in fileinfo. CVE-2014-2270 +- fileinfo: unrestricted recursion in handling of indirect type + rules. CVE-2014-1943 +- fileinfo: out of bounds read in CDF parser. CVE-2012-1571 +- fileinfo: cdf_check_stream_offset boundary check. CVE-2014-3479 +- fileinfo: cdf_count_chain insufficient boundary check. CVE-2014-3480 +- fileinfo: cdf_unpack_summary_info() excessive looping + DoS. CVE-2014-0237 +- fileinfo: CDF property info parsing nelements infinite + loop. CVE-2014-0238 + +* Mon Dec 16 2013 Daniel Berteaud - 5.3.3-14.sme +- Resync with upstream php53, which include (see [SME: 8064]) +- add security fix for CVE-2013-6420 +- add security fix for CVE-2013-4248 +- add upstream reproducer for error_handler (#951075) +- add security fixes for CVE-2006-7243 +- add security fixes for CVE-2012-2688, CVE-2012-0831, + CVE-2011-1398, CVE-2013-1643 +- fix segfault in error_handler with + allow_call_time_pass_reference = Off (#951075) +- fix double free when destroy_zend_class fails (#951076) +- fix possible buffer overflow in pdo_odbc (#869694) +- php script hangs when it exceeds max_execution_time + when inside an ODBC call (#864954) +- fix zend garbage collector (#892695) +- fix transposed memset arguments in libzip (#953818) +- fix possible segfault in pdo_mysql (#869693) +- fix imap_open DISABLE_AUTHENTICATOR param ignores array (#859369) +- fix stream support in fileinfo (#869697) +- fix setDate when DateTime created from timestamp (#869691) +- fix permission on source files (#869688) +- add php(language) and missing provides (#837044) +- fix copy doesn't report failure on partial copy (#951413) + +* Mon Jul 15 2013 Shad L. Lords - 5.3.3-13.sme.2 +- Add php53-* provides to provide compatibility +- Obsolete php-domxml and php-dom [SME: 6733] +- Update Obsoletes and Conflicts [SME: 6436] + * Fri Jul 12 2013 Remi Collet - 5.3.3-13.1 - add security fix for CVE-2013-4113