up to 5.5.36; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093...

- Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096)
- Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094)
- Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
- Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
- Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)

diff --git a/php.spec b/php.spec
index 736d7bda93a21462a5568a6ccbb74ecc065389a6..0ba9febe7e20c7e15927e3a163e59fe8197174ea 100644 (file)
--- a/php.spec
+++ b/php.spec
@@ -126,7 +126,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules.
 %undefine      with_filter
 %endif
 
-%define                rel     4
+%define                rel     1
 %define                orgname php
 %define                ver_suffix 55
 %define                php_suffix %{!?with_default_php:%{ver_suffix}}
@@ -137,7 +137,7 @@ Summary(pt_BR.UTF-8):       A linguagem de script PHP
 Summary(ru.UTF-8):     PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере
 Summary(uk.UTF-8):     PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері
 Name:          %{orgname}%{php_suffix}
-Version:       5.5.35
+Version:       5.5.36
 Release:       %{rel}%{?with_type_hints:.th}
 Epoch:         4
 # All files licensed under PHP version 3.01, except
@@ -146,7 +146,7 @@ Epoch:              4
 License:       PHP 3.01 and Zend and BSD
 Group:         Libraries
 Source0:       http://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5: 5b4af75b14f7e7d4941cafa1c6d26a33
+# Source0-md5: 1db93aa3a3cfd7cfe0f41f3697db35a4
 Source2:       %{orgname}-mod_%{orgname}.conf
 Source3:       %{orgname}-cgi-fcgi.ini
 Source4:       %{orgname}-apache.ini