From: Elan Ruusamäe Date: Fri, 17 Jun 2016 21:39:07 +0000 (+0300) Subject: up to 5.6.22; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093 X-Git-Tag: auto/th/php56-5.6.22-1 X-Git-Url: http://git.pld-linux.org/?p=packages%2Fphp.git;a=commitdiff_plain;h=52ff7089f6b9bdc7db85216e720c1edb69e84475 up to 5.6.22; fixes for CVE-2016-5096, CVE-2016-5094, CVE-2013-7456, CVE-2016-5093 Core: - Fixed bug #72172 (zend_hex_strtod should not use strlen). - Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096) - Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094) GD: - Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456) Intl: - Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). - Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093) Postgres: - Fixed bug #72151 (mysqli_fetch_object changed behaviour). Patch to #71820 is reverted. --- diff --git a/php.spec b/php.spec index 5e1a13b..75fe266 100644 --- a/php.spec +++ b/php.spec @@ -150,7 +150,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules. %undefine with_filter %endif -%define rel 4 +%define rel 1 %define orgname php %define ver_suffix 56 %define php_suffix %{!?with_default_php:%{ver_suffix}} @@ -161,7 +161,7 @@ Summary(pt_BR.UTF-8): A linguagem de script PHP Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері Name: %{orgname}%{php_suffix} -Version: 5.6.21 +Version: 5.6.22 Release: %{rel} Epoch: 4 # All files licensed under PHP version 3.01, except @@ -170,7 +170,7 @@ Epoch: 4 License: PHP 3.01 and Zend and BSD Group: Libraries Source0: http://www.php.net/distributions/%{orgname}-%{version}.tar.xz -# Source0-md5: 177c69d47024541739c439c9d9eb6ba5 +# Source0-md5: 19a5bcbddc105dfb29482ab779fcc795 Source2: %{orgname}-mod_%{orgname}.conf Source3: %{orgname}-cgi-fcgi.ini Source4: %{orgname}-apache.ini