fedora-cvs-commits@redhat.com
[Top] [All Lists]

rpms/php/FC-6 php-4.3.9-CVE-2007-0906-strreplace.patch, NONE, 1.1 php-4.

Subject: rpms/php/FC-6 php-4.3.9-CVE-2007-0906-strreplace.patch, NONE, 1.1 php-4.3.9-CVE-2007-0907.patch, NONE, 1.1 php-4.3.9-CVE-2007-0908.patch, NONE, 1.1 php-4.3.9-CVE-2007-0909-odbc.patch, NONE, 1.1 php-4.3.9-CVE-2007-0909-printf.patch, NONE, 1.1 php-4.3.9-CVE-2007-0988.patch, NONE, 1.1 php-5.1.6-CVE-2007-0906-imap.patch, NONE, 1.1 php-5.1.6-CVE-2007-0910.patch, NONE, 1.1 php.spec, 1.122, 1.123
From:
Date: Fri, 16 Feb 2007 11:11:01 -0500
Author: jorton

Update of /cvs/dist/rpms/php/FC-6
In directory cvs.devel.redhat.com:/tmp/cvs-serv17182

Modified Files:
        php.spec 
Added Files:
        php-4.3.9-CVE-2007-0906-strreplace.patch 
        php-4.3.9-CVE-2007-0907.patch php-4.3.9-CVE-2007-0908.patch 
        php-4.3.9-CVE-2007-0909-odbc.patch 
        php-4.3.9-CVE-2007-0909-printf.patch 
        php-4.3.9-CVE-2007-0988.patch 
        php-5.1.6-CVE-2007-0906-imap.patch 
        php-5.1.6-CVE-2007-0910.patch 
Log Message:
* Fri Feb 16 2007 Joe Orton <jorton@xxxxxxxxxx> 5.1.6-3.4.fc6
- add security fixes for: CVE-2007-0906, CVE-2007-0907, 
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)
- package /usr/share/php and append to default include_path (#225434)
- add php(api), php(zend-abi) provides (#221302)
- package /usr/share/php
- fix magic file used by mime-magic (Kir Kolyshkin, #177926)


php-4.3.9-CVE-2007-0906-strreplace.patch:
 string.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE php-4.3.9-CVE-2007-0906-strreplace.patch ---
--- php-4.3.9/ext/standard/string.c.cve0906-strreplace
+++ php-4.3.9/ext/standard/string.c
@@ -2506,7 +2506,7 @@
        }
        
        Z_STRLEN_P(result) = len + (char_count * (to_len - 1));
-       Z_STRVAL_P(result) = target = emalloc(Z_STRLEN_P(result) + 1);
+       Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len + 1);
        Z_TYPE_P(result) = IS_STRING;
        
        for (source = str; source < source_end; source++) {

php-4.3.9-CVE-2007-0907.patch:
 SAPI.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE php-4.3.9-CVE-2007-0907.patch ---
--- php-4.3.9/main/SAPI.c.cve0907
+++ php-4.3.9/main/SAPI.c
@@ -529,7 +529,7 @@
        header_line = estrndup(header_line, header_line_len);
 
        /* cut of trailing spaces, linefeeds and carriage-returns */
-       while(isspace(header_line[header_line_len-1])) 
+       while(header_line_len && isspace(header_line[header_line_len-1])) 
                  header_line[--header_line_len]='\0';
        
 

php-4.3.9-CVE-2007-0908.patch:
 wddx.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE php-4.3.9-CVE-2007-0908.patch ---
--- php-4.3.9/ext/wddx/wddx.c.cve0908
+++ php-4.3.9/ext/wddx/wddx.c
@@ -285,7 +285,7 @@
 
                        switch (hash_type) {
                                case HASH_KEY_IS_LONG:
-                                       sprintf(tmp, "%ld", idx);
+                                       key_length = sprintf(tmp, "%ld", idx) + 
1;
                                        key = tmp;
                                        /* fallthru */
                                case HASH_KEY_IS_STRING:

php-4.3.9-CVE-2007-0909-odbc.patch:
 php_odbc.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE php-4.3.9-CVE-2007-0909-odbc.patch ---
--- php-4.3.9/ext/odbc/php_odbc.c.cve0909-odbc
+++ php-4.3.9/ext/odbc/php_odbc.c
@@ -1980,12 +1980,12 @@
                                                RETURN_FALSE;
                                        }
                                        if (rc == SQL_SUCCESS_WITH_INFO)
-                                               
php_printf(buf,result->longreadlen);
+                                               PHPWRITE(buf, 
result->longreadlen);
                                        else if (result->values[i].vallen == 
SQL_NULL_DATA) {
                                                php_printf("<td>NULL</td>");
                                                break;
                                        } else {
-                                               php_printf(buf, 
result->values[i].vallen);
+                                               PHPWRITE(buf, 
result->values[i].vallen);
                                        }
                                        php_printf("</td>");
                                        break;

php-4.3.9-CVE-2007-0909-printf.patch:
 formatted_print.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletion(-)

--- NEW FILE php-4.3.9-CVE-2007-0909-printf.patch ---
--- php-4.3.9/ext/standard/formatted_print.c.cve0909-printf
+++ php-4.3.9/ext/standard/formatted_print.c
@@ -477,9 +477,10 @@
 {
        zval ***args, **z_format, **array;
        int argc, size = 240, inpos = 0, outpos = 0, temppos;
-       int alignment, width, precision, currarg, adjusting, argnum;
+       int alignment, currarg, adjusting;
        char *format, *result, padding;
        int always_sign;
+       long argnum, width, precision;
 
        argc = ZEND_NUM_ARGS();
 

php-4.3.9-CVE-2007-0988.patch:
 zend_hash.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

--- NEW FILE php-4.3.9-CVE-2007-0988.patch ---
--- php-4.3.9/Zend/zend_hash.c.zhash64
+++ php-4.3.9/Zend/zend_hash.c
@@ -178,11 +178,16 @@
 
        SET_INCONSISTENT(HT_OK);
 
-       while ((1U << i) < nSize) {
-               i++;
+       if (nSize >= 0x80000000) {
+               /* prevent overflow */
+               ht->nTableSize = 0x80000000;
+       } else {
+               while ((1U << i) < nSize) {
+                       i++;
+               }
+               ht->nTableSize = 1 << i;
        }
 
-       ht->nTableSize = 1 << i;
        ht->nTableMask = ht->nTableSize - 1;
        ht->pDestructor = pDestructor;
        ht->pListHead = NULL;

php-5.1.6-CVE-2007-0906-imap.patch:
 php_imap.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletion(-)

--- NEW FILE php-5.1.6-CVE-2007-0906-imap.patch ---
--- php-5.1.6/ext/imap/php_imap.c.cve0906-imap
+++ php-5.1.6/ext/imap/php_imap.c
@@ -62,6 +62,9 @@
 #define CRLF_LEN sizeof("\015\012") - 1
 #define PHP_EXPUNGE 32768
 #define PHP_IMAP_ADDRESS_SIZE_BUF 10
+#ifndef SENDBUFLEN
+#define SENDBUFLEN 16385
+#endif
 
 static void _php_make_header_object(zval *myzvalue, ENVELOPE *en TSRMLS_DC);
 static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
@@ -2915,7 +2918,7 @@
        BODY *bod=NULL, *topbod=NULL;
        PART *mypart=NULL, *part;
        PARAMETER *param, *disp_param = NULL, *custom_headers_param = NULL, 
*tmp_param = NULL;
-       char tmp[8 * MAILTMPLEN], *mystring=NULL, *t=NULL, *tempstring=NULL;
+       char tmp[SENDBUFLEN + 1], *mystring=NULL, *t=NULL, *tempstring=NULL;
        int toppart = 0;
 
        if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &envelope, &body) 
== FAILURE) {
@@ -3266,6 +3269,10 @@
                /* yucky default */
                        if (!cookie) {
                                cookie = "-";  
+                       } else if (strlen(cookie) > (sizeof(tmp) - 2 - 2)) {  
/* validate cookie length -- + CRLF */
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, 
"The boundary should be no longer then 4kb");
+                               RETVAL_FALSE;
+                               return; 
                        }
 
                /* for each part */

php-5.1.6-CVE-2007-0910.patch:
 session.c |   62 ++++++++++++++++++++++++++++++++++++++++++++++++--------------
 1 files changed, 48 insertions(+), 14 deletions(-)

--- NEW FILE php-5.1.6-CVE-2007-0910.patch ---
--- php-5.1.6/ext/session/session.c.cve0910
+++ php-5.1.6/ext/session/session.c
@@ -247,7 +247,7 @@
 
 static void php_rinit_session_globals(TSRMLS_D);
 static void php_rshutdown_session_globals(TSRMLS_D);
-static zend_bool php_session_destroy(TSRMLS_D);
+static int php_session_destroy(TSRMLS_D);
 
 zend_module_entry session_module_entry = {
        STANDARD_MODULE_HEADER,
@@ -291,9 +291,12 @@
        if (PG(register_globals)) {
                zval **sym_global = NULL;
                
-               zend_hash_find(&EG(symbol_table), name, namelen + 1, 
-                               (void *) &sym_global);
-                               
+               if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void 
*) &sym_global) == SUCCESS) {                            
+                       if ((Z_TYPE_PP(sym_global) == IS_ARRAY && 
Z_ARRVAL_PP(sym_global) == &EG(symbol_table)) || *sym_global == 
PS(http_session_vars)) {
+                               return;
+                       }
+               }
+
                if (sym_global == NULL && sym_track == NULL) {
                        zval *empty_var;
 
@@ -323,7 +326,10 @@
        if (PG(register_globals)) {
                zval **old_symbol;
                if (zend_hash_find(&EG(symbol_table),name,namelen+1,(void 
*)&old_symbol) == SUCCESS) { 
-                       
+                       if ((Z_TYPE_PP(old_symbol) == IS_ARRAY && 
Z_ARRVAL_PP(old_symbol) == &EG(symbol_table)) || *old_symbol == 
PS(http_session_vars)) {
+                               return;
+                       }
+
                        /* 
                         * A global symbol with the same name exists already. 
That
                         * symbol might have been created by other means (e.g. 
$_GET).
@@ -432,13 +438,26 @@
        PHP_VAR_UNSERIALIZE_INIT(var_hash);
 
        for (p = val; p < endptr; ) {
+               zval **tmp;
                namelen = *p & (~PS_BIN_UNDEF);
+
+               if (namelen > PS_BIN_MAX || (p + namelen) >= endptr) {
+                       return FAILURE;
+               }
+
                has_value = *p & PS_BIN_UNDEF ? 0 : 1;
 
                name = estrndup(p + 1, namelen);
-               
+
                p += namelen + 1;
-               
+
+               if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void 
**) &tmp) == SUCCESS) {
+                       if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == 
&EG(symbol_table)) || *tmp == PS(http_session_vars)) {
+                               efree(name);
+                               continue;
+                       }
+               }
+
                if (has_value) {
                        ALLOC_INIT_ZVAL(current);
                        if (php_var_unserialize(&current, (const unsigned char 
**) &p, endptr, &var_hash TSRMLS_CC)) {
@@ -504,6 +523,7 @@
        p = val;
 
        while (p < endptr) {
+               zval **tmp;
                q = p;
                while (*q != PS_DELIMITER)
                        if (++q >= endptr) goto break_outer_loop;
@@ -519,6 +539,12 @@
                name = estrndup(p, namelen);
                q++;
                
+               if (zend_hash_find(&EG(symbol_table), name, namelen + 1, (void 
**) &tmp) == SUCCESS) {
+                       if ((Z_TYPE_PP(tmp) == IS_ARRAY && Z_ARRVAL_PP(tmp) == 
&EG(symbol_table)) || *tmp == PS(http_session_vars)) {
+                               goto skip;
+                       }
+               }
+
                if (has_value) {
                        ALLOC_INIT_ZVAL(current);
                        if (php_var_unserialize(&current, (const unsigned char 
**) &q, endptr, &var_hash TSRMLS_CC)) {
@@ -527,8 +553,8 @@
                        zval_ptr_dtor(&current);
                }
                PS_ADD_VARL(name, namelen);
+skip:
                efree(name);
-               
                p = q;
        }
 break_outer_loop:
@@ -546,16 +572,20 @@
        zend_delete_global_variable("HTTP_SESSION_VARS", 
sizeof("HTTP_SESSION_VARS")-1 TSRMLS_CC);
        zend_delete_global_variable("_SESSION", sizeof("_SESSION")-1 TSRMLS_CC);
 
+       if (PS(http_session_vars)) {
+               zval_ptr_dtor(&PS(http_session_vars));
+       }
+
        MAKE_STD_ZVAL(session_vars);
        array_init(session_vars);
        PS(http_session_vars) = session_vars;
        
        if (PG(register_long_arrays)) {
-               ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", 
sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 2, 1);
-               ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), 
PS(http_session_vars), 2, 1);
+               ZEND_SET_GLOBAL_VAR_WITH_LENGTH("HTTP_SESSION_VARS", 
sizeof("HTTP_SESSION_VARS"), PS(http_session_vars), 3, 1);
+               ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), 
PS(http_session_vars), 3, 1);
        }
        else {
-               ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), 
PS(http_session_vars), 1, 0);
+               ZEND_SET_GLOBAL_VAR_WITH_LENGTH("_SESSION", sizeof("_SESSION"), 
PS(http_session_vars), 2, 1);
        }
 }
 
@@ -1250,9 +1280,9 @@
        }
 }
 
-static zend_bool php_session_destroy(TSRMLS_D)
+static int php_session_destroy(TSRMLS_D)
 {
-       zend_bool retval = SUCCESS;
+       int retval = SUCCESS;
 
        if (PS(session_status) != php_session_active) {
                php_error_docref(NULL TSRMLS_CC, E_WARNING, "Trying to destroy 
uninitialized session");
@@ -1472,7 +1502,7 @@
        zend_bool del_ses = 0;
 
        if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "|b", &del_ses) == 
FAILURE) {
-               WRONG_PARAM_COUNT;
+               return;
        }
 
        if (PS(session_status) == php_session_active) {
@@ -1763,6 +1793,10 @@
 
 static void php_rshutdown_session_globals(TSRMLS_D)
 {
+       if (PS(http_session_vars)) {
+               zval_ptr_dtor(&PS(http_session_vars));
+               PS(http_session_vars) = NULL;
+       }
        if (PS(mod_data)) {
                zend_try {
                        PS(mod)->s_close(&PS(mod_data) TSRMLS_CC);


Index: php.spec
===================================================================
RCS file: /cvs/dist/rpms/php/FC-6/php.spec,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -r1.122 -r1.123
--- php.spec    15 Dec 2006 15:35:57 -0000      1.122
+++ php.spec    16 Feb 2007 16:10:59 -0000      1.123
@@ -6,7 +6,7 @@
 Summary: The PHP HTML-embedded scripting language. (PHP: Hypertext 
Preprocessor)
 Name: php
 Version: 5.1.6
-Release: 3.3%{?dist}
+Release: 3.4%{?dist}
 License: The PHP License v3.01
 Group: Development/Languages
 URL: http://www.php.net/
@@ -14,6 +14,7 @@
 Source0: http://www.php.net/distributions/php-%{version}.tar.gz
 Source50: php.conf
 Source51: php.ini
+Source52: macros.php
 
 Patch1: php-5.1.4-gnusrc.patch
 Patch2: php-5.1.4-warnings.patch
@@ -22,6 +23,7 @@
 Patch7: php-4.3.2-libtool15.patch
 Patch13: php-5.0.2-phpize64.patch
 Patch14: php-5.1.6-ecalloc.patch
+Patch15: php-5.2.0-includedir.patch
 
 # Fixes for extension modules
 Patch21: php-4.3.1-odbc.patch
@@ -37,6 +39,14 @@
 
 # Security fixes
 Patch70: php-4.3.9-CVE-2006-5465.patch
+Patch71: php-5.1.6-CVE-2007-0906-imap.patch
+Patch72: php-4.3.9-CVE-2007-0906-strreplace.patch
+Patch73: php-4.3.9-CVE-2007-0907.patch
+Patch74: php-4.3.9-CVE-2007-0908.patch
+Patch75: php-4.3.9-CVE-2007-0909-odbc.patch
+Patch76: php-4.3.9-CVE-2007-0909-printf.patch
+Patch77: php-5.1.6-CVE-2007-0910.patch
+Patch78: php-4.3.9-CVE-2007-0988.patch
 
 BuildRoot: %{_tmppath}/%{name}-root
 
@@ -49,7 +59,6 @@
 Obsoletes: php-dbg, php3, phpfi, stronghold-php
 # Enforce Apache module ABI compatibility
 Requires: httpd-mmn = %(cat %{_includedir}/httpd/.mmn || echo 
missing-httpd-devel)
-Requires: file >= 4.0
 Provides: mod_php = %{version}-%{release}
 Requires: php-common = %{version}-%{release}
 # For backwards-compatibility, require php-cli for the time being:
@@ -81,6 +90,7 @@
 Group: Development/Languages
 Summary: Common files for PHP
 Provides: php-api = %{apiver}, php-zend-abi = %{zendver}
+Provides: php(api) = %{apiver}, php(zend-abi) = %{zendver}
 # Provides for all builtin modules:
 Provides: php-bz2, php-calendar, php-ctype, php-curl, php-date, php-exif
 Provides: php-ftp, php-gettext, php-gmp, php-hash, php-iconv, php-libxml
@@ -89,6 +99,8 @@
 Provides: php-spl, php-sysvsem, php-sysvshm, php-sysvmsg, php-tokenizer
 Provides: php-wddx, php-zlib
 Obsoletes: php-openssl
+# For mime-magic
+Requires: file
 
 %description common
 The php-common package contains files used by both the php
@@ -299,6 +311,7 @@
 %patch7 -p1 -b .libtool15
 %patch13 -p1 -b .phpize64
 %patch14 -p1 -b .ecalloc
+%patch15 -p1 -b .includedir
 
 %patch21 -p1 -b .odbc
 %patch22 -p1 -b .shutdown
@@ -310,6 +323,14 @@
 %patch51 -p1 -b .tests-wddx
 
 %patch70 -p1 -b .cve5465
+%patch71 -p1 -b .cve0906-imap
+%patch72 -p1 -b .cve0906-strreplace
+%patch73 -p1 -b .cve0907
+%patch74 -p1 -b .cve0908
+%patch75 -p1 -b .cve0909-odbc
+%patch76 -p1 -b .cve0909-printf
+%patch77 -p1 -b .cve0910
+%patch78 -p1 -b .cve0988
 
 # Prevent %%doc confusion over LICENSE files
 cp Zend/LICENSE Zend/ZEND_LICENSE
@@ -421,7 +442,7 @@
        --enable-calendar \
        --enable-dbx \
        --enable-dio \
-        --with-mime-magic=%{_sysconfdir}/httpd/conf/magic \
+        --with-mime-magic=%{_datadir}/file/magic \
         --without-sqlite \
         --with-libxml-dir=%{_prefix} \
        --with-xml \
@@ -514,8 +535,9 @@
 install -m 755 -d $RPM_BUILD_ROOT%{contentdir}/icons
 install -m 644    *.gif $RPM_BUILD_ROOT%{contentdir}/icons/
 
-# For PEAR packaging:
-install -m 755 -d $RPM_BUILD_ROOT%{_libdir}/php/pear
+# For third-party packaging:
+install -m 755 -d $RPM_BUILD_ROOT%{_libdir}/php/pear \
+                  $RPM_BUILD_ROOT%{_datadir}/php
 
 # Use correct libdir
 sed -i -e 's|%{_prefix}/lib|%{_libdir}|' $RPM_BUILD_ROOT%{_sysconfdir}/php.ini
@@ -561,6 +583,13 @@
 # isn't useful at this time since rpm itself requires sqlite.
 cat files.pdo_sqlite >> files.pdo
 
+# Install the macros file:
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/rpm
+sed -e 
"s/@PHP_APIVER@/%{apiver}/;s/@PHP_ZENDVER@/%{zendver}/;s/@PHP_PDOVER@/%{pdover}/"
 \
+    < $RPM_SOURCE_DIR/macros.php > macros.php
+install -m 644 -c macros.php \
+           $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.php
+
 # Remove unpackaged files
 rm -rf $RPM_BUILD_ROOT%{_libdir}/php/modules/*.a \
        $RPM_BUILD_ROOT%{_bindir}/{phptar} \
@@ -577,14 +606,14 @@
 %defattr(-,root,root)
 %{_libdir}/httpd/modules/libphp5.so
 %attr(0770,root,apache) %dir %{_localstatedir}/lib/php/session
-%config %{_sysconfdir}/httpd/conf.d/php.conf
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/php.conf
 %{contentdir}/icons/php.gif
 
 %files common
 %defattr(-,root,root)
 %doc CODING_STANDARDS CREDITS EXTENSIONS INSTALL LICENSE NEWS README*
 %doc Zend/ZEND_* gd_README TSRM_LICENSE regex_COPYRIGHT
-%config %{_sysconfdir}/php.ini
+%config(noreplace) %{_sysconfdir}/php.ini
 %dir %{_sysconfdir}/php.d
 %dir %{_libdir}/php
 %dir %{_libdir}/php/modules
@@ -605,6 +634,7 @@
 %{_libdir}/php/build
 %{_mandir}/man1/php-config.1*
 %{_mandir}/man1/phpize.1*
+%config %{_sysconfdir}/rpm/macros.php
 
 %files pgsql -f files.pgsql
 %files mysql -f files.mysql
@@ -623,6 +653,13 @@
 %files pdo -f files.pdo
 
 %changelog
+* Fri Feb 16 2007 Joe Orton <jorton@xxxxxxxxxx> 5.1.6-3.4.fc6
+- add security fixes for: CVE-2007-0906, CVE-2007-0907, 
+  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)
+- package /usr/share/php and append to default include_path (#225434)
+- add php(api), php(zend-abi) provides (#221302)
+- fix magic file used by mime-magic (Kir Kolyshkin, #177926)
+
 * Fri Dec 15 2006 Joe Orton <jorton@xxxxxxxxxx> 5.1.6-3.3.fc6
 - fix version for php-zend-abi (Remi Collet, #212804)
 - provide php-readline from php-cli

-- 
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits

<Prev in Thread] Current Thread [Next in Thread>
  • rpms/php/FC-6 php-4.3.9-CVE-2007-0906-strreplace.patch, NONE, 1.1 php-4.3.9-CVE-2007-0907.patch, NONE, 1.1 php-4.3.9-CVE-2007-0908.patch, NONE, 1.1 php-4.3.9-CVE-2007-0909-odbc.patch, NONE, 1.1 php-4.3.9-CVE-2007-0909-printf.patch, NONE, 1.1 php-4.3.9-CVE-2007-0988.patch, NONE, 1.1 php-5.1.6-CVE-2007-0906-imap.patch, NONE, 1.1 php-5.1.6-CVE-2007-0910.patch, NONE, 1.1 php.spec, 1.122, 1.123, fedora-cvs-commits <=