diff --git a/.gitignore b/.gitignore
index 4d8e21c..bc3d9be 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/php-7.2.11.tar.xz
+SOURCES/php-7.2.24.tar.xz
diff --git a/.php.metadata b/.php.metadata
index 296c37f..6c8d691 100644
--- a/.php.metadata
+++ b/.php.metadata
@@ -1 +1 @@
-4fd355950fdbe39cdab1b2bac03f25160bd441ec SOURCES/php-7.2.11.tar.xz
+d31628bdc89a724a2a0950c2ed7d79b40cf489a7 SOURCES/php-7.2.24.tar.xz
diff --git a/SOURCES/php-7.2.11-CVE-2019-11043.patch b/SOURCES/php-7.2.11-CVE-2019-11043.patch
deleted file mode 100644
index bb96251..0000000
--- a/SOURCES/php-7.2.11-CVE-2019-11043.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 7a990257a05c725d53ca91bc9d080c99102f4e5e Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <stas@php.net>
-Date: Mon, 21 Oct 2019 13:17:09 -0700
-Subject: [PATCH] Merge branch 'PHP-7.1' into PHP-7.2
-
-* PHP-7.1:
-  Fix bug #78599 (env_path_info underflow can lead to RCE) (CVE-2019-11043)
-  bump versions after release
-  set versions for release
----
- sapi/fpm/fpm/fpm_main.c                       |  4 +-
- .../tests/bug78599-path-info-underflow.phpt   | 61 +++++++++++++++++++
- sapi/fpm/tests/tester.inc                     | 11 +++-
- 3 files changed, 72 insertions(+), 4 deletions(-)
- create mode 100644 sapi/fpm/tests/bug78599-path-info-underflow.phpt
-
-diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
-index f0cc3a07a485..b0e6226d9ad8 100644
---- a/sapi/fpm/fpm/fpm_main.c
-+++ b/sapi/fpm/fpm/fpm_main.c
-@@ -1209,8 +1209,8 @@ static void init_request_info(void)
- 								path_info = script_path_translated + ptlen;
- 								tflag = (slen != 0 && (!orig_path_info || strcmp(orig_path_info, path_info) != 0));
- 							} else {
--								path_info = env_path_info ? env_path_info + pilen - slen : NULL;
--								tflag = (orig_path_info != path_info);
-+								path_info = (env_path_info && pilen > slen) ? env_path_info + pilen - slen : NULL;
-+								tflag = path_info && (orig_path_info != path_info);
- 							}
- 
- 							if (tflag) {
-diff --git a/sapi/fpm/tests/bug78599-path-info-underflow.phpt b/sapi/fpm/tests/bug78599-path-info-underflow.phpt
-new file mode 100644
-index 000000000000..edd4e0d49699
---- /dev/null
-+++ b/sapi/fpm/tests/bug78599-path-info-underflow.phpt
-@@ -0,0 +1,61 @@
-+--TEST--
-+FPM: bug78599 - env_path_info underflow - CVE-2019-11043
-+--SKIPIF--
-+<?php include "skipif.inc"; ?>
-+--FILE--
-+<?php
-+
-+require_once "tester.inc";
-+
-+$cfg = <<<EOT
-+[global]
-+error_log = {{FILE:LOG}}
-+[unconfined]
-+listen = {{ADDR}}
-+pm = dynamic
-+pm.max_children = 5
-+pm.start_servers = 1
-+pm.min_spare_servers = 1
-+pm.max_spare_servers = 3
-+EOT;
-+
-+$code = <<<EOT
-+<?php
-+echo "Test Start\n";
-+var_dump(\$_SERVER["PATH_INFO"]);
-+echo "Test End\n";
-+EOT;
-+
-+$tester = new FPM\Tester($cfg, $code);
-+$tester->start();
-+$tester->expectLogStartNotices();
-+$uri = $tester->makeSourceFile();
-+$tester
-+    ->request(
-+        '',
-+        [
-+            'SCRIPT_FILENAME' => $uri . "/" . str_repeat('A', 35),
-+            'PATH_INFO'       => '',
-+            'HTTP_HUI'        => str_repeat('PTEST', 1000),
-+        ],
-+        $uri
-+    )
-+    ->expectBody(
-+        [
-+            'Test Start',
-+            'string(0) ""',
-+            'Test End'
-+        ]
-+    );
-+$tester->terminate();
-+$tester->close();
-+
-+?>
-+Done
-+--EXPECT--
-+Done
-+--CLEAN--
-+<?php
-+require_once "tester.inc";
-+FPM\Tester::clean();
-+?>
-diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc
-index 70c03ad70f1c..3b6702866cc1 100644
---- a/sapi/fpm/tests/tester.inc
-+++ b/sapi/fpm/tests/tester.inc
-@@ -513,7 +513,7 @@ class Tester
-             return new Response(null, true);
-         }
-         if (is_null($uri)) {
--            $uri = $this->makeFile('src.php', $this->code);
-+            $uri = $this->makeSourceFile();
-         }
- 
-         $params = array_merge(
-@@ -538,7 +538,6 @@ class Tester
-             ],
-             $headers
-         );
--
-         try {
-             $this->response = new Response(
-                 $this->getClient($address, $connKeepAlive)->request_data($params, false)
-@@ -944,6 +943,14 @@ class Tester
-         return $filePath;
-     }
- 
-+    /**
-+     * @return string
-+     */
-+    public function makeSourceFile()
-+    {
-+        return $this->makeFile('src.php', $this->code);
-+    }
-+
-     /**
-      * @param string|null $msg
-      */
diff --git a/SOURCES/php-5.4.0-phpize.patch b/SOURCES/php-7.2.12-phpize.patch
similarity index 60%
rename from SOURCES/php-5.4.0-phpize.patch
rename to SOURCES/php-7.2.12-phpize.patch
index e666e45..77913a5 100644
--- a/SOURCES/php-5.4.0-phpize.patch
+++ b/SOURCES/php-7.2.12-phpize.patch
@@ -1,6 +1,7 @@
---- php-5.4.0RC5/scripts/phpize.in.orig	2012-01-18 17:13:54.018022983 +0100
-+++ php-5.4.0RC5/scripts/phpize.in	2012-01-18 17:14:40.614024941 +0100
-@@ -162,6 +162,15 @@
+diff -up php-7.2.12RC1/scripts/phpize.in.headers php-7.2.12RC1/scripts/phpize.in
+--- php-7.2.12RC1/scripts/phpize.in.headers	2018-10-23 11:47:43.000000000 +0200
++++ php-7.2.12RC1/scripts/phpize.in	2018-10-23 11:49:51.651818777 +0200
+@@ -162,6 +162,15 @@ phpize_autotools()
    $PHP_AUTOHEADER || exit 1
  }
  
@@ -15,8 +16,8 @@
 +
  # Main script
  
- case "$1" in 
-@@ -180,12 +189,15 @@
+ case "$1" in
+@@ -180,12 +189,15 @@ case "$1" in
  
    # Version
    --version|-v)
diff --git a/SOURCES/php-7.2.3-systzdata-v16.patch b/SOURCES/php-7.2.16-systzdata-v17.patch
similarity index 95%
rename from SOURCES/php-7.2.3-systzdata-v16.patch
rename to SOURCES/php-7.2.16-systzdata-v17.patch
index e488beb..640bff2 100644
--- a/SOURCES/php-7.2.3-systzdata-v16.patch
+++ b/SOURCES/php-7.2.16-systzdata-v17.patch
@@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather
 than embedding a copy.  Discussed upstream but was not desired.
 
 History:
+r17: adapt for autotool change in 7.2.16RC1
 r16: adapt for timelib 2017.06 (in 7.2.3RC1)
 r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1)
 r14: improve check for valid tz file
@@ -27,9 +28,32 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
 r2: add filesystem trawl to set up name alias index
 r1: initial revision
 
-diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/lib/parse_tz.c
---- php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata	2018-02-13 20:18:34.000000000 +0100
-+++ php-7.2.3RC1/ext/date/lib/parse_tz.c	2018-02-14 06:14:23.484804852 +0100
+diff -up php-7.2.16RC1/ext/date/config0.m4.systzdata php-7.2.16RC1/ext/date/config0.m4
+--- php-7.2.16RC1/ext/date/config0.m4.systzdata	2019-02-19 11:22:22.223741585 +0100
++++ php-7.2.16RC1/ext/date/config0.m4	2019-02-19 11:23:05.089111556 +0100
+@@ -10,6 +10,19 @@ io.h
+ dnl Check for strtoll, atoll
+ AC_CHECK_FUNCS(strtoll atoll)
+ 
++PHP_ARG_WITH(system-tzdata, for use of system timezone data,
++[  --with-system-tzdata[=DIR]      to specify use of system timezone data],
++no, no)
++
++if test "$PHP_SYSTEM_TZDATA" != "no"; then
++   AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
++
++   if test "$PHP_SYSTEM_TZDATA" != "yes"; then
++      AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
++                         [Define for location of system timezone data])
++   fi
++fi
++
+ PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
+ timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
+                  lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
+diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/lib/parse_tz.c
+--- php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata	2019-02-19 11:13:22.000000000 +0100
++++ php-7.2.16RC1/ext/date/lib/parse_tz.c	2019-02-19 11:19:40.245313535 +0100
 @@ -25,8 +25,21 @@
  #include "timelib.h"
  #include "timelib_private.h"
@@ -632,23 +656,3 @@ diff -up php-7.2.3RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.3RC1/ext/date/li
  	} else {
  		*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
  		tmp = NULL;
-diff -up php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata php-7.2.3RC1/ext/date/lib/timelib.m4
---- php-7.2.3RC1/ext/date/lib/timelib.m4.systzdata	2018-02-13 20:18:34.000000000 +0100
-+++ php-7.2.3RC1/ext/date/lib/timelib.m4	2018-02-14 06:11:54.273089963 +0100
-@@ -81,3 +81,16 @@ io.h
- 
- dnl Check for strtoll, atoll
- AC_CHECK_FUNCS(strtoll atoll strftime gettimeofday)
-+
-+PHP_ARG_WITH(system-tzdata, for use of system timezone data,
-+[  --with-system-tzdata[=DIR]      to specify use of system timezone data],
-+no, no)
-+
-+if test "$PHP_SYSTEM_TZDATA" != "no"; then
-+   AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
-+
-+   if test "$PHP_SYSTEM_TZDATA" != "yes"; then
-+      AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
-+                         [Define for location of system timezone data])
-+   fi
-+fi
diff --git a/SPECS/php.spec b/SPECS/php.spec
index 535f6c2..ec4b1b3 100644
--- a/SPECS/php.spec
+++ b/SPECS/php.spec
@@ -60,13 +60,12 @@
 %global with_tidy     0
 %endif
 
-%global upver        7.2.11
-#global rcver        RC1
+%global upver        7.2.24
 
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 4%{?dist}
+Release: 1%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -101,9 +100,9 @@ Patch8: php-7.2.0-libdb.patch
 
 # Functional changes
 Patch40: php-7.2.4-dlopen.patch
-Patch42: php-7.2.3-systzdata-v16.patch
+Patch42: php-7.2.16-systzdata-v17.patch
 # See http://bugs.php.net/53436
-Patch43: php-5.4.0-phpize.patch
+Patch43: php-7.2.12-phpize.patch
 # Use -lldap_r for OpenLDAP
 Patch45: php-7.2.3-ldap_r.patch
 # Make php_config.h constant across builds
@@ -116,7 +115,6 @@ Patch48: php-7.2.7-getallheaders.patch
 # Upstream fixes (100+)
 
 # Security fixes (200+)
-Patch200: php-7.2.11-CVE-2019-11043.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -603,7 +601,7 @@ Provides: php-pdo_dblib, php-pdo_dblib%{?_isa}
 %description pdo-dblib
 The php-pdo-dblib package contains a dynamic shared object
 that implements the PHP Data Objects (PDO) interface to enable access from
-PHP to Microsoft SQL Server and Sybase databases through the FreeTDS libary.
+PHP to Microsoft SQL Server and Sybase databases through the FreeTDS library.
 %endif
 
 %package embedded
@@ -719,7 +717,6 @@ low-level PHP extension for the libsodium cryptographic library.
 # upstream patches
 
 # security patches
-%patch200 -p1 -b .cve11043
 
 # Fixes for tests
 %patch300 -p1 -b .datetests
@@ -753,8 +750,13 @@ mkdir build-cgi build-apache build-embedded \
 rm ext/date/tests/timezone_location_get.phpt
 rm ext/date/tests/timezone_version_get.phpt
 rm ext/date/tests/timezone_version_get_basic1.phpt
+rm ext/date/tests/bug33414-1.phpt
+rm ext/date/tests/bug33415-2.phpt
+rm ext/date/tests/date_modify-1.phpt
 # fails sometime
+rm ext/date/tests/bug73837.phpt
 rm ext/sockets/tests/mcast_ipv?_recv.phpt
+rm sapi/cli/tests/upload_2G.phpt
 # cause stack exhausion
 rm Zend/tests/bug54268.phpt
 rm Zend/tests/bug68412.phpt
@@ -1567,6 +1569,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Thu Nov  7 2019 Remi Collet <rcollet@redhat.com> - 7.2.24-1
+- update to 7.2.24 #1726981
+
 * Tue Oct 29 2019 Remi Collet <rcollet@redhat.com> - 7.2.11-4
 - fix underflow in env_path_info in fpm_main.c CVE-2019-11043