From 105a8d52e4855e162dc8147a70eb304e14a38676669ad64f649399cf4049c9b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 4 Dec 2024 09:22:12 +0100 Subject: [PATCH] Sync from SUSE:SLFO:Main php8 revision 80a67e0684cfe0723bfe66585f51b8e2 --- php-8.3.13.tar.xz | 3 -- php-8.3.13.tar.xz.asc | 7 --- php-8.3.14.tar.xz | 3 ++ php-8.3.14.tar.xz.asc | 16 +++++++ php8.changes | 108 ++++++++++++++++++++++++++++++++++++++++++ php8.spec | 4 +- 6 files changed, 129 insertions(+), 12 deletions(-) delete mode 100644 php-8.3.13.tar.xz delete mode 100644 php-8.3.13.tar.xz.asc create mode 100644 php-8.3.14.tar.xz create mode 100644 php-8.3.14.tar.xz.asc diff --git a/php-8.3.13.tar.xz b/php-8.3.13.tar.xz deleted file mode 100644 index f3e3887..0000000 --- a/php-8.3.13.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:89adb978cca209124fe53fd6327bc4966ca21213a7fa2e9504f854e340873018 -size 12484032 diff --git a/php-8.3.13.tar.xz.asc b/php-8.3.13.tar.xz.asc deleted file mode 100644 index 9fb378b..0000000 --- a/php-8.3.13.tar.xz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYIAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCZxfylwAKCRAcB3ncXAqd -5GjlAQCsFNinpnYAZ88GbsZEJQqWzPmItJRD9WWzaORbBm77IQEAlirlZBd2hV93 -JW8Su4q4+75tS15z1BwNgTlxVOsxGwY= -=f4+r ------END PGP SIGNATURE----- diff --git a/php-8.3.14.tar.xz b/php-8.3.14.tar.xz new file mode 100644 index 0000000..e6d404f --- /dev/null +++ b/php-8.3.14.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:58b4cb9019bf70c0cbcdb814c7df79b9065059d14cf7dbf48d971f8e56ae9be7 +size 12519488 diff --git a/php-8.3.14.tar.xz.asc b/php-8.3.14.tar.xz.asc new file mode 100644 index 0000000..bd634dd --- /dev/null +++ b/php-8.3.14.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEESx/A2d+SMhztn2FdvsVV4ioUNVMFAmc8rEcACgkQvsVV4ioU +NVPz5BAAxNVnJ1Gc7mjX3k0AygzaunoQlBVzJyGeBCad6kY3snyMRhJy/kGhTT/H +HOaVYEZ2wiLa9wdBmvxDQbHnWwxhprjj/7CFMtwC1mDKkA0/tNWOouazRJWJ7J2b +H8rsdBFFUwqFJH4qdCnH4z6suURDzHn9l78GLpSU9U+dH1jRIwY8yxC/9jefhvP/ +hoXKCqpcye+FErp6IIboGs6vn8YJR4FjvkX3wy2oX+n4XbHhXN4MD5vgbgcSIJaU +xpFSaGX+fHRJ2X/7wKFawxexotU1sk1ero/Va4YgWJHFkEXCcx23GGGT97dZ8qt5 +XlXD8rRlyz3DW3jyzGAY5nwqOw7c8IUV0/uwrTBP929I/2YMM//h9YCnXkw/fuOx +YyYIIwI6Rds+xQD1OOVC6kJ0PkJUgsWTkcl4T5+3vsbIIBh5fyS1Me80qnL4/qp+ +9AU6hbncInw4gGantW3Rm4lLA+U614ONuvJe8V3EoW/semCHUCztKExLrCQ/O9xn +PDhRbOpc6ZSpnYrBg6fCMbwFHI3fMz+ZoAsRqAK+AiuHuAUGGOLQWG0B8wf+b42f +0ZvP6OJLCTtMl8UAyLKpRfycCueUk6CEEHWbyAGeuhBkERitRLv+xUNmIjZsxuC1 +Uo6WzEJupnDNgwRqkIrpKW26UEhA1FTQVDa/XwxsuOxtRSZrd74= +=bYDn +-----END PGP SIGNATURE----- diff --git a/php8.changes b/php8.changes index 1b1f037..7f8afd3 100644 --- a/php8.changes +++ b/php8.changes @@ -1,3 +1,111 @@ +------------------------------------------------------------------- +Mon Nov 25 09:00:43 UTC 2024 - pgajdos@suse.com + +- version update to 8.3.14 [bsc#1233651] [bsc#1233703] [bsc#1233702] + CLI: + Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang). + Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). + COM: + Fixed out of bound writes to SafeArray data. + Core: + Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15). + Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). + Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline). + Fixed bug GH-16509 (Incorrect line number in function redeclaration error). + Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes). + Fixed bug GH-16648 (Use-after-free during array sorting). + Curl: + Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails). + Date: + Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset). + Fixed bug GH-14732 (date_sun_info() fails for non-finite values). + DBA: + Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). + DOM: + Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). + Add missing hierarchy checks to replaceChild. + Fixed bug GH-16336 (Attribute intern document mismanagement). + Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). + Fixed bug GH-16473 (dom_import_simplexml stub is wrong). + Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element). + Fixed bug GH-16535 (UAF when using document as a child). + Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). + Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). + EXIF: + Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file). + FFI: + Fixed bug GH-16397 (Segmentation fault when comparing FFI object). + Filter: + Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). + FPM: + Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement). + GD: + Fixed bug GH-16334 (imageaffine overflow on matrix elements). + Fixed bug GH-16427 (Unchecked libavif return values). + Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007). + GMP: + Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier). + Fixed bug GH-16411 (gmp_export() can cause overflow). + Fixed bug GH-16501 (gmp_random_bits() can cause overflow). + Fixed gmp_pow() overflow bug with large base/exponents. + Fixed segfaults and other issues related to operator overloading with GMP objects. + LDAP: + Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932) + MBstring: + Fixed bug GH-16361 (mb_substr overflow on start/length arguments). + MySQLnd: + Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929) + Opcache: + Fixed bug GH-16408 (Array to string conversion warning emitted in optimizer). + OpenSSL: + Fixed bug GH-16357 (openssl may modify member types of certificate arrays). + Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow). + Fix various memory leaks on error conditions in openssl_x509_parse(). + PDO DBLIB: + Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) + PDO Firebird: + Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) + PDO ODBC: + Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). + Phar: + Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). + PHPDBG: + Fixed bug GH-16174 (Empty string is an invalid expression for ev). + Reflection: + Fixed bug GH-16601 (Memory leak in Reflection constructors). + Session: + Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params). + Fixed bug GH-16290 (overflow on cookie_lifetime ini value). + SOAP: + Fixed bug GH-16318 (Recursive array segfaults soap encoding). + Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient). + Sockets: + Fixed bug with overflow socket_recvfrom $length argument. + SPL: + Fixed bug GH-16337 (Use-after-free in SplHeap). + Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()). + Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). + Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). + Fixed bug GH-16588 (UAF in Observer->serialize). + Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor). + Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). + Fixed bug GH-14687 (segfault on SplObjectIterator instance). + Fixed bug GH-16604 (Memory leaks in SPL constructors). + Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()). + Standard: + Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled). + Streams: + Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234) + Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) + SysVMsg: + Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized). + SysVShm: + Fixed bug GH-16591 (Assertion error in shm_put_var). + XMLReader: + Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c). + Zlib: + Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb) + ------------------------------------------------------------------- Thu Oct 24 18:44:22 UTC 2024 - pgajdos@suse.com diff --git a/php8.spec b/php8.spec index 7a6832f..5978253 100644 --- a/php8.spec +++ b/php8.spec @@ -45,7 +45,7 @@ %define extension_dir %{_libdir}/%{php_name}/extensions %define php_sysconf %{_sysconfdir}/%{php_name} -%bcond_without apparmor +%bcond_with apparmor %if 0%{?suse_version} >= 1500 %bcond_without argon2 %else @@ -57,7 +57,7 @@ %bcond_without sodium Name: %{pprefix}%{php_name}%{psuffix} -Version: 8.3.13 +Version: 8.3.14 Release: 0 Summary: Interpreter for the PHP scripting language version 8 License: MIT AND PHP-3.01