Sync from SUSE:SLFO:1.1 php8 revision 95c9247a13fa11e6f4f57036385e639d

This commit is contained in:
Adrian Schröter 2024-10-17 13:43:54 +02:00
parent a284e3e615
commit 7012b7b48e
6 changed files with 53 additions and 153 deletions

BIN
php-8.3.11.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCZs4m5wAKCRAcB3ncXAqd
5GEcAQDijVOhXPZKRA3CPaut9JwOysoNgX9/A5zLeMGgTwUMIwEAwGig+o0XKonL
Ay0PrGtv7SLU3ZUXKGIfo/E2jCDlUgE=
=1Ytt
-----END PGP SIGNATURE-----

BIN
php-8.3.12.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

16
php-8.3.12.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESx/A2d+SMhztn2FdvsVV4ioUNVMFAmbzApQACgkQvsVV4ioU
NVNN4g/9FhYQ9VybSZii3PKjahZQN9Otx95mGFKqsf+sIe/ma4w4mUjKkEs7EiLG
GSBKe5QIiC/DjJ8iSJ+zO8xt/2AeoGcrbGAG64GBigNfJ+7TmG+Gqlv3KNYUaFWJ
nf4rcrqkOWwLlruDXIiTc5B/5nFetd6MDz3Q/m1+qsv6jTsweRYn5kRiEQHnAmJJ
hz77E7Vw2I73/dzRg0U6Nq4NERLEJ0blz6v2h9PIw303rFpqHR7XyMbLTICn3lpf
RHsSbIqAwECPI3GYKFN9UzSzRIxByccaIwFWpUuQhseTtvnmS0U1qgTQAs8Wdkkh
LbVrA71MGlQN/oT3W8MwhGwlOaLR27ZT7IZKqTpb6pCIZPCqFpH28XqKGQ5vkwNR
863PEg8EKQuth+sCKRxgaH1WxNsgrwIx8DOJih6eFV7EPOs286ZLVq1y7pyAqXCA
tF2D0KUMEp6fakBa0wlALhLsczHDIuR8zkh4b4L5nE0vlvd339sgVLTc7KfGE9A+
CV+uvPJ5feqkZ6soH+784OJptvrtGk8NebG/u3EX77PSIIjw/JBqhT5AQ6h8mx6U
/B1mT5hOmNlMPyLchNWHopx032xXBTCH53gvdAPAEUWseu6Xxb8fwNTiwLLFk9hl
j0nBXyEHojWXZUXwGhegnihNIujSNGGd4FJJRqLi1bQFHK+greA=
=P49l
-----END PGP SIGNATURE-----

View File

@ -1,154 +1,40 @@
-------------------------------------------------------------------
Fri Aug 30 07:19:33 UTC 2024 - pgajdos@suse.com
Fri Oct 11 08:50:15 UTC 2024 - pgajdos@suse.com
- version update to 8.3.11
- version update to 8.3.12 [bsc#1231358], [bsc#1231382], [bsc#1231360]
CGI:
Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)
Core:
Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c).
Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c).
Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally).
Fix uninitialized memory in network.c.
Fixed bug GH-15108 (Segfault when destroying generator during shutdown).
Fixed bug GH-15275 (Crash during GC of suspended generator delegate).
Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer).
Fixed bug GH-15515 (Configure error grep illegal option q).
Fixed bug GH-15514 (Configure error: genif.sh: syntax error).
Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found).
Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
Fixed bug GH-15330 (Do not scan generator frames more than once).
Fixed uninitialized lineno in constant AST of internal enums.
Curl:
Fixed case when curl_error returns an empty string.
FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
DOM:
Fix UAF when removing doctype and using foreach iteration.
FFI:
Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory leak).
Hash:
Fix crash when converting array data for array in shm in xxh3.
Intl:
Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional).
Opcache:
Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4).
Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
Output:
Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re).
PDO_Firebird:
Fix bogus fallthrough path in firebird_handle_get_attribute().
PHPDBG:
Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode with libedit/readline).
Fixed bug GH-15268 (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)).
Fixed bug GH-15210 use-after-free on watchpoint allocations.
Soap:
Fixed bug #55639 (Digest autentication dont work).
Fix SoapFault property destruction.
Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap constructor option).
Standard:
Fix passing non-finite timeout values in stream functions.
Fixed GH-14780 p(f)sockopen timeout overflow.
Streams:
Fixed bug GH-15028 (Memory leak in ext/phar/stream.c).
Fixed bug GH-15034 (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB).
Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters).
Tidy:
Fix memory leaks in ext/tidy basedir restriction code.
-------------------------------------------------------------------
Fri Aug 16 18:01:11 UTC 2024 - Arjen de Korte <suse+build@de-korte.org>
- version update to 8.3.10
Core:
Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1).
Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks).
Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
Fixed OSS-Fuzz #69765.
Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h).
Fixed bug GH-14969 (Use-after-free in property coercion with __toString()).
Dom:
Fixed bug GH-14702 (DOMDocument::xinclude() crash).
Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h).
Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c).
Fileinfo:
Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE).
Gd:
ext/gd/tests/gh10614.phpt: skip if no PNG support.
restored warning instead of fata error.
LibXML:
Fixed bug GH-14563 (Build failure with libxml2 v2.13.0).
Opcache:
Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled).
Output:
Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer).
PDO:
Fixed bug GH-14712 (Crash with PDORow access to null property).
Phar:
Fixed bug GH-14603 (null string from zip entry).
PHPDBG:
Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
Fixed bug GH-14553 (echo output trimmed at NULL byte).
Shmop:
Fixed bug GH-14537 (shmop Windows 11 crashes the process).
SPL:
Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c).
Standard:
Fixed bug GH-14775 (range function overflow with negative step argument).
Fix 32-bit wordwrap test failures.
Fixed bug GH-14774 (time_sleep_until overflow).
Streams:
Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3).
Tidy:
Fix memory leak in tidy_repair_file().
Treewide:
Fix compatibility with libxml2 2.13.2.
XML:
Move away from to-be-deprecated libxml fields.
Fixed bug GH-14834 (Error installing PHP when --with-pear is used).
-------------------------------------------------------------------
Sun Jul 7 19:56:45 UTC 2024 - pgajdos@suse.com
- version update to 8.3.9
Core:
Fixed bug GH-14315 (Incompatible pointer type warnings).
Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon).
Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()).
Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor).
Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call).
Fixed bug GH-14549 (Incompatible function pointer type for fclose).
BCMatch:
Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0).
Curl:
Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0).
DOM:
Fixed bug GH-14343 (Memory leak in xml and dom).
Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument).
FPM:
Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool).
GD:
Fix parameter numbers for imagecolorset().
Intl:
Fix reference handling in SpoofChecker.
Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
MySQLnd:
Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection).
Fixed bug GH-15432 (Heap corruption when querying a vector).
Opcache:
Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime).
Fixed TLS access in JIT on FreeBSD/amd64.
Fixed bug GH-11188 (Error when building TSRM in ARM64).
PDO ODBC:
Fixed bug GH-14367 (incompatible SDWORD type with iODBC).
PHPDBG:
Fixed bug GH-13681 (segfault on watchpoint addition failure).
Soap:
Fixed bug #47925 (PHPClient can't decompress response).
Fix missing error restore code.
Fix memory leak if calling SoapServer::setObject() twice.
Fix memory leak if calling SoapServer::setClass() twice.
Fix reading zlib ini settings in ext-soap.
Fix memory leaks with string function name lookups.
Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class name).
Fixed bug #76232 (SoapClient Cookie Header Semicolon).
Fixed memory leaks when calling SoapFault::__construct() twice.
Sodium:
Fix memory leaks in ext/sodium on failure of some functions.
SPL:
Fixed bug GH-14290 (Member access within null pointer in extension spl).
Standard:
Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract namespace Unix sockets).
Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).
Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
SAPI:
Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
Standard:
Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c).
Streams:
Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors).
-------------------------------------------------------------------
Thu Jun 20 09:35:17 UTC 2024 - pgajdos@suse.com
- drop unmaintained apache-rex usage
Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated).
- modified patches
% php-systzdata-v24.patch (refreshed)
-------------------------------------------------------------------
Fri Jun 7 07:02:10 UTC 2024 - pgajdos@suse.com

View File

@ -45,7 +45,7 @@
%define extension_dir %{_libdir}/%{php_name}/extensions
%define php_sysconf %{_sysconfdir}/%{php_name}
%bcond_without apparmor
%bcond_without apparmor
%if 0%{?suse_version} >= 1500
%bcond_without argon2
%else
@ -57,7 +57,7 @@
%bcond_without sodium
Name: %{pprefix}%{php_name}%{psuffix}
Version: 8.3.11
Version: 8.3.12
Release: 0
Summary: Interpreter for the PHP scripting language version 8
License: MIT AND PHP-3.01
@ -160,9 +160,11 @@ BuildRequires: pkgconfig(libsodium) >= 1.0.8
BuildRequires: pkgconfig(libargon2)
%endif
%if "%{flavor}" == "test"
BuildRequires: apache-rex
BuildRequires: mod_php_any = %{version}
BuildRequires: php-cli = %{version}
BuildRequires: php-fpm = %{version}
%apache_rex_deps
%endif
%if "%{flavor}" == ""
@ -1205,6 +1207,9 @@ for f in $(find .. -name "*.diff" -type f -print); do
done
set -x
unset NO_INTERACTION REPORT_EXIT_STATUS
# Apache HTTPD runnable examples test
%apache_rex_check -m libs mod_php-basic
%apache_rex_check -m libs -b sapi/fpm mod_proxy_fcgi-php-fpm mod_proxy_fcgi-php-fpm-auth-RewriteRule mod_proxy_fcgi-php-fpm-CGIPassAuth
exit 0
%endif