diff --git a/php-8.3.11.tar.xz b/php-8.3.11.tar.xz deleted file mode 100644 index 8b0bcd2..0000000 --- a/php-8.3.11.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b862b098a08ab9bf4b36ed12c7d0d9f65353656b36fb0e3c5344093aceb35802 -size 12481420 diff --git a/php-8.3.11.tar.xz.asc b/php-8.3.11.tar.xz.asc deleted file mode 100644 index 7e0d90d..0000000 --- a/php-8.3.11.tar.xz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iHUEABYIAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCZs4m5wAKCRAcB3ncXAqd -5GEcAQDijVOhXPZKRA3CPaut9JwOysoNgX9/A5zLeMGgTwUMIwEAwGig+o0XKonL -Ay0PrGtv7SLU3ZUXKGIfo/E2jCDlUgE= -=1Ytt ------END PGP SIGNATURE----- diff --git a/php-8.3.12.tar.xz b/php-8.3.12.tar.xz new file mode 100644 index 0000000..2fdd18e --- /dev/null +++ b/php-8.3.12.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f774e28633e26fc8c5197f4dae58ec9e3ff87d1b4311cbc61ab05a7ad24bd131 +size 12493432 diff --git a/php-8.3.12.tar.xz.asc b/php-8.3.12.tar.xz.asc new file mode 100644 index 0000000..cd3a697 --- /dev/null +++ b/php-8.3.12.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEESx/A2d+SMhztn2FdvsVV4ioUNVMFAmbzApQACgkQvsVV4ioU +NVNN4g/9FhYQ9VybSZii3PKjahZQN9Otx95mGFKqsf+sIe/ma4w4mUjKkEs7EiLG +GSBKe5QIiC/DjJ8iSJ+zO8xt/2AeoGcrbGAG64GBigNfJ+7TmG+Gqlv3KNYUaFWJ +nf4rcrqkOWwLlruDXIiTc5B/5nFetd6MDz3Q/m1+qsv6jTsweRYn5kRiEQHnAmJJ +hz77E7Vw2I73/dzRg0U6Nq4NERLEJ0blz6v2h9PIw303rFpqHR7XyMbLTICn3lpf +RHsSbIqAwECPI3GYKFN9UzSzRIxByccaIwFWpUuQhseTtvnmS0U1qgTQAs8Wdkkh +LbVrA71MGlQN/oT3W8MwhGwlOaLR27ZT7IZKqTpb6pCIZPCqFpH28XqKGQ5vkwNR +863PEg8EKQuth+sCKRxgaH1WxNsgrwIx8DOJih6eFV7EPOs286ZLVq1y7pyAqXCA +tF2D0KUMEp6fakBa0wlALhLsczHDIuR8zkh4b4L5nE0vlvd339sgVLTc7KfGE9A+ +CV+uvPJ5feqkZ6soH+784OJptvrtGk8NebG/u3EX77PSIIjw/JBqhT5AQ6h8mx6U +/B1mT5hOmNlMPyLchNWHopx032xXBTCH53gvdAPAEUWseu6Xxb8fwNTiwLLFk9hl +j0nBXyEHojWXZUXwGhegnihNIujSNGGd4FJJRqLi1bQFHK+greA= +=P49l +-----END PGP SIGNATURE----- diff --git a/php8.changes b/php8.changes index e1dab25..6500643 100644 --- a/php8.changes +++ b/php8.changes @@ -1,154 +1,40 @@ ------------------------------------------------------------------- -Fri Aug 30 07:19:33 UTC 2024 - pgajdos@suse.com +Fri Oct 11 08:50:15 UTC 2024 - pgajdos@suse.com -- version update to 8.3.11 +- version update to 8.3.12 [bsc#1231358], [bsc#1231382], [bsc#1231360] + CGI: + Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) + Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) Core: - Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c). - Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). - Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally). - Fix uninitialized memory in network.c. - Fixed bug GH-15108 (Segfault when destroying generator during shutdown). - Fixed bug GH-15275 (Crash during GC of suspended generator delegate). + Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). + Fixed bug GH-15515 (Configure error grep illegal option q). + Fixed bug GH-15514 (Configure error: genif.sh: syntax error). + Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). + Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). + Fixed bug GH-15330 (Do not scan generator frames more than once). + Fixed uninitialized lineno in constant AST of internal enums. Curl: - Fixed case when curl_error returns an empty string. + FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). DOM: - Fix UAF when removing doctype and using foreach iteration. - FFI: - Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory leak). - Hash: - Fix crash when converting array data for array in shm in xxh3. - Intl: - Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). - Opcache: - Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4). - Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement). - Output: - Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re). - PDO_Firebird: - Fix bogus fallthrough path in firebird_handle_get_attribute(). - PHPDBG: - Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode with libedit/readline). - Fixed bug GH-15268 (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)). - Fixed bug GH-15210 use-after-free on watchpoint allocations. - Soap: - Fixed bug #55639 (Digest autentication dont work). - Fix SoapFault property destruction. - Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap constructor option). - Standard: - Fix passing non-finite timeout values in stream functions. - Fixed GH-14780 p(f)sockopen timeout overflow. - Streams: - Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). - Fixed bug GH-15034 (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB). - Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters). - Tidy: - Fix memory leaks in ext/tidy basedir restriction code. - -------------------------------------------------------------------- -Fri Aug 16 18:01:11 UTC 2024 - Arjen de Korte - -- version update to 8.3.10 - Core: - Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). - Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). - Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. - Fixed OSS-Fuzz #69765. - Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). - Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). - Dom: - Fixed bug GH-14702 (DOMDocument::xinclude() crash). + Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). + Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c). Fileinfo: - Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE). - Gd: - ext/gd/tests/gh10614.phpt: skip if no PNG support. - restored warning instead of fata error. - LibXML: - Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). - Opcache: - Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). - Output: - Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). - PDO: - Fixed bug GH-14712 (Crash with PDORow access to null property). - Phar: - Fixed bug GH-14603 (null string from zip entry). - PHPDBG: - Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). - Fixed bug GH-14553 (echo output trimmed at NULL byte). - Shmop: - Fixed bug GH-14537 (shmop Windows 11 crashes the process). - SPL: - Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). - Standard: - Fixed bug GH-14775 (range function overflow with negative step argument). - Fix 32-bit wordwrap test failures. - Fixed bug GH-14774 (time_sleep_until overflow). - Streams: - Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to 255 characters in PHP 8.3). - Tidy: - Fix memory leak in tidy_repair_file(). - Treewide: - Fix compatibility with libxml2 2.13.2. - XML: - Move away from to-be-deprecated libxml fields. - Fixed bug GH-14834 (Error installing PHP when --with-pear is used). - -------------------------------------------------------------------- -Sun Jul 7 19:56:45 UTC 2024 - pgajdos@suse.com - -- version update to 8.3.9 - Core: - Fixed bug GH-14315 (Incompatible pointer type warnings). - Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon). - Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()). - Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor). - Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call). - Fixed bug GH-14549 (Incompatible function pointer type for fclose). - BCMatch: - Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). - Curl: - Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). - DOM: - Fixed bug GH-14343 (Memory leak in xml and dom). + Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). FPM: - Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool). - GD: - Fix parameter numbers for imagecolorset(). - Intl: - Fix reference handling in SpoofChecker. + Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) MySQLnd: - Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection). + Fixed bug GH-15432 (Heap corruption when querying a vector). Opcache: - Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime). - Fixed TLS access in JIT on FreeBSD/amd64. - Fixed bug GH-11188 (Error when building TSRM in ARM64). - PDO ODBC: - Fixed bug GH-14367 (incompatible SDWORD type with iODBC). - PHPDBG: - Fixed bug GH-13681 (segfault on watchpoint addition failure). - Soap: - Fixed bug #47925 (PHPClient can't decompress response). - Fix missing error restore code. - Fix memory leak if calling SoapServer::setObject() twice. - Fix memory leak if calling SoapServer::setClass() twice. - Fix reading zlib ini settings in ext-soap. - Fix memory leaks with string function name lookups. - Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class name). - Fixed bug #76232 (SoapClient Cookie Header Semicolon). - Fixed memory leaks when calling SoapFault::__construct() twice. - Sodium: - Fix memory leaks in ext/sodium on failure of some functions. - SPL: - Fixed bug GH-14290 (Member access within null pointer in extension spl). - Standard: - Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract namespace Unix sockets). + Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). + Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). + SAPI: + Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) + Standard: + Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). Streams: - Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors). - -------------------------------------------------------------------- -Thu Jun 20 09:35:17 UTC 2024 - pgajdos@suse.com - -- drop unmaintained apache-rex usage + Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). +- modified patches + % php-systzdata-v24.patch (refreshed) ------------------------------------------------------------------- Fri Jun 7 07:02:10 UTC 2024 - pgajdos@suse.com diff --git a/php8.spec b/php8.spec index 6845207..c7b328c 100644 --- a/php8.spec +++ b/php8.spec @@ -45,7 +45,7 @@ %define extension_dir %{_libdir}/%{php_name}/extensions %define php_sysconf %{_sysconfdir}/%{php_name} -%bcond_without apparmor +%bcond_without apparmor %if 0%{?suse_version} >= 1500 %bcond_without argon2 %else @@ -57,7 +57,7 @@ %bcond_without sodium Name: %{pprefix}%{php_name}%{psuffix} -Version: 8.3.11 +Version: 8.3.12 Release: 0 Summary: Interpreter for the PHP scripting language version 8 License: MIT AND PHP-3.01 @@ -160,9 +160,11 @@ BuildRequires: pkgconfig(libsodium) >= 1.0.8 BuildRequires: pkgconfig(libargon2) %endif %if "%{flavor}" == "test" +BuildRequires: apache-rex BuildRequires: mod_php_any = %{version} BuildRequires: php-cli = %{version} BuildRequires: php-fpm = %{version} +%apache_rex_deps %endif %if "%{flavor}" == "" @@ -1205,6 +1207,9 @@ for f in $(find .. -name "*.diff" -type f -print); do done set -x unset NO_INTERACTION REPORT_EXIT_STATUS +# Apache HTTPD runnable examples test +%apache_rex_check -m libs mod_php-basic +%apache_rex_check -m libs -b sapi/fpm mod_proxy_fcgi-php-fpm mod_proxy_fcgi-php-fpm-auth-RewriteRule mod_proxy_fcgi-php-fpm-CGIPassAuth exit 0 %endif