Sync from SUSE:SLFO:Main php8 revision 280f12a89ffb29df4def8a4baf0286c3

php-8.3.17.tar.xz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iHUEABYIAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCZ6vKjQAKCRAcB3ncXAqd
-5CrSAP97P8/qCOPoUHAsg+uYoV+vuJ29tkE/+7sWnoM0G1FUDQD+NWtOqnD0H2N/
-6a0g4aj990TtEQqKFrIFTFUMr7qToQI=
-=euvN
------END PGP SIGNATURE-----

php-8.3.19.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEESx/A2d+SMhztn2FdvsVV4ioUNVMFAmfRivEACgkQvsVV4ioU
+NVPbaxAAltlaZ8jbjTDRtNXMg+ZgS7LpiGMsMy4AdS+sFNNhQ91l/7SwlXgiRUAe
+sT5F/QPAl4jEExVj0RNSc8uTjuW4CiBRnc9wfWsZuM8H+DaBBUkQwLklXSJZU06G
+eTGHIkVN71/CiNQhA8ZO1nK0LFvBqViR9DzvGsvehWEw+w8fg7m7lNwDbtm0OW68
+GNy/QnTWQdIe77h9j/RVsHMajj5TBxCDC5Gd72fXt1y0coLoXaeHjgZjSE62h1z1
+72RuXyZogu/tL+GYEZBbIf0Qlu8Q3U2Qr5eC/QbsQZT+ovGId7sAhCVzojOlR/dj
+UG2eq3nI3QQj/JrqEOkhKdEQ4auo9zibKDB/MaJFYBkn6no69t4uWFi4ZKbpxRhE
+Jt9r2wG+dwPBC3/p/YkeEGd8ztIhaL26JFDxTtevoKZ41OFy6v9KaIvZ6bipIwZS
+sBmwIJDA7bmd9b5zkY/vrfMp7MVfwF9N1PxmHAgI7FrDAqXsRzPaSvAiKnoISGXo
+DPKwr1xCJz0WM3xAMgfv8pAwkaEcZE5+Jp6A55Elx6v9teUj77G8oqJLEWX1uUGB
+rCiqB9d738U1ZlH7puVG0ydf/z4gi0e0IDnBJP55Sji8lEmzJV97JQh5fZtvE8s6
+w3KpF4WuD09a3v/XtsOz0T7uHONB48EtZv1HECGQbntQi4N0Wnk=
+=qyxd
+-----END PGP SIGNATURE-----

php8.changes

@@ -1,3 +1,69 @@
+-------------------------------------------------------------------
+Fri Mar 14 06:10:13 UTC 2025 - pgajdos@suse.com
+
+- version update to 8.3.19
+    BCMath:
+        Fixed bug GH-17398 (bcmul memory leak).
+    Core:
+        Fixed bug GH-17623 (Broken stack overflow detection for variable compilation).
+        Fixed bug GH-17618 (UnhandledMatchError does not take zend.exception_ignore_args=1 into account).
+        Fix fallback paths in fast_long_{add,sub}_function.
+        Fixed bug GH-17718 (Calling static methods on an interface that has `__callStatic` is allowed).
+        Fixed bug GH-17797 (zend_test_compile_string crash on invalid script path).
+        Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)
+    DOM:
+        Fixed bug GH-17847 (xinclude destroys live node).
+    FFI:
+        Fix FFI Parsing of Pointer Declaration Lists.
+    FPM:
+        Fixed bug GH-17643 (FPM with httpd ProxyPass encoded PATH_INFO env).
+    GD:
+        Fixed bug GH-17772 (imagepalettetotruecolor crash with memory_limit=2M).
+    LDAP:
+        Fixed bug GH-17704 (ldap_search fails when $attributes contains a non-packed array with numerical keys).
+    LibXML:
+        Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714).
+        Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
+    MBString:
+        Fixed bug GH-17503 (Undefined float conversion in mb_convert_variables).
+    Opcache:
+        Fixed bug GH-17654 (Multiple classes using same trait causes function JIT crash).
+        Fixed bug GH-17577 (JIT packed type guard crash).
+        Fixed bug GH-17899 (zend_test_compile_string with invalid path when opcache is enabled).
+        Fixed bug GH-17868 (Cannot allocate memory with tracing JIT).
+    PDO_SQLite:
+        Fixed GH-17837 ()::getColumnMeta() on unexecuted statement segfaults).
+        Fix cycle leak in sqlite3 setAuthorizer().
+    Phar:
+        Fixed bug GH-17808: PharFileInfo refcount bug.
+    PHPDBG:
+        Partially fixed bug GH-17387 (Trivial crash in phpdbg lexer).
+        Fix memory leak in phpdbg calling registered function.
+    Reflection:
+        Fixed bug GH-15902 (Core dumped in ext/reflection/php_reflection.c).
+    Standard:
+        Fixed bug #72666 (stat cache clearing inconsistent between file:// paths and plain paths).
+    Streams:
+        Fixed bug GH-17650 (realloc with size 0 in user_filters.c).
+        Fix memory leak on overflow in _php_stream_scandir().
+        Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)
+        Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
+        Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
+        Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217)
+    Windows:
+        Fixed phpize for Windows 11 (24H2).
+        Fixed GH-17855 (CURL_STATICLIB flag set even if linked with shared lib).
+    Zlib:
+        Fixed bug GH-17745 (zlib extension incorrectly handles object arguments).
+        Fix memory leak when encoding check fails.
+        Fix zlib support for large files.
+- fixes: CVE-2025-1217 [bsc#1239664]
+         CVE-2024-11235 [bsc#1239666]
+         CVE-2025-1734 [bsc#1239668]
+         CVE-2025-1861 [bsc#1239669]
+         CVE-2025-1736 [bsc#1239670]
+         CVE-2025-1219 [bsc#1239667]
+
 -------------------------------------------------------------------
 Fri Feb 14 07:11:17 UTC 2025 - pgajdos@suse.com
 

php8.spec

@@ -57,7 +57,7 @@
 %bcond_without	sodium
 
 Name:           %{pprefix}%{php_name}%{psuffix}
-Version:        8.3.17
+Version:        8.3.19
 Release:        0
 Summary:        Interpreter for the PHP scripting language version 8
 License:        MIT AND PHP-3.01
@@ -1234,13 +1234,13 @@ Build cli \
     --disable-cgi
 %endif
 
+%if "%{flavor}" == "test"
 %check
 %if %{with asan}
 # no need for ASAN build
 exit 0
 %endif
 
-%if "%{flavor}" == "test"
 # Run tests, using the CLI SAPI
 export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 LANG=POSIX LC_ALL=POSIX
 unset TZ