pool/php8
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2 pgajdos:factory pgajdos:slfo-main pgajdos:slfo-1.2
..
compare: pgajdos:slfo-main
Branches Tags
pgajdos:factory pgajdos:slfo-main pgajdos:slfo-1.2 pool:factory pool:slfo-main pool:slfo-1.2

1 Commits
factory ... slfo-main

Author SHA256 Message Date
Petr Gajdos
71d809acc8 main package require wwwrun:www user as it assumes it in filelist 2025-12-18 11:24:52 +01:00
8 changed files with 61 additions and 418 deletions
Expand all files Collapse all files

BIN
php-8.4.10.tar.xz LFS Normal file
View File

Binary file not shown.

16
php-8.4.10.tar.xz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEBhbpPZWvRxJD4mdhdwQm4X67s90FAmhkmUAACgkQdwQm4X67
s903TA/6AkonwSTFryS9cZzV03soHgS0eJqKNsf+pgIS+YiY+NUAe6Jl3TlKx5FX
3qKalCfUKDaWZX8Gso7psHHyY0a6oC3HD/xe8NV29VR1Zxe7dvqS2ovCu+7ek2wF
kyK2S7P7bRSIi9w5AMAHbVUbiOFB2AE98aBJ+H0n+kc50QltG4xe2/zcrx92fmwY
2aH8K/M4GsuPV+8pzpdSPT3yIa/iEknHf+1GfDy76+2D2gW9x2wr20QOJdEpr4kc
N6BoaZU+IrADT1pB04zYyeIy0a8gAXoHzUHsu2NW+rLOxYywtB1Xex7pQlEJw7h1
hNSvvAhJBQ1lYJQeF7o/a7ybplYe/2ypb9hjMsuvitncVl5JYvY2Ok9yxR8IxIUT
ryks9JezDD+xFuBeGqg1lOh1EiNHlJrvDeCz48KMKnOyWQNNrry98yr1mKRYft3Q
MLEIvj8ea13mEpBOd0Z2xwRUhYoMJrOymHFEEfprdFH0Sa2aThCUW3xEaPl2miAV
LsDjEthCNEnKA3AX5X1HEpbHm4g+ni/AK22if1IPrf94/oeENnDW5l4cktZt2h89
z/yToRjyh4yGbFWReC4KHx5vmNVEx7ltDfQEFuuCUzISaJMr48RPcSvzpqh//NHS
wYNXwIXSo/gN6U3XKAJWFenuvQLtd+/GUo3YzfNmx0+Pp2s8QI8=
=zmRy
-----END PGP SIGNATURE-----

3
php-8.4.17.tar.xz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:28b234e347286158cae921d61283eb1169d89bc9d2e5f5976567260ff38b0bfa
size 13670792

7
php-8.4.17.tar.xz.asc
View File

@@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQSdf5mgy48FyKaVjWJWqXr3YAo5pgUCaWaERAAKCRBWqXr3YAo5
prxcAP9z/3HjeI9EHFbHjQ2PVK5iRPq17u5FLe6WymQKCkLpYgEA2R9HJmWVRjaV
ND2gKyWhPt3WwCKQgN/FupiJMxJMIwk=
=BRQZ
-----END PGP SIGNATURE-----

48
php-build-reproducible-phar.patch
View File

@@ -16,11 +16,11 @@ Signed-off-by: Arjen de Korte <build+github@de-korte.org>
ext/phar/zip.c | 2 +-
6 files changed, 18 insertions(+), 5 deletions(-)
Index: php-8.4.17/ext/phar/phar.c
Index: php-8.4.10/ext/phar/phar.c
===================================================================
--- php-8.4.17.orig/ext/phar/phar.c
+++ php-8.4.17/ext/phar/phar.c
@@ -2942,7 +2942,7 @@ int phar_flush_ex(phar_archive_data *pha
--- php-8.4.10.orig/ext/phar/phar.c
+++ php-8.4.10/ext/phar/phar.c
@@ -2965,7 +2965,7 @@ void phar_flush_ex(phar_archive_data *ph
4: metadata-len
+: metadata
*/
@@ -29,11 +29,11 @@ Index: php-8.4.17/ext/phar/phar.c
phar_set_32(entry_buffer, entry->uncompressed_filesize);
phar_set_32(entry_buffer+4, mytime);
phar_set_32(entry_buffer+8, entry->compressed_filesize);
Index: php-8.4.17/ext/phar/phar_internal.h
Index: php-8.4.10/ext/phar/phar_internal.h
===================================================================
--- php-8.4.17.orig/ext/phar/phar_internal.h
+++ php-8.4.17/ext/phar/phar_internal.h
@@ -316,6 +316,21 @@ static inline php_stream *phar_get_pharf
--- php-8.4.10.orig/ext/phar/phar_internal.h
+++ php-8.4.10/ext/phar/phar_internal.h
@@ -315,6 +315,21 @@ static inline php_stream *phar_get_pharf
return PHAR_G(cached_fp)[phar->phar_pos].fp;
}
@@ -55,24 +55,24 @@ Index: php-8.4.17/ext/phar/phar_internal.h
static inline enum phar_fp_type phar_get_fp_type(const phar_entry_info *entry)
{
if (!entry->is_persistent) {
Index: php-8.4.17/ext/phar/stream.c
Index: php-8.4.10/ext/phar/stream.c
===================================================================
--- php-8.4.17.orig/ext/phar/stream.c
+++ php-8.4.17/ext/phar/stream.c
@@ -473,7 +473,7 @@ static int phar_stream_flush(php_stream
--- php-8.4.10.orig/ext/phar/stream.c
+++ php-8.4.10/ext/phar/stream.c
@@ -474,7 +474,7 @@ static int phar_stream_flush(php_stream
phar_entry_data *data = (phar_entry_data *) stream->abstract;
if (data->internal_file->is_modified) {
- data->internal_file->timestamp = time(0);
+ data->internal_file->timestamp = source_date_epoch_time(0);
ret = phar_flush(data->phar, &error);
phar_flush(data->phar, &error);
if (error) {
php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS, "%s", error);
Index: php-8.4.17/ext/phar/tar.c
Index: php-8.4.10/ext/phar/tar.c
===================================================================
--- php-8.4.17.orig/ext/phar/tar.c
+++ php-8.4.17/ext/phar/tar.c
@@ -972,7 +972,7 @@ int phar_tar_flush(phar_archive_data *ph
--- php-8.4.10.orig/ext/phar/tar.c
+++ php-8.4.10/ext/phar/tar.c
@@ -972,7 +972,7 @@ void phar_tar_flush(phar_archive_data *p
char *buf, *signature, sigbuf[8];
entry.flags = PHAR_ENT_PERM_DEF_FILE;
@@ -81,10 +81,10 @@ Index: php-8.4.17/ext/phar/tar.c
entry.is_modified = 1;
entry.is_crc_checked = 1;
entry.is_tar = 1;
Index: php-8.4.17/ext/phar/util.c
Index: php-8.4.10/ext/phar/util.c
===================================================================
--- php-8.4.17.orig/ext/phar/util.c
+++ php-8.4.17/ext/phar/util.c
--- php-8.4.10.orig/ext/phar/util.c
+++ php-8.4.10/ext/phar/util.c
@@ -701,7 +701,7 @@ phar_entry_data *phar_get_or_create_entr
phar_add_virtual_dirs(phar, path, path_len);
@@ -94,11 +94,11 @@ Index: php-8.4.17/ext/phar/util.c
etemp.is_crc_checked = 1;
etemp.phar = phar;
etemp.filename = estrndup(path, path_len);
Index: php-8.4.17/ext/phar/zip.c
Index: php-8.4.10/ext/phar/zip.c
===================================================================
--- php-8.4.17.orig/ext/phar/zip.c
+++ php-8.4.17/ext/phar/zip.c
@@ -1251,7 +1251,7 @@ int phar_zip_flush(phar_archive_data *ph
--- php-8.4.10.orig/ext/phar/zip.c
+++ php-8.4.10/ext/phar/zip.c
@@ -1271,7 +1271,7 @@ void phar_zip_flush(phar_archive_data *p
pass.error = &temperr;
entry.flags = PHAR_ENT_PERM_DEF_FILE;

13
php-sort-filelist-phar.patch Normal file
View File

@@ -0,0 +1,13 @@
Index: php-8.4.1/ext/phar/Makefile.frag
===================================================================
--- php-8.4.1.orig/ext/phar/Makefile.frag
+++ php-8.4.1/ext/phar/Makefile.frag
@@ -45,7 +45,7 @@ $(builddir)/phar.phar: $(builddir)/phar.
if [ "$(TEST_PHP_EXECUTABLE_RES)" != 1 ]; then \
rm -f $(builddir)/phar.phar; \
rm -f $(srcdir)/phar.phar; \
- $(PHP_PHARCMD_EXECUTABLE) $(PHP_PHARCMD_SETTINGS) $(builddir)/phar.php pack -f $(builddir)/phar.phar -a pharcommand -c auto -p 0 -s $(srcdir)/phar/phar.php -h sha1 -b "$(PHP_PHARCMD_BANG)" $(srcdir)/phar/; \
+ $(PHP_PHARCMD_EXECUTABLE) $(PHP_PHARCMD_SETTINGS) $(builddir)/phar.php pack -f $(builddir)/phar.phar -a pharcommand -c auto -p 0 -s $(srcdir)/phar/phar.php -h sha1 -b "$(PHP_PHARCMD_BANG)" -l 9 $(srcdir)/phar/*.inc; \
chmod +x $(builddir)/phar.phar; \
else \
echo "Skipping phar.phar generating during cross compilation"; \

382
php8.changes
View File

@@ -1,389 +1,9 @@
-------------------------------------------------------------------
Mon Jan 19 08:21:08 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
- remove a patch, which breaks phar.phar [bsc#1256905]
* php-sort-filelist-phar.patch (upstreamed)
- modified patches
* php-build-reproducible-phar.patch (refreshed)
-------------------------------------------------------------------
Thu Jan 15 19:55:23 UTC 2026 - Arjen de Korte <suse+build@de-korte.org>
- version update to 8.4.17
Core:
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Bz2:
Fixed bug GH-20620 (bzcompress overflow on large source size).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
GD:
Fixed bug GH-20622 (imagestring/imagestringup overflow).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
POSIX:
Fixed crash on posix groups to php array creation on macos.
SPL:
Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()).
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
Zlib:
Fix OOB gzseek() causing assertion failure.
-------------------------------------------------------------------
Fri Dec 19 07:51:15 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- version update to 8.4.16
Core:
Sync all boost.context files with release 1.86.0.
Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter).
Fixed bug GH-20286 (use-after-destroy during userland stream_close()).
Bz2:
Fix assertion failures resulting in crashes with stream filter object parameters.
Date:
Fix crashes when trying to instantiate uninstantiable classes via date static constructors.
DOM:
Fix memory leak when edge case is hit when registering xpath callback.
Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase).
Fix missing NUL byte check on C14NFile().
Fibers:
Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value).
FTP:
Fixed bug GH-20601 (ftp_connect overflow on timeout).
GD:
Fixed bug GH-20511 (imagegammacorrect out of range input/output values).
Fixed bug GH-20602 (imagescale overflow with large height values).
Intl:
Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants).
LibXML:
Fix some deprecations on newer libxml versions regarding input buffer/parser handling.
MbString:
Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma).
Fixed bug GH-20492 (mbstring compile warning due to non-strings).
MySQLnd:
Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets).
Opcache:
Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer).
PDO:
Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180)
Phar:
Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub).
Fix broken return value of fflush() for phar file entries.
Fix assertion failure when fseeking a phar file out of bounds.
PHPDBG:
Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog().
SPL:
Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization).
Standard:
Fix memory leak in array_diff() with custom type checks.
Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures).
Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()).
Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178)
Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)
Tidy:
Fixed bug GH-20374 (PHP with tidy and custom-tags).
XML:
Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback).
Zip:
Fix crash in property existence test.
Don't truncate return value of zip_fread() with user sizes.
Zlib:
Fix assertion failures resulting in crashes with stream filter object parameters.
- fixes CVE-2025-14178 [bsc#1255711]
CVE-2025-14180 [bsc#1255712]
CVE-2025-14177 [bsc#1255710]
-------------------------------------------------------------------
Thu Dec 18 09:34:11 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
Thu Dec 18 10:07:30 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
- main package require wwwrun:www user as it assumes it in filelist
[bsc#1255043]
-------------------------------------------------------------------
Thu Nov 20 14:46:37 UTC 2025 - pgajdos@suse.com
- version update to 8.4.15
Core:
Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv).
Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference).
Fixed bug GH-20085 (Assertion failure when combining lazy object get_properties exception with foreach loop).
Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error).
Fixed bug GH-20270 (Broken parent hook call with named arguments).
Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval).
DOM:
Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work).
Fixed bug GH-20281 (\Dom\Document::getElementById() is inconsistent after nodes are removed).
Exif:
Fix possible memory leak when tag is empty.
FPM:
Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution).
FTP:
Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes).
GD:
Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided).
Intl:
Fix memory leak on error in locale_filter_matches().
LibXML:
Fix not thread safe schema/relaxng calls.
MySQLnd:
Fixed bug GH-8978 (SSL certificate verification fails (port doubled)).
Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL).
Opcache:
Fixed bug GH-20081 (access to uninitialized vars in preload_load()).
Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
Fixed bug GH-19875 (JIT 1205 segfault on large file compiled in subprocess).
Fixed bug GH-20012 (heap buffer overflow in jit).
Partially fixed bug GH-17733 (Avoid calling wrong function when reusing file caches across differing environments).
PgSql:
Fix memory leak when first string conversion fails.
Fix segfaults when attempting to fetch row into a non-instantiable class name.
Phar:
Fix memory leak of argument in webPhar.
Fix memory leak when setAlias() fails.
Fix a bunch of memory leaks in phar_parse_zipfile() error handling.
Fix file descriptor/memory leak when opening central fp fails.
Fix memleak+UAF when opening temp stream in buildFromDirectory() fails.
Fix potential buffer length truncation due to usage of type int instead of type size_t.
Fix memory leak when openssl polyfill returns garbage.
Fix file descriptor leak in phar_zip_flush() on failure.
Fix memory leak when opening temp file fails while trying to open gzip-compressed archive.
Fixed bug GH-20302 (Freeing a phar alias may invalidate PharFileInfo objects).
Random:
Fix Randomizer::__serialize() w.r.t. INDIRECTs.
Reflection:
Fixed bug GH-20217 (ReflectionClass::isIterable() incorrectly returns true for classes with property hooks).
SimpleXML:
Partially fixed bug GH-16317 (SimpleXML does not allow __debugInfo() overrides to work).
Streams:
Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64.
Tidy:
Fixed GH-19021 (improved tidyOptGetCategory detection).
Fix UAF in tidy when tidySetErrorBuffer() fails.
XMLReader:
Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available.
-------------------------------------------------------------------
Thu Oct 23 19:02:50 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- version update to 8.4.14
Core:
Fixed bug GH-19765 (object_properties_load() bypasses readonly property checks).
Fixed hard_timeout with --enable-zend-max-execution-timers.
Fixed bug GH-19792 (SCCP causes UAF for return value if both warning and exception are triggered).
Fixed bug GH-19653 (Closure named argument unpacking between temporary closures can cause a crash).
Fixed bug GH-19839 (Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array).
Fixed bug GH-19480 (error_log php.ini cannot be unset when open_basedir is configured).
Fixed bug GH-20002 (Broken build on *BSD with MSAN).
CLI:
Fix useless "Failed to poll event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS.
Curl:
Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the curl_copy_handle() function to clone a CurlHandle.
Fix curl build and test failures with version 8.16.
Date:
Fixed GH-17159: "P" format for ::createFromFormat swallows string literals.
DOM:
Fix macro name clash on macOS.
Fixed bug GH-20022 (docker-php-ext-install DOM failed).
GD:
Fixed GH-19955 (imagefttext() memory leak).
MySQLnd:
Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6 adress as parameter).
Opcache:
Fixed bug GH-19669 (assertion failure in zend_jit_trace_type_to_info_ex).
Fixed bug GH-19831 (function JIT may not deref property value).
Fixed bug GH-19889 (race condition in zend_runtime_jit(), zend_jit_hot_func()).
Phar:
Fix memory leak and invalid continuation after tar header writing fails.
Fix memory leaks when creating temp file fails when applying zip signature.
SimpleXML:
Fixed bug GH-19988 (zend_string_init with NULL pointer in simplexml (UB)).
Soap:
Fixed bug GH-19784 (SoapServer memory leak).
Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
Standard:
Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
Fixed bug GH-19701 (Serialize/deserialize loses some data).
Fixed bug GH-19801 (leaks in var_dump() and debug_zval_dump()).
Fixed bug GH-20043 (array_unique assertion failure with RC1 array causing an exception on sort).
Fixed bug GH-19926 (reset internal pointer earlier while splicing array while COW violation flag is still set).
Fixed bug GH-19570 (unable to fseek in /dev/zero and /dev/null).
Streams:
Fixed bug GH-19248 (Use strerror_r instead of strerror in main).
Fixed bug GH-17345 (Bug #35916 was not completely fixed).
Fixed bug GH-19705 (segmentation when attempting to flush on non seekable stream.
XMLReader:
Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure).
Zip:
Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()).
Fixed bug GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()).
-------------------------------------------------------------------
Fri Sep 26 06:27:17 UTC 2025 - pgajdos@suse.com
- version update to 8.4.13
Core:
Fixed bug GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant already defined" warning).
Partially fixed bug GH-19542 (Scanning of string literals >=2GB will fail due to signed int overflow).
Fixed bug GH-19544 (GC treats ZEND_WEAKREF_TAG_MAP references as WeakMap references).
Fixed bug GH-19613 (Stale array iterator pointer).
Fixed bug GH-19679 (zend_ssa_range_widening may fail to converge).
Fixed bug GH-19681 (PHP_EXPAND_PATH broken with bash 5.3.0).
Fixed bug GH-19720 (Assertion failure when error handler throws when accessing a deprecated constant).
CLI:
Fixed bug GH-19461 (Improve error message on listening error with IPv6 address).
Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset.
DBA:
Fixed bug GH-19706 (dba stream resource mismanagement).
DOM:
Fixed bug GH-19612 (Mitigate libxml2 tree dictionary bug).
FPM:
Fixed failed debug assertion when php_admin_value setting fails.
Intl:
Fixed bug GH-11952 (Fix locale strings canonicalization for IntlDateFormatter and NumberFormatter).
Opcache:
Fixed bug GH-19493 (JIT variable not stored before YIELD).
OpenSSL:
Fixed bug GH-19245 (Success error message on TLS stream accept failure).
PGSQL:
Fixed bug GH-19485 (potential use after free when using persistent pgsql connections).
Phar:
Fixed memory leaks when verifying OpenSSL signature.
Fix memory leak in phar tar temporary file error handling code.
Fix metadata leak when phar convert logic fails.
Fix memory leak on failure in phar_convert_to_other().
Fixed bug GH-19752 (Phar decompression with invalid extension can cause UAF).
Standard:
Fixed bug GH-16649 (UAF during array_splice).
Fixed bug GH-19577 (Avoid integer overflow when using a small offset and PHP_INT_MAX with LimitIterator).
Streams:
Remove incorrect call to zval_ptr_dtor() in user_wrapper_metadata().
Fix OSS-Fuzz #385993744.
Zip:
Fix memory leak in zip when encountering empty glob result.
-------------------------------------------------------------------
Thu Aug 28 15:30:21 UTC 2025 - pgajdos@suse.com
- version update to 8.4.12
Core:
Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro.
Fixed bug GH-19053 (Duplicate property slot with hooks and interface property).
Fixed bug GH-19044 (Protected properties are not scoped according to their prototype).
Fixed bug GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary const expr).
Fixed bug GH-19305 (Operands may be being released during comparison).
Fixed bug GH-19303 (Unpacking empty packed array into uninitialized array causes assertion failure).
Fixed bug GH-19306 (Generator can be resumed while fetching next value from delegated Generator).
Fixed bug GH-19326 (Calling Generator::throw() on a running generator with a non-Generator delegate crashes).
Fixed bug GH-19280 (Stale array iterator position on rehashing).
Fixed bug GH-18736 (Circumvented type check with return by ref + finally).
Fixed bug GH-19065 (Long match statement can segfault compiler during recursive SSA renaming).
Calendar:
Fixed bug GH-19371 (integer overflow in calendar.c).
FTP:
Fix theoretical issues with hrtime() not being available.
GD:
Fix incorrect comparison with result of php_stream_can_cast().
Hash:
Fix crash on clone failure.
Intl:
Fix memleak on failure in collator_get_sort_key().
Fix return value on failure for resourcebundle count handler.
LDAP:
Fixed bug GH-18529 (additional inheriting of TLS int options).
LibXML:
Fixed bug GH-19098 (libxml<2.13 segmentation fault caused by php_libxml_node_free).
MbString:
Fixed bug GH-19397 (mb_list_encodings() can cause crashes on shutdown).
Opcache:
Reset global pointers to prevent use-after-free in zend_jit_status().
Fix issue with JIT restart and hooks.
Fix crash with dynamic function defs in hooks during preload.
OpenSSL:
Fixed bug GH-18986 (OpenSSL backend: incorrect RAND_{load,write}_file() return value check).
Fix error return check of EVP_CIPHER_CTX_ctrl().
Fixed bug GH-19428 (openssl_pkey_derive segfaults for DH derive with low key_length param).
PDO Pgsql:
Fixed dangling pointer access on _pdo_pgsql_trim_message helper.
SOAP:
Fixed bug GH-18640 (heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref).
Sockets:
Fix some potential crashes on incorrect argument value.
Standard:
Fixed OSS Fuzz #433303828 (Leak in failed unserialize() with opcache).
Fix theoretical issues with hrtime() not being available.
Fixed bug GH-19300 (Nested array_multisort invocation with error breaks).
Windows:
Free opened_path when opened_path_len >= MAXPATHLEN.
-------------------------------------------------------------------
Fri Aug 8 20:10:09 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
- version update to 8.4.11
Calendar:
Fixed jewishtojd overflow on year argument.
Core:
Fixed bug GH-18833 (Use after free with weakmaps dependent on destruction order).
Fixed bug GH-18907 (Leak when creating cycle in hook).
Fix OSS-Fuzz #427814456.
Fix OSS-Fuzz #428983568 and #428760800.
Fixed bug GH-17204 (-Wuseless-escape warnings emitted by re2c).
Fixed bug GH-19064 (Undefined symbol 'execute_ex' on Windows ARM64).
Curl:
Fix memory leaks when returning refcounted value from curl callback.
Remove incorrect string release.
DOM:
Fixed bug GH-18979 (Dom\XMLDocument::createComment() triggers undefined behavior with null byte).
LDAP:
Fixed GH-18902 ldap_exop/ldap_exop_sync assert triggered on empty request OID.
MbString:
Fixed bug GH-18901 (integer overflow mb_split).
Opcache:
Fixed bug GH-18639 (Internal class aliases can break preloading + JIT).
Fixed bug GH-18899 (JIT function crash when emitting undefined variable warning and opline is not set yet).
Fixed bug GH-14082 (Segmentation fault on unknown address 0x600000000018 in ext/opcache/jit/zend_jit.c).
Fixed bug GH-18898 (SEGV zend_jit_op_array_hot with property hooks and preloading).
OpenSSL:
Fixed bug #80770 (It is not possible to get client peer certificate with stream_socket_server).
PCNTL:
Fixed bug GH-18958 (Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with zend-max-execution-timers).
Phar:
Fix stream double free in phar.
Fix phar crash and file corruption with SplFileObject.
SOAP:
Fixed bug GH-18990, bug #81029, bug #47314 (SOAP HTTP socket not closing on object destruction).
Fix memory leak when URL parsing fails in redirect.
SPL:
Fixed bug GH-19094 (Attaching class with no Iterator implementation to MultipleIterator causes crash).
Standard:
Fix misleading errors in printf().
Fix RCN violations in array functions.
Fixed GH-18976 pack() overflow with h/H format and INT_MAX repeater value.
Streams:
Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter fatal error).
Zip:
Fix leak when path is too long in ZipArchive::extractTo().
-------------------------------------------------------------------
Thu Jul 3 13:05:42 UTC 2025 - pgajdos@suse.com

7
php8.spec
View File

@@ -1,8 +1,7 @@
#
# spec file for package php8
#
# Copyright (c) 2026 SUSE LLC
# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -58,7 +57,7 @@
%bcond_without sodium
Name: %{pprefix}%{php_name}%{psuffix}
Version: 8.4.17
Version: 8.4.10
Release: 0
Summary: Interpreter for the PHP scripting language version 8
License: MIT AND PHP-3.01
@@ -90,6 +89,8 @@ Patch3: php-ini.patch
Patch4: php-systzdata-v24.patch
# adjust upstream systemd unit to SUSE needs
Patch5: php-systemd-unit.patch
# PATCH-FEATURE-OPENSUSE use ordered input files for reproducible /usr/bin/phar.phar
Patch6: php-sort-filelist-phar.patch
## Bugfix patches
# should be upstreamed, will do later
Patch22: php-date-regenerate-lexers.patch