Petr Gajdos
e30469a868
CGI:
Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)
Core:
Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer).
Fixed bug GH-15515 (Configure error grep illegal option q).
Fixed bug GH-15514 (Configure error: genif.sh: syntax error).
Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found).
Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
Fixed bug GH-15330 (Do not scan generator frames more than once).
Fixed uninitialized lineno in constant AST of internal enums.
Curl:
Fixed bug GH-15547 (curl_multi_select overflow on timeout argument).
DOM:
Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h).
Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c).
Fileinfo:
Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument).
FPM:
Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
MySQLnd:
Fixed bug GH-15432 (Heap corruption when querying a vector).
Opcache:
Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c).
Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
SAPI:
Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
Standard:
Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c).
Streams:
Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated).
OBS-URL: https://build.opensuse.org/package/show/devel:languages:php/php8?expand=0&rev=175
45 lines
1.4 KiB
Diff
45 lines
1.4 KiB
Diff
Index: php-8.3.0/php.ini-production
|
|
===================================================================
|
|
--- php-8.3.0.orig/php.ini-production
|
|
+++ php-8.3.0/php.ini-production
|
|
@@ -752,7 +752,7 @@ default_charset = "UTF-8"
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
; UNIX: "/path1:/path2"
|
|
-;include_path = ".:/php/includes"
|
|
+include_path = ".:/usr/share/php8:/usr/share/php/PEAR"
|
|
;
|
|
; Windows: "\path1;\path2"
|
|
;include_path = ".;c:\php\includes"
|
|
@@ -986,7 +986,7 @@ cli_server.color = On
|
|
[Date]
|
|
; Defines the default timezone used by the date functions
|
|
; https://php.net/date.timezone
|
|
-;date.timezone =
|
|
+date.timezone = 'UTC'
|
|
|
|
; https://php.net/date.default-latitude
|
|
;date.default_latitude = 31.7667
|
|
@@ -1179,7 +1179,7 @@ mysqli.max_persistent = -1
|
|
|
|
; Allow or prevent persistent links.
|
|
; https://php.net/mysqli.allow-persistent
|
|
-mysqli.allow_persistent = On
|
|
+mysqli.allow_persistent = Off
|
|
|
|
; Maximum number of links. -1 means no limit.
|
|
; https://php.net/mysqli.max-links
|
|
Index: php-8.3.0/sapi/fpm/www.conf.in
|
|
===================================================================
|
|
--- php-8.3.0.orig/sapi/fpm/www.conf.in
|
|
+++ php-8.3.0/sapi/fpm/www.conf.in
|
|
@@ -27,6 +27,8 @@
|
|
; If the group is not set, the user's group is used.
|
|
user = @php_fpm_user@
|
|
group = @php_fpm_group@
|
|
+; session folder has to be writable by user:group
|
|
+php_value[session.save_path] = /var/lib/php8/sessions
|
|
|
|
; The address on which to accept FastCGI requests.
|
|
; Valid syntaxes are:
|