packages/php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:6b6229fde5fa2500d440ada1b02bc6b38cb666a1
Branches Tags
packages:main
...
compare: packages:e81bc35bda11f608c3a30cb8fb8199d7c40dd9f6
Branches Tags
packages:main

10 Commits
6b6229fde5 ... e81bc35bda

Author SHA1 Message Date
openeuler-ci-bot
e81bc35bda
!187 [sync] PR-182: license信息规范整改 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-06-17 11:24:16 +00:00
Funda Wang
4ab4e7d1d6 Update licenses declaration 
(cherry picked from commit 5621e8b95fcd0a78e185d812b69b6d23c5fe0cef)
 2024-06-17 17:24:27 +08:00
openeuler-ci-bot
0cd4306171
!175 [sync] PR-171: fix CVE-2024-5458 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-06-11 06:53:16 +00:00
Funda Wang
c52c3289a3 fix CVE-2024-5458 
(cherry picked from commit dbbea5b9ee97d9afe8cbaea63cf94a18017d8fe7)
 2024-06-07 16:43:58 +08:00
openeuler-ci-bot
dcdc496aa5
!164 [sync] PR-161: fix CVE-2024-2756, CVE-2024-3096 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-04-15 08:14:28 +00:00
Funda Wang
1ecfc5f881 fix CVE-2024-2756, CVE-2024-3096 
(cherry picked from commit 0b94123f2f4e2953888bb876b8e1983461ec1c90)
 2024-04-15 11:11:27 +08:00
openeuler-ci-bot
535c4db118
!157 [sync] PR-156: disable opcache.huge_code_pages on x86_64 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-02-27 09:46:25 +00:00
beta
7a8133a8d2 disable opcache.huge_code_pages on x86_64 
Signed-off-by: beta <beta@yfqm.date>
(cherry picked from commit 79da7dcfc9313df44649bf11a81be9672fc6ba06)
 2023-11-30 10:52:49 +08:00
openeuler-ci-bot
445b85bc31
!143 Update to version 8.0.30 
From: @fundawang 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2023-08-07 01:30:16 +00:00
Funda Wang
db2f2893bb 8.0.30 2023-08-04 12:45:17 +08:00
5 changed files with 494 additions and 34 deletions
Show Stats Expand all files Collapse all files

BIN
php-8.0.29.tar.xz → php-8.0.30.tar.xz
View File

Binary file not shown.

191
php-cve-2024-2756.patch Normal file
View File

@ -0,0 +1,191 @@
From 2e07a3acd7a6b53c55325b94bed97748d7697b53 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 17 Mar 2024 21:04:47 +0100
Subject: [PATCH 1/4] Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass
due to partial CVE-2022-31629 fix
The check happened too early as later code paths may perform more
mangling rules. Move the check downwards right before adding the actual
variable.
(cherry picked from commit 093c08af25fb323efa0c8e6154aa9fdeae3d3b53)
---
ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt | 63 +++++++++++++++++++++
main/php_variables.c | 41 +++++++++-----
2 files changed, 90 insertions(+), 14 deletions(-)
create mode 100644 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
diff --git a/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
new file mode 100644
index 00000000000..77fcb680894
--- /dev/null
+++ b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
@@ -0,0 +1,63 @@
+--TEST--
+ghsa-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix)
+--COOKIE--
+..Host-test=ignore_1;
+._Host-test=ignore_2;
+.[Host-test=ignore_3;
+_.Host-test=ignore_4;
+__Host-test=ignore_5;
+_[Host-test=ignore_6;
+[.Host-test=ignore_7;
+[_Host-test=ignore_8;
+[[Host-test=ignore_9;
+..Host-test[]=ignore_10;
+._Host-test[]=ignore_11;
+.[Host-test[]=ignore_12;
+_.Host-test[]=ignore_13;
+__Host-test[]=legitimate_14;
+_[Host-test[]=legitimate_15;
+[.Host-test[]=ignore_16;
+[_Host-test[]=ignore_17;
+[[Host-test[]=ignore_18;
+..Secure-test=ignore_1;
+._Secure-test=ignore_2;
+.[Secure-test=ignore_3;
+_.Secure-test=ignore_4;
+__Secure-test=ignore_5;
+_[Secure-test=ignore_6;
+[.Secure-test=ignore_7;
+[_Secure-test=ignore_8;
+[[Secure-test=ignore_9;
+..Secure-test[]=ignore_10;
+._Secure-test[]=ignore_11;
+.[Secure-test[]=ignore_12;
+_.Secure-test[]=ignore_13;
+__Secure-test[]=legitimate_14;
+_[Secure-test[]=legitimate_15;
+[.Secure-test[]=ignore_16;
+[_Secure-test[]=ignore_17;
+[[Secure-test[]=ignore_18;
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(3) {
+ ["__Host-test"]=>
+ array(1) {
+ [0]=>
+ string(13) "legitimate_14"
+ }
+ ["_"]=>
+ array(2) {
+ ["Host-test["]=>
+ string(13) "legitimate_15"
+ ["Secure-test["]=>
+ string(13) "legitimate_15"
+ }
+ ["__Secure-test"]=>
+ array(1) {
+ [0]=>
+ string(13) "legitimate_14"
+ }
+}
diff --git a/main/php_variables.c b/main/php_variables.c
index 27a9ad089e7..dc888bdfc64 100644
--- a/main/php_variables.c
+++ b/main/php_variables.c
@@ -54,6 +54,21 @@ static zend_always_inline void php_register_variable_quick(const char *name, siz
zend_string_release_ex(key, 0);
}
+/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host-
+ * Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
+static bool php_is_forbidden_variable_name(const char *mangled_name, size_t mangled_name_len, const char *pre_mangled_name)
+{
+ if (mangled_name_len >= sizeof("__Host-")-1 && strncmp(mangled_name, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(pre_mangled_name, "__Host-", sizeof("__Host-")-1) != 0) {
+ return true;
+ }
+
+ if (mangled_name_len >= sizeof("__Secure-")-1 && strncmp(mangled_name, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(pre_mangled_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
+ return true;
+ }
+
+ return false;
+}
+
PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
{
char *p = NULL;
@@ -104,20 +119,6 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
}
var_len = p - var;
- /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
- if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
- zval_ptr_dtor_nogc(val);
- free_alloca(var_orig, use_heap);
- return;
- }
-
- /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
- if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
- zval_ptr_dtor_nogc(val);
- free_alloca(var_orig, use_heap);
- return;
- }
-
if (var_len==0) { /* empty variable name, or variable name with a space in it */
zval_ptr_dtor_nogc(val);
free_alloca(var_orig, use_heap);
@@ -221,6 +222,12 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
return;
}
} else {
+ if (php_is_forbidden_variable_name(index, index_len, var_name)) {
+ zval_ptr_dtor_nogc(val);
+ free_alloca(var_orig, use_heap);
+ return;
+ }
+
gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
if (!gpc_element_p) {
zval tmp;
@@ -258,6 +265,12 @@ plain_var:
zval_ptr_dtor_nogc(val);
}
} else {
+ if (php_is_forbidden_variable_name(index, index_len, var_name)) {
+ zval_ptr_dtor_nogc(val);
+ free_alloca(var_orig, use_heap);
+ return;
+ }
+
zend_ulong idx;
/*
--
2.44.0
From 366cc249b7d54707572beb7096e8f6c65ee79719 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 10 Apr 2024 08:59:32 +0200
Subject: [PATCH 2/4] NEWS
---
NEWS | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/NEWS b/NEWS
index 8147a7e517c..14fda3a58b9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,12 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
+Backported from 8.1.28
+
+- Standard:
+ . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
+ partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
+
03 Aug 2023, PHP 8.0.30
- Libxml:
--
2.44.0

77
php-cve-2024-3096.patch Normal file
View File

@ -0,0 +1,77 @@
From 81794c73068d9a44bf109bbcc9793e7b56a1c051 Mon Sep 17 00:00:00 2001
From: Jakub Zelenka <bukka@php.net>
Date: Fri, 29 Mar 2024 15:27:59 +0000
Subject: [PATCH 3/4] Fix bug GHSA-q6x7-frmf-grcw: password_verify can
erroneously return true
Disallow null character in bcrypt password
(cherry picked from commit 0ba5229a3f7572846e91c8f5382e87785f543826)
---
ext/standard/password.c | 5 +++++
ext/standard/tests/password/password_bcrypt_errors.phpt | 7 +++++++
2 files changed, 12 insertions(+)
diff --git a/ext/standard/password.c b/ext/standard/password.c
index fb29e7bbba4..40117983f70 100644
--- a/ext/standard/password.c
+++ b/ext/standard/password.c
@@ -184,6 +184,11 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a
zval *zcost;
zend_long cost = PHP_PASSWORD_BCRYPT_COST;
+ if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
+ zend_value_error("Bcrypt password must not contain null character");
+ return NULL;
+ }
+
if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) {
cost = zval_get_long(zcost);
}
diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt
index 10c3483f5a8..5d823cba021 100644
--- a/ext/standard/tests/password/password_bcrypt_errors.phpt
+++ b/ext/standard/tests/password/password_bcrypt_errors.phpt
@@ -14,7 +14,14 @@ try {
} catch (ValueError $exception) {
echo $exception->getMessage() . "\n";
}
+
+try {
+ var_dump(password_hash("null\0password", PASSWORD_BCRYPT));
+} catch (ValueError $e) {
+ echo $e->getMessage(), "\n";
+}
?>
--EXPECT--
Invalid bcrypt cost parameter specified: 3
Invalid bcrypt cost parameter specified: 32
+Bcrypt password must not contain null character
--
2.44.0
From 24f77904ee2259d722559f129f96a1f145a2367b Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 10 Apr 2024 09:01:09 +0200
Subject: [PATCH 4/4] NEWS
---
NEWS | 2 ++
1 file changed, 2 insertions(+)
diff --git a/NEWS b/NEWS
index 14fda3a58b9..8b4801d707e 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,8 @@ Backported from 8.1.28
- Standard:
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
+ . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
+ opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
03 Aug 2023, PHP 8.0.30
--
2.44.0

177
php-cve-2024-5458.patch Normal file
View File

@ -0,0 +1,177 @@
From 4066610b47e22c24cbee91be434a94357056a479 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Wed, 22 May 2024 22:25:02 +0200
Subject: [PATCH 1/2] Fix GHSA-w8qr-v226-r27w
We should not early-out with success status if we found an ipv6
hostname, we should keep checking the rest of the conditions.
Because integrating the if-check of the ipv6 hostname in the
"Validate domain" if-check made the code hard to read, I extracted the
condition out to a separate function. This also required to make
a few pointers const in order to have some clean code.
---
ext/filter/logical_filters.c | 35 ++++++++++---------
ext/filter/tests/ghsa-w8qr-v226-r27w.phpt | 41 +++++++++++++++++++++++
2 files changed, 61 insertions(+), 15 deletions(-)
create mode 100644 ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index ad011568aac..300c6e2809c 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -89,7 +89,7 @@
#define FORMAT_IPV4 4
#define FORMAT_IPV6 6
-static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]);
+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]);
static int php_filter_parse_int(const char *str, size_t str_len, zend_long *ret) { /* {{{ */
zend_long ctx_value;
@@ -572,6 +572,14 @@ static int is_userinfo_valid(zend_string *str)
return 1;
}
+static bool php_filter_is_valid_ipv6_hostname(const char *s, size_t l)
+{
+ const char *e = s + l;
+ const char *t = e - 1;
+
+ return *s == '[' && *t == ']' && _php_filter_validate_ipv6(s + 1, l - 2, NULL);
+}
+
void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
{
php_url *url;
@@ -592,7 +600,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
if (url->scheme != NULL &&
(zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) {
- char *e, *s, *t;
+ const char *s;
size_t l;
if (url->host == NULL) {
@@ -601,17 +609,14 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
s = ZSTR_VAL(url->host);
l = ZSTR_LEN(url->host);
- e = s + l;
- t = e - 1;
-
- /* An IPv6 enclosed by square brackets is a valid hostname */
- if (*s == '[' && *t == ']' && _php_filter_validate_ipv6((s + 1), l - 2, NULL)) {
- php_url_free(url);
- return;
- }
- // Validate domain
- if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) {
+ if (
+ /* An IPv6 enclosed by square brackets is a valid hostname.*/
+ !php_filter_is_valid_ipv6_hostname(s, l) &&
+ /* Validate domain.
+ * This includes a loose check for an IPv4 address. */
+ !_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)
+ ) {
php_url_free(url);
RETURN_VALIDATION_FAILED
}
@@ -745,15 +750,15 @@ static int _php_filter_validate_ipv4(char *str, size_t str_len, int *ip) /* {{{
}
/* }}} */
-static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]) /* {{{ */
+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]) /* {{{ */
{
int compressed_pos = -1;
int blocks = 0;
int num, n, i;
char *ipv4;
- char *end;
+ const char *end;
int ip4elm[4];
- char *s = str;
+ const char *s = str;
if (!memchr(str, ':', str_len)) {
return 0;
diff --git a/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
new file mode 100644
index 00000000000..0092408ee5a
--- /dev/null
+++ b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
@@ -0,0 +1,41 @@
+--TEST--
+GHSA-w8qr-v226-r27w
+--EXTENSIONS--
+filter
+--FILE--
+<?php
+
+function test(string $input) {
+ var_dump(filter_var($input, FILTER_VALIDATE_URL));
+}
+
+echo "--- These ones should fail ---\n";
+test("http://t[est@127.0.0.1");
+test("http://t[est@[::1]");
+test("http://t[est@[::1");
+test("http://t[est@::1]");
+test("http://php.net\\@aliyun.com/aaa.do");
+test("http://test[@2001:db8:3333:4444:5555:6666:1.2.3.4]");
+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4]");
+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4");
+
+echo "--- These ones should work ---\n";
+test("http://test@127.0.0.1");
+test("http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]");
+test("http://test@[::1]");
+
+?>
+--EXPECT--
+--- These ones should fail ---
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+bool(false)
+--- These ones should work ---
+string(21) "http://test@127.0.0.1"
+string(50) "http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]"
+string(17) "http://test@[::1]"
--
2.45.1
From a1ff81b786bd519597e770795be114f5171f0648 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 4 Jun 2024 16:48:08 +0200
Subject: [PATCH 2/2] NEWS
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index 1300609f189..7a9b6bdae18 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+Backported from 8.1.29
+
+- Filter:
+ . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
+ (CVE-2024-5458) (nielsdos)
+
Backported from 8.1.28
- Standard:
--
2.45.1

83
php.spec
View File

@ -22,13 +22,13 @@
%global with_freetds 0
%global with_sodium 1
%global with_pspell 0
%global upver 8.0.29
%global upver 8.0.30
Name: php
Version: %{upver}
Release: 1
Release: 5
Summary: PHP scripting language for creating dynamic web sites
License: PHP-3.01 and Zend-2.0 and BSD and MIT and ASL 1.0 and NCSA
License: PHP-3.01 AND Zend-2.0 AND BSD-2-Clause AND MIT AND Apache-1.0 AND NCSA AND BSL-1.0
URL: http://www.php.net/
Source0: http://www.php.net/distributions/php-%{upver}.tar.xz
Source1: php.conf
@ -56,6 +56,9 @@ Patch5: php-7.4.0-ldap_r.patch
Patch6: php-8.0.0-phpinfo.patch
Patch7: php-7.4.0-datetests.patch
Patch8: php-Add-sw64-architecture.patch
Patch9: php-cve-2024-2756.patch
Patch10: php-cve-2024-3096.patch
Patch11: php-cve-2024-5458.patch
BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
@ -90,7 +93,7 @@ which adds support for the PHP language to Apache HTTP Server.
%package cli
Summary: Command-line interface for PHP
License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA and PostgreSQL
License: PHP-3.01 AND Zend-2.0 AND BSD-2-Clause AND MIT AND Apache-1.0 AND NCSA AND PostgreSQL
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-cgi = %{version}-%{release}, php-cgi%{?_isa} = %{version}-%{release}, php-pcntl, php-pcntl%{?_isa}
Provides: php-readline, php-readline%{?_isa}
@ -123,7 +126,7 @@ any size, especially busier sites.
%package common
Summary: Common files for PHP
License: PHP and BSD
License: PHP-3.01 AND BSD-2-Clause
Provides: php(api) = %{apiver}-%{__isa_bits}, php(zend-abi) = %{zendver}-%{__isa_bits}
Provides: php(language) = %{version}, php(language)%{?_isa} = %{version}, php-bz2, php-bz2%{?_isa}
Provides: php-calendar, php-calendar%{?_isa}, php-core = %{version}, php-core%{?_isa} = %{version}
@ -160,7 +163,7 @@ need to install this package.
%package opcache
Summary: The Zend OPcache
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-pecl-zendopcache = %{version}, php-pecl-zendopcache%{?_isa} = %{version}, php-pecl(opcache) = %{version}
Provides: php-pecl(opcache)%{?_isa} = %{version}
@ -175,7 +178,7 @@ bytecode optimization patterns that make code execution faster.
%if %{with_imap}
%package imap
Summary: A module for PHP applications that use IMAP
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: krb5-devel, openssl-devel, libc-client-devel
@ -187,7 +190,7 @@ messages on mail servers. PHP is an HTML-embedded scripting language.
%package ldap
Summary: A module for PHP applications that use LDAP
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: cyrus-sasl-devel, openldap-devel, openssl-devel
@ -199,7 +202,7 @@ language.
%package pdo
Summary: A database access abstraction module for PHP applications
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-pdo-abi = %{pdover}-%{__isa_bits}, php(pdo-abi) = %{pdover}-%{__isa_bits}, php-sqlite3, php-sqlite3%{?_isa}
Provides: php-pdo_sqlite, php-pdo_sqlite%{?_isa}
@ -212,7 +215,7 @@ databases.
%package mysqlnd
Summary: A module for PHP applications that use MySQL databases
License: PHP
License: PHP-3.01
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database, php-mysqli = %{version}-%{release}, php-mysqli%{?_isa} = %{version}-%{release},php-pdo_mysql
Provides: php-pdo_mysql%{?_isa}
@ -227,7 +230,7 @@ This package use the MySQL Native Driver
%package pgsql
Summary: A PostgreSQL database module for PHP
License: PHP
License: PHP-3.01
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database, php-pdo_pgsql, php-pdo_pgsql%{?_isa}
BuildRequires: krb5-devel, openssl-devel, postgresql-devel
@ -242,7 +245,7 @@ php package.
%package process
Summary: Modules for PHP script using system process interfaces
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-posix, php-posix%{?_isa}, php-shmop, php-shmop%{?_isa}, php-sysvsem, php-sysvsem%{?_isa}
Provides: php-sysvshm, php-sysvshm%{?_isa}, php-sysvmsg, php-sysvmsg%{?_isa}
@ -254,7 +257,7 @@ communication.
%package odbc
Summary: A module for PHP applications that use ODBC databases
License: PHP
License: PHP-3.01
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database, php-pdo_odbc, php-pdo_odbc%{?_isa}
BuildRequires: unixODBC-devel
@ -270,7 +273,7 @@ package.
%package soap
Summary: A module for PHP applications that use the SOAP protocol
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: libxml2-devel
@ -281,7 +284,7 @@ support to PHP for using the SOAP web services protocol.
%if %{with_firebird}
%package interbase
Summary: A module for PHP applications that use Interbase/Firebird databases
License: PHP
License: PHP-3.01
BuildRequires: firebird-devel
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database, php-firebird, php-firebird%{?_isa}, php-pdo_firebird, php-pdo_firebird%{?_isa}
@ -300,7 +303,7 @@ License.
%package snmp
Summary: A module for PHP applications that query SNMP-managed devices
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}, net-snmp
BuildRequires: net-snmp-devel
@ -312,7 +315,7 @@ will need to install this package and the php package.
%package xml
Summary: A module for PHP applications which use XML
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-dom, php-dom%{?_isa}, php-domxml, php-domxml%{?_isa}, php-simplexml, php-simplexml%{?_isa}
Provides: php-xmlreader, php-xmlreader%{?_isa}, php-xmlwriter, php-xmlwriter%{?_isa}
@ -327,7 +330,7 @@ and performing XSL transformations on XML documents.
%package mbstring
Summary: A module for PHP applications which need multi-byte string handling
License: PHP and LGPLv2 and OpenLDAP
License: PHP-3.01 AND LGPL-2.1-only AND OLDAP-2.8
BuildRequires: oniguruma-devel
Provides: bundled(libmbfl) = 1.3.2
Requires: php-common%{?_isa} = %{version}-%{release}
@ -339,9 +342,9 @@ support for multi-byte string handling to PHP.
%package gd
Summary: A module for PHP applications for using the gd graphics library
%if %{with_libgd}
License: PHP
License: PHP-3.0.1
%else
License: PHP and BSD
License: PHP-3.0.1 and BSD-2-Clause
%endif
Requires: php-common%{?_isa} = %{version}-%{release}
%if %{with_libgd}
@ -357,7 +360,7 @@ support for using the gd graphics library to PHP.
%package bcmath
Summary: A module for PHP applications for using the bcmath library
License: PHP and LGPLv2+
License: PHP-3.01 AND LGPL-2.1-or-later
Requires: php-common%{?_isa} = %{version}-%{release}
%description bcmath
@ -366,7 +369,7 @@ support for using the bcmath library to PHP.
%package gmp
Summary: A module for PHP applications for using the GNU MP library
License: PHP
License: PHP-3.01
BuildRequires: gmp-devel
Requires: php-common%{?_isa} = %{version}-%{release}
@ -376,7 +379,7 @@ using the GNU MP library.
%package dba
Summary: A database abstraction layer module for PHP applications
License: PHP
License: PHP-3.01
BuildRequires: lmdb-devel, tokyocabinet-devel
Requires: php-common%{?_isa} = %{version}-%{release}
@ -386,7 +389,7 @@ support for using the DBA database abstraction layer to PHP.
%package tidy
Summary: Standard PHP module provides tidy library support
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: libtidy-devel
@ -397,7 +400,7 @@ support for using the tidy library to PHP.
%if %{with_freetds}
%package pdo-dblib
Summary: PDO driver Microsoft SQL Server and Sybase databases
License: PHP
License: PHP-3.01
Requires: php-pdo%{?_isa} = %{version}-%{release}
BuildRequires: freetds-devel
Provides: php-pdo_dblib, php-pdo_dblib%{?_isa}
@ -420,7 +423,7 @@ into applications to provide PHP scripting language support.
%if %{with_pspell}
%package pspell
Summary: A module for PHP applications for using pspell interfaces
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: aspell-devel >= 0.50.0
@ -431,7 +434,7 @@ support for using the pspell library to PHP.
%package intl
Summary: Internationalization extension for PHP applications
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: libicu-devel >= 4.0
@ -441,7 +444,7 @@ support for using the ICU library to PHP.
%package enchant
Summary: Enchant spelling extension for PHP applications
License: PHP
License: PHP-3.01
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: enchant2-devel
@ -452,7 +455,7 @@ support for using the enchant library to PHP.
%if %{with_sodium}
%package sodium
Summary: Wrapper for the Sodium cryptographic library
License: PHP
License: PHP-3.01
BuildRequires: pkgconfig(libsodium) >= 1.0.9
Requires: php-common%{?_isa} = %{version}-%{release}
@ -467,7 +470,7 @@ low-level PHP extension for the libsodium cryptographic library.
%package ffi
Summary: Foreign Function Interface
# All files licensed under PHP version 3.0.1
License: PHP
License: PHP-3.01
Group: System Environment/Libraries
BuildRequires: pkgconfig(libffi)
Requires: php-common%{?_isa} = %{version}-%{release}
@ -550,10 +553,6 @@ chmod 644 README.*
cp %{SOURCE50} %{SOURCE51} %{SOURCE52} .
%ifarch x86_64
sed -e '/opcache.huge_code_pages/s/0/1/' -i 10-opcache.ini
%endif
%build
export SOURCE_DATE_EPOCH=$(date +%s -r NEWS)
@ -1087,6 +1086,22 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%changelog
* Wed Jun 12 2024 Funda Wang <fundawang@yeah.net> - 8.0.30-5
- Update licenses declaration
* Fri Jun 07 2024 Funda Wang <fundawang@yeah.net> - 8.0.30-4
- fix CVE-2024-5458
* Fri Apr 12 2024 Funda Wang <fundawang@yeah.net> - 8.0.30-3
- fix CVE-2024-2756, CVE-2024-3096
* Tue Nov 7 2023 beta <beta@yfqm.date> - 8.0.30-2
- disable opcache.huge_code_pages on x86_64
* Fri Aug 4 2023 Funda Wang <fundawang@yeah.net> - 8.0.30-1
- CVE-2023-3823, CVE-2023-3824
- update to 8.0.30
* Thu Jun 15 2023 Dillon Chen <dillon.chen@gmail.com> - 8.0.29-1
- update to 8.0.29 to Fixed bug GHSA-76gg-c692-v2mw