!187 [sync] PR-182: license信息规范整改

From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
Update licenses declaration
2024-06-17 11:24:16 +00:00 · 2024-06-17 17:24:27 +08:00 · 2024-06-11 06:53:16 +00:00 · 2024-06-07 16:43:58 +08:00 · 2024-04-15 08:14:28 +00:00 · 2024-04-15 11:11:27 +08:00
5 changed files with 494 additions and 34 deletions
--- a/php-8.0.30.tar.xz
+++ b/php-8.0.30.tar.xz
--- a/php-cve-2024-2756.patch
+++ b/php-cve-2024-2756.patch
@ -0,0 +1,191 @@
 From 2e07a3acd7a6b53c55325b94bed97748d7697b53 Mon Sep 17 00:00:00 2001
 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
 Date: Sun, 17 Mar 2024 21:04:47 +0100
 Subject: [PATCH 1/4] Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass
 due to partial CVE-2022-31629 fix
 The check happened too early as later code paths may perform more
 mangling rules. Move the check downwards right before adding the actual
 variable.
 (cherry picked from commit 093c08af25fb323efa0c8e6154aa9fdeae3d3b53)
 ---
 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt | 63 +++++++++++++++++++++
 main/php_variables.c                        | 41 +++++++++-----
 2 files changed, 90 insertions(+), 14 deletions(-)
 create mode 100644 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
 diff --git a/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
 new file mode 100644
 index 00000000000..77fcb680894
 --- /dev/null
 +++ b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
@@ -0,0 +1,63 @@
 +--TEST--
 +ghsa-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix)
 +--COOKIE--
 +..Host-test=ignore_1;
 +._Host-test=ignore_2;
 +.[Host-test=ignore_3;
 +_.Host-test=ignore_4;
 +__Host-test=ignore_5;
 +_[Host-test=ignore_6;
 +[.Host-test=ignore_7;
 +[_Host-test=ignore_8;
 +[[Host-test=ignore_9;
 +..Host-test[]=ignore_10;
 +._Host-test[]=ignore_11;
 +.[Host-test[]=ignore_12;
 +_.Host-test[]=ignore_13;
 +__Host-test[]=legitimate_14;
 +_[Host-test[]=legitimate_15;
 +[.Host-test[]=ignore_16;
 +[_Host-test[]=ignore_17;
 +[[Host-test[]=ignore_18;
 +..Secure-test=ignore_1;
 +._Secure-test=ignore_2;
 +.[Secure-test=ignore_3;
 +_.Secure-test=ignore_4;
 +__Secure-test=ignore_5;
 +_[Secure-test=ignore_6;
 +[.Secure-test=ignore_7;
 +[_Secure-test=ignore_8;
 +[[Secure-test=ignore_9;
 +..Secure-test[]=ignore_10;
 +._Secure-test[]=ignore_11;
 +.[Secure-test[]=ignore_12;
 +_.Secure-test[]=ignore_13;
 +__Secure-test[]=legitimate_14;
 +_[Secure-test[]=legitimate_15;
 +[.Secure-test[]=ignore_16;
 +[_Secure-test[]=ignore_17;
 +[[Secure-test[]=ignore_18;
 +--FILE--
 +<?php
 +var_dump($_COOKIE);
 +?>
 +--EXPECT--
 +array(3) {
 +  ["__Host-test"]=>
 +  array(1) {
 +    [0]=>
 +    string(13) "legitimate_14"
 +  }
 +  ["_"]=>
 +  array(2) {
 +    ["Host-test["]=>
 +    string(13) "legitimate_15"
 +    ["Secure-test["]=>
 +    string(13) "legitimate_15"
 +  }
 +  ["__Secure-test"]=>
 +  array(1) {
 +    [0]=>
 +    string(13) "legitimate_14"
 +  }
 +}
 diff --git a/main/php_variables.c b/main/php_variables.c
 index 27a9ad089e7..dc888bdfc64 100644
 --- a/main/php_variables.c
 +++ b/main/php_variables.c
@@ -54,6 +54,21 @@ static zend_always_inline void php_register_variable_quick(const char *name, siz
 	zend_string_release_ex(key, 0);
 }
 +/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host-
 + * Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
 +static bool php_is_forbidden_variable_name(const char *mangled_name, size_t mangled_name_len, const char *pre_mangled_name)
 +{
 +	if (mangled_name_len >= sizeof("__Host-")-1 && strncmp(mangled_name, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(pre_mangled_name, "__Host-", sizeof("__Host-")-1) != 0) {
 +		return true;
 +	}
 +
 +	if (mangled_name_len >= sizeof("__Secure-")-1 && strncmp(mangled_name, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(pre_mangled_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
 +		return true;
 +	}
 +
 +	return false;
 +}
 +
 PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
 {
 	char *p = NULL;
@@ -104,20 +119,6 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
 	}
 	var_len = p - var;
 -	/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
 -	if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
 -		zval_ptr_dtor_nogc(val);
 -		free_alloca(var_orig, use_heap);
 -		return;
 -	}
 -
 -	/* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
 -	if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
 -		zval_ptr_dtor_nogc(val);
 -		free_alloca(var_orig, use_heap);
 -		return;
 -	}
 -
 	if (var_len==0) { /* empty variable name, or variable name with a space in it */
 		zval_ptr_dtor_nogc(val);
 		free_alloca(var_orig, use_heap);
@@ -221,6 +222,12 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
 					return;
 				}
 			} else {
 +				if (php_is_forbidden_variable_name(index, index_len, var_name)) {
 +					zval_ptr_dtor_nogc(val);
 +					free_alloca(var_orig, use_heap);
 +					return;
 +				}
 +
 				gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
 				if (!gpc_element_p) {
 					zval tmp;
@@ -258,6 +265,12 @@ plain_var:
 				zval_ptr_dtor_nogc(val);
 			}
 		} else {
 +			if (php_is_forbidden_variable_name(index, index_len, var_name)) {
 +				zval_ptr_dtor_nogc(val);
 +				free_alloca(var_orig, use_heap);
 +				return;
 +			}
 +
 			zend_ulong idx;
 			/*
 -- 
 2.44.0
 From 366cc249b7d54707572beb7096e8f6c65ee79719 Mon Sep 17 00:00:00 2001
 From: Remi Collet <remi@remirepo.net>
 Date: Wed, 10 Apr 2024 08:59:32 +0200
 Subject: [PATCH 2/4] NEWS
 ---
 NEWS | 7 +++++++
 1 file changed, 7 insertions(+)
 diff --git a/NEWS b/NEWS
 index 8147a7e517c..14fda3a58b9 100644
 --- a/NEWS
 +++ b/NEWS
@@ -1,5 +1,12 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 +
 +Backported from 8.1.28
 +
 +- Standard:
 +  . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
 +    partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
 +
 03 Aug 2023, PHP 8.0.30
 - Libxml:
 -- 
 2.44.0
--- a/php-cve-2024-3096.patch
+++ b/php-cve-2024-3096.patch
@ -0,0 +1,77 @@
 From 81794c73068d9a44bf109bbcc9793e7b56a1c051 Mon Sep 17 00:00:00 2001
 From: Jakub Zelenka <bukka@php.net>
 Date: Fri, 29 Mar 2024 15:27:59 +0000
 Subject: [PATCH 3/4] Fix bug GHSA-q6x7-frmf-grcw: password_verify can
 erroneously return true
 Disallow null character in bcrypt password
 (cherry picked from commit 0ba5229a3f7572846e91c8f5382e87785f543826)
 ---
 ext/standard/password.c                                 | 5 +++++
 ext/standard/tests/password/password_bcrypt_errors.phpt | 7 +++++++
 2 files changed, 12 insertions(+)
 diff --git a/ext/standard/password.c b/ext/standard/password.c
 index fb29e7bbba4..40117983f70 100644
 --- a/ext/standard/password.c
 +++ b/ext/standard/password.c
@@ -184,6 +184,11 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a
 	zval *zcost;
 	zend_long cost = PHP_PASSWORD_BCRYPT_COST;
 +	if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
 +		zend_value_error("Bcrypt password must not contain null character");
 +		return NULL;
 +	}
 +
 	if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) {
 		cost = zval_get_long(zcost);
 	}
 diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt
 index 10c3483f5a8..5d823cba021 100644
 --- a/ext/standard/tests/password/password_bcrypt_errors.phpt
 +++ b/ext/standard/tests/password/password_bcrypt_errors.phpt
@@ -14,7 +14,14 @@ try {
 } catch (ValueError $exception) {
     echo $exception->getMessage() . "\n";
 }
 +
 +try {
 +    var_dump(password_hash("null\0password", PASSWORD_BCRYPT));
 +} catch (ValueError $e) {
 +    echo $e->getMessage(), "\n";
 +}
 ?>
 --EXPECT--
 Invalid bcrypt cost parameter specified: 3
 Invalid bcrypt cost parameter specified: 32
 +Bcrypt password must not contain null character
 -- 
 2.44.0
 From 24f77904ee2259d722559f129f96a1f145a2367b Mon Sep 17 00:00:00 2001
 From: Remi Collet <remi@remirepo.net>
 Date: Wed, 10 Apr 2024 09:01:09 +0200
 Subject: [PATCH 4/4] NEWS
 ---
 NEWS | 2 ++
 1 file changed, 2 insertions(+)
 diff --git a/NEWS b/NEWS
 index 14fda3a58b9..8b4801d707e 100644
 --- a/NEWS
 +++ b/NEWS
@@ -6,6 +6,8 @@ Backported from 8.1.28
 - Standard:
   . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
     partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
 +  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
 +    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
 03 Aug 2023, PHP 8.0.30
 -- 
 2.44.0
--- a/php-cve-2024-5458.patch
+++ b/php-cve-2024-5458.patch
@ -0,0 +1,177 @@
 From 4066610b47e22c24cbee91be434a94357056a479 Mon Sep 17 00:00:00 2001
 From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
 Date: Wed, 22 May 2024 22:25:02 +0200
 Subject: [PATCH 1/2] Fix GHSA-w8qr-v226-r27w
 We should not early-out with success status if we found an ipv6
 hostname, we should keep checking the rest of the conditions.
 Because integrating the if-check of the ipv6 hostname in the
 "Validate domain" if-check made the code hard to read, I extracted the
 condition out to a separate function. This also required to make
 a few pointers const in order to have some clean code.
 ---
 ext/filter/logical_filters.c              | 35 ++++++++++---------
 ext/filter/tests/ghsa-w8qr-v226-r27w.phpt | 41 +++++++++++++++++++++++
 2 files changed, 61 insertions(+), 15 deletions(-)
 create mode 100644 ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
 diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
 index ad011568aac..300c6e2809c 100644
 --- a/ext/filter/logical_filters.c
 +++ b/ext/filter/logical_filters.c
@@ -89,7 +89,7 @@
 #define FORMAT_IPV4    4
 #define FORMAT_IPV6    6
 -static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]);
 +static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]);
 static int php_filter_parse_int(const char *str, size_t str_len, zend_long *ret) { /* {{{ */
 	zend_long ctx_value;
@@ -572,6 +572,14 @@ static int is_userinfo_valid(zend_string *str)
 	return 1;
 }
 +static bool php_filter_is_valid_ipv6_hostname(const char *s, size_t l)
 +{
 +	const char *e = s + l;
 +	const char *t = e - 1;
 +
 +	return *s == '[' && *t == ']' && _php_filter_validate_ipv6(s + 1, l - 2, NULL);
 +}
 +
 void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 {
 	php_url *url;
@@ -592,7 +600,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 	if (url->scheme != NULL &&
 		(zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) {
 -		char *e, *s, *t;
 +		const char *s;
 		size_t l;
 		if (url->host == NULL) {
@@ -601,17 +609,14 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 		s = ZSTR_VAL(url->host);
 		l = ZSTR_LEN(url->host);
 -		e = s + l;
 -		t = e - 1;
 -
 -		/* An IPv6 enclosed by square brackets is a valid hostname */
 -		if (*s == '[' && *t == ']' && _php_filter_validate_ipv6((s + 1), l - 2, NULL)) {
 -			php_url_free(url);
 -			return;
 -		}
 -		// Validate domain
 -		if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) {
 +		if (
 +			/* An IPv6 enclosed by square brackets is a valid hostname.*/
 +			!php_filter_is_valid_ipv6_hostname(s, l) &&
 +			/* Validate domain.
 +			 * This includes a loose check for an IPv4 address. */
 +			!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)
 +		) {
 			php_url_free(url);
 			RETURN_VALIDATION_FAILED
 		}
@@ -745,15 +750,15 @@ static int _php_filter_validate_ipv4(char *str, size_t str_len, int *ip) /* {{{
 }
 /* }}} */
 -static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]) /* {{{ */
 +static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]) /* {{{ */
 {
 	int compressed_pos = -1;
 	int blocks = 0;
 	int num, n, i;
 	char *ipv4;
 -	char *end;
 +	const char *end;
 	int ip4elm[4];
 -	char *s = str;
 +	const char *s = str;
 	if (!memchr(str, ':', str_len)) {
 		return 0;
 diff --git a/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
 new file mode 100644
 index 00000000000..0092408ee5a
 --- /dev/null
 +++ b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
@@ -0,0 +1,41 @@
 +--TEST--
 +GHSA-w8qr-v226-r27w
 +--EXTENSIONS--
 +filter
 +--FILE--
 +<?php
 +
 +function test(string $input) {
 +    var_dump(filter_var($input, FILTER_VALIDATE_URL));
 +}
 +
 +echo "--- These ones should fail ---\n";
 +test("http://t[est@127.0.0.1");
 +test("http://t[est@[::1]");
 +test("http://t[est@[::1");
 +test("http://t[est@::1]");
 +test("http://php.net\\@aliyun.com/aaa.do");
 +test("http://test[@2001:db8:3333:4444:5555:6666:1.2.3.4]");
 +test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4]");
 +test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4");
 +
 +echo "--- These ones should work ---\n";
 +test("http://test@127.0.0.1");
 +test("http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]");
 +test("http://test@[::1]");
 +
 +?>
 +--EXPECT--
 +--- These ones should fail ---
 +bool(false)
 +bool(false)
 +bool(false)
 +bool(false)
 +bool(false)
 +bool(false)
 +bool(false)
 +bool(false)
 +--- These ones should work ---
 +string(21) "http://test@127.0.0.1"
 +string(50) "http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]"
 +string(17) "http://test@[::1]"
 -- 
 2.45.1
 From a1ff81b786bd519597e770795be114f5171f0648 Mon Sep 17 00:00:00 2001
 From: Remi Collet <remi@remirepo.net>
 Date: Tue, 4 Jun 2024 16:48:08 +0200
 Subject: [PATCH 2/2] NEWS
 ---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/NEWS b/NEWS
 index 1300609f189..7a9b6bdae18 100644
 --- a/NEWS
 +++ b/NEWS
@@ -1,6 +1,12 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 +Backported from 8.1.29
 +
 +- Filter:
 +  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
 +    (CVE-2024-5458) (nielsdos)
 +
 Backported from 8.1.28
 - Standard:
 -- 
 2.45.1
--- a/php.spec
+++ b/php.spec
@ -22,13 +22,13 @@
 %global with_freetds    0
 %global with_sodium     1
 %global with_pspell     0
-%global upver           8.0.29
+%global upver           8.0.30
 Name:          php
 Version:       %{upver}
-Release:       1
+Release:       5
 Summary:       PHP scripting language for creating dynamic web sites
-License:       PHP-3.01 and Zend-2.0 and BSD and MIT and ASL 1.0 and NCSA
+License:       PHP-3.01 AND Zend-2.0 AND BSD-2-Clause AND MIT AND Apache-1.0 AND NCSA AND BSL-1.0
 URL:           http://www.php.net/
 Source0:       http://www.php.net/distributions/php-%{upver}.tar.xz
 Source1:       php.conf
@ -56,6 +56,9 @@ Patch5:        php-7.4.0-ldap_r.patch
 Patch6:        php-8.0.0-phpinfo.patch
 Patch7:        php-7.4.0-datetests.patch
 Patch8:        php-Add-sw64-architecture.patch
 Patch9:        php-cve-2024-2756.patch
 Patch10:       php-cve-2024-3096.patch
 Patch11:       php-cve-2024-5458.patch
 BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem
 BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel
@ -90,7 +93,7 @@ which adds support for the PHP language to Apache HTTP Server.
 %package cli
 Summary:  Command-line interface for PHP
-License:  PHP and Zend and BSD and MIT and ASL 1.0 and NCSA and PostgreSQL
+License:  PHP-3.01 AND Zend-2.0 AND BSD-2-Clause AND MIT AND Apache-1.0 AND NCSA AND PostgreSQL
 Requires: php-common%{?_isa} = %{version}-%{release}
 Provides: php-cgi = %{version}-%{release}, php-cgi%{?_isa} = %{version}-%{release}, php-pcntl, php-pcntl%{?_isa}
 Provides: php-readline, php-readline%{?_isa}
@ -123,7 +126,7 @@ any size, especially busier sites.
 %package  common
 Summary:   Common files for PHP
-License:   PHP and BSD
+License:   PHP-3.01 AND BSD-2-Clause
 Provides:  php(api) = %{apiver}-%{__isa_bits}, php(zend-abi) = %{zendver}-%{__isa_bits}
 Provides:  php(language) = %{version}, php(language)%{?_isa} = %{version}, php-bz2, php-bz2%{?_isa}
 Provides:  php-calendar, php-calendar%{?_isa}, php-core = %{version}, php-core%{?_isa} = %{version}
@ -160,7 +163,7 @@ need to install this package.
 %package opcache
 Summary:   The Zend OPcache
-License:   PHP
+License:   PHP-3.01
 Requires:  php-common%{?_isa} = %{version}-%{release}
 Provides:  php-pecl-zendopcache = %{version}, php-pecl-zendopcache%{?_isa} = %{version}, php-pecl(opcache) = %{version}
 Provides:  php-pecl(opcache)%{?_isa} = %{version}
@ -175,7 +178,7 @@ bytecode optimization patterns that make code execution faster.
 %if %{with_imap}
 %package imap
 Summary:       A module for PHP applications that use IMAP
-License:       PHP
+License:       PHP-3.01
 Requires:      php-common%{?_isa} = %{version}-%{release}
 BuildRequires: krb5-devel, openssl-devel, libc-client-devel
@ -187,7 +190,7 @@ messages on mail servers. PHP is an HTML-embedded scripting language.
 %package ldap
 Summary:       A module for PHP applications that use LDAP
-License:       PHP
+License:       PHP-3.01
 Requires:      php-common%{?_isa} = %{version}-%{release}
 BuildRequires: cyrus-sasl-devel, openldap-devel, openssl-devel
@ -199,7 +202,7 @@ language.
 %package pdo
 Summary:  A database access abstraction module for PHP applications
-License:  PHP
+License:  PHP-3.01
 Requires: php-common%{?_isa} = %{version}-%{release}
 Provides: php-pdo-abi  = %{pdover}-%{__isa_bits}, php(pdo-abi) = %{pdover}-%{__isa_bits}, php-sqlite3, php-sqlite3%{?_isa}
 Provides: php-pdo_sqlite, php-pdo_sqlite%{?_isa}
@ -212,7 +215,7 @@ databases.
 %package mysqlnd
 Summary:  A module for PHP applications that use MySQL databases
-License:  PHP
+License:  PHP-3.01
 Requires: php-pdo%{?_isa} = %{version}-%{release}
 Provides: php_database, php-mysqli = %{version}-%{release}, php-mysqli%{?_isa} = %{version}-%{release},php-pdo_mysql
 Provides: php-pdo_mysql%{?_isa}
@ -227,7 +230,7 @@ This package use the MySQL Native Driver
 %package pgsql
 Summary:       A PostgreSQL database module for PHP
-License:       PHP
+License:       PHP-3.01
 Requires:      php-pdo%{?_isa} = %{version}-%{release}
 Provides:      php_database, php-pdo_pgsql, php-pdo_pgsql%{?_isa}
 BuildRequires: krb5-devel, openssl-devel, postgresql-devel
@ -242,7 +245,7 @@ php package.
 %package process
 Summary:  Modules for PHP script using system process interfaces
-License:  PHP
+License:  PHP-3.01
 Requires: php-common%{?_isa} = %{version}-%{release}
 Provides: php-posix, php-posix%{?_isa}, php-shmop, php-shmop%{?_isa}, php-sysvsem, php-sysvsem%{?_isa}
 Provides: php-sysvshm, php-sysvshm%{?_isa}, php-sysvmsg, php-sysvmsg%{?_isa}
@ -254,7 +257,7 @@ communication.
 %package odbc
 Summary:       A module for PHP applications that use ODBC databases
-License:       PHP
+License:       PHP-3.01
 Requires:      php-pdo%{?_isa} = %{version}-%{release}
 Provides:      php_database, php-pdo_odbc, php-pdo_odbc%{?_isa}
 BuildRequires: unixODBC-devel
@ -270,7 +273,7 @@ package.
 %package soap
 Summary:       A module for PHP applications that use the SOAP protocol
-License:       PHP
+License:       PHP-3.01
 Requires:      php-common%{?_isa} = %{version}-%{release}
 BuildRequires: libxml2-devel
@ -281,7 +284,7 @@ support to PHP for using the SOAP web services protocol.
 %if %{with_firebird}
 %package interbase
 Summary:        A module for PHP applications that use Interbase/Firebird databases
-License:        PHP
+License:        PHP-3.01
 BuildRequires:  firebird-devel
 Requires:       php-pdo%{?_isa} = %{version}-%{release}
 Provides:       php_database, php-firebird, php-firebird%{?_isa}, php-pdo_firebird, php-pdo_firebird%{?_isa}
@ -300,7 +303,7 @@ License.
 %package snmp
 Summary:       A module for PHP applications that query SNMP-managed devices
-License:       PHP
+License:       PHP-3.01
 Requires:      php-common%{?_isa} = %{version}-%{release}, net-snmp
 BuildRequires: net-snmp-devel
@ -312,7 +315,7 @@ will need to install this package and the php package.
 %package xml
 Summary:       A module for PHP applications which use XML
-License:       PHP
+License:       PHP-3.01
 Requires:      php-common%{?_isa} = %{version}-%{release}
 Provides:      php-dom, php-dom%{?_isa}, php-domxml, php-domxml%{?_isa}, php-simplexml, php-simplexml%{?_isa}
 Provides:      php-xmlreader, php-xmlreader%{?_isa}, php-xmlwriter, php-xmlwriter%{?_isa}
@ -327,7 +330,7 @@ and performing XSL transformations on XML documents.
 %package mbstring
 Summary:       A module for PHP applications which need multi-byte string handling
-License:       PHP and LGPLv2 and OpenLDAP
+License:       PHP-3.01 AND LGPL-2.1-only AND OLDAP-2.8
 BuildRequires: oniguruma-devel
 Provides:      bundled(libmbfl) = 1.3.2
 Requires:      php-common%{?_isa} = %{version}-%{release}
@ -339,9 +342,9 @@ support for multi-byte string handling to PHP.
 %package gd
 Summary: A module for PHP applications for using the gd graphics library
 %if %{with_libgd}
-License: PHP
+License: PHP-3.0.1
 %else
-License: PHP and BSD
+License: PHP-3.0.1 and BSD-2-Clause
 %endif
 Requires: php-common%{?_isa} = %{version}-%{release}
 %if %{with_libgd}
@ -357,7 +360,7 @@ support for using the gd graphics library to PHP.
 %package bcmath
 Summary: A module for PHP applications for using the bcmath library
-License: PHP and LGPLv2+
+License: PHP-3.01 AND LGPL-2.1-or-later
 Requires: php-common%{?_isa} = %{version}-%{release}
 %description bcmath
@ -366,7 +369,7 @@ support for using the bcmath library to PHP.
 %package gmp
 Summary: A module for PHP applications for using the GNU MP library
-License: PHP
+License: PHP-3.01
 BuildRequires: gmp-devel
 Requires: php-common%{?_isa} = %{version}-%{release}
@ -376,7 +379,7 @@ using the GNU MP library.
 %package dba
 Summary: A database abstraction layer module for PHP applications
-License: PHP
+License: PHP-3.01
 BuildRequires: lmdb-devel, tokyocabinet-devel
 Requires: php-common%{?_isa} = %{version}-%{release}
@ -386,7 +389,7 @@ support for using the DBA database abstraction layer to PHP.
 %package tidy
 Summary: Standard PHP module provides tidy library support
-License: PHP
+License: PHP-3.01
 Requires: php-common%{?_isa} = %{version}-%{release}
 BuildRequires: libtidy-devel
@ -397,7 +400,7 @@ support for using the tidy library to PHP.
 %if %{with_freetds}
 %package pdo-dblib
 Summary: PDO driver Microsoft SQL Server and Sybase databases
-License: PHP
+License: PHP-3.01
 Requires: php-pdo%{?_isa} = %{version}-%{release}
 BuildRequires: freetds-devel
 Provides: php-pdo_dblib, php-pdo_dblib%{?_isa}
@ -420,7 +423,7 @@ into applications to provide PHP scripting language support.
 %if %{with_pspell}
 %package pspell
 Summary: A module for PHP applications for using pspell interfaces
-License: PHP
+License: PHP-3.01
 Requires: php-common%{?_isa} = %{version}-%{release}
 BuildRequires: aspell-devel >= 0.50.0
@ -431,7 +434,7 @@ support for using the pspell library to PHP.
 %package intl
 Summary: Internationalization extension for PHP applications
-License: PHP
+License: PHP-3.01
 Requires: php-common%{?_isa} = %{version}-%{release}
 BuildRequires: libicu-devel >= 4.0
@ -441,7 +444,7 @@ support for using the ICU library to PHP.
 %package enchant
 Summary: Enchant spelling extension for PHP applications
-License: PHP
+License: PHP-3.01
 Requires: php-common%{?_isa} = %{version}-%{release}
 BuildRequires: enchant2-devel
@ -452,7 +455,7 @@ support for using the enchant library to PHP.
 %if %{with_sodium}
 %package sodium
 Summary: Wrapper for the Sodium cryptographic library
-License: PHP
+License: PHP-3.01
 BuildRequires:  pkgconfig(libsodium) >= 1.0.9
 Requires: php-common%{?_isa} = %{version}-%{release}
@ -467,7 +470,7 @@ low-level PHP extension for the libsodium cryptographic library.
 %package ffi
 Summary: Foreign Function Interface
 # All files licensed under PHP version 3.0.1
-License: PHP
+License: PHP-3.01
 Group: System Environment/Libraries
 BuildRequires:  pkgconfig(libffi)
 Requires: php-common%{?_isa} = %{version}-%{release}
@ -550,10 +553,6 @@ chmod 644 README.*
 cp %{SOURCE50} %{SOURCE51} %{SOURCE52} .
 %ifarch x86_64
 sed -e '/opcache.huge_code_pages/s/0/1/' -i 10-opcache.ini
 %endif
 %build
 export SOURCE_DATE_EPOCH=$(date +%s -r NEWS)
@ -1087,6 +1086,22 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 %changelog
 * Wed Jun 12 2024 Funda Wang <fundawang@yeah.net> - 8.0.30-5
 - Update licenses declaration
 * Fri Jun 07 2024 Funda Wang <fundawang@yeah.net> - 8.0.30-4
 - fix CVE-2024-5458
 * Fri Apr 12 2024 Funda Wang <fundawang@yeah.net> - 8.0.30-3
 - fix CVE-2024-2756, CVE-2024-3096
 * Tue Nov 7 2023 beta <beta@yfqm.date> - 8.0.30-2
 - disable opcache.huge_code_pages on x86_64
 * Fri Aug 4 2023 Funda Wang <fundawang@yeah.net> - 8.0.30-1
 - CVE-2023-3823, CVE-2023-3824
 - update to 8.0.30
 * Thu Jun 15 2023  Dillon Chen <dillon.chen@gmail.com> - 8.0.29-1
 - update to 8.0.29 to Fixed bug GHSA-76gg-c692-v2mw
Author	SHA1	Message	Date
openeuler-ci-bot	e81bc35bda	!187 [sync] PR-182: license信息规范整改 From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2024-06-17 11:24:16 +00:00
Funda Wang	4ab4e7d1d6	Update licenses declaration (cherry picked from commit 5621e8b95fcd0a78e185d812b69b6d23c5fe0cef)	2024-06-17 17:24:27 +08:00
openeuler-ci-bot	0cd4306171	!175 [sync] PR-171: fix CVE-2024-5458 From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2024-06-11 06:53:16 +00:00
Funda Wang	c52c3289a3	fix CVE-2024-5458 (cherry picked from commit dbbea5b9ee97d9afe8cbaea63cf94a18017d8fe7)	2024-06-07 16:43:58 +08:00
openeuler-ci-bot	dcdc496aa5	!164 [sync] PR-161: fix CVE-2024-2756, CVE-2024-3096 From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2024-04-15 08:14:28 +00:00
Funda Wang	1ecfc5f881	fix CVE-2024-2756, CVE-2024-3096 (cherry picked from commit 0b94123f2f4e2953888bb876b8e1983461ec1c90)	2024-04-15 11:11:27 +08:00
openeuler-ci-bot	535c4db118	!157 [sync] PR-156: disable opcache.huge_code_pages on x86_64 From: @openeuler-sync-bot Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2024-02-27 09:46:25 +00:00
beta	7a8133a8d2	disable opcache.huge_code_pages on x86_64 Signed-off-by: beta <beta@yfqm.date> (cherry picked from commit 79da7dcfc9313df44649bf11a81be9672fc6ba06)	2023-11-30 10:52:49 +08:00
openeuler-ci-bot	445b85bc31	!143 Update to version 8.0.30 From: @fundawang Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen	2023-08-07 01:30:16 +00:00
Funda Wang	db2f2893bb	8.0.30	2023-08-04 12:45:17 +08:00