diff --git a/download b/download deleted file mode 100644 index c83278cbd77fa19d4f1a6f4e6462c5c5b7117d2a..0000000000000000000000000000000000000000 --- a/download +++ /dev/null @@ -1,2 +0,0 @@ -72f1955d43075d0f7ffd41f6d6e223e2 php-8.0.13.tar.xz -6416be892b5f4757920cea95ef5ccc37 php-8.0.13.tar.xz.asc diff --git a/php-8.0.10-systzdata-v20.patch b/php-8.0.10-systzdata-v21.patch similarity index 86% rename from php-8.0.10-systzdata-v20.patch rename to php-8.0.10-systzdata-v21.patch index 5b0d84b7d9f31d31a603a2060c53dbef07d78305..779f538a3901367b993f740bcf0e59decad69503 100644 --- a/php-8.0.10-systzdata-v20.patch +++ b/php-8.0.10-systzdata-v21.patch @@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather than embedding a copy. Discussed upstream but was not desired. History: +r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi r20: adapt for timelib 2020.03 (in 8.0.10RC1) r19: adapt for timelib 2020.02 (in 8.0.0beta2) r18: adapt for autotool change in 7.3.3RC1 @@ -31,9 +32,10 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) r2: add filesystem trawl to set up name alias index r1: initial revision -diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4 ---- ./ext/date/config0.m4.systzdata 2021-08-10 11:35:28.000000000 +0200 -+++ ./ext/date/config0.m4 2021-08-10 12:09:41.067003517 +0200 +diff --git a/ext/date/config0.m4 b/ext/date/config0.m4 +index 20e4164aaa..a61243646d 100644 +--- a/ext/date/config0.m4 ++++ b/ext/date/config0.m4 @@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h]) dnl Check for strtoll, atoll AC_CHECK_FUNCS(strtoll atoll) @@ -54,9 +56,10 @@ diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4 PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1" timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c" -diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c ---- ./ext/date/lib/parse_tz.c.systzdata 2021-08-10 11:35:28.000000000 +0200 -+++ ./ext/date/lib/parse_tz.c 2021-08-10 12:12:13.191605207 +0200 +diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c +index e9bd0f136d..c04ff01adc 100644 +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c @@ -26,8 +26,21 @@ #include "timelib.h" #include "timelib_private.h" @@ -79,7 +82,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) # if defined(__LITTLE_ENDIAN__) -@@ -94,6 +107,11 @@ static int read_php_preamble(const unsig +@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz) { uint32_t version; @@ -91,7 +94,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c /* read ID */ version = (*tzf)[3] - '0'; *tzf += 4; -@@ -435,7 +453,429 @@ void timelib_dump_tzinfo(timelib_tzinfo +@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz) } } @@ -322,6 +325,44 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c +} + + ++/* Retrieve tzdata version. */ ++static void retrieve_zone_version(timelib_tzdb *db) ++{ ++ static char buf[30]; ++ char path[PATH_MAX]; ++ FILE *fp; ++ ++ strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path)); ++ ++ fp = fopen(path, "r"); ++ if (fp) { ++ if (fgets(buf, sizeof(buf), fp)) { ++ if (!memcmp(buf, "# version ", 10) && ++ isdigit(buf[10]) && ++ isdigit(buf[11]) && ++ isdigit(buf[12]) && ++ isdigit(buf[13]) && ++ islower(buf[14])) { ++ if (buf[14] >= 't') { /* 2022t = 2022.20 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 't' + '0'; ++ buf[15] = '2'; ++ } else if (buf[14] >= 'j') { /* 2022j = 2022.10 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 'j' + '0'; ++ buf[15] = '1'; ++ } else { /* 2022a = 2022.1 */ ++ buf[16] = 0; ++ buf[15] = buf[14] - 'a' + '1'; ++ } ++ buf[14] = '.'; ++ db->version = buf+10; ++ } ++ } ++ fclose(fp); ++ } ++} ++ +/* Create the zone identifier index by trawling the filesystem. */ +static void create_zone_index(timelib_tzdb *db) +{ @@ -522,7 +563,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c { int left = 0, right = tzdb->index_size - 1; -@@ -461,9 +901,48 @@ static int seek_to_tz_position(const uns +@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, return 0; } @@ -559,6 +600,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c + tmp->version = "0.system"; + tmp->data = NULL; + create_zone_index(tmp); ++ retrieve_zone_version(tmp); + system_location_table = create_location_table(); + fake_data_segment(tmp, system_location_table); + timezonedb_system = tmp; @@ -571,7 +613,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count) -@@ -475,7 +954,30 @@ const timelib_tzdb_index_entry *timelib_ +@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_ int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb) { const unsigned char *tzf; @@ -603,7 +645,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz) -@@ -517,6 +1019,8 @@ static timelib_tzinfo* timelib_tzinfo_ct +@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name) timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code) { const unsigned char *tzf; @@ -612,7 +654,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c timelib_tzinfo *tmp; int version; int transitions_result, types_result; -@@ -524,7 +1028,7 @@ timelib_tzinfo *timelib_parse_tzfile(con +@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t *error_code = TIMELIB_ERROR_NO_ERROR; @@ -621,7 +663,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c tmp = timelib_tzinfo_ctor(timezone); version = read_preamble(&tzf, tmp, &type); -@@ -563,11 +1067,36 @@ timelib_tzinfo *timelib_parse_tzfile(con +@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t } skip_posix_string(&tzf, tmp); @@ -658,3 +700,19 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } else { *error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE; tmp = NULL; +diff --git a/ext/date/php_date.c b/ext/date/php_date.c +index 2d5cffb963..389f09f313 100644 +--- a/ext/date/php_date.c ++++ b/ext/date/php_date.c +@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date) + php_info_print_table_row(2, "date/time support", "enabled"); + php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION); + php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version); ++#ifdef HAVE_SYSTEM_TZDATA ++ php_info_print_table_row(2, "Timezone Database", "system"); ++#else + php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal"); ++#endif + php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb)); + php_info_print_table_end(); + diff --git a/php-8.0.26.tar.xz b/php-8.0.26.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..7b5cc030d1f2fe944e0e2283b9b3a3113c6b59c4 Binary files /dev/null and b/php-8.0.26.tar.xz differ diff --git a/php-8.0.26.tar.xz.asc b/php-8.0.26.tar.xz.asc new file mode 100644 index 0000000000000000000000000000000000000000..89df2bc9b3c0808587da1f9b3e81c3dd498518bc --- /dev/null +++ b/php-8.0.26.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJEBAABCgAuFiEEFyn4OTjaROJ7oPTT29s5dHDRIXIFAmN9CxIQHHBvbGxpdGFA +cGhwLm5ldAAKCRDb2zl0cNEhcjG+D/9U0ttLovfvxmiNFvwQQ6/gCUT4ZjY7WR+S +IDJUIL6p9EgMVwbmtE4dXsQh8SRm8UKAz8Lm/U7h0JbEHzQ8u1/232IltPv7L5+r +SuVAdGsxTwWxAq3u7JaPeVBQNFnXLiryqRpLLdYHGI7+ZnsAoxuTiQlyJ177PuE6 +XSnAY3NI1E09mFOynYROBWeubGDrVqOeNTlDeKrcnC2q19j/Sy5iIozCphe9DcSs +pQs1dzLkZKHJyX3Sx+RnfsU6DZFryD0Y5O+ZTSlHvazn1s2gZaU+/ncJgfKAunLX +RfZ7246rYTOUL1Eo2Fa9D8LxFHAWLZOquCkfDxDyXrSJ7GLb6VibDtUHxqanzgVZ +R9fTu9vHaP1XWHC32CPV0XIfW3V/G5u/tJOiLVyVhbCLlQIldO2hiPVbPNjVmxjG +x+rsRYs/FHoF+33IasudrfrrwqFMewA5qXyUR10v1Ig2ld3cg8XcaJZrvXcJ5dij +Fh/Qo35ySWjuNXDFosFt/zWhJFOrU4h17L4YXpA+R2lCeVoGTOAcWHZJcA2G3AST +9w2naCJbseUHBiabrlOwvBCyn5E3eI2R8wePIP4fo0UOxVUPX5vwdqWwQVWHF18h +JtDAbapExymjtjIruxpFJtShsdCHVTPtb8jMYQGboF//YSvfzkDSMO06YODwHjlM +u2OEbyLiNQ== +=vgXU +-----END PGP SIGNATURE----- diff --git a/php-CVE-2022-31626.patch b/php-CVE-2022-31626.patch deleted file mode 100644 index 7f89dcb3558b55f22748db5b74af0087e5646c12..0000000000000000000000000000000000000000 --- a/php-CVE-2022-31626.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 6 Jun 2022 00:56:51 -0600 -Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow - ---- - ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c -index 87b2e7c31331..e4a298adaea4 100644 ---- a/ext/mysqlnd/mysqlnd_wireprotocol.c -+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c -@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet) - MYSQLND_VIO * vio = conn->vio; - MYSQLND_STATS * stats = conn->stats; - MYSQLND_CONNECTION_STATE * connection_state = &conn->state; -- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len); -+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE; -+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size); - zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */ - - DBG_ENTER("php_mysqlnd_change_auth_response_write"); diff --git a/php.spec b/php.spec index ac8a89857ec8d67d8f07fdc6dac52531f68cde8f..63a41e05dc99939afba36d9ae692b548d004dd86 100644 --- a/php.spec +++ b/php.spec @@ -55,13 +55,12 @@ %global with_tidy 0 %endif -%global upver 8.0.13 -#global rcver RC1 +%global upver 8.0.26 Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 3%{anolis_release}%{?dist} +Release: 1%{anolis_release}%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -71,7 +70,7 @@ Release: 3%{anolis_release}%{?dist} License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA URL: http://www.php.net/ -Source0: https://www.php.net/distributions/php-%{upver}%{?rcver}.tar.xz +Source0: https://www.php.net/distributions/php-%{upver}.tar.xz Source1: php.conf Source2: php.ini Source3: macros.php @@ -85,7 +84,7 @@ Source13: nginx-fpm.conf Source14: nginx-php.conf # See https://secure.php.net/gpg-keys.php Source20: https://www.php.net/distributions/php-keyring.gpg -Source21: https://www.php.net/distributions/php-%{upver}%{?rcver}.tar.xz.asc +Source21: https://www.php.net/distributions/php-%{upver}.tar.xz.asc # Configuration files for some extensions Source50: 10-opcache.ini Source51: opcache-default.blacklist @@ -101,7 +100,7 @@ Patch9: php-8.0.6-deprecated.patch # Functional changes # use system tzdata -Patch42: php-8.0.10-systzdata-v20.patch +Patch42: php-8.0.10-systzdata-v21.patch # See http://bugs.php.net/53436 Patch43: php-7.4.0-phpize.patch # Use -lldap_r for OpenLDAP @@ -120,7 +119,6 @@ Patch51: php-8.0.13-crypt.patch # Upstream fixes (100+) # Security fixes (200+) -Patch200: php-CVE-2022-31626.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -692,7 +690,7 @@ in pure PHP. %prep %{?gpgverify:%{gpgverify} --keyring='%{SOURCE20}' --signature='%{SOURCE21}' --data='%{SOURCE0}'} -%setup -q -n php-%{upver}%{?rcver} +%setup -q -n php-%{upver} %patch1 -p1 -b .mpmcheck %patch5 -p1 -b .includedir @@ -713,7 +711,6 @@ in pure PHP. # upstream patches # security patches -%patch200 -p1 -b .cve31626 # Fixes for tests %patch300 -p1 -b .datetests @@ -758,8 +755,8 @@ rm ext/zlib/tests/004-mb.phpt # Safety check for API version change. pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h) -if test "x${pver}" != "x%{upver}%{?rcver}"; then - : Error: Upstream PHP version is now ${pver}, expecting %{upver}%{?rcver}. +if test "x${pver}" != "x%{upver}"; then + : Error: Upstream PHP version is now ${pver}, expecting %{upver}. : Update the version/rcver macros and rebuild. exit 1 fi @@ -1511,6 +1508,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog +* Thu Nov 24 2022 Funda Wang - 8.0.26-1 +- New version 8.0.26 + * Sat Jul 02 2022 Liwei Ge - 8.0.13-3.0.1 - Support loongarch64 platform