diff --git a/download b/download index c83278cbd77fa19d4f1a6f4e6462c5c5b7117d2a..ae6a9066202e6486498504d47385c81333c23765 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -72f1955d43075d0f7ffd41f6d6e223e2 php-8.0.13.tar.xz -6416be892b5f4757920cea95ef5ccc37 php-8.0.13.tar.xz.asc +33e7e1dee69fe8e22fe590f59f92ca2e php-8.0.20.tar.xz +0a0e8e195d419dc1210a0f99778f6c18 php-8.0.20.tar.xz.asc diff --git a/php-8.0.10-snmp-sha.patch b/php-8.0.10-snmp-sha.patch index 3ef67eab479246fc28f770d7c6cce10004a0a6e7..a48ad5f01495ca9ade29aabc409fc1dc72a6271a 100644 --- a/php-8.0.10-snmp-sha.patch +++ b/php-8.0.10-snmp-sha.patch @@ -61,12 +61,12 @@ index 69d6549405b17..f0917501751f5 100644 #include "ext/spl/spl_exceptions.h" #include "snmp_arginfo.h" -@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_prot +@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot) if (!strcasecmp(prot, "MD5")) { s->securityAuthProto = usmHMACMD5AuthProtocol; s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN; - } else -+ return true; ++ return 0; + } #endif + @@ -76,7 +76,7 @@ index 69d6549405b17..f0917501751f5 100644 - } else { - zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\""); - return (-1); -+ return true; ++ return 0; } - return (0); + @@ -84,7 +84,7 @@ index 69d6549405b17..f0917501751f5 100644 + if (!strcasecmp(prot, "SHA256")) { + s->securityAuthProto = usmHMAC192SHA256AuthProtocol; + s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid); -+ return true; ++ return 0; + } +#endif + @@ -92,7 +92,7 @@ index 69d6549405b17..f0917501751f5 100644 + if (!strcasecmp(prot, "SHA512")) { + s->securityAuthProto = usmHMAC384SHA512AuthProtocol; + s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid); -+ return true; ++ return 0; + } +#endif + @@ -111,7 +111,7 @@ index 69d6549405b17..f0917501751f5 100644 + smart_string_0(&err); + zend_value_error("%s", err.c); + smart_string_free(&err); -+ return false; ++ return -1; } /* }}} */ diff --git a/php-8.0.10-systzdata-v20.patch b/php-8.0.10-systzdata-v21.patch similarity index 86% rename from php-8.0.10-systzdata-v20.patch rename to php-8.0.10-systzdata-v21.patch index 5b0d84b7d9f31d31a603a2060c53dbef07d78305..779f538a3901367b993f740bcf0e59decad69503 100644 --- a/php-8.0.10-systzdata-v20.patch +++ b/php-8.0.10-systzdata-v21.patch @@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather than embedding a copy. Discussed upstream but was not desired. History: +r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi r20: adapt for timelib 2020.03 (in 8.0.10RC1) r19: adapt for timelib 2020.02 (in 8.0.0beta2) r18: adapt for autotool change in 7.3.3RC1 @@ -31,9 +32,10 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) r2: add filesystem trawl to set up name alias index r1: initial revision -diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4 ---- ./ext/date/config0.m4.systzdata 2021-08-10 11:35:28.000000000 +0200 -+++ ./ext/date/config0.m4 2021-08-10 12:09:41.067003517 +0200 +diff --git a/ext/date/config0.m4 b/ext/date/config0.m4 +index 20e4164aaa..a61243646d 100644 +--- a/ext/date/config0.m4 ++++ b/ext/date/config0.m4 @@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h]) dnl Check for strtoll, atoll AC_CHECK_FUNCS(strtoll atoll) @@ -54,9 +56,10 @@ diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4 PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1" timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c" -diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c ---- ./ext/date/lib/parse_tz.c.systzdata 2021-08-10 11:35:28.000000000 +0200 -+++ ./ext/date/lib/parse_tz.c 2021-08-10 12:12:13.191605207 +0200 +diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c +index e9bd0f136d..c04ff01adc 100644 +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c @@ -26,8 +26,21 @@ #include "timelib.h" #include "timelib_private.h" @@ -79,7 +82,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) # if defined(__LITTLE_ENDIAN__) -@@ -94,6 +107,11 @@ static int read_php_preamble(const unsig +@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz) { uint32_t version; @@ -91,7 +94,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c /* read ID */ version = (*tzf)[3] - '0'; *tzf += 4; -@@ -435,7 +453,429 @@ void timelib_dump_tzinfo(timelib_tzinfo +@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz) } } @@ -322,6 +325,44 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c +} + + ++/* Retrieve tzdata version. */ ++static void retrieve_zone_version(timelib_tzdb *db) ++{ ++ static char buf[30]; ++ char path[PATH_MAX]; ++ FILE *fp; ++ ++ strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path)); ++ ++ fp = fopen(path, "r"); ++ if (fp) { ++ if (fgets(buf, sizeof(buf), fp)) { ++ if (!memcmp(buf, "# version ", 10) && ++ isdigit(buf[10]) && ++ isdigit(buf[11]) && ++ isdigit(buf[12]) && ++ isdigit(buf[13]) && ++ islower(buf[14])) { ++ if (buf[14] >= 't') { /* 2022t = 2022.20 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 't' + '0'; ++ buf[15] = '2'; ++ } else if (buf[14] >= 'j') { /* 2022j = 2022.10 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 'j' + '0'; ++ buf[15] = '1'; ++ } else { /* 2022a = 2022.1 */ ++ buf[16] = 0; ++ buf[15] = buf[14] - 'a' + '1'; ++ } ++ buf[14] = '.'; ++ db->version = buf+10; ++ } ++ } ++ fclose(fp); ++ } ++} ++ +/* Create the zone identifier index by trawling the filesystem. */ +static void create_zone_index(timelib_tzdb *db) +{ @@ -522,7 +563,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c { int left = 0, right = tzdb->index_size - 1; -@@ -461,9 +901,48 @@ static int seek_to_tz_position(const uns +@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, return 0; } @@ -559,6 +600,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c + tmp->version = "0.system"; + tmp->data = NULL; + create_zone_index(tmp); ++ retrieve_zone_version(tmp); + system_location_table = create_location_table(); + fake_data_segment(tmp, system_location_table); + timezonedb_system = tmp; @@ -571,7 +613,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count) -@@ -475,7 +954,30 @@ const timelib_tzdb_index_entry *timelib_ +@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_ int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb) { const unsigned char *tzf; @@ -603,7 +645,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz) -@@ -517,6 +1019,8 @@ static timelib_tzinfo* timelib_tzinfo_ct +@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name) timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code) { const unsigned char *tzf; @@ -612,7 +654,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c timelib_tzinfo *tmp; int version; int transitions_result, types_result; -@@ -524,7 +1028,7 @@ timelib_tzinfo *timelib_parse_tzfile(con +@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t *error_code = TIMELIB_ERROR_NO_ERROR; @@ -621,7 +663,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c tmp = timelib_tzinfo_ctor(timezone); version = read_preamble(&tzf, tmp, &type); -@@ -563,11 +1067,36 @@ timelib_tzinfo *timelib_parse_tzfile(con +@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t } skip_posix_string(&tzf, tmp); @@ -658,3 +700,19 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } else { *error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE; tmp = NULL; +diff --git a/ext/date/php_date.c b/ext/date/php_date.c +index 2d5cffb963..389f09f313 100644 +--- a/ext/date/php_date.c ++++ b/ext/date/php_date.c +@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date) + php_info_print_table_row(2, "date/time support", "enabled"); + php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION); + php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version); ++#ifdef HAVE_SYSTEM_TZDATA ++ php_info_print_table_row(2, "Timezone Database", "system"); ++#else + php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal"); ++#endif + php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb)); + php_info_print_table_end(); + diff --git a/php-CVE-2022-31626.patch b/php-CVE-2022-31626.patch deleted file mode 100644 index 7f89dcb3558b55f22748db5b74af0087e5646c12..0000000000000000000000000000000000000000 --- a/php-CVE-2022-31626.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 6 Jun 2022 00:56:51 -0600 -Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow - ---- - ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c -index 87b2e7c31331..e4a298adaea4 100644 ---- a/ext/mysqlnd/mysqlnd_wireprotocol.c -+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c -@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet) - MYSQLND_VIO * vio = conn->vio; - MYSQLND_STATS * stats = conn->stats; - MYSQLND_CONNECTION_STATE * connection_state = &conn->state; -- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len); -+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE; -+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size); - zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */ - - DBG_ENTER("php_mysqlnd_change_auth_response_write"); diff --git a/php.conf b/php.conf index 85858372b413dcff2296997d77f36af4445e27c5..639652b42fb579e5845fa95d9cc505bbcb9156e2 100644 --- a/php.conf +++ b/php.conf @@ -19,15 +19,13 @@ DirectoryIndex index.php # # Redirect to local php-fpm (no mod_php in default configuration) # - - + # Enable http authorization headers SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" - # @@ -36,7 +34,7 @@ DirectoryIndex index.php # # mod_php options # - + # # Cause the PHP interpreter to handle files with a .php extension. # diff --git a/php.modconf b/php.modconf index 6f678e6512a700afef24ed5b8d2b970fdcf8e874..e169f4a60f0b85f022fd46aa1dc104d32f25eb00 100644 --- a/php.modconf +++ b/php.modconf @@ -11,4 +11,3 @@ - diff --git a/php.spec b/php.spec index ac8a89857ec8d67d8f07fdc6dac52531f68cde8f..dee4d271849aaeb875869ccfba3fda9ab3838071 100644 --- a/php.spec +++ b/php.spec @@ -55,13 +55,13 @@ %global with_tidy 0 %endif -%global upver 8.0.13 +%global upver 8.0.20 #global rcver RC1 Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 3%{anolis_release}%{?dist} +Release: 2%{anolis_release}%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -101,7 +101,7 @@ Patch9: php-8.0.6-deprecated.patch # Functional changes # use system tzdata -Patch42: php-8.0.10-systzdata-v20.patch +Patch42: php-8.0.10-systzdata-v21.patch # See http://bugs.php.net/53436 Patch43: php-7.4.0-phpize.patch # Use -lldap_r for OpenLDAP @@ -120,7 +120,6 @@ Patch51: php-8.0.13-crypt.patch # Upstream fixes (100+) # Security fixes (200+) -Patch200: php-CVE-2022-31626.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -146,6 +145,7 @@ BuildRequires: pkgconfig(zlib) >= 1.2.0.4 BuildRequires: smtpdaemon BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libpcre2-8) >= 10.30 +BuildRequires: pkgconfig(libxcrypt) BuildRequires: bzip2 BuildRequires: perl-interpreter BuildRequires: autoconf @@ -713,7 +713,6 @@ in pure PHP. # upstream patches # security patches -%patch200 -p1 -b .cve31626 # Fixes for tests %patch300 -p1 -b .datetests @@ -722,7 +721,7 @@ in pure PHP. # Prevent %%doc confusion over LICENSE files -cp Zend/LICENSE Zend/ZEND_LICENSE +cp Zend/LICENSE ZEND_LICENSE cp TSRM/LICENSE TSRM_LICENSE cp sapi/fpm/LICENSE fpm_LICENSE cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE @@ -1375,7 +1374,7 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %files common -f files.common %doc EXTENSIONS NEWS UPGRADING* README.REDIST.BINS *md docs -%license LICENSE TSRM_LICENSE +%license LICENSE TSRM_LICENSE ZEND_LICENSE %license libmagic_LICENSE %license timelib_LICENSE %doc php.ini-* @@ -1511,9 +1510,16 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog -* Sat Jul 02 2022 Liwei Ge - 8.0.13-3.0.1 +* Tue Jan 31 2023 Liwei Ge - 8.0.20-2.0.1 - Support loongarch64 platform +* Mon Aug 1 2022 Remi Collet - 8.0.20-2 +- snmp3 calls using authPriv or authNoPriv immediately return false #2104630 + +* Wed Jul 20 2022 Remi Collet - 8.0.20-1 +- rebase to 8.0.20 #2100876 +- fix wrong mod_php configuration #2094728 + * Wed Jun 22 2022 Remi Collet - 8.0.13-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626