[packages/php/PHP_8_2] Up to 8.2.24; fixes CVE-2024-8926, CVE-2024-8927, CVE-2024-9026, CVE-2024-8925
arekm
arekm at pld-linux.org
Fri Sep 27 09:09:09 CEST 2024
commit 971c9586a7f08a901643f03fb7be0c9b7bf910ba
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Sep 27 09:08:16 2024 +0200
Up to 8.2.24; fixes CVE-2024-8926, CVE-2024-8927, CVE-2024-9026, CVE-2024-8925
curl.patch | 27 ---------------------------
php-systzdata.patch | 6 +++---
php.spec | 7 +++----
3 files changed, 6 insertions(+), 34 deletions(-)
---
diff --git a/php.spec b/php.spec
index dea62f9..cff80e2 100644
--- a/php.spec
+++ b/php.spec
@@ -150,7 +150,7 @@ Summary(pt_BR.UTF-8): A linguagem de script PHP
Summary(ru.UTF-8): PHP - язык препроцессирования HTML-файлов, выполняемый на сервере
Summary(uk.UTF-8): PHP - мова препроцесування HTML-файлів, виконувана на сервері
Name: %{orgname}%{php_suffix}
-Version: 8.2.22
+Version: 8.2.24
Release: %{rel}
Epoch: 1
# All files licensed under PHP version 3.01, except
@@ -159,7 +159,7 @@ Epoch: 1
License: PHP 3.01 and Zend and BSD
Group: Libraries
Source0: https://www.php.net/distributions/%{orgname}-%{version}.tar.xz
-# Source0-md5: 9b5dcc229ef6e8fd186d1237d85874cc
+# Source0-md5: fff29ce84f5b4ddfc2063f7b2021fce2
#Source0: https://downloads.php.net/~pierrick/php-%{version}%{subver}.tar.xz
Source1: opcache.ini
Source2: %{orgname}-mod_php.conf
@@ -182,7 +182,6 @@ Patch5: openssl.patch
# https://github.com/php/php-src/issues/9910
Patch6: opcache-nokill-perm.patch
Patch7: %{orgname}-sapi-ini-file.patch
-Patch8: curl.patch
Patch10: %{orgname}-ini.patch
Patch11: embed.patch
@@ -1882,7 +1881,7 @@ cp -p php.ini-production php.ini
#%patch5 -p1 resolved upstream?
%patch6 -p1
%patch7 -p1 -b .sapi-ini-file
-%patch8 -p1
+
%patch10 -p1 -b .ini
%patch14 -p1
%patch18 -p1
diff --git a/curl.patch b/curl.patch
deleted file mode 100644
index 5261f3a..0000000
--- a/curl.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-commit efd00b8ff05cb78ecb0351b96cce7780bcb72a2a
-Author: David Carlier <devnexen at gmail.com>
-Date: Tue Jul 16 19:55:04 2024 +0100
-
- ext/curl: curl_error using curl_easy_strerror if CURLOPT_ERRORBUFFER
-
- did not fill the error buffer.
-
- close GH-14984
-
-diff --git a/ext/curl/interface.c b/ext/curl/interface.c
-index 707f4e0a6f..4884ddc822 100644
---- a/ext/curl/interface.c
-+++ b/ext/curl/interface.c
-@@ -2764,7 +2764,11 @@ PHP_FUNCTION(curl_error)
-
- if (ch->err.no) {
- ch->err.str[CURL_ERROR_SIZE] = 0;
-- RETURN_STRING(ch->err.str);
-+ if (strlen(ch->err.str) > 0) {
-+ RETURN_STRING(ch->err.str);
-+ } else {
-+ RETURN_STRING(curl_easy_strerror(ch->err.no));
-+ }
- } else {
- RETURN_EMPTY_STRING();
- }
diff --git a/php-systzdata.patch b/php-systzdata.patch
index fb69621..abc46de 100644
--- a/php-systzdata.patch
+++ b/php-systzdata.patch
@@ -52,9 +52,9 @@ diff -up php-8.0.0beta3/ext/date/config0.m4.systzdata php-8.0.0beta3/ext/date/co
+ fi
+fi
+
- PHP_DATE_CFLAGS="-Wno-implicit-fallthrough -I at ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
- timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/parse_posix.c
- lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
+ AX_CHECK_COMPILE_FLAG([-Wno-implicit-fallthrough],
+ [PHP_DATE_CFLAGS="$PHP_DATE_CFLAGS -Wno-implicit-fallthrough"],,
+ [-Werror])
diff -up php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata php-8.0.0beta3/ext/date/lib/parse_tz.c
--- php-8.0.0beta3/ext/date/lib/parse_tz.c.systzdata 2020-09-01 19:13:26.000000000 +0200
+++ php-8.0.0beta3/ext/date/lib/parse_tz.c 2020-09-02 08:07:51.039979873 +0200
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/971c9586a7f08a901643f03fb7be0c9b7bf910ba
More information about the pld-cvs-commit
mailing list