diff options
Diffstat (limited to 'php72.spec')
-rw-r--r-- | php72.spec | 417 |
1 files changed, 327 insertions, 90 deletions
@@ -25,12 +25,14 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%if 0%{?rhel} == 6 -%global oraclever 18.3 -%global oraclelib 18.1 -%else -%global oraclever 19.3 +%ifarch aarch64 +%global oraclever 19.19 %global oraclelib 19.1 +%global oracledir 19.19 +%else +%global oraclever 21.13 +%global oraclelib 21.1 +%global oracledir 21 %endif # Build for LiteSpeed Web Server (LSAPI) @@ -57,7 +59,11 @@ %global with_sqlite3 1 # Build ZTS extension or only NTS +%ifarch x86_64 %global with_zts 1 +%else +%global with_zts 0 +%endif # Debuild build %global with_debug %{?_with_debug:1}%{!?_with_debug:0} @@ -98,17 +104,11 @@ %global with_nginx 0 %endif -# until firebird available in EPEL -%if 0%{?rhel} == 8 -%global with_firebird 0 -%else %global with_firebird 1 -%endif - -%global with_dtrace 1 -%global with_libgd 1 -%global with_libzip 1 -%global with_zip 0 +%global with_dtrace 1 +%global with_libgd 1 +%global with_libzip 1 +%global with_zip 0 %if 0%{?fedora} < 18 && 0%{?rhel} < 7 %global db_devel db4-devel @@ -116,13 +116,12 @@ %global db_devel libdb-devel %endif -%global upver 7.2.20 -%global rcver RC3 +%global upver 7.2.34 Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 21%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -148,6 +147,9 @@ Source11: php.conf2 Source12: php-fpm.wants Source13: nginx-fpm.conf Source14: nginx-php.conf +# See https://secure.php.net/gpg-keys.php +Source20: https://www.php.net/distributions/php-keyring.gpg +Source21: https://www.php.net/distributions/php-%{upver}%{?rcver}.tar.xz.asc # Configuration files for some extensions Source50: 10-opcache.ini Source51: opcache-default.blacklist @@ -156,6 +158,7 @@ Source99: php-fpm.init # Build fixes Patch1: php-7.1.7-httpd.patch +Patch2: php-7.1.33-intl.patch Patch5: php-7.2.0-includedir.patch Patch6: php-5.6.3-embed.patch Patch7: php-5.3.0-recode.patch @@ -169,10 +172,11 @@ Patch42: php-7.2.16-systzdata-v17.patch Patch43: php-7.2.12-phpize.patch # Use -lldap_r for OpenLDAP Patch45: php-7.2.3-ldap_r.patch -# Make php_config.h constant across builds -Patch46: php-7.2.4-fixheader.patch +# Make php_config.h constant across builds (from 7.4) +Patch46: php-7.2.32-fixheader.patch # drop "Configure command" from phpinfo output -Patch47: php-5.6.3-phpinfo.patch +# and add build system and provider (from 8.0) +Patch47: php-7.2.32-phpinfo.patch # getallheaders for FPM backported from 7.3 Patch48: php-7.2.8-getallheaders.patch # backport PDOStatement::getColumnMeta from 7.4 @@ -184,6 +188,28 @@ Patch91: php-7.2.0-oci8conf.patch # Upstream fixes (100+) # Security fixes (200+) +Patch200: php-bug77423.patch +Patch201: php-bug80672.patch +Patch202: php-bug80710.patch +Patch203: php-bug81122.patch +Patch204: php-bug76450.patch +Patch205: php-bug81211.patch +Patch206: php-bug81026.patch +Patch207: php-bug79971.patch +Patch208: php-bug81719.patch +Patch209: php-bug81720.patch +Patch210: php-bug81727.patch +Patch211: php-bug81726.patch +Patch212: php-bug81738.patch +Patch213: php-bug81740.patch +Patch214: php-bug81744.patch +Patch215: php-bug81746.patch +Patch216: php-cve-2023-0662.patch +Patch217: php-cve-2023-3247.patch +Patch218: php-cve-2023-3823.patch +Patch219: php-cve-2023-3824.patch +Patch220: php-cve-2024-2756.patch +Patch221: php-cve-2024-3096.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -193,6 +219,7 @@ Patch301: php-7.0.0-oldpcre.patch # WIP +BuildRequires: gnupg2 BuildRequires: bzip2-devel, curl-devel >= 7.9 BuildRequires: httpd-devel >= 2.0.46-1, pam-devel %if %{with_httpd2410} @@ -218,6 +245,7 @@ BuildRequires: bzip2 BuildRequires: perl BuildRequires: autoconf BuildRequires: automake +BuildRequires: make BuildRequires: %{?dtsprefix}gcc BuildRequires: %{?dtsprefix}gcc-c++ BuildRequires: libtool @@ -302,7 +330,7 @@ Group: Development/Languages Summary: The interactive PHP debugger Requires: php-common%{?_isa} = %{version}-%{release} %if 0%{?rhel} -Obsoletes: php56u-dbg, php56w-dbg, php70u-dbg, php70w-phpdbg, php71u-dbg, php71w-phpdbg, php72u-dbg, php72w-phpdbg +Obsoletes: php56u-dbg, php56w-phpdbg, php70u-dbg, php70w-phpdbg, php71u-dbg, php71w-phpdbg, php72u-dbg, php72w-phpdbg %endif %description dbg The php-dbg package contains the interactive PHP debugger. @@ -313,7 +341,6 @@ Group: Development/Languages Summary: PHP FastCGI Process Manager BuildRequires: libacl-devel Requires: php-common%{?_isa} = %{version}-%{release} -Requires(pre): /usr/sbin/useradd %if %{with_systemd} BuildRequires: systemd-devel %{?systemd_requires} @@ -334,10 +361,13 @@ Requires(pre): httpd-filesystem Requires: httpd-filesystem >= 2.4.10 # php engine for Apache httpd webserver Provides: php(httpd) +%else +Requires(pre): /usr/sbin/useradd %endif %if %{with_nginx} # for /etc/nginx ownership -Requires: nginx-filesystem +# Temporarily not mandatory to allow nginx for nginx repo +Recommends: nginx-filesystem %endif %if 0%{?rhel} Obsoletes: php53-fpm, php53u-fpm, php54-fpm, php54w-fpm, php55u-fpm, php55w-fpm, php56u-fpm, php56w-fpm @@ -429,6 +459,7 @@ Requires: php-cli%{?_isa} = %{version}-%{release} # always needed to build extension Requires: autoconf Requires: automake +Requires: make Requires: gcc Requires: gcc-c++ Requires: libtool @@ -452,6 +483,7 @@ Provides: php-zts-devel%{?_isa} = %{version}-%{release} %endif %if 0%{?rhel} Obsoletes: php53-devel, php53u-devel, php54-devel, php54w-devel, php55u-devel, php55w-devel, php56u-devel, php56w-devel +Obsoletes: php55u-pecl-jsonc-devel, php56u-pecl-jsonc-devel Obsoletes: php70u-devel, php70w-devel, php71u-devel, php71w-devel, php72u-devel, php72w-devel %endif @@ -688,15 +720,20 @@ Summary: A module for PHP applications that use OCI8 databases Group: Development/Languages # All files licensed under PHP version 3.01 License: PHP +%ifarch aarch64 +BuildRequires: oracle-instantclient%{oraclever}-devel +# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM. +Requires: libclntsh.so.%{oraclelib} +AutoReq: 0 +%else BuildRequires: oracle-instantclient-devel >= %{oraclever} +%endif Requires: php-pdo%{?_isa} = %{version}-%{release} Provides: php_database Provides: php-pdo_oci, php-pdo_oci%{?_isa} Obsoletes: php-pecl-oci8 <= %{oci8ver} Conflicts: php-pecl-oci8 > %{oci8ver} Provides: php-pecl(oci8) = %{oci8ver}, php-pecl(oci8)%{?_isa} = %{oci8ver} -# Should requires libclntsh.so.18.3, but it's not provided by Oracle RPM. -AutoReq: 0 %if 0%{?rhel} Obsoletes: php53-oci8, php53u-oci8, php54-oci8, php54w-oci8, php55u-oci8, php55w-oci8, php56u-oci8, php56w-oci8 Obsoletes: php70u-oci8, php70w-oci8, php71u-oci8, php71w-oci8, php72u-oci8, php72w-oci8 @@ -710,13 +747,9 @@ The extension is linked with Oracle client libraries %{oraclever} (Oracle Instant Client). For details, see Oracle's note "Oracle Client / Server Interoperability Support" (ID 207303.1). -You must install libclntsh.so.%{oraclelib} to use this package, provided -in the database installation, or in the free Oracle Instant Client -available from Oracle. - -Notice: -- php-oci8 provides oci8 and pdo_oci extensions from php sources. -- php-pecl-oci8 only provides oci8 extension. +You must install libclntsh.so.%{oraclelib} to use this package, +provided by Oracle Instant Client RPM available from Oracle on: +https://www.oracle.com/database/technologies/instant-client/downloads.html Documentation is at http://php.net/oci8 and http://php.net/pdo_oci %endif @@ -788,8 +821,11 @@ Group: Development/Languages # ucgendat is licensed under OpenLDAP License: PHP and LGPLv2 and BSD and OpenLDAP %if %{with_onig} -# ensure we have soname 5 -BuildRequires: oniguruma-devel >= 6.8 +%if 0%{?rhel} +BuildRequires: oniguruma5php-devel +%else +BuildRequires: oniguruma-devel +%endif %else Provides: bundled(oniguruma) = 6.3.0 %endif @@ -816,12 +852,7 @@ License: PHP and BSD %endif Requires: php-common%{?_isa} = %{version}-%{release} %if %{with_libgd} -BuildRequires: gd-devel >= 2.1.1 -%if 0%{?fedora} <= 19 && 0%{?rhel} <= 7 -Requires: gd-last%{?_isa} >= 2.1.1 -%else -Requires: gd%{?_isa} >= 2.1.1 -%endif +BuildRequires: gd-devel >= 2.3.3 %else # Required to build the bundled GD library BuildRequires: libjpeg-devel @@ -980,8 +1011,8 @@ Group: System Environment/Libraries # All files licensed under PHP version 3.01 License: PHP Requires: php-common%{?_isa} = %{version}-%{release} -# Upstream requires 4.0, we require 50 to ensure use of libicu-last / libicu62 -BuildRequires: libicu-devel >= 50 +# Upstream requires 4.0, we require 69.1 to ensure use of libicu69 +BuildRequires: libicu-devel = 69.1 %if 0%{?rhel} Obsoletes: php53-intl, php53u-intl, php54-intl, php54w-intl, php55u-intl, php55w-intl, php56u-intl, php56w-intl Obsoletes: php70u-intl, php70w-intl, php71u-intl, php71w-intl, php72u-intl, php72w-intl @@ -1078,53 +1109,78 @@ low-level PHP extension for the libsodium cryptographic library. %prep +%{?gpgverify:%{gpgverify} --keyring='%{SOURCE20}' --signature='%{SOURCE21}' --data='%{SOURCE0}'} + : CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzip} %setup -q -n php-%{upver}%{?rcver} -%patch1 -p1 -b .mpmcheck -%patch5 -p1 -b .includedir -%patch6 -p1 -b .embed -%patch7 -p1 -b .recode -%patch8 -p1 -b .libdb +%patch -P1 -p1 -b .mpmcheck +%patch -P2 -p1 -b .true +%patch -P5 -p1 -b .includedir +%patch -P6 -p1 -b .embed +%patch -P7 -p1 -b .recode +%patch -P8 -p1 -b .libdb %if 0%{?rhel} -%patch9 -p1 -b .curltls +%patch -P9 -p1 -b .curltls %endif -%patch40 -p1 -b .dlopen +%patch -P40 -p1 -b .dlopen %if 0%{?fedora} >= 28 || 0%{?rhel} >= 6 -%patch42 -p1 -b .systzdata +%patch -P42 -p1 -b .systzdata %endif -%patch43 -p1 -b .headers +%patch -P43 -p1 -b .headers %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 -%patch45 -p1 -b .ldap_r +%patch -P45 -p1 -b .ldap_r %endif -%patch46 -p1 -b .fixheader -%patch47 -p1 -b .phpinfo -%patch48 -p1 -b .getallheaders -%patch49 -p1 -b .pdooci +%patch -P46 -p1 -b .fixheader +%patch -P47 -p1 -b .phpinfo +%patch -P48 -p1 -b .getallheaders +%patch -P49 -p1 -b .pdooci -%patch91 -p1 -b .remi-oci8 +%patch -P91 -p1 -b .remi-oci8 # upstream patches # security patches +%patch -P200 -p1 -b .bug77423 +%patch -P201 -p1 -b .bug80672 +%patch -P202 -p1 -b .bug80710 +%patch -P203 -p1 -b .bug81122 +%patch -P204 -p1 -b .bug76450 +%patch -P205 -p1 -b .bug81211 +%patch -P206 -p1 -b .bug81026 +%patch -P207 -p1 -b .bug79971 +%patch -P208 -p1 -b .bug81719 +%patch -P209 -p1 -b .bug81720 +%patch -P210 -p1 -b .bug81727 +%patch -P211 -p1 -b .bug81726 +%patch -P212 -p1 -b .bug81738 +%patch -P213 -p1 -b .bug81740 +%patch -P214 -p1 -b .bug81744 +%patch -P215 -p1 -b .bug81746 +%patch -P216 -p1 -b .cve0662 +%patch -P217 -p1 -b .cve3247 +%patch -P218 -p1 -b .cve3823 +%patch -P219 -p1 -b .cve3824 +%patch -P220 -p1 -b .cve2756 +%patch -P221 -p1 -b .cve3096 # Fixes for tests %if 0%{?fedora} >= 25 || 0%{?rhel} >= 6 -%patch300 -p1 -b .datetests +%patch -P300 -p1 -b .datetests %endif %if %{with_libpcre} if ! pkg-config libpcre --atleast-version 8.34 ; then # Only apply when system libpcre < 8.34 -%patch301 -p1 -b .pcre834 +%patch -P301 -p1 -b .pcre834 fi %endif # WIP patch # Prevent %%doc confusion over LICENSE files -cp Zend/LICENSE Zend/ZEND_LICENSE +cp Zend/LICENSE ZEND_LICENSE cp TSRM/LICENSE TSRM_LICENSE %if ! %{with_libgd} cp ext/gd/libgd/README libgd_README @@ -1157,6 +1213,8 @@ rm ext/date/tests/bug33414-1.phpt rm ext/date/tests/bug33415-2.phpt rm ext/date/tests/date_modify-1.phpt %endif +# too fast builder +rm ext/date/tests/bug73837.phpt # Should be skipped but fails sometime rm ext/standard/tests/file/file_get_contents_error001.phpt # fails sometime @@ -1166,9 +1224,11 @@ rm Zend/tests/bug54268.phpt rm Zend/tests/bug68412.phpt # slow and erratic result rm sapi/cli/tests/upload_2G.phpt -# avoid issue when 2 builds run simultaneously +# avoid issue when 2 builds run simultaneously (keep 64321 for the SCL) %ifarch x86_64 sed -e 's/64321/64322/' -i ext/openssl/tests/*.phpt +%else +sed -e 's/64321/64323/' -i ext/openssl/tests/*.phpt %endif # Safety check for API version change. @@ -1249,9 +1309,6 @@ cat << EOF >>10-opcache.ini ; This should improve performance, but requires appropriate OS configuration. opcache.huge_code_pages=0 EOF -%ifarch x86_64 -sed -e '/opcache.huge_code_pages/s/0/1/' -i 10-opcache.ini -%endif %endif cp %{SOURCE52} 20-oci8.ini @@ -1267,6 +1324,11 @@ fi # Set build date from https://reproducible-builds.org/specs/source-date-epoch/ export SOURCE_DATE_EPOCH=$(date +%s -r NEWS) +export PHP_UNAME=$(uname) +export PHP_BUILD_SYSTEM=$(cat /etc/redhat-release | sed -e 's/ Beta//') +%if 0%{?vendor:1} +export PHP_BUILD_PROVIDER="%{vendor}" +%endif # aclocal workaround - to be improved cat $(aclocal --print-ac-dir)/{libtool,ltoptions,ltsugar,ltversion,lt~obsolete}.m4 >>aclocal.m4 @@ -1404,13 +1466,8 @@ build --libdir=%{_libdir}/php \ --with-mysqli=shared,mysqlnd \ --with-mysql-sock=%{mysql_sock} \ %if %{with_oci8} -%ifarch x86_64 - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ -%else - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ -%endif + --with-oci8=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ + --with-pdo-oci=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ %endif %if %{with_firebird} --with-interbase=shared \ @@ -1464,6 +1521,7 @@ popd without_shared="--without-gd \ --disable-dom --disable-dba --without-unixODBC \ --disable-opcache \ + --disable-phpdbg \ --disable-json \ --disable-xmlreader --disable-xmlwriter \ --without-sodium \ @@ -1559,13 +1617,8 @@ build --includedir=%{_includedir}/php-zts \ --with-mysql-sock=%{mysql_sock} \ --enable-mysqlnd-threading \ %if %{with_oci8} -%ifarch x86_64 - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ -%else - --with-oci8=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_libdir}/oracle/%{oraclever}/client/lib,%{oraclever} \ -%endif + --with-oci8=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ + --with-pdo-oci=shared,instantclient,%{_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ %endif %if %{with_firebird} --with-interbase=shared \ @@ -1635,11 +1688,12 @@ popd %check %if %runselftest -cd build-apache +cd build-fpm # Run tests, using the CLI SAPI export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2 export SKIP_ONLINE_TESTS=1 +export SKIP_SLOW_TESTS=1 export SKIP_IO_CAPTURE_TESTS=1 unset TZ LANG LC_ALL if ! make test; then @@ -1773,8 +1827,8 @@ install -m 755 -d $RPM_BUILD_ROOT/run/php-fpm install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/php-fpm.service.d install -Dm 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir}/php-fpm.service %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d/php-fpm.conf -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/nginx.service.d/php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/httpd.service.d/php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/nginx.service.d/php-fpm.conf %endif %else sed -ne '1,2p' -i $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/php-fpm @@ -1927,7 +1981,7 @@ sed -e "s/@PHP_APIVER@/%{apiver}%{isasuffix}/" \ %endif < %{SOURCE3} > macros.php %if 0%{?fedora} >= 24 || 0%{?rhel} >= 8 -echo '%pecl_xmldir %{_localstatedir}/lib/php/peclxml' >>macros.php +echo '%%pecl_xmldir %%{_localstatedir}/lib/php/peclxml' >>macros.php %endif install -m 644 -D macros.php \ $RPM_BUILD_ROOT%{macrosdir}/macros.php @@ -2023,6 +2077,19 @@ fi %endif +%posttrans common +cat << EOF +===================================================================== + + WARNING : PHP 7.2 have reached its "End of Life" in + November 2020. Even, if this package includes some of + the important security fixes, backported from 8.1, the + UPGRADE to a maintained version is very strongly RECOMMENDED. + +===================================================================== +EOF + + %{!?_licensedir:%global license %%doc} %files @@ -2041,7 +2108,7 @@ fi %files common -f files.common %doc CODING_STANDARDS CREDITS EXTENSIONS NEWS README* -%license LICENSE TSRM_LICENSE +%license LICENSE TSRM_LICENSE ZEND_LICENSE %license libmagic_LICENSE %license phar_LICENSE %license timelib_LICENSE @@ -2066,20 +2133,22 @@ fi %files cli %{_bindir}/php -%{_bindir}/zts-php %{_bindir}/php-cgi %{_bindir}/phar.phar %{_bindir}/phar # provides phpize here (not in -devel) for pecl command %{_bindir}/phpize %{_mandir}/man1/php.1* -%{_mandir}/man1/zts-php.1* %{_mandir}/man1/php-cgi.1* %{_mandir}/man1/phar.1* %{_mandir}/man1/phar.phar.1* %{_mandir}/man1/phpize.1* -%{_mandir}/man1/zts-phpize.1* %doc sapi/cgi/README* sapi/cli/README +%if %{with_zts} +%{_bindir}/zts-php +%{_mandir}/man1/zts-php.1* +%{_mandir}/man1/zts-phpize.1* +%endif %files dbg %{_bindir}/phpdbg @@ -2114,8 +2183,8 @@ fi %if %{with_systemd} %{_unitdir}/php-fpm.service %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -%{_unitdir}/httpd.service.d/%{?scl_prefix}php-fpm.conf -%{_unitdir}/nginx.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_sysconfdir}/systemd/system/httpd.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_sysconfdir}/systemd/system/nginx.service.d/%{?scl_prefix}php-fpm.conf %endif %dir %{_sysconfdir}/systemd/system/php-fpm.service.d %dir %ghost /run/php-fpm @@ -2145,9 +2214,9 @@ fi %{_includedir}/php-zts %{_bindir}/zts-phpize %{_libdir}/php-zts/build +%{_mandir}/man1/zts-php-config.1* %endif %{_mandir}/man1/php-config.1* -%{_mandir}/man1/zts-php-config.1* %{macrosdir}/macros.php %files embedded @@ -2189,7 +2258,9 @@ fi %files mysqlnd -f files.mysqlnd %files opcache -f files.opcache %config(noreplace) %{_sysconfdir}/php.d/opcache-default.blacklist +%if %{with_zts} %config(noreplace) %{_sysconfdir}/php-zts.d/opcache-default.blacklist +%endif %if %{with_oci8} %files oci8 -f files.oci8 %endif @@ -2201,6 +2272,172 @@ fi %changelog +* Wed Apr 10 2024 Remi Collet <remi@remirepo.net> - 7.2.34-21 +- use oracle client library version 21.13 on x86_64, 19.19 on aarch64 +- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix + CVE-2024-2756 +- Fix password_verify can erroneously return true opening ATO risk + CVE-2024-3096 + +* Thu Sep 21 2023 Remi Collet <remi@remirepo.net> - 7.2.34-20 +- use oracle client library version 21.11 on x86_64, 19.19 on aarch64 +- use official Oracle Instant Client RPM + +* Tue Aug 1 2023 Remi Collet <remi@remirepo.net> - 7.2.34-19 +- Fix Security issue with external entity loading in XML without enabling it + GHSA-3qrf-m4j2-pcrr CVE-2023-3823 +- Fix Buffer mismanagement in phar_dir_read() + GHSA-jqcx-ccgc-xwhv CVE-2023-3824 +- move httpd/nginx wants directive to config files in /etc + +* Tue Jun 20 2023 Remi Collet <remi@remirepo.net> - 7.2.34-18 +- fix possible buffer overflow in date + +* Wed Jun 7 2023 Remi Collet <remi@remirepo.net> - 7.2.34-17 +- Fix Missing error check and insufficient random bytes in HTTP Digest + authentication for SOAP + GHSA-76gg-c692-v2mw CVE-2023-3247 +- use oracle client library version 21.10 +- define __phpize and __phpconfig + +* Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 7.2.34-16 +- fix #81744: Password_verify() always return true with some hash + CVE-2023-0567 +- fix #81746: 1-byte array overrun in common path resolve code + CVE-2023-0568 +- fix DOS vulnerability when parsing multipart request body + CVE-2023-0662 + +* Mon Dec 19 2022 Remi Collet <remi@remirepo.net> - 7.2.34-15 +- pdo: fix #81740: PDO::quote() may return unquoted string + CVE-2022-31631 +- use oracle client library version 21.8 + +* Mon Oct 24 2022 Remi Collet <remi@remirepo.net> - 7.2.34-14 +- hash: fix #81738: buffer overflow in hash_update() on long parameter. + CVE-2022-37454 + +* Tue Sep 27 2022 Remi Collet <remi@remirepo.net> - 7.2.34-13 +- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 +- core: fix #81727 Don't mangle HTTP variable names that clash with ones + that have a specific semantic meaning. CVE-2022-31629 +- use oracle client library version 21.7 + +* Tue Jun 7 2022 Remi Collet <remi@remirepo.net> - 7.2.34-11 +- use oracle client library version 21.6 +- mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 +- pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 + +* Mon Nov 15 2021 Remi Collet <remi@remirepo.net> - 7.2.34-10 +- Fix #79971 special character is breaking the path in xml function + CVE-2021-21707 + +* Wed Oct 20 2021 Remi Collet <remi@remirepo.net> - 7.2.34-9 +- fix PHP-FPM oob R/W in root process leading to priv escalation + CVE-2021-21703 +- use libicu version 69 +- use oracle client library version 21.3 + +* Wed Aug 25 2021 Remi Collet <remi@remirepo.net> - 7.2.34-7 +- Fix #81211 Symlinks are followed when creating PHAR archive + +* Mon Jun 28 2021 Remi Collet <remi@remirepo.net> - 7.2.34-6 +- Fix #81122 SSRF bypass in FILTER_VALIDATE_URL + CVE-2021-21705 +- Fix #76448 Stack buffer overflow in firebird_info_cb +- Fix #76449 SIGSEGV in firebird_handle_doer +- Fix #76450 SIGSEGV in firebird_stmt_execute +- Fix #76452 Crash while parsing blob data in firebird_fetch_blob + CVE-2021-21704 + +* Wed Apr 28 2021 Remi Collet <remi@remirepo.net> - 7.2.34-4 +- Fix #80710 imap_mail_compose() header injection +- use oracle client library version 21.1 + +* Wed Feb 3 2021 Remi Collet <remi@remirepo.net> - 7.2.34-3 +- Fix #80672 Null Dereference in SoapClient + CVE-2021-21702 +- better fix for #77423 + +* Mon Jan 4 2021 Remi Collet <remi@remirepo.net> - 7.2.34-2 +- Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo + CVE-2020-7071 + +* Wed Sep 30 2020 Remi Collet <remi@remirepo.net> - 7.2.34-1 +- Update to 7.2.34 - http://www.php.net/releases/7_2_34.php + +* Tue Aug 4 2020 Remi Collet <remi@remirepo.net> - 7.2.33-1 +- Update to 7.2.33 - http://www.php.net/releases/7_2_33.php + +* Tue Jul 7 2020 Remi Collet <remi@remirepo.net> - 7.2.32-1 +- Update to 7.2.32 (no change) +- display build system and provider in phpinfo (from 8.0) + +* Tue Jun 9 2020 Remi Collet <remi@remirepo.net> - 7.2.31-2 +- rebuild using oniguruma5php +- build phpdbg only once + +* Tue May 12 2020 Remi Collet <remi@remirepo.net> - 7.2.31-1 +- Update to 7.2.31 - http://www.php.net/releases/7_2_31.php + +* Wed Apr 15 2020 Remi Collet <remi@remirepo.net> - 7.2.30-1 +- Update to 7.2.30 - http://www.php.net/releases/7_2_30.php + +* Tue Mar 17 2020 Remi Collet <remi@remirepo.net> - 7.2.29-1 +- Update to 7.2.29 - http://www.php.net/releases/7_2_29.php +- use oracle client library version 19.6 (18.5 on EL-6) + +* Tue Feb 18 2020 Remi Collet <remi@remirepo.net> - 7.2.28-1 +- Update to 7.2.28 - http://www.php.net/releases/7_2_28.php + +* Wed Jan 22 2020 Remi Collet <remi@remirepo.net> - 7.2.27-1 +- Update to 7.2.27 - http://www.php.net/releases/7_2_27.php + +* Tue Dec 17 2019 Remi Collet <remi@remirepo.net> - 7.2.26-1 +- Update to 7.2.26 - http://www.php.net/releases/7_2_26.php +- use oracle client library version 19.5 (18.5 on EL-6) + +* Tue Dec 3 2019 Remi Collet <remi@remirepo.net> - 7.2.26~RC1-1 +- update to 7.2.26RC1 + +* Wed Nov 20 2019 Remi Collet <remi@remirepo.net> - 7.2.25-1 +- Update to 7.2.25 - http://www.php.net/releases/7_2_25.php + +* Tue Nov 5 2019 Remi Collet <remi@remirepo.net> - 7.2.25~RC1-1 +- update to 7.2.25RC1 + +* Tue Oct 22 2019 Remi Collet <remi@remirepo.net> - 7.2.24-1 +- Update to 7.2.24 - http://www.php.net/releases/7_2_24.php +- change dependency on nginx-filesystem to weak + +* Tue Oct 8 2019 Remi Collet <remi@remirepo.net> - 7.2.24~RC1-1 +- update to 7.2.24RC1 + +* Wed Sep 25 2019 Remi Collet <remi@remirepo.net> - 7.2.23-1 +- Update to 7.2.23 - http://www.php.net/releases/7_2_23.php + +* Tue Sep 10 2019 Remi Collet <remi@remirepo.net> - 7.2.23~RC1-1 +- update to 7.2.23RC1 + +* Wed Aug 28 2019 Remi Collet <remi@remirepo.net> - 7.2.22-1 +- Update to 7.2.22 - http://www.php.net/releases/7_2_22.php +- fix generator incorrectly reports non-releasable $this as GC child + https://bugs.php.net/78412 + +* Mon Aug 19 2019 Remi Collet <remi@remirepo.net> - 7.2.22~RC1-1 +- update to 7.2.22RC1 + +* Tue Jul 30 2019 Remi Collet <remi@remirepo.net> - 7.2.21-1 +- Update to 7.2.21 - http://www.php.net/releases/7_2_21.php + +* Tue Jul 16 2019 Remi Collet <remi@remirepo.net> - 7.2.21~RC1-1 +- update to 7.2.21RC1 +- add upstream patch for #78297 + +* Tue Jul 2 2019 Remi Collet <remi@remirepo.net> - 7.2.20-1 +- Update to 7.2.20 - http://www.php.net/releases/7_2_20.php +- disable opcache.huge_code_pages in default configuration + * Thu Jun 20 2019 Remi Collet <remi@remirepo.net> - 7.2.20~RC3-1 - update to 7.2.20RC3 |