diff options
Diffstat (limited to 'php80.spec')
| -rw-r--r-- | php80.spec | 53 |
1 files changed, 35 insertions, 18 deletions
@@ -24,17 +24,10 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%ifarch aarch64 -%global oraclever 19.25 -%global oraclemax 20 -%global oraclelib 19.1 -%global oracledir 19.25 -%else %global oraclever 23.7 %global oraclemax 24 %global oraclelib 23.1 %global oracledir 23 -%endif # Build for LiteSpeed Web Server (LSAPI), you can disable using --without tests %bcond_without lsws @@ -124,7 +117,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 12%{?dist} +Release: 13%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -162,8 +155,6 @@ Patch1: php-7.4.0-httpd.patch Patch5: php-7.2.0-includedir.patch Patch6: php-8.0.0-embed.patch Patch7: php-7.4.0-libdb.patch -# For libxml 2.12 from 8.1 -Patch8: php-8.0.30-libxml212.patch # get rid of deprecated functions from 8.1 Patch9: php-8.0.6-deprecated.patch # For recent ICU from 8.2 @@ -216,11 +207,17 @@ Patch209: php-cve-2024-8932.patch Patch210: php-cve-2024-11233.patch Patch211: php-ghsa-4w77-75f9-2c8w.patch Patch212: php-cve-2024-8929.patch +Patch213: php-cve-2025-1217.patch +Patch214: php-cve-2025-1734.patch +Patch215: php-cve-2025-1861.patch +Patch216: php-cve-2025-1736.patch +Patch217: php-cve-2025-1219.patch # Fixes for tests (300+) # Factory is droped from system tzdata Patch300: php-7.4.0-datetests.patch Patch301: php-8.0.30-zlib-tests.patch +Patch302: php-8.0.30-pcretests.patch # WIP @@ -779,14 +776,7 @@ Interbase/Firebird databases. Summary: A module for PHP applications that use OCI8 databases # All files licensed under PHP version 3.01 License: PHP -%ifarch aarch64 -BuildRequires: oracle-instantclient%{oraclever}-devel -# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM. -Requires: libclntsh.so.%{oraclelib} -AutoReq: 0 -%else BuildRequires: (oracle-instantclient-devel >= %{oraclever} with oracle-instantclient-devel < %{oraclemax}) -%endif Requires: php-pdo%{?_isa} = %{version}-%{release} Provides: php_database Provides: php-pdo_oci @@ -1212,7 +1202,6 @@ in pure PHP. %patch -P5 -p1 -b .includedir %patch -P6 -p1 -b .embed %patch -P7 -p1 -b .libdb -%patch -P8 -p1 -b .libxml212 %patch -P9 -p1 -b .deprecated %patch -P11 -p1 -b .icu74 %patch -P12 -p1 -b .proto @@ -1250,6 +1239,12 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 %patch -P210 -p1 -b .cve11233 %patch -P211 -p1 -b .ghsa4w77 %patch -P212 -p1 -b .cve8929 +%patch -P213 -p1 -b .cve1217 +%patch -P214 -p1 -b .cve1734 +%patch -P215 -p1 -b .cve1861 +%patch -P216 -p1 -b .cve1736 +%patch -P217 -p1 -b .cve1219 +%patch -P302 -p1 -b .pcretests # Fixes for tests related to tzdata %patch -P300 -p1 -b .datetests @@ -1298,6 +1293,15 @@ rm ext/zlib/tests/004-mb.phpt # failed when systemd is enabled rm sapi/fpm/tests/gh8885-stderr-fd-reload-usr1.phpt rm sapi/fpm/tests/gh8885-stderr-fd-reload-usr2.phpt +# Known to fail +%if 0%{?rhel} == 8 +rm ext/openssl/tests/openssl_error_string_basic.phpt +rm ext/openssl/tests/openssl_open_basic.phpt +%else +rm ext/openssl/tests/openssl_error_string_basic_openssl3.phpt +%endif +rm ext/openssl/tests/openssl_private_decrypt_basic.phpt +rm ext/openssl/tests/openssl_x509_parse_basic.phpt # avoid issue when 2 builds run simultaneously (keep 64321 for the SCL) %ifarch x86_64 @@ -2255,6 +2259,19 @@ EOF %changelog +* Thu Mar 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-13 +- Fix libxml streams use wrong `content-type` header when requesting a redirected resource + CVE-2025-1219 +- Fix Stream HTTP wrapper header check might omit basic auth header + CVE-2025-1736 +- Fix Stream HTTP wrapper truncate redirect location to 1024 bytes + CVE-2025-1861 +- Fix Streams HTTP wrapper does not fail for headers without colon + CVE-2025-1734 +- Fix Header parser of `http` stream wrapper does not handle folded headers + CVE-2025-1217 +- use oracle client library version 23.7 on x86_64 and aarch64 + * Thu Feb 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-12 - backport fix for ICU 74+ - backport fix strict prototypes |