diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | php-bug20528.patch | 81 | ||||
| -rw-r--r-- | php83.spec | 10 |
3 files changed, 90 insertions, 2 deletions
@@ -2,6 +2,7 @@ clog package-*.xml *.tgz *.tar.bz2 +*.tar.bz2.asc *.tar.gz *.tar.xz *.tar.xz.asc diff --git a/php-bug20528.patch b/php-bug20528.patch new file mode 100644 index 0000000..f8a790a --- /dev/null +++ b/php-bug20528.patch @@ -0,0 +1,81 @@ +From 9d71c1e0b60cd152a47528dbe514efc443fce920 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Thu, 20 Nov 2025 02:58:45 +0100 +Subject: [PATCH] Fix GH-20528: Regression breaks mysql connexion using an IPv6 + address enclosed in square brackets + +--- + ext/mysqli/tests/mysqli_connect_port.phpt | 31 +++++++++++++++++++++++ + ext/mysqlnd/mysqlnd_connection.c | 17 ++++++++++--- + 2 files changed, 45 insertions(+), 3 deletions(-) + create mode 100644 ext/mysqli/tests/mysqli_connect_port.phpt + +diff --git a/ext/mysqli/tests/mysqli_connect_port.phpt b/ext/mysqli/tests/mysqli_connect_port.phpt +new file mode 100644 +index 0000000000000..cb7fd1d8d1628 +--- /dev/null ++++ b/ext/mysqli/tests/mysqli_connect_port.phpt +@@ -0,0 +1,31 @@ ++--TEST-- ++mysqli_connect() with port in host ++--EXTENSIONS-- ++mysqli ++--SKIPIF-- ++<?php ++require_once 'skipifconnectfailure.inc'; ++?> ++--FILE-- ++<?php ++ require_once 'connect.inc'; ++ ++ // using port / host arguments ++ if (!$link = mysqli_connect($host, $user, $passwd, $db, $port, $socket)) { ++ printf("Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n", ++ $host, $user, $db, $port, $socket); ++ } ++ ++ mysqli_close($link); ++ ++ // using port in host ++ if (!$link = mysqli_connect("$host:$port", $user, $passwd, $db, "1$port", $socket)) { ++ printf("Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n", ++ "$host:$port", $user, $db, "1$port", $socket); ++ } ++ ++ mysqli_close($link); ++?> ++Done ++--EXPECTF-- ++Done +diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c +index d8e7304e9665f..8268034e8b798 100644 +--- a/ext/mysqlnd/mysqlnd_connection.c ++++ b/ext/mysqlnd/mysqlnd_connection.c +@@ -553,13 +553,24 @@ MYSQLND_METHOD(mysqlnd_conn_data, get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_ + port = 3306; + } + +- /* ipv6 addresses are in the format [address]:port */ + if (hostname.s[0] != '[' && mysqlnd_fast_is_ipv6_address(hostname.s)) { ++ /* IPv6 without square brackets so without port */ + transport.l = mnd_sprintf(&transport.s, 0, "tcp://[%s]:%u", hostname.s, port); + } else { +- /* Not ipv6, but could already contain a port number, in which case we should not add an extra port. ++ char *p; ++ ++ /* IPv6 addresses are in the format [address]:port */ ++ if (hostname.s[0] == '[') { /* IPv6 */ ++ p = strchr(hostname.s, ']'); ++ if (p && p[1] != ':') { ++ p = NULL; ++ } ++ } else { /* IPv4 or name */ ++ p = strchr(hostname.s, ':'); ++ } ++ /* Could already contain a port number, in which case we should not add an extra port. + * See GH-8978. In a port doubling scenario, the first port would be used so we do the same to keep BC. */ +- if (strchr(hostname.s, ':')) { ++ if (p) { + /* TODO: Ideally we should be able to get rid of this workaround in the future. */ + transport.l = mnd_sprintf(&transport.s, 0, "tcp://%s", hostname.s); + } else { @@ -129,7 +129,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -196,6 +196,7 @@ Patch49: php-8.2.0-iodbc.patch Patch91: php-7.2.0-oci8conf.patch # Upstream fixes (100+) +Patch100: php-bug20528.patch # Security fixes (200+) @@ -1223,6 +1224,7 @@ in pure PHP. %patch -P91 -p1 -b .remi-oci8 # upstream patches +%patch -P100 -p1 -b .20528 # security patches @@ -1863,7 +1865,7 @@ install -D -m 644 %{SOURCE14} _fpmdoc/nginx-php.conf TESTCMD="$RPM_BUILD_ROOT%{_bindir}/php --no-php-ini" # Ensure all provided extensions are really there -for mod in core date filter hash json libxml openssl pcntl pcre readline reflection session spl standard zlib +for mod in core date filter hash json libxml openssl pcntl pcre random readline reflection session sockets spl standard zlib do $TESTCMD --modules | grep -i "$mod\$" done @@ -2233,6 +2235,10 @@ fi %changelog +* Fri Nov 21 2025 Remi Collet <remi@remirepo.net> - 8.3.28-2 +- Fix GH-20528 regression breaks mysql connexion using an IPv6 address enclosed + in square brackets (upstream patch) + * Wed Nov 19 2025 Remi Collet <remi@remirepo.net> - 8.3.28-1 - Update to 8.3.28 - http://www.php.net/releases/8_3_28.php - switch to bz2 archive to workaround RHEL-125143 |