diff options
| author | Remi Collet <remi@remirepo.net> | 2025-11-21 10:09:15 +0100 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2025-11-21 10:09:15 +0100 |
| commit | 494b95200ec1796650f361b5606df932e20e9307 (patch) | |
| tree | 367108af67d07cc108052313ac3816135529c596 | |
| parent | 395cb64249332084def64a04ad0316088dd89e6f (diff) | |
in square brackets (upstream patch)
| -rw-r--r-- | php-bug20528.patch | 81 | ||||
| -rw-r--r-- | php85.spec | 10 |
2 files changed, 89 insertions, 2 deletions
diff --git a/php-bug20528.patch b/php-bug20528.patch new file mode 100644 index 0000000..f8a790a --- /dev/null +++ b/php-bug20528.patch @@ -0,0 +1,81 @@ +From 9d71c1e0b60cd152a47528dbe514efc443fce920 Mon Sep 17 00:00:00 2001 +From: Remi Collet <remi@remirepo.net> +Date: Thu, 20 Nov 2025 02:58:45 +0100 +Subject: [PATCH] Fix GH-20528: Regression breaks mysql connexion using an IPv6 + address enclosed in square brackets + +--- + ext/mysqli/tests/mysqli_connect_port.phpt | 31 +++++++++++++++++++++++ + ext/mysqlnd/mysqlnd_connection.c | 17 ++++++++++--- + 2 files changed, 45 insertions(+), 3 deletions(-) + create mode 100644 ext/mysqli/tests/mysqli_connect_port.phpt + +diff --git a/ext/mysqli/tests/mysqli_connect_port.phpt b/ext/mysqli/tests/mysqli_connect_port.phpt +new file mode 100644 +index 0000000000000..cb7fd1d8d1628 +--- /dev/null ++++ b/ext/mysqli/tests/mysqli_connect_port.phpt +@@ -0,0 +1,31 @@ ++--TEST-- ++mysqli_connect() with port in host ++--EXTENSIONS-- ++mysqli ++--SKIPIF-- ++<?php ++require_once 'skipifconnectfailure.inc'; ++?> ++--FILE-- ++<?php ++ require_once 'connect.inc'; ++ ++ // using port / host arguments ++ if (!$link = mysqli_connect($host, $user, $passwd, $db, $port, $socket)) { ++ printf("Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n", ++ $host, $user, $db, $port, $socket); ++ } ++ ++ mysqli_close($link); ++ ++ // using port in host ++ if (!$link = mysqli_connect("$host:$port", $user, $passwd, $db, "1$port", $socket)) { ++ printf("Cannot connect to the server using host=%s, user=%s, passwd=***, dbname=%s, port=%s, socket=%s\n", ++ "$host:$port", $user, $db, "1$port", $socket); ++ } ++ ++ mysqli_close($link); ++?> ++Done ++--EXPECTF-- ++Done +diff --git a/ext/mysqlnd/mysqlnd_connection.c b/ext/mysqlnd/mysqlnd_connection.c +index d8e7304e9665f..8268034e8b798 100644 +--- a/ext/mysqlnd/mysqlnd_connection.c ++++ b/ext/mysqlnd/mysqlnd_connection.c +@@ -553,13 +553,24 @@ MYSQLND_METHOD(mysqlnd_conn_data, get_scheme)(MYSQLND_CONN_DATA * conn, MYSQLND_ + port = 3306; + } + +- /* ipv6 addresses are in the format [address]:port */ + if (hostname.s[0] != '[' && mysqlnd_fast_is_ipv6_address(hostname.s)) { ++ /* IPv6 without square brackets so without port */ + transport.l = mnd_sprintf(&transport.s, 0, "tcp://[%s]:%u", hostname.s, port); + } else { +- /* Not ipv6, but could already contain a port number, in which case we should not add an extra port. ++ char *p; ++ ++ /* IPv6 addresses are in the format [address]:port */ ++ if (hostname.s[0] == '[') { /* IPv6 */ ++ p = strchr(hostname.s, ']'); ++ if (p && p[1] != ':') { ++ p = NULL; ++ } ++ } else { /* IPv4 or name */ ++ p = strchr(hostname.s, ':'); ++ } ++ /* Could already contain a port number, in which case we should not add an extra port. + * See GH-8978. In a port doubling scenario, the first port would be used so we do the same to keep BC. */ +- if (strchr(hostname.s, ':')) { ++ if (p) { + /* TODO: Ideally we should be able to get rid of this workaround in the future. */ + transport.l = mnd_sprintf(&transport.s, 0, "tcp://%s", hostname.s); + } else { @@ -94,7 +94,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 1%{?dist} +Release: 2%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -153,6 +153,7 @@ Patch48: php-8.5.0-openssl-ec-param.patch # RC Patch # Upstream fixes (100+) +Patch100: php-bug20528.patch # Security fixes (200+) @@ -1016,6 +1017,7 @@ in pure PHP. %patch -P48 -p1 -b .ec-param # upstream patches +%patch -P100 -p1 -b .20528 # security patches @@ -1576,7 +1578,7 @@ install -D -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{_sysconfdir}/nginx/default.d/php. TESTCMD="$RPM_BUILD_ROOT%{_bindir}/php --no-php-ini" # Ensure all provided extensions are really there -for mod in core date filter hash json lexbor libxml openssl pcntl pcre random readline reflection session spl standard uri zlib +for mod in core date filter hash json lexbor libxml openssl pcntl pcre random readline reflection session sockets spl standard uri zlib do $TESTCMD --modules | grep -i "$mod\$" done @@ -1869,6 +1871,10 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog +* Fri Nov 21 2025 Remi Collet <remi@remirepo.net> - 8.5.0-2 +- Fix GH-20528 regression breaks mysql connexion using an IPv6 address enclosed + in square brackets (upstream patch) + * Wed Nov 19 2025 Remi Collet <remi@remirepo.net> - 8.5.0-1 - Update to 8.5.0 GA - switch to bz2 archive to workaround RHEL-125143 |