diff options
Diffstat (limited to 'php.spec')
-rw-r--r-- | php.spec | 250 |
1 files changed, 195 insertions, 55 deletions
@@ -55,8 +55,15 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%global oraclever 21.1 +%ifarch aarch64 +%global oraclever 19.19 +%global oraclelib 19.1 +%global oracledir 19.19 +%else +%global oraclever 21.13 %global oraclelib 21.1 +%global oracledir 21 +%endif # Build for LiteSpeed Web Server (LSAPI) %global with_lsws 1 @@ -121,13 +128,12 @@ %global db_devel libdb-devel %endif -%global upver 7.3.27 -#global rcver RC1 +%global upver 7.3.33 Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 2%{?dist} +Release: 13%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -166,10 +172,12 @@ Patch6: php-5.6.3-embed.patch Patch7: php-5.3.0-recode.patch Patch8: php-7.2.0-libdb.patch Patch9: php-7.0.7-curl.patch +# backported from 8.0 +Patch10: php-net-snmp.patch # Functional changes Patch40: php-7.2.4-dlopen.patch -Patch42: php-7.3.3-systzdata-v18.patch +Patch42: php-7.3.3-systzdata-v19.patch # See http://bugs.php.net/53436 Patch43: php-7.3.0-phpize.patch # Use -lldap_r for OpenLDAP @@ -193,8 +201,24 @@ Patch91: php-7.2.0-oci8conf.patch Patch100: php-bug80682.patch # Backported from 7.4.18 - pdo_odbc Patch101: php-bug80783.patch +# Backported from 7.4.26 for pcre >= 10.38 +Patch102: php-pcre1038.patch # Security fixes (200+) +Patch200: php-bug81719.patch +Patch201: php-bug81720.patch +Patch202: php-bug81727.patch +Patch203: php-bug81726.patch +Patch204: php-bug81738.patch +Patch205: php-bug81740.patch +Patch206: php-bug81744.patch +Patch207: php-bug81746.patch +Patch208: php-cve-2023-0662.patch +Patch209: php-cve-2023-3247.patch +Patch210: php-cve-2023-3823.patch +Patch211: php-cve-2023-3824.patch +Patch212: php-cve-2024-2756.patch +Patch213: php-cve-2024-3096.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -311,7 +335,6 @@ The %{?scl_prefix}php-dbg package contains the interactive PHP debugger. Group: Development/Languages Summary: PHP FastCGI Process Manager BuildRequires: libacl-devel -Requires(pre): %{_root_sbindir}/useradd Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release} %if %{with_systemd} BuildRequires: systemd-devel @@ -331,6 +354,8 @@ Requires(pre): httpd-filesystem # For php.conf in /etc/httpd/conf.d # and version 2.4.10 for proxy support in SetHandler Requires: httpd-filesystem >= 2.4.10 +%else +Requires(pre): %{_root_sbindir}/useradd %endif %description fpm @@ -370,6 +395,12 @@ Summary: Common files for PHP # fileinfo is licensed under PHP version 3.0 # regex, libmagic are licensed under BSD License: PHP and BSD + +%if %{with_libpcre} +%global pcre2_buildver %(pkg-config --silence-errors --modversion libpcre2-8 2>/dev/null || echo 10.30) +Requires: pcre2%{?_isa} >= %{pcre2_buildver} +%endif + # ABI/API check - Arch specific Provides: %{?scl_prefix}php(api) = %{apiver}%{isasuffix} Provides: %{?scl_prefix}php(zend-abi) = %{zendver}%{isasuffix} @@ -624,7 +655,14 @@ Summary: A module for PHP applications that use OCI8 databases Group: Development/Languages # All files licensed under PHP version 3.01 License: PHP +%ifarch aarch64 +BuildRequires: oracle-instantclient%{oraclever}-devel +# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM. +Requires: libclntsh.so.%{oraclelib} +AutoReq: 0 +%else BuildRequires: oracle-instantclient-devel >= %{oraclever} +%endif Requires: %{?scl_prefix}php-pdo%{?_isa} = %{version}-%{release} Provides: %{?scl_prefix}php_database Provides: %{?scl_prefix}php-pdo_oci @@ -633,8 +671,6 @@ Obsoletes: %{?scl_prefix}php-pecl-oci8 <= %{oci8ver} Conflicts: %{?scl_prefix}php-pecl-oci8 > %{oci8ver} Provides: %{?scl_prefix}php-pecl(oci8) = %{oci8ver} Provides: %{?scl_prefix}php-pecl(oci8)%{?_isa} = %{oci8ver} -# Should requires libclntsh.so.18.3, but it's not provided by Oracle RPM. -AutoReq: 0 %description oci8 The %{?scl_prefix}php-oci8 packages provides the OCI8 extension version %{oci8ver} @@ -644,13 +680,9 @@ The extension is linked with Oracle client libraries %{oraclever} (Oracle Instant Client). For details, see Oracle's note "Oracle Client / Server Interoperability Support" (ID 207303.1). -You must install libclntsh.so.%{oraclelib} to use this package, provided -in the database installation, or in the free Oracle Instant Client -available from Oracle. - -Notice: -- %{?scl_prefix}php-oci8 provides oci8 and pdo_oci extensions from php sources. -- %{?scl_prefix}php-pecl-oci8 only provides oci8 extension. +You must install libclntsh.so.%{oraclelib} to use this package, +provided by Oracle Instant Client RPM available from Oracle on: +https://www.oracle.com/database/technologies/instant-client/downloads.html Documentation is at http://php.net/oci8 and http://php.net/pdo_oci %endif @@ -740,12 +772,7 @@ Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release} BuildRequires: libjpeg-devel, libpng-devel, freetype-devel BuildRequires: libXpm-devel %if %{with_libgd} -BuildRequires: gd-devel >= 2.1.1 -%if 0%{?fedora} <= 19 && 0%{?rhel} <= 7 -Requires: gd-last%{?_isa} >= 2.1.1 -%else -Requires: gd%{?_isa} >= 2.1.1 -%endif +BuildRequires: gd-devel >= 2.3.3 %else BuildRequires: libwebp-devel Provides: bundled(gd) = 2.0.35 @@ -856,8 +883,8 @@ Group: System Environment/Libraries # All files licensed under PHP version 3.01 License: PHP Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release} -# Upstream requires 4.0, we require 50 to ensure use of libicu-last / libicu65 -BuildRequires: libicu-devel >= 50 +# Upstream requires 4.0, we require 69.1 to ensure use of libicu69 +BuildRequires: libicu-devel = 69.1 %description intl @@ -936,44 +963,60 @@ low-level PHP extension for the libsodium cryptographic library. %setup -q -n php-%{upver}%{?rcver} %endif -%patch1 -p1 -b .mpmcheck -%patch5 -p1 -b .includedir -%patch6 -p1 -b .embed -%patch7 -p1 -b .recode -%patch8 -p1 -b .libdb +%patch -P1 -p1 -b .mpmcheck +%patch -P5 -p1 -b .includedir +%patch -P6 -p1 -b .embed +%patch -P7 -p1 -b .recode +%patch -P8 -p1 -b .libdb %if 0%{?rhel} -%patch9 -p1 -b .curltls +%patch -P9 -p1 -b .curltls %endif +%patch -P10 -p1 -b .nodes -%patch40 -p1 -b .dlopen +%patch -P40 -p1 -b .dlopen %if 0%{?fedora} >= 28 || 0%{?rhel} >= 6 -%patch42 -p1 -b .systzdata +%patch -P42 -p1 -b .systzdata %endif -%patch43 -p1 -b .headers +%patch -P43 -p1 -b .headers sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %if 0%{?fedora} >= 18 || 0%{?rhel} >= 7 -%patch45 -p1 -b .ldap_r +%patch -P45 -p1 -b .ldap_r %endif -%patch46 -p1 -b .fixheader -%patch47 -p1 -b .phpinfo -%patch48 -p1 -b .pdooci -%patch49 -p1 -b .fpmsig +%patch -P46 -p1 -b .fixheader +%patch -P47 -p1 -b .phpinfo +%patch -P48 -p1 -b .pdooci +%patch -P49 -p1 -b .fpmsig -%patch91 -p1 -b .remi-oci8 +%patch -P91 -p1 -b .remi-oci8 # upstream patches -%patch100 -p1 -b .bug80682 -%patch101 -p1 -b .bug80783 +%patch -P100 -p1 -b .bug80682 +%patch -P101 -p1 -b .bug80783 +%patch -P102 -p1 -b .pcre1038 # security patches +%patch -P200 -p1 -b .bug81719 +%patch -P201 -p1 -b .bug81720 +%patch -P202 -p1 -b .bug81727 +%patch -P203 -p1 -b .bug81726 +%patch -P204 -p1 -b .bug81738 +%patch -P205 -p1 -b .bug81740 +%patch -P206 -p1 -b .bug81744 +%patch -P207 -p1 -b .bug81746 +%patch -P208 -p1 -b .cve0662 +%patch -P209 -p1 -b .cve3247 +%patch -P210 -p1 -b .cve3823 +%patch -P211 -p1 -b .cve3824 +%patch -P212 -p1 -b .cve2756 +%patch -P213 -p1 -b .cve3096 # Fixes for tests -%patch300 -p1 -b .datetests +%patch -P300 -p1 -b .datetests # WIP patch # Prevent %%doc confusion over LICENSE files -cp Zend/LICENSE Zend/ZEND_LICENSE +cp Zend/LICENSE ZEND_LICENSE cp TSRM/LICENSE TSRM_LICENSE %if ! %{with_libgd} cp ext/gd/libgd/README libgd_README @@ -997,14 +1040,9 @@ mkdir \ # ----- Manage known as failed test ------- # affected by systzdata patch rm ext/date/tests/timezone_location_get.phpt -rm ext/date/tests/timezone_version_get.phpt -rm ext/date/tests/timezone_version_get_basic1.phpt -%if 0%{?fedora} < 28 -# need tzdata 2018i rm ext/date/tests/bug33414-1.phpt rm ext/date/tests/bug33415-2.phpt rm ext/date/tests/date_modify-1.phpt -%endif # too fast builder rm ext/date/tests/bug73837.phpt # fails sometime @@ -1260,8 +1298,8 @@ build --libdir=%{_libdir}/php \ --with-mysqli=shared,mysqlnd \ --with-mysql-sock=%{mysql_sock} \ %if %{with_oci8} - --with-oci8=shared,instantclient,%{_root_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ - --with-pdo-oci=shared,instantclient,%{_root_libdir}/oracle/%{oraclever}/client64/lib,%{oraclever} \ + --with-oci8=shared,instantclient,%{_root_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ + --with-pdo-oci=shared,instantclient,%{_root_prefix}/lib/oracle/%{oracledir}/client64/lib,%{oraclever} \ %endif %if %{with_interbase} --with-interbase=shared \ @@ -1373,7 +1411,7 @@ popd %check %if %runselftest -cd build-apache +cd build-fpm # Run tests, using the CLI SAPI export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2 @@ -1488,8 +1526,8 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/php-fpm.d/www.conf.default . %if %{with_systemd} install -Dm 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir}/%{?scl_prefix}php-fpm.service %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d/%{?scl_prefix}php-fpm.conf -install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/nginx.service.d/%{?scl_prefix}php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_root_sysconfdir}/systemd/system/httpd.service.d/%{?scl_prefix}php-fpm.conf +install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_root_sysconfdir}/systemd/system/nginx.service.d/%{?scl_prefix}php-fpm.conf %endif sed -e 's:/run:%{_localstatedir}/run:' \ -e 's:/etc/sysconfig:%{_sysconfdir}/sysconfig:' \ @@ -1743,6 +1781,19 @@ fi %endif +%posttrans common +cat << EOF +===================================================================== + + WARNING : PHP 7.3 have reached its "End of Life" in + December 2021. Even, if this package includes some of + the important security fixes, backported from 8.0, the + UPGRADE to a maintained version is very strongly RECOMMENDED. + +===================================================================== +EOF + + %{!?_licensedir:%global license %%doc} %files @@ -1763,7 +1814,7 @@ fi %files common -f files.common %doc CODING_STANDARDS CREDITS EXTENSIONS NEWS README* -%license LICENSE TSRM_LICENSE +%license LICENSE TSRM_LICENSE ZEND_LICENSE %license libmagic_LICENSE %license timelib_LICENSE %doc php.ini-* @@ -1827,8 +1878,8 @@ fi %{_unitdir}/%{?scl_prefix}php-fpm.service %dir %{_root_sysconfdir}/systemd/system/%{?scl_prefix}php-fpm.service.d %if 0%{?fedora} >= 27 || 0%{?rhel} >= 8 -%{_unitdir}/httpd.service.d/%{?scl_prefix}php-fpm.conf -%{_unitdir}/nginx.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_root_sysconfdir}/systemd/system/httpd.service.d/%{?scl_prefix}php-fpm.conf +%config(noreplace) %{_root_sysconfdir}/systemd/system/nginx.service.d/%{?scl_prefix}php-fpm.conf %endif %else %{_root_initddir}/%{?scl_prefix}php-fpm @@ -1917,6 +1968,95 @@ fi %changelog +* Wed Apr 10 2024 Remi Collet <remi@remirepo.net> - 7.3.33-13 +- use oracle client library version 21.13 on x86_64, 19.19 on aarch64 +- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix + CVE-2024-2756 +- Fix password_verify can erroneously return true opening ATO risk + CVE-2024-3096 + +* Thu Sep 21 2023 Remi Collet <remi@remirepo.net> - 7.3.33-12 +- use oracle client library version 21.11 on x86_64, 19.19 on aarch64 +- use official Oracle Instant Client RPM + +* Tue Aug 1 2023 Remi Collet <remi@remirepo.net> - 7.3.33-11 +- Fix Security issue with external entity loading in XML without enabling it + GHSA-3qrf-m4j2-pcrr CVE-2023-3823 +- Fix Buffer mismanagement in phar_dir_read() + GHSA-jqcx-ccgc-xwhv CVE-2023-3824 +- move httpd/nginx wants directive to config files in /etc + +* Tue Jun 20 2023 Remi Collet <remi@remirepo.net> - 7.3.33-10 +- fix possible buffer overflow in date +- define %%php73___phpize and %%php73___phpconfig + +* Wed Jun 7 2023 Remi Collet <remi@remirepo.net> - 7.3.33-9 +- Fix Missing error check and insufficient random bytes in HTTP Digest + authentication for SOAP + GHSA-76gg-c692-v2mw CVE-2023-3247 +- use oracle client library version 21.10 + +* Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 7.3.33-8 +- fix #81744: Password_verify() always return true with some hash + CVE-2023-0567 +- fix #81746: 1-byte array overrun in common path resolve code + CVE-2023-0568 +- fix DOS vulnerability when parsing multipart request body + CVE-2023-0662 +- add dependency on pcre2 minimal version + +* Mon Dec 19 2022 Remi Collet <remi@remirepo.net> - 7.3.33-7 +- pdo: fix #81740: PDO::quote() may return unquoted string + CVE-2022-31631 +- use oracle client library version 21.8 + +* Mon Oct 24 2022 Remi Collet <remi@remirepo.net> - 7.3.33-6 +- hash: fix #81738: buffer overflow in hash_update() on long parameter. + CVE-2022-37454 + +* Tue Sep 27 2022 Remi Collet <remi@remirepo.net> - 7.3.33-5 +- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628 +- core: fix #81727 Don't mangle HTTP variable names that clash with ones + that have a specific semantic meaning. CVE-2022-31629 +- use oracle client library version 21.7 + +* Tue Jun 7 2022 Remi Collet <remi@remirepo.net> - 7.3.33-3 +- use oracle client library version 21.6 +- mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626 +- pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625 +- pcre: fix default options for pcre >= 10.38 + +* Wed Feb 23 2022 Remi Collet <remi@remirepo.net> - 7.3.33-2 +- retrieve tzdata version +- use oracle client library version 21.5 + +* Tue Nov 16 2021 Remi Collet <remi@remirepo.net> - 7.3.33-1 +- Update to 7.3.33 - http://www.php.net/releases/7_3_33.php + +* Tue Oct 26 2021 Remi Collet <remi@remirepo.net> - 7.3.32-1 +- Update to 7.3.32 - http://www.php.net/releases/7_3_32.php + +* Wed Oct 20 2021 Remi Collet <remi@remirepo.net> - 7.3.31-2 +- fix PHP-FPM oob R/W in root process leading to priv escalation + CVE-2021-21703 +- use libicu version 69 + +* Tue Sep 21 2021 Remi Collet <remi@remirepo.net> - 7.3.31-1 +- Update to 7.3.31 - http://www.php.net/releases/7_3_31.php +- use oracle client library version 21.3 + +* Tue Aug 24 2021 Remi Collet <remi@remirepo.net> - 7.3.30-1 +- Update to 7.3.30 - http://www.php.net/releases/7_3_30.php + +* Tue Jun 29 2021 Remi Collet <remi@remirepo.net> - 7.3.29-1 +- Update to 7.3.29 - http://www.php.net/releases/7_3_29.php + +* Thu May 27 2021 Remi Collet <remi@remirepo.net> - 7.3.28-2 +- fix snmp extension build with net-snmp without DES + +* Tue Apr 27 2021 Remi Collet <remi@remirepo.net> - 7.3.28-1 +- Update to 7.3.28 - http://www.php.net/releases/7_3_28.php + * Thu Apr 8 2021 Remi Collet <remi@remirepo.net> - 7.3.27-2 - add upstream patch for https://bugs.php.net/80783 PDO ODBC truncates BLOB records at every 256th byte |