summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2019-07-23 16:26:55 +0200
committerRemi Collet <remi@remirepo.net>2019-07-23 16:26:55 +0200
commit4adc8da23e6166e7156abbfe2d4fc654f5d3054c (patch)
tree17472d0374eefd3a31956ef59242241d2b340cfd
parent1a68b62da1f9e5c1269e307936207af104bf1a94 (diff)
- main package now recommends commonly used extensions and SAPI
(json, mbstring, opcache, pdo, xml) - fix gd build options and dependencies - refresh provided configuration from upstream production values
-rw-r--r--php-7.4.0-phpize.patch10
-rw-r--r--php-upstream.patch266
-rw-r--r--php.ini12
-rw-r--r--php.spec53
4 files changed, 51 insertions, 290 deletions
diff --git a/php-7.4.0-phpize.patch b/php-7.4.0-phpize.patch
index b6958b3..fb99f3e 100644
--- a/php-7.4.0-phpize.patch
+++ b/php-7.4.0-phpize.patch
@@ -1,8 +1,8 @@
diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
---- ./scripts/phpize.in.headers 2019-05-20 11:11:06.000000000 +0200
-+++ ./scripts/phpize.in 2019-05-20 16:22:43.182043588 +0200
-@@ -169,6 +169,15 @@ phpize_autotools()
- mv config.h.in.tmp config.h.in
+--- ./scripts/phpize.in.headers 2019-07-23 10:05:11.000000000 +0200
++++ ./scripts/phpize.in 2019-07-23 10:18:13.648098089 +0200
+@@ -165,6 +165,15 @@ phpize_autotools()
+ $PHP_AUTOHEADER || exit 1
}
+phpize_check_headers()
@@ -17,7 +17,7 @@ diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
# Main script
case "$1" in
-@@ -187,12 +196,15 @@ case "$1" in
+@@ -183,12 +192,15 @@ case "$1" in
# Version
--version|-v)
diff --git a/php-upstream.patch b/php-upstream.patch
deleted file mode 100644
index 1984dd9..0000000
--- a/php-upstream.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From f65956e4fb4dc15ba8129e69b13a2cd758e85f46 Mon Sep 17 00:00:00 2001
-From: Sara Golemon <pollita@php.net>
-Date: Tue, 9 Jul 2019 11:18:13 -0400
-Subject: [PATCH] Relax argon2 mem_cost down to 64k, bump time_cost to 4
-
----
- ext/sodium/sodium_pwhash.c | 5 ++---
- .../tests/php_password_hash_argon2i.phpt | 18 +++++++++---------
- .../tests/php_password_hash_argon2id.phpt | 19 ++++++++++---------
- ext/standard/php_password.h | 7 ++-----
- .../password_needs_rehash_argon2.phpt | 14 +++++---------
- 5 files changed, 28 insertions(+), 35 deletions(-)
-
-diff --git a/ext/sodium/sodium_pwhash.c b/ext/sodium/sodium_pwhash.c
-index d615a24ab6e2..7b7f574e173a 100644
---- a/ext/sodium/sodium_pwhash.c
-+++ b/ext/sodium/sodium_pwhash.c
-@@ -29,7 +29,6 @@
- #if SODIUM_LIBRARY_VERSION_MAJOR > 9 || (SODIUM_LIBRARY_VERSION_MAJOR == 9 && SODIUM_LIBRARY_VERSION_MINOR >= 6)
-
- /**
-- * OPSLIMIT and MEMLIMIT are taken from libsodium's MODERATE values.
- * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to
- * present a consistent user-facing API.
- *
-@@ -37,8 +36,8 @@
- *
- * When updating these values, synchronize ext/standard/php_password.h values.
- */
--#define PHP_SODIUM_PWHASH_MEMLIMIT (256 << 10)
--#define PHP_SODIUM_PWHASH_OPSLIMIT 3
-+#define PHP_SODIUM_PWHASH_MEMLIMIT (64 << 10)
-+#define PHP_SODIUM_PWHASH_OPSLIMIT 4
- #define PHP_SODIUM_PWHASH_THREADS 1
-
- static zend_string *php_sodium_argon2_hash(const zend_string *password, zend_array *options, int alg) {
-diff --git a/ext/sodium/tests/php_password_hash_argon2i.phpt b/ext/sodium/tests/php_password_hash_argon2i.phpt
-index 9ce6c7399eee..4522e6d1753a 100644
---- a/ext/sodium/tests/php_password_hash_argon2i.phpt
-+++ b/ext/sodium/tests/php_password_hash_argon2i.phpt
-@@ -36,38 +36,38 @@ foreach([1, 2, 4] as $mem) {
- --EXPECTF--
- Argon2 provider: string(%d) "%s"
- Using password: string(44) "%s"
--Hash: string(97) "$argon2i$v=19$m=262144,t=3,p=1$%s$%s"
-+Hash: string(96) "$argon2i$v=19$m=65536,t=4,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(97) "$argon2i$v=19$m=262144,t=6,p=1$%s$%s"
-+Hash: string(96) "$argon2i$v=19$m=65536,t=8,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(98) "$argon2i$v=19$m=262144,t=12,p=1$%s$%s"
-+Hash: string(97) "$argon2i$v=19$m=65536,t=16,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(97) "$argon2i$v=19$m=524288,t=3,p=1$%s$%s"
-+Hash: string(97) "$argon2i$v=19$m=131072,t=4,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(97) "$argon2i$v=19$m=524288,t=6,p=1$%s$%s"
-+Hash: string(97) "$argon2i$v=19$m=131072,t=8,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(98) "$argon2i$v=19$m=524288,t=12,p=1$%s$%s"
-+Hash: string(98) "$argon2i$v=19$m=131072,t=16,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(98) "$argon2i$v=19$m=1048576,t=3,p=1$%s$%s"
-+Hash: string(97) "$argon2i$v=19$m=262144,t=4,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(98) "$argon2i$v=19$m=1048576,t=6,p=1$%s$%s"
-+Hash: string(97) "$argon2i$v=19$m=262144,t=8,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(99) "$argon2i$v=19$m=1048576,t=12,p=1$%s$%s"
-+Hash: string(98) "$argon2i$v=19$m=262144,t=16,p=1$%s$%s"
- bool(true)
- bool(false)
-diff --git a/ext/sodium/tests/php_password_hash_argon2id.phpt b/ext/sodium/tests/php_password_hash_argon2id.phpt
-index e6d4c1ee80a9..db5145718b8f 100644
---- a/ext/sodium/tests/php_password_hash_argon2id.phpt
-+++ b/ext/sodium/tests/php_password_hash_argon2id.phpt
-@@ -36,38 +36,39 @@ foreach([1, 2, 4] as $mem) {
- --EXPECTF--
- Argon2 provider: string(%d) "%s"
- Using password: string(44) "%s"
--Hash: string(98) "$argon2id$v=19$m=262144,t=3,p=1$%s$%s"
-+Hash: string(97) "$argon2id$v=19$m=65536,t=4,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(98) "$argon2id$v=19$m=262144,t=6,p=1$%s$%s"
-+Hash: string(97) "$argon2id$v=19$m=65536,t=8,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(99) "$argon2id$v=19$m=262144,t=12,p=1$%s$%s"
-+Hash: string(98) "$argon2id$v=19$m=65536,t=16,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(98) "$argon2id$v=19$m=524288,t=3,p=1$%s$%s"
-+Hash: string(98) "$argon2id$v=19$m=131072,t=4,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(98) "$argon2id$v=19$m=524288,t=6,p=1$%s$%s"
-+Hash: string(98) "$argon2id$v=19$m=131072,t=8,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(99) "$argon2id$v=19$m=524288,t=12,p=1$%s$%s"
-+Hash: string(99) "$argon2id$v=19$m=131072,t=16,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(99) "$argon2id$v=19$m=1048576,t=3,p=1$%s$%s"
-+Hash: string(98) "$argon2id$v=19$m=262144,t=4,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(99) "$argon2id$v=19$m=1048576,t=6,p=1$%s$%s"
-+Hash: string(98) "$argon2id$v=19$m=262144,t=8,p=1$%s$%s"
- bool(true)
- bool(false)
- Using password: string(44) "%s"
--Hash: string(100) "$argon2id$v=19$m=1048576,t=12,p=1$%s$%s"
-+Hash: string(99) "$argon2id$v=19$m=262144,t=16,p=1$%s$%s"
- bool(true)
- bool(false)
-+
-diff --git a/ext/standard/php_password.h b/ext/standard/php_password.h
-index ce3fdba6bbc4..97a6bf63a21e 100644
---- a/ext/standard/php_password.h
-+++ b/ext/standard/php_password.h
-@@ -34,14 +34,11 @@ PHP_MSHUTDOWN_FUNCTION(password);
-
- #if HAVE_ARGON2LIB
- /**
-- * OPSLIMIT and MEMLIMIT are taken from libsodium's MODERATE values.
-- * Threads are fixed at 1 by libsodium.
-- *
- * When updating these values, synchronize ext/sodium/sodium_pwhash.c values.
- * Note that libargon expresses memlimit in KB, while libsoidum uses bytes.
- */
--#define PHP_PASSWORD_ARGON2_MEMORY_COST (256 << 10)
--#define PHP_PASSWORD_ARGON2_TIME_COST 3
-+#define PHP_PASSWORD_ARGON2_MEMORY_COST (64 << 10)
-+#define PHP_PASSWORD_ARGON2_TIME_COST 4
- #define PHP_PASSWORD_ARGON2_THREADS 1
- #endif
-
-diff --git a/ext/standard/tests/password/password_needs_rehash_argon2.phpt b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
-index 9552be1dc924..69588d02ad4a 100644
---- a/ext/standard/tests/password/password_needs_rehash_argon2.phpt
-+++ b/ext/standard/tests/password/password_needs_rehash_argon2.phpt
-@@ -10,24 +10,20 @@ if (!defined('PASSWORD_ARGON2ID')) die('skip password_hash not built with Argon2
-
- $hash = password_hash('test', PASSWORD_ARGON2I);
- var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I));
--var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => 1<<17]));
--var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => 4]));
--var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['threads' => 4]));
-+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * 2]));
-+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2I, ['time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST + 1]));
-
- $hash = password_hash('test', PASSWORD_ARGON2ID);
- var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID));
--var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['memory_cost' => 1<<17]));
--var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['time_cost' => 4]));
--var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['threads' => 4]));
-+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST * 2]));
-+var_dump(password_needs_rehash($hash, PASSWORD_ARGON2ID, ['time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST + 1]));
-+
- echo "OK!";
--?>
- --EXPECT--
- bool(false)
- bool(true)
- bool(true)
--bool(true)
- bool(false)
- bool(true)
- bool(true)
--bool(true)
- OK!
-From db0eaa8cf1cbeeec5968a5f91a416541d354ccfe Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@php.net>
-Date: Wed, 10 Jul 2019 09:00:41 +0200
-Subject: [PATCH] improve libargon2/libsodium compatibility
-
----
- ext/standard/password.c | 15 +++++++++++++++
- ext/standard/tests/password/bug75221.phpt | 2 +-
- .../password/password_hash_error_argon2.phpt | 4 ++--
- 3 files changed, 18 insertions(+), 3 deletions(-)
-
-diff --git a/ext/standard/password.c b/ext/standard/password.c
-index aacb30e61cb7..a12590c0e083 100644
---- a/ext/standard/password.c
-+++ b/ext/standard/password.c
-@@ -571,6 +571,21 @@ static const php_password_algo* php_password_algo_find_zval_ex(zval *arg, const
- #if HAVE_ARGON2LIB
- case 2: return &php_password_algo_argon2i;
- case 3: return &php_password_algo_argon2id;
-+#else
-+ case 2:
-+ {
-+ zend_string *n = zend_string_init("argon2i", sizeof("argon2i")-1, 0);
-+ const php_password_algo* ret = php_password_algo_find(n);
-+ zend_string_release(n);
-+ return ret;
-+ }
-+ case 3:
-+ {
-+ zend_string *n = zend_string_init("argon2id", sizeof("argon2id")-1, 0);
-+ const php_password_algo* ret = php_password_algo_find(n);
-+ zend_string_release(n);
-+ return ret;
-+ }
- #endif
- }
- return NULL;
-diff --git a/ext/standard/tests/password/bug75221.phpt b/ext/standard/tests/password/bug75221.phpt
-index ec03f92ea6cd..bd6e386a164e 100644
---- a/ext/standard/tests/password/bug75221.phpt
-+++ b/ext/standard/tests/password/bug75221.phpt
-@@ -9,7 +9,7 @@ if (!defined('PASSWORD_ARGON2I')) die('skip password_hash not built with Argon2'
- $hash = password_hash(
- "php",
- PASSWORD_ARGON2I,
-- ['memory_cost' => 16384, 'time_cost' => 2, 'threads' => 4]
-+ ['memory_cost' => 64 << 10, 'time_cost' => 4, 'threads' => 1]
- );
- var_dump(substr($hash, -1, 1) !== "\0");
- ?>
-diff --git a/ext/standard/tests/password/password_hash_error_argon2.phpt b/ext/standard/tests/password/password_hash_error_argon2.phpt
-index 070d61656ab1..2ea6b93627c0 100644
---- a/ext/standard/tests/password/password_hash_error_argon2.phpt
-+++ b/ext/standard/tests/password/password_hash_error_argon2.phpt
-@@ -21,7 +21,7 @@ NULL
- Warning: password_hash(): Time cost is outside of allowed time range in %s on line %d
- NULL
-
--Warning: password_hash(): Invalid number of threads in %s on line %d
-+Warning: password_hash(): %sthread%s
- NULL
-
- Warning: password_hash(): Memory cost is outside of allowed memory range in %s on line %d
-@@ -30,5 +30,5 @@ NULL
- Warning: password_hash(): Time cost is outside of allowed time range in %s on line %d
- NULL
-
--Warning: password_hash(): Invalid number of threads in %s on line %d
-+Warning: password_hash(): %sthread%s
- NULL
diff --git a/php.ini b/php.ini
index 5e3ffc5..06adab5 100644
--- a/php.ini
+++ b/php.ini
@@ -359,6 +359,12 @@ zend.enable_gc = On
; Default: ""
;zend.script_encoding =
+; Allows to include or exclude arguments from stack traces generated for exceptions
+; Default: Off
+; In production, it is recommended to turn this setting on to prohibit the output
+; of sensitive information in stack traces
+zend.exception_ignore_args = On
+
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
@@ -595,6 +601,7 @@ report_memleaks = On
; ascii (all printable ASCII characters and NL)
; no-ctrl (all characters except control characters)
; all (all characters)
+; raw (like "all", but messages are not split at newlines)
; http://php.net/syslog.filter
;syslog.filter = ascii
@@ -1561,6 +1568,11 @@ zend.assertions = -1
; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
;mbstring.http_output_conv_mimetype=
+; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
+; to the pcre.recursion_limit for PCRE.
+; Default: 100000
+;mbstring.regex_stack_limit=100000
+
[gd]
; Tell the jpeg decode to ignore warnings and try to create
; a gd image. The warning will then be displayed as notices
diff --git a/php.spec b/php.spec
index 4de1b9c..827528f 100644
--- a/php.spec
+++ b/php.spec
@@ -102,13 +102,13 @@
%global gh_owner php
%global gh_project php-src
%global upver 7.4.0
-%global rcver alpha3
-%global lower alpha3
+%global rcver beta1
+%global lower beta1
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: %{upver}%{?lower:~%{lower}}%{?gh_date:.%{gh_date}}
-Release: 13%{?dist}
+Release: 14%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -163,7 +163,6 @@ Patch47: php-5.6.3-phpinfo.patch
Patch91: php-7.2.0-oci8conf.patch
# Upstream fixes (100+)
-Patch100: php-upstream.patch
# Security fixes (200+)
@@ -215,17 +214,28 @@ BuildRequires: /bin/ps
Requires: httpd-mmn = %{_httpd_mmn}
Provides: %{?scl_prefix}mod_php = %{version}-%{release}
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
-# For backwards-compatibility, require php-cli for the time being:
-Requires: %{?scl_prefix}php-cli%{?_isa} = %{version}-%{release}
# To ensure correct /var/lib/php/session ownership:
%if %{with_httpd2410}
Requires(pre): httpd-filesystem
%else
Requires(pre): httpd
%endif
+
%if 0%{?fedora} >= 27 || 0%{?rhel} >= 8
+# For backwards-compatibility, pull the "php" command
+Recommends: %{?scl_prefix}php-cli%{?_isa} = %{version}-%{release}
# httpd have threaded MPM by default
-Recommends: %{?scl_prefix}php-fpm%{?_isa} = %{version}-%{release}
+Recommends: %{?scl_prefix}php-fpm%{?_isa} = %{version}-%{release}
+# as "php" is now mostly a meta-package, commonly used extensions
+Recommends: %{?scl_prefix}php-json%{?_isa} = %{version}-%{release}
+Recommends: %{?scl_prefix}php-mbstring%{?_isa} = %{version}-%{release}
+Recommends: %{?scl_prefix}php-opcache%{?_isa} = %{version}-%{release}
+Recommends: %{?scl_prefix}php-pdo%{?_isa} = %{version}-%{release}
+Recommends: %{?scl_prefix}php-sodium%{?_isa} = %{version}-%{release}
+Recommends: %{?scl_prefix}php-xml%{?_isa} = %{version}-%{release}
+%else
+# For backwards-compatibility, require php-cli for the time being:
+Requires: %{?scl_prefix}php-cli%{?_isa} = %{version}-%{release}
%endif
@@ -698,11 +708,6 @@ License: PHP
License: PHP and BSD
%endif
Requires: %{?scl_prefix}php-common%{?_isa} = %{version}-%{release}
-# Required to build the bundled GD library
-BuildRequires: pkgconfig(libjpeg)
-BuildRequires: pkgconfig(libpng)
-BuildRequires: pkgconfig(freetype2)
-BuildRequires: pkgconfig(xpm)
%if %{with_libgd}
BuildRequires: pkgconfig(gdlib) >= 2.1.1
%if 0%{?fedora} <= 19 && 0%{?rhel} <= 7
@@ -711,6 +716,12 @@ Requires: gd-last%{?_isa} >= 2.1.1
Requires: gd%{?_isa} >= 2.1.1
%endif
%else
+# Required to build the bundled GD library
+BuildRequires: pkgconfig(zlib)
+BuildRequires: pkgconfig(libjpeg)
+BuildRequires: pkgconfig(libpng)
+BuildRequires: pkgconfig(freetype2)
+BuildRequires: pkgconfig(xpm)
BuildRequires: pkgconfig(libwebp)
Provides: bundled(gd) = 2.0.35
%endif
@@ -899,8 +910,6 @@ in pure PHP.
%setup -q -n php-%{upver}%{?rcver}
%endif
-rm -r ext/recode
-
%patch1 -p1 -b .mpmcheck
%patch5 -p1 -b .includedir
%patch6 -p1 -b .embed
@@ -923,7 +932,6 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in
%patch91 -p1 -b .remi-oci8
# upstream patches
-%patch100 -p1 -b .up
# security patches
@@ -1112,11 +1120,7 @@ ln -sf ../configure
--disable-rpath \
--without-pear \
--with-exec-dir=%{_bindir} \
- --with-freetype \
- --with-png \
- --with-xpm \
--without-gdbm \
- --with-jpeg \
--with-openssl \
--with-system-ciphers \
%if %{with_libpcre}
@@ -1162,6 +1166,10 @@ build --libdir=%{_libdir}/php \
--with-external-gd \
%else
--enable-gd=shared \
+ --with-webp \
+ --with-jpeg \
+ --with-xpm \
+ --with-freetype \
%endif
--with-gmp=shared \
--enable-calendar=shared \
@@ -1771,6 +1779,13 @@ fi
%changelog
+* Tue Jul 23 2019 Remi Collet <remi@remirepo.net> - 7.4.0~beta1-14
+- update to 7.4.0beta1
+- main package now recommends commonly used extensions and SAPI
+ (json, mbstring, opcache, pdo, xml)
+- fix gd build options and dependencies
+- refresh provided configuration from upstream production values
+
* Fri Jul 12 2019 Remi Collet <remi@remirepo.net> - 7.4.0~alpha3-13
- drop recode extension, moved to php-pecl-recode
- add upstream patch for argon2 password