Fix pgsql extension does not check for errors during escapingHEADmaster

  CVE-2025-1735
Fix NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
  CVE-2025-6491
Fix Null byte termination in hostnames
  CVE-2025-1220

1 files changed, 51 insertions, 20 deletions

diff --git a/php.spec b/php.spec
index b4ea12d..8990793 100644
--- a/php.spec
+++ b/php.spec
@@ -49,17 +49,10 @@
 
 %global mysql_sock %(mysql_config --socket  2>/dev/null || echo /var/lib/mysql/mysql.sock)
 
-%ifarch aarch64
-%global oraclever 19.25
-%global oraclemax 20
-%global oraclelib 19.1
-%global oracledir 19.25
-%else
-%global oraclever 23.7
+%global oraclever 23.8
 %global oraclemax 24
 %global oraclelib 23.1
 %global oracledir 23
-%endif
 
 # Build for LiteSpeed Web Server (LSAPI)
 %global with_lsws     1
@@ -125,7 +118,7 @@
 Summary: PHP scripting language for creating dynamic web sites
 Name:    %{?scl_prefix}php
 Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}}
-Release: 22%{?dist}
+Release: 24%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -165,8 +158,6 @@ Source53: 20-ffi.ini
 Patch1: php-7.4.0-httpd.patch
 Patch5: php-7.2.0-includedir.patch
 Patch6: php-7.4.0-embed.patch
-# For libxml 2.12 from 8.1
-Patch7: php-7.4.33-libxml212.patch
 Patch8: php-7.2.0-libdb.patch
 Patch10: php-7.4.33-gcc14.patch
 # For recent ICU from 8.2
@@ -216,6 +207,14 @@ Patch216: php-cve-2024-8932.patch
 Patch217: php-cve-2024-11233.patch
 Patch218: php-ghsa-4w77-75f9-2c8w.patch
 Patch219: php-cve-2024-8929.patch
+Patch220: php-cve-2025-1217.patch
+Patch221: php-cve-2025-1734.patch
+Patch222: php-cve-2025-1861.patch
+Patch223: php-cve-2025-1736.patch
+Patch224: php-cve-2025-1219.patch
+Patch225: php-cve-2025-6491.patch
+Patch226: php-cve-2025-1220.patch
+Patch227: php-cve-2025-1735.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -224,6 +223,8 @@ Patch300: php-7.0.10-datetests.patch
 Patch301: php-7.4.33-tests.patch
 # For zlib-ng
 Patch302: php-7.4.33-zlib-tests.patch
+# for pcre2 10.45
+Patch303: php-7.4.33-pcretests.patch
 
 # WIP
 
@@ -668,14 +669,7 @@ Summary:        A module for PHP applications that use OCI8 databases
 Group:          Development/Languages
 # All files licensed under PHP version 3.01
 License:        PHP
-%ifarch aarch64
-BuildRequires:  oracle-instantclient%{oraclever}-devel
-# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM.
-Requires:       libclntsh.so.%{oraclelib}
-AutoReq:        0
-%else
 BuildRequires: (oracle-instantclient-devel >= %{oraclever} with oracle-instantclient-devel < %{oraclemax})
-%endif
 Requires:       %{?scl_prefix}php-pdo%{?_isa} = %{version}-%{release}
 Provides:       %{?scl_prefix}php_database
 Provides:       %{?scl_prefix}php-pdo_oci
@@ -983,10 +977,9 @@ in pure PHP.
 %patch -P1 -p1 -b .mpmcheck
 %patch -P5 -p1 -b .includedir
 %patch -P6 -p1 -b .embed
-%patch -P7 -p1 -b .libxml212
 %patch -P8 -p1 -b .libdb
 %patch -P10 -p1 -b .gcc14
-%patch -P11 -p1 -b .icu
+%patch -P11 -p1 -b .icu74
 %patch -P12 -p1 -b .proto
 
 %patch -P42 -p1 -b .systzdata
@@ -1026,11 +1019,20 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
 %patch -P217 -p1 -b .cve11233
 %patch -P218 -p1 -b .ghsa4w77
 %patch -P219 -p1 -b .cve8929
+%patch -P220 -p1 -b .cve1217
+%patch -P221 -p1 -b .cve1734
+%patch -P222 -p1 -b .cve1861
+%patch -P223 -p1 -b .cve1736
+%patch -P224 -p1 -b .cve1219
+%patch -P225 -p1 -b .cve6491
+%patch -P226 -p1 -b .cve1220
+%patch -P227 -p1 -b .cve1735
 
 # Fixes for tests
 %patch -P300 -p1 -b .datetests
 %patch -P301 -p1 -b .tests
 %patch -P302 -p1 -b .zlibng
+%patch -P303 -p1 -b .pcretests
 
 # WIP patch
 
@@ -1072,6 +1074,13 @@ rm Zend/tests/bug68412.phpt
 rm sapi/cli/tests/upload_2G.phpt
 # tar issue
 rm ext/zlib/tests/004-mb.phpt
+# Known to fail
+%if 0%{?rhel} == 8
+rm ext/openssl/tests/openssl_error_string_basic.phpt
+rm ext/openssl/tests/openssl_open_basic.phpt
+%endif
+rm ext/openssl/tests/openssl_private_decrypt_basic.phpt
+rm ext/openssl/tests/openssl_x509_parse_basic.phpt
 
 # Safety check for API version change.
 pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h)
@@ -1917,8 +1926,30 @@ EOF
 
 
 %changelog
+* Thu Jul  3 2025 Remi Collet <remi@remirepo.net> - 7.4.33-24
+- Fix pgsql extension does not check for errors during escaping
+  CVE-2025-1735
+- Fix NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
+  CVE-2025-6491
+- Fix Null byte termination in hostnames
+  CVE-2025-1220
+
+* Mon Mar 17 2025 Remi Collet <remi@remirepo.net> - 7.4.33-23
+- Fix libxml streams use wrong `content-type` header when requesting a redirected resource
+  CVE-2025-1219
+- Fix Stream HTTP wrapper header check might omit basic auth header
+  CVE-2025-1736
+- Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
+  CVE-2025-1861
+- Fix Streams HTTP wrapper does not fail for headers without colon
+  CVE-2025-1734
+- Fix Header parser of `http` stream wrapper does not handle folded headers
+  CVE-2025-1217
+- use oracle client library version 23.7 on x86_64 and aarch64
+
 * Thu Feb 13 2025 Remi Collet <remi@remirepo.net> - 7.4.33-22
 - backport fix for ICU 74+
+- backport fix strict prototypes
 
 * Wed Nov 27 2024 Remi Collet <remi@remirepo.net> - 7.4.33-21
 - Fix Leak partial content of the heap through heap buffer over-read