summaryrefslogtreecommitdiffstats
path: root/php.spec
diff options
context:
space:
mode:
Diffstat (limited to 'php.spec')
-rw-r--r--php.spec59
1 files changed, 35 insertions, 24 deletions
diff --git a/php.spec b/php.spec
index 5c7d361..a41ff6c 100644
--- a/php.spec
+++ b/php.spec
@@ -49,17 +49,10 @@
%global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
-%ifarch aarch64
-%global oraclever 19.25
-%global oraclemax 20
-%global oraclelib 19.1
-%global oracledir 19.25
-%else
%global oraclever 23.7
%global oraclemax 24
%global oraclelib 23.1
%global oracledir 23
-%endif
# Build for LiteSpeed Web Server (LSAPI), you can disable using --without tests
%bcond_without lsws
@@ -132,7 +125,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: %{?scl_prefix}php
Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}}
-Release: 12%{?dist}
+Release: 13%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@@ -172,8 +165,6 @@ Patch1: php-7.4.0-httpd.patch
Patch5: php-7.2.0-includedir.patch
Patch6: php-8.0.0-embed.patch
Patch7: php-7.4.0-libdb.patch
-# For libxml 2.12 from 8.1
-Patch8: php-8.0.30-libxml212.patch
# get rid of deprecated functions from 8.1
Patch9: php-8.0.6-deprecated.patch
# For recent ICU from 8.2
@@ -226,11 +217,17 @@ Patch209: php-cve-2024-8932.patch
Patch210: php-cve-2024-11233.patch
Patch211: php-ghsa-4w77-75f9-2c8w.patch
Patch212: php-cve-2024-8929.patch
+Patch213: php-cve-2025-1217.patch
+Patch214: php-cve-2025-1734.patch
+Patch215: php-cve-2025-1861.patch
+Patch216: php-cve-2025-1736.patch
+Patch217: php-cve-2025-1219.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
Patch300: php-7.4.0-datetests.patch
Patch301: php-8.0.30-zlib-tests.patch
+Patch302: php-8.0.30-pcretests.patch
# WIP
@@ -661,14 +658,7 @@ License.
Summary: A module for PHP applications that use OCI8 databases
# All files licensed under PHP version 3.01
License: PHP
-%ifarch aarch64
-BuildRequires: oracle-instantclient%{oraclever}-devel
-# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM.
-Requires: libclntsh.so.%{oraclelib}
-AutoReq: 0
-%else
BuildRequires: (oracle-instantclient-devel >= %{oraclever} with oracle-instantclient-devel < %{oraclemax})
-%endif
Requires: %{?scl_prefix}php-pdo%{?_isa} = %{version}-%{release}
Provides: %{?scl_prefix}php_database
Provides: %{?scl_prefix}php-pdo_oci
@@ -986,7 +976,6 @@ in pure PHP.
%patch -P5 -p1 -b .includedir
%patch -P6 -p1 -b .embed
%patch -P7 -p1 -b .libdb
-%patch -P8 -p1 -b .libxml212
%patch -P9 -p1 -b .deprecated
%patch -P11 -p1 -b .icu74
%patch -P12 -p1 -b .proto
@@ -1025,10 +1014,16 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
%patch -P210 -p1 -b .cve11233
%patch -P211 -p1 -b .ghsa4w77
%patch -P212 -p1 -b .cve8929
+%patch -P213 -p1 -b .cve1217
+%patch -P214 -p1 -b .cve1734
+%patch -P215 -p1 -b .cve1861
+%patch -P216 -p1 -b .cve1736
+%patch -P217 -p1 -b .cve1219
# Fixes for tests
%patch -P300 -p1 -b .datetests
%patch -P301 -p1 -b .zlibng
+%patch -P302 -p1 -b .pcretests
# WIP patch
@@ -1051,12 +1046,6 @@ mkdir \
# ----- Manage known as failed test -------
# affected by systzdata patch
rm ext/date/tests/timezone_location_get.phpt
-%if 0%{?fedora} < 36
-# need tzdata 2022b
-rm ext/date/tests/bug33414-1.phpt
-rm ext/date/tests/bug33415-2.phpt
-rm ext/date/tests/date_modify-1.phpt
-%endif
# too fast builder
rm ext/date/tests/bug73837.phpt
# fails sometime
@@ -1073,6 +1062,15 @@ rm ext/zlib/tests/004-mb.phpt
# failed when systemd is enabled
rm sapi/fpm/tests/gh8885-stderr-fd-reload-usr1.phpt
rm sapi/fpm/tests/gh8885-stderr-fd-reload-usr2.phpt
+# Known to fail
+%if 0%{?rhel} == 8
+rm ext/openssl/tests/openssl_error_string_basic.phpt
+rm ext/openssl/tests/openssl_open_basic.phpt
+%else
+rm ext/openssl/tests/openssl_error_string_basic_openssl3.phpt
+%endif
+rm ext/openssl/tests/openssl_private_decrypt_basic.phpt
+rm ext/openssl/tests/openssl_x509_parse_basic.phpt
# Safety check for API version change.
pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h)
@@ -1917,6 +1915,19 @@ EOF
%changelog
+* Thu Mar 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-13
+- Fix libxml streams use wrong `content-type` header when requesting a redirected resource
+ CVE-2025-1219
+- Fix Stream HTTP wrapper header check might omit basic auth header
+ CVE-2025-1736
+- Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
+ CVE-2025-1861
+- Fix Streams HTTP wrapper does not fail for headers without colon
+ CVE-2025-1734
+- Fix Header parser of `http` stream wrapper does not handle folded headers
+ CVE-2025-1217
+- use oracle client library version 23.7 on x86_64 and aarch64
+
* Thu Feb 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-12
- backport fix for ICU 74+
- backport fix strict prototypes