diff options
Diffstat (limited to 'php.spec')
-rw-r--r-- | php.spec | 59 |
1 files changed, 35 insertions, 24 deletions
@@ -49,17 +49,10 @@ %global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock) -%ifarch aarch64 -%global oraclever 19.25 -%global oraclemax 20 -%global oraclelib 19.1 -%global oracledir 19.25 -%else %global oraclever 23.7 %global oraclemax 24 %global oraclelib 23.1 %global oracledir 23 -%endif # Build for LiteSpeed Web Server (LSAPI), you can disable using --without tests %bcond_without lsws @@ -132,7 +125,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}}%{?gh_date:.%{gh_date}} -Release: 12%{?dist} +Release: 13%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -172,8 +165,6 @@ Patch1: php-7.4.0-httpd.patch Patch5: php-7.2.0-includedir.patch Patch6: php-8.0.0-embed.patch Patch7: php-7.4.0-libdb.patch -# For libxml 2.12 from 8.1 -Patch8: php-8.0.30-libxml212.patch # get rid of deprecated functions from 8.1 Patch9: php-8.0.6-deprecated.patch # For recent ICU from 8.2 @@ -226,11 +217,17 @@ Patch209: php-cve-2024-8932.patch Patch210: php-cve-2024-11233.patch Patch211: php-ghsa-4w77-75f9-2c8w.patch Patch212: php-cve-2024-8929.patch +Patch213: php-cve-2025-1217.patch +Patch214: php-cve-2025-1734.patch +Patch215: php-cve-2025-1861.patch +Patch216: php-cve-2025-1736.patch +Patch217: php-cve-2025-1219.patch # Fixes for tests (300+) # Factory is droped from system tzdata Patch300: php-7.4.0-datetests.patch Patch301: php-8.0.30-zlib-tests.patch +Patch302: php-8.0.30-pcretests.patch # WIP @@ -661,14 +658,7 @@ License. Summary: A module for PHP applications that use OCI8 databases # All files licensed under PHP version 3.01 License: PHP -%ifarch aarch64 -BuildRequires: oracle-instantclient%{oraclever}-devel -# Should requires libclntsh.so.19.1()(aarch-64), but it's not provided by Oracle RPM. -Requires: libclntsh.so.%{oraclelib} -AutoReq: 0 -%else BuildRequires: (oracle-instantclient-devel >= %{oraclever} with oracle-instantclient-devel < %{oraclemax}) -%endif Requires: %{?scl_prefix}php-pdo%{?_isa} = %{version}-%{release} Provides: %{?scl_prefix}php_database Provides: %{?scl_prefix}php-pdo_oci @@ -986,7 +976,6 @@ in pure PHP. %patch -P5 -p1 -b .includedir %patch -P6 -p1 -b .embed %patch -P7 -p1 -b .libdb -%patch -P8 -p1 -b .libxml212 %patch -P9 -p1 -b .deprecated %patch -P11 -p1 -b .icu74 %patch -P12 -p1 -b .proto @@ -1025,10 +1014,16 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 %patch -P210 -p1 -b .cve11233 %patch -P211 -p1 -b .ghsa4w77 %patch -P212 -p1 -b .cve8929 +%patch -P213 -p1 -b .cve1217 +%patch -P214 -p1 -b .cve1734 +%patch -P215 -p1 -b .cve1861 +%patch -P216 -p1 -b .cve1736 +%patch -P217 -p1 -b .cve1219 # Fixes for tests %patch -P300 -p1 -b .datetests %patch -P301 -p1 -b .zlibng +%patch -P302 -p1 -b .pcretests # WIP patch @@ -1051,12 +1046,6 @@ mkdir \ # ----- Manage known as failed test ------- # affected by systzdata patch rm ext/date/tests/timezone_location_get.phpt -%if 0%{?fedora} < 36 -# need tzdata 2022b -rm ext/date/tests/bug33414-1.phpt -rm ext/date/tests/bug33415-2.phpt -rm ext/date/tests/date_modify-1.phpt -%endif # too fast builder rm ext/date/tests/bug73837.phpt # fails sometime @@ -1073,6 +1062,15 @@ rm ext/zlib/tests/004-mb.phpt # failed when systemd is enabled rm sapi/fpm/tests/gh8885-stderr-fd-reload-usr1.phpt rm sapi/fpm/tests/gh8885-stderr-fd-reload-usr2.phpt +# Known to fail +%if 0%{?rhel} == 8 +rm ext/openssl/tests/openssl_error_string_basic.phpt +rm ext/openssl/tests/openssl_open_basic.phpt +%else +rm ext/openssl/tests/openssl_error_string_basic_openssl3.phpt +%endif +rm ext/openssl/tests/openssl_private_decrypt_basic.phpt +rm ext/openssl/tests/openssl_x509_parse_basic.phpt # Safety check for API version change. pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h) @@ -1917,6 +1915,19 @@ EOF %changelog +* Thu Mar 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-13 +- Fix libxml streams use wrong `content-type` header when requesting a redirected resource + CVE-2025-1219 +- Fix Stream HTTP wrapper header check might omit basic auth header + CVE-2025-1736 +- Fix Stream HTTP wrapper truncate redirect location to 1024 bytes + CVE-2025-1861 +- Fix Streams HTTP wrapper does not fail for headers without colon + CVE-2025-1734 +- Fix Header parser of `http` stream wrapper does not handle folded headers + CVE-2025-1217 +- use oracle client library version 23.7 on x86_64 and aarch64 + * Thu Feb 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-12 - backport fix for ICU 74+ - backport fix strict prototypes |