Remi's RPM repository - Packages

- Update to 8.4.2 - http://www.php.net/releases/8_4_2.php

- Update to 8.4.2RC1
- EL-9.5: enable argon2 password hash, using OpenSSL 3.2

- Update to 8.4.1 - http://www.php.net/releases/8_4_1.php

- Update to 8.4.0 GA - http://www.php.net/releases/8_4_0.php

- Update to 8.4.0RC4

- Update to 8.4.0RC3

- Update to 8.4.0RC2

- Update to 8.4.0RC1
- bump ABI/API numbers

- Update to 8.3.15 - http://www.php.net/releases/8_3_15.php

- update to 8.3.15RC1

- Update to 8.3.14 - http://www.php.net/releases/8_3_14.php

- update to 8.3.14RC1

- Update to 8.3.13 - http://www.php.net/releases/8_3_13.php

- update to 8.3.13RC1

- Update to 8.3.12 - http://www.php.net/releases/8_3_12.php

- update to 8.3.12RC1
- use ICU 74.2

- Update to 8.2.27 - http://www.php.net/releases/8_2_27.php

- update to 8.2.27RC1

- Update to 8.2.26 - http://www.php.net/releases/8_2_26.php

- update to 8.2.26RC1

- Update to 8.2.25 - http://www.php.net/releases/8_2_25.php

- update to 8.2.25RC1

- Update to 8.2.24 - http://www.php.net/releases/8_2_24.php

- update to 8.2.24RC1
- use ICU 74.2

- Update to 8.1.31 - http://www.php.net/releases/8_1_31.php

- Update to 8.1.30 - http://www.php.net/releases/8_1_30.php
- use ICU 74.2

- use oracle client library version 23.5 on x86_64

- Update to 8.1.29 - http://www.php.net/releases/8_1_29.php

- Update to 8.1.28 - http://www.php.net/releases/8_1_28.php

- use oracle client library version 21.13 on x86_64
- patch test suite for zlib-ng

- Update to 8.1.27 - http://www.php.net/releases/8_1_27.php

- update to 8.1.27RC1
- add fixes for libxml 2.12 from 8.2

- Fix Leak partial content of the heap through heap buffer over-read
  CVE-2024-8929

- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
  GHSA-4w77-75f9-2c8w
- Fix OOB access in ldap_escape
  CVE-2024-8932
- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233

- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
  CVE-2024-4577
- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
- Fix Logs from childrens may be altered
  CVE-2024-9026
- Fix Erroneous parsing of multipart form data
  CVE-2024-8925
- use ICU 74.2

- add backport for https://bugs.php.net/79589
  error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading

- use oracle client library version 23.5 on x86_64

- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458

- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

- use oracle client library version 21.13 on x86_64
- patch test suite for zlib-ng
- add EOL message

- Fix Leak partial content of the heap through heap buffer over-read
  CVE-2024-8929

- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
  GHSA-4w77-75f9-2c8w
- Fix OOB access in ldap_escape
  CVE-2024-8932
- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233

- disable firebird on EL-10

- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
  CVE-2024-4577
- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
- Fix Logs from childrens may be altered
  CVE-2024-9026
- Fix Erroneous parsing of multipart form data
  CVE-2024-8925
- use ICU 74.2

- add backport for https://bugs.php.net/79589
  error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading

- use oracle client library version 23.5 on x86_64

- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458

- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

- Fix Leak partial content of the heap through heap buffer over-read
  CVE-2024-8929

- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
  GHSA-4w77-75f9-2c8w
- Fix OOB access in ldap_escape
  CVE-2024-8932
- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233

- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
  CVE-2024-4577
- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
- Fix Erroneous parsing of multipart form data
  CVE-2024-8925

- use oracle client library version 23.5 on x86_64

- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458

- use oracle client library version 21.11 on x86_64, 19.19 on aarch64
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

- use oracle client library version 21.11 on x86_64, 19.19 on aarch64
- use official Oracle Instant Client RPM

- Fix Security issue with external entity loading in XML without enabling it
  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
- move httpd/nginx wants directive to config files in /etc

- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
  GHSA-4w77-75f9-2c8w
- Fix OOB access in ldap_escape
  CVE-2024-8932
- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233

- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
  CVE-2024-4577
- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
- Fix Erroneous parsing of multipart form data
  CVE-2024-8925

- use oracle client library version 23.5 on x86_64

- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458

- use oracle client library version 21.13 on x86_64, 19.19 on aarch64
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

- use oracle client library version 21.11 on x86_64, 19.19 on aarch64
- use official Oracle Instant Client RPM

- Fix Security issue with external entity loading in XML without enabling it
  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
- move httpd/nginx wants directive to config files in /etc

- fix possible buffer overflow in date

- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458

- use oracle client library version 21.13 on x86_64, 19.19 on aarch64
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

- Fix Security issue with external entity loading in XML without enabling it
  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824

- fix possible buffer overflow in date

- Fix Missing error check and insufficient random bytes in HTTP Digest
  authentication for SOAP
  GHSA-76gg-c692-v2mw
- use oracle client library version 21.10
- define __phpize and __phpconfig

- fix #81744: Password_verify() always return true with some hash
  CVE-2023-0567
- fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
- fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662

- pdo: fix #81740: PDO::quote() may return unquoted string
  CVE-2022-31631
- use oracle client library version 21.8

- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628
- core: fix #81727 Don't mangle HTTP variable names that clash with ones
  that have a specific semantic meaning. CVE-2022-31629
- use oracle client library version 21.7

- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458

- use oracle client library version 21.13 on x86_64, 19.19 on aarch64
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

- Fix Security issue with external entity loading in XML without enabling it
  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824

- fix possible buffer overflow in date

- Fix Missing error check and insufficient random bytes in HTTP Digest
  authentication for SOAP
  GHSA-76gg-c692-v2mw
- use oracle client library version 21.10
- define __phpize and __phpconfig

- fix #81744: Password_verify() always return true with some hash
  CVE-2023-0567
- fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
- fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662

- pdo: fix #81740: PDO::quote() may return unquoted string
  CVE-2022-31631
- use oracle client library version 21.8

- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628
- core: fix #81727 Don't mangle HTTP variable names that clash with ones
  that have a specific semantic meaning. CVE-2022-31629
- use oracle client library version 21.7

- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458

- use oracle client library version 21.13 on x86_64, 19.19 on aarch64
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

- Fix Security issue with external entity loading in XML without enabling it
  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824

- fix possible buffer overflow in date

- Fix insufficient random bytes in HTTP Digest authentication for SOAP
  GHSA-76gg-c692-v2mw
- use oracle client library version 21.10
- define __phpize and __phpconfig

- fix #81744: Password_verify() always return true with some hash
  CVE-2023-0567
- fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
- fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662

- pdo: fix #81740: PDO::quote() may return unquoted string
  CVE-2022-31631
- use oracle client library version 21.8

- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628
- core: fix #81727 Don't mangle HTTP variable names that clash with ones
  that have a specific semantic meaning. CVE-2022-31629
- use oracle client library version 21.7

- rebuild with gd 2.3.3
- myqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626

- myqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626