update to 8.1.8

Related: #2070040
This commit is contained in:
Remi Collet 2022-07-06 09:55:58 +02:00
parent 53cde90017
commit 0fbb33a3e3
5 changed files with 9 additions and 358 deletions

2
.gitignore vendored
View File

@ -2,3 +2,5 @@
/php-8.1.6.tar.xz.asc
/php-8.1.7.tar.xz
/php-8.1.7.tar.xz.asc
/php-8.1.8.tar.xz
/php-8.1.8.tar.xz.asc

View File

@ -1,33 +0,0 @@
From 2eb2f9d74f22bf35a4915ec95afc53a47ebf1af9 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 2 Jun 2022 08:05:22 +0200
Subject: [PATCH] Fix GH-8685 mbstring requires pcre
---
ext/mbstring/mbstring.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index 48f22a682a19..4a4088aed3fb 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -161,9 +161,18 @@ static const php_mb_nls_ident_list php_mb_default_identify_list[] = {
/* }}} */
+/* {{{ mbstring_deps[] */
+static const zend_module_dep mbstring_deps[] = {
+ ZEND_MOD_REQUIRED("pcre")
+ ZEND_MOD_END
+};
+/* }}} */
+
/* {{{ zend_module_entry mbstring_module_entry */
zend_module_entry mbstring_module_entry = {
- STANDARD_MODULE_HEADER,
+ STANDARD_MODULE_HEADER_EX,
+ NULL,
+ mbstring_deps,
"mbstring",
ext_functions,
PHP_MINIT(mbstring),

View File

@ -1,317 +0,0 @@
From 03a4ccd9120e5816e5f9f134f63b76e89558658f Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 31 May 2022 09:59:58 +0200
Subject: [PATCH] use sha256 in openssl test suite
---
ext/openssl/tests/bug41033.phpt | 4 ++--
ext/openssl/tests/bug61930.phpt | 11 ++++++-----
ext/openssl/tests/bug66501.phpt | 2 +-
ext/openssl/tests/ecc.phpt | 2 +-
ext/openssl/tests/openssl.cnf | 1 +
ext/openssl/tests/openssl_csr_export_basic.phpt | 2 +-
.../tests/openssl_csr_export_to_file_basic.phpt | 14 +++++++-------
.../tests/openssl_csr_get_public_key_basic.phpt | 2 +-
.../tests/openssl_csr_get_subject_basic.phpt | 2 +-
ext/openssl/tests/openssl_csr_sign_basic.phpt | 2 +-
ext/openssl/tests/openssl_sign_basic.phpt | 2 +-
.../tests/openssl_spki_export_challenge_basic.phpt | 14 --------------
ext/openssl/tests/openssl_spki_new_basic.phpt | 8 --------
ext/openssl/tests/openssl_spki_verify_basic.phpt | 14 --------------
ext/openssl/tests/openssl_verify_basic.phpt | 12 ++++++------
15 files changed, 29 insertions(+), 63 deletions(-)
diff --git a/ext/openssl/tests/bug41033.phpt b/ext/openssl/tests/bug41033.phpt
index ff30d8b266d0..73cca19506af 100644
--- a/ext/openssl/tests/bug41033.phpt
+++ b/ext/openssl/tests/bug41033.phpt
@@ -10,11 +10,11 @@ $pub = 'file://' . __DIR__ . '/' . 'bug41033pub.pem';
$prkeyid = openssl_get_privatekey($prv, "1234");
$ct = "Hello I am some text!";
-openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_SHA1);
+openssl_sign($ct, $signature, $prkeyid, OPENSSL_ALGO_SHA256);
echo "Signature: ".base64_encode($signature) . "\n";
$pukeyid = openssl_get_publickey($pub);
-$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_SHA1);
+$valid = openssl_verify($ct, $signature, $pukeyid, OPENSSL_ALGO_SHA256);
echo "Signature validity: " . $valid . "\n";
diff --git a/ext/openssl/tests/bug61930.phpt b/ext/openssl/tests/bug61930.phpt
index 862c6a07bfd0..d97f4990173a 100644
--- a/ext/openssl/tests/bug61930.phpt
+++ b/ext/openssl/tests/bug61930.phpt
@@ -4,19 +4,20 @@ Bug #61930: openssl corrupts ssl key resource when using openssl_get_publickey()
openssl
--FILE--
<?php
-$cert = file_get_contents(__DIR__.'/cert.crt');
+$cert = file_get_contents(__DIR__.'/public.crt');
$data = <<<DATA
Please verify me
DATA;
-$sig = 'f9Gyb6NV/ENn7GUa37ygTLcF93XHf5fbFTnoYF/O+fXbq3iChGUbET0RuhOsptl' .
- 'AODi6JsDLnJO4ikcVZo0tC1fFTj3LyCuPy3ZdgJbbVxQ/rviROCmuMFTqUW/Xa2' .
- 'LQYiapeCCgLQeWTLg7TM/BoHEkKbKLG/XT5jHvep1758A=';
+$sig = 'w45LtLoRY/WPk/kcmP6CwGysOMuxuLbD35xMB/iAe5IMiBJjz2D1WGEY7Vz+rLZmYqOo58qNC3VtTg6ge9+UhfQHplvs6cXGKm' .
+ 'SkQlYv4EeFoByqYfPU9k2dE/WEItOJUUyqu9pHaCmRtLpxoLnJcdQVdiXfT0t8KwxUzZYDjrSfhp7rbKhhCc4jZMwo9PvBuPAT' .
+ 'MEfZbRNaVpwCFpjmmJczZCHFZFm7JYzR2jU0sjJMGALXidNBs9p0Fi1TGz3pZkxnQ5lwI5DX5ZSY0jiOcoVFt7k29GVFd0DPjm' .
+ '1NyieYU6tpnanG+ZqHIT8Um3FajYh0x1iMMe2lLETjklqYiw==';
$key = openssl_get_publickey($cert);
var_dump(openssl_get_publickey($key));
-var_dump(openssl_verify($data, base64_decode($sig), $key));
+var_dump(openssl_verify($data, base64_decode($sig), $key, OPENSSL_ALGO_SHA256));
?>
--EXPECTF--
object(OpenSSLAsymmetricKey)#%d (0) {
diff --git a/ext/openssl/tests/bug66501.phpt b/ext/openssl/tests/bug66501.phpt
index 4a7bfbf1361b..56d391032f7e 100644
--- a/ext/openssl/tests/bug66501.phpt
+++ b/ext/openssl/tests/bug66501.phpt
@@ -18,7 +18,7 @@ AwEHoUQDQgAEPq4hbIWHvB51rdWr8ejrjWo4qVNWVugYFtPg/xLQw0mHkIPZ4DvK
sqOTOnMoezkbSmVVMuwz9flvnqHGmQvmug==
-----END EC PRIVATE KEY-----';
$key = openssl_pkey_get_private($pkey);
-$res = openssl_sign($data ='alpha', $sign, $key, 'SHA1');
+$res = openssl_sign($data ='alpha', $sign, $key, 'SHA256');
var_dump($res);
?>
--EXPECT--
diff --git a/ext/openssl/tests/ecc.phpt b/ext/openssl/tests/ecc.phpt
index a18651dc5e4b..297af1dccd0c 100644
--- a/ext/openssl/tests/ecc.phpt
+++ b/ext/openssl/tests/ecc.phpt
@@ -64,7 +64,7 @@ $csr = openssl_csr_new($dn, $keyGenerate, $args);
var_dump($keyGenerate);
-$args["digest_alg"] = "sha1";
+$args["digest_alg"] = "sha256";
echo "Testing openssl_csr_new with existing ecc key\n";
$csr = openssl_csr_new($dn, $key1, $args);
var_dump($csr);
diff --git a/ext/openssl/tests/openssl.cnf b/ext/openssl/tests/openssl.cnf
index f3025aeb5caa..6146b93142cc 100644
--- a/ext/openssl/tests/openssl.cnf
+++ b/ext/openssl/tests/openssl.cnf
@@ -7,6 +7,7 @@ tsa_policy2 = 1.2.3.4.5.6
[ req ]
default_bits = 1024
+default_md = sha256
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
diff --git a/ext/openssl/tests/openssl_csr_export_basic.phpt b/ext/openssl/tests/openssl_csr_export_basic.phpt
index 559befe23c92..95bf741e9ec1 100644
--- a/ext/openssl/tests/openssl_csr_export_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_export_basic.phpt
@@ -17,7 +17,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
index dfa533b729cb..5b0920888163 100644
--- a/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_export_to_file_basic.phpt
@@ -25,7 +25,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
@@ -66,12 +66,12 @@ BggTncBh9ozkVQGS/P1m0zn/SKSgDO+6DdeLHLMjpUASaoYfsay4PJLAdnTqLOeM
g6qNE6u0ebZXVfmpSmV1pSZ6kQnxbsb6rX1iOZxkwHnVWYb40Hy0EILo31x6BVqB
m159m7s38ChiRHqlj20DmRfxXjiT5YDgYYQ29wQBTVQrTN5O9UW5Y+eKTXd8r6te
dsbIBXdKN7NeX7ksGYHq1I3hLsP8EyvZO78qfjKyEB0Jj3UCAwEAAaAAMA0GCSqG
-SIb3DQEBBQUAA4IBAQCamzVmIbElkiDQKzQpkfU5tHjrWPrHDSB186NI0sQ8i6GQ
-1YT6yPAXBPTQ1aER/6uAZJL5HfWEX8V1rKbe8GkPAPCHHQzmHyWlaO2EHS57zJhk
-sRrhqkhhkSNiDg4OrsguhRtbB2VMGeDbqHGI89uGqqGHUiZc/Bh8N7WFXZkUU/A0
-sfBgVeqg0P4SWez5fHXqBNcjMdMI5f0bikcDZSIfTHS8FX+PMurLBC8UPB0YNIOl
-1r2Lvo+6YUHOziG1OwQd3K0xxu/JzzOE+lMB73ynz4V6DY5Qv3qVno1GpupvgmQA
-JViHkCA9x6m8RJXAFvqmgLlWlUzbDv/cRrDfjWjR
+SIb3DQEBCwUAA4IBAQCNtCIfMHBDRvNqHmrDfR/+A7ZJ+n/XzA2uQhvjEq91DeT8
+IE7gjUtmj2sqKmHGIDO4uN4F9ZHYzcNk23n6CMljYqJLbB2dHC0V6vkDB7qod1TH
+/SK39Yj0ji2AT45LD5rLH3vd1bjxdwwhyPyGhshKOIdnmBv4mwTRANIsiISMQV4Y
+ZPAXJ5DTKkgdsY14hqhyWct1bWMPpj2MCLQGjKxK8vmbiKaNL1XxAS7chTXoy7un
+NvBKc82Wy3XEuC9AkNFEytD6kA9gu8nFydvYTOvvhaQrf9RzwSitgi9Vj3mbujsN
+f1JMPX0/eHrKvG9wBZu28FdS54xoWGeD1NGraW24
-----END CERTIFICATE REQUEST-----
"
diff --git a/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
index 7faaf2f23454..9f128c200bea 100644
--- a/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_get_public_key_basic.phpt
@@ -23,7 +23,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
index 6fe63e971775..79baeb65b8a5 100644
--- a/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_get_subject_basic.phpt
@@ -23,7 +23,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_csr_sign_basic.phpt b/ext/openssl/tests/openssl_csr_sign_basic.phpt
index a7030b392145..0cf678cc2944 100644
--- a/ext/openssl/tests/openssl_csr_sign_basic.phpt
+++ b/ext/openssl/tests/openssl_csr_sign_basic.phpt
@@ -20,7 +20,7 @@ $dn = array(
);
$args = array(
- "digest_alg" => "sha1",
+ "digest_alg" => "sha256",
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_DSA,
"encrypt_key" => true,
diff --git a/ext/openssl/tests/openssl_sign_basic.phpt b/ext/openssl/tests/openssl_sign_basic.phpt
index 48deac9337c1..047028101893 100644
--- a/ext/openssl/tests/openssl_sign_basic.phpt
+++ b/ext/openssl/tests/openssl_sign_basic.phpt
@@ -8,7 +8,7 @@ $data = "Testing openssl_sign()";
$privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
$wrong = "wrong";
-var_dump(openssl_sign($data, $sign, $privkey)); // no output
+var_dump(openssl_sign($data, $sign, $privkey, OPENSSL_ALGO_SHA256)); // no output
var_dump(openssl_sign($data, $sign, $wrong));
?>
--EXPECTF--
diff --git a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
index ab9076791be4..2fadc30e6810 100644
--- a/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
+++ b/ext/openssl/tests/openssl_spki_export_challenge_basic.phpt
@@ -22,8 +22,6 @@ foreach ($key_sizes as $key_size) {
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_MD5,
- OPENSSL_ALGO_SHA1,
OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
@@ -76,15 +74,3 @@ string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
bool\(false\)
string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
-string\(36\) \"[0-9a-f]{8}\-([0-9a-f]{4}\-){3}[0-9a-f]{12}\"
-bool\(false\)
diff --git a/ext/openssl/tests/openssl_spki_new_basic.phpt b/ext/openssl/tests/openssl_spki_new_basic.phpt
index 1d29fe05bd81..6b661afde36f 100644
--- a/ext/openssl/tests/openssl_spki_new_basic.phpt
+++ b/ext/openssl/tests/openssl_spki_new_basic.phpt
@@ -16,8 +16,6 @@ foreach ($key_sizes as $key_size) {
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_MD5,
- OPENSSL_ALGO_SHA1,
OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
@@ -47,16 +45,10 @@ string(478) "%s"
string(478) "%s"
string(478) "%s"
string(478) "%s"
-string(478) "%s"
-string(478) "%s"
-string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
string(830) "%s"
-string(830) "%s"
-string(1510) "%s"
-string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
string(1510) "%s"
diff --git a/ext/openssl/tests/openssl_spki_verify_basic.phpt b/ext/openssl/tests/openssl_spki_verify_basic.phpt
index 9b624a7a5f72..19704b4a4fa8 100644
--- a/ext/openssl/tests/openssl_spki_verify_basic.phpt
+++ b/ext/openssl/tests/openssl_spki_verify_basic.phpt
@@ -18,8 +18,6 @@ foreach ($key_sizes as $key_size) {
/* array of available hashings to test */
$algo = array(
- OPENSSL_ALGO_SHA1,
- OPENSSL_ALGO_SHA224,
OPENSSL_ALGO_SHA256,
OPENSSL_ALGO_SHA384,
OPENSSL_ALGO_SHA512,
@@ -65,15 +63,3 @@ bool(true)
bool(false)
bool(true)
bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
-bool(true)
-bool(false)
diff --git a/ext/openssl/tests/openssl_verify_basic.phpt b/ext/openssl/tests/openssl_verify_basic.phpt
index 0e93a21319d9..674a3c58a9ea 100644
--- a/ext/openssl/tests/openssl_verify_basic.phpt
+++ b/ext/openssl/tests/openssl_verify_basic.phpt
@@ -9,12 +9,12 @@ $privkey = "file://" . __DIR__ . "/private_rsa_1024.key";
$pubkey = "file://" . __DIR__ . "/public.key";
$wrong = "wrong";
-openssl_sign($data, $sign, $privkey);
-var_dump(openssl_verify($data, $sign, $pubkey));
-var_dump(openssl_verify($data, $sign, $privkey));
-var_dump(openssl_verify($data, $sign, $wrong));
-var_dump(openssl_verify($data, $wrong, $pubkey));
-var_dump(openssl_verify($wrong, $sign, $pubkey));
+openssl_sign($data, $sign, $privkey, OPENSSL_ALGO_SHA256);
+var_dump(openssl_verify($data, $sign, $pubkey, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($data, $sign, $privkey, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($data, $sign, $wrong, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($data, $wrong, $pubkey, OPENSSL_ALGO_SHA256));
+var_dump(openssl_verify($wrong, $sign, $pubkey, OPENSSL_ALGO_SHA256));
?>
--EXPECTF--
int(1)

View File

@ -64,13 +64,13 @@
%bcond_with imap
%bcond_without lmdb
%global upver 8.1.7
%global upver 8.1.8
#global rcver RC1
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
Release: 2%{?dist}
Release: 1%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@ -121,8 +121,6 @@ Patch45: php-7.4.0-ldap_r.patch
Patch47: php-8.1.0-phpinfo.patch
# Upstream fixes (100+)
Patch100: php-mbstring.patch
Patch101: php-openssl.patch
# Security fixes (200+)
@ -723,8 +721,6 @@ in pure PHP.
%patch47 -p1 -b .phpinfo
# upstream patches
%patch100 -p1 -b .pcre
%patch101 -p1 -b .sha1
# security patches
@ -1543,6 +1539,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%changelog
* Wed Jul 6 2022 Remi Collet <rcollet@redhat.com> - 8.1.8-1
- update to 8.1.8 #2070040
* Mon Jun 13 2022 Remi Collet <rcollet@redhat.com> - 8.1.7-2
- clean unneeded dependency on useradd command

View File

@ -1,2 +1,2 @@
SHA512 (php-8.1.7.tar.xz) = 1d72db220f3485310e02b67c41dd6434c26b7118f673ba7f425ff6b79cc96c86fc45bfe9c90b302d719eb9b7a5334f363a92ac309c367aacc93ab31a72a63c45
SHA512 (php-8.1.7.tar.xz.asc) = 9c34d74718261ed2a3375bb06a1e4d68b71d091c12558868bd0ab0325a5046e88af0b8a09fc4035169d681f98b14e108c04ea24053d7d80ca4a0cee5510054fa
SHA512 (php-8.1.8.tar.xz) = 4ef03b4c412bdbcdf6c3dc4784b3218a0519e6b91a0682e796270d4426c05c62309b4835ea31271857a5f2535d00f20a9f9b4a79703a49c3e40f16fafa948dd4
SHA512 (php-8.1.8.tar.xz.asc) = 2ae20e61537ee720567a21dde7488e471d3cf24ed80f1b70218f8f35efeaeadc1570ac5e957ecbb0a0aec6c13e6b6d968fb6db7e6ff50269c1a2f053970e15de