import php-8.0.20-2.module+el8.7.0+16187+bb5ab920

2022-11-08 01:48:48 -05:00 · 2022-11-08 01:48:48 -05:00 · 3875b7254d
commit 3875b7254d
parent 962415d61a
10 changed files with 111 additions and 73 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/php-8.0.13.tar.xz
+SOURCES/php-8.0.20.tar.xz
 SOURCES/php-keyring.gpg
--- a/.php.metadata
+++ b/.php.metadata
@ -1,2 +1,2 @@
-53e7bfb527c0be4fe1ac1022b9e2895cbc256860 SOURCES/php-8.0.13.tar.xz
+20fb0e37359586a6794ecf57f2b63c2f2c396f5c SOURCES/php-8.0.20.tar.xz
 35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg
--- a/SOURCES/php-8.0.10-snmp-sha.patch
+++ b/SOURCES/php-8.0.10-snmp-sha.patch
@ -61,12 +61,12 @@ index 69d6549405b17..f0917501751f5 100644
 #include "ext/spl/spl_exceptions.h"
 #include "snmp_arginfo.h"
 
-@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_prot
+@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot)
 	if (!strcasecmp(prot, "MD5")) {
 		s->securityAuthProto = usmHMACMD5AuthProtocol;
 		s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
 -	} else
-+		return true;
+		return 0;
 +	}
 #endif
 +
@ -76,7 +76,7 @@ index 69d6549405b17..f0917501751f5 100644
 -	} else {
 -		zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
 -		return (-1);
-+		return true;
+		return 0;
 	}
 -	return (0);
 +
@ -84,7 +84,7 @@ index 69d6549405b17..f0917501751f5 100644
 +	if (!strcasecmp(prot, "SHA256")) {
 +		s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
 +		s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
-+		return true;
+		return 0;
 +	}
 +#endif
 +
@ -92,7 +92,7 @@ index 69d6549405b17..f0917501751f5 100644
 +	if (!strcasecmp(prot, "SHA512")) {
 +		s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
 +		s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
-+		return true;
+		return 0;
 +	}
 +#endif
 +
@ -111,7 +111,7 @@ index 69d6549405b17..f0917501751f5 100644
 +	smart_string_0(&err);
 +	zend_value_error("%s", err.c);
 +	smart_string_free(&err);
-+	return false;
+	return -1;
 }
 /* }}} */
 
--- a/SOURCES/php-8.0.10-systzdata-v21.patch
+++ b/SOURCES/php-8.0.10-systzdata-v21.patch
@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather
 than embedding a copy.  Discussed upstream but was not desired.

 History:
+r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
 r20: adapt for timelib 2020.03 (in 8.0.10RC1)
 r19: adapt for timelib 2020.02 (in 8.0.0beta2)
 r18: adapt for autotool change in 7.3.3RC1
@ -31,9 +32,10 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
 r2: add filesystem trawl to set up name alias index
 r1: initial revision

-diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4
--- ./ext/date/config0.m4.systzdata	2021-08-10 11:35:28.000000000 +0200
-+++ ./ext/date/config0.m4	2021-08-10 12:09:41.067003517 +0200
+diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
+index 20e4164aaa..a61243646d 100644
+--- a/ext/date/config0.m4
+++ b/ext/date/config0.m4
@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
 dnl Check for strtoll, atoll
 AC_CHECK_FUNCS(strtoll atoll)
@ -54,9 +56,10 @@ diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4
 PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
 timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
                  lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
-diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
--- ./ext/date/lib/parse_tz.c.systzdata	2021-08-10 11:35:28.000000000 +0200
-+++ ./ext/date/lib/parse_tz.c	2021-08-10 12:12:13.191605207 +0200
+diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
+index e9bd0f136d..c04ff01adc 100644
+--- a/ext/date/lib/parse_tz.c
+++ b/ext/date/lib/parse_tz.c
@@ -26,8 +26,21 @@
 #include "timelib.h"
 #include "timelib_private.h"
@ -79,7 +82,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 
 #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
 # if defined(__LITTLE_ENDIAN__)
-@@ -94,6 +107,11 @@ static int read_php_preamble(const unsig
+@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
 {
 	uint32_t version;
 
@ -91,7 +94,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 	/* read ID */
 	version = (*tzf)[3] - '0';
 	*tzf += 4;
-@@ -435,7 +453,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
+@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
 	}
 }
 
@ -322,6 +325,44 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 +}
 +
 +
+/* Retrieve tzdata version. */
+static void retrieve_zone_version(timelib_tzdb *db)
+{
+    static char buf[30];
+    char path[PATH_MAX];
+    FILE *fp;
+
+    strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path));
+
+    fp = fopen(path, "r");
+    if (fp) {
+		if (fgets(buf, sizeof(buf), fp)) {
+			if (!memcmp(buf, "# version ", 10) &&
+				isdigit(buf[10]) &&
+				isdigit(buf[11]) &&
+				isdigit(buf[12]) &&
+				isdigit(buf[13]) &&
+				islower(buf[14])) {
+				if (buf[14] >= 't') {        /* 2022t = 2022.20 */
+					buf[17] = 0;
+					buf[16] = buf[14] - 't' + '0';
+					buf[15] = '2';
+				} else if (buf[14] >= 'j') { /* 2022j = 2022.10 */
+					buf[17] = 0;
+					buf[16] = buf[14] - 'j' + '0';
+					buf[15] = '1';
+				} else {                     /* 2022a = 2022.1  */
+					buf[16] = 0;
+					buf[15] = buf[14] - 'a' + '1';
+				}
+				buf[14] = '.';
+				db->version = buf+10;
+			}
+		}
+		fclose(fp);
+    }
+}
+
 +/* Create the zone identifier index by trawling the filesystem. */
 +static void create_zone_index(timelib_tzdb *db)
 +{
@ -522,7 +563,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 {
 	int left = 0, right = tzdb->index_size - 1;
 
-@@ -461,9 +901,48 @@ static int seek_to_tz_position(const uns
+@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
 	return 0;
 }
 
@ -559,6 +600,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 +		tmp->version = "0.system";
 +		tmp->data = NULL;
 +		create_zone_index(tmp);
+		retrieve_zone_version(tmp);
 +		system_location_table = create_location_table();
 +		fake_data_segment(tmp, system_location_table);
 +		timezonedb_system = tmp;
@ -571,7 +613,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 }
 
 const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
-@@ -475,7 +954,30 @@ const timelib_tzdb_index_entry *timelib_
+@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
 int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
 {
 	const unsigned char *tzf;
@ -603,7 +645,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 }
 
 static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
-@@ -517,6 +1019,8 @@ static timelib_tzinfo* timelib_tzinfo_ct
+@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
 timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
 {
 	const unsigned char *tzf;
@ -612,7 +654,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 	timelib_tzinfo *tmp;
 	int version;
 	int transitions_result, types_result;
-@@ -524,7 +1028,7 @@ timelib_tzinfo *timelib_parse_tzfile(con
+@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
 
 	*error_code = TIMELIB_ERROR_NO_ERROR;
 
@ -621,7 +663,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 		tmp = timelib_tzinfo_ctor(timezone);
 
 		version = read_preamble(&tzf, tmp, &type);
-@@ -563,11 +1067,36 @@ timelib_tzinfo *timelib_parse_tzfile(con
+@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
 		}
 		skip_posix_string(&tzf, tmp);
 
@ -658,3 +700,19 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
 	} else {
 		*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
 		tmp = NULL;
+diff --git a/ext/date/php_date.c b/ext/date/php_date.c
+index 2d5cffb963..389f09f313 100644
+--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
+@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date)
+ 	php_info_print_table_row(2, "date/time support", "enabled");
+ 	php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION);
+ 	php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version);
+#ifdef HAVE_SYSTEM_TZDATA
+	php_info_print_table_row(2, "Timezone Database", "system");
+#else
+ 	php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal");
+#endif
+ 	php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb));
+ 	php_info_print_table_end();
+ 
--- a/SOURCES/php-8.0.13.tar.xz.asc
+++ b/SOURCES/php-8.0.13.tar.xz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQJEBAABCgAuFiEEFyn4OTjaROJ7oPTT29s5dHDRIXIFAmGUGpcQHHBvbGxpdGFA
-cGhwLm5ldAAKCRDb2zl0cNEhcuMrD/9c6os7ZNv/cS5I3arv5jvMvogp+ROkHNcd
-NPB+JOjIDVOReKEWYImwhJv2/tD7VdItJTA7drHK8n419nGq0qywyyQuu6aRgUTF
-d2hE4+49fnQjcwZ+Bz/tM2maJ5jy0yZN6lkdBkO8lOXUAEqwPvdaZUl3mjrgPI5k
-MYXidRBvNcioNqHOVkYZ9wzsuGiN81TBU/MreEPBMcaht5agautVw9XMnqJ13pZB
-jnJxCgWUggvpu8KPKNCtTWOVlegkUqi13+GO6J9U2fEYb7be8edMXlTaJWXZkd9H
-VlKlN+/4eXvcRQxzhmxilDpZfYhvmivj/34r3Ox1JYBHS59VCFztMLl4+7cl7D/y
-z/L7U6xHlxW0O2xa6XM1SSUxxIRw8De+2FkFuWCWAkMxJefBqy+fb9jSGqB/gxys
-T2vQdMvswMp0LPmhYjwOyvNXc3TCvPIRxyvdtRqMaAe3IUqkA+B81QTB2kzNPJz3
-8L5t5FR5fLFuIgUGkdE7odStCakriJjsyNRAuSTzJ/X4UzMmUI7cMWpPuJ2PKzBl
-ecK6DB9wBGNQfm4mvlS1vtov4XDGPRmZNx+hnad8seJpGLQ/7kAwbw9XMcvPcOkU
-QfI8IZbSSF7et2Dwup8YrWRG8RrJY5MI4I5xGKYQD/WoygS9yLLrqy+kapo0ajYy
-0bqxeMLb9g==
-=+AGI
-----END PGP SIGNATURE-----
--- a/SOURCES/php-8.0.20.tar.xz.asc
+++ b/SOURCES/php-8.0.20.tar.xz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJEBAABCgAuFiEEFyn4OTjaROJ7oPTT29s5dHDRIXIFAmKf85UQHHBvbGxpdGFA
+cGhwLm5ldAAKCRDb2zl0cNEhck+gEAC/LtjNXwNKHtE3M/mj8cYKIq3nJ1eOI7lD
+9NBz+hUdMpH1RjtYqrEjflVWyLLRlqfa3ZtX9mlVEq1Z/+bUKR9a0OYyXOD1ZKYe
+nt6m2exrt4ZgynTDiwZrpcoT+yM5qhKx8OhiiLSOREI7M3Zrf5tmxuCnrDTwWq4n
+6KlbeGg4KMq1HsAir8BVXTMV5C9BSChkBFgZtc6I1Mw4WfeBByrxILEPi9EFj2jy
+SSZBTUI/0sHKC1DAan1Ixdj5RAHWdpks8wAX5padQDDK+tytQLe92jQh1hD4scGE
+PGwPKaJ9I4UyBleuGV2oAFIXANwwWs54zqjW9QezbXJFU5PLNNyViOGfeNRv75uN
+jMOoi34/1egYpNM5OSHlLJi8Th1otvWmLqP/cSwRHFAjj9kp4g0kmKLNpOTxg/oo
+DtpX70FxlQhhJEpjKbJ0GIJbjZuvVkMBx6j4VyjL/GP67o/eCWinyiKGpI8uU3mL
+ihItvHydGoBgp3COYG3yVClHjWrJMsF4rABYn2VIbuF5nUQcPOc3v9ZlDvlIphQq
+e+TOGGDPkkZpfk1Jc6uBo5gpfA6ubF7+OwLfcoXb/jB6MhZOjgR1gb0Li+9GhMS0
+s0o/jqk6ExhgzZ12KM7GqbW52tcEQA3eZEYbqTv3/WnurI9ijdzAmr/snXm8yZtS
+m3t0XapP2Q==
+=O/Ui
+-----END PGP SIGNATURE-----
--- a/SOURCES/php-CVE-2022-31626.patch
+++ b/SOURCES/php-CVE-2022-31626.patch
@ -1,23 +0,0 @@
-From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001
-From: Stanislav Malyshev <smalyshev@gmail.com>
-Date: Mon, 6 Jun 2022 00:56:51 -0600
-Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
-
---
- ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
-index 87b2e7c31331..e4a298adaea4 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
-+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
-@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
- 	MYSQLND_VIO * vio = conn->vio;
- 	MYSQLND_STATS * stats = conn->stats;
- 	MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
-	zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
-+	size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
-+	zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
- 	zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
- 
- 	DBG_ENTER("php_mysqlnd_change_auth_response_write");
--- a/SOURCES/php.conf
+++ b/SOURCES/php.conf
@ -19,15 +19,13 @@ DirectoryIndex index.php
 #
 # Redirect to local php-fpm (no mod_php in default configuration)
 #
-<IfModule !mod_php5.c>
-  <IfModule !mod_php7.c>
+<IfModule !mod_php.c>
    # Enable http authorization headers
    SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

    <FilesMatch \.(php|phar)$>
        SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
    </FilesMatch>
-  </IfModule>
 </IfModule>

 #
@ -36,7 +34,7 @@ DirectoryIndex index.php
 #
 # mod_php options
 #
-<IfModule  mod_php7.c>
+<IfModule  mod_php.c>
    #
    # Cause the PHP interpreter to handle files with a .php extension.
    #
--- a/SOURCES/php.modconf
+++ b/SOURCES/php.modconf
@ -11,4 +11,3 @@
    </IfModule>
  </IfModule>
 </IfModule>
-
--- a/SPECS/php.spec
+++ b/SPECS/php.spec
@ -54,13 +54,13 @@
 %global with_tidy     0
 %endif

-%global upver        8.0.13
+%global upver        8.0.20
 #global rcver        RC1

 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: %{upver}%{?rcver:~%{rcver}}
-Release: 3%{?dist}
+Release: 2%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@ -100,7 +100,7 @@ Patch9: php-8.0.6-deprecated.patch

 # Functional changes
 # use system tzdata
-Patch42: php-8.0.10-systzdata-v20.patch
+Patch42: php-8.0.10-systzdata-v21.patch
 # See http://bugs.php.net/53436
 Patch43: php-7.4.0-phpize.patch
 # Use -lldap_r for OpenLDAP
@ -119,7 +119,6 @@ Patch51: php-8.0.13-crypt.patch
 # Upstream fixes (100+)

 # Security fixes (200+)
-Patch200: php-CVE-2022-31626.patch

 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@ -143,6 +142,7 @@ BuildRequires: pkgconfig(zlib) >= 1.2.0.4
 BuildRequires: smtpdaemon
 BuildRequires: pkgconfig(libedit)
 BuildRequires: pkgconfig(libpcre2-8) >= 10.30
+BuildRequires: pkgconfig(libxcrypt)
 BuildRequires: bzip2
 BuildRequires: perl-interpreter
 BuildRequires: autoconf
@ -710,14 +710,13 @@ in pure PHP.
 # upstream patches

 # security patches
-%patch200 -p1 -b .cve31626

 # Fixes for tests
 %patch300 -p1 -b .datetests


 # Prevent %%doc confusion over LICENSE files
-cp Zend/LICENSE Zend/ZEND_LICENSE
+cp Zend/LICENSE ZEND_LICENSE
 cp TSRM/LICENSE TSRM_LICENSE
 cp sapi/fpm/LICENSE fpm_LICENSE
 cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE
@ -1370,7 +1369,7 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :

 %files common -f files.common
 %doc EXTENSIONS NEWS UPGRADING* README.REDIST.BINS *md docs
-%license LICENSE TSRM_LICENSE
+%license LICENSE TSRM_LICENSE ZEND_LICENSE
 %license libmagic_LICENSE
 %license timelib_LICENSE
 %doc php.ini-*
@ -1506,6 +1505,13 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :


 %changelog
+* Mon Aug  1 2022 Remi Collet <rcollet@redhat.com> - 8.0.20-2
+- snmp3 calls using authPriv or authNoPriv immediately return false #2104630
+
+* Wed Jul 20 2022 Remi Collet <rcollet@redhat.com> - 8.0.20-1
+- rebase to 8.0.20 #2100876
+- fix wrong mod_php configuration #2094728
+
 * Wed Jun 22 2022 Remi Collet <rcollet@redhat.com> - 8.0.13-3
 - fix password of excessive length triggers buffer overflow leading to RCE
  CVE-2022-31626