diff --git a/.gitignore b/.gitignore
index 7a7788f..c21741e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/php-8.0.13.tar.xz
+SOURCES/php-8.0.20.tar.xz
SOURCES/php-keyring.gpg
diff --git a/.php.metadata b/.php.metadata
index cd165c8..62a528e 100644
--- a/.php.metadata
+++ b/.php.metadata
@@ -1,2 +1,2 @@
-53e7bfb527c0be4fe1ac1022b9e2895cbc256860 SOURCES/php-8.0.13.tar.xz
+20fb0e37359586a6794ecf57f2b63c2f2c396f5c SOURCES/php-8.0.20.tar.xz
35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg
diff --git a/SOURCES/php-8.0.10-snmp-sha.patch b/SOURCES/php-8.0.10-snmp-sha.patch
index 3ef67ea..a48ad5f 100644
--- a/SOURCES/php-8.0.10-snmp-sha.patch
+++ b/SOURCES/php-8.0.10-snmp-sha.patch
@@ -61,12 +61,12 @@ index 69d6549405b17..f0917501751f5 100644
#include "ext/spl/spl_exceptions.h"
#include "snmp_arginfo.h"
-@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_prot
+@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot)
if (!strcasecmp(prot, "MD5")) {
s->securityAuthProto = usmHMACMD5AuthProtocol;
s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
- } else
-+ return true;
++ return 0;
+ }
#endif
+
@@ -76,7 +76,7 @@ index 69d6549405b17..f0917501751f5 100644
- } else {
- zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
- return (-1);
-+ return true;
++ return 0;
}
- return (0);
+
@@ -84,7 +84,7 @@ index 69d6549405b17..f0917501751f5 100644
+ if (!strcasecmp(prot, "SHA256")) {
+ s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
+ s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
-+ return true;
++ return 0;
+ }
+#endif
+
@@ -92,7 +92,7 @@ index 69d6549405b17..f0917501751f5 100644
+ if (!strcasecmp(prot, "SHA512")) {
+ s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
+ s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
-+ return true;
++ return 0;
+ }
+#endif
+
@@ -111,7 +111,7 @@ index 69d6549405b17..f0917501751f5 100644
+ smart_string_0(&err);
+ zend_value_error("%s", err.c);
+ smart_string_free(&err);
-+ return false;
++ return -1;
}
/* }}} */
diff --git a/SOURCES/php-8.0.10-systzdata-v20.patch b/SOURCES/php-8.0.10-systzdata-v21.patch
similarity index 86%
rename from SOURCES/php-8.0.10-systzdata-v20.patch
rename to SOURCES/php-8.0.10-systzdata-v21.patch
index 5b0d84b..779f538 100644
--- a/SOURCES/php-8.0.10-systzdata-v20.patch
+++ b/SOURCES/php-8.0.10-systzdata-v21.patch
@@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired.
History:
+r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
r20: adapt for timelib 2020.03 (in 8.0.10RC1)
r19: adapt for timelib 2020.02 (in 8.0.0beta2)
r18: adapt for autotool change in 7.3.3RC1
@@ -31,9 +32,10 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
r2: add filesystem trawl to set up name alias index
r1: initial revision
-diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4
---- ./ext/date/config0.m4.systzdata 2021-08-10 11:35:28.000000000 +0200
-+++ ./ext/date/config0.m4 2021-08-10 12:09:41.067003517 +0200
+diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
+index 20e4164aaa..a61243646d 100644
+--- a/ext/date/config0.m4
++++ b/ext/date/config0.m4
@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
dnl Check for strtoll, atoll
AC_CHECK_FUNCS(strtoll atoll)
@@ -54,9 +56,10 @@ diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4
PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
-diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
---- ./ext/date/lib/parse_tz.c.systzdata 2021-08-10 11:35:28.000000000 +0200
-+++ ./ext/date/lib/parse_tz.c 2021-08-10 12:12:13.191605207 +0200
+diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
+index e9bd0f136d..c04ff01adc 100644
+--- a/ext/date/lib/parse_tz.c
++++ b/ext/date/lib/parse_tz.c
@@ -26,8 +26,21 @@
#include "timelib.h"
#include "timelib_private.h"
@@ -79,7 +82,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
#if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
# if defined(__LITTLE_ENDIAN__)
-@@ -94,6 +107,11 @@ static int read_php_preamble(const unsig
+@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
{
uint32_t version;
@@ -91,7 +94,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
/* read ID */
version = (*tzf)[3] - '0';
*tzf += 4;
-@@ -435,7 +453,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
+@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
}
}
@@ -322,6 +325,44 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
+}
+
+
++/* Retrieve tzdata version. */
++static void retrieve_zone_version(timelib_tzdb *db)
++{
++ static char buf[30];
++ char path[PATH_MAX];
++ FILE *fp;
++
++ strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path));
++
++ fp = fopen(path, "r");
++ if (fp) {
++ if (fgets(buf, sizeof(buf), fp)) {
++ if (!memcmp(buf, "# version ", 10) &&
++ isdigit(buf[10]) &&
++ isdigit(buf[11]) &&
++ isdigit(buf[12]) &&
++ isdigit(buf[13]) &&
++ islower(buf[14])) {
++ if (buf[14] >= 't') { /* 2022t = 2022.20 */
++ buf[17] = 0;
++ buf[16] = buf[14] - 't' + '0';
++ buf[15] = '2';
++ } else if (buf[14] >= 'j') { /* 2022j = 2022.10 */
++ buf[17] = 0;
++ buf[16] = buf[14] - 'j' + '0';
++ buf[15] = '1';
++ } else { /* 2022a = 2022.1 */
++ buf[16] = 0;
++ buf[15] = buf[14] - 'a' + '1';
++ }
++ buf[14] = '.';
++ db->version = buf+10;
++ }
++ }
++ fclose(fp);
++ }
++}
++
+/* Create the zone identifier index by trawling the filesystem. */
+static void create_zone_index(timelib_tzdb *db)
+{
@@ -522,7 +563,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
{
int left = 0, right = tzdb->index_size - 1;
-@@ -461,9 +901,48 @@ static int seek_to_tz_position(const uns
+@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
return 0;
}
@@ -559,6 +600,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
+ tmp->version = "0.system";
+ tmp->data = NULL;
+ create_zone_index(tmp);
++ retrieve_zone_version(tmp);
+ system_location_table = create_location_table();
+ fake_data_segment(tmp, system_location_table);
+ timezonedb_system = tmp;
@@ -571,7 +613,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
}
const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
-@@ -475,7 +954,30 @@ const timelib_tzdb_index_entry *timelib_
+@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
{
const unsigned char *tzf;
@@ -603,7 +645,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
}
static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
-@@ -517,6 +1019,8 @@ static timelib_tzinfo* timelib_tzinfo_ct
+@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
{
const unsigned char *tzf;
@@ -612,7 +654,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
timelib_tzinfo *tmp;
int version;
int transitions_result, types_result;
-@@ -524,7 +1028,7 @@ timelib_tzinfo *timelib_parse_tzfile(con
+@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
*error_code = TIMELIB_ERROR_NO_ERROR;
@@ -621,7 +663,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
tmp = timelib_tzinfo_ctor(timezone);
version = read_preamble(&tzf, tmp, &type);
-@@ -563,11 +1067,36 @@ timelib_tzinfo *timelib_parse_tzfile(con
+@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
}
skip_posix_string(&tzf, tmp);
@@ -658,3 +700,19 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c
} else {
*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
tmp = NULL;
+diff --git a/ext/date/php_date.c b/ext/date/php_date.c
+index 2d5cffb963..389f09f313 100644
+--- a/ext/date/php_date.c
++++ b/ext/date/php_date.c
+@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date)
+ php_info_print_table_row(2, "date/time support", "enabled");
+ php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION);
+ php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version);
++#ifdef HAVE_SYSTEM_TZDATA
++ php_info_print_table_row(2, "Timezone Database", "system");
++#else
+ php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal");
++#endif
+ php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb));
+ php_info_print_table_end();
+
diff --git a/SOURCES/php-8.0.13.tar.xz.asc b/SOURCES/php-8.0.13.tar.xz.asc
deleted file mode 100644
index 009e606..0000000
--- a/SOURCES/php-8.0.13.tar.xz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQJEBAABCgAuFiEEFyn4OTjaROJ7oPTT29s5dHDRIXIFAmGUGpcQHHBvbGxpdGFA
-cGhwLm5ldAAKCRDb2zl0cNEhcuMrD/9c6os7ZNv/cS5I3arv5jvMvogp+ROkHNcd
-NPB+JOjIDVOReKEWYImwhJv2/tD7VdItJTA7drHK8n419nGq0qywyyQuu6aRgUTF
-d2hE4+49fnQjcwZ+Bz/tM2maJ5jy0yZN6lkdBkO8lOXUAEqwPvdaZUl3mjrgPI5k
-MYXidRBvNcioNqHOVkYZ9wzsuGiN81TBU/MreEPBMcaht5agautVw9XMnqJ13pZB
-jnJxCgWUggvpu8KPKNCtTWOVlegkUqi13+GO6J9U2fEYb7be8edMXlTaJWXZkd9H
-VlKlN+/4eXvcRQxzhmxilDpZfYhvmivj/34r3Ox1JYBHS59VCFztMLl4+7cl7D/y
-z/L7U6xHlxW0O2xa6XM1SSUxxIRw8De+2FkFuWCWAkMxJefBqy+fb9jSGqB/gxys
-T2vQdMvswMp0LPmhYjwOyvNXc3TCvPIRxyvdtRqMaAe3IUqkA+B81QTB2kzNPJz3
-8L5t5FR5fLFuIgUGkdE7odStCakriJjsyNRAuSTzJ/X4UzMmUI7cMWpPuJ2PKzBl
-ecK6DB9wBGNQfm4mvlS1vtov4XDGPRmZNx+hnad8seJpGLQ/7kAwbw9XMcvPcOkU
-QfI8IZbSSF7et2Dwup8YrWRG8RrJY5MI4I5xGKYQD/WoygS9yLLrqy+kapo0ajYy
-0bqxeMLb9g==
-=+AGI
------END PGP SIGNATURE-----
diff --git a/SOURCES/php-8.0.20.tar.xz.asc b/SOURCES/php-8.0.20.tar.xz.asc
new file mode 100644
index 0000000..ef50495
--- /dev/null
+++ b/SOURCES/php-8.0.20.tar.xz.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJEBAABCgAuFiEEFyn4OTjaROJ7oPTT29s5dHDRIXIFAmKf85UQHHBvbGxpdGFA
+cGhwLm5ldAAKCRDb2zl0cNEhck+gEAC/LtjNXwNKHtE3M/mj8cYKIq3nJ1eOI7lD
+9NBz+hUdMpH1RjtYqrEjflVWyLLRlqfa3ZtX9mlVEq1Z/+bUKR9a0OYyXOD1ZKYe
+nt6m2exrt4ZgynTDiwZrpcoT+yM5qhKx8OhiiLSOREI7M3Zrf5tmxuCnrDTwWq4n
+6KlbeGg4KMq1HsAir8BVXTMV5C9BSChkBFgZtc6I1Mw4WfeBByrxILEPi9EFj2jy
+SSZBTUI/0sHKC1DAan1Ixdj5RAHWdpks8wAX5padQDDK+tytQLe92jQh1hD4scGE
+PGwPKaJ9I4UyBleuGV2oAFIXANwwWs54zqjW9QezbXJFU5PLNNyViOGfeNRv75uN
+jMOoi34/1egYpNM5OSHlLJi8Th1otvWmLqP/cSwRHFAjj9kp4g0kmKLNpOTxg/oo
+DtpX70FxlQhhJEpjKbJ0GIJbjZuvVkMBx6j4VyjL/GP67o/eCWinyiKGpI8uU3mL
+ihItvHydGoBgp3COYG3yVClHjWrJMsF4rABYn2VIbuF5nUQcPOc3v9ZlDvlIphQq
+e+TOGGDPkkZpfk1Jc6uBo5gpfA6ubF7+OwLfcoXb/jB6MhZOjgR1gb0Li+9GhMS0
+s0o/jqk6ExhgzZ12KM7GqbW52tcEQA3eZEYbqTv3/WnurI9ijdzAmr/snXm8yZtS
+m3t0XapP2Q==
+=O/Ui
+-----END PGP SIGNATURE-----
diff --git a/SOURCES/php.conf b/SOURCES/php.conf
index 8585837..639652b 100644
--- a/SOURCES/php.conf
+++ b/SOURCES/php.conf
@@ -19,15 +19,13 @@ DirectoryIndex index.php
#
# Redirect to local php-fpm (no mod_php in default configuration)
#
-
-
+
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
-
#
@@ -36,7 +34,7 @@ DirectoryIndex index.php
#
# mod_php options
#
-
+
#
# Cause the PHP interpreter to handle files with a .php extension.
#
diff --git a/SOURCES/php.modconf b/SOURCES/php.modconf
index 6f678e6..e169f4a 100644
--- a/SOURCES/php.modconf
+++ b/SOURCES/php.modconf
@@ -11,4 +11,3 @@
-
diff --git a/SPECS/php.spec b/SPECS/php.spec
index 3cb6d5b..2fd094c 100644
--- a/SPECS/php.spec
+++ b/SPECS/php.spec
@@ -54,7 +54,7 @@
%global with_tidy 0
%endif
-%global upver 8.0.13
+%global upver 8.0.20
#global rcver RC1
Summary: PHP scripting language for creating dynamic web sites
@@ -100,7 +100,7 @@ Patch9: php-8.0.6-deprecated.patch
# Functional changes
# use system tzdata
-Patch42: php-8.0.10-systzdata-v20.patch
+Patch42: php-8.0.10-systzdata-v21.patch
# See http://bugs.php.net/53436
Patch43: php-7.4.0-phpize.patch
# Use -lldap_r for OpenLDAP
@@ -142,6 +142,7 @@ BuildRequires: pkgconfig(zlib) >= 1.2.0.4
BuildRequires: smtpdaemon
BuildRequires: pkgconfig(libedit)
BuildRequires: pkgconfig(libpcre2-8) >= 10.30
+BuildRequires: pkgconfig(libxcrypt)
BuildRequires: bzip2
BuildRequires: perl-interpreter
BuildRequires: autoconf
@@ -715,7 +716,7 @@ in pure PHP.
# Prevent %%doc confusion over LICENSE files
-cp Zend/LICENSE Zend/ZEND_LICENSE
+cp Zend/LICENSE ZEND_LICENSE
cp TSRM/LICENSE TSRM_LICENSE
cp sapi/fpm/LICENSE fpm_LICENSE
cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE
@@ -1368,7 +1369,7 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%files common -f files.common
%doc EXTENSIONS NEWS UPGRADING* README.REDIST.BINS *md docs
-%license LICENSE TSRM_LICENSE
+%license LICENSE TSRM_LICENSE ZEND_LICENSE
%license libmagic_LICENSE
%license timelib_LICENSE
%doc php.ini-*
@@ -1504,6 +1505,17 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%changelog
+* Mon Aug 1 2022 Remi Collet - 8.0.20-2
+- snmp3 calls using authPriv or authNoPriv immediately return false #2104630
+
+* Wed Jul 20 2022 Remi Collet - 8.0.20-1
+- rebase to 8.0.20 #2100876
+- fix wrong mod_php configuration #2094728
+
+* Wed Jun 22 2022 Remi Collet - 8.0.13-3
+- fix password of excessive length triggers buffer overflow leading to RCE
+ CVE-2022-31626
+
* Tue Dec 14 2021 Remi Collet - 8.0.13-2
- refresh provided configuration from upstream