From abc873b1f6e042e72a22665a804c69c6c1d314c7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 09:38:11 -0400 Subject: [PATCH] import php-8.0.20-2.module+el8.7.0+16187+bb5ab920 --- .gitignore | 2 +- .php.metadata | 2 +- SOURCES/php-8.0.10-snmp-sha.patch | 12 +-- ...0.patch => php-8.0.10-systzdata-v21.patch} | 84 ++++++++++++++++--- SOURCES/php-8.0.13.tar.xz.asc | 17 ---- SOURCES/php-8.0.20.tar.xz.asc | 17 ++++ SOURCES/php.conf | 6 +- SOURCES/php.modconf | 1 - SPECS/php.spec | 20 ++++- 9 files changed, 114 insertions(+), 47 deletions(-) rename SOURCES/{php-8.0.10-systzdata-v20.patch => php-8.0.10-systzdata-v21.patch} (86%) delete mode 100644 SOURCES/php-8.0.13.tar.xz.asc create mode 100644 SOURCES/php-8.0.20.tar.xz.asc diff --git a/.gitignore b/.gitignore index 7a7788f..c21741e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/php-8.0.13.tar.xz +SOURCES/php-8.0.20.tar.xz SOURCES/php-keyring.gpg diff --git a/.php.metadata b/.php.metadata index cd165c8..62a528e 100644 --- a/.php.metadata +++ b/.php.metadata @@ -1,2 +1,2 @@ -53e7bfb527c0be4fe1ac1022b9e2895cbc256860 SOURCES/php-8.0.13.tar.xz +20fb0e37359586a6794ecf57f2b63c2f2c396f5c SOURCES/php-8.0.20.tar.xz 35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg diff --git a/SOURCES/php-8.0.10-snmp-sha.patch b/SOURCES/php-8.0.10-snmp-sha.patch index 3ef67ea..a48ad5f 100644 --- a/SOURCES/php-8.0.10-snmp-sha.patch +++ b/SOURCES/php-8.0.10-snmp-sha.patch @@ -61,12 +61,12 @@ index 69d6549405b17..f0917501751f5 100644 #include "ext/spl/spl_exceptions.h" #include "snmp_arginfo.h" -@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_prot +@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot) if (!strcasecmp(prot, "MD5")) { s->securityAuthProto = usmHMACMD5AuthProtocol; s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN; - } else -+ return true; ++ return 0; + } #endif + @@ -76,7 +76,7 @@ index 69d6549405b17..f0917501751f5 100644 - } else { - zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\""); - return (-1); -+ return true; ++ return 0; } - return (0); + @@ -84,7 +84,7 @@ index 69d6549405b17..f0917501751f5 100644 + if (!strcasecmp(prot, "SHA256")) { + s->securityAuthProto = usmHMAC192SHA256AuthProtocol; + s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid); -+ return true; ++ return 0; + } +#endif + @@ -92,7 +92,7 @@ index 69d6549405b17..f0917501751f5 100644 + if (!strcasecmp(prot, "SHA512")) { + s->securityAuthProto = usmHMAC384SHA512AuthProtocol; + s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid); -+ return true; ++ return 0; + } +#endif + @@ -111,7 +111,7 @@ index 69d6549405b17..f0917501751f5 100644 + smart_string_0(&err); + zend_value_error("%s", err.c); + smart_string_free(&err); -+ return false; ++ return -1; } /* }}} */ diff --git a/SOURCES/php-8.0.10-systzdata-v20.patch b/SOURCES/php-8.0.10-systzdata-v21.patch similarity index 86% rename from SOURCES/php-8.0.10-systzdata-v20.patch rename to SOURCES/php-8.0.10-systzdata-v21.patch index 5b0d84b..779f538 100644 --- a/SOURCES/php-8.0.10-systzdata-v20.patch +++ b/SOURCES/php-8.0.10-systzdata-v21.patch @@ -5,6 +5,7 @@ Add support for use of the system timezone database, rather than embedding a copy. Discussed upstream but was not desired. History: +r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi r20: adapt for timelib 2020.03 (in 8.0.10RC1) r19: adapt for timelib 2020.02 (in 8.0.0beta2) r18: adapt for autotool change in 7.3.3RC1 @@ -31,9 +32,10 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert) r2: add filesystem trawl to set up name alias index r1: initial revision -diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4 ---- ./ext/date/config0.m4.systzdata 2021-08-10 11:35:28.000000000 +0200 -+++ ./ext/date/config0.m4 2021-08-10 12:09:41.067003517 +0200 +diff --git a/ext/date/config0.m4 b/ext/date/config0.m4 +index 20e4164aaa..a61243646d 100644 +--- a/ext/date/config0.m4 ++++ b/ext/date/config0.m4 @@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h]) dnl Check for strtoll, atoll AC_CHECK_FUNCS(strtoll atoll) @@ -54,9 +56,10 @@ diff -up ./ext/date/config0.m4.systzdata ./ext/date/config0.m4 PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1" timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c" -diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c ---- ./ext/date/lib/parse_tz.c.systzdata 2021-08-10 11:35:28.000000000 +0200 -+++ ./ext/date/lib/parse_tz.c 2021-08-10 12:12:13.191605207 +0200 +diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c +index e9bd0f136d..c04ff01adc 100644 +--- a/ext/date/lib/parse_tz.c ++++ b/ext/date/lib/parse_tz.c @@ -26,8 +26,21 @@ #include "timelib.h" #include "timelib_private.h" @@ -79,7 +82,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__)) # if defined(__LITTLE_ENDIAN__) -@@ -94,6 +107,11 @@ static int read_php_preamble(const unsig +@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz) { uint32_t version; @@ -91,7 +94,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c /* read ID */ version = (*tzf)[3] - '0'; *tzf += 4; -@@ -435,7 +453,429 @@ void timelib_dump_tzinfo(timelib_tzinfo +@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz) } } @@ -322,6 +325,44 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c +} + + ++/* Retrieve tzdata version. */ ++static void retrieve_zone_version(timelib_tzdb *db) ++{ ++ static char buf[30]; ++ char path[PATH_MAX]; ++ FILE *fp; ++ ++ strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path)); ++ ++ fp = fopen(path, "r"); ++ if (fp) { ++ if (fgets(buf, sizeof(buf), fp)) { ++ if (!memcmp(buf, "# version ", 10) && ++ isdigit(buf[10]) && ++ isdigit(buf[11]) && ++ isdigit(buf[12]) && ++ isdigit(buf[13]) && ++ islower(buf[14])) { ++ if (buf[14] >= 't') { /* 2022t = 2022.20 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 't' + '0'; ++ buf[15] = '2'; ++ } else if (buf[14] >= 'j') { /* 2022j = 2022.10 */ ++ buf[17] = 0; ++ buf[16] = buf[14] - 'j' + '0'; ++ buf[15] = '1'; ++ } else { /* 2022a = 2022.1 */ ++ buf[16] = 0; ++ buf[15] = buf[14] - 'a' + '1'; ++ } ++ buf[14] = '.'; ++ db->version = buf+10; ++ } ++ } ++ fclose(fp); ++ } ++} ++ +/* Create the zone identifier index by trawling the filesystem. */ +static void create_zone_index(timelib_tzdb *db) +{ @@ -522,7 +563,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c { int left = 0, right = tzdb->index_size - 1; -@@ -461,9 +901,48 @@ static int seek_to_tz_position(const uns +@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, return 0; } @@ -559,6 +600,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c + tmp->version = "0.system"; + tmp->data = NULL; + create_zone_index(tmp); ++ retrieve_zone_version(tmp); + system_location_table = create_location_table(); + fake_data_segment(tmp, system_location_table); + timezonedb_system = tmp; @@ -571,7 +613,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count) -@@ -475,7 +954,30 @@ const timelib_tzdb_index_entry *timelib_ +@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_ int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb) { const unsigned char *tzf; @@ -603,7 +645,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz) -@@ -517,6 +1019,8 @@ static timelib_tzinfo* timelib_tzinfo_ct +@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name) timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code) { const unsigned char *tzf; @@ -612,7 +654,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c timelib_tzinfo *tmp; int version; int transitions_result, types_result; -@@ -524,7 +1028,7 @@ timelib_tzinfo *timelib_parse_tzfile(con +@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t *error_code = TIMELIB_ERROR_NO_ERROR; @@ -621,7 +663,7 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c tmp = timelib_tzinfo_ctor(timezone); version = read_preamble(&tzf, tmp, &type); -@@ -563,11 +1067,36 @@ timelib_tzinfo *timelib_parse_tzfile(con +@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t } skip_posix_string(&tzf, tmp); @@ -658,3 +700,19 @@ diff -up ./ext/date/lib/parse_tz.c.systzdata ./ext/date/lib/parse_tz.c } else { *error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE; tmp = NULL; +diff --git a/ext/date/php_date.c b/ext/date/php_date.c +index 2d5cffb963..389f09f313 100644 +--- a/ext/date/php_date.c ++++ b/ext/date/php_date.c +@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date) + php_info_print_table_row(2, "date/time support", "enabled"); + php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION); + php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version); ++#ifdef HAVE_SYSTEM_TZDATA ++ php_info_print_table_row(2, "Timezone Database", "system"); ++#else + php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal"); ++#endif + php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb)); + php_info_print_table_end(); + diff --git a/SOURCES/php-8.0.13.tar.xz.asc b/SOURCES/php-8.0.13.tar.xz.asc deleted file mode 100644 index 009e606..0000000 --- a/SOURCES/php-8.0.13.tar.xz.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQJEBAABCgAuFiEEFyn4OTjaROJ7oPTT29s5dHDRIXIFAmGUGpcQHHBvbGxpdGFA -cGhwLm5ldAAKCRDb2zl0cNEhcuMrD/9c6os7ZNv/cS5I3arv5jvMvogp+ROkHNcd -NPB+JOjIDVOReKEWYImwhJv2/tD7VdItJTA7drHK8n419nGq0qywyyQuu6aRgUTF -d2hE4+49fnQjcwZ+Bz/tM2maJ5jy0yZN6lkdBkO8lOXUAEqwPvdaZUl3mjrgPI5k -MYXidRBvNcioNqHOVkYZ9wzsuGiN81TBU/MreEPBMcaht5agautVw9XMnqJ13pZB -jnJxCgWUggvpu8KPKNCtTWOVlegkUqi13+GO6J9U2fEYb7be8edMXlTaJWXZkd9H -VlKlN+/4eXvcRQxzhmxilDpZfYhvmivj/34r3Ox1JYBHS59VCFztMLl4+7cl7D/y -z/L7U6xHlxW0O2xa6XM1SSUxxIRw8De+2FkFuWCWAkMxJefBqy+fb9jSGqB/gxys -T2vQdMvswMp0LPmhYjwOyvNXc3TCvPIRxyvdtRqMaAe3IUqkA+B81QTB2kzNPJz3 -8L5t5FR5fLFuIgUGkdE7odStCakriJjsyNRAuSTzJ/X4UzMmUI7cMWpPuJ2PKzBl -ecK6DB9wBGNQfm4mvlS1vtov4XDGPRmZNx+hnad8seJpGLQ/7kAwbw9XMcvPcOkU -QfI8IZbSSF7et2Dwup8YrWRG8RrJY5MI4I5xGKYQD/WoygS9yLLrqy+kapo0ajYy -0bqxeMLb9g== -=+AGI ------END PGP SIGNATURE----- diff --git a/SOURCES/php-8.0.20.tar.xz.asc b/SOURCES/php-8.0.20.tar.xz.asc new file mode 100644 index 0000000..ef50495 --- /dev/null +++ b/SOURCES/php-8.0.20.tar.xz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJEBAABCgAuFiEEFyn4OTjaROJ7oPTT29s5dHDRIXIFAmKf85UQHHBvbGxpdGFA +cGhwLm5ldAAKCRDb2zl0cNEhck+gEAC/LtjNXwNKHtE3M/mj8cYKIq3nJ1eOI7lD +9NBz+hUdMpH1RjtYqrEjflVWyLLRlqfa3ZtX9mlVEq1Z/+bUKR9a0OYyXOD1ZKYe +nt6m2exrt4ZgynTDiwZrpcoT+yM5qhKx8OhiiLSOREI7M3Zrf5tmxuCnrDTwWq4n +6KlbeGg4KMq1HsAir8BVXTMV5C9BSChkBFgZtc6I1Mw4WfeBByrxILEPi9EFj2jy +SSZBTUI/0sHKC1DAan1Ixdj5RAHWdpks8wAX5padQDDK+tytQLe92jQh1hD4scGE +PGwPKaJ9I4UyBleuGV2oAFIXANwwWs54zqjW9QezbXJFU5PLNNyViOGfeNRv75uN +jMOoi34/1egYpNM5OSHlLJi8Th1otvWmLqP/cSwRHFAjj9kp4g0kmKLNpOTxg/oo +DtpX70FxlQhhJEpjKbJ0GIJbjZuvVkMBx6j4VyjL/GP67o/eCWinyiKGpI8uU3mL +ihItvHydGoBgp3COYG3yVClHjWrJMsF4rABYn2VIbuF5nUQcPOc3v9ZlDvlIphQq +e+TOGGDPkkZpfk1Jc6uBo5gpfA6ubF7+OwLfcoXb/jB6MhZOjgR1gb0Li+9GhMS0 +s0o/jqk6ExhgzZ12KM7GqbW52tcEQA3eZEYbqTv3/WnurI9ijdzAmr/snXm8yZtS +m3t0XapP2Q== +=O/Ui +-----END PGP SIGNATURE----- diff --git a/SOURCES/php.conf b/SOURCES/php.conf index 8585837..639652b 100644 --- a/SOURCES/php.conf +++ b/SOURCES/php.conf @@ -19,15 +19,13 @@ DirectoryIndex index.php # # Redirect to local php-fpm (no mod_php in default configuration) # - - + # Enable http authorization headers SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1 SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost" - # @@ -36,7 +34,7 @@ DirectoryIndex index.php # # mod_php options # - + # # Cause the PHP interpreter to handle files with a .php extension. # diff --git a/SOURCES/php.modconf b/SOURCES/php.modconf index 6f678e6..e169f4a 100644 --- a/SOURCES/php.modconf +++ b/SOURCES/php.modconf @@ -11,4 +11,3 @@ - diff --git a/SPECS/php.spec b/SPECS/php.spec index 3cb6d5b..2fd094c 100644 --- a/SPECS/php.spec +++ b/SPECS/php.spec @@ -54,7 +54,7 @@ %global with_tidy 0 %endif -%global upver 8.0.13 +%global upver 8.0.20 #global rcver RC1 Summary: PHP scripting language for creating dynamic web sites @@ -100,7 +100,7 @@ Patch9: php-8.0.6-deprecated.patch # Functional changes # use system tzdata -Patch42: php-8.0.10-systzdata-v20.patch +Patch42: php-8.0.10-systzdata-v21.patch # See http://bugs.php.net/53436 Patch43: php-7.4.0-phpize.patch # Use -lldap_r for OpenLDAP @@ -142,6 +142,7 @@ BuildRequires: pkgconfig(zlib) >= 1.2.0.4 BuildRequires: smtpdaemon BuildRequires: pkgconfig(libedit) BuildRequires: pkgconfig(libpcre2-8) >= 10.30 +BuildRequires: pkgconfig(libxcrypt) BuildRequires: bzip2 BuildRequires: perl-interpreter BuildRequires: autoconf @@ -715,7 +716,7 @@ in pure PHP. # Prevent %%doc confusion over LICENSE files -cp Zend/LICENSE Zend/ZEND_LICENSE +cp Zend/LICENSE ZEND_LICENSE cp TSRM/LICENSE TSRM_LICENSE cp sapi/fpm/LICENSE fpm_LICENSE cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE @@ -1368,7 +1369,7 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %files common -f files.common %doc EXTENSIONS NEWS UPGRADING* README.REDIST.BINS *md docs -%license LICENSE TSRM_LICENSE +%license LICENSE TSRM_LICENSE ZEND_LICENSE %license libmagic_LICENSE %license timelib_LICENSE %doc php.ini-* @@ -1504,6 +1505,17 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog +* Mon Aug 1 2022 Remi Collet - 8.0.20-2 +- snmp3 calls using authPriv or authNoPriv immediately return false #2104630 + +* Wed Jul 20 2022 Remi Collet - 8.0.20-1 +- rebase to 8.0.20 #2100876 +- fix wrong mod_php configuration #2094728 + +* Wed Jun 22 2022 Remi Collet - 8.0.13-3 +- fix password of excessive length triggers buffer overflow leading to RCE + CVE-2022-31626 + * Tue Dec 14 2021 Remi Collet - 8.0.13-2 - refresh provided configuration from upstream