20 changed files with 625 additions and 802 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-SOURCES/php-7.2.24.tar.xz
+SOURCES/php-7.4.33.tar.xz
+SOURCES/php-keyring.gpg
--- a/.php.metadata
+++ b/.php.metadata
@ -1 +1,2 @@
-d31628bdc89a724a2a0950c2ed7d79b40cf489a7 SOURCES/php-7.2.24.tar.xz
+4d3152b2339332b4eef2c12931931d4a1245fdab SOURCES/php-7.4.33.tar.xz
+35368de1a0a6ffc21e7154b57cac461d99fba7c2 SOURCES/php-keyring.gpg
--- a/SOURCES/10-opcache.ini
+++ b/SOURCES/10-opcache.ini
@ -5,17 +5,17 @@ zend_extension=opcache
 opcache.enable=1

 ; Determines if Zend OPCache is enabled for the CLI version of PHP
-;opcache.enable_cli=0
+opcache.enable_cli=1

 ; The OPcache shared memory storage size.
-opcache.memory_consumption=128
+;opcache.memory_consumption=128

 ; The amount of memory for interned strings in Mbytes.
-opcache.interned_strings_buffer=8
+;opcache.interned_strings_buffer=8

 ; The maximum number of keys (scripts) in the OPcache hash table.
 ; Only numbers between 200 and 1000000 are allowed.
-opcache.max_accelerated_files=4000
+;opcache.max_accelerated_files=10000

 ; The maximum percentage of "wasted" memory until a restart is scheduled.
 ;opcache.max_wasted_percentage=5
@ -42,18 +42,15 @@ opcache.max_accelerated_files=4000
 ; size of the optimized code.
 ;opcache.save_comments=1

-; If enabled, a fast shutdown sequence is used for the accelerated code
-; Depending on the used Memory Manager this may cause some incompatibilities.
-;opcache.fast_shutdown=0
-
 ; Allow file existence override (file_exists, etc.) performance feature.
 ;opcache.enable_file_override=0

 ; A bitmask, where each bit enables or disables the appropriate OPcache
 ; passes
-;opcache.optimization_level=0xffffffff
+;opcache.optimization_level=0x7FFFBFFF

-;opcache.inherited_hack=1
+; This hack should only be enabled to work around "Cannot redeclare class"
+; errors.
 ;opcache.dups_fix=0

 ; The location of the OPcache blacklist file (wildcards allowed).
@ -112,6 +109,10 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
 ; cache is required.
 ;opcache.file_cache_fallback=1

+; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
+; This should improve performance, but requires appropriate OS configuration.
+opcache.huge_code_pages=0
+
 ; Validate cached file permissions.
 ; Leads OPcache to check file readability on each access to cached file.
 ; This directive should be enabled in shared hosting environment, when few
@ -124,7 +125,24 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
 ; different "chroot" environments.
 ;opcache.validate_root=0

-; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
-; This should improve performance, but requires appropriate OS configuration.
-opcache.huge_code_pages=0
+; If specified, it produces opcode dumps for debugging different stages of
+; optimizations.
+;opcache.opt_debug_level=0

+; Specifies a PHP script that is going to be compiled and executed at server
+; start-up.
+; http://php.net/opcache.preload
+;opcache.preload=
+
+; Preloading code as root is not allowed for security reasons. This directive
+; facilitates to let the preloading to be run as another user.
+; http://php.net/opcache.preload_user
+;opcache.preload_user=
+
+; Prevents caching files that are less than this number of seconds old. It
+; protects from caching of incompletely updated files. In case all file updates
+; on your site are atomic, you may increase performance by setting it to "0".
+;opcache.file_update_protection=2
+
+; Absolute path used to store shared lockfiles (for *nix only).
+;opcache.lockfile_path=/tmp
--- a/SOURCES/20-ffi.ini
+++ b/SOURCES/20-ffi.ini
@ -0,0 +1,13 @@
+; Enable ffi extension module
+extension=ffi
+
+; FFI API restriction. Possibe values:
+; "preload" - enabled in CLI scripts and preloaded files (default)
+; "false"   - always disabled
+; "true"    - always enabled
+;ffi.enable=preload
+
+; List of headers files to preload, wildcard patterns allowed.
+; /usr/share/php/preload used by for RPM packages
+; /usr/local/share/php/preload may be used for local files
+ffi.preload=/usr/share/php/preload/*.h:/usr/local/share/php/preload/*.h
--- a/SOURCES/php-5.3.0-recode.patch
+++ b/SOURCES/php-5.3.0-recode.patch
@ -1,17 +0,0 @@
-diff -up php-5.3.0beta1/ext/recode/config9.m4.recode php-5.3.0beta1/ext/recode/config9.m4
--- php-5.3.0beta1/ext/recode/config9.m4.recode	2008-12-02 00:30:21.000000000 +0100
-+++ php-5.3.0beta1/ext/recode/config9.m4	2009-02-28 09:46:50.000000000 +0100
-@@ -4,13 +4,6 @@ dnl
- 
- dnl Check for extensions with which Recode can not work
- if test "$PHP_RECODE" != "no"; then
-  test "$PHP_IMAP"  != "no" && recode_conflict="$recode_conflict imap"
-
-  if test -n "$MYSQL_LIBNAME"; then
-    PHP_CHECK_LIBRARY($MYSQL_LIBNAME, hash_insert, [
-      recode_conflict="$recode_conflict mysql"
-    ])
-  fi
- 
-   if test -n "$recode_conflict"; then
-     AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict])
--- a/SOURCES/php-7.2.4-dlopen.patch
+++ b/SOURCES/php-7.2.4-dlopen.patch
@ -1,30 +0,0 @@
-diff -up php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen php-7.2.4RC1/sapi/litespeed/lsapilib.c
--- php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen	2018-03-13 12:40:25.330885880 +0100
-+++ php-7.2.4RC1/sapi/litespeed/lsapilib.c	2018-03-13 12:41:35.797251042 +0100
-@@ -755,7 +755,7 @@ static int (*fp_lve_leave)(struct liblve
- static int (*fp_lve_jail)( struct passwd *, char *) = NULL;
- static int lsapi_load_lve_lib(void)
- {
-    s_liblve = dlopen("liblve.so.0", RTLD_LAZY);
-+    s_liblve = dlopen("liblve.so.0", RTLD_NOW);
-     if (s_liblve)
-     {
-         fp_lve_is_available = dlsym(s_liblve, "lve_is_available");
-diff -up php-7.2.4RC1/Zend/zend_portability.h.dlopen php-7.2.4RC1/Zend/zend_portability.h
--- php-7.2.4RC1/Zend/zend_portability.h.dlopen	2018-03-13 12:33:38.000000000 +0100
-+++ php-7.2.4RC1/Zend/zend_portability.h	2018-03-13 12:40:25.330885880 +0100
-@@ -144,11 +144,11 @@
- # endif
- 
- # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT)
-#  define DL_LOAD(libname)			dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT)
-+#  define DL_LOAD(libname)			dlopen(libname, RTLD_NOW  | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT)
- # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__)
-#  define DL_LOAD(libname)			dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_DEEPBIND)
-+#  define DL_LOAD(libname)			dlopen(libname, RTLD_NOW  | RTLD_GLOBAL | RTLD_DEEPBIND)
- # else
-#  define DL_LOAD(libname)			dlopen(libname, RTLD_LAZY | RTLD_GLOBAL)
-+#  define DL_LOAD(libname)			dlopen(libname, RTLD_NOW  | RTLD_GLOBAL)
- # endif
- # define DL_UNLOAD					dlclose
- # if defined(DLSYM_NEEDS_UNDERSCORE)
--- a/SOURCES/php-7.2.4-fixheader.patch
+++ b/SOURCES/php-7.2.4-fixheader.patch
@ -1,12 +0,0 @@
-diff -up php-7.2.4RC1/configure.ac.fixheader php-7.2.4RC1/configure.ac
--- php-7.2.4RC1/configure.ac.fixheader	2018-03-13 12:42:47.594623100 +0100
-+++ php-7.2.4RC1/configure.ac	2018-03-13 12:43:35.591871825 +0100
-@@ -1275,7 +1275,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d`
- fi
- AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date])
- 
-PHP_UNAME=`uname -a | xargs`
-+PHP_UNAME=`uname | xargs`
- AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output])
- PHP_OS=`uname | xargs`
- AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output])
--- a/SOURCES/php-7.2.7-getallheaders.patch
+++ b/SOURCES/php-7.2.7-getallheaders.patch
@ -1,280 +0,0 @@
-Adapted for 7.2.7 from 7.3 by remi
-
-
-From 0ea4013f101d64fbeb9221260b36e98f10ed1ddd Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 4 Jul 2018 08:48:38 +0200
-Subject: [PATCH] Fixed bug #62596 add getallheaders (apache_request_headers)
- missing function in FPM add sapi_add_request_header in public API (was
- add_request_header) fix arginfo for fastcgi_finish_request fucntion
-
---
- main/SAPI.c                       | 50 +++++++++++++++++++++++++++++
- main/SAPI.h                       |  1 +
- sapi/cgi/cgi_main.c               | 51 +----------------------------
- sapi/fpm/fpm/fpm_main.c           | 25 ++++++++++++++-
- sapi/fpm/tests/getallheaders.phpt | 67 +++++++++++++++++++++++++++++++++++++++
- 5 files changed, 143 insertions(+), 51 deletions(-)
- create mode 100644 sapi/fpm/tests/getallheaders.phpt
-
-diff --git a/main/SAPI.c b/main/SAPI.c
-index b6c3329..7e0c7c8 100644
--- a/main/SAPI.c
-+++ b/main/SAPI.c
-@@ -1104,6 +1104,56 @@ SAPI_API void sapi_terminate_process(void) {
- 	}
- }
- 
-+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */
-+{
-+	zval *return_value = (zval*)arg;
-+	char *str = NULL;
-+
-+	ALLOCA_FLAG(use_heap)
-+
-+	if (var_len > 5 &&
-+	    var[0] == 'H' &&
-+	    var[1] == 'T' &&
-+	    var[2] == 'T' &&
-+	    var[3] == 'P' &&
-+	    var[4] == '_') {
-+
-+		char *p;
-+
-+		var_len -= 5;
-+		p = var + 5;
-+		var = str = do_alloca(var_len + 1, use_heap);
-+		*str++ = *p++;
-+		while (*p) {
-+			if (*p == '_') {
-+				*str++ = '-';
-+				p++;
-+				if (*p) {
-+					*str++ = *p++;
-+				}
-+			} else if (*p >= 'A' && *p <= 'Z') {
-+				*str++ = (*p++ - 'A' + 'a');
-+			} else {
-+				*str++ = *p++;
-+			}
-+		}
-+		*str = 0;
-+	} else if (var_len == sizeof("CONTENT_TYPE")-1 &&
-+	           memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) {
-+		var = "Content-Type";
-+	} else if (var_len == sizeof("CONTENT_LENGTH")-1 &&
-+	           memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) {
-+		var = "Content-Length";
-+	} else {
-+		return;
-+	}
-+	add_assoc_stringl_ex(return_value, var, var_len, val, val_len);
-+	if (str) {
-+		free_alloca(var, use_heap);
-+	}
-+}
-+/* }}} */
-+
- /*
-  * Local variables:
-  * tab-width: 4
-diff --git a/main/SAPI.h b/main/SAPI.h
-index f829fd7..4b8e223 100644
--- a/main/SAPI.h
-+++ b/main/SAPI.h
-@@ -151,6 +151,7 @@ SAPI_API void sapi_shutdown(void);
- SAPI_API void sapi_activate(void);
- SAPI_API void sapi_deactivate(void);
- SAPI_API void sapi_initialize_empty_request(void);
-+SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg);
- END_EXTERN_C()
- 
- /*
-diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
-index 2e9cefe..350846d 100644
--- a/sapi/cgi/cgi_main.c
-+++ b/sapi/cgi/cgi_main.c
-@@ -1591,54 +1591,6 @@ PHP_FUNCTION(apache_child_terminate) /*
- }
- /* }}} */
- 
-static void add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */
-{
-	zval *return_value = (zval*)arg;
-	char *str = NULL;
-	char *p;
-	ALLOCA_FLAG(use_heap)
-
-	if (var_len > 5 &&
-	    var[0] == 'H' &&
-	    var[1] == 'T' &&
-	    var[2] == 'T' &&
-	    var[3] == 'P' &&
-	    var[4] == '_') {
-
-		var_len -= 5;
-		p = var + 5;
-		var = str = do_alloca(var_len + 1, use_heap);
-		*str++ = *p++;
-		while (*p) {
-			if (*p == '_') {
-				*str++ = '-';
-				p++;
-				if (*p) {
-					*str++ = *p++;
-				}
-			} else if (*p >= 'A' && *p <= 'Z') {
-				*str++ = (*p++ - 'A' + 'a');
-			} else {
-				*str++ = *p++;
-			}
-		}
-		*str = 0;
-	} else if (var_len == sizeof("CONTENT_TYPE")-1 &&
-	           memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) {
-		var = "Content-Type";
-	} else if (var_len == sizeof("CONTENT_LENGTH")-1 &&
-	           memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) {
-		var = "Content-Length";
-	} else {
-		return;
-	}
-	add_assoc_stringl_ex(return_value, var, var_len, val, val_len);
-	if (str) {
-		free_alloca(var, use_heap);
-	}
-}
-/* }}} */
-
- PHP_FUNCTION(apache_request_headers) /* {{{ */
- {
- 	if (zend_parse_parameters_none()) {
-@@ -1648,7 +1600,7 @@ PHP_FUNCTION(apache_request_headers) /*
- 	if (fcgi_is_fastcgi()) {
- 		fcgi_request *request = (fcgi_request*) SG(server_context);
- 
-		fcgi_loadenv(request, add_request_header, return_value);
-+		fcgi_loadenv(request, sapi_add_request_header, return_value);
- 	} else {
- 		char buf[128];
- 		char **env, *p, *q, *var, *val, *t = buf;
-diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
-index 3256660..e815be4 100644
--- a/sapi/fpm/fpm/fpm_main.c
-+++ b/sapi/fpm/fpm/fpm_main.c
-@@ -1533,6 +1533,10 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */
- {
- 	fcgi_request *request = (fcgi_request*) SG(server_context);
- 
-+	if (zend_parse_parameters_none() == FAILURE) {
-+		return;
-+	}
-+
- 	if (!fcgi_is_closed(request)) {
- 		php_output_end_all();
- 		php_header();
-@@ -1547,8 +1551,27 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */
- }
- /* }}} */
- 
-+ZEND_BEGIN_ARG_INFO(cgi_fcgi_sapi_no_arginfo, 0)
-+ZEND_END_ARG_INFO()
-+
-+PHP_FUNCTION(apache_request_headers) /* {{{ */
-+{
-+	fcgi_request *request;
-+
-+	if (zend_parse_parameters_none() == FAILURE) {
-+		return;
-+	}
-+
-+	array_init(return_value);
-+	if ((request = (fcgi_request*) SG(server_context))) {
-+		fcgi_loadenv(request, sapi_add_request_header, return_value);
-+	}
-+} /* }}} */
-+
- static const zend_function_entry cgi_fcgi_sapi_functions[] = {
-	PHP_FE(fastcgi_finish_request,              NULL)
-+	PHP_FE(fastcgi_finish_request,                    cgi_fcgi_sapi_no_arginfo)
-+	PHP_FE(apache_request_headers,                    cgi_fcgi_sapi_no_arginfo)
-+	PHP_FALIAS(getallheaders, apache_request_headers, cgi_fcgi_sapi_no_arginfo)
- 	PHP_FE_END
- };
- 
-diff --git a/sapi/fpm/tests/getallheaders.phpt b/sapi/fpm/tests/getallheaders.phpt
-new file mode 100644
-index 0000000..b41f1c6
--- /dev/null
-+++ b/sapi/fpm/tests/getallheaders.phpt
-@@ -0,0 +1,67 @@
-+--TEST--
-+FPM: Function getallheaders basic test
-+--SKIPIF--
-+<?php include "skipif.inc"; ?>
-+--FILE--
-+<?php
-+
-+require_once "tester.inc";
-+
-+$cfg = <<<EOT
-+[global]
-+error_log = {{FILE:LOG}}
-+[unconfined]
-+listen = {{ADDR}}
-+pm = dynamic
-+pm.max_children = 5
-+pm.start_servers = 1
-+pm.min_spare_servers = 1
-+pm.max_spare_servers = 3
-+EOT;
-+
-+$code = <<<EOT
-+<?php
-+echo "Test Start\n";
-+var_dump(getallheaders());
-+echo "Test End\n";
-+EOT;
-+
-+$headers = [];
-+$tester = new FPM\Tester($cfg, $code);
-+$tester->start();
-+$tester->expectLogStartNotices();
-+$tester->request(
-+		'', 
-+		[
-+			'HTTP_X_FOO' => 'BAR',
-+			'HTTP_FOO'   => 'foo'
-+		]
-+	)->expectBody(
-+		[
-+			'Test Start',
-+			'array(4) {',
-+			'  ["Foo"]=>',
-+			'  string(3) "foo"',
-+			'  ["X-Foo"]=>',
-+			'  string(3) "BAR"',
-+			'  ["Content-Length"]=>',
-+			'  string(1) "0"',
-+			'  ["Content-Type"]=>',
-+			'  string(0) ""',
-+			'}',
-+			'Test End',
-+		]
-+	);
-+$tester->terminate();
-+$tester->expectLogTerminatingNotices();
-+$tester->close();
-+
-+?>
-+Done
-+--EXPECT--
-+Done
-+--CLEAN--
-+<?php
-+require_once "tester.inc";
-+FPM\Tester::clean();
-+?>
-- 
-2.1.4
-
--- a/SOURCES/php-7.2.16-systzdata-v17.patch
+++ b/SOURCES/php-7.2.16-systzdata-v17.patch
@ -5,7 +5,9 @@ Add support for use of the system timezone database, rather
 than embedding a copy.  Discussed upstream but was not desired.

 History:
-r17: adapt for autotool change in 7.2.16RC1
+r19: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
+r18: adapt for autotool change in 7.3.3RC1
+r17: adapt for timelib 2018.01 (in 7.3.2RC1)
 r16: adapt for timelib 2017.06 (in 7.2.3RC1)
 r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1)
 r14: improve check for valid tz file
@ -28,10 +30,11 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
 r2: add filesystem trawl to set up name alias index
 r1: initial revision

-diff -up php-7.2.16RC1/ext/date/config0.m4.systzdata php-7.2.16RC1/ext/date/config0.m4
--- php-7.2.16RC1/ext/date/config0.m4.systzdata	2019-02-19 11:22:22.223741585 +0100
-+++ php-7.2.16RC1/ext/date/config0.m4	2019-02-19 11:23:05.089111556 +0100
-@@ -10,6 +10,19 @@ io.h
+diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
+index 20e4164aaa..a61243646d 100644
+--- a/ext/date/config0.m4
+++ b/ext/date/config0.m4
+@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
 dnl Check for strtoll, atoll
 AC_CHECK_FUNCS(strtoll atoll)
 
@ -51,10 +54,11 @@ diff -up php-7.2.16RC1/ext/date/config0.m4.systzdata php-7.2.16RC1/ext/date/conf
 PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
 timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
                  lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
-diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/lib/parse_tz.c
--- php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata	2019-02-19 11:13:22.000000000 +0100
-+++ php-7.2.16RC1/ext/date/lib/parse_tz.c	2019-02-19 11:19:40.245313535 +0100
-@@ -25,8 +25,21 @@
+diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
+index 020da3135e..12e68ef043 100644
+--- a/ext/date/lib/parse_tz.c
+++ b/ext/date/lib/parse_tz.c
+@@ -26,8 +26,21 @@
 #include "timelib.h"
 #include "timelib_private.h"
 
@ -76,7 +80,7 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 
 #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
 # if defined(__LITTLE_ENDIAN__)
-@@ -67,6 +80,11 @@ static int read_php_preamble(const unsig
+@@ -88,6 +101,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
 {
 	uint32_t version;
 
@ -88,7 +92,7 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 	/* read ID */
 	version = (*tzf)[3] - '0';
 	*tzf += 4;
-@@ -374,7 +392,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
+@@ -412,7 +430,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
 	}
 }
 
@ -319,6 +323,44 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 +}
 +
 +
+/* Retrieve tzdata version. */
+static void retrieve_zone_version(timelib_tzdb *db)
+{
+    static char buf[30];
+    char path[PATH_MAX];
+    FILE *fp;
+
+    strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path));
+
+    fp = fopen(path, "r");
+    if (fp) {
+		if (fgets(buf, sizeof(buf), fp)) {
+			if (!memcmp(buf, "# version ", 10) &&
+				isdigit(buf[10]) &&
+				isdigit(buf[11]) &&
+				isdigit(buf[12]) &&
+				isdigit(buf[13]) &&
+				islower(buf[14])) {
+				if (buf[14] >= 't') {        /* 2022t = 2022.20 */
+					buf[17] = 0;
+					buf[16] = buf[14] - 't' + '0';
+					buf[15] = '2';
+				} else if (buf[14] >= 'j') { /* 2022j = 2022.10 */
+					buf[17] = 0;
+					buf[16] = buf[14] - 'j' + '0';
+					buf[15] = '1';
+				} else {                     /* 2022a = 2022.1  */
+					buf[16] = 0;
+					buf[15] = buf[14] - 'a' + '1';
+				}
+				buf[14] = '.';
+				db->version = buf+10;
+			}
+		}
+		fclose(fp);
+    }
+}
+
 +/* Create the zone identifier index by trawling the filesystem. */
 +static void create_zone_index(timelib_tzdb *db)
 +{
@ -519,7 +561,7 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 {
 	int left = 0, right = tzdb->index_size - 1;
 
-@@ -400,9 +840,48 @@ static int seek_to_tz_position(const uns
+@@ -438,9 +916,49 @@ static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const
 	return 0;
 }
 
@ -556,6 +598,7 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 +		tmp->version = "0.system";
 +		tmp->data = NULL;
 +		create_zone_index(tmp);
+		retrieve_zone_version(tmp);
 +		system_location_table = create_location_table();
 +		fake_data_segment(tmp, system_location_table);
 +		timezonedb_system = tmp;
@ -568,7 +611,7 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 }
 
 const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
-@@ -414,7 +893,30 @@ const timelib_tzdb_index_entry *timelib_
+@@ -452,7 +970,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
 int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb)
 {
 	const unsigned char *tzf;
@ -600,7 +643,7 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 }
 
 static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
-@@ -456,12 +958,14 @@ static timelib_tzinfo* timelib_tzinfo_ct
+@@ -494,12 +1035,14 @@ static timelib_tzinfo* timelib_tzinfo_ctor(char *name)
 timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, int *error_code)
 {
 	const unsigned char *tzf;
@ -616,11 +659,10 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 		tmp = timelib_tzinfo_ctor(timezone);
 
 		version = read_preamble(&tzf, tmp, &type);
-@@ -484,6 +988,29 @@ timelib_tzinfo *timelib_parse_tzfile(cha
- 			timelib_tzinfo_dtor(tmp);
- 			return NULL;
+@@ -534,11 +1077,36 @@ timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, i
 		}
-+
+ 		skip_posix_string(&tzf, tmp);
+ 
 +#ifdef HAVE_SYSTEM_TZDATA
 +		if (memmap) {
 +			const struct location_info *li;
@ -643,10 +685,8 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 +			munmap(memmap, maplen);
 +		} else {
 +#endif
- 		if (version == 2 || version == 3) {
- 			if (!skip_64bit_preamble(&tzf, tmp)) {
- 				/* 64 bit preamble is not in place */
-@@ -501,6 +1028,9 @@ timelib_tzinfo *timelib_parse_tzfile(cha
+ 		if (type == TIMELIB_TZINFO_PHP) {
+ 			read_location(&tzf, tmp);
 		} else {
 			set_default_location_and_comments(&tzf, tmp);
 		}
@ -656,3 +696,19 @@ diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/
 	} else {
 		*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
 		tmp = NULL;
+diff --git a/ext/date/php_date.c b/ext/date/php_date.c
+index e1a427c5ca..465906fa2b 100644
+--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
+@@ -951,7 +951,11 @@ PHP_MINFO_FUNCTION(date)
+ 	php_info_print_table_row(2, "date/time support", "enabled");
+ 	php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION);
+ 	php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version);
+#ifdef HAVE_SYSTEM_TZDATA
+	php_info_print_table_row(2, "Timezone Database", "system");
+#else
+ 	php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal");
+#endif
+ 	php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb));
+ 	php_info_print_table_end();
+ 
--- a/SOURCES/php-7.4.0-embed.patch
+++ b/SOURCES/php-7.4.0-embed.patch
@ -1,6 +1,6 @@
 --- php-5.6.3/sapi/embed/config.m4.embed
 +++ php-5.6.3/sapi/embed/config.m4
-@@ -12,7 +12,8 @@ if test "$PHP_EMBED" != "no"; then
+@@ -11,7 +11,8 @@ if test "$PHP_EMBED" != "no"; then
   case "$PHP_EMBED" in
     yes|shared)
       PHP_EMBED_TYPE=shared
@ -18,7 +18,7 @@ diff -up php-5.5.30/scripts/php-config.in.old php-5.5.30/scripts/php-config.in
 php_cgi_binary=NONE
 configure_options="@CONFIGURE_OPTIONS@"
 -php_sapis="@PHP_INSTALLED_SAPIS@"
-+php_sapis="apache2handler embed fpm @PHP_INSTALLED_SAPIS@"
+php_sapis="apache2handler fpm phpdbg @PHP_INSTALLED_SAPIS@"
+ ini_dir="@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@"
+ ini_path="@EXPANDED_PHP_CONFIG_FILE_PATH@"
 
- # Set php_cli_binary and php_cgi_binary if available
- for sapi in $php_sapis; do
--- a/SOURCES/php-7.4.0-httpd.patch
+++ b/SOURCES/php-7.4.0-httpd.patch
@ -5,10 +5,9 @@ mod_php is build twice
 - as ZTS using --enable-maintainer-zts

 diff --git a/sapi/apache2handler/config.m4 b/sapi/apache2handler/config.m4
-index 2e64b21..ec4799f 100644
 --- a/sapi/apache2handler/config.m4
 +++ b/sapi/apache2handler/config.m4
-@@ -116,17 +116,6 @@ if test "$PHP_APXS2" != "no"; then
+@@ -105,17 +105,6 @@ if test "$PHP_APXS2" != "no"; then
     ;;
   esac
 
@ -18,7 +17,7 @@ index 2e64b21..ec4799f 100644
 -      PHP_BUILD_THREAD_SAFE
 -    fi
 -  else
-    APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'`
+-    APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'`
 -    if test -n "$APACHE_THREADED_MPM"; then
 -      PHP_BUILD_THREAD_SAFE
 -    fi
--- a/SOURCES/php-7.4.0-ldap_r.patch
+++ b/SOURCES/php-7.4.0-ldap_r.patch
@ -1,12 +1,12 @@

 Use -lldap_r by default.

-diff -up php-7.2.3RC1/ext/ldap/config.m4.ldap_r php-7.2.3RC1/ext/ldap/config.m4
--- php-7.2.3RC1/ext/ldap/config.m4.ldap_r	2018-02-14 06:05:11.553142812 +0100
-+++ php-7.2.3RC1/ext/ldap/config.m4	2018-02-14 06:07:31.179816122 +0100
-@@ -119,7 +119,11 @@ if test "$PHP_LDAP" != "no"; then
- 
-   MACHINE_INCLUDES=$($CC -dumpmachine)
+diff -up php-7.4.0RC2/ext/ldap/config.m4.ldap_r php-7.4.0RC2/ext/ldap/config.m4
+--- php-7.4.0RC2/ext/ldap/config.m4.ldap_r	2019-09-17 10:21:24.769200812 +0200
+++ php-7.4.0RC2/ext/ldap/config.m4	2019-09-17 10:21:30.658181771 +0200
+@@ -68,7 +68,11 @@ if test "$PHP_LDAP" != "no"; then
+   dnl -pc removal is a hack for clang
+   MACHINE_INCLUDES=$($CC -dumpmachine | $SED 's/-pc//')
 
 -  if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.a || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.$SHLIB_SUFFIX_NAME; then
 +  if test -f $LDAP_LIBDIR/libldap_r.$SHLIB_SUFFIX_NAME; then
--- a/SOURCES/php-7.2.12-phpize.patch
+++ b/SOURCES/php-7.2.12-phpize.patch
@ -1,7 +1,7 @@
-diff -up php-7.2.12RC1/scripts/phpize.in.headers php-7.2.12RC1/scripts/phpize.in
--- php-7.2.12RC1/scripts/phpize.in.headers	2018-10-23 11:47:43.000000000 +0200
-+++ php-7.2.12RC1/scripts/phpize.in	2018-10-23 11:49:51.651818777 +0200
-@@ -162,6 +162,15 @@ phpize_autotools()
+diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
+--- ./scripts/phpize.in.headers	2019-07-23 10:05:11.000000000 +0200
+++ ./scripts/phpize.in	2019-07-23 10:18:13.648098089 +0200
+@@ -165,6 +165,15 @@ phpize_autotools()
   $PHP_AUTOHEADER || exit 1
 }
 
@ -17,7 +17,7 @@ diff -up php-7.2.12RC1/scripts/phpize.in.headers php-7.2.12RC1/scripts/phpize.in
 # Main script
 
 case "$1" in
-@@ -180,12 +189,15 @@ case "$1" in
+@@ -183,12 +192,15 @@ case "$1" in
 
   # Version
   --version|-v)
--- a/SOURCES/php-7.4.33.tar.xz.asc
+++ b/SOURCES/php-7.4.33.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmNftBYACgkQkQ3rRvU+
+oxKEJw/7B1ynCpmaLJD9H8YB6YkRdaQ7s4jX10wHrCL2mYFcrViPokJUPHymQ4cG
+LYYLDxqhziH5a61ZE0QwBqDSthMuW6KHx4bod7DPXT2vb+wI4KGWWLLjRyb36QEU
+JWEYll0ITIy5SKLjQvQWz9Ti6NKs8fPDrty43rQYTXgHi4dnpC4iS1oS5bPQlozK
+d9yWoclOlsD1gQvJLfGmZkBhXMVc1ndDQAwQZexU0OGvy8qiSs3BNOwTrmwHlArr
+UQwBeuvQvoy7NvpMhBazkpt4VwxGx9iJkOKOBupHkqgnQRic9oFH4q1BsAoz/H27
+jy9A6Qkru7x/z9tzFxGvYRa9JYu3ci+C1kNFG3IjkHpzHM9HAS1/2sXrV2RLY8DO
+PagxuSt5/6fYhPTmb4msl/UWGHZlewuFP2HucnIqnCw4/PW/33bqiZpoh/vXT9CH
+1adgRptXeF5MHJH95m0OtRk1Mmw9vIRd0pU8GleJbW/ny5Ki4q+WxF3rb+QFRC4Z
+Mhi2trcicCNhGy2iD3bPhfCObPd9NW7csQorJUf/I7QBFZXFpVExK88axuwOwM5u
+pQA72mvFqRwhSSgMEL5U9RfLG1Is8zcnARs9BqoWtgP78sTPvqKzr2nJ3fzSfglS
+EQ40VNrGF4wsruOZf/Stx1v2ysrDHnZ+45Og0BxaRyfVBp+Q/70=
+=lvvn
+-----END PGP SIGNATURE-----
--- a/SOURCES/php-CVE-2022-31631.patch
+++ b/SOURCES/php-CVE-2022-31631.patch
@ -0,0 +1,52 @@
+From 7cb160efe19d3dfb8b92629805733ea186b55050 Mon Sep 17 00:00:00 2001
+From: "Christoph M. Becker" <cmbecker69@gmx.de>
+Date: Mon, 31 Oct 2022 17:20:23 +0100
+Subject: [PATCH] Fix #81740: PDO::quote() may return unquoted string
+
+`sqlite3_snprintf()` expects its first parameter to be `int`; we need
+to avoid overflow.
+
+(cherry picked from commit 921b6813da3237a83e908998483f46ae3d8bacba)
+---
+ ext/pdo_sqlite/sqlite_driver.c     |  3 +++
+ ext/pdo_sqlite/tests/bug81740.phpt | 17 +++++++++++++++++
+ 2 files changed, 20 insertions(+)
+ create mode 100644 ext/pdo_sqlite/tests/bug81740.phpt
+
+diff --git a/ext/pdo_sqlite/sqlite_driver.c b/ext/pdo_sqlite/sqlite_driver.c
+index 0595bd09fe..54f9d05e1e 100644
+--- a/ext/pdo_sqlite/sqlite_driver.c
+++ b/ext/pdo_sqlite/sqlite_driver.c
+@@ -233,6 +233,9 @@ static char *pdo_sqlite_last_insert_id(pdo_dbh_t *dbh, const char *name, size_t
+ /* NB: doesn't handle binary strings... use prepared stmts for that */
+ static int sqlite_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype )
+ {
+	if (unquotedlen > (INT_MAX - 3) / 2) {
+		return 0;
+	}
+ 	*quoted = safe_emalloc(2, unquotedlen, 3);
+ 	sqlite3_snprintf(2*unquotedlen + 3, *quoted, "'%q'", unquoted);
+ 	*quotedlen = strlen(*quoted);
+diff --git a/ext/pdo_sqlite/tests/bug81740.phpt b/ext/pdo_sqlite/tests/bug81740.phpt
+new file mode 100644
+index 0000000000..99fb07c304
+--- /dev/null
+++ b/ext/pdo_sqlite/tests/bug81740.phpt
+@@ -0,0 +1,17 @@
+--TEST--
+Bug #81740 (PDO::quote() may return unquoted string)
+--SKIPIF--
+<?php
+if (!extension_loaded('pdo_sqlite')) print 'skip not loaded';
+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
+?>
+--INI--
+memory_limit=-1
+--FILE--
+<?php
+$pdo = new PDO("sqlite::memory:");
+$string = str_repeat("a", 0x80000000);
+var_dump($pdo->quote($string));
+?>
+--EXPECT--
+bool(false)
--- a/SOURCES/php-fpm-www.conf
+++ b/SOURCES/php-fpm-www.conf
@ -1,5 +1,5 @@
 ; Start a new pool named 'www'.
-; the variable $pool can we used in any directive and will be replaced by the
+; the variable $pool can be used in any directive and will be replaced by the
 ; pool name ('www' here)
 [www]

@ -128,7 +128,7 @@ pm.min_spare_servers = 5
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
 pm.max_spare_servers = 35
- 
+
 ; The number of seconds after which an idle process will be killed.
 ; Note: Used only when pm is set to 'ondemand'
 ; Default Value: 10s
@ -238,7 +238,7 @@ pm.max_spare_servers = 35
 ;       may conflict with a real PHP file.
 ; Default Value: not set
 ;pm.status_path = /status
- 
+
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
 ; URI will be recognized as a ping page. This could be used to test from outside
 ; that FPM is alive and responding, or to
@ -255,7 +255,7 @@ pm.max_spare_servers = 35
 ; response is formatted as text/plain with a 200 response code.
 ; Default Value: pong
 ;ping.response = pong
- 
+
 ; The access log file
 ; Default: not set
 ;access.log = log/$pool.access.log
@ -330,22 +330,26 @@ slowlog = /var/log/php-fpm/www-slow.log
 ; Default Value: 0
 ;request_slowlog_timeout = 0

+; Depth of slow log stack trace.
+; Default Value: 20
+;request_slowlog_trace_depth = 20
+
 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 ;request_terminate_timeout = 0
- 
+
 ; Set open file descriptor rlimit.
 ; Default Value: system defined value
 ;rlimit_files = 1024
- 
+
 ; Set max core size rlimit.
 ; Possible Values: 'unlimited' or an integer greater or equal to 0
 ; Default Value: system defined value
 ;rlimit_core = 0
- 
+
 ; Chroot to this directory at the start. This value must be defined as an
 ; absolute path. When this value is not set, chroot is not used.
 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
@ -355,20 +359,20 @@ slowlog = /var/log/php-fpm/www-slow.log
 ;       possible. However, all PHP paths will be relative to the chroot
 ;       (error_log, sessions.save_path, ...).
 ; Default Value: not set
-;chroot = 
- 
+;chroot =
+
 ; Chdir to this directory at the start.
 ; Note: relative path can be used.
 ; Default Value: current directory or / when chroot
 ;chdir = /var/www
- 
+
 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
 ; Note: on highloaded environement, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
 ;catch_workers_output = yes
- 
+
 ; Clear environment in FPM workers
 ; Prevents arbitrary environment variables from reaching FPM worker processes
 ; by clearing the environment in workers before env vars specified in this
@ -381,7 +385,7 @@ slowlog = /var/log/php-fpm/www-slow.log
 ; Limits the extensions of the main script FPM will allow to parse. This can
 ; prevent configuration mistakes on the web server side. You should only limit
 ; FPM to .php extensions to prevent malicious users to use other extensions to
-; exectute php code.
+; execute php code.
 ; Note: set an empty value to allow all extensions.
 ; Default Value: .php
 ;security.limit_extensions = .php .php3 .php4 .php5 .php7
@ -399,7 +403,7 @@ slowlog = /var/log/php-fpm/www-slow.log
 ; overwrite the values previously defined in the php.ini. The directives are the
 ; same as the PHP SAPI:
 ;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'. 
+;                                    be overwritten from PHP call 'ini_set'.
 ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
 ;                                     PHP call 'ini_set'
 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
--- a/SOURCES/php-fpm.conf
+++ b/SOURCES/php-fpm.conf
@ -43,6 +43,24 @@ error_log = /var/log/php-fpm/error.log
 ; Default Value: notice
 ;log_level = notice

+; Log limit on number of characters in the single line (log entry). If the
+; line is over the limit, it is wrapped on multiple lines. The limit is for
+; all logged characters including message prefix and suffix if present. However
+; the new line character does not count into it as it is present only when
+; logging to a file descriptor. It means the new line character is not present
+; when logging to syslog.
+; Default Value: 1024
+;log_limit = 4096
+
+; Log buffering specifies if the log line is buffered which means that the
+; line is written in a single write operation. If the value is false, then the
+; data is written directly into the file descriptor. It is an experimental
+; option that can potentionaly improve logging performance and memory usage
+; for some heavy logging scenarios. This option is ignored if logging to syslog
+; as it has to be always buffered.
+; Default value: yes
+;log_buffering = no
+
 ; If this number of child processes exit with SIGSEGV or SIGBUS within the time
 ; interval set by emergency_restart_interval then FPM will restart. A value
 ; of '0' means 'Off'.
--- a/SOURCES/php.ini
+++ b/SOURCES/php.ini
@ -15,7 +15,7 @@
 ; 5. The web server's directory (for SAPI modules), or directory of PHP
 ; (otherwise in Windows)
 ; 6. The directory from the --with-config-file-path compile time option, or the
-; Windows directory (C:\windows or C:\winnt)
+; Windows directory (usually C:\windows)
 ; See the PHP docs for more specific information.
 ; http://php.net/configuration.file

@ -58,9 +58,9 @@
 ; An empty string can be denoted by simply not writing anything after the equal
 ; sign, or by using the None keyword:

-;  foo =         ; sets foo to an empty string
-;  foo = None    ; sets foo to an empty string
-;  foo = "None"  ; sets foo to the string 'None'
+; foo =         ; sets foo to an empty string
+; foo = None    ; sets foo to an empty string
+; foo = "None"  ; sets foo to the string 'None'

 ; If you use constants in your value, and these constants belong to a
 ; dynamically loaded extension (either a PHP extension or a Zend extension),
@ -83,7 +83,7 @@
 ; development version only in development environments, as errors shown to
 ; application users can inadvertently leak otherwise secure information.

-; This is php.ini-production INI file.
+; This is the php.ini-production INI file.

 ;;;;;;;;;;;;;;;;;;;
 ; Quick Reference ;
@ -108,11 +108,6 @@
 ;   Development Value: E_ALL
 ;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT

-; html_errors
-;   Default Value: On
-;   Development Value: On
-;   Production value: On
-
 ; log_errors
 ;   Default Value: Off
 ;   Development Value: On
@ -153,11 +148,6 @@
 ;   Development Value: Off
 ;   Production Value: Off

-; track_errors
-;   Default Value: Off
-;   Development Value: On
-;   Production Value: Off
-
 ; variables_order
 ;   Default Value: "EGPCS"
 ;   Development Value: "GPCS"
@ -169,7 +159,7 @@
 ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
 ;user_ini.filename = ".user.ini"

-; To disable this feature set this option to empty value
+; To disable this feature set this option to an empty value
 ;user_ini.filename =

 ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
@ -248,7 +238,7 @@ output_buffering = 4096
 ; Production Value: "form="
 ;url_rewriter.tags

-; URL rewriter will not rewrites absolute URL nor form by default. To enable
+; URL rewriter will not rewrite absolute URL nor form by default. To enable
 ; absolute URL rewrite, allowed hosts must be defined at RUNTIME.
 ; Refer to session.trans_sid_hosts for more details.
 ; Default Value: ""
@ -294,6 +284,13 @@ implicit_flush = Off
 ; callback-function.
 unserialize_callback_func =

+; The unserialize_max_depth specifies the default depth limit for unserialized
+; structures. Setting the depth limit too high may result in stack overflows
+; during unserialization. The unserialize_max_depth ini setting can be
+; overridden by the max_depth option on individual unserialize() calls.
+; A value of 0 disables the depth limit.
+;unserialize_max_depth = 4096
+
 ; When floats & doubles are serialized, store serialize_precision significant
 ; digits after the floating point. The default value ensures that when floats
 ; are decoded with unserialize, the data will remain the same.
@ -305,6 +302,7 @@ serialize_precision = -1
 ; open_basedir, if set, limits all file operations to the defined directory
 ; and below.  This directive makes most sense if used in a per-directory
 ; or per-virtualhost web server configuration file.
+; Note: disables the realpath cache
 ; http://php.net/open-basedir
 ;open_basedir =

@ -337,6 +335,7 @@ disable_classes =
 ; Determines the size of the realpath cache to be used by PHP. This value should
 ; be increased on systems where PHP opens many files to reflect the quantity of
 ; the file operations performed.
+; Note: if open_basedir is set, the cache is disabled
 ; http://php.net/realpath-cache-size
 ;realpath_cache_size = 4096k

@ -362,6 +361,12 @@ zend.enable_gc = On
 ; Default: ""
 ;zend.script_encoding =

+; Allows to include or exclude arguments from stack traces generated for exceptions
+; Default: Off
+; In production, it is recommended to turn this setting on to prohibit the output 
+; of sensitive information in stack traces
+zend.exception_ignore_args = On
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;
@ -397,7 +402,7 @@ max_input_time = 60
 ;max_input_nesting_level = 64

 ; How many GET/POST/COOKIE input variables may be accepted
-; max_input_vars = 1000
+;max_input_vars = 1000

 ; Maximum amount of memory a script may consume (128MB)
 ; http://php.net/memory-limit
@ -514,7 +519,7 @@ ignore_repeated_errors = Off
 ignore_repeated_source = Off

 ; If this parameter is set to Off, then memory leaks will not be shown (on
-; stdout or in the log). This has only effect in a debug compile, and if
+; stdout or in the log). This is only effective in a debug compile, and if
 ; error reporting includes E_WARNING in the allowed list
 ; http://php.net/report-memleaks
 report_memleaks = On
@ -543,11 +548,8 @@ report_memleaks = On
 ; error message as HTML for easier reading. This directive controls whether
 ; the error message is formatted as HTML or not.
 ; Note: This directive is hardcoded to Off for the CLI SAPI
-; Default Value: On
-; Development Value: On
-; Production value: On
 ; http://php.net/html-errors
-html_errors = On
+;html_errors = On

 ; If html_errors is set to On *and* docref_root is not empty, then PHP
 ; produces clickable error messages that direct to a page describing the error
@ -582,9 +584,29 @@ html_errors = On
 ; http://php.net/error-log
 ; Example:
 ;error_log = php_errors.log
-; Log errors to syslog.
+; Log errors to syslog (Event Log on Windows).
 ;error_log = syslog

+; The syslog ident is a string which is prepended to every message logged
+; to syslog. Only used when error_log is set to syslog.
+;syslog.ident = php
+
+; The syslog facility is used to specify what type of program is logging
+; the message. Only used when error_log is set to syslog.
+;syslog.facility = user
+
+; Set this to disable filtering control characters (the default).
+; Some loggers only accept NVT-ASCII, others accept anything that's not
+; control characters. If your logger accepts everything, then no filtering
+; is needed at all.
+; Allowed values are:
+;   ascii (all printable ASCII characters and NL)
+;   no-ctrl (all characters except control characters)
+;   all (all characters)
+;   raw (like "all", but messages are not split at newlines)
+; http://php.net/syslog.filter
+;syslog.filter = ascii
+
 ;windows.show_crt_warning
 ; Default value: 0
 ; Development value: 0
@ -652,7 +674,7 @@ register_argc_argv = Off
 ; first used (Just In Time) instead of when the script starts. If these
 ; variables are not used within a script, having this directive on will result
 ; in a performance gain. The PHP directive register_argc_argv must be disabled
-; for this directive to have any affect.
+; for this directive to have any effect.
 ; http://php.net/auto-globals-jit
 auto_globals_jit = On

@ -734,13 +756,13 @@ user_dir =

 ; Directory in which the loadable extensions (modules) reside.
 ; http://php.net/extension-dir
-; extension_dir = "./"
+;extension_dir = "./"
 ; On windows:
-; extension_dir = "ext"
+;extension_dir = "ext"

 ; Directory where the temporary files should be placed.
 ; Defaults to the system default (see sys_get_temp_dir)
-; sys_temp_dir = "/tmp"
+;sys_temp_dir = "/tmp"

 ; Whether or not to enable the dl() function.  The dl() function does NOT work
 ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
@ -777,10 +799,9 @@ enable_dl = Off

 ; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
 ; of the web tree and people will not be able to circumvent .htaccess security.
-; http://php.net/cgi.dicard-path
 ;cgi.discard_path=1

-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
+; FastCGI under IIS supports the ability to impersonate
 ; security tokens of the calling client.  This allows IIS to define the
 ; security context that the request runs under.  mod_fastcgi under Apache
 ; does not currently support this feature (03/17/2002)
@ -923,7 +944,7 @@ cli_server.color = On
 [iconv]
 ; Use of this INI entry is deprecated, use global input_encoding instead.
 ; If empty, default_charset or input_encoding or iconv.input_encoding is used.
-; The precedence is: default_charset < intput_encoding < iconv.input_encoding
+; The precedence is: default_charset < input_encoding < iconv.input_encoding
 ;iconv.input_encoding =

 ; Use of this INI entry is deprecated, use global internal_encoding instead.
@ -938,6 +959,13 @@ cli_server.color = On
 ; otherwise output encoding conversion cannot be performed.
 ;iconv.output_encoding =

+[imap]
+; rsh/ssh logins are disabled by default. Use this INI entry if you want to
+; enable them. Note that the IMAP library does not filter mailbox names before
+; passing them to rsh/ssh command, thus passing untrusted data to this function
+; with rsh/ssh enabled is insecure.
+;imap.enable_insecure_rsh=0
+
 [intl]
 ;intl.default_locale =
 ; This directive allows you to produce PHP errors when some error
@ -947,22 +975,33 @@ cli_server.color = On
 ;intl.use_exceptions = 0

 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =

+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+;sqlite3.defensive = 1
+
 [Pcre]
-;PCRE library backtracking limit.
+; PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
 ;pcre.backtrack_limit=100000

-;PCRE library recursion limit.
-;Please note that if you set this value to a high number you may consume all
-;the available process stack and eventually crash PHP (due to reaching the
-;stack size limit imposed by the Operating System).
+; PCRE library recursion limit.
+; Please note that if you set this value to a high number you may consume all
+; the available process stack and eventually crash PHP (due to reaching the
+; stack size limit imposed by the Operating System).
 ; http://php.net/pcre.recursion-limit
 ;pcre.recursion_limit=100000

-;Enables or disables JIT compilation of patterns. This requires the PCRE
-;library to be compiled with JIT support.
+; Enables or disables JIT compilation of patterns. This requires the PCRE
+; library to be compiled with JIT support.
 pcre.jit=0

 [Pdo]
@ -973,13 +1012,8 @@ pcre.jit=0
 ;pdo_odbc.db2_instance_name

 [Pdo_mysql]
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/pdo_mysql.cache_size
-pdo_mysql.cache_size = 2000
-
 ; Default socket name for local MySQL connects.  If empty, uses the built-in
 ; MySQL defaults.
-; http://php.net/pdo_mysql.default-socket
 pdo_mysql.default_socket=

 [Phar]
@ -1002,12 +1036,12 @@ sendmail_path = /usr/sbin/sendmail -t -i
 ;mail.force_extra_parameters =

 ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
-mail.add_x_header = On
+mail.add_x_header = Off

 ; The path to a log file that will log all mail() calls. Log entries include
 ; the full path of the script, line number, To address and headers.
 ;mail.log =
-; Log mail to syslog;
+; Log mail to syslog (Event Log on Windows).
 ;mail.log = syslog

 [ODBC]
@ -1051,39 +1085,6 @@ odbc.defaultlrl = 4096
 ; http://php.net/odbc.defaultbinmode
 odbc.defaultbinmode = 1

-;birdstep.max_links = -1
-
-[Interbase]
-; Allow or prevent persistent links.
-ibase.allow_persistent = 1
-
-; Maximum number of persistent links.  -1 means no limit.
-ibase.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent).  -1 means no limit.
-ibase.max_links = -1
-
-; Default database name for ibase_connect().
-;ibase.default_db =
-
-; Default username for ibase_connect().
-;ibase.default_user =
-
-; Default password for ibase_connect().
-;ibase.default_password =
-
-; Default charset for ibase_connect().
-;ibase.default_charset =
-
-; Default timestamp format.
-ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
-
-; Default date format.
-ibase.dateformat = "%Y-%m-%d"
-
-; Default time format.
-ibase.timeformat = "%H:%M:%S"
-
 [MySQLi]

 ; Maximum number of persistent links.  -1 means no limit.
@ -1102,10 +1103,6 @@ mysqli.allow_persistent = On
 ; http://php.net/mysqli.max-links
 mysqli.max_links = -1

-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/mysqli.cache_size
-mysqli.cache_size = 2000
-
 ; Default port number for mysqli_connect().  If unset, mysqli_connect() will use
 ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
 ; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
@ -1118,11 +1115,11 @@ mysqli.default_port = 3306
 ; http://php.net/mysqli.default-socket
 mysqli.default_socket =

-; Default host for mysql_connect() (doesn't apply in safe mode).
+; Default host for mysqli_connect() (doesn't apply in safe mode).
 ; http://php.net/mysqli.default-host
 mysqli.default_host =

-; Default user for mysql_connect() (doesn't apply in safe mode).
+; Default user for mysqli_connect() (doesn't apply in safe mode).
 ; http://php.net/mysqli.default-user
 mysqli.default_user =

@ -1140,12 +1137,10 @@ mysqli.reconnect = Off
 [mysqlnd]
 ; Enable / Disable collection of general statistics by mysqlnd which can be
 ; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_statistics
 mysqlnd.collect_statistics = On

 ; Enable / Disable collection of memory usage statistics by mysqlnd which can be
 ; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_memory_statistics
 mysqlnd.collect_memory_statistics = Off

 ; Records communication from all extensions using mysqlnd to the specified log
@ -1154,29 +1149,23 @@ mysqlnd.collect_memory_statistics = Off
 ;mysqlnd.debug =

 ; Defines which queries will be logged.
-; http://php.net/mysqlnd.log_mask
 ;mysqlnd.log_mask = 0

 ; Default size of the mysqlnd memory pool, which is used by result sets.
-; http://php.net/mysqlnd.mempool_default_size
 ;mysqlnd.mempool_default_size = 16000

 ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
-; http://php.net/mysqlnd.net_cmd_buffer_size
 ;mysqlnd.net_cmd_buffer_size = 2048

 ; Size of a pre-allocated buffer used for reading data sent by the server in
 ; bytes.
-; http://php.net/mysqlnd.net_read_buffer_size
 ;mysqlnd.net_read_buffer_size = 32768

 ; Timeout for network requests in seconds.
-; http://php.net/mysqlnd.net_read_timeout
 ;mysqlnd.net_read_timeout = 31536000

 ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
 ; key.
-; http://php.net/mysqlnd.sha256_server_public_key
 ;mysqlnd.sha256_server_public_key =

 [PostgreSQL]
@ -1255,10 +1244,11 @@ session.save_handler = files
 ;session.save_path = "/tmp"

 ; Whether to use strict session mode.
-; Strict session mode does not accept uninitialized session ID and regenerate
-; session ID if browser sends uninitialized session ID. Strict mode protects
-; applications from session fixation via session adoption vulnerability. It is
-; disabled by default for maximum compatibility, but enabling it is encouraged.
+; Strict session mode does not accept an uninitialized session ID, and
+; regenerates the session ID if the browser sends an uninitialized session ID.
+; Strict mode protects applications from session fixation via a session adoption
+; vulnerability. It is disabled by default for maximum compatibility, but
+; enabling it is encouraged.
 ; https://wiki.php.net/rfc/strict_sessions
 session.use_strict_mode = 0

@ -1296,11 +1286,17 @@ session.cookie_path = /
 ; http://php.net/session.cookie-domain
 session.cookie_domain =

-; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
+; Whether or not to add the httpOnly flag to the cookie, which makes it
+; inaccessible to browser scripting languages such as JavaScript.
 ; http://php.net/session.cookie-httponly
 session.cookie_httponly =

-; Handler used to serialize data.  php is the standard serializer of PHP.
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Lax" or "Strict"
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+session.cookie_samesite =
+
+; Handler used to serialize data. php is the standard serializer of PHP.
 ; http://php.net/session.serialize-handler
 session.serialize_handler = php

@ -1309,7 +1305,7 @@ session.serialize_handler = php
 ; gc_probability/gc_divisor. Where session.gc_probability is the numerator
 ; and gc_divisor is the denominator in the equation. Setting this value to 1
 ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request.
+; the gc will run on any given request.
 ; Default Value: 1
 ; Development Value: 1
 ; Production Value: 1
@ -1319,10 +1315,10 @@ session.gc_probability = 1
 ; Defines the probability that the 'garbage collection' process is started on every
 ; session initialization. The probability is calculated by using the following equation:
 ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
-; session.gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request. Increasing this value to 1000 will give you
-; a 0.1% chance the gc will run on any give request. For high volume production servers,
+; session.gc_divisor is the denominator in the equation. Setting this value to 100
+; when the session.gc_probability value is 1 will give you approximately a 1% chance
+; the gc will run on any given request. Increasing this value to 1000 will give you
+; a 0.1% chance the gc will run on any given request. For high volume production servers,
 ; this is a more efficient approach.
 ; Default Value: 100
 ; Development Value: 1000
@ -1373,7 +1369,7 @@ session.use_trans_sid = 0
 ; Set session ID character length. This value could be between 22 to 256.
 ; Shorter length than default is supported only for compatibility reason.
 ; Users should use 32 or more chars.
-; http://php.net/session.sid_length
+; http://php.net/session.sid-length
 ; Default Value: 32
 ; Development Value: 26
 ; Production Value: 26
@ -1392,7 +1388,7 @@ session.sid_length = 26
 session.trans_sid_tags = "a=href,area=href,frame=src,form="

 ; URL rewriter does not rewrite absolute URLs by default.
-; To enable rewrites for absolute pathes, target hosts must be specified
+; To enable rewrites for absolute paths, target hosts must be specified
 ; at RUNTIME. i.e. use ini_set()
 ; <form> tags is special. PHP will check action attribute's URL regardless
 ; of session.trans_sid_tags setting.
@ -1481,7 +1477,7 @@ zend.assertions = -1
 ; http://php.net/assert.active
 ;assert.active = On

-; Throw an AssertationException on failed assertions
+; Throw an AssertionError on failed assertions
 ; http://php.net/assert.exception
 ;assert.exception = On

@ -1517,9 +1513,9 @@ zend.assertions = -1

 ; Use of this INI entry is deprecated, use global input_encoding instead.
 ; http input encoding.
-; mbstring.encoding_traslation = On is needed to use this setting.
+; mbstring.encoding_translation = On is needed to use this setting.
 ; If empty, default_charset or input_encoding or mbstring.input is used.
-; The precedence is: default_charset < intput_encoding < mbsting.http_input
+; The precedence is: default_charset < input_encoding < mbsting.http_input
 ; http://php.net/mbstring.http-input
 ;mbstring.http_input =

@ -1571,6 +1567,16 @@ zend.assertions = -1
 ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
 ;mbstring.http_output_conv_mimetype=

+; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
+; to the pcre.recursion_limit for PCRE.
+; Default: 100000
+;mbstring.regex_stack_limit=100000
+
+; This directive specifies maximum retry count for mbstring regular expressions. It is similar
+; to the pcre.backtrack_limit for PCRE.
+; Default: 1000000
+;mbstring.regex_retry_limit=1000000
+
 [gd]
 ; Tell the jpeg decode to ignore warnings and try to create
 ; a gd image. The warning will then be displayed as notices
@ -1645,6 +1651,9 @@ ldap.max_links = -1
 [dba]
 ;dba.default_handler=

+[opcache]
+; see /etc/php.d/10-opcache.ini
+
 [curl]
 ; A default value for the CURLOPT_CAINFO option. This is required to be an
 ; absolute path.
@ -1668,6 +1677,5 @@ ldap.max_links = -1
 ; SSL stream context option.
 ;openssl.capath=

-; Local Variables:
-; tab-width: 4
-; End:
+[ffi]
+; see /etc/php.d/20-ffi.ini
--- a/SOURCES/php.ztsmodconf
+++ b/SOURCES/php.ztsmodconf
@ -1,7 +0,0 @@
-
-<IfModule !mod_php5.c>
-  <IfModule !prefork.c>
-    # ZTS module is not supported, so FPM is preferred
-    # LoadModule php7_module modules/libphp7-zts.so
-  </IfModule>
-</IfModule>
--- a/SPECS/php.spec
+++ b/SPECS/php.spec