.gitignore

@@ -1 +1 @@
-SOURCES/php-8.0.30.tar.xz
+SOURCES/php-7.2.24.tar.xz

.php.metadata

@@ -1 +1 @@
-f6d5137d6ce3e52b6d8a582e2990913f2807add4 SOURCES/php-8.0.30.tar.xz
+d31628bdc89a724a2a0950c2ed7d79b40cf489a7 SOURCES/php-7.2.24.tar.xz

SOURCES/10-opcache.ini

@@ -5,17 +5,17 @@ zend_extension=opcache
 opcache.enable=1
 
 ; Determines if Zend OPCache is enabled for the CLI version of PHP
-opcache.enable_cli=1
+;opcache.enable_cli=0
 
 ; The OPcache shared memory storage size.
-;opcache.memory_consumption=128
+opcache.memory_consumption=128
 
 ; The amount of memory for interned strings in Mbytes.
-;opcache.interned_strings_buffer=8
+opcache.interned_strings_buffer=8
 
 ; The maximum number of keys (scripts) in the OPcache hash table.
 ; Only numbers between 200 and 1000000 are allowed.
-;opcache.max_accelerated_files=10000
+opcache.max_accelerated_files=4000
 
 ; The maximum percentage of "wasted" memory until a restart is scheduled.
 ;opcache.max_wasted_percentage=5
@@ -42,20 +42,18 @@ opcache.enable_cli=1
 ; size of the optimized code.
 ;opcache.save_comments=1
 
-; If enabled, compilation warnings (including notices and deprecations) will
-; be recorded and replayed each time a file is included. Otherwise, compilation
-; warnings will only be emitted when the file is first cached.
-;opcache.record_warnings=0
+; If enabled, a fast shutdown sequence is used for the accelerated code
+; Depending on the used Memory Manager this may cause some incompatibilities.
+;opcache.fast_shutdown=0
 
 ; Allow file existence override (file_exists, etc.) performance feature.
 ;opcache.enable_file_override=0
 
 ; A bitmask, where each bit enables or disables the appropriate OPcache
 ; passes
-;opcache.optimization_level=0x7FFFBFFF
+;opcache.optimization_level=0xffffffff
 
-; This hack should only be enabled to work around "Cannot redeclare class"
-; errors.
+;opcache.inherited_hack=1
 ;opcache.dups_fix=0
 
 ; The location of the OPcache blacklist file (wildcards allowed).
@@ -114,10 +112,6 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
 ; cache is required.
 ;opcache.file_cache_fallback=1
 
-; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
-; This should improve performance, but requires appropriate OS configuration.
-opcache.huge_code_pages=0
-
 ; Validate cached file permissions.
 ; Leads OPcache to check file readability on each access to cached file.
 ; This directive should be enabled in shared hosting environment, when few
@@ -130,24 +124,7 @@ opcache.huge_code_pages=0
 ; different "chroot" environments.
 ;opcache.validate_root=0
 
-; If specified, it produces opcode dumps for debugging different stages of
-; optimizations.
-;opcache.opt_debug_level=0
+; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
+; This should improve performance, but requires appropriate OS configuration.
+opcache.huge_code_pages=0
 
-; Specifies a PHP script that is going to be compiled and executed at server
-; start-up.
-; http://php.net/opcache.preload
-;opcache.preload=
-
-; Preloading code as root is not allowed for security reasons. This directive
-; facilitates to let the preloading to be run as another user.
-; http://php.net/opcache.preload_user
-;opcache.preload_user=
-
-; Prevents caching files that are less than this number of seconds old. It
-; protects from caching of incompletely updated files. In case all file updates
-; on your site are atomic, you may increase performance by setting it to "0".
-;opcache.file_update_protection=2
-
-; Absolute path used to store shared lockfiles (for *nix only).
-;opcache.lockfile_path=/tmp

SOURCES/20-ffi.ini

@@ -1,13 +0,0 @@
-; Enable ffi extension module
-extension=ffi
-
-; FFI API restriction. Possibe values:
-; "preload" - enabled in CLI scripts and preloaded files (default)
-; "false"   - always disabled
-; "true"    - always enabled
-;ffi.enable=preload
-
-; List of headers files to preload, wildcard patterns allowed.
-; /usr/share/php/preload used by for RPM packages
-; /usr/local/share/php/preload may be used for local files
-ffi.preload=/usr/share/php/preload/*.h:/usr/local/share/php/preload/*.h

SOURCES/php-5.3.0-recode.patch

@@ -0,0 +1,17 @@
+diff -up php-5.3.0beta1/ext/recode/config9.m4.recode php-5.3.0beta1/ext/recode/config9.m4
+--- php-5.3.0beta1/ext/recode/config9.m4.recode	2008-12-02 00:30:21.000000000 +0100
++++ php-5.3.0beta1/ext/recode/config9.m4	2009-02-28 09:46:50.000000000 +0100
+@@ -4,13 +4,6 @@ dnl
+ 
+ dnl Check for extensions with which Recode can not work
+ if test "$PHP_RECODE" != "no"; then
+-  test "$PHP_IMAP"  != "no" && recode_conflict="$recode_conflict imap"
+-
+-  if test -n "$MYSQL_LIBNAME"; then
+-    PHP_CHECK_LIBRARY($MYSQL_LIBNAME, hash_insert, [
+-      recode_conflict="$recode_conflict mysql"
+-    ])
+-  fi
+ 
+   if test -n "$recode_conflict"; then
+     AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict])

SOURCES/php-5.6.3-datetests.patch

@@ -0,0 +1,23 @@
+--- a/ext/date/tests/bug66985.phpt	2014-10-30 07:32:03.297693403 +0100
++++ b/ext/date/tests/bug66985.phpt	2014-10-30 07:32:45.138877977 +0100
+@@ -3,7 +3,7 @@
+ --FILE--
+ <?php
+ $zones = array(
+-	"CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "Factory", "GB-Eire",
++	"CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "GB-Eire",
+ 	"GMT0", "Greenwich", "Hongkong", "Iceland", "Iran", "Israel", "Jamaica",
+ 	"Japan", "Kwajalein", "Libya", "MST7MDT", "Navajo", "NZ-CHAT", "Poland",
+ 	"Portugal", "PST8PDT", "Singapore", "Turkey", "Universal", "W-SU",
+@@ -45,11 +45,6 @@
+ )
+ DateTimeZone Object
+ (
+-    [timezone_type] => 3
+-    [timezone] => Factory
+-)
+-DateTimeZone Object
+-(
+     [timezone_type] => 3
+     [timezone] => GB-Eire
+ )

SOURCES/php-5.6.3-embed.patch

@@ -1,25 +1,24 @@
-diff -up ./sapi/embed/config.m4.embed ./sapi/embed/config.m4
---- ./sapi/embed/config.m4.embed	2020-07-07 13:51:05.879764972 +0200
-+++ ./sapi/embed/config.m4	2020-07-07 13:52:50.128412148 +0200
+--- php-5.6.3/sapi/embed/config.m4.embed
++++ php-5.6.3/sapi/embed/config.m4
 @@ -12,7 +12,8 @@ if test "$PHP_EMBED" != "no"; then
+   case "$PHP_EMBED" in
      yes|shared)
-       LIBPHP_CFLAGS="-shared"
        PHP_EMBED_TYPE=shared
 -      INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(prefix)/lib; \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)\$(prefix)/lib"
 +      EXTRA_LDFLAGS="$EXTRA_LDFLAGS -release \$(PHP_MAJOR_VERSION).\$(PHP_MINOR_VERSION)"
 +      INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(libdir); \$(LIBTOOL) --mode=install \$(INSTALL) -m 0755 \$(OVERALL_TARGET) \$(INSTALL_ROOT)\$(libdir)"
        ;;
      static)
-       LIBPHP_CFLAGS="-static"
-diff -up ./scripts/php-config.in.embed ./scripts/php-config.in
---- ./scripts/php-config.in.embed	2020-07-07 12:54:42.000000000 +0200
-+++ ./scripts/php-config.in	2020-07-07 13:51:05.880764968 +0200
+       PHP_EMBED_TYPE=static
+diff -up php-5.5.30/scripts/php-config.in.old php-5.5.30/scripts/php-config.in
+--- php-5.5.30/scripts/php-config.in.old	2015-10-19 15:17:31.944747715 +0200
++++ php-5.5.30/scripts/php-config.in	2015-10-19 15:17:58.278858083 +0200
 @@ -18,7 +18,7 @@ exe_extension="@EXEEXT@"
  php_cli_binary=NONE
  php_cgi_binary=NONE
  configure_options="@CONFIGURE_OPTIONS@"
 -php_sapis="@PHP_INSTALLED_SAPIS@"
-+php_sapis="apache2handler litespeed fpm phpdbg @PHP_INSTALLED_SAPIS@"
- ini_dir="@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@"
- ini_path="@EXPANDED_PHP_CONFIG_FILE_PATH@"
++php_sapis="apache2handler embed fpm @PHP_INSTALLED_SAPIS@"
  
+ # Set php_cli_binary and php_cgi_binary if available
+ for sapi in $php_sapis; do

SOURCES/php-5.6.3-phpinfo.patch

@@ -0,0 +1,27 @@
+
+Drop "Configure Command" from phpinfo as it doesn't
+provide any useful information.
+The available extensions are not related to this command.
+
+--- php-5.4.9/ext/standard/info.c.orig	2012-12-11 10:43:02.450578276 +0100
++++ php-5.4.9/ext/standard/info.c	2012-12-11 10:44:12.530820821 +0100
+@@ -743,9 +743,6 @@
+ #ifdef ARCHITECTURE
+ 		php_info_print_table_row(2, "Architecture", ARCHITECTURE);
+ #endif
+-#ifdef CONFIGURE_COMMAND
+-		php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
+-#endif
+ 
+ 		if (sapi_module.pretty_name) {
+ 			php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
+--- php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt.orig	2012-12-11 11:07:26.959156091 +0100
++++ php-5.4.9/ext/standard/tests/general_functions/phpinfo.phpt	2012-12-11 11:07:30.899170970 +0100
+@@ -20,7 +20,6 @@
+ 
+ System => %s
+ Build Date => %s%a
+-Configure Command => %s
+ Server API => Command Line Interface
+ Virtual Directory Support => %s
+ Configuration File (php.ini) Path => %s

SOURCES/php-7.1.7-httpd.patch

@@ -5,9 +5,10 @@ mod_php is build twice
 - as ZTS using --enable-maintainer-zts
 
 diff --git a/sapi/apache2handler/config.m4 b/sapi/apache2handler/config.m4
+index 2e64b21..ec4799f 100644
 --- a/sapi/apache2handler/config.m4
 +++ b/sapi/apache2handler/config.m4
-@@ -105,17 +105,6 @@ if test "$PHP_APXS2" != "no"; then
+@@ -116,17 +116,6 @@ if test "$PHP_APXS2" != "no"; then
      ;;
    esac
  
@@ -17,7 +18,7 @@ diff --git a/sapi/apache2handler/config.m4 b/sapi/apache2handler/config.m4
 -      PHP_BUILD_THREAD_SAFE
 -    fi
 -  else
--    APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'`
+-    APACHE_THREADED_MPM=`$APXS_HTTPD -V | grep 'threaded:.*yes'`
 -    if test -n "$APACHE_THREADED_MPM"; then
 -      PHP_BUILD_THREAD_SAFE
 -    fi

SOURCES/php-7.2.0-libdb.patch

@@ -1,7 +1,7 @@
-diff -up ./ext/dba/config.m4.libdb ./ext/dba/config.m4
---- ./ext/dba/config.m4.libdb	2020-04-09 14:06:11.000000000 +0200
-+++ ./ext/dba/config.m4	2020-04-09 14:35:08.208605065 +0200
-@@ -375,61 +375,13 @@ if test "$PHP_DB4" != "no"; then
+diff -up php-7.2.0alpha0/ext/dba/config.m4.libdb php-7.2.0alpha0/ext/dba/config.m4
+--- php-7.2.0alpha0/ext/dba/config.m4.libdb	2017-05-29 08:56:06.000000000 +0200
++++ php-7.2.0alpha0/ext/dba/config.m4	2017-05-29 09:13:52.014823282 +0200
+@@ -346,61 +346,13 @@ if test "$PHP_DB4" != "no"; then
    dbdp4="/usr/local/BerkeleyDB.4."
    dbdp5="/usr/local/BerkeleyDB.5."
    for i in $PHP_DB4 ${dbdp5}1 ${dbdp5}0 ${dbdp4}8 ${dbdp4}7 ${dbdp4}6 ${dbdp4}5 ${dbdp4}4 ${dbdp4}3 ${dbdp4}2 ${dbdp4}1 ${dbdp}0 /usr/local /usr; do
@@ -65,21 +65,21 @@ diff -up ./ext/dba/config.m4.libdb ./ext/dba/config.m4
  fi
  PHP_DBA_STD_RESULT(db4,Berkeley DB4)
  
-diff -up ./ext/dba/dba.c.libdb ./ext/dba/dba.c
---- ./ext/dba/dba.c.libdb	2020-04-09 14:06:11.000000000 +0200
-+++ ./ext/dba/dba.c	2020-04-09 14:36:30.593275190 +0200
-@@ -50,6 +50,10 @@
+diff -up php-7.2.0alpha0/ext/dba/dba.c.libdb php-7.2.0alpha0/ext/dba/dba.c
+--- php-7.2.0alpha0/ext/dba/dba.c.libdb	2017-05-29 09:16:15.736628202 +0200
++++ php-7.2.0alpha0/ext/dba/dba.c	2017-05-29 09:16:20.494654746 +0200
+@@ -53,6 +53,10 @@
+ #include "php_tcadb.h"
  #include "php_lmdb.h"
- #include "dba_arginfo.h"
  
 +#ifdef DB4_INCLUDE_FILE
 +#include DB4_INCLUDE_FILE
 +#endif
 +
- PHP_MINIT_FUNCTION(dba);
- PHP_MSHUTDOWN_FUNCTION(dba);
- PHP_MINFO_FUNCTION(dba);
-@@ -459,6 +463,10 @@ PHP_MINFO_FUNCTION(dba)
+ /* {{{ arginfo */
+ ZEND_BEGIN_ARG_INFO_EX(arginfo_dba_popen, 0, 0, 2)
+ 	ZEND_ARG_INFO(0, path)
+@@ -558,6 +562,10 @@ PHP_MINFO_FUNCTION(dba)
  
  	php_info_print_table_start();
   	php_info_print_table_row(2, "DBA support", "enabled");

SOURCES/php-7.2.12-phpize.patch

@@ -1,7 +1,7 @@
-diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
---- ./scripts/phpize.in.headers	2019-07-23 10:05:11.000000000 +0200
-+++ ./scripts/phpize.in	2019-07-23 10:18:13.648098089 +0200
-@@ -165,6 +165,15 @@ phpize_autotools()
+diff -up php-7.2.12RC1/scripts/phpize.in.headers php-7.2.12RC1/scripts/phpize.in
+--- php-7.2.12RC1/scripts/phpize.in.headers	2018-10-23 11:47:43.000000000 +0200
++++ php-7.2.12RC1/scripts/phpize.in	2018-10-23 11:49:51.651818777 +0200
+@@ -162,6 +162,15 @@ phpize_autotools()
    $PHP_AUTOHEADER || exit 1
  }
  
@@ -17,7 +17,7 @@ diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
  # Main script
  
  case "$1" in
-@@ -183,12 +192,15 @@ case "$1" in
+@@ -180,12 +189,15 @@ case "$1" in
  
    # Version
    --version|-v)

SOURCES/php-7.2.16-systzdata-v17.patch

@@ -5,12 +5,7 @@ Add support for use of the system timezone database, rather
 than embedding a copy.  Discussed upstream but was not desired.
 
 History:
-r22: fix possible buffer overflow
-r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
-r20: adapt for timelib 2020.03 (in 8.0.10RC1)
-r19: adapt for timelib 2020.02 (in 8.0.0beta2)
-r18: adapt for autotool change in 7.3.3RC1
-r17: adapt for timelib 2018.01 (in 7.3.2RC1)
+r17: adapt for autotool change in 7.2.16RC1
 r16: adapt for timelib 2017.06 (in 7.2.3RC1)
 r15: adapt for timelib 2017.05beta7 (in 7.2.0RC1)
 r14: improve check for valid tz file
@@ -33,11 +28,10 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
 r2: add filesystem trawl to set up name alias index
 r1: initial revision
 
-diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
-index 20e4164aaa..a61243646d 100644
---- a/ext/date/config0.m4
-+++ b/ext/date/config0.m4
-@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
+diff -up php-7.2.16RC1/ext/date/config0.m4.systzdata php-7.2.16RC1/ext/date/config0.m4
+--- php-7.2.16RC1/ext/date/config0.m4.systzdata	2019-02-19 11:22:22.223741585 +0100
++++ php-7.2.16RC1/ext/date/config0.m4	2019-02-19 11:23:05.089111556 +0100
+@@ -10,6 +10,19 @@ io.h
  dnl Check for strtoll, atoll
  AC_CHECK_FUNCS(strtoll atoll)
  
@@ -57,11 +51,10 @@ index 20e4164aaa..a61243646d 100644
  PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
  timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
                   lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
-diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
-index e9bd0f136d..c04ff01adc 100644
---- a/ext/date/lib/parse_tz.c
-+++ b/ext/date/lib/parse_tz.c
-@@ -26,8 +26,21 @@
+diff -up php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata php-7.2.16RC1/ext/date/lib/parse_tz.c
+--- php-7.2.16RC1/ext/date/lib/parse_tz.c.systzdata	2019-02-19 11:13:22.000000000 +0100
++++ php-7.2.16RC1/ext/date/lib/parse_tz.c	2019-02-19 11:19:40.245313535 +0100
+@@ -25,8 +25,21 @@
  #include "timelib.h"
  #include "timelib_private.h"
  
@@ -83,7 +76,7 @@ index e9bd0f136d..c04ff01adc 100644
  
  #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
  # if defined(__LITTLE_ENDIAN__)
-@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -67,6 +80,11 @@ static int read_php_preamble(const unsig
  {
  	uint32_t version;
  
@@ -95,11 +88,11 @@ index e9bd0f136d..c04ff01adc 100644
  	/* read ID */
  	version = (*tzf)[3] - '0';
  	*tzf += 4;
-@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
+@@ -374,7 +392,429 @@ void timelib_dump_tzinfo(timelib_tzinfo
  	}
  }
  
--static int seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
+-static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
 +#ifdef HAVE_SYSTEM_TZDATA
 +
 +#ifdef HAVE_SYSTEM_TZDATA_PREFIX
@@ -326,44 +319,6 @@ index e9bd0f136d..c04ff01adc 100644
 +}
 +
 +
-+/* Retrieve tzdata version. */
-+static void retrieve_zone_version(timelib_tzdb *db)
-+{
-+    static char buf[30];
-+    char path[PATH_MAX];
-+    FILE *fp;
-+
-+    strncpy(path, ZONEINFO_PREFIX "/tzdata.zi", sizeof(path));
-+
-+    fp = fopen(path, "r");
-+    if (fp) {
-+		if (fgets(buf, sizeof(buf), fp)) {
-+			if (!memcmp(buf, "# version ", 10) &&
-+				isdigit(buf[10]) &&
-+				isdigit(buf[11]) &&
-+				isdigit(buf[12]) &&
-+				isdigit(buf[13]) &&
-+				islower(buf[14])) {
-+				if (buf[14] >= 't') {        /* 2022t = 2022.20 */
-+					buf[17] = 0;
-+					buf[16] = buf[14] - 't' + '0';
-+					buf[15] = '2';
-+				} else if (buf[14] >= 'j') { /* 2022j = 2022.10 */
-+					buf[17] = 0;
-+					buf[16] = buf[14] - 'j' + '0';
-+					buf[15] = '1';
-+				} else {                     /* 2022a = 2022.1  */
-+					buf[16] = 0;
-+					buf[15] = buf[14] - 'a' + '1';
-+				}
-+				buf[14] = '.';
-+				db->version = buf+10;
-+			}
-+		}
-+		fclose(fp);
-+    }
-+}
-+
 +/* Create the zone identifier index by trawling the filesystem. */
 +static void create_zone_index(timelib_tzdb *db)
 +{
@@ -455,7 +410,7 @@ index e9bd0f136d..c04ff01adc 100644
 +        size_t n;
 +        char *data, *p;
 +        
-+        data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1);
++        data = malloc(3 * sysdb->index_size + 7);
 +
 +        p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1);
 +
@@ -560,15 +515,15 @@ index e9bd0f136d..c04ff01adc 100644
 +
 +#endif
 +
-+static int inmem_seek_to_tz_position(const unsigned char **tzf, const char *timezone, const timelib_tzdb *tzdb)
++static int inmem_seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
  {
  	int left = 0, right = tzdb->index_size - 1;
  
-@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
+@@ -400,9 +840,48 @@ static int seek_to_tz_position(const uns
  	return 0;
  }
  
-+static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
++static int seek_to_tz_position(const unsigned char **tzf, char *timezone,
 +			       char **map, size_t *maplen,
 +			       const timelib_tzdb *tzdb)
 +{
@@ -601,7 +556,6 @@ index e9bd0f136d..c04ff01adc 100644
 +		tmp->version = "0.system";
 +		tmp->data = NULL;
 +		create_zone_index(tmp);
-+		retrieve_zone_version(tmp);
 +		system_location_table = create_location_table();
 +		fake_data_segment(tmp, system_location_table);
 +		timezonedb_system = tmp;
@@ -614,8 +568,8 @@ index e9bd0f136d..c04ff01adc 100644
  }
  
  const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
-@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
- int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
+@@ -414,7 +893,30 @@ const timelib_tzdb_index_entry *timelib_
+ int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb)
  {
  	const unsigned char *tzf;
 -	return (seek_to_tz_position(&tzf, timezone, tzdb));
@@ -646,8 +600,8 @@ index e9bd0f136d..c04ff01adc 100644
  }
  
  static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
-@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
- timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
+@@ -456,12 +958,14 @@ static timelib_tzinfo* timelib_tzinfo_ct
+ timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb, int *error_code)
  {
  	const unsigned char *tzf;
 +	char *memmap = NULL;
@@ -655,19 +609,18 @@ index e9bd0f136d..c04ff01adc 100644
  	timelib_tzinfo *tmp;
  	int version;
  	int transitions_result, types_result;
-@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
- 
- 	*error_code = TIMELIB_ERROR_NO_ERROR;
+ 	unsigned int type; /* TIMELIB_TZINFO_PHP or TIMELIB_TZINFO_ZONEINFO */
  
 -	if (seek_to_tz_position(&tzf, timezone, tzdb)) {
 +	if (seek_to_tz_position(&tzf, timezone, &memmap, &maplen, tzdb)) {
  		tmp = timelib_tzinfo_ctor(timezone);
  
  		version = read_preamble(&tzf, tmp, &type);
-@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+@@ -484,6 +988,29 @@ timelib_tzinfo *timelib_parse_tzfile(cha
+ 			timelib_tzinfo_dtor(tmp);
+ 			return NULL;
  		}
- 		skip_posix_string(&tzf, tmp);
- 
++
 +#ifdef HAVE_SYSTEM_TZDATA
 +		if (memmap) {
 +			const struct location_info *li;
@@ -690,8 +643,10 @@ index e9bd0f136d..c04ff01adc 100644
 +			munmap(memmap, maplen);
 +		} else {
 +#endif
- 		if (type == TIMELIB_TZINFO_PHP) {
- 			read_location(&tzf, tmp);
+ 		if (version == 2 || version == 3) {
+ 			if (!skip_64bit_preamble(&tzf, tmp)) {
+ 				/* 64 bit preamble is not in place */
+@@ -501,6 +1028,9 @@ timelib_tzinfo *timelib_parse_tzfile(cha
  		} else {
  			set_default_location_and_comments(&tzf, tmp);
  		}
@@ -701,19 +656,3 @@ index e9bd0f136d..c04ff01adc 100644
  	} else {
  		*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
  		tmp = NULL;
-diff --git a/ext/date/php_date.c b/ext/date/php_date.c
-index 2d5cffb963..389f09f313 100644
---- a/ext/date/php_date.c
-+++ b/ext/date/php_date.c
-@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date)
- 	php_info_print_table_row(2, "date/time support", "enabled");
- 	php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION);
- 	php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version);
-+#ifdef HAVE_SYSTEM_TZDATA
-+	php_info_print_table_row(2, "Timezone Database", "system");
-+#else
- 	php_info_print_table_row(2, "Timezone Database", php_date_global_timezone_db_enabled ? "external" : "internal");
-+#endif
- 	php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb));
- 	php_info_print_table_end();
- 

SOURCES/php-7.2.3-ldap_r.patch

@@ -1,12 +1,12 @@
 
 Use -lldap_r by default.
 
-diff -up php-7.4.0RC2/ext/ldap/config.m4.ldap_r php-7.4.0RC2/ext/ldap/config.m4
---- php-7.4.0RC2/ext/ldap/config.m4.ldap_r	2019-09-17 10:21:24.769200812 +0200
-+++ php-7.4.0RC2/ext/ldap/config.m4	2019-09-17 10:21:30.658181771 +0200
-@@ -68,7 +68,11 @@ if test "$PHP_LDAP" != "no"; then
-   dnl -pc removal is a hack for clang
-   MACHINE_INCLUDES=$($CC -dumpmachine | $SED 's/-pc//')
+diff -up php-7.2.3RC1/ext/ldap/config.m4.ldap_r php-7.2.3RC1/ext/ldap/config.m4
+--- php-7.2.3RC1/ext/ldap/config.m4.ldap_r	2018-02-14 06:05:11.553142812 +0100
++++ php-7.2.3RC1/ext/ldap/config.m4	2018-02-14 06:07:31.179816122 +0100
+@@ -119,7 +119,11 @@ if test "$PHP_LDAP" != "no"; then
+ 
+   MACHINE_INCLUDES=$($CC -dumpmachine)
  
 -  if test -f $LDAP_LIBDIR/liblber.a || test -f $LDAP_LIBDIR/liblber.$SHLIB_SUFFIX_NAME || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.a || test -f $LDAP_LIBDIR/$MACHINE_INCLUDES/liblber.$SHLIB_SUFFIX_NAME; then
 +  if test -f $LDAP_LIBDIR/libldap_r.$SHLIB_SUFFIX_NAME; then

SOURCES/php-7.2.4-dlopen.patch

@@ -0,0 +1,30 @@
+diff -up php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen php-7.2.4RC1/sapi/litespeed/lsapilib.c
+--- php-7.2.4RC1/sapi/litespeed/lsapilib.c.dlopen	2018-03-13 12:40:25.330885880 +0100
++++ php-7.2.4RC1/sapi/litespeed/lsapilib.c	2018-03-13 12:41:35.797251042 +0100
+@@ -755,7 +755,7 @@ static int (*fp_lve_leave)(struct liblve
+ static int (*fp_lve_jail)( struct passwd *, char *) = NULL;
+ static int lsapi_load_lve_lib(void)
+ {
+-    s_liblve = dlopen("liblve.so.0", RTLD_LAZY);
++    s_liblve = dlopen("liblve.so.0", RTLD_NOW);
+     if (s_liblve)
+     {
+         fp_lve_is_available = dlsym(s_liblve, "lve_is_available");
+diff -up php-7.2.4RC1/Zend/zend_portability.h.dlopen php-7.2.4RC1/Zend/zend_portability.h
+--- php-7.2.4RC1/Zend/zend_portability.h.dlopen	2018-03-13 12:33:38.000000000 +0100
++++ php-7.2.4RC1/Zend/zend_portability.h	2018-03-13 12:40:25.330885880 +0100
+@@ -144,11 +144,11 @@
+ # endif
+ 
+ # if defined(RTLD_GROUP) && defined(RTLD_WORLD) && defined(RTLD_PARENT)
+-#  define DL_LOAD(libname)			dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT)
++#  define DL_LOAD(libname)			dlopen(libname, RTLD_NOW  | RTLD_GLOBAL | RTLD_GROUP | RTLD_WORLD | RTLD_PARENT)
+ # elif defined(RTLD_DEEPBIND) && !defined(__SANITIZE_ADDRESS__)
+-#  define DL_LOAD(libname)			dlopen(libname, RTLD_LAZY | RTLD_GLOBAL | RTLD_DEEPBIND)
++#  define DL_LOAD(libname)			dlopen(libname, RTLD_NOW  | RTLD_GLOBAL | RTLD_DEEPBIND)
+ # else
+-#  define DL_LOAD(libname)			dlopen(libname, RTLD_LAZY | RTLD_GLOBAL)
++#  define DL_LOAD(libname)			dlopen(libname, RTLD_NOW  | RTLD_GLOBAL)
+ # endif
+ # define DL_UNLOAD					dlclose
+ # if defined(DLSYM_NEEDS_UNDERSCORE)

SOURCES/php-7.2.4-fixheader.patch

@@ -0,0 +1,12 @@
+diff -up php-7.2.4RC1/configure.ac.fixheader php-7.2.4RC1/configure.ac
+--- php-7.2.4RC1/configure.ac.fixheader	2018-03-13 12:42:47.594623100 +0100
++++ php-7.2.4RC1/configure.ac	2018-03-13 12:43:35.591871825 +0100
+@@ -1275,7 +1275,7 @@ PHP_BUILD_DATE=`date -u +%Y-%m-%d`
+ fi
+ AC_DEFINE_UNQUOTED(PHP_BUILD_DATE,"$PHP_BUILD_DATE",[PHP build date])
+ 
+-PHP_UNAME=`uname -a | xargs`
++PHP_UNAME=`uname | xargs`
+ AC_DEFINE_UNQUOTED(PHP_UNAME,"$PHP_UNAME",[uname -a output])
+ PHP_OS=`uname | xargs`
+ AC_DEFINE_UNQUOTED(PHP_OS,"$PHP_OS",[uname output])

SOURCES/php-7.2.7-getallheaders.patch

@@ -0,0 +1,280 @@
+Adapted for 7.2.7 from 7.3 by remi
+
+
+From 0ea4013f101d64fbeb9221260b36e98f10ed1ddd Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 4 Jul 2018 08:48:38 +0200
+Subject: [PATCH] Fixed bug #62596 add getallheaders (apache_request_headers)
+ missing function in FPM add sapi_add_request_header in public API (was
+ add_request_header) fix arginfo for fastcgi_finish_request fucntion
+
+---
+ main/SAPI.c                       | 50 +++++++++++++++++++++++++++++
+ main/SAPI.h                       |  1 +
+ sapi/cgi/cgi_main.c               | 51 +----------------------------
+ sapi/fpm/fpm/fpm_main.c           | 25 ++++++++++++++-
+ sapi/fpm/tests/getallheaders.phpt | 67 +++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 143 insertions(+), 51 deletions(-)
+ create mode 100644 sapi/fpm/tests/getallheaders.phpt
+
+diff --git a/main/SAPI.c b/main/SAPI.c
+index b6c3329..7e0c7c8 100644
+--- a/main/SAPI.c
++++ b/main/SAPI.c
+@@ -1104,6 +1104,56 @@ SAPI_API void sapi_terminate_process(void) {
+ 	}
+ }
+ 
++SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */
++{
++	zval *return_value = (zval*)arg;
++	char *str = NULL;
++
++	ALLOCA_FLAG(use_heap)
++
++	if (var_len > 5 &&
++	    var[0] == 'H' &&
++	    var[1] == 'T' &&
++	    var[2] == 'T' &&
++	    var[3] == 'P' &&
++	    var[4] == '_') {
++
++		char *p;
++
++		var_len -= 5;
++		p = var + 5;
++		var = str = do_alloca(var_len + 1, use_heap);
++		*str++ = *p++;
++		while (*p) {
++			if (*p == '_') {
++				*str++ = '-';
++				p++;
++				if (*p) {
++					*str++ = *p++;
++				}
++			} else if (*p >= 'A' && *p <= 'Z') {
++				*str++ = (*p++ - 'A' + 'a');
++			} else {
++				*str++ = *p++;
++			}
++		}
++		*str = 0;
++	} else if (var_len == sizeof("CONTENT_TYPE")-1 &&
++	           memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) {
++		var = "Content-Type";
++	} else if (var_len == sizeof("CONTENT_LENGTH")-1 &&
++	           memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) {
++		var = "Content-Length";
++	} else {
++		return;
++	}
++	add_assoc_stringl_ex(return_value, var, var_len, val, val_len);
++	if (str) {
++		free_alloca(var, use_heap);
++	}
++}
++/* }}} */
++
+ /*
+  * Local variables:
+  * tab-width: 4
+diff --git a/main/SAPI.h b/main/SAPI.h
+index f829fd7..4b8e223 100644
+--- a/main/SAPI.h
++++ b/main/SAPI.h
+@@ -151,6 +151,7 @@ SAPI_API void sapi_shutdown(void);
+ SAPI_API void sapi_activate(void);
+ SAPI_API void sapi_deactivate(void);
+ SAPI_API void sapi_initialize_empty_request(void);
++SAPI_API void sapi_add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg);
+ END_EXTERN_C()
+ 
+ /*
+diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
+index 2e9cefe..350846d 100644
+--- a/sapi/cgi/cgi_main.c
++++ b/sapi/cgi/cgi_main.c
+@@ -1591,54 +1591,6 @@ PHP_FUNCTION(apache_child_terminate) /*
+ }
+ /* }}} */
+ 
+-static void add_request_header(char *var, unsigned int var_len, char *val, unsigned int val_len, void *arg) /* {{{ */
+-{
+-	zval *return_value = (zval*)arg;
+-	char *str = NULL;
+-	char *p;
+-	ALLOCA_FLAG(use_heap)
+-
+-	if (var_len > 5 &&
+-	    var[0] == 'H' &&
+-	    var[1] == 'T' &&
+-	    var[2] == 'T' &&
+-	    var[3] == 'P' &&
+-	    var[4] == '_') {
+-
+-		var_len -= 5;
+-		p = var + 5;
+-		var = str = do_alloca(var_len + 1, use_heap);
+-		*str++ = *p++;
+-		while (*p) {
+-			if (*p == '_') {
+-				*str++ = '-';
+-				p++;
+-				if (*p) {
+-					*str++ = *p++;
+-				}
+-			} else if (*p >= 'A' && *p <= 'Z') {
+-				*str++ = (*p++ - 'A' + 'a');
+-			} else {
+-				*str++ = *p++;
+-			}
+-		}
+-		*str = 0;
+-	} else if (var_len == sizeof("CONTENT_TYPE")-1 &&
+-	           memcmp(var, "CONTENT_TYPE", sizeof("CONTENT_TYPE")-1) == 0) {
+-		var = "Content-Type";
+-	} else if (var_len == sizeof("CONTENT_LENGTH")-1 &&
+-	           memcmp(var, "CONTENT_LENGTH", sizeof("CONTENT_LENGTH")-1) == 0) {
+-		var = "Content-Length";
+-	} else {
+-		return;
+-	}
+-	add_assoc_stringl_ex(return_value, var, var_len, val, val_len);
+-	if (str) {
+-		free_alloca(var, use_heap);
+-	}
+-}
+-/* }}} */
+-
+ PHP_FUNCTION(apache_request_headers) /* {{{ */
+ {
+ 	if (zend_parse_parameters_none()) {
+@@ -1648,7 +1600,7 @@ PHP_FUNCTION(apache_request_headers) /*
+ 	if (fcgi_is_fastcgi()) {
+ 		fcgi_request *request = (fcgi_request*) SG(server_context);
+ 
+-		fcgi_loadenv(request, add_request_header, return_value);
++		fcgi_loadenv(request, sapi_add_request_header, return_value);
+ 	} else {
+ 		char buf[128];
+ 		char **env, *p, *q, *var, *val, *t = buf;
+diff --git a/sapi/fpm/fpm/fpm_main.c b/sapi/fpm/fpm/fpm_main.c
+index 3256660..e815be4 100644
+--- a/sapi/fpm/fpm/fpm_main.c
++++ b/sapi/fpm/fpm/fpm_main.c
+@@ -1533,6 +1533,10 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */
+ {
+ 	fcgi_request *request = (fcgi_request*) SG(server_context);
+ 
++	if (zend_parse_parameters_none() == FAILURE) {
++		return;
++	}
++
+ 	if (!fcgi_is_closed(request)) {
+ 		php_output_end_all();
+ 		php_header();
+@@ -1547,8 +1551,27 @@ PHP_FUNCTION(fastcgi_finish_request) /* {{{ */
+ }
+ /* }}} */
+ 
++ZEND_BEGIN_ARG_INFO(cgi_fcgi_sapi_no_arginfo, 0)
++ZEND_END_ARG_INFO()
++
++PHP_FUNCTION(apache_request_headers) /* {{{ */
++{
++	fcgi_request *request;
++
++	if (zend_parse_parameters_none() == FAILURE) {
++		return;
++	}
++
++	array_init(return_value);
++	if ((request = (fcgi_request*) SG(server_context))) {
++		fcgi_loadenv(request, sapi_add_request_header, return_value);
++	}
++} /* }}} */
++
+ static const zend_function_entry cgi_fcgi_sapi_functions[] = {
+-	PHP_FE(fastcgi_finish_request,              NULL)
++	PHP_FE(fastcgi_finish_request,                    cgi_fcgi_sapi_no_arginfo)
++	PHP_FE(apache_request_headers,                    cgi_fcgi_sapi_no_arginfo)
++	PHP_FALIAS(getallheaders, apache_request_headers, cgi_fcgi_sapi_no_arginfo)
+ 	PHP_FE_END
+ };
+ 
+diff --git a/sapi/fpm/tests/getallheaders.phpt b/sapi/fpm/tests/getallheaders.phpt
+new file mode 100644
+index 0000000..b41f1c6
+--- /dev/null
++++ b/sapi/fpm/tests/getallheaders.phpt
+@@ -0,0 +1,67 @@
++--TEST--
++FPM: Function getallheaders basic test
++--SKIPIF--
++<?php include "skipif.inc"; ?>
++--FILE--
++<?php
++
++require_once "tester.inc";
++
++$cfg = <<<EOT
++[global]
++error_log = {{FILE:LOG}}
++[unconfined]
++listen = {{ADDR}}
++pm = dynamic
++pm.max_children = 5
++pm.start_servers = 1
++pm.min_spare_servers = 1
++pm.max_spare_servers = 3
++EOT;
++
++$code = <<<EOT
++<?php
++echo "Test Start\n";
++var_dump(getallheaders());
++echo "Test End\n";
++EOT;
++
++$headers = [];
++$tester = new FPM\Tester($cfg, $code);
++$tester->start();
++$tester->expectLogStartNotices();
++$tester->request(
++		'', 
++		[
++			'HTTP_X_FOO' => 'BAR',
++			'HTTP_FOO'   => 'foo'
++		]
++	)->expectBody(
++		[
++			'Test Start',
++			'array(4) {',
++			'  ["Foo"]=>',
++			'  string(3) "foo"',
++			'  ["X-Foo"]=>',
++			'  string(3) "BAR"',
++			'  ["Content-Length"]=>',
++			'  string(1) "0"',
++			'  ["Content-Type"]=>',
++			'  string(0) ""',
++			'}',
++			'Test End',
++		]
++	);
++$tester->terminate();
++$tester->expectLogTerminatingNotices();
++$tester->close();
++
++?>
++Done
++--EXPECT--
++Done
++--CLEAN--
++<?php
++require_once "tester.inc";
++FPM\Tester::clean();
++?>
+-- 
+2.1.4
+

SOURCES/php-7.4.0-datetests.patch

@@ -1,98 +0,0 @@
-diff -up ./ext/date/tests/bug33414-2.phpt.datetests ./ext/date/tests/bug33414-2.phpt
---- ./ext/date/tests/bug33414-2.phpt.datetests	2020-04-09 14:06:11.000000000 +0200
-+++ ./ext/date/tests/bug33414-2.phpt	2020-04-09 14:40:00.809433489 +0200
-@@ -74,10 +74,10 @@ $strtotime_tstamp = strtotime("next Frid
- print "result=".date("l Y-m-d H:i:s T I", $strtotime_tstamp)."\n";
- print "wanted=Friday            00:00:00\n\n";
- ?>
----EXPECT--
-+--EXPECTF--
- TZ=Pacific/Rarotonga - wrong day.
--tStamp=Thursday 1970-01-01 17:17:17 -1030 0
--result=Tuesday 1970-01-06 00:00:00 -1030 0
-+tStamp=Thursday 1970-01-01 17:17:17 %s
-+result=Tuesday 1970-01-06 00:00:00 %s
- wanted=Tuesday            00:00:00
- 
- TZ=Atlantic/South_Georgia - wrong day.
-@@ -91,13 +91,13 @@ result=Monday 2005-04-04 00:00:00 EDT 1
- wanted=Monday            00:00:00
- 
- TZ=Pacific/Enderbury - wrong day, off by 2 days.
--tStamp=Thursday 1970-01-01 17:17:17 -12 0
--result=Monday 1970-01-05 00:00:00 -12 0
-+tStamp=Thursday 1970-01-01 17:17:17 %s
-+result=Monday 1970-01-05 00:00:00 %s
- wanted=Monday            00:00:00
- 
- TZ=Pacific/Kiritimati - wrong day, off by 2 days.
--tStamp=Thursday 1970-01-01 17:17:17 -1040 0
--result=Monday 1970-01-05 00:00:00 -1040 0
-+tStamp=Thursday 1970-01-01 17:17:17 %s
-+result=Monday 1970-01-05 00:00:00 %s
- wanted=Monday            00:00:00
- 
- TZ=America/Managua - wrong day.
-@@ -106,13 +106,13 @@ result=Tuesday 2005-04-12 00:00:00 CDT 1
- wanted=Tuesday            00:00:00
- 
- TZ=Pacific/Pitcairn - wrong day.
--tStamp=Thursday 1970-01-01 17:17:17 -0830 0
--result=Wednesday 1970-01-07 00:00:00 -0830 0
-+tStamp=Thursday 1970-01-01 17:17:17 %s
-+result=Wednesday 1970-01-07 00:00:00 %s
- wanted=Wednesday            00:00:00
- 
- TZ=Pacific/Fakaofo - wrong day.
--tStamp=Thursday 1970-01-01 17:17:17 -11 0
--result=Saturday 1970-01-03 00:00:00 -11 0
-+tStamp=Thursday 1970-01-01 17:17:17 %s
-+result=Saturday 1970-01-03 00:00:00 %s
- wanted=Saturday            00:00:00
- 
- TZ=Pacific/Johnston - wrong day.
-diff -up ./ext/date/tests/bug66985.phpt.datetests ./ext/date/tests/bug66985.phpt
---- ./ext/date/tests/bug66985.phpt.datetests	2020-04-09 14:06:11.000000000 +0200
-+++ ./ext/date/tests/bug66985.phpt	2020-04-09 14:40:37.099288185 +0200
-@@ -3,7 +3,7 @@ Bug #66985 (Some timezones are no longer
- --FILE--
- <?php
- $zones = array(
--    "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "Factory", "GB-Eire",
-+    "CST6CDT", "Cuba", "Egypt", "Eire", "EST5EDT", "GB-Eire",
-     "GMT0", "Greenwich", "Hongkong", "Iceland", "Iran", "Israel", "Jamaica",
-     "Japan", "Kwajalein", "Libya", "MST7MDT", "Navajo", "NZ-CHAT", "Poland",
-     "Portugal", "PST8PDT", "Singapore", "Turkey", "Universal", "W-SU",
-@@ -45,11 +45,6 @@ DateTimeZone Object
- )
- DateTimeZone Object
- (
--    [timezone_type] => 3
--    [timezone] => Factory
--)
--DateTimeZone Object
--(
-     [timezone_type] => 3
-     [timezone] => GB-Eire
- )
-diff -up ./ext/date/tests/strtotime3-64bit.phpt.datetests ./ext/date/tests/strtotime3-64bit.phpt
---- ./ext/date/tests/strtotime3-64bit.phpt.datetests	2020-04-09 14:06:11.000000000 +0200
-+++ ./ext/date/tests/strtotime3-64bit.phpt	2020-04-09 14:40:00.809433489 +0200
-@@ -44,7 +44,7 @@ foreach ($strs as $str) {
- }
- 
- ?>
----EXPECT--
-+--EXPECTF--
- bool(false)
- bool(false)
- string(31) "Thu, 15 Jun 2006 00:00:00 +0100"
-@@ -53,7 +53,7 @@ bool(false)
- string(31) "Fri, 16 Jun 2006 23:49:12 +0100"
- bool(false)
- string(31) "Fri, 16 Jun 2006 02:22:00 +0100"
--string(31) "Sun, 16 Jun 0222 02:22:00 -0036"
-+string(31) "Sun, 16 Jun 0222 02:22:00 %s"
- string(31) "Fri, 16 Jun 2006 02:22:33 +0100"
- bool(false)
- string(31) "Tue, 02 Mar 2004 00:00:00 +0000"

SOURCES/php-8.0.0-phpinfo.patch

@@ -1,118 +0,0 @@
-
-Drop "Configure Command" from phpinfo as it doesn't
-provide any useful information.
-The available extensions are not related to this command.
-
-Replace full GCC name by gcc in php -v output
-
-
-Also apply
-
-From 9bf43c45908433d382f0499d529849172d0d8206 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Mon, 28 Dec 2020 08:33:09 +0100
-Subject: [PATCH] rename COMPILER and ARCHITECTURE macro (too generic)
-
----
- configure.ac             |  4 ++--
- ext/standard/info.c      |  8 ++++----
- sapi/cli/php_cli.c       |  8 ++++----
- win32/build/confutils.js | 10 +++++-----
- 4 files changed, 15 insertions(+), 15 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9d9c8b155b07..143dc061346b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1289,10 +1289,10 @@ if test -n "${PHP_BUILD_PROVIDER}"; then
-   AC_DEFINE_UNQUOTED(PHP_BUILD_PROVIDER,"$PHP_BUILD_PROVIDER",[build provider])
- fi
- if test -n "${PHP_BUILD_COMPILER}"; then
--  AC_DEFINE_UNQUOTED(COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
-+  AC_DEFINE_UNQUOTED(PHP_BUILD_COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
- fi
- if test -n "${PHP_BUILD_ARCH}"; then
--  AC_DEFINE_UNQUOTED(ARCHITECTURE,"$PHP_BUILD_ARCH",[build architecture])
-+  AC_DEFINE_UNQUOTED(PHP_BUILD_ARCH,"$PHP_BUILD_ARCH",[build architecture])
- fi
- 
- PHP_SUBST_OLD(PHP_INSTALLED_SAPIS)
-diff --git a/ext/standard/info.c b/ext/standard/info.c
-index 153cb6cde014..8ceef31d9fe4 100644
---- a/ext/standard/info.c
-+++ b/ext/standard/info.c
-@@ -798,11 +798,11 @@ PHPAPI ZEND_COLD void php_print_info(int flag)
- #ifdef PHP_BUILD_PROVIDER
- 		php_info_print_table_row(2, "Build Provider", PHP_BUILD_PROVIDER);
- #endif
--#ifdef COMPILER
--		php_info_print_table_row(2, "Compiler", COMPILER);
-+#ifdef PHP_BUILD_COMPILER
-+		php_info_print_table_row(2, "Compiler", PHP_BUILD_COMPILER);
- #endif
--#ifdef ARCHITECTURE
--		php_info_print_table_row(2, "Architecture", ARCHITECTURE);
-+#ifdef PHP_BUILD_ARCH
-+		php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
- #endif
- #ifdef CONFIGURE_COMMAND
- 		php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
-diff --git a/sapi/cli/php_cli.c b/sapi/cli/php_cli.c
-index 5092fb0ffd68..9d296acec631 100644
---- a/sapi/cli/php_cli.c
-+++ b/sapi/cli/php_cli.c
-@@ -640,12 +640,12 @@ static int do_cli(int argc, char **argv) /* {{{ */
- #else
- 					"NTS "
- #endif
--#ifdef COMPILER
--					COMPILER
-+#ifdef PHP_BUILD_COMPILER
-+					PHP_BUILD_COMPILER
- 					" "
- #endif
--#ifdef ARCHITECTURE
--					ARCHITECTURE
-+#ifdef PHP_BUILD_ARCH
-+					PHP_BUILD_ARCH
- 					" "
- #endif
- #if ZEND_DEBUG
-
-diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c
---- ./ext/standard/info.c.phpinfo	2020-07-21 10:49:31.000000000 +0200
-+++ ./ext/standard/info.c	2020-07-21 11:41:56.295633523 +0200
-@@ -804,9 +804,6 @@ PHPAPI ZEND_COLD void php_print_info(int
- #ifdef PHP_BUILD_ARCH
- 		php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
- #endif
--#ifdef CONFIGURE_COMMAND
--		php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
--#endif
- 
- 		if (sapi_module.pretty_name) {
- 			php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
-diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt
---- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo	2020-07-21 10:49:31.000000000 +0200
-+++ ./ext/standard/tests/general_functions/phpinfo.phpt	2020-07-21 11:41:56.296633522 +0200
-@@ -17,7 +17,6 @@ PHP Version => %s
- 
- System => %s
- Build Date => %s%a
--Configure Command => %s
- Server API => Command Line Interface
- Virtual Directory Support => %s
- Configuration File (php.ini) Path => %s
-diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c
---- ./sapi/cli/php_cli.c.phpinfo	2020-07-21 11:43:38.812475300 +0200
-+++ ./sapi/cli/php_cli.c	2020-07-21 11:43:45.783464540 +0200
-@@ -641,8 +641,7 @@ static int do_cli(int argc, char **argv)
- 					"NTS "
- #endif
- #ifdef PHP_BUILD_COMPILER
--					PHP_BUILD_COMPILER
--					" "
-+					"gcc "
- #endif
- #ifdef PHP_BUILD_ARCH
- 					PHP_BUILD_ARCH

SOURCES/php-8.0.10-phar-sha.patch

@@ -1,515 +0,0 @@
-Backported for 8.0 from
-
-
-From 8bb0c74e24359a11216824117ac3adf3d5ef7b71 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 5 Aug 2021 11:10:15 +0200
-Subject: [PATCH] switch phar to use sha256 signature by default
-
----
- ext/phar/phar/pharcommand.inc                  | 2 +-
- ext/phar/tests/create_new_and_modify.phpt      | 4 ++--
- ext/phar/tests/create_new_phar_c.phpt          | 4 ++--
- ext/phar/tests/phar_setsignaturealgo2.phpt     | 2 +-
- ext/phar/tests/tar/phar_setsignaturealgo2.phpt | 2 +-
- ext/phar/tests/zip/phar_setsignaturealgo2.phpt | 2 +-
- ext/phar/util.c                                | 6 +++---
- ext/phar/zip.c                                 | 2 +-
- 8 files changed, 12 insertions(+), 12 deletions(-)
-
-diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
-index a31290eee75fe..5f698b4bec26b 100644
---- a/ext/phar/phar/pharcommand.inc
-+++ b/ext/phar/phar/pharcommand.inc
-@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
-                 'typ' => 'select',
-                 'val' => NULL,
-                 'inf' => '<method> Selects the hash algorithm.',
--                'select' => array('md5' => 'MD5','sha1' => 'SHA1')
-+                'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
-             ),
-             'i' => array(
-                 'typ' => 'regex',
-diff --git a/ext/phar/tests/create_new_and_modify.phpt b/ext/phar/tests/create_new_and_modify.phpt
-index 02e36c6cea2fe..32defcae8a639 100644
---- a/ext/phar/tests/create_new_and_modify.phpt
-+++ b/ext/phar/tests/create_new_and_modify.phpt
-@@ -49,8 +49,8 @@ include $pname . '/b.php';
- <?php unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar.php'); ?>
- --EXPECTF--
- brand new!
--string(40) "%s"
--string(40) "%s"
-+string(%d) "%s"
-+string(%d) "%s"
- bool(true)
- modified!
- another!
-diff --git a/ext/phar/tests/create_new_phar_c.phpt b/ext/phar/tests/create_new_phar_c.phpt
-index 566d3c4d5f8ad..bf6d740fd1d10 100644
---- a/ext/phar/tests/create_new_phar_c.phpt
-+++ b/ext/phar/tests/create_new_phar_c.phpt
-@@ -20,7 +20,7 @@ var_dump($phar->getSignature());
- --EXPECTF--
- array(2) {
-   ["hash"]=>
--  string(40) "%s"
-+  string(64) "%s"
-   ["hash_type"]=>
--  string(5) "SHA-1"
-+  string(7) "SHA-256"
- }
-diff --git a/ext/phar/tests/phar_setsignaturealgo2.phpt b/ext/phar/tests/phar_setsignaturealgo2.phpt
-index 293d3196713d8..4f31836fbbbcc 100644
---- a/ext/phar/tests/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/phar_setsignaturealgo2.phpt
-@@ -52,7 +52,7 @@ array(2) {
-   ["hash"]=>
-   string(%d) "%s"
-   ["hash_type"]=>
--  string(5) "SHA-1"
-+  string(7) "SHA-256"
- }
- array(2) {
-   ["hash"]=>
-diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-index 9923ac5c88476..cc10a241d739b 100644
---- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-@@ -51,7 +51,7 @@ array(2) {
-   ["hash"]=>
-   string(%d) "%s"
-   ["hash_type"]=>
--  string(5) "SHA-1"
-+  string(7) "SHA-256"
- }
- array(2) {
-   ["hash"]=>
-diff --git a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
-index 8de77479d7825..60fec578ee894 100644
---- a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
-@@ -78,7 +78,7 @@ array(2) {
-   ["hash"]=>
-   string(%d) "%s"
-   ["hash_type"]=>
--  string(5) "SHA-1"
-+  string(7) "SHA-256"
- }
- array(2) {
-   ["hash"]=>
-diff --git a/ext/phar/util.c b/ext/phar/util.c
-index 314acfe81a788..8d2db03b69601 100644
---- a/ext/phar/util.c
-+++ b/ext/phar/util.c
-@@ -1798,6 +1798,8 @@ int phar_create_signature(phar_archive_d
- 			*signature_length = 64;
- 			break;
- 		}
-+		default:
-+			phar->sig_flags = PHAR_SIG_SHA256;
- 		case PHAR_SIG_SHA256: {
- 			unsigned char digest[32];
- 			PHP_SHA256_CTX  context;
-@@ -1894,8 +1896,6 @@ int phar_create_signature(phar_archive_d
- 			*signature_length = siglen;
- 		}
- 		break;
--		default:
--			phar->sig_flags = PHAR_SIG_SHA1;
- 		case PHAR_SIG_SHA1: {
- 			unsigned char digest[20];
- 			PHP_SHA1_CTX  context;
-diff --git a/ext/phar/zip.c b/ext/phar/zip.c
-index 31d4bd2998215..c5e38cabf7b87 100644
---- a/ext/phar/zip.c
-+++ b/ext/phar/zip.c
-@@ -1423,7 +1423,7 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
- 
- 	memcpy(eocd.signature, "PK\5\6", 4);
- 	if (!phar->is_data && !phar->sig_flags) {
--		phar->sig_flags = PHAR_SIG_SHA1;
-+		phar->sig_flags = PHAR_SIG_SHA256;
- 	}
- 	if (phar->sig_flags) {
- 		PHAR_SET_16(eocd.counthere, zend_hash_num_elements(&phar->manifest) + 1);
-
-From c51af22fef988c1b2f92b7b9e3a9d745f7084815 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 5 Aug 2021 16:49:48 +0200
-Subject: [PATCH] implement openssl_256 and openssl_512 for phar singatures
-
----
- ext/openssl/openssl.c                         |   1 +
- ext/phar/phar.1.in                            |  10 +++-
- ext/phar/phar.c                               |   8 +++-
- ext/phar/phar/pharcommand.inc                 |  14 +++++-
- ext/phar/phar_internal.h                      |   2 +
- ext/phar/phar_object.c                        |  24 ++++++++--
- ext/phar/tests/files/openssl256.phar          | Bin 0 -> 7129 bytes
- ext/phar/tests/files/openssl256.phar.pubkey   |   6 +++
- ext/phar/tests/files/openssl512.phar          | Bin 0 -> 7129 bytes
- ext/phar/tests/files/openssl512.phar.pubkey   |   6 +++
- .../phar_get_supported_signatures_002a.phpt   |   6 ++-
- .../tests/tar/phar_setsignaturealgo2.phpt     |  16 +++++++
- ext/phar/tests/test_signaturealgos.phpt       |   8 ++++
- ext/phar/util.c                               |  45 ++++++++++++++----
- 14 files changed, 128 insertions(+), 18 deletions(-)
- create mode 100644 ext/phar/tests/files/openssl256.phar
- create mode 100644 ext/phar/tests/files/openssl256.phar.pubkey
- create mode 100644 ext/phar/tests/files/openssl512.phar
- create mode 100644 ext/phar/tests/files/openssl512.phar.pubkey
-
-diff --git a/ext/phar/phar.1.in b/ext/phar/phar.1.in
-index 77912b241dfd5..323e77b0e2a3b 100644
---- a/ext/phar/phar.1.in
-+++ b/ext/phar/phar.1.in
-@@ -475,7 +475,15 @@ SHA512
- .TP
- .PD
- .B openssl
--OpenSSL
-+OpenSSL using SHA-1
-+.TP
-+.PD
-+.B openssl_sha256
-+OpenSSL using SHA-256
-+.TP
-+.PD
-+.B openssl_sha512
-+OpenSSL using SHA-512
- 
- .SH SEE ALSO
- For a more or less complete description of PHAR look here:
-diff --git a/ext/phar/phar.c b/ext/phar/phar.c
-index 77f21cef9da53..bc08e4edde05d 100644
---- a/ext/phar/phar.c
-+++ b/ext/phar/phar.c
-@@ -869,6 +869,8 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
- 		PHAR_GET_32(sig_ptr, sig_flags);
- 
- 		switch(sig_flags) {
-+			case PHAR_SIG_OPENSSL_SHA512:
-+			case PHAR_SIG_OPENSSL_SHA256:
- 			case PHAR_SIG_OPENSSL: {
- 				uint32_t signature_len;
- 				char *sig;
-@@ -903,7 +905,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
- 					return FAILURE;
- 				}
- 
--				if (FAILURE == phar_verify_signature(fp, end_of_phar, PHAR_SIG_OPENSSL, sig, signature_len, fname, &signature, &sig_len, error)) {
-+				if (FAILURE == phar_verify_signature(fp, end_of_phar, sig_flags, sig, signature_len, fname, &signature, &sig_len, error)) {
- 					efree(savebuf);
- 					efree(sig);
- 					php_stream_close(fp);
-@@ -3162,7 +3164,9 @@ int phar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int conv
- 
- 				php_stream_write(newfile, digest, digest_len);
- 				efree(digest);
--				if (phar->sig_flags == PHAR_SIG_OPENSSL) {
-+				if (phar->sig_flags == PHAR_SIG_OPENSSL ||
-+					phar->sig_flags == PHAR_SIG_OPENSSL_SHA256 ||
-+					phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
- 					phar_set_32(sig_buf, digest_len);
- 					php_stream_write(newfile, sig_buf, 4);
- 				}
-diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
-index 5f698b4bec26b..1b1eeca59c560 100644
---- a/ext/phar/phar/pharcommand.inc
-+++ b/ext/phar/phar/pharcommand.inc
-@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
-                 'typ' => 'select',
-                 'val' => NULL,
-                 'inf' => '<method> Selects the hash algorithm.',
--                'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
-+                'select' => ['md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL', 'openssl_sha256' => 'OPENSSL_SHA256', 'openssl_sha512' => 'OPENSSL_SHA512']
-             ),
-             'i' => array(
-                 'typ' => 'regex',
-@@ -156,6 +156,8 @@ class PharCommand extends CLICommand
-         $hash_avail = Phar::getSupportedSignatures();
-         $hash_optional = array('SHA-256' => 'SHA256',
-                                'SHA-512' => 'SHA512',
-+                               'OpenSSL_sha256' => 'OpenSSL_SHA256',
-+                               'OpenSSL_sha512' => 'OpenSSL_SHA512',
-                                'OpenSSL' => 'OpenSSL');
-         if (!in_array('OpenSSL', $hash_avail)) {
-             unset($phar_args['y']);
-@@ -429,6 +431,16 @@ class PharCommand extends CLICommand
-                     self::error("Cannot use OpenSSL signing without key.\n");
-                 }
-                 return Phar::OPENSSL;
-+            case 'openssl_sha256':
-+                if (!$privkey) {
-+                    self::error("Cannot use OpenSSL signing without key.\n");
-+                }
-+                return Phar::OPENSSL_SHA256;
-+            case 'openssl_sha512':
-+                if (!$privkey) {
-+                    self::error("Cannot use OpenSSL signing without key.\n");
-+                }
-+                return Phar::OPENSSL_SHA512;
-         }
-     }
-     // }}}
-diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
-index a9f81e2ab994a..30b408a8c4462 100644
---- a/ext/phar/phar_internal.h
-+++ b/ext/phar/phar_internal.h
-@@ -88,6 +88,8 @@
- #define PHAR_SIG_SHA256           0x0003
- #define PHAR_SIG_SHA512           0x0004
- #define PHAR_SIG_OPENSSL          0x0010
-+#define PHAR_SIG_OPENSSL_SHA256   0x0011
-+#define PHAR_SIG_OPENSSL_SHA512   0x0012
- 
- /* flags byte for each file adheres to these bitmasks.
-    All unused values are reserved */
-diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
-index 9c1e5f2fa1eef..c05970e657f18 100644
---- a/ext/phar/phar_object.c
-+++ b/ext/phar/phar_object.c
-@@ -1246,9 +1246,13 @@ PHP_METHOD(Phar, getSupportedSignatures)
- 	add_next_index_stringl(return_value, "SHA-512", 7);
- #ifdef PHAR_HAVE_OPENSSL
- 	add_next_index_stringl(return_value, "OpenSSL", 7);
-+	add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
-+	add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
- #else
- 	if (zend_hash_str_exists(&module_registry, "openssl", sizeof("openssl")-1)) {
- 		add_next_index_stringl(return_value, "OpenSSL", 7);
-+		add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
-+		add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
- 	}
- #endif
- }
-@@ -3028,6 +3032,8 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
- 		case PHAR_SIG_MD5:
- 		case PHAR_SIG_SHA1:
- 		case PHAR_SIG_OPENSSL:
-+		case PHAR_SIG_OPENSSL_SHA256:
-+		case PHAR_SIG_OPENSSL_SHA512:
- 			if (phar_obj->archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->archive))) {
- 				zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" is persistent, unable to copy on write", phar_obj->archive->fname);
- 				RETURN_THROWS();
-@@ -3066,19 +3072,25 @@ PHP_METHOD(Phar, getSignature)
- 		add_assoc_stringl(return_value, "hash", phar_obj->archive->signature, phar_obj->archive->sig_len);
- 		switch(phar_obj->archive->sig_flags) {
- 			case PHAR_SIG_MD5:
--				add_assoc_stringl(return_value, "hash_type", "MD5", 3);
-+				add_assoc_string(return_value, "hash_type", "MD5");
- 				break;
- 			case PHAR_SIG_SHA1:
--				add_assoc_stringl(return_value, "hash_type", "SHA-1", 5);
-+				add_assoc_string(return_value, "hash_type", "SHA-1");
- 				break;
- 			case PHAR_SIG_SHA256:
--				add_assoc_stringl(return_value, "hash_type", "SHA-256", 7);
-+				add_assoc_string(return_value, "hash_type", "SHA-256");
- 				break;
- 			case PHAR_SIG_SHA512:
--				add_assoc_stringl(return_value, "hash_type", "SHA-512", 7);
-+				add_assoc_string(return_value, "hash_type", "SHA-512");
- 				break;
- 			case PHAR_SIG_OPENSSL:
--				add_assoc_stringl(return_value, "hash_type", "OpenSSL", 7);
-+				add_assoc_string(return_value, "hash_type", "OpenSSL");
-+				break;
-+			case PHAR_SIG_OPENSSL_SHA256:
-+				add_assoc_string(return_value, "hash_type", "OpenSSL_SHA256");
-+				break;
-+			case PHAR_SIG_OPENSSL_SHA512:
-+				add_assoc_string(return_value, "hash_type", "OpenSSL_SHA512");
- 				break;
- 			default:
- 				unknown = strpprintf(0, "Unknown (%u)", phar_obj->archive->sig_flags);
-@@ -5103,6 +5115,8 @@ void phar_object_init(void) /* {{{ */
- 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PHPS", PHAR_MIME_PHPS)
- 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "MD5", PHAR_SIG_MD5)
- 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL", PHAR_SIG_OPENSSL)
-+	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA256", PHAR_SIG_OPENSSL_SHA256)
-+	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA512", PHAR_SIG_OPENSSL_SHA512)
- 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA1", PHAR_SIG_SHA1)
- 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA256", PHAR_SIG_SHA256)
- 	REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA512", PHAR_SIG_SHA512)
-diff --git a/ext/phar/tests/phar_get_supported_signatures_002a.phpt b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
-index 06d811f2c35c2..639143b3d2c90 100644
---- a/ext/phar/tests/phar_get_supported_signatures_002a.phpt
-+++ b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
-@@ -14,7 +14,7 @@ phar.readonly=0
- var_dump(Phar::getSupportedSignatures());
- ?>
- --EXPECT--
--array(5) {
-+array(7) {
-   [0]=>
-   string(3) "MD5"
-   [1]=>
-@@ -25,4 +25,8 @@ array(5) {
-   string(7) "SHA-512"
-   [4]=>
-   string(7) "OpenSSL"
-+  [5]=>
-+  string(14) "OpenSSL_SHA256"
-+  [6]=>
-+  string(14) "OpenSSL_SHA512"
- }
-diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-index cc10a241d739b..c2eb5d77a5bf0 100644
---- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
-@@ -38,6 +38,10 @@ $pkey = '';
- openssl_pkey_export($private, $pkey, NULL, $config_arg);
- $p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
- var_dump($p->getSignature());
-+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA512, $pkey);
-+var_dump($p->getSignature());
-+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA256, $pkey);
-+var_dump($p->getSignature());
- } catch (Exception $e) {
- echo $e->getMessage();
- }
-@@ -83,3 +87,15 @@ array(2) {
-   ["hash_type"]=>
-   string(7) "OpenSSL"
- }
-+array(2) {
-+  ["hash"]=>
-+  string(%d) "%s"
-+  ["hash_type"]=>
-+  string(14) "OpenSSL_SHA512"
-+}
-+array(2) {
-+  ["hash"]=>
-+  string(%d) "%s"
-+  ["hash_type"]=>
-+  string(14) "OpenSSL_SHA256"
-+}
-diff --git a/ext/phar/util.c b/ext/phar/util.c
-index 8d2db03b69601..515830bf2c70a 100644
---- a/ext/phar/util.c
-+++ b/ext/phar/util.c
-@@ -34,7 +34,7 @@
- #include <openssl/ssl.h>
- #include <openssl/pkcs12.h>
- #else
--static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len);
-+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type);
- #endif
- 
- /* for links to relative location, prepend cwd of the entry */
-@@ -1381,11 +1381,11 @@ static int phar_hex_str(const char *digest, size_t digest_len, char **signature)
- /* }}} */
- 
- #ifndef PHAR_HAVE_OPENSSL
--static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len) /* {{{ */
-+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type) /* {{{ */
- {
- 	zend_fcall_info fci;
- 	zend_fcall_info_cache fcc;
--	zval retval, zp[3], openssl;
-+	zval retval, zp[4], openssl;
- 	zend_string *str;
- 
- 	ZVAL_STRINGL(&openssl, is_sign ? "openssl_sign" : "openssl_verify", is_sign ? sizeof("openssl_sign")-1 : sizeof("openssl_verify")-1);
-@@ -1402,6 +1402,14 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
- 	} else {
- 		ZVAL_EMPTY_STRING(&zp[0]);
- 	}
-+	if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
-+		ZVAL_LONG(&zp[3], 9); /* value from openssl.c #define OPENSSL_ALGO_SHA512 9 */
-+	} else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
-+		ZVAL_LONG(&zp[3], 7); /* value from openssl.c #define OPENSSL_ALGO_SHA256 7 */
-+	} else {
-+		/* don't rely on default value which may change in the future */
-+		ZVAL_LONG(&zp[3], 1); /* value from openssl.c #define OPENSSL_ALGO_SHA1   1 */
-+	}
- 
- 	if ((size_t)end != Z_STRLEN(zp[0])) {
- 		zval_ptr_dtor_str(&zp[0]);
-@@ -1419,7 +1427,7 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
- 		return FAILURE;
- 	}
- 
--	fci.param_count = 3;
-+	fci.param_count = 4;
- 	fci.params = zp;
- 	Z_ADDREF(zp[0]);
- 	if (is_sign) {
-@@ -1482,12 +1490,22 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
- 	php_stream_rewind(fp);
- 
- 	switch (sig_type) {
-+		case PHAR_SIG_OPENSSL_SHA512:
-+		case PHAR_SIG_OPENSSL_SHA256:
- 		case PHAR_SIG_OPENSSL: {
- #ifdef PHAR_HAVE_OPENSSL
- 			BIO *in;
- 			EVP_PKEY *key;
--			EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
-+			const EVP_MD *mdtype;
- 			EVP_MD_CTX *md_ctx;
-+
-+			if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
-+				mdtype = EVP_sha512();
-+			} else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
-+				mdtype = EVP_sha256();
-+			} else {
-+				mdtype = EVP_sha1();
-+			}
- #else
- 			size_t tempsig;
- #endif
-@@ -1521,7 +1539,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
- #ifndef PHAR_HAVE_OPENSSL
- 			tempsig = sig_len;
- 
--			if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig)) {
-+			if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig, sig_type)) {
- 				if (pubkey) {
- 					zend_string_release_ex(pubkey, 0);
- 				}
-@@ -1815,6 +1833,8 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- 			*signature_length = 32;
- 			break;
- 		}
-+		case PHAR_SIG_OPENSSL_SHA512:
-+		case PHAR_SIG_OPENSSL_SHA256:
- 		case PHAR_SIG_OPENSSL: {
- 			unsigned char *sigbuf;
- #ifdef PHAR_HAVE_OPENSSL
-@@ -1822,6 +1842,15 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- 			BIO *in;
- 			EVP_PKEY *key;
- 			EVP_MD_CTX *md_ctx;
-+			const EVP_MD *mdtype;
-+
-+			if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
-+				mdtype = EVP_sha512();
-+			} else if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA256) {
-+				mdtype = EVP_sha256();
-+			} else {
-+				mdtype = EVP_sha1();
-+			}
- 
- 			in = BIO_new_mem_buf(PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len));
- 
-@@ -1847,7 +1876,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- 			siglen = EVP_PKEY_size(key);
- 			sigbuf = emalloc(siglen + 1);
- 
--			if (!EVP_SignInit(md_ctx, EVP_sha1())) {
-+			if (!EVP_SignInit(md_ctx, mdtype)) {
- 				EVP_PKEY_free(key);
- 				efree(sigbuf);
- 				if (error) {
-@@ -1885,7 +1914,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
- 			siglen = 0;
- 			php_stream_seek(fp, 0, SEEK_END);
- 
--			if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen)) {
-+			if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen, phar->sig_flags)) {
- 				if (error) {
- 					spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
- 				}

SOURCES/php-8.0.10-snmp-sha.patch

@@ -1,143 +0,0 @@
-Backported for 8.0 from
-
-
-From 718e91343fddb8817a004f96f111c424843bf746 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@php.net>
-Date: Wed, 11 Aug 2021 13:02:18 +0200
-Subject: [PATCH] add SHA256 and SHA512 for security protocol
-
----
- ext/snmp/config.m4                            | 18 +++++++++-
- ext/snmp/snmp.c                               | 33 ++++++++++++++++++-
- .../tests/snmp-object-setSecurity_error.phpt  |  2 +-
- ext/snmp/tests/snmp3-error.phpt               |  2 +-
- 4 files changed, 51 insertions(+), 4 deletions(-)
-
-diff --git a/ext/snmp/config.m4 b/ext/snmp/config.m4
-index 1475ddfe2b7f0..f285a572de9cb 100644
---- a/ext/snmp/config.m4
-+++ b/ext/snmp/config.m4
-@@ -30,7 +30,7 @@ if test "$PHP_SNMP" != "no"; then
-         AC_MSG_ERROR([Could not find the required paths. Please check your net-snmp installation.])
-       fi
-     else
--      AC_MSG_ERROR([Net-SNMP version 5.3 or greater reqired (detected $snmp_full_version).])
-+      AC_MSG_ERROR([Net-SNMP version 5.3 or greater required (detected $snmp_full_version).])
-     fi
-   else
-     AC_MSG_ERROR([Could not find net-snmp-config binary. Please check your net-snmp installation.])
-@@ -54,6 +54,22 @@ if test "$PHP_SNMP" != "no"; then
-     $SNMP_SHARED_LIBADD
-   ])
- 
-+  dnl Check whether usmHMAC192SHA256AuthProtocol exists.
-+  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC192SHA256AuthProtocol,
-+  [
-+    AC_DEFINE(HAVE_SNMP_SHA256, 1, [ ])
-+  ], [], [
-+    $SNMP_SHARED_LIBADD
-+  ])
-+
-+  dnl Check whether usmHMAC384SHA512AuthProtocol exists.
-+  PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC384SHA512AuthProtocol,
-+  [
-+    AC_DEFINE(HAVE_SNMP_SHA512, 1, [ ])
-+  ], [], [
-+    $SNMP_SHARED_LIBADD
-+  ])
-+
-   PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared)
-   PHP_SUBST(SNMP_SHARED_LIBADD)
- fi
-diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
-index 69d6549405b17..f0917501751f5 100644
---- a/ext/snmp/snmp.c
-+++ b/ext/snmp/snmp.c
-@@ -29,6 +29,7 @@
- #include "php_snmp.h"
- 
- #include "zend_exceptions.h"
-+#include "zend_smart_string.h"
- #include "ext/spl/spl_exceptions.h"
- #include "snmp_arginfo.h"
- 
-@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot)
- 	if (!strcasecmp(prot, "MD5")) {
- 		s->securityAuthProto = usmHMACMD5AuthProtocol;
- 		s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
--	} else
-+		return 0;
-+	}
- #endif
-+
- 	if (!strcasecmp(prot, "SHA")) {
- 		s->securityAuthProto = usmHMACSHA1AuthProtocol;
- 		s->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
--	} else {
--		zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
--		return (-1);
-+		return 0;
- 	}
--	return (0);
-+
-+#ifdef HAVE_SNMP_SHA256
-+	if (!strcasecmp(prot, "SHA256")) {
-+		s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
-+		s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
-+		return 0;
-+	}
-+#endif
-+
-+#ifdef HAVE_SNMP_SHA512
-+	if (!strcasecmp(prot, "SHA512")) {
-+		s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
-+		s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
-+		return 0;
-+	}
-+#endif
-+
-+	smart_string err = {0};
-+
-+	smart_string_appends(&err, "Authentication protocol must be \"SHA\"");
-+#ifdef HAVE_SNMP_SHA256
-+	smart_string_appends(&err, " or \"SHA256\"");
-+#endif
-+#ifdef HAVE_SNMP_SHA512
-+	smart_string_appends(&err, " or \"SHA512\"");
-+#endif
-+#ifndef DISABLE_MD5
-+	smart_string_appends(&err, " or \"MD5\"");
-+#endif
-+	smart_string_0(&err);
-+	zend_value_error("%s", err.c);
-+	smart_string_free(&err);
-+	return -1;
- }
- /* }}} */
- 
-diff --git a/ext/snmp/tests/snmp-object-setSecurity_error.phpt b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
-index f8de846492a75..cf4f928837773 100644
---- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt
-+++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
-@@ -59,7 +59,7 @@ var_dump($session->close());
- --EXPECTF--
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
--Authentication protocol must be either "MD5" or "SHA"
-+Authentication protocol must be %s
- 
- Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
- bool(false)
-diff --git a/ext/snmp/tests/snmp3-error.phpt b/ext/snmp/tests/snmp3-error.phpt
-index 849e363b45058..389800dad6b28 100644
---- a/ext/snmp/tests/snmp3-error.phpt
-+++ b/ext/snmp/tests/snmp3-error.phpt
-@@ -58,7 +58,7 @@ try {
- Checking error handling
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
- Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
--Authentication protocol must be either "MD5" or "SHA"
-+Authentication protocol must be %s
- 
- Warning: snmp3_get(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
- bool(false)

SOURCES/php-8.0.13-crypt.patch

@@ -1,45 +0,0 @@
-From fc4e31467c352032ee709ac55d3c67bc22abcd8d Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Fri, 15 Oct 2021 17:11:12 +0200
-Subject: [PATCH] add --with-external-libcrypt build option display an error
- message if some algo not available in external libcrypt
-
----
- ext/standard/config.m4 | 21 ++++++++++++++++-----
- 1 file changed, 16 insertions(+), 5 deletions(-)
-
-diff --git a/ext/standard/config.m4 b/ext/standard/config.m4
-index 58b9c5e658a4..3ec18be4d7df 100644
---- a/ext/standard/config.m4
-+++ b/ext/standard/config.m4
-@@ -267,14 +267,25 @@ int main() {
- ])])
- 
- 
-+PHP_ARG_WITH([external-libcrypt],
-+  [for external libcrypt or libxcrypt],
-+  [AS_HELP_STRING([--with-external-libcrypt],
-+    [Use external libcrypt or libxcrypt])],
-+  [no],
-+  [no])
-+
- dnl
- dnl If one of them is missing, use our own implementation, portable code is then possible
- dnl
--dnl TODO This is currently always enabled
--if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || true; then
--  AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
--
--  PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
-+dnl This is currently enabled by default
-+if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
-+  if test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
-+    AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
-+
-+    PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
-+   else
-+    AC_MSG_ERROR([Cannot use external libcrypt as some algo are missing])
-+   fi
- else
-   AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des])
- fi

SOURCES/php-8.0.19-parser.patch

@@ -1,16 +0,0 @@
-diff -up ./build/gen_stub.php.syslib ./build/gen_stub.php
---- ./build/gen_stub.php.syslib	2020-06-25 08:11:51.782046813 +0200
-+++ ./build/gen_stub.php	2020-06-25 08:13:11.188860368 +0200
-@@ -1075,6 +1075,12 @@ function initPhpParser() {
-     }
- 
-     $isInitialized = true;
-+
-+    if (file_exists('/usr/share/php/PhpParser4/autoload.php')) {
-+        require_once '/usr/share/php/PhpParser4/autoload.php';
-+        return;
-+    }
-+
-     $version = "4.13.0";
-     $phpParserDir = __DIR__ . "/PHP-Parser-$version";
-     if (!is_dir($phpParserDir)) {

SOURCES/php-8.0.30.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmTL4VIACgkQ+cOdwLlp
-hUQzrQ//cGopLQ71fiXCM+IYoT7RITJWWeh81fuDpL7bqZblaLRjpoI5I7iUoD10
-seJMLrzRxh72A3yY5GoF+LVBFc8J4MsOTJLXpIVWYheOY+BVLDhQHOFSZpT3JDN5
-UH6q21WS6wobwj3fFzJzHSSo8GDeSQ60D1Vq5t5ZVWb6uvmzf/cctcjlWB/Zp/X+
-hFS6HzrxqM/LBd1IocnTJoLJ2SFCyOS6n9yRJGOW4M3bSqtaTwv1Rd4kTybO0cnF
-7bJ71+RAQJZIRG9sOHF3ZtPx08kR5NKR3Ev/9YmlrBWMXMOZs3NvM1UB7zcJ8Qok
-CbYrVsyoEk8La8oCV6Jm2jjD73XY7QIWKBuZMerTP9Y+FTP2m699gXeoamuizriY
-vWF3j0to67mUY9wWq+4ahfVFdX043mWs2pzvjYTcFcKX0MxFOKMILnAN70a7dKGh
-D45B0PdCezJvRjsbO9ynfBmCuBzWGWeQDIM9UlJatu8ND4dS+dWp6FPqgZY8wQke
-8/P6FZlZ9wBsKvfWyA/xLr3fN71u+C3CLgTIOzYhI12FDyb6Cbxy8cq8ruGF4D5x
-CaSvaOSAXKIPmOhtLgwk2V5jcLlj45cNyFm9PTvqLo3urJFSDXdLJ2Rns5+xjMX9
-tMiJS4N8UvvhhVDSJr2/qvmh6inhsTRHuUdR8dacapnW0AgsN88=
-=Gqmv
------END PGP SIGNATURE-----

SOURCES/php-8.0.6-deprecated.patch

@@ -1,400 +0,0 @@
-From 4dc8b3c0efaae25b08c8f59b068f17c97c59d0ae Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 5 May 2021 15:41:00 +0200
-Subject: [PATCH] get rid of inet_aton and inet_ntoa use inet_ntop iand
- inet_pton where available standardize buffer size
-
----
- ext/sockets/sockaddr_conv.c |  4 ++++
- ext/sockets/sockets.c       | 48 +++++++++++++++++++++++++------------
- ext/standard/dns.c          | 16 ++++++++++++-
- main/network.c              | 20 ++++++++++++++--
- 4 files changed, 70 insertions(+), 18 deletions(-)
-
-diff --git a/ext/sockets/sockaddr_conv.c b/ext/sockets/sockaddr_conv.c
-index 57996612d2d7e..65c8418fb3a6f 100644
---- a/ext/sockets/sockaddr_conv.c
-+++ b/ext/sockets/sockaddr_conv.c
-@@ -87,7 +87,11 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc
- 	struct in_addr tmp;
- 	struct hostent *host_entry;
- 
-+#ifdef HAVE_INET_PTON
-+	if (inet_pton(AF_INET, string, &tmp)) {
-+#else
- 	if (inet_aton(string, &tmp)) {
-+#endif
- 		sin->sin_addr.s_addr = tmp.s_addr;
- 	} else {
- 		if (strlen(string) > MAXFQDNLEN || ! (host_entry = php_network_gethostbyname(string))) {
-diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
-index 16ad3e8013a4c..85c938d1b97b1 100644
---- a/ext/sockets/sockets.c
-+++ b/ext/sockets/sockets.c
-@@ -220,8 +220,10 @@ zend_module_entry sockets_module_entry = {
- ZEND_GET_MODULE(sockets)
- #endif
- 
-+#ifndef HAVE_INET_NTOP
- /* inet_ntop should be used instead of inet_ntoa */
- int inet_ntoa_lock = 0;
-+#endif
- 
- static int php_open_listen_sock(php_socket *sock, int port, int backlog) /* {{{ */
- {
-@@ -1082,10 +1084,12 @@ PHP_FUNCTION(socket_getsockname)
- 	struct sockaddr_in		*sin;
- #if HAVE_IPV6
- 	struct sockaddr_in6		*sin6;
--	char					addr6[INET6_ADDRSTRLEN+1];
-+#endif
-+#ifdef HAVE_INET_NTOP
-+	char					addrbuf[INET6_ADDRSTRLEN];
- #endif
- 	struct sockaddr_un		*s_un;
--	char					*addr_string;
-+	const char				*addr_string;
- 	socklen_t				salen = sizeof(php_sockaddr_storage);
- 
- 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &addr, &port) == FAILURE) {
-@@ -1106,8 +1110,8 @@ PHP_FUNCTION(socket_getsockname)
- #if HAVE_IPV6
- 		case AF_INET6:
- 			sin6 = (struct sockaddr_in6 *) sa;
--			inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
--			ZEND_TRY_ASSIGN_REF_STRING(addr, addr6);
-+			inet_ntop(AF_INET6, &sin6->sin6_addr,  addrbuf, sizeof(addrbuf));
-+			ZEND_TRY_ASSIGN_REF_STRING(addr, addrbuf);
- 
- 			if (port != NULL) {
- 				ZEND_TRY_ASSIGN_REF_LONG(port, htons(sin6->sin6_port));
-@@ -1117,11 +1121,14 @@ PHP_FUNCTION(socket_getsockname)
- #endif
- 		case AF_INET:
- 			sin = (struct sockaddr_in *) sa;
-+#ifdef HAVE_INET_NTOP
-+			addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
-+#else
- 			while (inet_ntoa_lock == 1);
- 			inet_ntoa_lock = 1;
- 			addr_string = inet_ntoa(sin->sin_addr);
- 			inet_ntoa_lock = 0;
--
-+#endif
- 			ZEND_TRY_ASSIGN_REF_STRING(addr, addr_string);
- 
- 			if (port != NULL) {
-@@ -1154,10 +1161,12 @@ PHP_FUNCTION(socket_getpeername)
- 	struct sockaddr_in		*sin;
- #if HAVE_IPV6
- 	struct sockaddr_in6		*sin6;
--	char					addr6[INET6_ADDRSTRLEN+1];
-+#endif
-+#ifdef HAVE_INET_NTOP
-+	char					addrbuf[INET6_ADDRSTRLEN];
- #endif
- 	struct sockaddr_un		*s_un;
--	char					*addr_string;
-+	const char				*addr_string;
- 	socklen_t				salen = sizeof(php_sockaddr_storage);
- 
- 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &arg2, &arg3) == FAILURE) {
-@@ -1178,9 +1187,9 @@ PHP_FUNCTION(socket_getpeername)
- #if HAVE_IPV6
- 		case AF_INET6:
- 			sin6 = (struct sockaddr_in6 *) sa;
--			inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
-+			inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
- 
--			ZEND_TRY_ASSIGN_REF_STRING(arg2, addr6);
-+			ZEND_TRY_ASSIGN_REF_STRING(arg2, addrbuf);
- 
- 			if (arg3 != NULL) {
- 				ZEND_TRY_ASSIGN_REF_LONG(arg3, htons(sin6->sin6_port));
-@@ -1191,11 +1200,14 @@ PHP_FUNCTION(socket_getpeername)
- #endif
- 		case AF_INET:
- 			sin = (struct sockaddr_in *) sa;
-+#ifdef HAVE_INET_NTOP
-+			addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
-+#else
- 			while (inet_ntoa_lock == 1);
- 			inet_ntoa_lock = 1;
- 			addr_string = inet_ntoa(sin->sin_addr);
- 			inet_ntoa_lock = 0;
--
-+#endif
- 			ZEND_TRY_ASSIGN_REF_STRING(arg2, addr_string);
- 
- 			if (arg3 != NULL) {
-@@ -1527,12 +1539,14 @@ PHP_FUNCTION(socket_recvfrom)
- 	struct sockaddr_in	sin;
- #if HAVE_IPV6
- 	struct sockaddr_in6	sin6;
--	char				addr6[INET6_ADDRSTRLEN];
-+#endif
-+#ifdef HAVE_INET_NTOP
-+	char				addrbuf[INET6_ADDRSTRLEN];
- #endif
- 	socklen_t			slen;
- 	int					retval;
- 	zend_long				arg3, arg4;
--	char				*address;
-+	const char			*address;
- 	zend_string			*recv_buf;
- 
- 	if (zend_parse_parameters(ZEND_NUM_ARGS(), "Ozllz|z", &arg1, socket_ce, &arg2, &arg3, &arg4, &arg5, &arg6) == FAILURE) {
-@@ -1590,7 +1604,11 @@ PHP_FUNCTION(socket_recvfrom)
- 			ZSTR_LEN(recv_buf) = retval;
- 			ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
- 
-+#ifdef HAVE_INET_NTOP
-+			address = inet_ntop(AF_INET, &sin.sin_addr, addrbuf, sizeof(addrbuf));
-+#else
- 			address = inet_ntoa(sin.sin_addr);
-+#endif
- 
- 			ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
- 			ZEND_TRY_ASSIGN_REF_STRING(arg5, address ? address : "0.0.0.0");
-@@ -1617,11 +1635,11 @@ PHP_FUNCTION(socket_recvfrom)
- 			ZSTR_LEN(recv_buf) = retval;
- 			ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
- 
--			memset(addr6, 0, INET6_ADDRSTRLEN);
--			inet_ntop(AF_INET6, &sin6.sin6_addr, addr6, INET6_ADDRSTRLEN);
-+			memset(addrbuf, 0, INET6_ADDRSTRLEN);
-+			inet_ntop(AF_INET6, &sin6.sin6_addr,  addrbuf, sizeof(addrbuf));
- 
- 			ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
--			ZEND_TRY_ASSIGN_REF_STRING(arg5, addr6[0] ? addr6 : "::");
-+			ZEND_TRY_ASSIGN_REF_STRING(arg5, addrbuf[0] ? addrbuf : "::");
- 			ZEND_TRY_ASSIGN_REF_LONG(arg6, ntohs(sin6.sin6_port));
- 			break;
- #endif
-diff --git a/ext/standard/dns.c b/ext/standard/dns.c
-index 41b98424edb60..6efdbbe894b46 100644
---- a/ext/standard/dns.c
-+++ b/ext/standard/dns.c
-@@ -228,6 +228,9 @@ PHP_FUNCTION(gethostbynamel)
- 	struct hostent *hp;
- 	struct in_addr in;
- 	int i;
-+#ifdef HAVE_INET_NTOP
-+	char addr4[INET_ADDRSTRLEN];
-+#endif
- 
- 	ZEND_PARSE_PARAMETERS_START(1, 1)
- 		Z_PARAM_PATH(hostname, hostname_len)
-@@ -255,7 +258,11 @@ PHP_FUNCTION(gethostbynamel)
- 		}
- 
- 		in = *h_addr_entry;
-+#ifdef HAVE_INET_NTOP
-+		add_next_index_string(return_value, inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN));
-+#else
- 		add_next_index_string(return_value, inet_ntoa(in));
-+#endif
- 	}
- }
- /* }}} */
-@@ -266,7 +273,10 @@ static zend_string *php_gethostbyname(char *name)
- 	struct hostent *hp;
- 	struct in_addr *h_addr_0; /* Don't call this h_addr, it's a macro! */
- 	struct in_addr in;
--	char *address;
-+#ifdef HAVE_INET_NTOP
-+	char addr4[INET_ADDRSTRLEN];
-+#endif
-+	const char *address;
- 
- 	hp = php_network_gethostbyname(name);
- 	if (!hp) {
-@@ -281,7 +291,11 @@ static zend_string *php_gethostbyname(char *name)
- 
- 	memcpy(&in.s_addr, h_addr_0, sizeof(in.s_addr));
- 
-+#ifdef HAVE_INET_NTOP
-+	address = inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN);
-+#else
- 	address = inet_ntoa(in);
-+#endif
- 	return zend_string_init(address, strlen(address), 0);
- }
- /* }}} */
-diff --git a/main/network.c b/main/network.c
-index 2c504952b2dd1..7f2f714ec42df 100644
---- a/main/network.c
-+++ b/main/network.c
-@@ -236,8 +236,12 @@ PHPAPI int php_network_getaddresses(const char *host, int socktype, struct socka
- 	} while ((sai = sai->ai_next) != NULL);
- 
- 	freeaddrinfo(res);
-+#else
-+#ifdef HAVE_INET_PTON
-+	if (!inet_pton(AF_INET, host, &in)) {
- #else
- 	if (!inet_aton(host, &in)) {
-+#endif
- 		if(strlen(host) > MAXFQDNLEN) {
- 			host_info = NULL;
- 			errno = E2BIG;
-@@ -555,7 +559,11 @@ PHPAPI int php_network_parse_network_address_with_port(const char *addr, zend_lo
- 		goto out;
- 	}
- #endif
-+#ifdef HAVE_INET_PTON
-+	if (inet_pton(AF_INET, tmp, &in4->sin_addr) > 0) {
-+#else
- 	if (inet_aton(tmp, &in4->sin_addr) > 0) {
-+#endif
- 		in4->sin_port = htons(port);
- 		in4->sin_family = AF_INET;
- 		*sl = sizeof(struct sockaddr_in);
-@@ -617,15 +625,19 @@ PHPAPI void php_network_populate_name_from_sockaddr(
- 	}
- 
- 	if (textaddr) {
--#if HAVE_IPV6 && HAVE_INET_NTOP
-+#ifdef HAVE_INET_NTOP
- 		char abuf[256];
- #endif
--		char *buf = NULL;
-+		const char *buf = NULL;
- 
- 		switch (sa->sa_family) {
- 			case AF_INET:
- 				/* generally not thread safe, but it *is* thread safe under win32 */
-+#ifdef HAVE_INET_NTOP
-+				buf = inet_ntop(AF_INET, &((struct sockaddr_in*)sa)->sin_addr, (char *)&abuf, sizeof(abuf));
-+#else
- 				buf = inet_ntoa(((struct sockaddr_in*)sa)->sin_addr);
-+#endif
- 				if (buf) {
- 					*textaddr = strpprintf(0, "%s:%d",
- 						buf, ntohs(((struct sockaddr_in*)sa)->sin_port));
-@@ -862,7 +874,11 @@ php_socket_t php_network_connect_socket_to_host(const char *host, unsigned short
- 
- 					in4->sin_family = sa->sa_family;
- 					in4->sin_port = htons(bindport);
-+#ifdef HAVE_INET_PTON
-+					if (!inet_pton(AF_INET, bindto, &in4->sin_addr)) {
-+#else
- 					if (!inet_aton(bindto, &in4->sin_addr)) {
-+#endif
- 						php_error_docref(NULL, E_WARNING, "Invalid IP Address: %s", bindto);
- 						goto skip_bind;
- 					}
-From e5b6f43ec7813392d83ea586b7902e0396a1f792 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 6 May 2021 14:21:29 +0200
-Subject: [PATCH] get rid of inet_addr usage
-
----
- main/fastcgi.c            | 4 ++++
- sapi/litespeed/lsapilib.c | 4 ++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/main/fastcgi.c b/main/fastcgi.c
-index 071f69d3a7f0..c936d42405de 100644
---- a/main/fastcgi.c
-+++ b/main/fastcgi.c
-@@ -688,8 +688,12 @@ int fcgi_listen(const char *path, int backlog)
- 		if (!*host || !strncmp(host, "*", sizeof("*")-1)) {
- 			sa.sa_inet.sin_addr.s_addr = htonl(INADDR_ANY);
- 		} else {
-+#ifdef HAVE_INET_PTON
-+			if (!inet_pton(AF_INET, host, &sa.sa_inet.sin_addr)) {
-+#else
- 			sa.sa_inet.sin_addr.s_addr = inet_addr(host);
- 			if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
-+#endif
- 				struct hostent *hep;
- 
- 				if(strlen(host) > MAXFQDNLEN) {
-diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
-index a72b5dc1b988..305f3326a682 100644
---- a/sapi/litespeed/lsapilib.c
-+++ b/sapi/litespeed/lsapilib.c
-@@ -2672,8 +2672,12 @@ int LSAPI_ParseSockAddr( const char * pBind, struct sockaddr * pAddr )
-             ((struct sockaddr_in *)pAddr)->sin_addr.s_addr = htonl( INADDR_LOOPBACK );
-         else
-         {
-+#ifdef HAVE_INET_PTON
-+            if (!inet_pton(AF_INET, p, &((struct sockaddr_in *)pAddr)->sin_addr))
-+#else
-             ((struct sockaddr_in *)pAddr)->sin_addr.s_addr = inet_addr( p );
-             if ( ((struct sockaddr_in *)pAddr)->sin_addr.s_addr == INADDR_BROADCAST)
-+#endif
-             {
-                 doAddrInfo = 1;
-             }
-From 99d67d121acd4c324738509679d23acaf759d065 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 6 May 2021 16:35:48 +0200
-Subject: [PATCH] use getnameinfo instead of gethostbyaddr
-
----
- ext/standard/dns.c | 34 ++++++++++++++++++++++------------
- 1 file changed, 22 insertions(+), 12 deletions(-)
-
-diff --git a/ext/standard/dns.c b/ext/standard/dns.c
-index edd9a4549f5c..540c777faaba 100644
---- a/ext/standard/dns.c
-+++ b/ext/standard/dns.c
-@@ -169,20 +169,30 @@ PHP_FUNCTION(gethostbyaddr)
- static zend_string *php_gethostbyaddr(char *ip)
- {
- #if HAVE_IPV6 && HAVE_INET_PTON
--	struct in6_addr addr6;
--#endif
--	struct in_addr addr;
--	struct hostent *hp;
-+	struct sockaddr_in sa4;
-+	struct sockaddr_in6 sa6;
-+	char out[NI_MAXHOST];
- 
--#if HAVE_IPV6 && HAVE_INET_PTON
--	if (inet_pton(AF_INET6, ip, &addr6)) {
--		hp = gethostbyaddr((char *) &addr6, sizeof(addr6), AF_INET6);
--	} else if (inet_pton(AF_INET, ip, &addr)) {
--		hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
--	} else {
--		return NULL;
-+	if (inet_pton(AF_INET6, ip, &sa6.sin6_addr)) {
-+		sa6.sin6_family = AF_INET6;
-+
-+		if (getnameinfo((struct sockaddr *)&sa6, sizeof(sa6), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
-+			return zend_string_init(ip, strlen(ip), 0);
-+		}
-+		return zend_string_init(out, strlen(out), 0);
-+	} else if (inet_pton(AF_INET, ip, &sa4.sin_addr)) {
-+		sa4.sin_family = AF_INET;
-+
-+		if (getnameinfo((struct sockaddr *)&sa4, sizeof(sa4), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
-+			return zend_string_init(ip, strlen(ip), 0);
-+		}
-+		return zend_string_init(out, strlen(out), 0);
- 	}
-+	return NULL; /* not a valid IP */
- #else
-+	struct in_addr addr;
-+	struct hostent *hp;
-+
- 	addr.s_addr = inet_addr(ip);
- 
- 	if (addr.s_addr == -1) {
-@@ -190,13 +200,13 @@ static zend_string *php_gethostbyaddr(char *ip)
- 	}
- 
- 	hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
--#endif
- 
- 	if (!hp || hp->h_name == NULL || hp->h_name[0] == '\0') {
- 		return zend_string_init(ip, strlen(ip), 0);
- 	}
- 
- 	return zend_string_init(hp->h_name, strlen(hp->h_name), 0);
-+#endif
- }
- /* }}} */
- 

SOURCES/php-cve-2024-11234.patch

@@ -1,118 +0,0 @@
-From bc1f192102dd8cbda028e40aa31604c4885d387c Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Fri, 8 Nov 2024 23:43:47 +0100
-Subject: [PATCH 3/8] Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF
- injection
-
-(cherry picked from commit 426a6d4539ebee34879ac5de857036bb6ff0e732)
----
- ext/standard/http_fopen_wrapper.c             | 18 ++++++++----
- .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt       | 28 +++++++++++++++++++
- 2 files changed, 40 insertions(+), 6 deletions(-)
- create mode 100644 ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt
-
-diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
-index 45677c396ac..6859a4e5181 100644
---- a/ext/standard/http_fopen_wrapper.c
-+++ b/ext/standard/http_fopen_wrapper.c
-@@ -184,6 +184,11 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
- 			return NULL;
- 		}
- 
-+		/* Should we send the entire path in the request line, default to no. */
-+		if (context && (tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) {
-+			request_fulluri = zend_is_true(tmpzval);
-+		}
-+
- 		use_ssl = resource->scheme && (ZSTR_LEN(resource->scheme) > 4) && ZSTR_VAL(resource->scheme)[4] == 's';
- 		/* choose default ports */
- 		if (use_ssl && resource->port == 0)
-@@ -203,6 +208,13 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
- 		}
- 	}
- 
-+	if (request_fulluri && (strchr(path, '\n') != NULL || strchr(path, '\r') != NULL)) {
-+		php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper full URI path does not allow CR or LF characters");
-+		php_url_free(resource);
-+		zend_string_release(transport_string);
-+		return NULL;
-+	}
-+
- 	if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) {
- 		double d = zval_get_double(tmpzval);
- #ifndef PHP_WIN32
-@@ -383,12 +395,6 @@ finish:
- 		smart_str_appends(&req_buf, "GET ");
- 	}
- 
--	/* Should we send the entire path in the request line, default to no. */
--	if (!request_fulluri && context &&
--		(tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) {
--		request_fulluri = zend_is_true(tmpzval);
--	}
--
- 	if (request_fulluri) {
- 		/* Ask for everything */
- 		smart_str_appends(&req_buf, path);
-diff --git a/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt b/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt
-new file mode 100644
-index 00000000000..e7dd194dbbe
---- /dev/null
-+++ b/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt
-@@ -0,0 +1,28 @@
-+--TEST--
-+GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs)
-+--INI--
-+allow_url_fopen=1
-+--CONFLICTS--
-+server
-+--FILE--
-+<?php
-+$serverCode = <<<'CODE'
-+echo $_SERVER['REQUEST_URI'];
-+CODE;
-+
-+include __DIR__."/../../../../sapi/cli/tests/php_cli_server.inc";
-+php_cli_server_start($serverCode, null, []);
-+
-+$host = PHP_CLI_SERVER_ADDRESS;
-+$userinput = "index.php HTTP/1.1\r\nHost: $host\r\n\r\nGET /index2.php HTTP/1.1\r\nHost: $host\r\n\r\nGET /index.php";
-+$context = stream_context_create(['http' => ['proxy' => 'tcp://' . $host, 'request_fulluri' => true]]);
-+echo file_get_contents("http://$host/$userinput", false, $context);
-+?>
-+--EXPECTF--
-+Warning: file_get_contents(http://localhost:%d/index.php HTTP/1.1
-+Host: localhost:%d
-+
-+GET /index2.php HTTP/1.1
-+Host: localhost:%d
-+
-+GET /index.php): Failed to open stream: HTTP wrapper full URI path does not allow CR or LF characters in %s on line %d
--- 
-2.47.0
-
-From 8d130e16fbfda7d154fedfa0f1ff1d5ad5e26815 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Fri, 22 Nov 2024 09:41:12 +0100
-Subject: [PATCH 8/8] fix transport_string release
-
----
- ext/standard/http_fopen_wrapper.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c
-index 6859a4e5181..40e6f3dd4c3 100644
---- a/ext/standard/http_fopen_wrapper.c
-+++ b/ext/standard/http_fopen_wrapper.c
-@@ -211,7 +211,7 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper,
- 	if (request_fulluri && (strchr(path, '\n') != NULL || strchr(path, '\r') != NULL)) {
- 		php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper full URI path does not allow CR or LF characters");
- 		php_url_free(resource);
--		zend_string_release(transport_string);
-+		efree(transport_string);
- 		return NULL;
- 	}
- 
--- 
-2.47.0
-

SOURCES/php-cve-2024-11236.patch

@@ -1,117 +0,0 @@
-From 5d9e54065ed18c51e4f25d8900635f90810c7394 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Thu, 24 Oct 2024 22:02:17 +0200
-Subject: [PATCH 1/8] Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib
- quoter causing OOB writes
-
-(cherry picked from commit d9baa9fed8c3ba692a36b388c0c7762e5102e2e0)
----
- ext/pdo_dblib/dblib_driver.c                 |  8 ++++++-
- ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt | 24 ++++++++++++++++++++
- 2 files changed, 31 insertions(+), 1 deletion(-)
- create mode 100644 ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt
-
-diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c
-index 7f160a402f7..d7d0901ea1a 100644
---- a/ext/pdo_dblib/dblib_driver.c
-+++ b/ext/pdo_dblib/dblib_driver.c
-@@ -152,6 +152,7 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu
- 
- 	size_t i;
- 	char * q;
-+	size_t extralen = 0;
- 	*quotedlen = 0;
- 
- 	if (H->assume_national_character_set_strings) {
-@@ -166,7 +167,7 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu
- 
- 	/* Detect quoted length, adding extra char for doubled single quotes */
- 	for (i = 0; i < unquotedlen; i++) {
--		if (unquoted[i] == '\'') ++*quotedlen;
-+		if (unquoted[i] == '\'') ++extralen;
- 		++*quotedlen;
- 	}
- 
-@@ -174,6 +175,11 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu
- 	if (use_national_character_set) {
- 		++*quotedlen; /* N prefix */
- 	}
-+	if (UNEXPECTED(*quotedlen > ZSTR_MAX_LEN - extralen)) {
-+		return 0;
-+	}
-+
-+	*quotedlen += extralen;
- 	q = *quoted = emalloc(*quotedlen + 1); /* Add byte for terminal null */
- 	if (use_national_character_set) {
- 		*q++ = 'N';
-diff --git a/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt b/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt
-new file mode 100644
-index 00000000000..431c61951ee
---- /dev/null
-+++ b/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt
-@@ -0,0 +1,24 @@
-+--TEST--
-+GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes)
-+--EXTENSIONS--
-+pdo_dblib
-+--SKIPIF--
-+<?php
-+if (PHP_INT_SIZE != 4) die("skip for 32bit platforms only");
-+if (PHP_OS_FAMILY === "Windows") die("skip not for Windows because the virtual address space for application is only 2GiB");
-+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
-+require __DIR__ . '/config.inc';
-+getDbConnection();
-+?>
-+--INI--
-+memory_limit=-1
-+--FILE--
-+<?php
-+
-+require __DIR__ . '/config.inc';
-+$db = getDbConnection();
-+var_dump($db->quote(str_repeat("'", 2147483646)));
-+
-+?>
-+--EXPECT--
-+bool(false)
--- 
-2.47.0
-
-From b4f73be75dbdde970a18cc7a636898b10400fb3f Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Thu, 24 Oct 2024 22:02:36 +0200
-Subject: [PATCH 2/8] Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird
- quoter causing OOB writes
-
-(cherry picked from commit 69c5f68fdc3deed9ebce2cc44b4bf5e0c47cd28f)
----
- ext/pdo_firebird/firebird_driver.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c
-index e0a424c56ab..fb697978503 100644
---- a/ext/pdo_firebird/firebird_driver.c
-+++ b/ext/pdo_firebird/firebird_driver.c
-@@ -663,7 +663,7 @@ free_statement:
- static int firebird_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, /* {{{ */
- 	char **quoted, size_t *quotedlen, enum pdo_param_type paramtype)
- {
--	int qcount = 0;
-+	size_t qcount = 0;
- 	char const *co, *l, *r;
- 	char *c;
- 
-@@ -678,6 +678,10 @@ static int firebird_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t u
- 	/* count the number of ' characters */
- 	for (co = unquoted; (co = strchr(co,'\'')); qcount++, co++);
- 
-+	if (UNEXPECTED(unquotedlen + 2 > ZSTR_MAX_LEN - qcount)) {
-+		return 0;
-+	}
-+
- 	*quotedlen = unquotedlen + qcount + 2;
- 	*quoted = c = emalloc(*quotedlen+1);
- 	*c++ = '\'';
--- 
-2.47.0
-

SOURCES/php-cve-2024-2756.patch

@@ -1,191 +0,0 @@
-From 2e07a3acd7a6b53c55325b94bed97748d7697b53 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Sun, 17 Mar 2024 21:04:47 +0100
-Subject: [PATCH 1/4] Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass
- due to partial CVE-2022-31629 fix
-
-The check happened too early as later code paths may perform more
-mangling rules. Move the check downwards right before adding the actual
-variable.
-
-(cherry picked from commit 093c08af25fb323efa0c8e6154aa9fdeae3d3b53)
----
- ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt | 63 +++++++++++++++++++++
- main/php_variables.c                        | 41 +++++++++-----
- 2 files changed, 90 insertions(+), 14 deletions(-)
- create mode 100644 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
-
-diff --git a/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
-new file mode 100644
-index 00000000000..77fcb680894
---- /dev/null
-+++ b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt
-@@ -0,0 +1,63 @@
-+--TEST--
-+ghsa-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix)
-+--COOKIE--
-+..Host-test=ignore_1;
-+._Host-test=ignore_2;
-+.[Host-test=ignore_3;
-+_.Host-test=ignore_4;
-+__Host-test=ignore_5;
-+_[Host-test=ignore_6;
-+[.Host-test=ignore_7;
-+[_Host-test=ignore_8;
-+[[Host-test=ignore_9;
-+..Host-test[]=ignore_10;
-+._Host-test[]=ignore_11;
-+.[Host-test[]=ignore_12;
-+_.Host-test[]=ignore_13;
-+__Host-test[]=legitimate_14;
-+_[Host-test[]=legitimate_15;
-+[.Host-test[]=ignore_16;
-+[_Host-test[]=ignore_17;
-+[[Host-test[]=ignore_18;
-+..Secure-test=ignore_1;
-+._Secure-test=ignore_2;
-+.[Secure-test=ignore_3;
-+_.Secure-test=ignore_4;
-+__Secure-test=ignore_5;
-+_[Secure-test=ignore_6;
-+[.Secure-test=ignore_7;
-+[_Secure-test=ignore_8;
-+[[Secure-test=ignore_9;
-+..Secure-test[]=ignore_10;
-+._Secure-test[]=ignore_11;
-+.[Secure-test[]=ignore_12;
-+_.Secure-test[]=ignore_13;
-+__Secure-test[]=legitimate_14;
-+_[Secure-test[]=legitimate_15;
-+[.Secure-test[]=ignore_16;
-+[_Secure-test[]=ignore_17;
-+[[Secure-test[]=ignore_18;
-+--FILE--
-+<?php
-+var_dump($_COOKIE);
-+?>
-+--EXPECT--
-+array(3) {
-+  ["__Host-test"]=>
-+  array(1) {
-+    [0]=>
-+    string(13) "legitimate_14"
-+  }
-+  ["_"]=>
-+  array(2) {
-+    ["Host-test["]=>
-+    string(13) "legitimate_15"
-+    ["Secure-test["]=>
-+    string(13) "legitimate_15"
-+  }
-+  ["__Secure-test"]=>
-+  array(1) {
-+    [0]=>
-+    string(13) "legitimate_14"
-+  }
-+}
-diff --git a/main/php_variables.c b/main/php_variables.c
-index 27a9ad089e7..dc888bdfc64 100644
---- a/main/php_variables.c
-+++ b/main/php_variables.c
-@@ -54,6 +54,21 @@ static zend_always_inline void php_register_variable_quick(const char *name, siz
- 	zend_string_release_ex(key, 0);
- }
- 
-+/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host-
-+ * Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
-+static bool php_is_forbidden_variable_name(const char *mangled_name, size_t mangled_name_len, const char *pre_mangled_name)
-+{
-+	if (mangled_name_len >= sizeof("__Host-")-1 && strncmp(mangled_name, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(pre_mangled_name, "__Host-", sizeof("__Host-")-1) != 0) {
-+		return true;
-+	}
-+
-+	if (mangled_name_len >= sizeof("__Secure-")-1 && strncmp(mangled_name, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(pre_mangled_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
-+		return true;
-+	}
-+
-+	return false;
-+}
-+
- PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *track_vars_array)
- {
- 	char *p = NULL;
-@@ -104,20 +119,6 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
- 	}
- 	var_len = p - var;
- 
--	/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */
--	if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) {
--		zval_ptr_dtor_nogc(val);
--		free_alloca(var_orig, use_heap);
--		return;
--	}
--
--	/* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */
--	if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) {
--		zval_ptr_dtor_nogc(val);
--		free_alloca(var_orig, use_heap);
--		return;
--	}
--
- 	if (var_len==0) { /* empty variable name, or variable name with a space in it */
- 		zval_ptr_dtor_nogc(val);
- 		free_alloca(var_orig, use_heap);
-@@ -221,6 +222,12 @@ PHPAPI void php_register_variable_ex(const char *var_name, zval *val, zval *trac
- 					return;
- 				}
- 			} else {
-+				if (php_is_forbidden_variable_name(index, index_len, var_name)) {
-+					zval_ptr_dtor_nogc(val);
-+					free_alloca(var_orig, use_heap);
-+					return;
-+				}
-+
- 				gpc_element_p = zend_symtable_str_find(symtable1, index, index_len);
- 				if (!gpc_element_p) {
- 					zval tmp;
-@@ -258,6 +265,12 @@ plain_var:
- 				zval_ptr_dtor_nogc(val);
- 			}
- 		} else {
-+			if (php_is_forbidden_variable_name(index, index_len, var_name)) {
-+				zval_ptr_dtor_nogc(val);
-+				free_alloca(var_orig, use_heap);
-+				return;
-+			}
-+
- 			zend_ulong idx;
- 
- 			/*
--- 
-2.44.0
-
-From 366cc249b7d54707572beb7096e8f6c65ee79719 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 10 Apr 2024 08:59:32 +0200
-Subject: [PATCH 2/4] NEWS
-
----
- NEWS | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 8147a7e517c..14fda3a58b9 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,5 +1,12 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
-+
-+Backported from 8.1.28
-+
-+- Standard:
-+  . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
-+    partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
-+
- 03 Aug 2023, PHP 8.0.30
- 
- - Libxml:
--- 
-2.44.0
-

SOURCES/php-cve-2024-3096.patch

@@ -1,77 +0,0 @@
-From 81794c73068d9a44bf109bbcc9793e7b56a1c051 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Fri, 29 Mar 2024 15:27:59 +0000
-Subject: [PATCH 3/4] Fix bug GHSA-q6x7-frmf-grcw: password_verify can
- erroneously return true
-
-Disallow null character in bcrypt password
-
-(cherry picked from commit 0ba5229a3f7572846e91c8f5382e87785f543826)
----
- ext/standard/password.c                                 | 5 +++++
- ext/standard/tests/password/password_bcrypt_errors.phpt | 7 +++++++
- 2 files changed, 12 insertions(+)
-
-diff --git a/ext/standard/password.c b/ext/standard/password.c
-index fb29e7bbba4..40117983f70 100644
---- a/ext/standard/password.c
-+++ b/ext/standard/password.c
-@@ -184,6 +184,11 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a
- 	zval *zcost;
- 	zend_long cost = PHP_PASSWORD_BCRYPT_COST;
- 
-+	if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) {
-+		zend_value_error("Bcrypt password must not contain null character");
-+		return NULL;
-+	}
-+
- 	if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) {
- 		cost = zval_get_long(zcost);
- 	}
-diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt
-index 10c3483f5a8..5d823cba021 100644
---- a/ext/standard/tests/password/password_bcrypt_errors.phpt
-+++ b/ext/standard/tests/password/password_bcrypt_errors.phpt
-@@ -14,7 +14,14 @@ try {
- } catch (ValueError $exception) {
-     echo $exception->getMessage() . "\n";
- }
-+
-+try {
-+    var_dump(password_hash("null\0password", PASSWORD_BCRYPT));
-+} catch (ValueError $e) {
-+    echo $e->getMessage(), "\n";
-+}
- ?>
- --EXPECT--
- Invalid bcrypt cost parameter specified: 3
- Invalid bcrypt cost parameter specified: 32
-+Bcrypt password must not contain null character
--- 
-2.44.0
-
-From 24f77904ee2259d722559f129f96a1f145a2367b Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Wed, 10 Apr 2024 09:01:09 +0200
-Subject: [PATCH 4/4] NEWS
-
----
- NEWS | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 14fda3a58b9..8b4801d707e 100644
---- a/NEWS
-+++ b/NEWS
-@@ -6,6 +6,8 @@ Backported from 8.1.28
- - Standard:
-   . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
-     partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
-+  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
-+    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
- 
- 03 Aug 2023, PHP 8.0.30
- 
--- 
-2.44.0
-

SOURCES/php-cve-2024-5458.patch

@@ -1,177 +0,0 @@
-From 4066610b47e22c24cbee91be434a94357056a479 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Wed, 22 May 2024 22:25:02 +0200
-Subject: [PATCH 1/2] Fix GHSA-w8qr-v226-r27w
-
-We should not early-out with success status if we found an ipv6
-hostname, we should keep checking the rest of the conditions.
-Because integrating the if-check of the ipv6 hostname in the
-"Validate domain" if-check made the code hard to read, I extracted the
-condition out to a separate function. This also required to make
-a few pointers const in order to have some clean code.
----
- ext/filter/logical_filters.c              | 35 ++++++++++---------
- ext/filter/tests/ghsa-w8qr-v226-r27w.phpt | 41 +++++++++++++++++++++++
- 2 files changed, 61 insertions(+), 15 deletions(-)
- create mode 100644 ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
-
-diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
-index ad011568aac..300c6e2809c 100644
---- a/ext/filter/logical_filters.c
-+++ b/ext/filter/logical_filters.c
-@@ -89,7 +89,7 @@
- #define FORMAT_IPV4    4
- #define FORMAT_IPV6    6
- 
--static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]);
-+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]);
- 
- static int php_filter_parse_int(const char *str, size_t str_len, zend_long *ret) { /* {{{ */
- 	zend_long ctx_value;
-@@ -572,6 +572,14 @@ static int is_userinfo_valid(zend_string *str)
- 	return 1;
- }
- 
-+static bool php_filter_is_valid_ipv6_hostname(const char *s, size_t l)
-+{
-+	const char *e = s + l;
-+	const char *t = e - 1;
-+
-+	return *s == '[' && *t == ']' && _php_filter_validate_ipv6(s + 1, l - 2, NULL);
-+}
-+
- void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- {
- 	php_url *url;
-@@ -592,7 +600,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- 
- 	if (url->scheme != NULL &&
- 		(zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) {
--		char *e, *s, *t;
-+		const char *s;
- 		size_t l;
- 
- 		if (url->host == NULL) {
-@@ -601,17 +609,14 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
- 
- 		s = ZSTR_VAL(url->host);
- 		l = ZSTR_LEN(url->host);
--		e = s + l;
--		t = e - 1;
--
--		/* An IPv6 enclosed by square brackets is a valid hostname */
--		if (*s == '[' && *t == ']' && _php_filter_validate_ipv6((s + 1), l - 2, NULL)) {
--			php_url_free(url);
--			return;
--		}
- 
--		// Validate domain
--		if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) {
-+		if (
-+			/* An IPv6 enclosed by square brackets is a valid hostname.*/
-+			!php_filter_is_valid_ipv6_hostname(s, l) &&
-+			/* Validate domain.
-+			 * This includes a loose check for an IPv4 address. */
-+			!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)
-+		) {
- 			php_url_free(url);
- 			RETURN_VALIDATION_FAILED
- 		}
-@@ -745,15 +750,15 @@ static int _php_filter_validate_ipv4(char *str, size_t str_len, int *ip) /* {{{
- }
- /* }}} */
- 
--static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]) /* {{{ */
-+static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]) /* {{{ */
- {
- 	int compressed_pos = -1;
- 	int blocks = 0;
- 	int num, n, i;
- 	char *ipv4;
--	char *end;
-+	const char *end;
- 	int ip4elm[4];
--	char *s = str;
-+	const char *s = str;
- 
- 	if (!memchr(str, ':', str_len)) {
- 		return 0;
-diff --git a/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
-new file mode 100644
-index 00000000000..0092408ee5a
---- /dev/null
-+++ b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt
-@@ -0,0 +1,41 @@
-+--TEST--
-+GHSA-w8qr-v226-r27w
-+--EXTENSIONS--
-+filter
-+--FILE--
-+<?php
-+
-+function test(string $input) {
-+    var_dump(filter_var($input, FILTER_VALIDATE_URL));
-+}
-+
-+echo "--- These ones should fail ---\n";
-+test("http://t[est@127.0.0.1");
-+test("http://t[est@[::1]");
-+test("http://t[est@[::1");
-+test("http://t[est@::1]");
-+test("http://php.net\\@aliyun.com/aaa.do");
-+test("http://test[@2001:db8:3333:4444:5555:6666:1.2.3.4]");
-+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4]");
-+test("http://te[st@2001:db8:3333:4444:5555:6666:1.2.3.4");
-+
-+echo "--- These ones should work ---\n";
-+test("http://test@127.0.0.1");
-+test("http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]");
-+test("http://test@[::1]");
-+
-+?>
-+--EXPECT--
-+--- These ones should fail ---
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+bool(false)
-+--- These ones should work ---
-+string(21) "http://test@127.0.0.1"
-+string(50) "http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]"
-+string(17) "http://test@[::1]"
--- 
-2.45.1
-
-From a1ff81b786bd519597e770795be114f5171f0648 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Tue, 4 Jun 2024 16:48:08 +0200
-Subject: [PATCH 2/2] NEWS
-
----
- NEWS | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 1300609f189..7a9b6bdae18 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,12 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.1.29
-+
-+- Filter:
-+  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
-+    (CVE-2024-5458) (nielsdos)
-+
- Backported from 8.1.28
- 
- - Standard:
--- 
-2.45.1
-

SOURCES/php-cve-2024-8925.patch

@@ -1,188 +0,0 @@
-From 2b0daf421c162376892832588eccdfa9a286ed09 Mon Sep 17 00:00:00 2001
-From: Arnaud Le Blanc <arnaud.lb@gmail.com>
-Date: Mon, 9 Sep 2024 15:22:07 +0200
-Subject: [PATCH 3/8] Fix GHSA-9pqp-7h25-4f32
-
-multipart/form-data boundaries larger than the read buffer result in erroneous
-parsing, which violates data integrity.
-
-Limit boundary size, as allowed by RFC 1521:
-
-    Encapsulation boundaries [...] must be no longer than 70 characters, not
-    counting the two leading hyphens.
-
-We correctly parse payloads with boundaries of length up to
-FILLUNIT-strlen("\r\n--") bytes, so allow this for BC.
-
-(cherry picked from commit 19b49258d0c5a61398d395d8afde1123e8d161e0)
----
- main/rfc1867.c                       |   7 ++
- tests/basic/GHSA-9pqp-7h25-4f32.inc  |   3 +
- tests/basic/GHSA-9pqp-7h25-4f32.phpt | 100 +++++++++++++++++++++++++++
- 3 files changed, 110 insertions(+)
- create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.inc
- create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.phpt
-
-diff --git a/main/rfc1867.c b/main/rfc1867.c
-index 3086e8da3db..eafe6a67d2e 100644
---- a/main/rfc1867.c
-+++ b/main/rfc1867.c
-@@ -752,6 +752,13 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */
- 		boundary_len = boundary_end-boundary;
- 	}
- 
-+	/* Boundaries larger than FILLUNIT-strlen("\r\n--") characters lead to
-+	 * erroneous parsing */
-+	if (boundary_len > FILLUNIT-strlen("\r\n--")) {
-+		sapi_module.sapi_error(E_WARNING, "Boundary too large in multipart/form-data POST data");
-+		return;
-+	}
-+
- 	/* Initialize the buffer */
- 	if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) {
- 		sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer");
-diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.inc b/tests/basic/GHSA-9pqp-7h25-4f32.inc
-new file mode 100644
-index 00000000000..adf72a361a2
---- /dev/null
-+++ b/tests/basic/GHSA-9pqp-7h25-4f32.inc
-@@ -0,0 +1,3 @@
-+<?php
-+print "Hello world\n";
-+var_dump($_POST);
-diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-new file mode 100644
-index 00000000000..af819163705
---- /dev/null
-+++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-@@ -0,0 +1,100 @@
-+--TEST--
-+GHSA-9pqp-7h25-4f32
-+--SKIPIF--
-+<?php
-+if (!getenv('TEST_PHP_CGI_EXECUTABLE')) {
-+    die("skip php-cgi not available");
-+}
-+?>
-+--FILE--
-+<?php
-+
-+const FILLUNIT = 5 * 1024;
-+
-+function test($boundaryLen) {
-+    printf("Boundary len: %d\n", $boundaryLen);
-+
-+    $cmd = [
-+        getenv('TEST_PHP_CGI_EXECUTABLE'),
-+        '-C',
-+        '-n',
-+        __DIR__ . '/GHSA-9pqp-7h25-4f32.inc',
-+    ];
-+
-+    $boundary = str_repeat('A', $boundaryLen);
-+    $body = ""
-+        . "--$boundary\r\n"
-+        . "Content-Disposition: form-data; name=\"koko\"\r\n"
-+        . "\r\n"
-+        . "BBB\r\n--" . substr($boundary, 0, -1) . "CCC\r\n"
-+        . "--$boundary--\r\n"
-+        ;
-+
-+    $env = array_merge($_ENV, [
-+        'REDIRECT_STATUS' => '1',
-+        'CONTENT_TYPE' => "multipart/form-data; boundary=$boundary",
-+        'CONTENT_LENGTH' => strlen($body),
-+        'REQUEST_METHOD' => 'POST',
-+        'SCRIPT_FILENAME' => __DIR__ . '/GHSA-9pqp-7h25-4f32.inc',
-+    ]);
-+
-+    $spec = [
-+        0 => ['pipe', 'r'],
-+        1 => STDOUT,
-+        2 => STDOUT,
-+    ];
-+
-+    $pipes = [];
-+
-+    print "Starting...\n";
-+
-+    $handle = proc_open($cmd, $spec, $pipes, getcwd(), $env);
-+
-+    fwrite($pipes[0], $body);
-+
-+    $status = proc_close($handle);
-+
-+    print "\n";
-+}
-+
-+for ($offset = -1; $offset <= 1; $offset++) {
-+    test(FILLUNIT - strlen("\r\n--") + $offset);
-+}
-+
-+?>
-+--EXPECTF--
-+Boundary len: 5115
-+Starting...
-+X-Powered-By: %s
-+Content-type: text/html; charset=UTF-8
-+
-+Hello world
-+array(1) {
-+  ["koko"]=>
-+  string(5124) "BBB
-+--AAA%sCCC"
-+}
-+
-+Boundary len: 5116
-+Starting...
-+X-Powered-By: %s
-+Content-type: text/html; charset=UTF-8
-+
-+Hello world
-+array(1) {
-+  ["koko"]=>
-+  string(5125) "BBB
-+--AAA%sCCC"
-+}
-+
-+Boundary len: 5117
-+Starting...
-+X-Powered-By: %s
-+Content-type: text/html; charset=UTF-8
-+
-+<br />
-+<b>Warning</b>:  Boundary too large in multipart/form-data POST data in <b>Unknown</b> on line <b>0</b><br />
-+Hello world
-+array(0) {
-+}
-+
--- 
-2.46.1
-
-From c75683864f6e4188439e8ca2adbb05824918be12 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Mon, 23 Sep 2024 18:54:31 +0100
-Subject: [PATCH 7/8] Skip GHSA-9pqp-7h25-4f32 test on Windows
-
-(cherry picked from commit c70e25630832fa10d421328eed2b8e1a36af7a64)
----
- tests/basic/GHSA-9pqp-7h25-4f32.phpt | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-index af819163705..29bcb6557d5 100644
---- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-+++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt
-@@ -5,6 +5,9 @@ GHSA-9pqp-7h25-4f32
- if (!getenv('TEST_PHP_CGI_EXECUTABLE')) {
-     die("skip php-cgi not available");
- }
-+if (substr(PHP_OS, 0, 3) == 'WIN') {
-+    die("skip not for Windows in CI - probably resource issue");
-+}
- ?>
- --FILE--
- <?php
--- 
-2.46.1
-

SOURCES/php-cve-2024-8926.patch

@@ -1,209 +0,0 @@
-From 9f95e17cc0a9a79da82157e34e3effe1bc395037 Mon Sep 17 00:00:00 2001
-From: Jan Ehrhardt <github@ehrhardt.nl>
-Date: Wed, 5 Jun 2024 20:44:46 +0200
-Subject: [PATCH 1/8] Fix GHSA-3qgc-jrrr-25jv
-
----
- sapi/cgi/cgi_main.c                     | 23 ++++++++++++++-
- sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt | 38 +++++++++++++++++++++++++
- 2 files changed, 60 insertions(+), 1 deletion(-)
- create mode 100644 sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
-
-diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
-index 0d52941c5a1..0d3b54ed8b8 100644
---- a/sapi/cgi/cgi_main.c
-+++ b/sapi/cgi/cgi_main.c
-@@ -1798,8 +1798,13 @@ int main(int argc, char *argv[])
- 		}
- 	}
- 
-+	/* Apache CGI will pass the query string to the command line if it doesn't contain a '='.
-+	 * This can create an issue where a malicious request can pass command line arguments to
-+	 * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
-+	 * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
-+	 * Therefore, this code only prevents passing arguments if the query string starts with a '-'.
-+	 * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */
- 	if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
--		/* we've got query string that has no = - apache CGI will pass it to command line */
- 		unsigned char *p;
- 		decoded_query_string = strdup(query_string);
- 		php_url_decode(decoded_query_string, strlen(decoded_query_string));
-@@ -1809,6 +1814,22 @@ int main(int argc, char *argv[])
- 		if(*p == '-') {
- 			skip_getopt = 1;
- 		}
-+
-+		/* On Windows we have to take into account the "best fit" mapping behaviour. */
-+#ifdef PHP_WIN32
-+		if (*p >= 0x80) {
-+			wchar_t wide_buf[1];
-+			wide_buf[0] = *p;
-+			char char_buf[4];
-+			size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]);
-+			size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]);
-+			if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0
-+				|| char_buf[0] == '-') {
-+				skip_getopt = 1;
-+			}
-+		}
-+#endif
-+
- 		free(decoded_query_string);
- 	}
- 
-diff --git a/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
-new file mode 100644
-index 00000000000..fd2fcdfbf89
---- /dev/null
-+++ b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt
-@@ -0,0 +1,38 @@
-+--TEST--
-+GHSA-3qgc-jrrr-25jv
-+--SKIPIF--
-+<?php
-+include 'skipif.inc';
-+if (PHP_OS_FAMILY !== "Windows") die("skip Only for Windows");
-+
-+$codepage = trim(shell_exec("powershell Get-ItemPropertyValue HKLM:\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage ACP"));
-+if ($codepage !== '932' && $codepage !== '936' && $codepage !== '950') die("skip Wrong codepage");
-+?>
-+--FILE--
-+<?php
-+include 'include.inc';
-+
-+$filename = __DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php";
-+$script = '<?php echo "hello "; echo "world"; ?>';
-+file_put_contents($filename, $script);
-+
-+$php = get_cgi_path();
-+reset_env_vars();
-+
-+putenv("SERVER_NAME=Test");
-+putenv("SCRIPT_FILENAME=$filename");
-+putenv("QUERY_STRING=%ads");
-+putenv("REDIRECT_STATUS=1");
-+
-+passthru("$php -s");
-+
-+?>
-+--CLEAN--
-+<?php
-+@unlink(__DIR__."/GHSA-3qgc-jrrr-25jv_tmp.php");
-+?>
-+--EXPECTF--
-+X-Powered-By: PHP/%s
-+Content-type: %s
-+
-+hello world
--- 
-2.46.1
-
-From dc40d2d7960dd35f0178ff52c1f8590b7b1a08b2 Mon Sep 17 00:00:00 2001
-From: Jan Ehrhardt <github@ehrhardt.nl>
-Date: Sun, 9 Jun 2024 20:10:36 +0200
-Subject: [PATCH 2/8] NEWS: Add backports from 8.1.29
-
----
- NEWS | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 7a9b6bdae18..79133f558af 100644
---- a/NEWS
-+++ b/NEWS
-@@ -3,10 +3,18 @@ PHP                                                                        NEWS
- 
- Backported from 8.1.29
- 
-+- CGI:
-+  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
-+    in PHP-CGI). (CVE-2024-4577) (nielsdos)
-+
- - Filter:
-   . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
-     (CVE-2024-5458) (nielsdos)
- 
-+- Standard:
-+  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
-+    (CVE-2024-5585) (nielsdos)
-+
- Backported from 8.1.28
- 
- - Standard:
--- 
-2.46.1
-
-From 2d2552e092b6ff32cd823692d512f126ee629842 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Fri, 14 Jun 2024 19:49:22 +0200
-Subject: [PATCH 4/8] Fix GHSA-p99j-rfp4-xqvq
-
-It's no use trying to work around whatever the operating system and Apache
-do because we'll be fighting that until eternity.
-Change the skip_getopt condition such that when we're running in
-CGI or FastCGI mode we always skip the argument parsing.
-This is a BC break, but this seems to be the only way to get rid of this
-class of issues.
-
-(cherry picked from commit abcfd980bfa03298792fd3aba051c78d52f10642)
----
- sapi/cgi/cgi_main.c | 26 ++++++++------------------
- 1 file changed, 8 insertions(+), 18 deletions(-)
-
-diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
-index 0d3b54ed8b8..6e148874e4f 100644
---- a/sapi/cgi/cgi_main.c
-+++ b/sapi/cgi/cgi_main.c
-@@ -1748,7 +1748,6 @@ int main(int argc, char *argv[])
- 	int status = 0;
- #endif
- 	char *query_string;
--	char *decoded_query_string;
- 	int skip_getopt = 0;
- 
- #if defined(SIGPIPE) && defined(SIG_IGN)
-@@ -1803,10 +1802,15 @@ int main(int argc, char *argv[])
- 	 * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode,
- 	 * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`.
- 	 * Therefore, this code only prevents passing arguments if the query string starts with a '-'.
--	 * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */
-+	 * Similarly, scripts spawned in subprocesses on Windows may have the same issue.
-+	 * However, Windows has lots of conversion rules and command line parsing rules that
-+	 * are too difficult and dangerous to reliably emulate. */
- 	if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) {
-+#ifdef PHP_WIN32
-+		skip_getopt = cgi || fastcgi;
-+#else
- 		unsigned char *p;
--		decoded_query_string = strdup(query_string);
-+		char *decoded_query_string = strdup(query_string);
- 		php_url_decode(decoded_query_string, strlen(decoded_query_string));
- 		for (p = (unsigned char *)decoded_query_string; *p &&  *p <= ' '; p++) {
- 			/* skip all leading spaces */
-@@ -1815,22 +1819,8 @@ int main(int argc, char *argv[])
- 			skip_getopt = 1;
- 		}
- 
--		/* On Windows we have to take into account the "best fit" mapping behaviour. */
--#ifdef PHP_WIN32
--		if (*p >= 0x80) {
--			wchar_t wide_buf[1];
--			wide_buf[0] = *p;
--			char char_buf[4];
--			size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]);
--			size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]);
--			if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0
--				|| char_buf[0] == '-') {
--				skip_getopt = 1;
--			}
--		}
--#endif
--
- 		free(decoded_query_string);
-+#endif
- 	}
- 
- 	while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) {
--- 
-2.46.1
-

SOURCES/php-cve-2024-8927.patch

@@ -1,56 +0,0 @@
-From 8aa748ee0657cdee8d883ba50d04b68bc450f686 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Tue, 18 Jun 2024 21:28:26 +0200
-Subject: [PATCH 5/8] Fix GHSA-94p6-54jq-9mwp
-
-Apache only generates REDIRECT_STATUS, so explicitly check for that
-if the server name is Apache, don't allow other variable names.
-Furthermore, redirect.so and Netscape no longer exist, so
-remove those entries as we can't check their server name anymore.
-
-We now also check for the configuration override *first* such that it
-always take precedence. This would allow for a mitigation path if
-something like this happens in the future.
-
-(cherry picked from commit 48808d98f4fc2a05193cdcc1aedd6c66816450f1)
----
- sapi/cgi/cgi_main.c | 23 +++++++++++------------
- 1 file changed, 11 insertions(+), 12 deletions(-)
-
-diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
-index 6e148874e4f..5879d0e0f93 100644
---- a/sapi/cgi/cgi_main.c
-+++ b/sapi/cgi/cgi_main.c
-@@ -1910,18 +1910,17 @@ int main(int argc, char *argv[])
- 
- 	/* check force_cgi after startup, so we have proper output */
- 	if (cgi && CGIG(force_redirect)) {
--		/* Apache will generate REDIRECT_STATUS,
--		 * Netscape and redirect.so will generate HTTP_REDIRECT_STATUS.
--		 * redirect.so and installation instructions available from
--		 * http://www.koehntopp.de/php.
--		 *   -- kk@netuse.de
--		 */
--		if (!getenv("REDIRECT_STATUS") &&
--			!getenv ("HTTP_REDIRECT_STATUS") &&
--			/* this is to allow a different env var to be configured
--			 * in case some server does something different than above */
--			(!CGIG(redirect_status_env) || !getenv(CGIG(redirect_status_env)))
--		) {
-+		/* This is to allow a different environment variable to be configured
-+		 * in case the we cannot auto-detect which environment variable to use.
-+		 * Checking this first to allow user overrides in case the environment
-+		 * variable can be set by an untrusted party. */
-+		const char *redirect_status_env = CGIG(redirect_status_env);
-+		if (!redirect_status_env) {
-+			/* Apache will generate REDIRECT_STATUS. */
-+			redirect_status_env = "REDIRECT_STATUS";
-+		}
-+
-+		if (!getenv(redirect_status_env)) {
- 			zend_try {
- 				SG(sapi_headers).http_response_code = 400;
- 				PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
--- 
-2.46.1
-

SOURCES/php-cve-2024-8932.patch

@@ -1,130 +0,0 @@
-From 9f367d847989b339c33369737daf573e30bab5f1 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Thu, 26 Sep 2024 22:22:27 +0200
-Subject: [PATCH 4/8] Fix GHSA-g665-fm4p-vhff: OOB access in ldap_escape
-
-(cherry picked from commit f9ecf90070a11dad09ca7671a712f81cc2a7d52f)
----
- ext/ldap/ldap.c                           | 20 ++++++++++++++--
- ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt | 28 ++++++++++++++++++++++
- ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt | 29 +++++++++++++++++++++++
- 3 files changed, 75 insertions(+), 2 deletions(-)
- create mode 100644 ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt
- create mode 100644 ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt
-
-diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c
-index c4dfe0c5b07..6661310d055 100644
---- a/ext/ldap/ldap.c
-+++ b/ext/ldap/ldap.c
-@@ -3760,13 +3760,23 @@ static zend_string* php_ldap_do_escape(const zend_bool *map, const char *value,
- 	zend_string *ret;
- 
- 	for (i = 0; i < valuelen; i++) {
--		len += (map[(unsigned char) value[i]]) ? 3 : 1;
-+		size_t addend = (map[(unsigned char) value[i]]) ? 3 : 1;
-+		if (len > ZSTR_MAX_LEN - addend) {
-+			return NULL;
-+		}
-+		len += addend;
- 	}
- 	/* Per RFC 4514, a leading and trailing space must be escaped */
- 	if ((flags & PHP_LDAP_ESCAPE_DN) && (value[0] == ' ')) {
-+		if (len > ZSTR_MAX_LEN - 2) {
-+			return NULL;
-+		}
- 		len += 2;
- 	}
- 	if ((flags & PHP_LDAP_ESCAPE_DN) && ((valuelen > 1) && (value[valuelen - 1] == ' '))) {
-+		if (len > ZSTR_MAX_LEN - 2) {
-+			return NULL;
-+		}
- 		len += 2;
- 	}
- 
-@@ -3833,7 +3843,13 @@ PHP_FUNCTION(ldap_escape)
- 		php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0);
- 	}
- 
--	RETURN_NEW_STR(php_ldap_do_escape(map, value, valuelen, flags));
-+	zend_string *result = php_ldap_do_escape(map, value, valuelen, flags);
-+	if (UNEXPECTED(!result)) {
-+		zend_argument_value_error(1, "is too long");
-+		RETURN_THROWS();
-+	}
-+
-+	RETURN_NEW_STR(result);
- }
- 
- #ifdef STR_TRANSLATION
-diff --git a/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt b/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt
-new file mode 100644
-index 00000000000..8e2c4fb160d
---- /dev/null
-+++ b/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt
-@@ -0,0 +1,28 @@
-+--TEST--
-+GHSA-g665-fm4p-vhff (OOB access in ldap_escape)
-+--EXTENSIONS--
-+ldap
-+--INI--
-+memory_limit=-1
-+--SKIPIF--
-+<?php
-+if (PHP_INT_SIZE !== 4) die("skip only for 32-bit");
-+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
-+?>
-+--FILE--
-+<?php
-+try {
-+    ldap_escape(' '.str_repeat("#", 1431655758), "", LDAP_ESCAPE_DN);
-+} catch (ValueError $e) {
-+    echo $e->getMessage(), "\n";
-+}
-+
-+try {
-+    ldap_escape(str_repeat("#", 1431655758).' ', "", LDAP_ESCAPE_DN);
-+} catch (ValueError $e) {
-+    echo $e->getMessage(), "\n";
-+}
-+?>
-+--EXPECT--
-+ldap_escape(): Argument #1 ($value) is too long
-+ldap_escape(): Argument #1 ($value) is too long
-diff --git a/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt b/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt
-new file mode 100644
-index 00000000000..a69597084be
---- /dev/null
-+++ b/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt
-@@ -0,0 +1,29 @@
-+--TEST--
-+GHSA-g665-fm4p-vhff (OOB access in ldap_escape)
-+--EXTENSIONS--
-+ldap
-+--INI--
-+memory_limit=-1
-+--SKIPIF--
-+<?php
-+if (PHP_INT_SIZE !== 4) die("skip only for 32-bit");
-+if (getenv("SKIP_SLOW_TESTS")) die("skip slow test");
-+?>
-+--FILE--
-+<?php
-+try {
-+    ldap_escape(str_repeat("*", 1431655759), "", LDAP_ESCAPE_FILTER);
-+} catch (ValueError $e) {
-+    echo $e->getMessage(), "\n";
-+}
-+
-+// would allocate a string of length 2
-+try {
-+    ldap_escape(str_repeat("*", 1431655766), "", LDAP_ESCAPE_FILTER);
-+} catch (ValueError $e) {
-+    echo $e->getMessage(), "\n";
-+}
-+?>
-+--EXPECT--
-+ldap_escape(): Argument #1 ($value) is too long
-+ldap_escape(): Argument #1 ($value) is too long
--- 
-2.47.0
-

SOURCES/php-cve-2024-9026.patch

@@ -1,177 +0,0 @@
-From 22f4d3504d7613ce78bb96aa53cbfe7d672fa036 Mon Sep 17 00:00:00 2001
-From: Jakub Zelenka <bukka@php.net>
-Date: Thu, 12 Sep 2024 13:11:11 +0100
-Subject: [PATCH 6/8] Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may be
- altered
-
-(cherry picked from commit 1f8e16172c7961045c2b0f34ba7613e3f21cdee8)
----
- sapi/fpm/fpm/fpm_stdio.c                      |  2 +-
- .../log-bwp-msg-flush-split-sep-pos-end.phpt  | 47 +++++++++++++++++++
- ...log-bwp-msg-flush-split-sep-pos-start.phpt | 47 +++++++++++++++++++
- 3 files changed, 95 insertions(+), 1 deletion(-)
- create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
- create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-
-diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c
-index d75f9158cda..7983d6217b2 100644
---- a/sapi/fpm/fpm/fpm_stdio.c
-+++ b/sapi/fpm/fpm/fpm_stdio.c
-@@ -228,7 +228,7 @@ stdio_read:
- 			if 	((sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos) <= in_buf &&
- 					!memcmp(buf, &FPM_STDIO_CMD_FLUSH[cmd_pos], sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos)) {
- 				zlog_stream_finish(log_stream);
--				start = cmd_pos;
-+				start = sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos;
- 			} else {
- 				zlog_stream_str(log_stream, &FPM_STDIO_CMD_FLUSH[0], cmd_pos);
- 			}
-diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
-new file mode 100644
-index 00000000000..52826320080
---- /dev/null
-+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt
-@@ -0,0 +1,47 @@
-+--TEST--
-+FPM: Buffered worker output plain log with msg with flush split position towards separator end
-+--SKIPIF--
-+<?php include "skipif.inc"; ?>
-+--FILE--
-+<?php
-+
-+require_once "tester.inc";
-+
-+$cfg = <<<EOT
-+[global]
-+error_log = {{FILE:LOG}}
-+[unconfined]
-+listen = {{ADDR}}
-+pm = dynamic
-+pm.max_children = 5
-+pm.start_servers = 1
-+pm.min_spare_servers = 1
-+pm.max_spare_servers = 3
-+catch_workers_output = yes
-+decorate_workers_output = no
-+EOT;
-+
-+$code = <<<EOT
-+<?php
-+file_put_contents('php://stderr', str_repeat('a', 1013) . "Quarkslab\0fscf\0Quarkslab");
-+EOT;
-+
-+$tester = new FPM\Tester($cfg, $code);
-+$tester->start();
-+$tester->expectLogStartNotices();
-+$tester->request()->expectEmptyBody();
-+$tester->expectLogLine(str_repeat('a', 1013)  . "Quarkslab", decorated: false);
-+$tester->expectLogLine("Quarkslab", decorated: false);
-+$tester->terminate();
-+$tester->expectLogTerminatingNotices();
-+$tester->close();
-+
-+?>
-+Done
-+--EXPECT--
-+Done
-+--CLEAN--
-+<?php
-+require_once "tester.inc";
-+FPM\Tester::clean();
-+?>
-diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-new file mode 100644
-index 00000000000..34905938553
---- /dev/null
-+++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt
-@@ -0,0 +1,47 @@
-+--TEST--
-+FPM: Buffered worker output plain log with msg with flush split position towards separator start
-+--SKIPIF--
-+<?php include "skipif.inc"; ?>
-+--FILE--
-+<?php
-+
-+require_once "tester.inc";
-+
-+$cfg = <<<EOT
-+[global]
-+error_log = {{FILE:LOG}}
-+[unconfined]
-+listen = {{ADDR}}
-+pm = dynamic
-+pm.max_children = 5
-+pm.start_servers = 1
-+pm.min_spare_servers = 1
-+pm.max_spare_servers = 3
-+catch_workers_output = yes
-+decorate_workers_output = no
-+EOT;
-+
-+$code = <<<EOT
-+<?php
-+file_put_contents('php://stderr', str_repeat('a', 1009) . "Quarkslab\0fscf\0Quarkslab");
-+EOT;
-+
-+$tester = new FPM\Tester($cfg, $code);
-+$tester->start();
-+$tester->expectLogStartNotices();
-+$tester->request()->expectEmptyBody();
-+$tester->expectLogLine(str_repeat('a', 1009)  . "Quarkslab", decorated: false);
-+$tester->expectLogLine("Quarkslab", decorated: false);
-+$tester->terminate();
-+$tester->expectLogTerminatingNotices();
-+$tester->close();
-+
-+?>
-+Done
-+--EXPECT--
-+Done
-+--CLEAN--
-+<?php
-+require_once "tester.inc";
-+FPM\Tester::clean();
-+?>
--- 
-2.46.1
-
-From af3fb385e7b328ab89db26ec712d89c7096f0743 Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Thu, 26 Sep 2024 11:50:54 +0200
-Subject: [PATCH 8/8] NEWS for 8.1.30 backports
-
----
- NEWS | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index 79133f558af..bad0a719aae 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,23 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.1.30
-+
-+- CGI:
-+  . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
-+    Vulnerability). (CVE-2024-8926) (nielsdos)
-+  . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
-+    bypassable due to the environment variable collision). (CVE-2024-8927)
-+    (nielsdos)
-+
-+- FPM:
-+  . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
-+    (CVE-2024-9026) (Jakub Zelenka)
-+
-+- SAPI:
-+  . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
-+    (CVE-2024-8925) (Arnaud)
-+
- Backported from 8.1.29
- 
- - CGI:
--- 
-2.46.1
-

SOURCES/php-fpm-www.conf

@@ -1,5 +1,5 @@
 ; Start a new pool named 'www'.
-; the variable $pool can be used in any directive and will be replaced by the
+; the variable $pool can we used in any directive and will be replaced by the
 ; pool name ('www' here)
 [www]
 
@@ -128,7 +128,7 @@ pm.min_spare_servers = 5
 ; Note: Used only when pm is set to 'dynamic'
 ; Note: Mandatory when pm is set to 'dynamic'
 pm.max_spare_servers = 35
-
+ 
 ; The number of seconds after which an idle process will be killed.
 ; Note: Used only when pm is set to 'ondemand'
 ; Default Value: 10s
@@ -238,7 +238,7 @@ pm.max_spare_servers = 35
 ;       may conflict with a real PHP file.
 ; Default Value: not set
 ;pm.status_path = /status
-
+ 
 ; The ping URI to call the monitoring page of FPM. If this value is not set, no
 ; URI will be recognized as a ping page. This could be used to test from outside
 ; that FPM is alive and responding, or to
@@ -255,7 +255,7 @@ pm.max_spare_servers = 35
 ; response is formatted as text/plain with a 200 response code.
 ; Default Value: pong
 ;ping.response = pong
-
+ 
 ; The access log file
 ; Default: not set
 ;access.log = log/$pool.access.log
@@ -330,26 +330,22 @@ slowlog = /var/log/php-fpm/www-slow.log
 ; Default Value: 0
 ;request_slowlog_timeout = 0
 
-; Depth of slow log stack trace.
-; Default Value: 20
-;request_slowlog_trace_depth = 20
-
 ; The timeout for serving a single request after which the worker process will
 ; be killed. This option should be used when the 'max_execution_time' ini option
 ; does not stop script execution for some reason. A value of '0' means 'off'.
 ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 ; Default Value: 0
 ;request_terminate_timeout = 0
-
+ 
 ; Set open file descriptor rlimit.
 ; Default Value: system defined value
 ;rlimit_files = 1024
-
+ 
 ; Set max core size rlimit.
 ; Possible Values: 'unlimited' or an integer greater or equal to 0
 ; Default Value: system defined value
 ;rlimit_core = 0
-
+ 
 ; Chroot to this directory at the start. This value must be defined as an
 ; absolute path. When this value is not set, chroot is not used.
 ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
@@ -359,20 +355,20 @@ slowlog = /var/log/php-fpm/www-slow.log
 ;       possible. However, all PHP paths will be relative to the chroot
 ;       (error_log, sessions.save_path, ...).
 ; Default Value: not set
-;chroot =
-
+;chroot = 
+ 
 ; Chdir to this directory at the start.
 ; Note: relative path can be used.
 ; Default Value: current directory or / when chroot
 ;chdir = /var/www
-
+ 
 ; Redirect worker stdout and stderr into main error log. If not set, stdout and
 ; stderr will be redirected to /dev/null according to FastCGI specs.
 ; Note: on highloaded environement, this can cause some delay in the page
 ; process time (several ms).
 ; Default Value: no
 ;catch_workers_output = yes
-
+ 
 ; Clear environment in FPM workers
 ; Prevents arbitrary environment variables from reaching FPM worker processes
 ; by clearing the environment in workers before env vars specified in this
@@ -385,7 +381,7 @@ slowlog = /var/log/php-fpm/www-slow.log
 ; Limits the extensions of the main script FPM will allow to parse. This can
 ; prevent configuration mistakes on the web server side. You should only limit
 ; FPM to .php extensions to prevent malicious users to use other extensions to
-; execute php code.
+; exectute php code.
 ; Note: set an empty value to allow all extensions.
 ; Default Value: .php
 ;security.limit_extensions = .php .php3 .php4 .php5 .php7
@@ -403,7 +399,7 @@ slowlog = /var/log/php-fpm/www-slow.log
 ; overwrite the values previously defined in the php.ini. The directives are the
 ; same as the PHP SAPI:
 ;   php_value/php_flag             - you can set classic ini defines which can
-;                                    be overwritten from PHP call 'ini_set'.
+;                                    be overwritten from PHP call 'ini_set'. 
 ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
 ;                                     PHP call 'ini_set'
 ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.

SOURCES/php-fpm.conf

@@ -43,24 +43,6 @@ error_log = /var/log/php-fpm/error.log
 ; Default Value: notice
 ;log_level = notice
 
-; Log limit on number of characters in the single line (log entry). If the
-; line is over the limit, it is wrapped on multiple lines. The limit is for
-; all logged characters including message prefix and suffix if present. However
-; the new line character does not count into it as it is present only when
-; logging to a file descriptor. It means the new line character is not present
-; when logging to syslog.
-; Default Value: 1024
-;log_limit = 4096
-
-; Log buffering specifies if the log line is buffered which means that the
-; line is written in a single write operation. If the value is false, then the
-; data is written directly into the file descriptor. It is an experimental
-; option that can potentionaly improve logging performance and memory usage
-; for some heavy logging scenarios. This option is ignored if logging to syslog
-; as it has to be always buffered.
-; Default value: yes
-;log_buffering = no
-
 ; If this number of child processes exit with SIGSEGV or SIGBUS within the time
 ; interval set by emergency_restart_interval then FPM will restart. A value
 ; of '0' means 'Off'.

SOURCES/php-ghsa-4w77-75f9-2c8w.patch

@@ -1,133 +0,0 @@
-From 462092a48aa0dbad24d9fa8a4a9d418faa14d309 Mon Sep 17 00:00:00 2001
-From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
-Date: Sat, 9 Nov 2024 15:29:52 +0100
-Subject: [PATCH 6/8] Fix GHSA-4w77-75f9-2c8w
-
-(cherry picked from commit 7dd336ae838bbf2c62dc47e3c900d657d3534c02)
----
- sapi/cli/php_cli_server.c               |  6 +---
- sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt | 41 +++++++++++++++++++++++++
- 2 files changed, 42 insertions(+), 5 deletions(-)
- create mode 100644 sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt
-
-diff --git a/sapi/cli/php_cli_server.c b/sapi/cli/php_cli_server.c
-index 295448f1211..5104318a634 100644
---- a/sapi/cli/php_cli_server.c
-+++ b/sapi/cli/php_cli_server.c
-@@ -1863,8 +1863,6 @@ static size_t php_cli_server_client_send_through(php_cli_server_client *client,
- 
- static void php_cli_server_client_populate_request_info(const php_cli_server_client *client, sapi_request_info *request_info) /* {{{ */
- {
--	char *val;
--
- 	request_info->request_method = php_http_method_str(client->request.request_method);
- 	request_info->proto_num = client->request.protocol_version;
- 	request_info->request_uri = client->request.request_uri;
-@@ -1872,9 +1870,7 @@ static void php_cli_server_client_populate_request_info(const php_cli_server_cli
- 	request_info->query_string = client->request.query_string;
- 	request_info->content_length = client->request.content_len;
- 	request_info->auth_user = request_info->auth_password = request_info->auth_digest = NULL;
--	if (NULL != (val = zend_hash_str_find_ptr(&client->request.headers, "content-type", sizeof("content-type")-1))) {
--		request_info->content_type = val;
--	}
-+	request_info->content_type = zend_hash_str_find_ptr(&client->request.headers, "content-type", sizeof("content-type")-1);
- } /* }}} */
- 
- static void destroy_request_info(sapi_request_info *request_info) /* {{{ */
-diff --git a/sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt b/sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt
-new file mode 100644
-index 00000000000..2c8aeff12d5
---- /dev/null
-+++ b/sapi/cli/tests/ghsa-4w77-75f9-2c8w.phpt
-@@ -0,0 +1,41 @@
-+--TEST--
-+GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface)
-+--INI--
-+allow_url_fopen=1
-+--SKIPIF--
-+<?php
-+include "skipif.inc";
-+?>
-+--FILE--
-+<?php
-+include "php_cli_server.inc";
-+
-+$serverCode = <<<'CODE'
-+var_dump(file_get_contents('php://input'));
-+CODE;
-+
-+php_cli_server_start($serverCode, null, []);
-+
-+$options = [
-+    "http" => [
-+        "method" => "POST",
-+        "header" => "Content-Type: application/x-www-form-urlencoded",
-+        "content" => "AAAAA",
-+    ],
-+];
-+$context = stream_context_create($options);
-+
-+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/", context: $context);
-+
-+$options = [
-+    "http" => [
-+        "method" => "POST",
-+    ],
-+];
-+$context = stream_context_create($options);
-+
-+echo file_get_contents("http://" . PHP_CLI_SERVER_ADDRESS . "/", context: $context);
-+?>
-+--EXPECT--
-+string(5) "AAAAA"
-+string(0) ""
--- 
-2.47.0
-
-From 22bdb43da0ecd6e72d63b63aa6c1f3a25d1bca3a Mon Sep 17 00:00:00 2001
-From: Remi Collet <remi@remirepo.net>
-Date: Fri, 22 Nov 2024 08:58:10 +0100
-Subject: [PATCH 7/8] NEWS for 8.1.31 backports
-
----
- NEWS | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/NEWS b/NEWS
-index bad0a719aae..0f82a65a44b 100644
---- a/NEWS
-+++ b/NEWS
-@@ -1,6 +1,30 @@
- PHP                                                                        NEWS
- |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 
-+Backported from 8.1.31
-+
-+- CLI:
-+  . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
-+    Processing in CLI SAPI Interface). (nielsdos)
-+
-+- LDAP:
-+  . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
-+    (nielsdos)
-+
-+- PDO DBLIB:
-+  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
-+    OOB writes). (CVE-2024-11236) (nielsdos)
-+
-+- PDO Firebird:
-+  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
-+    causing OOB writes). (CVE-2024-11236) (nielsdos)
-+
-+- Streams:
-+  . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
-+    might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
-+  . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
-+    convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)
-+
- Backported from 8.1.30
- 
- - CGI:
--- 
-2.47.0
-

SOURCES/php-keyring.gpg

@@ -1,597 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFjxRtoBEADkS6+Q7afwYDPFnqJXuyF2ZIvXysDBrpr/xbre4jVeiC/HIELa
-QedOJqO1V+BgnTRkfhor+Yq3mZ1un+6zJIiFcm5Kp7sPZjh15JF96PsA4e2Eh5eC
-eJzjXHj1nAKXfn5+CgpYEyL30r1/ACkmo9TKIiUxIDZRkZvxjY4UKeo+EoJo0Viu
-tV8mvSTgxaz9gzPhZ5OJR8zECT8j3T8d+tBD8wWxxmGZ0veOu/MBew1C/BDr8RqT
-CXDywUbyNuSsdb3a5aLuIuLekSJVSCcFwPIje1WrX4FyC42+elOp0SXpjWzdb08N
-XX4DEY8zVyVXI1ScSpTbslffcFkY60NJhjpP7t856L9vTLRfHIM9BIdSYH/ar5mE
-Q0vyJbiNfkx5tIMnEmnIYbmnjjmcPZDKZ4PyQEUEWF3DqNOOAWhk9HUMFEkANkd1
-vEcNNQxgD2eOJM6egfUv9KtuAEcRX2iDu3gIyE+55x92VVoEJDu5M+Q6PYGUIMh7
-nz2gS3lnlpG2vquQpqDS9UogsZ8L4NsukdP2ixRFnD9qaTOemqRYwIptOX6wvrtR
-7PmWOnnRZ5OcpK5/qyK9iCLY7bbHDViBoV0uLEHNPTDHjrALJrqS+dH1glYid/82
-OvKE3KREjRpMOW83nNfQcqkMi9fhH8WUkz6OD6JemvB/s/CwBS2w3+9LAQARAQAB
-tB5TYXJhIEdvbGVtb24gPHBvbGxpdGFAcGhwLm5ldD6JAj4EEwECACgCGwMGCwkI
-BwMCBhUIAgkKCwQWAgMBAh4BAheABQJY/TOeBQkNNFUtAAoJENvbOXRw0SFy1xYP
-/jQeNv4WUPK3M0Hl3EvEnOeODxePysU0khvgnw/mRtQu7BOwRdbB0HWv8Kx0HXL7
-XI4l2myHRZbd9PrBlG4YFYjZqWmqQ9WGlLBxDpSJNeROpTgKjhxA2hOl1xH2Et5k
-bRcZzpJJ9zuD3rqkq80S3u/UAB/QzYfJWKnQBTXi/3psZNAVTRp3/4sEn1kCfEnl
-NUYPih/NqdXE0frlKeITOAmatD2cjYcJlc/ETLil8Sq1nIgiE/++KZalbcXcRSHV
-ZSd/L+fNlMDIh6k9pjcE562oiyyMHKed/pAX7o1BqlKqSwxjQoNskpICVFkyMv+P
-7cIPyOxJa8kaGyyHND+8i1GzvwcPhLYeOWDwmiXBs4Ea8Z7KWxhi19zlxMrEfAcf
-FIomcRoxfzcnSY3FVJYIoEySK/IBiivqeunyeDA2JG1vLSZIV5hNicUihp4hnhX4
-Z1gElN+C68P49SZseFzxvzwMq5RIUbWVwIh2+Wj51/UrULgoM4qNkgejDLYFyTxb
-LfXq+Tk91UXdpepBHvE9KFVqh4MbIlyx9TAzOizqLdZlnPRwLb3rWBLsv7XbCTeY
-tp4jVU8Q35hnvGFy+GsSROJv04mJW+whyz+zxOEMPiVbVA5um3ZbSj5oou87M9Li
-JtrUOqNfyyqddLC8L5LgwwlYKqP+W6Q4LMf/Whoj3FFCuQINBFjxRtoBEACk8wfJ
-qP03Hz6PX8br3jEUllSngdD/28K2C4RVOOr71u4FJRcEMR98SbPnCNIUt4KdedO1
-DJpYac1XvIaVBbLxEcBjRMWNhBgZbxoQzPjFTWHQ/UwHZPiiwQkL55fN1ejBEacD
-V8B1JwqjcBbii6zItLUV/gxGH7Jce/f7KBM7vWlaP+xHpmd+iPK1swK5wNQzDL83
-b7NPyj58fqlmh54Fr+jcpuUjynaYfjtJsgwc4CScdai7FclctLMg8Y8DW7/bkqf1
-BQy9Dik82IWSN4wgVM1eWSGx+PzPlshGH/C8B53U353NcRhjFp3zX31wQhsJrA7J
-p+10S3HbXGrr3aVGMMq3dqSBGp38iKJUmJ3zyVvby5Mk4+8FFmMk3gVuQE52pW4E
-OlSVQNQC8yzYsgaG/4N0M8DRpbfPhT5wiD/Qcb7MUXTE96dzs/KcyPJju/aq4cJ6
-DgpbJmM6OZwnx5HYwa58RgOwAVBbsxYOa6oS+Fj02eaiUETwfPHtqF9juCcM5D0m
-cLZRT1I4zK60qPb6ZDzuFguXg8hm/djjh2YlDFCNKqCZHktCISTWX5u1cyF5j+UL
-3fsKcAAcyiHZV9UH8tr6v0i0P19Uje2ZHk9utJggYSSM0uyqGhmiyd8su2FqitBl
-tvTo00Kc8sv4AcDmCng8SVO0og1wiJZdiHJI7QARAQABiQIfBBgBAgAJBQJY8Uba
-AhsMAAoJENvbOXRw0SFydu4QALeYG2PPMEOQtMV6jOVT51U0Yo0yl94RJoQCOCCT
-/JkUyIDczHmtcVABrpitX3tFl4vacJM3uKWKbzbM7qO2+Hd0u6rxO+o8WUGRMZp5
-IgcbagDOHs0vorVN2Yo0Tl8RoqW91MCvlRFA+8snmKjWfTYj8jxbhIUEtVrIU+5L
-DEgDP+T6PvpaVeXfLYItieCsZgib3qPz5mM49jDH84XG5F19kx0QtVGJs7n8FrcA
-GcQl/iMrm7dRrRuh9394ongIum0uld287Zlg9q12iJiir3w04Npy43G12RXq9TD9
-aRfbMhQ+HB5Dnvf42mfCfGvalSE0rg9mh1KeaiQUXxCzCf1D6a3H50rh1IDn363W
-n41/Hr0j4ntVjvEJxs9nUb8qod2HMOPLOFqwxck7ueGaeDN/GZ5zjPdIppYwE3Lb
-CM1ZFLkV+QhFef4zXwml1/AnGGFULgGYorwGCchizhU1wbZVcoUF74MtprnAsuPd
-Fxlw+4yCcFEeYVpMDQg/ZfZ28T1GruGHqLJqIVpOum48Ec+fjnHAZAH9dOs/qhBu
-CLE+5xUoVyP2lwt0MaHs5SLmxRKhcV6IWRJKTlZ9YdDXbVv5LisL/qDOTjRj7vOg
-CPRhklyA0JjFeyTDpSeAWXFZnab0nYBPWkxtdxxRruEeQPAYP1vl0O6ABMxRAI6o
-6zIImQINBFklYukBEAC9tCSjnoNs3ucOA9RPfKcuK87JD9jdet2UUsw4DHd/Hwmr
-t3T7WKoH1GwRp+ue5+vzXqdFRZ4gG+7tgvUsOtNb5rh22bTBsUIeGsvm/omJntXC
-FQhYcfjtk04p3qtgJ5PGjZahCRYg4aQ2tGp2Mb8auFuFPsHtOHLWQCL7vQShsN9m
-EkEzAQZnn9QYL+IvTQVSKsRy8XcHYZVk2uT2xQY2LvkAucWF0TrjU2LJ2IFdepc0
-+jz1xasBR0afT9YccHpQH5w8yOW+9o/n7BiMHfgT0sBMdKCfKVoQrQe0CsFnqc/+
-V4NsnHkyUrbfKiIFm+NOupIMpL6/A+Iky5YpjIIUHPuVL6VAY6wm463WI8FPk+Nt
-Gekm9jqISxirkYWsIEoZtCrycC8N0iUbGq8eLYdC9ewU5dagCdLGwnDvYjOvzH15
-6LTiE/Svrq2q0kBDAa7CTGRlT+2sgD89ol73QtAVUJst99lVHMmIL1cV4HUpvOlT
-JHRdsN6VhlPrw6ue+2vmYsF86bYni6vMH6KJnmiWa1wijYO0wiSphtTXAa0HE/HT
-V+hSb9bCRbyipwdqkEeaj8sKcx9+XyNxVOlUfo8pQZnLRTd61Fvj+sSTSEbo95a5
-gi0WDnyNtiafKEvLxal7VyatbAcCEcLDYAVHffNLg4fm4H35HN0YQpUt+SuVwQAR
-AQABtBpSZW1pIENvbGxldCA8cmVtaUBwaHAubmV0PokCPgQTAQIAKAUCWSVi6QIb
-AwUJDShogAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ3J/40+5a8n9OJQ/9
-HtuZ4BMPMDFGVPUZ9DP0d74DF/QcT0V101TrdIZ92R4up56Dv40djjQZc2W9BmpP
-VFr/v6qdjapdPH5vvmatnQDz/nIOfo1iwPWGzvmKnbDBQ4qJX7Jd6PdD/YorcD+0
-tOQNKLIGE9ZFQnS80iz9iaTGzvQKEQKEMugQSf3kG3NBEGqKQBsTTrBQOUJ3g8w6
-id2/qJtrDRbL9TuCU77Dpx9HUAnjj/Ixlvd4RQDa/BCYzGYJlCyTsaVW3qc7DIh/
-pRadqtswghSETtl6SSo9yHtoYOGTxXO6UikLEE8miOlaOPQrC9hCD+LSGc5QhNLB
-EKes0l79w9kw9qZ9Xfh4pw/hf1N4O3kPHyUg0q9QaX1XKtigjTUcpdf2Kq8LtlB6
-0p40eZE2dV3T11X+rcn33pFSXMeTJeaNKHXoeGcva/gyZVtvi8iJhqtw9QOUkxRD
-vGB+FEUId3Z1yAu7ZAz6qiUCgxK/VJ6/kBb+YYR8K4FHLmNOd5KoiTerKQu423uu
-MYlYfBHpVZ9YuEJQnTEpizFEeOgaixx5RDLnoPsd/x59VS9eaaKotTPbW/rEp7Sv
-bKj0dR5WMfGyd/OJrcWVZy8/Kh5Mc/4KOHD+JGAp0bE113TkEEoTZ8gNHFdLdv52
-V9eXUkeT5IxyThZBkUy6palDM8A5vaf6Eet8xOLy9XG5Ag0EWSVi6QEQAKujAODv
-sdbt5n1dO29Nj5htbmt6M2A7eOjt7yUj4UMtBaGOA08O0DVA8MJkvepMq9AJBXHZ
-Mi9Dycw3rxBHQDqHJJMwghu3RoQw1y5Wym7LiLhoWSU/wK0BrKOULBwh+kS6udKA
-4oWrV/gr0JGmfdL8dZjBF10kHCfCcjcjWtmIp2GRaoOKTlHCviNmRxzyqba7zE0Z
-c2maQ/4w98BI83GqD1bT8gF/5qwSI1hecBwt9oS7EbZ1ZiE8SSE8Gr6OR3p5UNHb
-zqxUWy8W4r3qulCLc6g1LPXP1V59cMxX9jQJ7lSdv0k8C6Lb6t9Wm8G63hNYgRCA
-mNW5EnqieTrx45K9vqoqfQK6Apfy0UoOquiuK7QClT3wBd7kmyKsCfV0bwRA/fV/
-sC1Rniu8PV7CRk9ryudUXycKq33pSkrOfZjFIQhCqdJkVc2MPbAuj2pOMutKwGKR
-q/Mt3O8nEfGqWaJPa36C6dhlPqjEGTIEk5P493DzM7fj5VVIWyUrI8Vm9FslSvzI
-LcONHMtKtRs2cRYA085NKDXGN7i5Am7L7ZONfqVs3V493ICwmALzeSULNLiMtX+E
-SQfdWCS3Hosnjbc6INDg9BRhFt5MEWJ/qchM3g4NQuukqtOYsiEUw8bCzepwJxXp
-lvNYu0yQDxvP+0RzjMozruVz3VoHeyf6rSWvABEBAAGJAiUEGAECAA8FAlklYukC
-GwwFCQ0oaIAACgkQ3J/40+5a8n/8gg//a75gXQ4csiDUTsUndb94EXqraffmMcT5
-oCzfcP+Mecbuv3G8oQZeLRchsW2i4QecnvPwrXAJcF8kJuN/KZLyeh21PWBy55wo
-/2nbwOvQockXpK5yVeuc3DmdTaxDnW9u3QpSwbvkEyoCpeHH6rZ1wjqn8Qi1k7nj
-C4qgXpRrLQdRsS5ULXpf3IM+vaxbQ5avVnNRu5zMA6M/0reL0RSjgMfnk+3AwLCt
-uMiy1aStCe8V7Y60/oauk+IZA1VJlSz2n3675YD7TkTZKkYIYZHTBw3ZPVJo08jd
-RUXtGJjpOyyWVjP7GMKvZuQVWqcFyc8QHHaIPDLkdi7B9YFPWqfwJPBfUXcdzjAX
-I7N4XsSEeMm8S8SC4FKCidioP/A+bamKcONHUuZ+AztvLh24ZTkqzA/sRRYpbMGU
-QzpcDbastuXG66s3e9pJa0R14011A4bofy6Ureh9q6TQNOkNegUUdjbGSd1bfNId
-QXRH0+LBV1oaY//v+aBjswy4hJ5oXmQj5jQKFitRCP9jzueyDdMJZ0j0Hhh4ItCz
-FV5zIKtWiy7pRp1DXq9LjoyWeeLfKu+HrEGjMwyTGJiMjcL7oCHeiV/a+fY92wpU
-rY1/mRVLqKqDIA6/iEL2DVf21U7rXY26xxvf4QFImZaYLwKQYLe8TOOjDA/I9bR1
-JJmh54yw10CZAg0EYIdBNgEQALohT1pcSlW4sk0DNfAvur1W3U+TEkevuQnKdSD/
-chKs50nLYRuiVrsZsR28tnr2j41uwvm+Y6ZPYAPSkQZ8yAT0pYnXbaIR83iGtZOH
-P6wdxV39Mpf0T3yD4dOmgka1hynqNjEbRhE/t2fXNKf0JrBUmkyyhLYbQlkH+raU
-gQug9EsyOJxEMER9qZM+Le/JiK5/i+8JxhjPcAQxiKu3l/usGtU6zcVUGjMSqs3Z
-89Fa8WBOeGxDwwSKrn8MyyfEWrbCCF4Ao8gBeFmIkWgoeyumIAA0SYZkFjaltbTm
-sFjVmYmmLXIKtKTnzZx0+jYJr42s0Q8n2ymgSKcC0Cmn+iuKslhuMpWJaqaHuZhj
-K/80BArAYETW6ne1IZWPSsobd/2x4u9iwCkd/SWERA3/KnML6lgOVJfNbFxDxuJ+
-LFvpe6VoSAHlc4fC6+lMroeg011kzjgWX4H94Bdp5svpWHQ/UQ3/YMGvgUY1vy+V
-d28bGzuslsnz5o2Zh40h2Dmpti5s2w7Z9TvLD2RMM1N6PrdCXVrQx3bB9nN7x1nL
-osn+0v/8gfck93SO9PXLQtUgqhhWsh+/TrOiVWmWqLvbN95zWSnDRVHp1P8vKEGX
-I26aokxEd1mVfilQKnHv2k6ieMc1M26GM48uXNqLSihYG2WgNl80agVFU00m/+Ea
-9Uz7ABEBAAG0G0JlbiBSYW1zZXkgPHJhbXNleUBwaHAubmV0PokCVAQTAQgAPgIb
-AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBDm2QTQ9jBBLKxRtw/nDncC5aYVE
-BQJihlmDBQkInT24AAoJEPnDncC5aYVE9GUP/R/QmyOxYIXhjOJGkF7wsKznajRW
-u00xRbbTofNroJcjcActcdd4KZjBTQukQLe+ywDq9q0yGs8qdvNVdoREnwkK7sfI
-c/umJhTmWdboljw07x+NPzn71xLsi8xDT113KlSegPSL6tfkSDqnv4KrHQJb4HYJ
-ex9whcnzW/KR015biH6DifHQfTRw4XqhecneiNCfdaNMTRb1DP4USrJAFIlIK8zw
-guJP0iYnKSeInWBAHgroUcrLucUAdBfoQdARHQonlklQ2y1qxh1m4qitH0MeUK6z
-XoTYAEgVMYJIN26gFaMoBRd19/1WH8p2h2IcecsaCFBPWpI1jbvz9h876cLC6N9h
-hZPZFfsZ4BBe4Iw53eEhlgBdm5aa6SRobthKI8q89DoKuw5ok/tEK/WY9QFzkTDh
-iQHdyfubopjVVpakaNYmJMF6SNlu7BfLv5yc/pHr7z5BA64WKUd4AJKWEtN7nu2L
-Al4jthv23UnJ8x1y0e/ZM1m5r9/leRQz4uFqXEBa8Y0/Ipp8OBnQWNajmOHqO44E
-4/BOXr09FYm12iC5L2V8TxL6HgU+nLRetgssFIWRr9NXhelITdfKOii6qrbLP6uQ
-rjFXnLnLqgKB72gSXCYdHLEnwtskkqKXtB4jzYm2OPh0TstfNRdjaS3wepurzSp4
-UmP42igZx4cGzNp8uQINBGCHQTYBEADY0/Oat2b8EDcNSKPJNdyrQlDQ+N2fyTbq
-1XPThTe5f3nRT1jepYqfsi/i4/6rza2AMvyxPO7AQSsHYlBYHxccqCH2Q90jCTu7
-iUJyU65Kx3aZC3U7VE4+jl81W5/b5qqjvZNRxLgDZDnvO7hBFh7b+jj7x1ABsHdw
-q+zXjmg2mJCBsD4ba5jQaPr+nirvhr/Y744mGpaVWRlg7d/LhL73GRy546DgCVej
-gd56vMsi2HBy2BKtjxIr2nd2yJn12+A5yenuagOVpye8F5Dy7ULFJ6iYe1/NpoVn
-yipv3m0hE4C0x1vIw8tiXR85cb0aGuYgjOgEyLCE9INmMQ0ZZd1JqZwK2IyWiy0n
-DNVJXqkzc3YjYZcrYiBb8dV7kvAf0E+UniIYTYtBU2rOWBM3aTT47Jh6ftss/tQ4
-e0HLeHZpvpWwJtkPHb1jGD/08icZH4XyVxIlEMhziuAZdBDTr7v7xSmqPrw49afW
-iXfROV01j94tFdvF48wDOIb3qIBBbsNddqMvHPTShq2wMHlnylVFM/0CJn/yxezB
-cuQfRVWeHg7lbzSt0HD29fBz7MlxoOSesmJCN+swoSy4nZ1nhWNHEaRh32Vn2H2q
-4ya0rZFEHk2fS6WWBMTh7cjinmklQVxAhB99d+EYCZ4SHu74Ats4LvAsdJwe5I9b
-lOIrYecwNwARAQABiQI8BBgBCAAmAhsMFiEEObZBND2MEEsrFG3D+cOdwLlphUQF
-AmKGWbwFCQidq28ACgkQ+cOdwLlphURJshAAkIdJ2xM7MV8PGs+eN2O0/BYpiCfO
-Oc42fwAiqYQzr9WT3FtB6oSh6ybaN+RRgIke1WC9HxIvjxXWatJnbs1U3iyjBmyH
-vMBxOCxsIm7hyyLI/QB7wB7sdRb4ZeObUeyXOoAKWilj3r2vOTuC+K9+W+uW5Hj2
-H2tnUKOva9F8RjokSkMiCpCVoGT1YWsWwKALcnQBio/GCyzARTCQ2uXHpHyAOdNr
-ohJBJWD2qT30Fk/jnOGCbw0FVb+eX5854zosi8xPWFUHrUmzQzFwoeq1ysg95Fp5
-LwCtorI0ilZlCngFL1ij0OA7IkpZWZfCRYrne26JeMmTXSA9CEy8U8Yhh8Z36JPo
-iff9sE08Dd3vmZAxhijjp0p7H0YpCu5qCG6ACIUKgoqwHV7bjkQ6+Znqs02Qi8wG
-+gMVOE6gmiw/SpIHE8EJMrtp3AOqC8hWdnqtJ8Mv1aTlfkLn7fXmeWy0Q+uzJXLA
-qnB3hZINXT5lI1jxjjydU7YlQiPHKGnJ/biBq+EwMcVQ3UirtjK2RvnFIdqcoChl
-ufsPyEo99VrB6yL+tEbxbSgNOwTNWEuVZ03LVPH+Wr1sjp/Ao/TexcLJuPgvjVkH
-xqMNnJL2kUnMvYnexp1vmocSL/bqr0Ghg5kqMl+rq/hwl/6JliC5ruBIp41Fg7D0
-Hwt0DeJiahaJT/6ZAg0EYGWinQEQAMQJ6RQqrrZgYJ6SIfzJPsC3zFd00C/UxLQo
-aaiAQHEPnEQgjnAPqkvspSE7MpmyAohbUzXVnDO+ycxznIkLz0yYjs/m1qVB6hTM
-w/PlD10ELoA6m3om/2E1vQQI78U3w3evBgVlGLzBIXWKLX7ZsBSm4xoPmD9mmisM
-sM0xhqQzVuGm0I81gvKkIlWHPB+TqUWBpvDwmIdCRuGis7810OBKaMmTQ/rdhg1T
-YZInZPfjeuW+oZ8Lqs4w3cfmyuDbbKQN8b1Qd2d9lJwkudI6KhIyH7uU0F1GeHIg
-i9hZJZZcnlDiqtcHZ5YYEUHEzD6rPAL0LoUFpS6dP4DFch8R4oBpW8XTjg2BzfwZ
-RCv1IuIgd6HhEUcuWj5QGMi6huCF/2WVDEoGs/K32Kyh+1Jg4OOOpuLP0/YqvsRO
-AMbdY80xppR2yMMtpTJPhs5aCykZ8ffHKEsh4VGvi+xFIwuOGElqXoALFPas8N+D
-5jXnJQR1/2zekei9YiM6jDXps0SIChBL6vG05cua6X5K+71YHHlDoUubb+tjiIHy
-FYtzEe1PPMiLl6XtAdqllLqUQvy+McHgdqNOIU+FxbWDWjDtZ5hlDdZ+sIlz3esG
-wl/zQQMdRdTsjcNuElOdl2pMmLlA8CvhJM+IkHVsIHponLtBqN0Ibrw+Sh1kX0sE
-cjkfrDSJABEBAAG0KFBhdHJpY2sgQWxsYWVydCA8cGF0cmlja2FsbGFlcnRAcGhw
-Lm5ldD6JAmUEEwEIADgWIQTx9pIjj7wWZuWlzNQZn53+9v+6/QUCYGWinQIbAwUL
-CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAhCRAZn53+9v+6/RYhBPH2kiOPvBZm5aXM
-1Bmfnf72/7r9wugQAJuMXAsnTk2m4Esda1R66IaOx3hms49hTtoJ3XTkOP0z/Y89
-66mJ0Zp/tjhof74jRwN+Eo9R0Vc4WpuXdL6ZaOm6alc4hYsT+13bO1hNEXFP70OF
-3sithHac8wShdeutBdXGW/DcR8m7CXOsNWdQAlbYnCb3gt2zTp4DTrxmYVP4YptB
-sQBQtaTqHlO0K0UGoHEkqk5PbbOeuUvvBAyeSEvislOxeSCQakBXFVROKojd90Qb
-i6XFlNvZWzPgBHsrVRKuopgiNqfNAKz/n5ruhZcI4SKdni7zmv9CLiBO8P/qqzta
-9Wv52z669MgPRMfODJr7Q9pG6AZCAm99oKCUStX/adKGBnfu0mx/v0bIyK7YSWp/
-8l4ioiulBs04xeZ1S9T6nMEGry8k2qlErcGI59DAR08aOAbKs/42W70Eoxepx8pw
-S8KSyCfTCuF78bDdxXv3uutYb+A1AiHspu+esjJscgcXNRPYruQFBDUQ0aUzVrns
-bePX6i1ZXYkPUTSRs6Hu9K8sJQ+mr5dTEae28szDxfN9mPqlNGbsKc21CsXwOJhU
-IgU6a32gtZ7xq4g/A9DYHY1jSPhKi2q5JMbckQ2qzrl17zXhVISEcPTebQ0Qcu3Y
-S24+k/mAqIGCrlSnFtLOf6MPTtL8JpeW9fiuys2spb/pHhqmlCevbda8CUtLuQIN
-BGBlop0BEADLZJnHlI7dfEQ+thWKLLdLpd0MZBOugCqWjYdUfL89OY60W2C3Lrzg
-fewjiNLxBzwvqmgEYyQURtlV7o04LJVtyO1B2b7ZQYQoC6gu+KV5z+8w1EOs6G+M
-INda/QydjQk8ymChggGdHtWtGzTZ5K1js+e8wJgkF00n9YCxkkz+jJCK1L7w73vt
-YvS0qYea1UVxmGG+cBsfQ9GbweRl6TvSjlmLtl7m6h1cpGDQrnyyp/yrfONLby1t
-Q32lMhfH09XAPHpJWCfhv9dovgHHtb4Kroaj82UAZz2Je2Rn7SJiACLvezWEFTZM
-WClntlHqHIVtmasntzhzzgK6E1IH67DgWR3m82noLpmbYlHAOLmNBsOYRGdfOQG2
-8L25P3HrWV9APikwdPHg4/0tKLgNzhB6yO6dj5Hs/YRsJD0Jn9X+cCNasP5VTLOF
-sZD4J1i8jT8brlf/f367qOte3aFAPQq7OFYPvpFY/c0J0D6eb3FHCxfejVQL4YV4
-bg3HOUGynUeBGwHgyQJw/LY0LdCejokylQZr7Dj8H4l3b6x85UhJSKRoIin+c8aX
-iI7/2CJbFDAIv3sovyMsAhS+GyntxIpYmoAl0jrqRCr6CWCaFl1Tjh3xrJ+pRCSk
-TVq9OASHUqAb532B3Tt+DJzwrlf4qtQDFz7o7lPGXMnxYLW/KEa7QQARAQABiQJN
-BBgBCAAgFiEE8faSI4+8FmblpczUGZ+d/vb/uv0FAmBlop0CGwwAIQkQGZ+d/vb/
-uv0WIQTx9pIjj7wWZuWlzNQZn53+9v+6/ccvD/0RXb7doLc6YilekZcEqtvvCrgo
-/ZDbda1tjRbpQGyLy9J9whIdD7G7lSoGILSd8U18gCL7PZq96tGq75CDy89u0vI+
-IQ1WemRlfrBZb5qkSOGO2Yr/VYVxxjZbtYiM44aJyrehhA3MCvwzyP27iclH7N0X
-sXgJOF1p3AVEfuXHhAVSbR3tkLPe7osXKyDUgUCuvJIPLSglCqPHsm95Xch8PpUX
-JRemPpFnsPIlqDKu/vfIrDMZtnEFBog/afjA6sqmC8X2BTKF6Tiv8KKy0divkwsm
-dAq+We0vkkIMq1PMc2UkDLv8DujpF4TXMvBXO3AWoKPDNt6L7zMUdymto5TIIA9W
-sIbn+aGTfbfSflJlhlzJ53nyzl/x9ukFabwp7jjF6Vyh7KYMQE6ob16JWTo+AZY3
-mvKoUXw6jwGonaBjNkuR9Em/IyjXDx0tiKKaNPdVh8Tg8pcGNt3ssroEKWqLrUjW
-lrso/+QPeH2Gl5+NjQYSIcQOcYo/MGuiikA9GJu088+IgJ8bmTiFgMuq/ZLAuQ6g
-kpZBQXAN2hVIkV6H5IJwp8lbyf8GG0qBCk9Va03+PZjhZLu/fb9EzVmhyX95cENY
-NUE7QXQplsJZqchsBbjgQE38DWiZKT7uyRhZUCUD3h9ZIsYo63NrQNoA+xkz9tub
-+4cXQV6iJi/GqeBTcpkCDQRc/6jxARAA6399os7LWW0t8VwhEmjSj+1L14Ryh81Q
-PEM15P1DrUXagxeLu7FGmecm7r3/0CA3m6szhpIv9qZ8ifk1KZPYkKQUeFxJvfrt
-RfcfDew1Ynp4ansl4+jARv06GdOwkG7EiyVktSPyf0hGqLayeQhmqDl2cxPJuPO8
-JOSDISgk33rU94/QBWA2RRLSJtB3MZupY9Z6RvYMswyRbcYKWQlqZ09iZ4IDqeeO
-pl/YuIWECl/99bpEEoqFD9tNlpaY+mDy2ihT6RWe+4uefbSWfFEjxpGd+x1ccCKK
-qViYggEl0bw+S60RaS+5xEOG9wnuRrVRnVe9EbTYw2+xMdDsBaFl0qvLPY/66Bfe
-D+iZpA/dN2BrsOLLWk7CJ9yCgoHxL185GMLbQNy687bCeVUGDIBF56OKzGBA7bJi
-W6Z+XVkVX16li908TBnLy6DItYIqYFmSgGCAYviAmsq1v/dVOddpdAzDW4RfH5Fr
-BNopYM92FswF8NtDN+VstwWAUQA2IDX3fYwPimIV+xG8ebgVALy7nWkAdsFGPoZk
-UJa+x5Ln8WUOF37kMbNthd/uBelyeDZ2MU6/Eb+z54GOWijnw2l7bnlTysatJ88l
-0dezmN0OQ8Yn3SaDjMKNVs+kifqVlAhSip3/eIA4/3P3Bp/RWtakzN9nV/fUVWgc
-6hu6FzM6ozcAEQEAAbQlRGVyaWNrIFJldGhhbnMgPGdwZ0BkZXJpY2tyZXRoYW5z
-Lm5sPokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc/6l5AhsDBQkS
-zAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMSNQUP/2me0vxA
-BXrqn9uUr/09Cz+HWio7W3b901alD1amIKS4W8cKs1vNe5qHEQKH5Nd/LlYKuyKu
-agKWKrfLG7dguNAEVCya3zUqFiT71yh7BD8SvvUUTqgpTet4fHW8sr+rIYgvrXUV
-Prb4U5DvzVfMOBBO1QBFM1ZS6J7A8EeVmmyysYc36CPoYb/CB6yMe7G1pnE9tqoo
-A4hiHwfrb3t9TeSzKIbKTcuHtGgaxIosp/e3/eFZUi0zPVAQKLBA1rnUHejVb9cA
-RZQSIFpLBbUaGGBJSjNualoQOWPnHCuTy9yF6++B4ToLWLB5r9nQu70cdod21tLt
-p2BMpryKikpN6OIq5Kpj62uAGDu5b/lhhbQV5tp5gxabhIyfoCnLC6JMHwVsppIG
-1XsDtcM4IaFl3bl5Ol0+G0vuNru21e9ydGMHR153hPl5fszWCkWQhHXw728+vIZX
-4KI3uLbpJLDHWY8QGrwGpqPMcqObcepkskejpKZX2JtycoiOlntuMWfLLmL7S+Om
-YnFkOy8G0TctD45wLlfWtJDzRr2p7TDYcQ3oHf0OQMHAQ4qUJXLYyxlPja4PWiMV
-x5I9hLtXfJ4krKK/FJQDccFegBR8vhQVoQ0WFot/Vzo1qu488f0w0tAJDf16+w8W
-FhYnIbwfndGMgfu/nkAZ/NAkD/bAul9NGKBctCVEZXJpY2sgUmV0aGFucyAoUEhQ
-KSA8ZGVyaWNrQHBocC5uZXQ+iQJUBBMBCgA+FiEEWlKIB4H3VWCL+BX8kQ3rRvU+
-oxIFAlz/qWkCGwMFCRLMAwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQkQ3r
-RvU+oxJxzhAAx8TGL+IaTYEzEICUk2wBTISoSMuoF5eZU4x3ZviA6yWG1OLn98uL
-eCGjGCMFp1/OFGZfCe/QAVj7/eBZzPnvVj7JkUrPt4EpU0XOpVan9cVh9Yzds62H
-Q19WRJOnMYO7xzZcempmUsZ5oAGivRsJ42UhvHi409T/ZpRdyOtiWXmdBXIRK9G3
-OuLBhchvFIhAbjfYbFD+gVzdGThU6xHXAfnLoFuyzYIpXzgrDYdmfkskLmTd4meK
-oFVwcBnPWXxUJz1HNxPCI/dY8DUmWjqnb4qBU+JnLq16UmvEG2TdxpKivcoJH5la
-IVnAEa2A3answ7WU5yF7n5b9PH9xFsPJpcUc7+rc2F3D6eY8WY+tSSzyKxuRYF7h
-FeRifwSSjOMDp50kgUR2f/5gGRD8rDSKTtGq9pVDXtIPt2xEnY/SH6O8Mmusmk8/
-bS61t6HPjEZBGOO9LrYbVBcHCZAHRzWuFTIadyh+q330fXlCYHaHAZiN55TEDocj
-1XxlhiLcyRGwDtMnc2IOjJUjyxAXwFwVqVOGCFtop33tj4TCKmMD+NSeLWmCmDLj
-81t4r9+O2A2A8AhEMBCC7m9N6DlDdGMeOyzdDTUTp9cdbnLRc2qJNk8Q3C4/FI82
-SoJtOE0buvA9Jfz5GEU+V/ZEuMj+YYRCz6t3iFISCjxWlUTIH5Gw5A20KERlcmlj
-ayBSZXRoYW5zIDxkZXJpY2tAZGVyaWNrcmV0aGFucy5ubD6JAlQEEwEKAD4WIQRa
-UogHgfdVYIv4FfyRDetG9T6jEgUCXP+o8QIbAwUJEswDAAULCQgHAgYVCgkICwIE
-FgIDAQIeAQIXgAAKCRCRDetG9T6jEo2yD/9PNspNKjiGq0u7CBxY4XrFXYNzGVUJ
-UQxnCZk5o+K1zpU5VCV8XjXBrehwSe/17hAakl+5j+qFt/prORPHdXPyKyI+SM/O
-muc+1AjOU3OPApwrpX0AsYMdDi5BtpXiJ8RGBNEsKJN+hCikpNkUXVlbluvcytCX
-/je4TbnJdRFFSJCdP1YXAzrVbXCVFWgTU5g5SwPEpDxs9Qzvgg35PG/U5QiFSTCN
-CokT1Hdf+S2a+h5nxSnqm2Vn80NyNBy9y4kBBCkU18NzR96cWxiccshR8qS+7Tg1
-EIBFFnheZkR2MQukfxCHliX40pGipyHE5Kf8huYgNRiHsfdYIfzYQx8lfvwRNq38
-QrMihIfcBZfl6z096J6Aj6XiA5VqcKDdD0gVw77KCkRyzBtGt6kSqStF9JYE9RjB
-b375qPsvCVhW/alpScnRtJzVytDT9xeqe5F0V6/GhNvnlgBo3I2p+33gDb5TQOFw
-oidV46lXlAYo0sAbXJPw9ZZrHE661HQ9T5CLtJ+cadITX3638Sc6XcsdbD+upU2V
-1piQ9gUvgCNdYGjcYMXTfe4l7x+6pthE0lb7u+q/nyzTozez0xoCWygMJlETQXKn
-s6EnhMi3phAuUnhso3fWAvwtOgHW9QaL+rx5npad3wGyRo9xqTmrE/El8FgALXY2
-XfggH/zQhIwNIbQxRGVyaWNrIFJldGhhbnMgKEdpdEh1YikgPGdpdGh1YkBkZXJp
-Y2tyZXRoYW5zLm5sPokCVAQTAQoAPhYhBFpSiAeB91Vgi/gV/JEN60b1PqMSBQJc
-/6lWAhsDBQkSzAMABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEJEN60b1PqMS
-jWUQALGWNAhYnuTTAIoKtwPsDab6kJV3TcBaiD5ezXXYX1WFEKMuLenYkCIzRuWO
-FkZR8Rr8iJj7viCPWV5bniicsKNq4Af8YIXq8Qnam30gSkHo+jGpzZYnDdFDajYa
-x7wVKMxUmPsC6RhfEk0JAFXhoqrFOrsuUw+bBC4LOvFzdufmS8klJq4krpYf1kp5
-CW6/DL38YRrmhq5djyiuA8iJPtylxcR+tXSmyGtgltCiHS4EdOOyG0hOsfkHPqIK
-d5Tb7J+pMGimCp/9YV1NINbFpWIG3pF6sopMLU5YHh0Wq7SgfDVmkuPxUaEChTVz
-S9y6k3DwhW7ZRpcSx9hDRwaHFw/eTuSdNH/7CpXKr0o/+zuvq+gpAHbPH1GfikoN
-B87lSdfUdM95QTveQjS+6IFbQR/5pCEAraZ97EP02A2o45nn2bV/gOvZRqqPuJZQ
-8rJ0ryqfxRWj/cRKrtt+k/n0dKQXJt/0g5s+IVgIHHoe5htzsXyjvxfpSL+vut8Y
-ftr8lyCzGqFUZaX5zpsgwpy4FMf93ttPYiQuG/pVD4dSxc347xL03rB+0F6YIv6S
-DKuA9Yy9bj2xRuJb5WmAlb67qwE7urGvgAkMXs3deVMWJ1oH5KB1t15mOU3Gund/
-q3WO21GQj7leALl4cV+oDXI+3z1idIMEWQWaoY2pT7PnUw5ruQINBFz/qPEBEACw
-WHa7KtEtx2KKghel9yLwLx44LRnuKWLjGNrHqjIy6RSWBcOKVUnewtlzr8ugAAE3
-qMXtGd3vCLpEtqDJ4RghBrV9YVLArr9ba4clmSgr1iDKZE4xjR71rkwEcrQA9Iqa
-faOQmTzj/MJoErYONat57CfArQs+Sd4SYJyLTZ+6HdSZVyM5tDooookToZaq/FHQ
-1gKtQVuIkM7229JaVo+4xQn8N+nQCsKvbl/9ATxXoxzsf2UxDsOOW+Mi9qAmSDdD
-pGIsWkFmvZnRPPnLXRkQiCcq703Zt/A5ake4JPLV3ZVvvzhvA37Qz8YE8Pud+jTL
-bvZ6eKh/X3XYkUGjtbDUPfY61HTbiLKcDYmEbtD9bPa9gePhNPXVcpVKd+r9UQJA
-+Oskt5zbNnOx1JCNIHKJ8s2ll62G4BcS76BnPSzCtGuDnW01xPj8Q5qEHwBcpKvW
-j4sRx6DSxhieeMm3FZ2ScCarz2vNY3smDJSc2lOWYlFgQwwzqAsxqA7Lb5VmYuSR
-KKEWB8XnQ2rcoAaUuCm8qU/zfa/yn97eZa9VKMMX9X7tcMAuYRD0fEmS9zjeX64h
-/+tZdQnUq2Jtthz4qInNs/lSSYhCTC5H9FZ9hFe5X7LiYnTws5o6TXejtXxItaYF
-/4Ltdsq/bT5gI/PNqP++iTQFjLDUUoG5S3U8/631+QARAQABiQI8BBgBCgAmFiEE
-WlKIB4H3VWCL+BX8kQ3rRvU+oxIFAlz/qPECGwwFCRLMAwAACgkQkQ3rRvU+oxIW
-mg/8CHGV74oqKrNf0ruUaHWfm1Lk++/CAp6uSZeMOkJST/4Nl5f2O3aPA7XVk4da
-vvHA3IrS053LM7xUUb0FnarKMlKg//3f6Jtvavege6zfG3qj/s6fS/8EgoZkS3sy
-wGHYzy299sgZKx7eF/pkVj/olgDQ/MpkM5scpDhY1rHjvhcR8sLM8O5DkOfyTaEi
-RuphMRF9G21pu3kIPf4C/4tMN0TmNBzd+9L6n4iQooVsxzAohjlIQl6DjnGM5U7I
-o3ufQqCuGOhJNdMPbuaH/ZtLxhnru1kZiHToPoGRDAW8YdjBnYIljW73RKPgMpkI
-iL56DXSsb87qKBLZ3aBkjZO2NxT3GUPbCAYQ/b5JQ0Oeu2wbfYDZ8lr+rATED/9Z
-6mrmPPgmVg+EmXpX3byBlfLvWuknZQgEFyZEiQUNWsPX1ML+VXUS9VkHYngZ6PDS
-PREP+rN/XwsNaCKg76Dx3Vcxq+0Nj9c6qEPoiC4eQGa7iSc7ylHsYlQ9qLrwSBXm
-OoGSnFkpToyEi33SA2FqZqLIvG1+z7sqiTiWbTdjZ8GShAwZDDnsbNUxue9YiYFN
-UwEkJhcxkApawGhNtWkbDtTrvRRAHZ58CMDMRvpaKfGcpF+RlyRumTlEChpi+vNX
-3Uyor2raD12YolIUGbjVdj3vYRkwdvoQ3cZJpZZLHyT9nDWZAg0EWxcHQgEQAJrY
-yC/KKIzplzkKtuc6jCpUT2LMovFvUHp+OdCMN+K1SgveBhxsHgK10fx9Ki1Uvo2W
-jhUAw1reQk/g06wiusJW0bZ2W5rKQKUPJH2JLEJcVdJAVdq2vGTdsVNkvia8O0XX
-zN0tGb2juyjX1HPXUJ5jRBsiPrppeK6+NEizQmj4WYBF6wfsEalJdQ8g7nSR4p9s
-HdotI+6ug6hxStcjK/wwFLRqpYwZQLDbRJVVMDAXIVLmmg8CP4VarIsF+PEv9ioC
-EaT2yynFVYShmbU2XmUJSlatXaHhS3/C6IkKtOWZdU2Z2Yg0OyAUssikXYDV8bNO
-dlSq+0gz+xwmglKGYwMxs1S+CtSnSwbuwmLvN2VMRWDCN4CLYRezmkNW03U2OXRx
-rME6qlk82VNcLjpJnc1AVWBF/Wi4K+sG32e+uoTa7vZD4p5YmfgMRwe3sa6KCNgb
-ufin5idIttHB/ZOZdyIMvxMqEBkjgCOHArLDFLMeMe364uBt7c2MLCPH6+v584Rd
-rOz+Yl8AvKg3+izX6lwXE2VrC/6fkXlW7Z0+gES8YmNd++si5JOjDGqQhJ6h/r9u
-ZVGLYk1LpgExgHxGhG1WXISIrGBd0kqFdkHYAIgTZ929grdv4tFpz4+rSBxTBlwd
-PCKselkX3b0S5hSqAGsyFL/UT+l7h5vlLvTJe6W5ABEBAAG0IUNocmlzdG9waCBN
-LiBCZWNrZXIgPGNtYkBwaHAubmV0PokCVAQTAQgAPhYhBMuvafFzoP6ktTf0cNZs
-lZMRi8y2BQJbFwdCAhsDBQkHhM4ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
-ENZslZMRi8y2o4MP/14vXeLNCNNtnhpbknRUVXrORcKZsDTyTHLx4BJvae9DsB0G
-lzGI4xlkWFXRW9o1/3xG/sHpg1hQ2o5qAKPN8IAJBRm+O/cbyYxX5Jowy1l+vipt
-93ZS9h+L2nEWk+hBT6hnf23u5po5JKPCEWgAqZxCnFivP5/STND9CZ5fXlTMXGYR
-mehI/uGQ1k8qXMLVCG75mMxIbtXVnl0NIoq/mnT8kNWs2y17EKrbhX6tKVdOzsQI
-SZ1CN0+SJeYrfCjvlVnCFQS/wG3OfmfsXIMtXR02sLffhai54jIM/DndaGrsNxay
-GqScMVMnhkU8Tk1M92fwph3JaMlT7mik+fndWkQZtKAuu9j7CNmFhd19UKPbx+Fp
-LIEccYyn0jh0Rngc8Js3ZhIAjaCNpSjJTIuWcNwRdks0hHSuvsK32C+YpakF1G7O
-WWFSSy/p7VGXNR6R/sZgn7oC0qd954BGyaMhxmM7fezhcFYCSNG5D+jG2Ri5KtcF
-Jcuw4tKXDxT1wg0pmk0tLH+ZNPw307Wdzrjqpz5TrYzLTiycxbl+uo4btKe742rl
-uSXVaqx5bVpx6o1i42lGevCjq/n6oBbM78n8gTc4vPrdPjRYONviTplNipLol47h
-rPG2yakoe0PqYKFLm7CzHbL64a3ZCK9K/XWth8OUJbDUGWRHnVZ5tpxQqYR2mQMu
-BE9mqaARCACFSqcGmNunkjQQu3X+yXnTmFeEkvM4JXZTOBdR8aEevNGmmFEfyvja
-DjWi9hcwp4E/lYtC+P7VsVjM1OSX9eq0jC/lGL0ZyRXek+mNy0n5H1NSuTpf9Y18
-LMqhc4G+RU+LcNiZ9K0DJuOOvNLPxW7OHZguxb3wdKPXNVa2jyRfJAKm2uaJJMT1
-mTmFT9a0Q8SKr+mUrrJkuG0H2o6SzrKt8Wwoint1eh67zVsJaJtQFchnEZnlawIc
-qP2yC4nLGR3MkubowxoEBYCZet18aHVVRbvpG2Qtob8Lu5xrsGbmXymTkHTdpvkf
-cJFADa8MzOL90zOxXwbGfbIZOlh5En8jAQCXlfnx2eQL3BSW/6XANa51dbWiEp1d
-1BAkpGKtZvlk0Qf+M9WAi+9aXMe3xP5krxtgnRNUf2WN6Zdy2MxL1RRJCFbytLhl
-0ronC49BsGYVGshdEH8xhBbiIOJKuVZ/DTl9bEm7P9c7CC7iJyVCkhUAhouH6xzZ
-QNLR+RU+QebYzXypVfl99Qk7EdMmr/WAZCHLuvanyqepC5EBsa3VnAfQemSNoBeG
-BKWWLiOsPjvS72+y1z4RUMAfXHn4l/sFMt8zt7/74AmJPwZquV41p4mPO12V4+xP
-yc6RsB84sfsk2QVivU8w8AkvGQeYjXoz7Iwao95+fWteVzZ36KRQvUckP8pGjHlD
-XnHxJ0HI1I/kOBZSjwRwUf0dd73y6erPhbLk+gf+NdI3H9KGJBzG5/rVyWKwUeQ9
-d5ud4jTJRkQGvAP5pg76vEa9dogbpe4W5Z+0BfbiJSnQmQWSHiZddj/t33ptbup4
-4Ck6ZTgdlmFYMLF1hR47PIZTDKEREuKYGci/vq8snZvEJP9YCw/TtiHcMdrMKcY/
-+Lp8lQO0GHLPB9glVhnC0db6l1Xpg1CMI8/RozBMcij30EgATggC/y2zbiqAFoS9
-FN9nXPbe4phStqABEyeZ+nXudt7PUYTjVgcrqo8bHZCisBobWC7OnKyUzxVxzUeu
-PkIfmZuzkLaMw2McQdvwwsNvQ0DzaLP30c1Xsm/7EIYJcOWpzlVJ5QrdmE0/BbQy
-U3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2QGdtYWlsLmNv
-bT6IegQTEQgAIgUCT2aqtAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ
-L3lWvF2gS12XMwD9HuRIolSwIK77u8EY461y2u6sbX36n5/uo/LDQuxoi3sA/0Mv
-pnvzOhv9IufvvsZEj3E7i3h+iD5648YMwfTFCij+tCtTdGFuaXNsYXYgTWFseXNo
-ZXYgKFBIUCBrZXkpIDxzdGFzQHBocC5uZXQ+iHoEExEIACIFAk9mqaACGwMGCwkI
-BwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEC95VrxdoEtdhdsA/1qQb5RZbh6PlIVe
-HCFFC3fMvy56wJ1KC0knhphyZdcGAP9bQFhWGbxylFn7xmnbJ2bpa+0YfzRWwbgm
-eISoZItQ1bQ1U3RhbmlzbGF2IE1hbHlzaGV2IChQSFAga2V5KSA8c21hbHlzaGV2
-QHN1Z2FyY3JtLmNvbT6IegQTEQgAIgUCT2aqnQIbAwYLCQgHAwIGFQgCCQoLBBYC
-AwECHgECF4AACgkQL3lWvF2gS11roQD/S/f3M7YgChaM8SAt79iAPvLieplUBgYg
-uOJjHc16QA0A/Am0mjKmNq3W5P0uA/vB+liCEcMLdcZiOIsNI44eHj5PuQINBE9m
-qaAQCADfZPMpjZkkGZj3BY/7ApoLq4mwqzbh+CpLXwNn20tFNvSXfb8RdeXvVEb7
-Scx+W9qYpiaun2iXJgCVH8fgpZpR856ulT1q6uCG++CXubEvip/eJkZl93/84h04
-KQJwsgOrAh0Om3OePRn8Pr+++0LNS0EL8uX/YHeTOGOnnmTqYTeySBVFdov6L4me
-pddfjekicKQqhL7mZh/xuq29JijT0uNNX8v4vDWQDu5dlAcdd+uB3gcXMD/PginD
-11zp+6wtrWCm/+yBqpvDwXQX5PGUnwvbRfl7Ay3MmwmoXiecZMg0dwTSc7e0lhB4
-HGRHZdBMJB4rHUVGdzqujK/ctOvrAAMFB/0Utb76Qe6sCMlHxVAmeE/fbo7Pi05b
-tZ/x01r67dHfaMSP0riCKJ7M0OW+jAXtu9+z/BVnYisW67WWfxl2cS5tZDgiHgJA
-RXWUOO72+sScHP8KQmTl1z16gyKbwY3SmyBkwcpOL35nhUWNLy93syPoY6sZUTik
-r2bZYukHDQ33XBPs4e6MbWKfsa9qaVmnlOF3k5UqChjutfHaEa4Q7VP4wBIpphHB
-i9MI16oJIzzBPbGl2uoedjwiZ6QeQZnSuOVYZxU2d3lRA8PrtfFN1VSlpEm/VcAv
-tieHUYWHN0wOu+cp3Slr5XJVNjTjJhl28SlinMME54mKAGf2Ldr/dRwXiGEEGBEI
-AAkFAk9mqaACGwwACgkQL3lWvF2gS126EQD/VVd3FgjLKglClRQPzdfU847tqDK4
-zJjbmRv5vLLwoE0A+wbrQs7jVGU3NrS0AIl5vUmewpp2BKzSkepy23nWmejwmQEN
-BFhJm64BCAC/9u6NdeqwFuJT5TNbKVrlVnmHihg96XSYGwl8UPiiYuO3JxXZaduB
-w0955FOc6X2cAoOJrRYv1zZO10nWS3n5CfjUn9rLZ1dnmL87+gZcOUfejBo2EmLI
-VM1yTsLZvigxIhjCUdiQDsUNhN0h1QMwprKAugyhtS4UI9DepsEt9KaqVQ4Jw1M6
-N0b/enkQYs+PHk5TbWUqwdvuGDVeZI2poBo2SL5igUfe2EAOZLZo0CY+tCsge1hu
-+fYxckEF4C8SltQqiXnk5Z/SvqhuRV0lvOYBshwun+6qgC5UJ8qHsfW7pK+Qewfx
-nsAsW6gbuKorluCiRg2hCIwK3fAJ0SLHABEBAAG0HUpvZSBXYXRraW5zIDxrcmFr
-am9lQHBocC5uZXQ+iQE3BBMBCAAhBQJYSZuuAhsDBQsJCAcDBRUKCQgLBRYCAwEA
-Ah4BAheAAAoJEPm6Ctoxy9ie5VAIALXzzB78e3Fe0J83zOfj7VBHRoIsljdnlOPi
-rIciZquOoeOOMpSdwgHA8sdlFxzspEDyN4X1YU2zJ5emE4x1bNSY8tI9h7Xflq6k
-GJ3zlYa5SQ9w97Z0Mnas0j7wbJGeajPmbb6ZFfWY83rowHUuIujql+RN0Av2MKxE
-XXeydOdZGImvzCoNltHWlmoHxI9+oerPOQ+04RxhFnCvwv5HyiN29O8sn08F92wX
-RrKzLcudXJeUZgQIVmv5spY84SMldv/lSr18s3lPlvQDafPjbzUs7Q6dJFiiGdW+
-sOW3MntJYAe9n8X2tly5owMs58N8BNThMJoLhtIm1MNZzoGnMBa5AQ0EWEmbrgEI
-AOF4kVuofaESBahVCR4jWl0wWbiv3RNOUb/7Vm1TXeH8kmkLkIPGdiDSrc/yENi9
-i9I/e+7fzV+NY4B0IzPewUfLUrbrUR43LRBhumNAkpDEaXYQnz+MGYIXj/2pWJoV
-s0tJMauspCJK9+iTbFPENE7nllQb0bI1FZ2nSgCdw3u47o7Dc3UKh0xWrC9G18BJ
-SZbPn9eUZ0ioDZaVCnxvJfS+MbSj9KJfG6xgngK/khSrMPiyBMXs1mSXI+pZSMFX
-TRl+U9vIN9qkdsP1vgin7CgwQa2V0MHPdQap7NszbpG0dduxRkvgM7uK2Y7QCviD
-q8eVbC8fqsAvRe+UDIXbA3sAEQEAAYkBHwQYAQgACQUCWEmbrgIbDAAKCRD5ugra
-McvYnoIuB/9cHKVJhmGe105G0XeYNVq+X0yzSugMfAwVGJOIY4bdkbxSOj67eAc1
-xTH6wbx7KHHhDfDVN/5KHxJSm+uJXE6hi62dY++syPdoqhv/1AMD0YKpx62Erm9z
-qJ3/k5pCPmzFLEniQ48bdZFxaVUZBvZ4c4cq7aE5kY/WfSN/WNOJ79zSo+vT2Rnt
-uFY24Rkplwo+aiq/gEdwKvuOzVDc07G+idozfWIYAWXRgiGDEgUgmPkNbpYLoM1M
-PKTTkBVMjYvEESdkiPjHHcBugV5kpsuyWm6jtbgR2Jt84gq8+qv9gVgkT0xo+Jf/
-9X7so8CXqtI9P1keQ51gXM3lQFXkp7FQuQENBFhJnJYBCAC/Q4RbdpAwRval9S6d
-oIVKvPu27haj4Irppgz4c0NKtnGY6MkYOXwMJmd1KGnV4kU+zJAXCj+4fo0nUnPw
-Ml+vkr6X3KtOOMr9Bb5T1wnj2YieYpA0oEf4Jnic8qQZKz6SV2aZxB/FgS+orOC1
-mDv1xmSPuHfCZuH2JtHA+4y+3XqYt0ZusS31vSsv63HiUqt0c33BMrTdgDmP0ynt
-DnS1Qb7cgwhMe6AVXHHNJDZSNbCWkwu1ASHfrTRUt1ijEUZocGBIEmMN+vdyU4Nd
-5aF/4fiQRoNOq3WLjknaKM+uAJ62AguDzuEkn3z6Ei2rlg3KN/9L3Mzi7D7gdVwh
-seytABEBAAGJAR8EGAEIAAkFAlhJnJYCGyAACgkQ+boK2jHL2J7hpgf9EDjp0U9F
-gpmW0JVKOshmkdJIoF0km4YBKn5KLjVTmPNP2js3gD4PMkfuXMUR2/uDQJvEpgL/
-DqbKqt8TgupxGsMmQ3mYgnaiVwDH0yNSz6rpzYSsvnZxaIyKjpp963RfQqAtg42P
-F3Dje8vlMT7lo7Pb8naUr+bu7PaIsPZL1Bl0lGMymAKS/AUZ6B1eUIy7Qg+/Qcl9
-5+f/4nnQuxTpA5kqcibAAWpM/xbxbpKoydbJZG0opxgai9hvy7hOf0Rlep7cdISu
-P5YcAdGWYSHq5t4RJplGLFlBD4hOAzkTi8KmtjriLEIp7fMG8QCYYge3O32KK6BS
-dWmgYjuINvO0LJkCDQRgXeS5ARAAznHoM4UlDvg6j6UEk0clROZhxPXQIaXsVLwJ
-sk92+ayaDoFF6SPv1cymtreNIJHHZIP7h2WzBk0ION377bGNXg99rr3iStKzJ7QS
-DZzmn+4w0WvUHSql1skCGzkjP8ssiLXOp9phQuK2R2jVNUMGQjxhGLeD04E5johY
-+jR38ljCFMyE2Gv+xJLhXFd7YqnrvBptnBpZRYGkNPf93YS825bLYIHeH9QO8++W
-qBpjMusb8Bc3N2QMta8V3ReUAqXbPrr1l5K6TSaURmSeHkfDuNizgyRKYERpOCwP
-o72bp1tILSTiCpgBn19iEpNvGqwkddvXcWoRxynn1EvEHNs0yuvyPwaf2TFXPzQt
-6LOibq0CQ/yn3+GpoTWgWEVg/jZ+30forWdxzwR9sn9J8y9HIMBrd+xm0Fxqkbx3
-MJqAAWPZt1mVQtSJnTkuk98zK1AuAE8g/6rVLOjbscldtgtYy0bRqrtmDHQMPrNR
-ulekN2NEq5UasNDW+FINIDMCmXVQlPttqhplSeOA+30q+wMiGZkqwuIuiKBfSNKX
-KWWHSCJoDgZ5kpsDiIp+f5NDqoN4GVmQJ9mFeqqVZ90Y1c/xpBZJpd9U53g4vmmS
-Ur5sqW7045Gh/8wC8CqXEiHVWWJZpVn1qaxvFGN1nN1yaus0WIxvWAHYGS8x/uwe
-8q/1UfMAEQEAAbQhU2VyZ2V5IFBhbnRlbGVldiA8c2VyZ2V5QHBocC5uZXQ+iQJX
-BBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAhkBFiEE5gkT5N8gmQfY
-4w2WZZqXyc8qeVoFAmJrslYFCRDtclwACgkQZZqXyc8qeVqENhAAglRrXTkxTEFh
-e3KZwGzRUhszL/XX3xO2jmnFWoRHETLruTuTjYWTJSsHl41yY5lyYGuF8WYn3KKZ
-6CRIogJnenm9aHXh361wGqyooPx6gh17UxQXNAAxICHsPRKx4ygoqYN7gQMb0fJ3
-Qlf8Q5gCA3WRjO7oZJWL7ZOvI4Myt7c2Mg83rPnkCoY0HV3x4KdjKlfmnrrsvHLB
-VryVfwyQ01xTHg8AJvbQfHzKh2QzpRdY6ZfhW10tzXTfznnvC7Y2vseYkzDCOZVZ
-px6Xpsetlvjtsgh1HXeE18SOmn76Sl5xw47F2aGaC1NYmMFbQO1xiGUws381jLxb
-F7V6ftxrHzhRWbXl2JOF4KBft5vlUVA13JMnd9x3NlmQyHuDymFPko8VfRp/y7av
-V88D2/VIC6IurhUZyaPa+MwEynlOHtJivZmcsuTXZee7R17BHfq9kmoodJL9G19y
-8ViPGm+iVqTghVmPt51VFyauWh9xrbHb/11KpPjO+teiyLHQ2Wy2e/PUKxPZjhLw
-A57PcCI7fFxXHf/+ZO/zjP+X/xitPqfXb+dbkp7sqrV9tUrRuf2PosbtDLiu4yto
-EpkNB8KFNrs5VF7xciFoBB//kFIDNUKH5aLwY6fuXMCG+wiJdLKjw6EW2llgKrYI
-kSBXiP1HCLLNlqh1GPmyGW7YqUgPk7+0KFNlcmdleSBQYW50ZWxlZXYgPHNlcmdl
-eUBzLXBhbnRlbGVldi5ydT6JAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwEC
-HgECF4AWIQTmCRPk3yCZB9jjDZZlmpfJzyp5WgUCYmuyVgUJEO1yXAAKCRBlmpfJ
-zyp5Wni0D/93RGKQjWMUseorSyJDJ1Yn3VouznuwE6iBnyDuWeLmfRNCQr9Agx8u
-ADEO/DRuu8yuV0p4KAhh3bF1MPYfOe3bV06lSqRu8AwAUiUAvoOobuLCuu7aRZbv
-GXPiBrRnNnjY0xUnIjHZQmqHGPnoVlVbrhHsOyr3VXxDMSSC0ZN4K4as7F6ND2nj
-6o0Sv5cf8GBw1u9ueQC4myfEN8n/YfiznRGtKh9cbHUj+xuebdZAQqBrBW0/LDyz
-cxTLas7ok4EILEzDTnosDqz0VCMOMlUDjubL2dPmoIzhn9IpJRtIXkDAuyxihQMy
-iBbcVa1eoUoMB7e8tnwOUb0QUdM2Rui+W1JD9P/bcRenOh7ElYoQDqV9jMqXpebh
-w4J6qunhmzMxuNDKDpp2lnBayAja/rmS2NRXwJa9TZeLMoqlxd+vqwNnud0FXD6d
-p5b/SEfoo1rVFSDvsXKQBSmeTcFhETvqEKBjZKrlu1CuMfIzvHs5GLP5wumPnCdw
-Irj0u+mr5z+O/0gL28lSw2pss8rfJkjLJ8qoIIc+or6qlhPNdItdNwHxQow6JDU3
-dLs6QnC++FTeaRbL3iOet8Vop2yKALYD7xR3dfDX2IJMi25OvVeLP4dKJw/KRInd
-txMQylyjlwWc59QcOe8/2RQsckpVC0LOfQTBU3WPVV06l/JdqWoZi7QtU2VyZ2V5
-IFBhbnRlbGVldiA8c2VyZ2V5QHNlcmdleXBhbnRlbGVldi5jb20+iQJUBBMBCAA+
-AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE5gkT5N8gmQfY4w2WZZqXyc8q
-eVoFAmJrslYFCRDtclwACgkQZZqXyc8qeVpUQxAAnDw/w62tH9B1uKqrtGWHqK7J
-kasiNvqW9bbF1Oai5+1VGXm8kWi5Ld5KvxN3pp8QdjH7Z9zlvWMxw1kHI3Mx7ZCj
-633lPNiWtd0xeb7rch1Ek5/Uasy+X7cfjuDmdB+XKrLJ8qYHZ5AQOXGthtrNw6p6
-bYWT+3tmId7zxBB4OR7xOxrB9XMje9xH6eMQCZbRUnRVbTQ62fMSI8PYlJ55dD2u
-mMRSrsuQLC07/U+soQD/PNqOX1tY6ok1KSquJfxgoymViIwYFEGlDw3ViEjYRtKq
-CvxlDaUf1n2iTHcmBbfWxvjRksfoNEV2Dlpp9zhFYGuSe39aZF4HIjnR2OBTERlh
-hoQw3H2lgU11WpP4jJVm6zzcFHrt+9VuKTJGWgx6tEahW85F+XjwnFKnjh2T8+aq
-4wEpDqw66e+Q+WYaOlHDBGjpgNxPPNy2UAmPs4fR/Z9+FFCKpWto7O6Z6vQG9LmD
-lXuRfk4qx96gMyK6X262pRpxA+pYC2yWsVN3lE7tdy/8YFHx9o6muJrwwUuIPqwa
-o+CdkHG3P3451BIp7bthzfEBiRKZDUhQI7ll0NA5o4nZe9dA83FWcvljHB5gDXl2
-ezEl17xsFFfkQuSq/z81QE5AsCVGPnHplNxP/r6fqFDhdTsbyEiihBdUB/aeuJMh
-NHszyeUrFc+J84ughPm5Ag0EYF3kuQEQAJA4YiAQSWtR5pdzAd8gw4Oyb1WwwAOg
-YvcOV3sptLKiHTOtt1Njv0UJc832V7IN3+GuumY6LdbdWsRWV1zcOqfffZGbROcZ
-NdEHKus35lAzOsq5ZmrZgiJrvppVka1u2Km2uw6YFieZuBVxk6dPDafJzSYiAmhu
-x35Ox7WSI8zK/eX32k2l7Iki2nbz9KNpJz9HLwSz1kCjFPPQAyPMYfNJpuqJrJ0m
-8tn5blHroEijaCsSanaKlglg+W69GKZN1MhvYFHKCVMkJgtoFFLPYNZLMnqv8Rpa
-03CfZe3OSNom8n60a2n1shOWYP75SiwX357EpCK1ftHOERY45bXkZuhIoOpVZl2z
-l230qKSMrxvSGJm4GObUV/2jL6TnlHG6sfVn7LqdTGGO7YeQf10lyUArEYNpNZzJ
-ex4KvTFa5pCgrl9SL1gZgIpa8ZQKnZXakgPvP2ScUMmqXQ7cPHnFdDSBRRtrQsaH
-ZyXJeUVWURrDuIDY0FWVuh6d5LaXAy7CZKTYZ7B/MivYZgb3v/ygX7ac29CNd1u2
-yTCaM+q4OdhQ2zvfTWZiyZfTfOZgjzSEr4WhxTiynMhaUTp7ntnohEfDi7/zNuJ/
-9p76dUlsJIb/ojOhSE9cghacV418QiEiTNaGJkzPXuVo99I2QL2HIMA/SmP0xs0m
-aNVvwT4riEIlABEBAAGJAjwEGAEIACYWIQTmCRPk3yCZB9jjDZZlmpfJzyp5WgUC
-YF3kuQIbDAUJB4YfXAAKCRBlmpfJzyp5WupsD/9w/5GDNp5L6FyzDvCtKufWO7n9
-0hN8GdlR8g3f12iozn10BRMiuUamWCPpm7/8SOfPl6FZX/ct51M8lEQmgUWj7b02
-6cum/GNwEcPMU+cAWA1WmNMc5R44nRVTZwydTCjb8J+vFeKmXV9Xccxwfj61HmRu
-WFaBgksNWruGKhrmD9FbhOQHmPaT+nP5gu7EriwCe4s5Gs+iDYiFu4XCXET12NjX
-cgkcM0mN+lACO2VZynq76StXl6y4acEm2wYEuP6IfrHbvdKEG99nSUVU2Wf509fA
-kek7cb7LuaxbfEOG1ZFx4g2T7668/ZDgqNaXtw31zm9qETJRd6GeofjITQtyGb1U
-xGNFiutiORq33rhnTAb3CPgRaUPqa7+22VTlP42ZUC+gxH0Nk9njXNsYmD9XSsKK
-h+oXG/I9zonbPPMT3y8XjCD2QYAi8scESSFvAoUof0fb6PT/hzZhZLe0y8vgFUJu
-UFf4Jnb8CZ00t7Q7D1AQO1l9qTLGG0BA81skHa5kgIKRsOZ2h6s/oXIxiulbGFv2
-x+RUHjin1DxOBFT6SHF40BP/yc6yfLCZDyEw+CPHCKzKNg0nrLKzg75A6KLQucAs
-A9o8ys28FYxk4LZui1kyGpktFLIQBw5PbZ3XcYDw/Mnhc120ESQu7AaBXC3AUSax
-erq5RAYJplqOAGyLWJkCDQRgZSYzARAAtsGzvzyAM1UgKdpJOzF5s6F1UUj8hG54
-zeqpu+56877oIf23j2bnBupW1zMUbAo+BkvcS3BmaEkGYU/9hiXcvmlLe83+rMpq
-SVE3ID3RFZn+bk8Vp0JAYNAXZuofMcL4E2Va3X8Mu3+43wLBklysxJiXydi+ix5g
-DCNyPnLHT6igR0s4+oWI2WHMF0qdkwCEpKSiplfZKZGN2Sg6CQnQ2+UOm88uMSvg
-SO1xWyDC1ghJH6VGrBl5T6Ff/ar1lq90hrZyoxOVY6FYAOYqoDFMpsndi/c9wasv
-PpirZncV8l4NztKOvMRvaO6XI6Gr1W0VoqhPU6mXMGq/uNiqC+gXIVmJTL3mfUTu
-l/rpqvcBiY0dxvfTxHB7RelqJjFxoni6m1M/1ltBoqC9+75KijGWGdLciE4iWX+2
-ptieE4oMqvJJNRxuq5km10kjgXCF1r/mlZ50zNeByo7G3+o8fdVXf+eMg+4cqM8B
-LrW+Pgs/zt0fWd1eqfzn3JwEy1wnQ4NYWDY1qM+k2XJcRk6WSae03r6hAYakPLmv
-0Fxyches2t1RWFyOAtl7Wlel+nOx9kr0aYbJ51WRDFkgbGXnFvrvd9XmpkIs8+XZ
-llu4wrUKg/63Mm6qPj3rbM1vg67MYN8xfXTzNx/htV3OESC9SuD4Ua66Zfh8GbbD
-oFIiSzIK1z8AEQEAAbQjUGllcnJpY2sgQ2hhcnJvbiA8cGllcnJpY2tAcGhwLm5l
-dD6JAk4EEwEIADgWIQQRmMARdZNJel7FwZkoavH5iXRp3AUCYnCdvQIbAwULCQgH
-AgYVCAkKCwIEFgIDAQIeAQIXgAAKCRAoavH5iXRp3IY5D/4mMKbN8VdyPyiSkgTV
-B3Zu6GzLl1tapw2fzlzYeS9vE9D8vF03UshdE9hKQb0qtMokblaU1cBPGrKWWPqv
-x0sJbSAZx69YKfZAiJWfHsVgvATwfMgcqlpdGHqRnEEn8fKta0+VL3GKwXW/aHAn
-dJ6JLT5qJ2qqMoa8VqhT5CcHo7TJ3CfMXDw7dI5TiE/MOIPuRUEwyw2JXqM2GTqS
-pX1dz/PMPP/UHM2BMgT17TSSL6g69JhHNVcruYypQHNxFOBWqg5lP8iXutqS/SJ6
-FJEWfKX7gLyfdA/Zj051ttqyE1i/liVfLti8Q4eZX3+/tbQn68T3jtQiYyS/Tjq9
-/8t50t1B74FXCe8/wlScBpTazngJTxkDFY9kNScYgaCfwda9/ZF9TmhJ/rGoqpj+
-IH1nWHyU6kvLylngrr5/gNqgwmc0g4/n2twYcbWBgsTX8ATLSoxdRF89hK9fnJSF
-S6pXp3LRMrMrkiHg/sFuDkiEiK8At3s0eMFpyBgAmDJuiGotNtJPvNeMI6gAEjNK
-lMf08QXbygqhhzO1BFYPHXg8QwcUItXieX2hdkMySXmVLgBQ/IaSWAQIx4iO9uKI
-MklGlzbE7ZkSMLMrU7pnWBXJOu7N9aYsoLCx7rc/9C8deso8sbQvkzwu55rMyiTe
-14JvH6tFOVQrpjLMByXnhzFaq7kCDQRgZSYzARAA7Zul4lU0CKuVKTVF6Wrncrrj
-BI5BNYSO4cv4+Di/nb/F24yb97SjTh53CVHfnYsVwRwa4lmVJTWK3MbRDCW8T7OI
-8PQrmWnyuk57e5+nGyhhv0U5z8Lwy/ozhqftZ92gR7qQmguvUQXJT9Hr2DU/a86g
-MuDSHPQBSxAh8uKW3QUChM/QOukzVJW1ekYo4SFgo7vb71a0IMBPTNl1l0/0bpCZ
-Jp8MFopRkwpNv2fQUXM2clEunnQ9YKeuhQapaRBefNj5y/u6ALY8MGPDQWIF5EJk
-xML704+IY9VU7H/8oGXPDdkzYtrF+n32BWkiRXeMcXyk9AyHVHJCNtJvs8SzMHlW
-Tr2+pBVed/8Cgw//S3ygqfJr7360lI5a5CrTbSb28UI0QIYUU6RmhdIwzpkRFz5R
-5+a/wT7BcpV9uBSbdlrBZ2tjkbd4KLJtj5F8t6ea/1tVXasIEVRcQIles8xDwFKa
-WP1Hl8Bla21zLCG9aBbaT4G09AruLY96T1bHvO3FvW1JQXE5e11tyoZV7hMDoaOo
-3FCM6p6OrOObTzird7S/XqSBVhDeV/mOQceD7eKXnMGMT3r6rvfckyWDpbNLqnXn
-vU8zyLnSG3C8rGb0B/CfBHzObq6lEHAjplzyY3mkprXk3TpQp9duH3l3epudHWTn
-nuA6aGmSzscREVCYxucAEQEAAYkCNgQYAQgAIAIbDBYhBBGYwBF1k0l6XsXBmShq
-8fmJdGncBQJib+7rAAoJEChq8fmJdGncdxMP/RRqJrNUEM5Rg/8ZWkArMMhAzZZh
-ZbO37eOLLPUYHzBCQmU2/uXv54g1xhxYpGal9mI3myKNsxdIkTe4PfRJee4KG58R
-T6MSUx8/vWjTNDJNPusoRFnpCa8znjw6Mbe2ZJPzRmkEPrb0Cd5weGTqs/DOh2i4
-9ErH9IEE8Dqegl2fybJzcWPUFQkMXkIEhovpIFKt5HSdcWyGnuGaxhzjoHWuGCKP
-RztiIU2WNailldhRwLp6tVpYVWxmxT7l15MzigWXuYiuS4eG0ATuQHUxs4PJjL1K
-+g2kubxH54hhY3OaXT2olh4YLWpPcqZa0p0lXPRiUXb6pfJdJUwxpGxnUqcPvtA3
-tktM67OwNTi2mwE8WKGKFI3DHtkNG3y5hn/OuHhveTySu4DFAEFvlgDwJAhrPTR4
-uMuzB0hCcAIm82EpitV07aD1s8zZ0DIruHoZ2SWVVNTBlfreBP+dAgIG5U5HRdBU
-HPS4mUQBCHmmuahe4IHPtQi/6NHgypW9vliDd6TFGI6jje4gk0X/0jtJipEkX9Be
-FTQXD46DnUQp555g2lfDTf415ln5VfEGhkWvS7K09uQ49/NfENK+rLG6w8pWi61h
-CrmdfU0NU6TQBB/ZTwprTR1irAT1NRhR/k9glMuJDON41ieS2ZYv58KcXSCMmqGk
-vDUrjyK1dYOElF2LmQINBGMOFOMBEADgKtI+ygTCen92n3GGTQy/rqhbH1hss+qZ
-J5rYcp8Uv5rkEp85jEhrZF2nWUiiCc+WYF17t1C1pPxh8ceONbCGnV4hZxC+7VCL
-uFT6FHYE7D25zRtig8YnRWxahrpuqfk0W/yfajCbU+VbCRddmmLqzb0Ombj0EbEO
-47uRFRIk584dqYqfxYG8lxtxX1YSf4aUu+R/YoRd1M/I9Nq7w57nrIzYc2nFlwPA
-j77Oke8CBZpXFg5pKWOmaiOkh0jlFCNIrjyFC60WomjfOeoHsKyX6Z/Zr3HTewDR
-sFl5XkHjpZye8BZ+0i1ZAhAraNdWTi19Z5XJVoIVHs62a5tzfWpmbY7S4HHUKJfs
-91RLGinBXJ6IztmAvmgiwuH8nyA8fJKQ0B5v1+J5H2VdWd6QAuRZUa2LyEzVrPxk
-FL8XRoeOxAHRNHAj7k2Shz3vGdcgQ7AKvXjbnK3rYH9eAdEKL7lWJPoipAhB+H49
-dftxhH6fsLaLW2UdLbl1iiwHH5ndh2KAZBqEShJuTYSQ/M+0hBFK+9o3a9r2ly0x
-Dhs3gf13sfMD20em/ExSrdj08umqDpKUijpe4Skxv8jknGyik97vBwmbqswofu+/
-yPvrMpJz2haK2w/8IJCa6ItOmZ3Jk1w4qO5t8RynJ9MLvp6QfNPzmvJZ1U0cyml+
-QwdO77C/gwARAQABtCZHYWJyaWVsIENhcnVzbyA8Y2FydXNvZ2FicmllbEBwaHAu
-bmV0PokCVwQTAQgAQRYhBCwWx2Xb5UoIgTDxvEubX2ALVfO0BQJjDhTjAhsDBQkD
-wmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEEubX2ALVfO0Tf0P/ilP
-+QfJNlvRzT90nD7gL3elOKCL4FI5NOtU/8ehi92nWAtw/w1/dE6lprexO/uqdnEb
-gAlbwShZTwHHce4K/bT+ETAz2+NU50KqLfXcSn+SuXieSe//x5j2WZHyaOBFVoCg
-v1IW9TLxsmuymEnbD+tMAxfgQorjUChT0oZebjZxTl6shYan05TOFJq9Mqmmyfiu
-YGbq7D+d+Y2gYuK2Gay+KEb+1c3f1G5/lhh4cQGLVGMv03YTRVkArBb0psbkLzKW
-7t3D/zOttdCQ96a/pxai4Y10/ezWCYHKhWqsErdRTRr/XdTRpPjC638GpDlfGaq7
-1F9A4Qrd79DtfeQanZl7DDRSt4p+OjK9yx+NX8cM4DP1PGKnQ4J3UG/IZKXSV48t
-JKjnjNI8kDxqvl3DnTWN4qfX8hl2X0IP6HFHS6qnnH/TLZBdhwLovYZuRGRxSSmm
-jUdWN2emNqQbKKn3KUqY1G8H01vF8o0Y8LsHgyEaLHmGj08mCpHeXCGCQsz5jvXU
-j8k9WDB99SIQBLCWTteAZ3ruzRpx7zB/EPHeZNYznybaP4Es2O5BmA3HKdiGwY/c
-ufrIycqwaRPXAhjVxHcJTN2X1I+GWhFmNizQwWplDTJywcMVpklaZDQ/O6tER6IX
-p3bVRCJ3qTGUDdzUBcwo6FX4i2VcMPxwDCLyNlIbuQINBGMOFOMBEADIuvI9EXIv
-tY3yrixE3kqP7A+fSZ/QbYAE13L3gDcdd+CXOq+gy6nqs5l6vB0n0KpANbAUv5RC
-AIt/a4M06vzC4QyOSejeb3/b1/ELDoOdTvqN4QR1YusGvf/hyA5t3UY5GL4Tt1wG
-RBZYlbn8fMf9BcxX5tGSW7UUJ6raHTYKS8KxmnGTdE3Ata2s3oCpq35iLroRENzV
-1ugYIZZaLw9196aN0fAkFNn5cVUFv/hTJ4pdrydfERxXcxXHuMnwXW2m321Y48eu
-XzWDa2RzuTsmNXN27RoDQBydR+jK4cx8rcLsHJaBiFj+WpX6wEJPhoiCXa4Unrlj
-LNjbF13ojzec/cXkqVjVIrMwWF3QmcCSDfo1ELmMHD4CCiAqqPL1tHClJbKbrlix
-ybs03xuSTfxF1ZqhjWoUvThPG5JOA+hXMB4Ne/pJu1SMB+aiyOFJXGCdeE3cmW1v
-3cV5w8OgHhY/ual+8xWZwqUmYIWQB1GMAZP1p9E7XxixMbJI6/WQTBsdrceDTG2u
-djk76En4YGHAVYobzFPXYLv2KheU+yanLkXZnoz7gFB4IvuVaxwHZSdgnGoSaIoz
-FiCpNN8OtAFFdVI0O9RbzDqcnSktONqKnpeRWFCeEsyMZ6cuYoxbar2NjJ2IL+HN
-BBS5nfbZ04Pyj78fpGvJVAcpF+MZ7T5jmwARAQABiQI8BBgBCAAmFiEELBbHZdvl
-SgiBMPG8S5tfYAtV87QFAmMOFOMCGwwFCQPCZwAACgkQS5tfYAtV87TJ6RAAo0ms
-AmFVeSSPzxCYecFw3peIu15CAna3VidsZZ3W+c1Wf01hZiphPOLxUVXNr1VzaBos
-40xGJ0woIX3tC71tyzxinaUlYpZnE4h5otS0P+Qbm+NHqReDfcVnPoP89551hfH6
-epBUgmm00d5+FNbuTabMsIO3vBSk+Y+p7zbY9bkHFq5wB+JYz6vfxe/3frB1zvx6
-j0M6ehMrG1/YjA+z9L0+7etcUy/qvW1hSkdBtCbMEv9EGDzjhEjxP+wZSJ7kW2xh
-bFUzbM2rFGodb9sn7z9sX2Gf+lVwuXynHXm56Rc0Zrq4e2MlN09UQkjZT1BT4bEc
-K/oUZjqWcMgGMRoH8Zlw2v8qUMqTNBs07kC9+4ujSSz69TJM5R1Ryof7mucOeRzn
-SSqk2bMRefe8kkLAKsKb9xYyV0ComRJZUmxLDy3EMlzqjlVg0IXTT1Q0z5VdP9dB
-49oDQiz4DaAeqAz8PgttGz5b63JM231DUUxdrkuneb+jz7LCIeL6Kb95q+Uozij7
-nFajgP1ekqYyJ6WloxrPEGaW6syrXxGPcQwsDlDZ8c/uwTBtfRkLVuznVvjaVx8m
-6rQwdwE4JJFpr0tHJ7us7MEcYp21/S/1MD+mvG8XwPn8seRnTEQrGND+YkKIGvEi
-AooHYYZVpg1Aid5L6wwqjpnO1VYX95o4BIZ/9GyZAg0EXrb0LgEQAOX87ju0d9lq
-npjc/B8j3/jB79MPAkuoE/yMzPcAfyzl7ytYcgjBclqjU1YWR3hWdJKI0Qx59+Ss
-1anIJuOvTo0Saanj0YJSlDCFPUO5C7wuEqh4+EgacAiy23LUtunKVJ9MQ7t+TtKe
-RijI84KK58RcM4ukHHwbCb9ww1mEUjTlcJBJ/n70iNoTGKGCZ18IpyFvK8atSf1j
-t67k9hS2wS7VJNqw3Orm6xJDqGi3fMFtWg9ErxrtNkIMYmrO+ofRsilUcpUrEDyv
-2Q/FNviOVE9BXzVVJ7zxOCwjMNJ4ao6Ezk0NOZU36qv0Bg8B3IWN6axWMwUQvfh0
-SAzZUGxfzuraG86Rj1z21PJwJxQATIRhERfm118EAVxwP/xz0Nwrr044Hx0Wi8mX
-6qi0B5d1rf08VAUoJ/Bhr7Lfbpjbi0z4mvwZh+ydRrowDoff+g0IAamzRVmcFVFy
-OdLM2iM9z10Ds6dPvi6QVvTMZfrE3l1MIpFb+YuOeU5AQFbl0so2HaWP1TMb/0pQ
-jhXh9WwSOfwjG1QyEibs4CxSMbJ2TwPYLNo9QQZnBdPMPBUfa0Jkahw+NnztHjEN
-sHbsr/ic1Zvi7HuaUTCKzm1oGeiIqIBXtH8WrQsQlAWiJdEvu2YkKAyjxUOD9reL
-4a8NbGve1MeNC1T4onX5OqJ/dCsnnd19ABEBAAG0OEdhYnJpZWwgQ2FydXNvIChS
-ZWxlYXNlIE1hbmFnZXIpIDxjYXJ1c29nYWJyaWVsQHBocC5uZXQ+iQJUBBMBCAA+
-FiEEv93ShkKCT4EY73eQm2elwSIpEY8FAl629C4CGwMFCQeEzgAFCwkIBwIGFQoJ
-CAsCBBYCAwECHgECF4AACgkQm2elwSIpEY93YRAAorek8NdIxkegDBXSrVVR0wA3
-FsT7tMT25cVDHpV0NnGVoRYRQW65rjW7zPAKHe/oXk6MOuVbCg9Gr9znJa/KlQHs
-i0Hsv+6+w6rLpXw8aQfikfFgLIVOELY6/MoVcao2vEXvQ0gDPo3JKVA+W7lMrY+s
-LUyJcww9yI1181qBJRlAp5wwyKPiqNExHKlxRklMSR6vgJHocL7hSWcGPpSmKMqq
-5oZkwB73mhEktXAI6yEuAeOKEx7XarBfWeN4BCo9BHgpnslR5pjgzWjKbHK5k+XB
-S0ApKi4dDuzuDcodqhIhqUhrFj04LGznYfnLa7IVuupINVY+HX/OBd9+a7qEH+hF
-7IOGFwfjv5xOCfbdzDzp3v4G6mluzTmDxByNta/T30hFtWmKsqY5FP7ip1eN6//D
-vhZlQVcpbs8WEeivo8BRvbMBy6tW/hFMhWxEPrA+i9QqCRt0l5f29smtnJyCcZPi
-3AvtZI8qK+fgFgEinbz+NnOXY62JLJl/+GucSoWnx9rgOJb2ZEDcTFuN8JCo4YxP
-AvACSPib4CF03nnFhAuyP/qnPcDKwFGhLUT++3FIilEACZ/dSGEylGQqTSYDl/gy
-xCpHslnZt6f2T8ZMd4fuqyrNvWT6sTARjwX3VCCwHNPnM7ik9DWsgZM3gIFrtBwk
-fd9zeL2tgxgC25WWkJS5Ag0EXrb0LgEQAN1a0LLbJ+fKNIFqwxsjNM5X5YdyPQMk
-kM0mMZzLgZMz3yCSUFw/ZbfD6ZqRfpxugek39M2l8BRA8eWo0TiFAq2HdD9yXBfq
-iWc1DFL0ZkVgJtSM8czE4IX1EON7BRwin0BkOChn+PE0JWKdvrjyo6bZ995YFyNk
-A3GlUxSyoAhaivPFfrSoKBUSXSiZBk9KzdrS5k76ZlhE73Vej1S5XCz+Ssqj6X68
-3iDqTWlkXaUJ8EAnwv+b81zPmnjfxnAWYxa/Hi+vGWxDgDhP4El+XJSLjcEB5JWt
-0a1UkSKXigz7LkYib1s091mIkTPsNmtsh5c2opGMoWJdwbZvyqgM3VqrlCIkLdGi
-Thqvhh85kKkvgg1Bicg0d00vmWlzJ4MFhkbt0pTLY7hp+e+PF3gWey9inmqbiz52
-Xag8PQav7opOi1fb95Wvi/BkMZ6v5nmjxzQEe+HaF4UjZG1fFwVp3Hss2V2DvT2Q
-Azz/JV1Aj0aNFo37VAVebKqkdrxNCRQQg4p630kwEImRwJTYY8tVNUlVQPbdVwkY
-JvdhXjsVXApPoxBhU20S5qevxMiI/2FhEHHgm5PmokSaXiDgII7Gm4sUgoAreslv
-OmydpQeGKSOU5gZ1MQtvfBvdcQQfV1klnCTtYQMV/6lNUXEx9LlXzaQ3/Ah0LC0X
-SV+8B9zz/A0FABEBAAGJAjwEGAEIACYWIQS/3dKGQoJPgRjvd5CbZ6XBIikRjwUC
-Xrb0LgIbDAUJB4TOAAAKCRCbZ6XBIikRj1+vD/9KA9EvHdPNyDk8jU/dUvPYKqLc
-QTKA0cBpDcv9+N0bfVFijBtw8Hpyg+23Q0XxJuwpgL7N72HLxCJzrpfIyucc5j99
-+Wrh1wrbqdynkKJ9hM24lMhj2ZHaP42oN6At4unLFGh80a+YkJFjTxh9jORvtjXp
-Qjzq+j+8isQ5i71yT9WTzesJBhtrLMVQrgOND5E6AS/IuUEjOHt3INuG2HFJp0jR
-tdlBT9ZLB+zoTJIIMARUqZGZTgF+rehVIsTXed7fdWidMK9GKN9SU+cBWZ3vcb37
-lDph8bCmRb/aGlby5hBUy6KwrSXF/V6VsyqWiccXzt99Dq0BfuSE+VCKYjHToyw4
-j9gnlrZdH2NMwyUgicKbc8GLbxGS6tzYrSy2MD+BILQD+cnpGgAyD2kbcEm6ghGW
-LTTi11cotcr0uXCLiPZwWG28ychx9HxXvvNUNArvDSmP26uZqo/WZFYukaaFLltQ
-ocI5PEAkx2K4N+xb0y5Ht/8M+XNO/t/pAR+yHWNUpZUgbZ0dujm5hPdVA9U51cyH
-MCucOl0sN0+oO26re7e0ZTnImjF6HBzgN5LhDmccoT4rpOFJqrW77hOMhvIUkg5n
-4Sd63wbB88BKsPXF6mRUEPcHuvwLr5jAE8QSW6sLhphAbh57GXdFtudEaKvQbGW9
-yalYwuj7Yip5XJGttg==
-=jLhZ
------END PGP PUBLIC KEY BLOCK-----

SOURCES/php.conf

@@ -19,13 +19,15 @@ DirectoryIndex index.php
 #
 # Redirect to local php-fpm (no mod_php in default configuration)
 #
-<IfModule !mod_php.c>
+<IfModule !mod_php5.c>
+  <IfModule !mod_php7.c>
     # Enable http authorization headers
     SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
 
     <FilesMatch \.(php|phar)$>
         SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
     </FilesMatch>
+  </IfModule>
 </IfModule>
 
 #
@@ -34,7 +36,7 @@ DirectoryIndex index.php
 #
 # mod_php options
 #
-<IfModule  mod_php.c>
+<IfModule  mod_php7.c>
     #
     # Cause the PHP interpreter to handle files with a .php extension.
     #

SOURCES/php.ini

@@ -15,7 +15,7 @@
 ; 5. The web server's directory (for SAPI modules), or directory of PHP
 ; (otherwise in Windows)
 ; 6. The directory from the --with-config-file-path compile time option, or the
-; Windows directory (usually C:\windows)
+; Windows directory (C:\windows or C:\winnt)
 ; See the PHP docs for more specific information.
 ; http://php.net/configuration.file
 
@@ -58,9 +58,9 @@
 ; An empty string can be denoted by simply not writing anything after the equal
 ; sign, or by using the None keyword:
 
-; foo =         ; sets foo to an empty string
-; foo = None    ; sets foo to an empty string
-; foo = "None"  ; sets foo to the string 'None'
+;  foo =         ; sets foo to an empty string
+;  foo = None    ; sets foo to an empty string
+;  foo = "None"  ; sets foo to the string 'None'
 
 ; If you use constants in your value, and these constants belong to a
 ; dynamically loaded extension (either a PHP extension or a Zend extension),
@@ -83,12 +83,11 @@
 ; development version only in development environments, as errors shown to
 ; application users can inadvertently leak otherwise secure information.
 
-; This is the php.ini-production INI file.
+; This is php.ini-production INI file.
 
 ;;;;;;;;;;;;;;;;;;;
 ; Quick Reference ;
 ;;;;;;;;;;;;;;;;;;;
-
 ; The following are all the settings which are different in either the production
 ; or development versions of the INIs with respect to PHP's default behavior.
 ; Please see the actual settings later in the document for more details as to why
@@ -100,15 +99,20 @@
 ;   Production Value: Off
 
 ; display_startup_errors
-;   Default Value: On
+;   Default Value: Off
 ;   Development Value: On
 ;   Production Value: Off
 
 ; error_reporting
-;   Default Value: E_ALL
+;   Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
 ;   Development Value: E_ALL
 ;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 
+; html_errors
+;   Default Value: On
+;   Development Value: On
+;   Production value: On
+
 ; log_errors
 ;   Default Value: Off
 ;   Development Value: On
@@ -149,28 +153,23 @@
 ;   Development Value: Off
 ;   Production Value: Off
 
+; track_errors
+;   Default Value: Off
+;   Development Value: On
+;   Production Value: Off
+
 ; variables_order
 ;   Default Value: "EGPCS"
 ;   Development Value: "GPCS"
 ;   Production Value: "GPCS"
 
-; zend.exception_ignore_args
-;   Default Value: Off
-;   Development Value: Off
-;   Production Value: On
-
-; zend.exception_string_param_max_len
-;   Default Value: 15
-;   Development Value: 15
-;   Production Value: 0
-
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
 ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
 ;user_ini.filename = ".user.ini"
 
-; To disable this feature set this option to an empty value
+; To disable this feature set this option to empty value
 ;user_ini.filename =
 
 ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
@@ -249,7 +248,7 @@ output_buffering = 4096
 ; Production Value: "form="
 ;url_rewriter.tags
 
-; URL rewriter will not rewrite absolute URL nor form by default. To enable
+; URL rewriter will not rewrites absolute URL nor form by default. To enable
 ; absolute URL rewrite, allowed hosts must be defined at RUNTIME.
 ; Refer to session.trans_sid_hosts for more details.
 ; Default Value: ""
@@ -295,13 +294,6 @@ implicit_flush = Off
 ; callback-function.
 unserialize_callback_func =
 
-; The unserialize_max_depth specifies the default depth limit for unserialized
-; structures. Setting the depth limit too high may result in stack overflows
-; during unserialization. The unserialize_max_depth ini setting can be
-; overridden by the max_depth option on individual unserialize() calls.
-; A value of 0 disables the depth limit.
-;unserialize_max_depth = 4096
-
 ; When floats & doubles are serialized, store serialize_precision significant
 ; digits after the floating point. The default value ensures that when floats
 ; are decoded with unserialize, the data will remain the same.
@@ -313,16 +305,15 @@ serialize_precision = -1
 ; open_basedir, if set, limits all file operations to the defined directory
 ; and below.  This directive makes most sense if used in a per-directory
 ; or per-virtualhost web server configuration file.
-; Note: disables the realpath cache
 ; http://php.net/open-basedir
 ;open_basedir =
 
-; This directive allows you to disable certain functions.
+; This directive allows you to disable certain functions for security reasons.
 ; It receives a comma-delimited list of function names.
 ; http://php.net/disable-functions
 disable_functions =
 
-; This directive allows you to disable certain classes.
+; This directive allows you to disable certain classes for security reasons.
 ; It receives a comma-delimited list of class names.
 ; http://php.net/disable-classes
 disable_classes =
@@ -346,7 +337,6 @@ disable_classes =
 ; Determines the size of the realpath cache to be used by PHP. This value should
 ; be increased on systems where PHP opens many files to reflect the quantity of
 ; the file operations performed.
-; Note: if open_basedir is set, the cache is disabled
 ; http://php.net/realpath-cache-size
 ;realpath_cache_size = 4096k
 
@@ -363,31 +353,15 @@ zend.enable_gc = On
 ; If enabled, scripts may be written in encodings that are incompatible with
 ; the scanner.  CP936, Big5, CP949 and Shift_JIS are the examples of such
 ; encodings.  To use this feature, mbstring extension must be enabled.
+; Default: Off
 ;zend.multibyte = Off
 
 ; Allows to set the default encoding for the scripts.  This value will be used
 ; unless "declare(encoding=...)" directive appears at the top of the script.
 ; Only affects if zend.multibyte is set.
+; Default: ""
 ;zend.script_encoding =
 
-; Allows to include or exclude arguments from stack traces generated for exceptions.
-; In production, it is recommended to turn this setting on to prohibit the output
-; of sensitive information in stack traces
-; Default Value: Off
-; Development Value: Off
-; Production Value: On
-zend.exception_ignore_args = On
-
-; Allows setting the maximum string length in an argument of a stringified stack trace
-; to a value between 0 and 1000000.
-; This has no effect when zend.exception_ignore_args is enabled.
-; Default Value: 15
-; Development Value: 15
-; Production Value: 0
-; In production, it is recommended to set this to 0 to reduce the output
-; of sensitive information in stack traces.
-zend.exception_string_param_max_len = 0
-
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;
@@ -423,9 +397,9 @@ max_input_time = 60
 ;max_input_nesting_level = 64
 
 ; How many GET/POST/COOKIE input variables may be accepted
-;max_input_vars = 1000
+; max_input_vars = 1000
 
-; Maximum amount of memory a script may consume
+; Maximum amount of memory a script may consume (128MB)
 ; http://php.net/memory-limit
 memory_limit = 128M
 
@@ -479,7 +453,7 @@ memory_limit = 128M
 ;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)
 ;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.)
 ;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
-; Default Value: E_ALL
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
 ; Development Value: E_ALL
 ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 ; http://php.net/error-reporting
@@ -503,9 +477,11 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 display_errors = Off
 
 ; The display of errors which occur during PHP's startup sequence are handled
-; separately from display_errors. We strongly recommend you set this to 'off'
-; for production servers to avoid leaking configuration details.
-; Default Value: On
+; separately from display_errors. PHP's default behavior is to suppress those
+; errors from clients. Turning the display of startup errors on can be useful in
+; debugging configuration problems. We strongly recommend you
+; set this to 'off' for production servers.
+; Default Value: Off
 ; Development Value: On
 ; Production Value: Off
 ; http://php.net/display-startup-errors
@@ -538,14 +514,24 @@ ignore_repeated_errors = Off
 ignore_repeated_source = Off
 
 ; If this parameter is set to Off, then memory leaks will not be shown (on
-; stdout or in the log). This is only effective in a debug compile, and if
+; stdout or in the log). This has only effect in a debug compile, and if
 ; error reporting includes E_WARNING in the allowed list
 ; http://php.net/report-memleaks
 report_memleaks = On
 
-; This setting is off by default.
+; This setting is on by default.
 ;report_zend_debug = 0
 
+; Store the last error/warning message in $php_errormsg (boolean). Setting this value
+; to On can assist in debugging and is appropriate for development servers. It should
+; however be disabled on production servers.
+; This directive is DEPRECATED.
+; Default Value: Off
+; Development Value: Off
+; Production Value: Off
+; http://php.net/track-errors
+;track_errors = Off
+
 ; Turn off normal error reporting and emit XML-RPC error XML
 ; http://php.net/xmlrpc-errors
 ;xmlrpc_errors = 0
@@ -557,8 +543,11 @@ report_memleaks = On
 ; error message as HTML for easier reading. This directive controls whether
 ; the error message is formatted as HTML or not.
 ; Note: This directive is hardcoded to Off for the CLI SAPI
+; Default Value: On
+; Development Value: On
+; Production value: On
 ; http://php.net/html-errors
-;html_errors = On
+html_errors = On
 
 ; If html_errors is set to On *and* docref_root is not empty, then PHP
 ; produces clickable error messages that direct to a page describing the error
@@ -593,29 +582,9 @@ report_memleaks = On
 ; http://php.net/error-log
 ; Example:
 ;error_log = php_errors.log
-; Log errors to syslog (Event Log on Windows).
+; Log errors to syslog.
 ;error_log = syslog
 
-; The syslog ident is a string which is prepended to every message logged
-; to syslog. Only used when error_log is set to syslog.
-;syslog.ident = php
-
-; The syslog facility is used to specify what type of program is logging
-; the message. Only used when error_log is set to syslog.
-;syslog.facility = user
-
-; Set this to disable filtering control characters (the default).
-; Some loggers only accept NVT-ASCII, others accept anything that's not
-; control characters. If your logger accepts everything, then no filtering
-; is needed at all.
-; Allowed values are:
-;   ascii (all printable ASCII characters and NL)
-;   no-ctrl (all characters except control characters)
-;   all (all characters)
-;   raw (like "all", but messages are not split at newlines)
-; http://php.net/syslog.filter
-;syslog.filter = ascii
-
 ;windows.show_crt_warning
 ; Default value: 0
 ; Development value: 0
@@ -683,7 +652,7 @@ register_argc_argv = Off
 ; first used (Just In Time) instead of when the script starts. If these
 ; variables are not used within a script, having this directive on will result
 ; in a performance gain. The PHP directive register_argc_argv must be disabled
-; for this directive to have any effect.
+; for this directive to have any affect.
 ; http://php.net/auto-globals-jit
 auto_globals_jit = On
 
@@ -765,13 +734,13 @@ user_dir =
 
 ; Directory in which the loadable extensions (modules) reside.
 ; http://php.net/extension-dir
-;extension_dir = "./"
+; extension_dir = "./"
 ; On windows:
-;extension_dir = "ext"
+; extension_dir = "ext"
 
 ; Directory where the temporary files should be placed.
 ; Defaults to the system default (see sys_get_temp_dir)
-;sys_temp_dir = "/tmp"
+; sys_temp_dir = "/tmp"
 
 ; Whether or not to enable the dl() function.  The dl() function does NOT work
 ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
@@ -808,9 +777,10 @@ enable_dl = Off
 
 ; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
 ; of the web tree and people will not be able to circumvent .htaccess security.
+; http://php.net/cgi.dicard-path
 ;cgi.discard_path=1
 
-; FastCGI under IIS supports the ability to impersonate
+; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
 ; security tokens of the calling client.  This allows IIS to define the
 ; security context that the request runs under.  mod_fastcgi under Apache
 ; does not currently support this feature (03/17/2002)
@@ -938,10 +908,10 @@ cli_server.color = On
 ;date.default_longitude = 35.2333
 
 ; http://php.net/date.sunrise-zenith
-;date.sunrise_zenith = 90.833333
+;date.sunrise_zenith = 90.583333
 
 ; http://php.net/date.sunset-zenith
-;date.sunset_zenith = 90.833333
+;date.sunset_zenith = 90.583333
 
 [filter]
 ; http://php.net/filter.default
@@ -953,7 +923,7 @@ cli_server.color = On
 [iconv]
 ; Use of this INI entry is deprecated, use global input_encoding instead.
 ; If empty, default_charset or input_encoding or iconv.input_encoding is used.
-; The precedence is: default_charset < input_encoding < iconv.input_encoding
+; The precedence is: default_charset < intput_encoding < iconv.input_encoding
 ;iconv.input_encoding =
 
 ; Use of this INI entry is deprecated, use global internal_encoding instead.
@@ -968,13 +938,6 @@ cli_server.color = On
 ; otherwise output encoding conversion cannot be performed.
 ;iconv.output_encoding =
 
-[imap]
-; rsh/ssh logins are disabled by default. Use this INI entry if you want to
-; enable them. Note that the IMAP library does not filter mailbox names before
-; passing them to rsh/ssh command, thus passing untrusted data to this function
-; with rsh/ssh enabled is insecure.
-;imap.enable_insecure_rsh=0
-
 [intl]
 ;intl.default_locale =
 ; This directive allows you to produce PHP errors when some error
@@ -984,33 +947,22 @@ cli_server.color = On
 ;intl.use_exceptions = 0
 
 [sqlite3]
-; Directory pointing to SQLite3 extensions
-; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
-; SQLite defensive mode flag (only available from SQLite 3.26+)
-; When the defensive flag is enabled, language features that allow ordinary
-; SQL to deliberately corrupt the database file are disabled. This forbids
-; writing directly to the schema, shadow tables (eg. FTS data tables), or
-; the sqlite_dbpage virtual table.
-; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
-; (for older SQLite versions, this flag has no use)
-;sqlite3.defensive = 1
-
 [Pcre]
-; PCRE library backtracking limit.
+;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
 ;pcre.backtrack_limit=100000
 
-; PCRE library recursion limit.
-; Please note that if you set this value to a high number you may consume all
-; the available process stack and eventually crash PHP (due to reaching the
-; stack size limit imposed by the Operating System).
+;PCRE library recursion limit.
+;Please note that if you set this value to a high number you may consume all
+;the available process stack and eventually crash PHP (due to reaching the
+;stack size limit imposed by the Operating System).
 ; http://php.net/pcre.recursion-limit
 ;pcre.recursion_limit=100000
 
-; Enables or disables JIT compilation of patterns. This requires the PCRE
-; library to be compiled with JIT support.
+;Enables or disables JIT compilation of patterns. This requires the PCRE
+;library to be compiled with JIT support.
 pcre.jit=0
 
 [Pdo]
@@ -1018,9 +970,16 @@ pcre.jit=0
 ; http://php.net/pdo-odbc.connection-pooling
 ;pdo_odbc.connection_pooling=strict
 
+;pdo_odbc.db2_instance_name
+
 [Pdo_mysql]
+; If mysqlnd is used: Number of cache slots for the internal result set cache
+; http://php.net/pdo_mysql.cache_size
+pdo_mysql.cache_size = 2000
+
 ; Default socket name for local MySQL connects.  If empty, uses the built-in
 ; MySQL defaults.
+; http://php.net/pdo_mysql.default-socket
 pdo_mysql.default_socket=
 
 [Phar]
@@ -1043,12 +1002,12 @@ sendmail_path = /usr/sbin/sendmail -t -i
 ;mail.force_extra_parameters =
 
 ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
-mail.add_x_header = Off
+mail.add_x_header = On
 
 ; The path to a log file that will log all mail() calls. Log entries include
 ; the full path of the script, line number, To address and headers.
 ;mail.log =
-; Log mail to syslog (Event Log on Windows).
+; Log mail to syslog;
 ;mail.log = syslog
 
 [ODBC]
@@ -1092,6 +1051,39 @@ odbc.defaultlrl = 4096
 ; http://php.net/odbc.defaultbinmode
 odbc.defaultbinmode = 1
 
+;birdstep.max_links = -1
+
+[Interbase]
+; Allow or prevent persistent links.
+ibase.allow_persistent = 1
+
+; Maximum number of persistent links.  -1 means no limit.
+ibase.max_persistent = -1
+
+; Maximum number of links (persistent + non-persistent).  -1 means no limit.
+ibase.max_links = -1
+
+; Default database name for ibase_connect().
+;ibase.default_db =
+
+; Default username for ibase_connect().
+;ibase.default_user =
+
+; Default password for ibase_connect().
+;ibase.default_password =
+
+; Default charset for ibase_connect().
+;ibase.default_charset =
+
+; Default timestamp format.
+ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
+
+; Default date format.
+ibase.dateformat = "%Y-%m-%d"
+
+; Default time format.
+ibase.timeformat = "%H:%M:%S"
+
 [MySQLi]
 
 ; Maximum number of persistent links.  -1 means no limit.
@@ -1110,6 +1102,10 @@ mysqli.allow_persistent = On
 ; http://php.net/mysqli.max-links
 mysqli.max_links = -1
 
+; If mysqlnd is used: Number of cache slots for the internal result set cache
+; http://php.net/mysqli.cache_size
+mysqli.cache_size = 2000
+
 ; Default port number for mysqli_connect().  If unset, mysqli_connect() will use
 ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
 ; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
@@ -1122,11 +1118,11 @@ mysqli.default_port = 3306
 ; http://php.net/mysqli.default-socket
 mysqli.default_socket =
 
-; Default host for mysqli_connect() (doesn't apply in safe mode).
+; Default host for mysql_connect() (doesn't apply in safe mode).
 ; http://php.net/mysqli.default-host
 mysqli.default_host =
 
-; Default user for mysqli_connect() (doesn't apply in safe mode).
+; Default user for mysql_connect() (doesn't apply in safe mode).
 ; http://php.net/mysqli.default-user
 mysqli.default_user =
 
@@ -1144,10 +1140,12 @@ mysqli.reconnect = Off
 [mysqlnd]
 ; Enable / Disable collection of general statistics by mysqlnd which can be
 ; used to tune and monitor MySQL operations.
+; http://php.net/mysqlnd.collect_statistics
 mysqlnd.collect_statistics = On
 
 ; Enable / Disable collection of memory usage statistics by mysqlnd which can be
 ; used to tune and monitor MySQL operations.
+; http://php.net/mysqlnd.collect_memory_statistics
 mysqlnd.collect_memory_statistics = Off
 
 ; Records communication from all extensions using mysqlnd to the specified log
@@ -1156,23 +1154,29 @@ mysqlnd.collect_memory_statistics = Off
 ;mysqlnd.debug =
 
 ; Defines which queries will be logged.
+; http://php.net/mysqlnd.log_mask
 ;mysqlnd.log_mask = 0
 
 ; Default size of the mysqlnd memory pool, which is used by result sets.
+; http://php.net/mysqlnd.mempool_default_size
 ;mysqlnd.mempool_default_size = 16000
 
 ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
+; http://php.net/mysqlnd.net_cmd_buffer_size
 ;mysqlnd.net_cmd_buffer_size = 2048
 
 ; Size of a pre-allocated buffer used for reading data sent by the server in
 ; bytes.
+; http://php.net/mysqlnd.net_read_buffer_size
 ;mysqlnd.net_read_buffer_size = 32768
 
 ; Timeout for network requests in seconds.
+; http://php.net/mysqlnd.net_read_timeout
 ;mysqlnd.net_read_timeout = 31536000
 
 ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
 ; key.
+; http://php.net/mysqlnd.sha256_server_public_key
 ;mysqlnd.sha256_server_public_key =
 
 [PostgreSQL]
@@ -1251,11 +1255,10 @@ session.save_handler = files
 ;session.save_path = "/tmp"
 
 ; Whether to use strict session mode.
-; Strict session mode does not accept an uninitialized session ID, and
-; regenerates the session ID if the browser sends an uninitialized session ID.
-; Strict mode protects applications from session fixation via a session adoption
-; vulnerability. It is disabled by default for maximum compatibility, but
-; enabling it is encouraged.
+; Strict session mode does not accept uninitialized session ID and regenerate
+; session ID if browser sends uninitialized session ID. Strict mode protects
+; applications from session fixation via session adoption vulnerability. It is
+; disabled by default for maximum compatibility, but enabling it is encouraged.
 ; https://wiki.php.net/rfc/strict_sessions
 session.use_strict_mode = 0
 
@@ -1293,24 +1296,20 @@ session.cookie_path = /
 ; http://php.net/session.cookie-domain
 session.cookie_domain =
 
-; Whether or not to add the httpOnly flag to the cookie, which makes it
-; inaccessible to browser scripting languages such as JavaScript.
+; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
 ; http://php.net/session.cookie-httponly
 session.cookie_httponly =
 
-; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
-; Current valid values are "Strict", "Lax" or "None". When using "None",
-; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
-; https://tools.ietf.org/html/draft-west-first-party-cookies-07
-session.cookie_samesite =
-
-; Handler used to serialize data. php is the standard serializer of PHP.
+; Handler used to serialize data.  php is the standard serializer of PHP.
 ; http://php.net/session.serialize-handler
 session.serialize_handler = php
 
-; Defines the probability that the 'garbage collection' process is started on every
-; session initialization. The probability is calculated by using gc_probability/gc_divisor,
-; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; Defines the probability that the 'garbage collection' process is started
+; on every session initialization. The probability is calculated by using
+; gc_probability/gc_divisor. Where session.gc_probability is the numerator
+; and gc_divisor is the denominator in the equation. Setting this value to 1
+; when the session.gc_divisor value is 100 will give you approximately a 1% chance
+; the gc will run on any give request.
 ; Default Value: 1
 ; Development Value: 1
 ; Production Value: 1
@@ -1318,9 +1317,13 @@ session.serialize_handler = php
 session.gc_probability = 1
 
 ; Defines the probability that the 'garbage collection' process is started on every
-; session initialization. The probability is calculated by using gc_probability/gc_divisor,
-; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
-; For high volume production servers, using a value of 1000 is a more efficient approach.
+; session initialization. The probability is calculated by using the following equation:
+; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
+; session.gc_divisor is the denominator in the equation. Setting this value to 1
+; when the session.gc_divisor value is 100 will give you approximately a 1% chance
+; the gc will run on any give request. Increasing this value to 1000 will give you
+; a 0.1% chance the gc will run on any give request. For high volume production servers,
+; this is a more efficient approach.
 ; Default Value: 100
 ; Development Value: 1000
 ; Production Value: 1000
@@ -1336,8 +1339,8 @@ session.gc_maxlifetime = 1440
 ;       (see session.save_path above), then garbage collection does *not*
 ;       happen automatically.  You will need to do your own garbage
 ;       collection through a shell script, cron entry, or some other method.
-;       For example, the following script is the equivalent of setting
-;       session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+;       For example, the following script would is the equivalent of
+;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
 ;          find /path/to/sessions -cmin +24 -type f | xargs rm
 
 ; Check HTTP Referer to invalidate externally stored URLs containing ids.
@@ -1370,7 +1373,7 @@ session.use_trans_sid = 0
 ; Set session ID character length. This value could be between 22 to 256.
 ; Shorter length than default is supported only for compatibility reason.
 ; Users should use 32 or more chars.
-; http://php.net/session.sid-length
+; http://php.net/session.sid_length
 ; Default Value: 32
 ; Development Value: 26
 ; Production Value: 26
@@ -1389,7 +1392,7 @@ session.sid_length = 26
 session.trans_sid_tags = "a=href,area=href,frame=src,form="
 
 ; URL rewriter does not rewrite absolute URLs by default.
-; To enable rewrites for absolute paths, target hosts must be specified
+; To enable rewrites for absolute pathes, target hosts must be specified
 ; at RUNTIME. i.e. use ini_set()
 ; <form> tags is special. PHP will check action attribute's URL regardless
 ; of session.trans_sid_tags setting.
@@ -1478,7 +1481,7 @@ zend.assertions = -1
 ; http://php.net/assert.active
 ;assert.active = On
 
-; Throw an AssertionError on failed assertions
+; Throw an AssertationException on failed assertions
 ; http://php.net/assert.exception
 ;assert.exception = On
 
@@ -1494,6 +1497,11 @@ zend.assertions = -1
 ; http://php.net/assert.callback
 ;assert.callback = 0
 
+; Eval the expression with current error_reporting().  Set to true if you want
+; error_reporting(0) around the eval().
+; http://php.net/assert.quiet-eval
+;assert.quiet_eval = 0
+
 [mbstring]
 ; language for internal character representation.
 ; This affects mb_send_mail() and mbstring.detect_order.
@@ -1509,9 +1517,9 @@ zend.assertions = -1
 
 ; Use of this INI entry is deprecated, use global input_encoding instead.
 ; http input encoding.
-; mbstring.encoding_translation = On is needed to use this setting.
+; mbstring.encoding_traslation = On is needed to use this setting.
 ; If empty, default_charset or input_encoding or mbstring.input is used.
-; The precedence is: default_charset < input_encoding < mbstring.http_input
+; The precedence is: default_charset < intput_encoding < mbsting.http_input
 ; http://php.net/mbstring.http-input
 ;mbstring.http_input =
 
@@ -1543,22 +1551,26 @@ zend.assertions = -1
 ; http://php.net/mbstring.substitute-character
 ;mbstring.substitute_character = none
 
-; Enable strict encoding detection.
-;mbstring.strict_detection = Off
+; overload(replace) single byte functions by mbstring functions.
+; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
+; etc. Possible values are 0,1,2,4 or combination of them.
+; For example, 7 for overload everything.
+; 0: No overload
+; 1: Overload mail() function
+; 2: Overload str*() functions
+; 4: Overload ereg*() functions
+; http://php.net/mbstring.func-overload
+;mbstring.func_overload = 0
+
+; enable strict encoding detection.
+; Default: Off
+;mbstring.strict_detection = On
 
 ; This directive specifies the regex pattern of content types for which mb_output_handler()
 ; is activated.
 ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
 ;mbstring.http_output_conv_mimetype=
 
-; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
-; to the pcre.recursion_limit for PCRE.
-;mbstring.regex_stack_limit=100000
-
-; This directive specifies maximum retry count for mbstring regular expressions. It is similar
-; to the pcre.backtrack_limit for PCRE.
-;mbstring.regex_retry_limit=1000000
-
 [gd]
 ; Tell the jpeg decode to ignore warnings and try to create
 ; a gd image. The warning will then be displayed as notices
@@ -1633,9 +1645,6 @@ ldap.max_links = -1
 [dba]
 ;dba.default_handler=
 
-[opcache]
-; see /etc/php.d/10-opcache.ini
-
 [curl]
 ; A default value for the CURLOPT_CAINFO option. This is required to be an
 ; absolute path.
@@ -1659,5 +1668,6 @@ ldap.max_links = -1
 ; SSL stream context option.
 ;openssl.capath=
 
-[ffi]
-; see /etc/php.d/20-ffi.ini
+; Local Variables:
+; tab-width: 4
+; End:

SOURCES/php.modconf

@@ -3,11 +3,10 @@
 # easy for developers to write dynamically generated webpages.
 #
 
-# Cannot load both php5, php7 and php modules
+# Cannot load both php5 and php7 modules
 <IfModule !mod_php5.c>
-  <IfModule !mod_php7.c>
-    <IfModule prefork.c>
-      LoadModule php_module modules/libphp.so
-    </IfModule>
+  <IfModule prefork.c>
+    LoadModule php7_module modules/libphp7.so
   </IfModule>
 </IfModule>
+

SOURCES/php.ztsmodconf

@@ -0,0 +1,7 @@
+
+<IfModule !mod_php5.c>
+  <IfModule !prefork.c>
+    # ZTS module is not supported, so FPM is preferred
+    # LoadModule php7_module modules/libphp7-zts.so
+  </IfModule>
+</IfModule>