diff options
Diffstat (limited to 'user')
-rw-r--r-- | user/php7/APKBUILD | 45 | ||||
-rw-r--r-- | user/php7/getsockopt.patch | 37 | ||||
-rw-r--r-- | user/php7/libgd-unused-constants.patch | 51 | ||||
-rw-r--r-- | user/php7/no-max-ent-size.patch | 108 | ||||
-rw-r--r-- | user/php7/zip-glob-pathc.patch | 15 |
5 files changed, 97 insertions, 159 deletions
diff --git a/user/php7/APKBUILD b/user/php7/APKBUILD index c86d41e84..de6c5612b 100644 --- a/user/php7/APKBUILD +++ b/user/php7/APKBUILD @@ -25,7 +25,7 @@ pkgname=php7 _pkgname=php -pkgver=7.4.4 +pkgver=7.4.30 pkgrel=0 _apiver=20190902 _zendver=20190902 @@ -34,6 +34,7 @@ pkgdesc="The PHP7 language runtime engine" url="https://php.net/" arch="all" license="PHP-3.01 AND Zend-2.0 AND Custom:TSRM AND LGPL-2.1+ AND MIT AND Beerware AND Public-Domain AND BSD-3-Clause AND Apache-1.0 AND PostgreSQL AND BSD-2-Clause AND Zlib AND BSD-4-Clause" +options="!check" depends="" depends_dev="$pkgname=$pkgver-r$pkgrel autoconf icu-dev libedit-dev libxml2-dev pcre2-dev zlib-dev" @@ -80,12 +81,11 @@ source="https://www.php.net/distributions/$_pkgname-$pkgver.tar.bz2 disabled-tests.list enchant-2.patch fpm-paths.patch - getsockopt.patch install-pear.patch + libgd-unused-constants.patch no-max-ent-size.patch test-fixes.patch zend_bool.patch - zip-glob-pathc.patch " builddir="$srcdir/$_pkgname-$pkgver" _libdir="/usr/lib/$_pkgname" @@ -94,14 +94,14 @@ _extension_confd="/etc/$_pkgname/conf.d" # secfixes: php # 7.2.16-r0: -# - CVE-2016-10166 -# - CVE-2018-20783 # - CVE-2019-6977 # - CVE-2019-9020 # - CVE-2019-9021 # - CVE-2019-9022 # - CVE-2019-9023 # - CVE-2019-9024 +# - CVE-2016-10166 +# - CVE-2018-20783 # 7.2.19-r0: # - CVE-2019-11036 # - CVE-2019-11038 @@ -111,18 +111,32 @@ _extension_confd="/etc/$_pkgname/conf.d" # - CVE-2019-11041 # - CVE-2019-11042 # 7.4.4-r0: -# - CVE-2019-11043 -# - CVE-2019-11045 -# - CVE-2019-11046 -# - CVE-2019-11047 -# - CVE-2019-11050 -# - CVE-2019-13224 # - CVE-2020-7059 # - CVE-2020-7060 # - CVE-2020-7062 # - CVE-2020-7063 # - CVE-2020-7064 # - CVE-2020-7066 +# - CVE-2019-11043 +# - CVE-2019-11045 +# - CVE-2019-11046 +# - CVE-2019-11047 +# - CVE-2019-11050 +# - CVE-2019-13224 +# 7.4.29-r0: +# - CVE-2020-7067 +# - CVE-2020-7068 +# - CVE-2020-7069 +# - CVE-2020-7070 +# - CVE-2020-7071 +# - CVE-2019-11048 +# - CVE-2021-21702 +# - CVE-2021-21703 +# - CVE-2021-21704 +# - CVE-2021-21705 +# - CVE-2021-21706 +# - CVE-2021-21707 +# - CVE-2021-21708 # Usage: _add_ext [with|enable] name [extension dependencies...] [configure options...] _add_ext() { @@ -529,16 +543,15 @@ _mv() { mv "$@" } -sha512sums="5676023858ffbef4997c2ed99ce1689de2b56d09a0925b8fc6527d56e7f6031b380e433e417e44f84196e713d84c16b33212ed6d116b5c347d1d60586288c248 php-7.4.4.tar.bz2 +sha512sums="5d5c273805d4563ea91619a2aa21bb6f7aa3600c2e1238a37312cb7610c9aad8c6a8c3f5c9d90fda94a7bfaff6d8f26de52913b70c40a7bf23651ba64979a5dc php-7.4.30.tar.bz2 cb3ba48fbd412f12d98ef1f88b509b40bc4ca44a16779a06d43e4db3cb8d24d54404b9e11ca941b5339af8d3281ca9c8ea3ba5ced4339f91fb40608b5ce9a647 php-fpm.initd 01d4ba3ef104ea378eb0e8cbb7bdee3fdf65e4bd6865eb3bc6c0dc4af31c2d52887abdf0150b5ef984b877860285a3b1af84b11ffebb5b8b722ea9faf83edfeb php-fpm.logrotate a7f9ba5e11652fd1cb9e756c3269269a95de083ecb5be936a85c7a09c1396db9088e0251c6a643c40235c0e776fce2a471e5c7f5a033b85c7d3b3110c2b39e48 php-module.conf 587057aaf93feec2936e2851dbb42ba78310fc012e340d90c58a8912437a8b6a15585895490c31ac31cf36969ea1f2999993c5ca42031c378f31fb83d361fd73 disabled-tests.list 7c8c3cac9efce81d525cb5a70e1402e393881b83ef4c7b5d39d3565803d21cd283daf3d74e9a8b059ecac66cf339756acc63608ffcb83d960dba86583bd45108 enchant-2.patch a77dd3bdf9dc7a0f2c06ff3e7c425d062bbaa29902c17402ce98701dc99499be863ad543aa5e6a7d1c249702d6afb193398dd3199ae58e42b32b95d434fb1883 fpm-paths.patch -821bf6fde83302e7613429a61066e2bd3ca4e998dcb7c11e39f4ae84829056537501b47a051e1feba752f72d98644b9a214633db9ccb16d137d3242d145acfe0 getsockopt.patch 951fa8445c20513aa48bf7c7d773c6b4012322e7e7592c13d965758e761b9898c484f0dbc5ae565c05787e6ab868769c97c71504624b10c9570e1d4214f75b10 install-pear.patch -5fd358dfd660901c8ffdaffe0bce398ab020f8c1beb89e26ba1b21646212fe132927d52ae088220d0b9c53017cfc67f4c9b88f7602df61d36eba5768ce94e355 no-max-ent-size.patch +441305a96329bf8442a6b633c0a8b8e53af0e6cd5fc673057cbb6b5aeb687542894a7a068073dad0a8d8dc75aa8ca42e6b0a32e29d2a7a69c115714a75127e97 libgd-unused-constants.patch +0e88f432d273103bff203b439cc3464d34613092007c88ec8806d82c3e317ba267d70c84e5ebc3c8b2c739fa498816e0e102a22b191ee387a42146f4ecc60481 no-max-ent-size.patch 9160e5c6b8bf2d87299f38421caf498519eb42243118570754a5764b5e682c546309548e76df6163df49e841ff51fb07e50fadeed1687da5d73dec1810c393ee test-fixes.patch -0cd6b8739533511c0d1edcb1ecff4d8d21a6b51d21f77c382645cf31d1645eeb2ebd80e2720557ceefa58f538385e097402bdc50e613dc7699bd8f033aefa543 zend_bool.patch -1b22dfa547bd1e14e065966f5268adda771c4ad039b83acee30772cd95f0f0b1a320d75fc6ab71a0bc6ca5ce04d58d9f410767c4fae4d5e16537393c78439f21 zip-glob-pathc.patch" +0cd6b8739533511c0d1edcb1ecff4d8d21a6b51d21f77c382645cf31d1645eeb2ebd80e2720557ceefa58f538385e097402bdc50e613dc7699bd8f033aefa543 zend_bool.patch" diff --git a/user/php7/getsockopt.patch b/user/php7/getsockopt.patch deleted file mode 100644 index 81f2bc232..000000000 --- a/user/php7/getsockopt.patch +++ /dev/null @@ -1,37 +0,0 @@ -Socket options with level IPPROTO_IP and IPPROTO_IPV6 cannot be handled -in the same switch statement as options with level SOL_SOCKET since -there may be collisions in their numerical values. - -For example, on ppc64: - -* IPV6_MULTICAST_HOPS and SO_RCVTIMEO are both 18 -* IPV6_MULTICAST_LOOP and SO_SNDTIMEO are both 19 - -etc. - ---- php-7.4.4/ext/sockets/sockets.c 2020-03-17 06:40:21.000000000 -0400 -+++ php-7.4.4/ext/sockets/sockets.c 2020-03-29 22:39:57.506751737 -0400 -@@ -2008,6 +2008,7 @@ PHP_FUNCTION(socket_get_option) - } - } - } -+ goto handle_default; - } - #if HAVE_IPV6 - else if (level == IPPROTO_IPV6) { -@@ -2017,6 +2018,7 @@ PHP_FUNCTION(socket_get_option) - } else if (ret == FAILURE) { - RETURN_FALSE; - } /* else continue */ -+ goto handle_default; - } - #endif - -@@ -2063,6 +2065,7 @@ PHP_FUNCTION(socket_get_option) - break; - - default: -+ handle_default: - optlen = sizeof(other_val); - - if (getsockopt(php_sock->bsd_socket, level, optname, (char*)&other_val, &optlen) != 0) { diff --git a/user/php7/libgd-unused-constants.patch b/user/php7/libgd-unused-constants.patch new file mode 100644 index 000000000..2b5ef2f83 --- /dev/null +++ b/user/php7/libgd-unused-constants.patch @@ -0,0 +1,51 @@ +Backport of https://github.com/php/php-src/commit/b3646440b1808abf0874b6f89027ce53ec5da03f + +Affects libgd <= 2.3.3 + +See also https://github.com/libgd/libgd/commit/f4bc1f5c26925548662946ed7cfa473c190a104a + +--- php-7.4.29/ext/gd/gd.c 2022-04-12 10:55:40.000000000 +0000 ++++ php-7.4.29/ext/gd/gd.c 2022-05-27 16:40:42.048499508 +0000 +@@ -90,6 +90,10 @@ static int le_gd, le_gd_font; + #ifndef M_PI + #define M_PI 3.14159265358979323846 + #endif ++/* don't used libgd constants, not used, so going to be removed */ ++#define PHP_GD_FLIP_HORIZONTAL 1 ++#define PHP_GD_FLIP_VERTICAL 2 ++#define PHP_GD_FLIP_BOTH 3 + + #ifdef HAVE_GD_FREETYPE + static void php_imagettftext_common(INTERNAL_FUNCTION_PARAMETERS, int, int); +@@ -1137,9 +1141,9 @@ PHP_MINIT_FUNCTION(gd) + /* GD2 image format types */ + REGISTER_LONG_CONSTANT("IMG_GD2_RAW", GD2_FMT_RAW, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("IMG_GD2_COMPRESSED", GD2_FMT_COMPRESSED, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("IMG_FLIP_HORIZONTAL", GD_FLIP_HORINZONTAL, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("IMG_FLIP_VERTICAL", GD_FLIP_VERTICAL, CONST_CS | CONST_PERSISTENT); +- REGISTER_LONG_CONSTANT("IMG_FLIP_BOTH", GD_FLIP_BOTH, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("IMG_FLIP_HORIZONTAL", PHP_GD_FLIP_HORIZONTAL, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("IMG_FLIP_VERTICAL", PHP_GD_FLIP_VERTICAL, CONST_CS | CONST_PERSISTENT); ++ REGISTER_LONG_CONSTANT("IMG_FLIP_BOTH", PHP_GD_FLIP_BOTH, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("IMG_EFFECT_REPLACE", gdEffectReplace, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("IMG_EFFECT_ALPHABLEND", gdEffectAlphaBlend, CONST_CS | CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("IMG_EFFECT_NORMAL", gdEffectNormal, CONST_CS | CONST_PERSISTENT); +@@ -4696,15 +4700,15 @@ PHP_FUNCTION(imageflip) + } + + switch (mode) { +- case GD_FLIP_VERTICAL: ++ case PHP_GD_FLIP_VERTICAL: + gdImageFlipVertical(im); + break; + +- case GD_FLIP_HORINZONTAL: ++ case PHP_GD_FLIP_HORIZONTAL: + gdImageFlipHorizontal(im); + break; + +- case GD_FLIP_BOTH: ++ case PHP_GD_FLIP_BOTH: + gdImageFlipBoth(im); + break; + diff --git a/user/php7/no-max-ent-size.patch b/user/php7/no-max-ent-size.patch index 7f28ba3f1..d6552cf1c 100644 --- a/user/php7/no-max-ent-size.patch +++ b/user/php7/no-max-ent-size.patch @@ -1,6 +1,6 @@ ---- php-7.4.4/ext/posix/posix.c 2020-03-17 10:40:22.000000000 +0000 -+++ php-7.4.4/ext/posix/posix.c 2020-03-27 03:19:13.133440186 +0000 -@@ -1084,8 +1084,11 @@ PHP_FUNCTION(posix_getgrnam) +--- php-7.4.29/ext/posix/posix.c 2022-04-12 10:55:39.000000000 +0000 ++++ php-7.4.29/ext/posix/posix.c 2022-05-27 16:10:31.374379930 +0000 +@@ -1094,8 +1094,11 @@ PHP_FUNCTION(posix_getgrnam) ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE); #if defined(ZTS) && defined(HAVE_GETGRNAM_R) && defined(_SC_GETGR_R_SIZE_MAX) @@ -13,17 +13,7 @@ RETURN_FALSE; } buf = emalloc(buflen); -@@ -1127,9 +1130,7 @@ PHP_FUNCTION(posix_getgrgid) - { - zend_long gid; - #if defined(ZTS) && defined(HAVE_GETGRGID_R) && defined(_SC_GETGR_R_SIZE_MAX) -- int ret; - struct group _g; -- struct group *retgrptr = NULL; - long grbuflen; - char *grbuf; - #endif -@@ -1141,20 +1142,27 @@ PHP_FUNCTION(posix_getgrgid) +@@ -1151,8 +1154,11 @@ PHP_FUNCTION(posix_getgrgid) #if defined(ZTS) && defined(HAVE_GETGRGID_R) && defined(_SC_GETGR_R_SIZE_MAX) @@ -35,29 +25,8 @@ + } else if (grbuflen < 1) { RETURN_FALSE; } -- - grbuf = emalloc(grbuflen); -+try_again: -+ g = &_g; -- ret = getgrgid_r(gid, &_g, grbuf, grbuflen, &retgrptr); -- if (ret || retgrptr == NULL) { -- POSIX_G(last_error) = ret; -+ if (getgrgid_r(gid, g, grbuf, grbuflen, &g) || g == NULL) { -+ if (errno == ERANGE) { -+ grbuflen *= 2; -+ grbuf = erealloc(grbuf, grbuflen); -+ goto try_again; -+ } -+ POSIX_G(last_error) = errno; - efree(grbuf); - RETURN_FALSE; - } -- g = &_g; - #else - if (NULL == (g = getgrgid(gid))) { - POSIX_G(last_error) = errno; -@@ -1210,14 +1218,23 @@ PHP_FUNCTION(posix_getpwnam) +@@ -1226,8 +1232,11 @@ PHP_FUNCTION(posix_getpwnam) ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE); #if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) @@ -70,30 +39,7 @@ RETURN_FALSE; } buf = emalloc(buflen); -+try_again: - pw = &pwbuf; - - if (getpwnam_r(name, pw, buf, buflen, &pw) || pw == NULL) { -+ if (errno == ERANGE) { -+ buflen *= 2; -+ buf = erealloc(buf, buflen); -+ goto try_again; -+ } - efree(buf); - POSIX_G(last_error) = errno; - RETURN_FALSE; -@@ -1248,10 +1265,8 @@ PHP_FUNCTION(posix_getpwuid) - zend_long uid; - #if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) - struct passwd _pw; -- struct passwd *retpwptr = NULL; - long pwbuflen; - char *pwbuf; -- int ret; - #endif - struct passwd *pw; - -@@ -1260,19 +1275,27 @@ PHP_FUNCTION(posix_getpwuid) +@@ -1282,8 +1291,11 @@ PHP_FUNCTION(posix_getpwuid) ZEND_PARSE_PARAMETERS_END_EX(RETURN_FALSE); #if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWUID_R) @@ -106,29 +52,9 @@ RETURN_FALSE; } pwbuf = emalloc(pwbuflen); -+try_again: -+ pw = &_pw; - -- ret = getpwuid_r(uid, &_pw, pwbuf, pwbuflen, &retpwptr); -- if (ret || retpwptr == NULL) { -- POSIX_G(last_error) = ret; -+ if (getpwuid_r(uid, pw, pwbuf, pwbuflen, &pw) || pw == NULL) { -+ if (errno == ERANGE) { -+ pwbuflen *= 2; -+ pwbuf = erealloc(pwbuf, pwbuflen); -+ goto try_again; -+ } -+ POSIX_G(last_error) = errno; - efree(pwbuf); - RETURN_FALSE; - } -- pw = &_pw; - #else - if (NULL == (pw = getpwuid(uid))) { - POSIX_G(last_error) = errno; ---- php-7.4.4/ext/standard/filestat.c 2020-03-17 10:40:30.000000000 +0000 -+++ php-7.4.4/ext/standard/filestat.c 2020-03-27 04:00:18.333479165 +0000 -@@ -302,15 +302,25 @@ PHPAPI int php_get_gid_by_name(const cha +--- php-7.4.29/ext/standard/filestat.c 2022-04-12 10:55:45.000000000 +0000 ++++ php-7.4.29/ext/standard/filestat.c 2022-05-27 16:12:23.176939839 +0000 +@@ -310,15 +310,25 @@ PHPAPI int php_get_gid_by_name(const cha #if defined(ZTS) && defined(HAVE_GETGRNAM_R) && defined(_SC_GETGR_R_SIZE_MAX) struct group gr; struct group *retgrptr; @@ -156,7 +82,7 @@ efree(grbuf); return FAILURE; } -@@ -438,15 +448,25 @@ PHPAPI uid_t php_get_uid_by_name(const c +@@ -446,15 +456,25 @@ PHPAPI uid_t php_get_uid_by_name(const c #if defined(ZTS) && defined(_SC_GETPW_R_SIZE_MAX) && defined(HAVE_GETPWNAM_R) struct passwd pw; struct passwd *retpwptr = NULL; @@ -184,9 +110,9 @@ efree(pwbuf); return FAILURE; } ---- php-7.4.4/main/fopen_wrappers.c 2020-03-17 10:40:21.000000000 +0000 -+++ php-7.4.4/main/fopen_wrappers.c 2020-03-27 04:08:46.553487201 +0000 -@@ -366,10 +366,13 @@ PHPAPI int php_fopen_primary_script(zend +--- php-7.4.29/main/fopen_wrappers.c 2022-04-12 10:55:38.000000000 +0000 ++++ php-7.4.29/main/fopen_wrappers.c 2022-05-27 16:13:13.063261295 +0000 +@@ -375,10 +375,13 @@ PHPAPI int php_fopen_primary_script(zend struct passwd *pw; #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX) struct passwd pwstruc; @@ -201,7 +127,7 @@ return FAILURE; } -@@ -382,7 +385,14 @@ PHPAPI int php_fopen_primary_script(zend +@@ -391,7 +394,14 @@ PHPAPI int php_fopen_primary_script(zend memcpy(user, path_info + 2, length); user[length] = '\0'; #if defined(ZTS) && defined(HAVE_GETPWNAM_R) && defined(_SC_GETPW_R_SIZE_MAX) @@ -217,9 +143,9 @@ efree(pwbuf); return FAILURE; } ---- php-7.4.4/main/main.c 2020-03-17 10:40:21.000000000 +0000 -+++ php-7.4.4/main/main.c 2020-03-27 03:33:22.663453619 +0000 -@@ -1487,23 +1487,27 @@ PHPAPI char *php_get_current_user(void) +--- php-7.4.29/main/main.c 2022-04-12 10:55:38.000000000 +0000 ++++ php-7.4.29/main/main.c 2022-05-27 16:14:26.862749793 +0000 +@@ -1534,23 +1534,27 @@ PHPAPI char *php_get_current_user(void) struct passwd *pwd; #if defined(ZTS) && defined(HAVE_GETPWUID_R) && defined(_SC_GETPW_R_SIZE_MAX) struct passwd _pw; diff --git a/user/php7/zip-glob-pathc.patch b/user/php7/zip-glob-pathc.patch deleted file mode 100644 index 74b81754a..000000000 --- a/user/php7/zip-glob-pathc.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream: https://github.com/php/php-src/pull/5311 - ---- php-7.4.4/ext/zip/php_zip.c 2020-03-17 10:40:30.000000000 +0000 -+++ php-7.4.4/ext/zip/php_zip.c 2020-03-27 15:28:13.259857804 -0500 -@@ -606,8 +606,9 @@ int php_zip_glob(char *pattern, int pattern_len, zend_long flags, zval *return_v - add_next_index_string(return_value, globbuf.gl_pathv[n]+cwd_skip); - } - -+ ret = globbuf.gl_pathc; - globfree(&globbuf); -- return globbuf.gl_pathc; -+ return ret; - #else - zend_throw_error(NULL, "Glob support is not available"); - return 0; |