From 9e72279007abd9ae607f446578e7afc162400de4 Mon Sep 17 00:00:00 2001 From: Micha Glave Date: Thu, 21 May 2026 13:34:40 +0200 Subject: [PATCH] found more backports for `dev-lang/php-7.4.33` --- ...function_t-signature-under-musl-1389.patch | 42 ++ ...END_ATTRIBUTE_UNUSED-in-php_libxml_o.patch | 34 + ...Add-minimal-OpenSSL-3.0-patch-PHP7.4.patch | 33 + ...p-c-runtime-std-for-icu-74-and-onwar.patch | 39 ++ ...-unexpected-eof-while-reading-PHP7.4.patch | 61 ++ ...ER_REAL-for-timeout-handling-PHP-7.4.patch | 39 ++ ...ix-PEAR-installation-with-libxml2.13.patch | 64 ++ ...ict-prototype-build-warnings-PHP-7.4.patch | 392 +++++++++++ ...-assembly-labels-to-not-crash-PHP7.4.patch | 103 +++ .../php/files/php-7.4.11-crosscompile.patch | 82 +++ dev-lang/php/files/php-7.4.33-gcc14.patch | 203 ++++++ dev-lang/php/files/php-7.4.33-libxml212.patch | 662 ++++++++++++++++++ dev-lang/php/files/php-bug81744.patch | 189 +++++ dev-lang/php/files/php-cve-2023-3247.patch | 109 +++ dev-lang/php/files/php-cve-2024-11233.patch | 70 ++ dev-lang/php/files/php-cve-2024-11234.patch | 97 +++ dev-lang/php/files/php-cve-2024-11236.patch | 121 ++++ dev-lang/php/files/php-cve-2024-2756.patch | 163 +++++ dev-lang/php/files/php-cve-2024-3096.patch | 55 ++ dev-lang/php/files/php-cve-2024-5458.patch | 150 ++++ dev-lang/php/files/php-cve-2024-8925.patch | 228 ++++++ dev-lang/php/files/php-cve-2024-8926.patch | 176 +++++ dev-lang/php/files/php-cve-2024-8927.patch | 58 ++ dev-lang/php/files/php-cve-2024-8932.patch | 141 ++++ dev-lang/php/files/php-cve-2024-9026.patch | 205 ++++++ ...-7.4.33-r2.ebuild => php-7.4.33-r3.ebuild} | 39 +- 26 files changed, 3550 insertions(+), 5 deletions(-) create mode 100644 dev-lang/php/files/0001-Fix-cookie_seek_function_t-signature-under-musl-1389.patch create mode 100644 dev-lang/php/files/0001-ext-libxml-Use-ZEND_ATTRIBUTE_UNUSED-in-php_libxml_o.patch create mode 100644 dev-lang/php/files/0002-Add-minimal-OpenSSL-3.0-patch-PHP7.4.patch create mode 100644 dev-lang/php/files/0002-ext-intl-level-up-c-runtime-std-for-icu-74-and-onwar.patch create mode 100644 dev-lang/php/files/0003-Fix-bug-79589-ssl3_read_n-unexpected-eof-while-reading-PHP7.4.patch create mode 100644 dev-lang/php/files/0006-Use-ITIMER_REAL-for-timeout-handling-PHP-7.4.patch create mode 100644 dev-lang/php/files/0007-Fix-PEAR-installation-with-libxml2.13.patch create mode 100644 dev-lang/php/files/0009-Fix-w-strict-prototype-build-warnings-PHP-7.4.patch create mode 100644 dev-lang/php/files/0010-Fix-GH-16168-Fix-inline-assembly-labels-to-not-crash-PHP7.4.patch create mode 100644 dev-lang/php/files/php-7.4.11-crosscompile.patch create mode 100644 dev-lang/php/files/php-7.4.33-gcc14.patch create mode 100644 dev-lang/php/files/php-7.4.33-libxml212.patch create mode 100644 dev-lang/php/files/php-bug81744.patch create mode 100644 dev-lang/php/files/php-cve-2023-3247.patch create mode 100644 dev-lang/php/files/php-cve-2024-11233.patch create mode 100644 dev-lang/php/files/php-cve-2024-11234.patch create mode 100644 dev-lang/php/files/php-cve-2024-11236.patch create mode 100644 dev-lang/php/files/php-cve-2024-2756.patch create mode 100644 dev-lang/php/files/php-cve-2024-3096.patch create mode 100644 dev-lang/php/files/php-cve-2024-5458.patch create mode 100644 dev-lang/php/files/php-cve-2024-8925.patch create mode 100644 dev-lang/php/files/php-cve-2024-8926.patch create mode 100644 dev-lang/php/files/php-cve-2024-8927.patch create mode 100644 dev-lang/php/files/php-cve-2024-8932.patch create mode 100644 dev-lang/php/files/php-cve-2024-9026.patch rename dev-lang/php/{php-7.4.33-r2.ebuild => php-7.4.33-r3.ebuild} (92%) diff --git a/dev-lang/php/files/0001-Fix-cookie_seek_function_t-signature-under-musl-1389.patch b/dev-lang/php/files/0001-Fix-cookie_seek_function_t-signature-under-musl-1389.patch new file mode 100644 index 0000000..28a455f --- /dev/null +++ b/dev-lang/php/files/0001-Fix-cookie_seek_function_t-signature-under-musl-1389.patch @@ -0,0 +1,42 @@ +From 72ba182fff763341313e5dc2a4ad8579d2396d1b Mon Sep 17 00:00:00 2001 +From: Arnaud Le Blanc +Date: Mon, 8 Apr 2024 14:58:12 +0200 +Subject: [PATCH 1/2] Fix cookie_seek_function_t signature under musl (#13890) + +Fixes GH-11678 +Upstream-Status: Backport [577b8ae4226368e66fee7a9b5c58f9e2428372fc] +--- + main/streams/cast.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git a/main/streams/cast.c b/main/streams/cast.c +index 2109239effa..f0d65a141bd 100644 +--- a/main/streams/cast.c ++++ b/main/streams/cast.c +@@ -104,6 +104,9 @@ static ssize_t stream_cookie_writer(void *cookie, const char *buffer, size_t siz + + # ifdef COOKIE_SEEKER_USES_OFF64_T + static int stream_cookie_seeker(void *cookie, off64_t *position, int whence) ++# else ++static int stream_cookie_seeker(void *cookie, off_t *position, int whence) ++# endif + { + + *position = php_stream_seek((php_stream *)cookie, (zend_off_t)*position, whence); +@@ -113,13 +116,6 @@ static int stream_cookie_seeker(void *cookie, off64_t *position, int whence) + } + return 0; + } +-# else +-static int stream_cookie_seeker(void *cookie, zend_off_t position, int whence) +-{ +- +- return php_stream_seek((php_stream *)cookie, position, whence); +-} +-# endif + + static int stream_cookie_closer(void *cookie) + { +-- +2.46.2 + diff --git a/dev-lang/php/files/0001-ext-libxml-Use-ZEND_ATTRIBUTE_UNUSED-in-php_libxml_o.patch b/dev-lang/php/files/0001-ext-libxml-Use-ZEND_ATTRIBUTE_UNUSED-in-php_libxml_o.patch new file mode 100644 index 0000000..2f5af0a --- /dev/null +++ b/dev-lang/php/files/0001-ext-libxml-Use-ZEND_ATTRIBUTE_UNUSED-in-php_libxml_o.patch @@ -0,0 +1,34 @@ +From f476b5c4f1d308703a0b06942b34539704296511 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zolt=C3=A1n=20B=C3=B6sz=C3=B6rm=C3=A9nyi?= + +Date: Tue, 9 Sep 2025 17:13:09 +0200 +Subject: [PATCH] ext/libxml: Use ZEND_ATTRIBUTE_UNUSED in + php_libxml_output_buffer_create_filename +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +ATTRIBUTE_UNUSED is not defined everywhere, use ZEND_ATTRIBUTE_UNUSED. + +Signed-off-by: Zoltán Böszörményi +Upstream-Status: Inappropriate [oe specific] +--- + ext/libxml/libxml.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c +index d343135b98d..5b8aad8e1e5 100644 +--- a/ext/libxml/libxml.c ++++ b/ext/libxml/libxml.c +@@ -476,7 +476,7 @@ php_libxml_input_buffer_create_filename(const char *URI, xmlCharEncoding enc) + static xmlOutputBufferPtr + php_libxml_output_buffer_create_filename(const char *URI, + xmlCharEncodingHandlerPtr encoder, +- int compression ATTRIBUTE_UNUSED) ++ int compression ZEND_ATTRIBUTE_UNUSED) + { + xmlOutputBufferPtr ret; + xmlURIPtr puri; +-- +2.51.0 + diff --git a/dev-lang/php/files/0002-Add-minimal-OpenSSL-3.0-patch-PHP7.4.patch b/dev-lang/php/files/0002-Add-minimal-OpenSSL-3.0-patch-PHP7.4.patch new file mode 100644 index 0000000..a908370 --- /dev/null +++ b/dev-lang/php/files/0002-Add-minimal-OpenSSL-3.0-patch-PHP7.4.patch @@ -0,0 +1,33 @@ +From: =?utf-8?b?T25kxZllaiBTdXLDvQ==?= +Date: Thu, 21 Apr 2022 12:52:24 +0200 +Subject: Add minimal OpenSSL 3.0 patch + +--- + ext/openssl/openssl.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c +index aa819be..2fa74f2 100644 +--- a/ext/openssl/openssl.c ++++ b/ext/openssl/openssl.c +@@ -55,6 +55,10 @@ + #include + #include + #include ++#if PHP_OPENSSL_API_VERSION >= 0x30000 ++#include ++#include ++#endif + + /* Common */ + #include +@@ -1517,7 +1521,9 @@ PHP_MINIT_FUNCTION(openssl) + REGISTER_LONG_CONSTANT("PKCS7_NOSIGS", PKCS7_NOSIGS, CONST_CS|CONST_PERSISTENT); + + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_PADDING", RSA_PKCS1_PADDING, CONST_CS|CONST_PERSISTENT); ++#ifdef RSA_SSLV23_PADDING + REGISTER_LONG_CONSTANT("OPENSSL_SSLV23_PADDING", RSA_SSLV23_PADDING, CONST_CS|CONST_PERSISTENT); ++#endif + REGISTER_LONG_CONSTANT("OPENSSL_NO_PADDING", RSA_NO_PADDING, CONST_CS|CONST_PERSISTENT); + REGISTER_LONG_CONSTANT("OPENSSL_PKCS1_OAEP_PADDING", RSA_PKCS1_OAEP_PADDING, CONST_CS|CONST_PERSISTENT); + diff --git a/dev-lang/php/files/0002-ext-intl-level-up-c-runtime-std-for-icu-74-and-onwar.patch b/dev-lang/php/files/0002-ext-intl-level-up-c-runtime-std-for-icu-74-and-onwar.patch new file mode 100644 index 0000000..aca0356 --- /dev/null +++ b/dev-lang/php/files/0002-ext-intl-level-up-c-runtime-std-for-icu-74-and-onwar.patch @@ -0,0 +1,39 @@ +From 9e7e6a5a1e4a8785e237a9c94b533e0c6d9dab91 Mon Sep 17 00:00:00 2001 +From: David Carlier +Date: Sat, 17 Feb 2024 21:38:21 +0000 +Subject: [PATCH 2/2] ext/intl: level up c++ runtime std for icu 74 and + onwards. + +to align with what is required to build icu 74 itself. + +Close GH-14002 +Upstream-Status: Backport [cc46a4e6b5a413bab3e264c1dcaaf7052f54fbc4] +--- + ext/intl/config.m4 | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/ext/intl/config.m4 b/ext/intl/config.m4 +index 7285f75e06a..36cf76e2932 100644 +--- a/ext/intl/config.m4 ++++ b/ext/intl/config.m4 +@@ -83,7 +83,16 @@ if test "$PHP_INTL" != "no"; then + breakiterator/codepointiterator_methods.cpp" + + PHP_REQUIRE_CXX() +- PHP_CXX_COMPILE_STDCXX(11, mandatory, PHP_INTL_STDCXX) ++ ++ AC_MSG_CHECKING([if intl requires -std=gnu++17]) ++ AS_IF([test "$PKG_CONFIG icu-uc --atleast-version=74"],[ ++ AC_MSG_RESULT([yes]) ++ PHP_CXX_COMPILE_STDCXX(17, mandatory, PHP_INTL_STDCXX) ++ ],[ ++ AC_MSG_RESULT([no]) ++ PHP_CXX_COMPILE_STDCXX(11, mandatory, PHP_INTL_STDCXX) ++ ]) ++ + PHP_INTL_CXX_FLAGS="$INTL_COMMON_FLAGS $PHP_INTL_STDCXX $ICU_CXXFLAGS" + if test "$ext_shared" = "no"; then + PHP_ADD_SOURCES(PHP_EXT_DIR(intl), $PHP_INTL_CXX_SOURCES, $PHP_INTL_CXX_FLAGS) +-- +2.46.2 + diff --git a/dev-lang/php/files/0003-Fix-bug-79589-ssl3_read_n-unexpected-eof-while-reading-PHP7.4.patch b/dev-lang/php/files/0003-Fix-bug-79589-ssl3_read_n-unexpected-eof-while-reading-PHP7.4.patch new file mode 100644 index 0000000..d420b47 --- /dev/null +++ b/dev-lang/php/files/0003-Fix-bug-79589-ssl3_read_n-unexpected-eof-while-reading-PHP7.4.patch @@ -0,0 +1,61 @@ +From: Jakub Zelenka +Date: Sun, 15 May 2022 13:49:17 +0100 +Subject: Fix bug #79589: ssl3_read_n:unexpected eof while reading + +The unexpected EOF failure was introduced in OpenSSL 3.0 to prevent +truncation attack. However there are many non complaint servers and +it is causing break for many users including potential majority +of those where the truncation attack is not applicable. For that reason +we try to keep behavior consitent with older OpenSSL versions which is +also the path chosen by some other languages and web servers. + +Closes GH-8369 +--- + ext/openssl/tests/bug79589.phpt | 21 +++++++++++++++++++++ + ext/openssl/xp_ssl.c | 5 +++++ + 2 files changed, 26 insertions(+) + create mode 100644 ext/openssl/tests/bug79589.phpt + +diff --git a/ext/openssl/tests/bug79589.phpt b/ext/openssl/tests/bug79589.phpt +new file mode 100644 +index 0000000..5d277e8 +--- /dev/null ++++ b/ext/openssl/tests/bug79589.phpt +@@ -0,0 +1,21 @@ ++--TEST-- ++Bug #65538: TLS unexpected EOF failure ++--EXTENSIONS-- ++openssl ++--SKIPIF-- ++ ++--FILE-- ++ ['verify_peer'=> false]]) ++); ++echo gettype($release); ++ ++?> ++--EXPECT-- ++string +diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c +index 9710e44..1f808bd 100644 +--- a/ext/openssl/xp_ssl.c ++++ b/ext/openssl/xp_ssl.c +@@ -1640,6 +1640,11 @@ int php_openssl_setup_crypto(php_stream *stream, + + ssl_ctx_options &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + ++#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF ++ /* Only for OpenSSL 3+ to keep OpenSSL 1.1.1 behavior */ ++ ssl_ctx_options |= SSL_OP_IGNORE_UNEXPECTED_EOF; ++#endif ++ + if (!GET_VER_OPT("disable_compression") || zend_is_true(val)) { + ssl_ctx_options |= SSL_OP_NO_COMPRESSION; + } diff --git a/dev-lang/php/files/0006-Use-ITIMER_REAL-for-timeout-handling-PHP-7.4.patch b/dev-lang/php/files/0006-Use-ITIMER_REAL-for-timeout-handling-PHP-7.4.patch new file mode 100644 index 0000000..e0901fa --- /dev/null +++ b/dev-lang/php/files/0006-Use-ITIMER_REAL-for-timeout-handling-PHP-7.4.patch @@ -0,0 +1,39 @@ +From 272da51bfd562f5b9847c1b41eaa5d7018058490 Mon Sep 17 00:00:00 2001 +From: Shivam Mathur +Date: Fri, 4 June 2024 13:40:00 +0530 +Subject: [PATCH] Use ITIMER_REAL for timeout handling on MacOS / Apple Silicon + system + +setitimer(ITIMER_PROF) fires too early on MacOS 14 when running on Apple +Silicon. See https://openradar.appspot.com/radar?id=5583058442911744. + +Fixes GH-12814 +Closes GH-13567 +--- + Zend/zend_execute_API.c | 6 ++++-- + 1 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/Zend/zend_execute_API.c b/Zend/zend_execute_API.c +index c7f814138d00d774205ec78e8fd98a81b16e69db..fa126f959b3edf9d2e91d1b19d6029432ba4e210 100644 +--- a/Zend/zend_execute_API.c ++++ b/Zend/zend_execute_API.c +@@ -1294,7 +1294,9 @@ static void zend_set_timeout_ex(zend_long seconds, int reset_signals) /* {{{ */ + t_r.it_value.tv_sec = seconds; + t_r.it_value.tv_usec = t_r.it_interval.tv_sec = t_r.it_interval.tv_usec = 0; + +-# if defined(__CYGWIN__) || defined(__PASE__) ++# if defined(__CYGWIN__) || defined(__PASE__) || (defined(__aarch64__) && defined(__APPLE__)) ++ // ITIMER_PROF is broken in Apple Silicon system with MacOS >= 14 ++ // See https://openradar.appspot.com/radar?id=5583058442911744. + setitimer(ITIMER_REAL, &t_r, NULL); + } + signo = SIGALRM; +@@ -1356,7 +1358,7 @@ void zend_unset_timeout(void) /* {{{ */ + + no_timeout.it_value.tv_sec = no_timeout.it_value.tv_usec = no_timeout.it_interval.tv_sec = no_timeout.it_interval.tv_usec = 0; + +-# if defined(__CYGWIN__) || defined(__PASE__) ++# if defined(__CYGWIN__) || defined(__PASE__) || (defined(__aarch64__) && defined(__APPLE__)) + setitimer(ITIMER_REAL, &no_timeout, NULL); + # else + setitimer(ITIMER_PROF, &no_timeout, NULL); diff --git a/dev-lang/php/files/0007-Fix-PEAR-installation-with-libxml2.13.patch b/dev-lang/php/files/0007-Fix-PEAR-installation-with-libxml2.13.patch new file mode 100644 index 0000000..2ae142f --- /dev/null +++ b/dev-lang/php/files/0007-Fix-PEAR-installation-with-libxml2.13.patch @@ -0,0 +1,64 @@ +From 67259e451d5d58b4842776c5696a66d74e157609 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Fri, 5 Jul 2024 23:34:09 +0200 +Subject: [PATCH] Fix GH-14834: Error installing PHP when --with-pear is used + +libxml2 2.13 makes changes to how the parsing state is set, update our +code accordingly. In particular, it started reporting entities within +attributes, while it should only report entities inside text nodes. + +Closes GH-14837. +--- + ext/xml/compat.c | 2 +- + ext/xml/tests/gh14834.phpt | 29 +++++++++++++++++++++++++++++ + 3 files changed, 32 insertions(+), 1 deletion(-) + create mode 100644 ext/xml/tests/gh14834.phpt + +diff --git a/ext/xml/compat.c b/ext/xml/compat.c +index 242cc4ba7c40c..5f55dc62b3687 100644 +--- a/ext/xml/compat.c ++++ b/ext/xml/compat.c +@@ -375,7 +375,7 @@ _get_entity(void *user, const xmlChar *name) + if (ret == NULL) + ret = xmlGetDocEntity(parser->parser->myDoc, name); + +- if (ret == NULL || (parser->parser->instate != XML_PARSER_ENTITY_VALUE && parser->parser->instate != XML_PARSER_ATTRIBUTE_VALUE)) { ++ if (ret == NULL || parser->parser->instate == XML_PARSER_CONTENT) { + if (ret == NULL || ret->etype == XML_INTERNAL_GENERAL_ENTITY || ret->etype == XML_INTERNAL_PARAMETER_ENTITY || ret->etype == XML_INTERNAL_PREDEFINED_ENTITY) { + /* Predefined entities will expand unless no cdata handler is present */ + if (parser->h_default && ! (ret && ret->etype == XML_INTERNAL_PREDEFINED_ENTITY && parser->h_cdata)) { +diff --git a/ext/xml/tests/gh14834.phpt b/ext/xml/tests/gh14834.phpt +new file mode 100644 +index 0000000000000..2781ba2ed0941 +--- /dev/null ++++ b/ext/xml/tests/gh14834.phpt +@@ -0,0 +1,29 @@ ++--TEST-- ++GH-14834 (Error installing PHP when --with-pear is used) ++--EXTENSIONS-- ++xml ++--FILE-- ++ ++ ++]> ++ ++ &foo; ++ ++XML; ++ ++$parser = xml_parser_create(); ++xml_set_character_data_handler($parser, function($_, $data) { ++ var_dump($data); ++}); ++xml_parse($parser, $xml, true); ++?> ++--EXPECT-- ++string(3) " ++ " ++string(3) "ent" ++string(7) " & " ++string(1) " ++" diff --git a/dev-lang/php/files/0009-Fix-w-strict-prototype-build-warnings-PHP-7.4.patch b/dev-lang/php/files/0009-Fix-w-strict-prototype-build-warnings-PHP-7.4.patch new file mode 100644 index 0000000..2e20717 --- /dev/null +++ b/dev-lang/php/files/0009-Fix-w-strict-prototype-build-warnings-PHP-7.4.patch @@ -0,0 +1,392 @@ +From f566cba0bb6bd53b1d44d5097e68201412b00f7a Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Thu, 25 Nov 2021 13:16:26 +0100 +Subject: [PATCH] fix [-Wstrict-prototypes] build warnings in ext/gd + +--- + ext/gd/config.m4 | 2 -- + ext/gd/gd.c | 58 ++++++++++++++++++++++++------------------------ + 2 files changed, 29 insertions(+), 31 deletions(-) + +diff -up a/ext/gd/gd.c.proto b/ext/gd/gd.c +--- a/ext/gd/gd.c.proto 2022-10-31 11:36:07.000000000 +0100 ++++ b/ext/gd/gd.c 2025-02-13 12:04:07.860118321 +0100 +@@ -138,9 +138,9 @@ static void php_image_filter_pixelate(IN + static void php_image_filter_scatter(INTERNAL_FUNCTION_PARAMETERS); + + /* End Section filters declarations */ +-static gdImagePtr _php_image_create_from_string (zval *Data, char *tn, gdImagePtr (*ioctx_func_p)()); +-static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, gdImagePtr (*func_p)(), gdImagePtr (*ioctx_func_p)()); +-static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, void (*func_p)()); ++static gdImagePtr _php_image_create_from_string (zval *Data, char *tn, gdImagePtr (*ioctx_func_p)(gdIOCtxPtr)); ++static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, gdImagePtr (*func_p)(FILE *), gdImagePtr (*ioctx_func_p)(gdIOCtxPtr)); ++static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn); + static int _php_image_type(char data[12]); + static void _php_image_convert(INTERNAL_FUNCTION_PARAMETERS, int image_type); + +@@ -2330,7 +2330,7 @@ static int _php_image_type (char data[12 + + /* {{{ _php_image_create_from_string + */ +-gdImagePtr _php_image_create_from_string(zval *data, char *tn, gdImagePtr (*ioctx_func_p)()) ++gdImagePtr _php_image_create_from_string(zval *data, char *tn, gdImagePtr (*ioctx_func_p)(gdIOCtxPtr)) + { + gdImagePtr im; + gdIOCtx *io_ctx; +@@ -2440,7 +2440,7 @@ PHP_FUNCTION(imagecreatefromstring) + + /* {{{ _php_image_create_from + */ +-static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, gdImagePtr (*func_p)(), gdImagePtr (*ioctx_func_p)()) ++static void _php_image_create_from(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, gdImagePtr (*func_p)(FILE *), gdImagePtr (*ioctx_func_p)(gdIOCtxPtr)) + { + char *file; + size_t file_len; +@@ -2477,7 +2477,7 @@ static void _php_image_create_from(INTER + if (FAILURE == php_stream_cast(stream, PHP_STREAM_AS_STDIO, (void**)&fp, REPORT_ERRORS)) { + goto out_err; + } +- } else if (ioctx_func_p) { ++ } else if (ioctx_func_p || image_type == PHP_GDIMG_TYPE_GD2PART) { + /* we can create an io context */ + gdIOCtx* io_ctx; + zend_string *buff; +@@ -2501,7 +2501,7 @@ static void _php_image_create_from(INTER + } + + if (image_type == PHP_GDIMG_TYPE_GD2PART) { +- im = (*ioctx_func_p)(io_ctx, srcx, srcy, width, height); ++ im = gdImageCreateFromGd2PartCtx(io_ctx, srcx, srcy, width, height); + } else { + im = (*ioctx_func_p)(io_ctx); + } +@@ -2519,7 +2519,7 @@ static void _php_image_create_from(INTER + if (!im && fp) { + switch (image_type) { + case PHP_GDIMG_TYPE_GD2PART: +- im = (*func_p)(fp, srcx, srcy, width, height); ++ im = gdImageCreateFromGd2Part(fp, srcx, srcy, width, height); + break; + #if defined(HAVE_GD_XPM) + case PHP_GDIMG_TYPE_XPM: +@@ -2608,7 +2608,7 @@ PHP_FUNCTION(imagecreatefromxbm) + Create a new image from XPM file or URL */ + PHP_FUNCTION(imagecreatefromxpm) + { +- _php_image_create_from(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_XPM, "XPM", gdImageCreateFromXpm, NULL); ++ _php_image_create_from(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_XPM, "XPM", NULL, NULL); + } + /* }}} */ + #endif +@@ -2641,7 +2641,7 @@ PHP_FUNCTION(imagecreatefromgd2) + Create a new image from a given part of GD2 file or URL */ + PHP_FUNCTION(imagecreatefromgd2part) + { +- _php_image_create_from(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GD2PART, "GD2", gdImageCreateFromGd2Part, gdImageCreateFromGd2PartCtx); ++ _php_image_create_from(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GD2PART, "GD2", NULL, NULL); + } + /* }}} */ + +@@ -2667,7 +2667,7 @@ PHP_FUNCTION(imagecreatefromtga) + + /* {{{ _php_image_output + */ +-static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, void (*func_p)()) ++static void _php_image_output(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn) + { + zval *imgind; + char *file = NULL; +@@ -2720,13 +2720,13 @@ static void _php_image_output(INTERNAL_F + gdImageWBMP(im, q, fp); + break; + case PHP_GDIMG_TYPE_GD: +- (*func_p)(im, fp); ++ gdImageGd(im, fp); + break; + case PHP_GDIMG_TYPE_GD2: + if (q == -1) { + q = 128; + } +- (*func_p)(im, fp, q, t); ++ gdImageGd2(im, fp, q, t); + break; + default: + ZEND_ASSERT(0); +@@ -2756,13 +2756,13 @@ static void _php_image_output(INTERNAL_F + gdImageWBMP(im, q, tmp); + break; + case PHP_GDIMG_TYPE_GD: +- (*func_p)(im, tmp); ++ gdImageGd(im, tmp); + break; + case PHP_GDIMG_TYPE_GD2: + if (q == -1) { + q = 128; + } +- (*func_p)(im, tmp, q, t); ++ gdImageGd2(im, tmp, q, t); + break; + default: + ZEND_ASSERT(0); +@@ -2786,7 +2786,7 @@ static void _php_image_output(INTERNAL_F + Output XBM image to browser or file */ + PHP_FUNCTION(imagexbm) + { +- _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_XBM, "XBM", gdImageXbmCtx); ++ _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_XBM, "XBM"); + } + /* }}} */ + +@@ -2794,7 +2794,7 @@ PHP_FUNCTION(imagexbm) + Output GIF image to browser or file */ + PHP_FUNCTION(imagegif) + { +- _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GIF, "GIF", gdImageGifCtx); ++ _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GIF, "GIF"); + } + /* }}} */ + +@@ -2803,7 +2803,7 @@ PHP_FUNCTION(imagegif) + Output PNG image to browser or file */ + PHP_FUNCTION(imagepng) + { +- _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_PNG, "PNG", gdImagePngCtxEx); ++ _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_PNG, "PNG"); + } + /* }}} */ + #endif /* HAVE_GD_PNG */ +@@ -2814,7 +2814,7 @@ PHP_FUNCTION(imagepng) + Output WEBP image to browser or file */ + PHP_FUNCTION(imagewebp) + { +- _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_WEBP, "WEBP", gdImageWebpCtx); ++ _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_WEBP, "WEBP"); + } + /* }}} */ + #endif /* HAVE_GD_WEBP */ +@@ -2825,7 +2825,7 @@ PHP_FUNCTION(imagewebp) + Output JPEG image to browser or file */ + PHP_FUNCTION(imagejpeg) + { +- _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_JPG, "JPEG", gdImageJpegCtx); ++ _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_JPG, "JPEG"); + } + /* }}} */ + #endif /* HAVE_GD_JPG */ +@@ -2834,7 +2834,7 @@ PHP_FUNCTION(imagejpeg) + Output WBMP image to browser or file */ + PHP_FUNCTION(imagewbmp) + { +- _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_WBM, "WBMP", gdImageWBMPCtx); ++ _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_WBM, "WBMP"); + } + /* }}} */ + +@@ -2842,7 +2842,7 @@ PHP_FUNCTION(imagewbmp) + Output GD image to browser or file */ + PHP_FUNCTION(imagegd) + { +- _php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GD, "GD", gdImageGd); ++ _php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GD, "GD"); + } + /* }}} */ + +@@ -2850,7 +2850,7 @@ PHP_FUNCTION(imagegd) + Output GD2 image to browser or file */ + PHP_FUNCTION(imagegd2) + { +- _php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GD2, "GD2", gdImageGd2); ++ _php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_GD2, "GD2"); + } + /* }}} */ + +@@ -2859,7 +2859,7 @@ PHP_FUNCTION(imagegd2) + Output BMP image to browser or file */ + PHP_FUNCTION(imagebmp) + { +- _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_BMP, "BMP", gdImageBmpCtx); ++ _php_image_output_ctx(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_TYPE_BMP, "BMP"); + } + /* }}} */ + #endif +@@ -4146,7 +4146,7 @@ static void php_imagettftext_common(INTE + Output WBMP image to browser or file */ + PHP_FUNCTION(image2wbmp) + { +- _php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_CONVERT_WBM, "WBMP", NULL); ++ _php_image_output(INTERNAL_FUNCTION_PARAM_PASSTHRU, PHP_GDIMG_CONVERT_WBM, "WBMP"); + } + /* }}} */ + +diff -up a/ext/gd/gd_ctx.c.proto b/ext/gd/gd_ctx.c +--- a/ext/gd/gd_ctx.c.proto 2025-02-13 11:42:48.478248591 +0100 ++++ b/ext/gd/gd_ctx.c 2025-02-13 11:52:48.325740296 +0100 +@@ -77,7 +77,7 @@ static void _php_image_stream_ctxfreeand + } /* }}} */ + + /* {{{ _php_image_output_ctx */ +-static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn, void (*func_p)()) ++static void _php_image_output_ctx(INTERNAL_FUNCTION_PARAMETERS, int image_type, char *tn) + { + zval *imgind; + char *file = NULL; +@@ -177,16 +177,20 @@ static void _php_image_output_ctx(INTERN + + switch(image_type) { + case PHP_GDIMG_TYPE_JPG: +- (*func_p)(im, ctx, q); ++ gdImageJpegCtx(im, ctx, q); + break; + case PHP_GDIMG_TYPE_WEBP: + if (q == -1) { + q = 80; + } +- (*func_p)(im, ctx, q); ++ gdImageWebpCtx(im, ctx, q); + break; + case PHP_GDIMG_TYPE_PNG: +- (*func_p)(im, ctx, q, f); ++#ifdef HAVE_GD_BUNDLED ++ gdImagePngCtxEx(im, ctx, q, f); ++#else ++ gdImagePngCtxEx(im, ctx, q); ++#endif + break; + case PHP_GDIMG_TYPE_XBM: + case PHP_GDIMG_TYPE_WBM: +@@ -197,16 +201,16 @@ static void _php_image_output_ctx(INTERN + q = i; + } + if (image_type == PHP_GDIMG_TYPE_XBM) { +- (*func_p)(im, file ? file : "", q, ctx); ++ gdImageXbmCtx(im, file ? file : "", q, ctx); + } else { +- (*func_p)(im, q, ctx); ++ gdImageWBMPCtx(im, q, ctx); + } + break; + case PHP_GDIMG_TYPE_BMP: +- (*func_p)(im, ctx, (int) compressed); ++ gdImageBmpCtx(im, ctx, (int) compressed); + break; +- default: +- (*func_p)(im, ctx); ++ case PHP_GDIMG_TYPE_GIF: ++ gdImageGifCtx(im, ctx); + break; + } + +From b7356692f69f4ac0a07ea54e83debdd04b426dcb Mon Sep 17 00:00:00 2001 +From: George Peter Banyard +Date: Wed, 12 May 2021 14:41:11 +0100 +Subject: [PATCH] Specify function pointer signature for scanf implementation + +Fix [-Wstrict-prototypes] warnings in standard/scanf.c +--- + ext/standard/scanf.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/ext/standard/scanf.c b/ext/standard/scanf.c +index f58b4195cc599..78ecc1642cf92 100644 +--- a/ext/standard/scanf.c ++++ b/ext/standard/scanf.c +@@ -108,6 +108,8 @@ typedef struct CharSet { + } *ranges; + } CharSet; + ++typedef zend_long (*int_string_formater)(const char*, char**, int); ++ + /* + * Declarations for functions used only in this file. + */ +@@ -585,7 +587,7 @@ PHPAPI int php_sscanf_internal( char *string, char *format, + int base = 0; + int underflow = 0; + size_t width; +- zend_long (*fn)() = NULL; ++ int_string_formater fn = NULL; + char *ch, sch; + int flags; + char buf[64]; /* Temporary buffer to hold scanned number +@@ -750,29 +752,29 @@ PHPAPI int php_sscanf_internal( char *string, char *format, + case 'D': + op = 'i'; + base = 10; +- fn = (zend_long (*)())ZEND_STRTOL_PTR; ++ fn = (int_string_formater)ZEND_STRTOL_PTR; + break; + case 'i': + op = 'i'; + base = 0; +- fn = (zend_long (*)())ZEND_STRTOL_PTR; ++ fn = (int_string_formater)ZEND_STRTOL_PTR; + break; + case 'o': + op = 'i'; + base = 8; +- fn = (zend_long (*)())ZEND_STRTOL_PTR; ++ fn = (int_string_formater)ZEND_STRTOL_PTR; + break; + case 'x': + case 'X': + op = 'i'; + base = 16; +- fn = (zend_long (*)())ZEND_STRTOL_PTR; ++ fn = (int_string_formater)ZEND_STRTOL_PTR; + break; + case 'u': + op = 'i'; + base = 10; + flags |= SCAN_UNSIGNED; +- fn = (zend_long (*)())ZEND_STRTOUL_PTR; ++ fn = (int_string_formater)ZEND_STRTOUL_PTR; + break; + + case 'f': +From 2068d230d981d7b06b41b87ebc37ab2581b79852 Mon Sep 17 00:00:00 2001 +From: George Peter Banyard +Date: Wed, 12 May 2021 18:54:57 +0100 +Subject: [PATCH] Fix [-Wstrict-prototypes] warning in PCNTL extension + +To achieve this we need to introduce a new wrapper function with +dummy arguments which calls pcntl_signal_dispatch() to respect +the function pointer signature for a tick function. +--- + ext/pcntl/pcntl.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/ext/pcntl/pcntl.c b/ext/pcntl/pcntl.c +index 1e8690ae75144..c116eff7d034a 100644 +--- a/ext/pcntl/pcntl.c ++++ b/ext/pcntl/pcntl.c +@@ -252,7 +252,8 @@ static void pcntl_siginfo_to_zval(int, s + #else + static void pcntl_signal_handler(int); + #endif +-static void pcntl_signal_dispatch(); ++static void pcntl_signal_dispatch(void); ++static void pcntl_signal_dispatch_tick_function(int dummy_int, void *dummy_pointer); + static void pcntl_interrupt_function(zend_execute_data *execute_data); + + void php_register_signal_constants(INIT_FUNC_ARGS) +@@ -587,7 +588,7 @@ static PHP_GINIT_FUNCTION(pcntl) + + PHP_RINIT_FUNCTION(pcntl) + { +- php_add_tick_function(pcntl_signal_dispatch, NULL); ++ php_add_tick_function(pcntl_signal_dispatch_tick_function, NULL); + zend_hash_init(&PCNTL_G(php_signal_table), 16, NULL, ZVAL_PTR_DTOR, 0); + PCNTL_G(head) = PCNTL_G(tail) = PCNTL_G(spares) = NULL; + PCNTL_G(async_signals) = 0; +@@ -1549,6 +1550,11 @@ void pcntl_signal_dispatch() + sigprocmask(SIG_SETMASK, &old_mask, NULL); + } + ++static void pcntl_signal_dispatch_tick_function(int dummy_int, void *dummy_pointer) ++{ ++ return pcntl_signal_dispatch(); ++} ++ + /* {{{ proto bool pcntl_async_signals([bool on[) + Enable/disable asynchronous signal handling and return the old setting. */ + PHP_FUNCTION(pcntl_async_signals) diff --git a/dev-lang/php/files/0010-Fix-GH-16168-Fix-inline-assembly-labels-to-not-crash-PHP7.4.patch b/dev-lang/php/files/0010-Fix-GH-16168-Fix-inline-assembly-labels-to-not-crash-PHP7.4.patch new file mode 100644 index 0000000..72b29f7 --- /dev/null +++ b/dev-lang/php/files/0010-Fix-GH-16168-Fix-inline-assembly-labels-to-not-crash-PHP7.4.patch @@ -0,0 +1,103 @@ +From 9fbcc192064146df6c7784265ca826ce63c7c402 Mon Sep 17 00:00:00 2001 +From: Shivam Mathur +Date: Sun, 12 Oct 2025 04:26:14 +0530 +Subject: [PATCH 1/1] Fix GH-16168: Fix inline assembly labels to not crash + with Xcode 16 clang + +--- + Zend/zend_string.c | 40 ++++++++++++++++++++-------------------- + 1 file changed, 20 insertions(+), 20 deletions(-) + +diff --git a/Zend/zend_string.c b/Zend/zend_string.c +index 75e7e6249f..ee6a89125c 100644 +--- a/Zend/zend_string.c ++++ b/Zend/zend_string.c +@@ -328,32 +328,32 @@ ZEND_API void zend_interned_strings_switch_storage(zend_bool request) + ZEND_API zend_bool ZEND_FASTCALL zend_string_equal_val(zend_string *s1, zend_string *s2) + { + char *ptr = ZSTR_VAL(s1); +- size_t delta = (char*)s2 - (char*)s1; ++ uintptr_t delta = (uintptr_t) s2 - (uintptr_t) s1; + size_t len = ZSTR_LEN(s1); + zend_ulong ret; + + __asm__ ( +- ".LL0%=:\n\t" ++ "0:\n\t" + "movl (%2,%3), %0\n\t" + "xorl (%2), %0\n\t" +- "jne .LL1%=\n\t" ++ "jne 1f\n\t" + "addl $0x4, %2\n\t" + "subl $0x4, %1\n\t" +- "ja .LL0%=\n\t" ++ "ja 0b\n\t" + "movl $0x1, %0\n\t" +- "jmp .LL3%=\n\t" +- ".LL1%=:\n\t" ++ "jmp 3f\n\t" ++ "1:\n\t" + "cmpl $0x4,%1\n\t" +- "jb .LL2%=\n\t" ++ "jb 2f\n\t" + "xorl %0, %0\n\t" +- "jmp .LL3%=\n\t" +- ".LL2%=:\n\t" ++ "jmp 3f\n\t" ++ "2:\n\t" + "negl %1\n\t" + "lea 0x20(,%1,8), %1\n\t" + "shll %b1, %0\n\t" + "sete %b0\n\t" + "movzbl %b0, %0\n\t" +- ".LL3%=:\n" ++ "3:\n" + : "=&a"(ret), + "+c"(len), + "+r"(ptr) +@@ -396,32 +396,32 @@ ZEND_API zend_bool ZEND_FASTCALL I_WRAP_SONAME_FNNAME_ZU(NONE,zend_string_equal_ + ZEND_API zend_bool ZEND_FASTCALL zend_string_equal_val(zend_string *s1, zend_string *s2) + { + char *ptr = ZSTR_VAL(s1); +- size_t delta = (char*)s2 - (char*)s1; ++ uintptr_t delta = (uintptr_t) s2 - (uintptr_t) s1; + size_t len = ZSTR_LEN(s1); + zend_ulong ret; + + __asm__ ( +- ".LL0%=:\n\t" ++ "0:\n\t" + "movq (%2,%3), %0\n\t" + "xorq (%2), %0\n\t" +- "jne .LL1%=\n\t" ++ "jne 1f\n\t" + "addq $0x8, %2\n\t" + "subq $0x8, %1\n\t" +- "ja .LL0%=\n\t" ++ "ja 0b\n\t" + "movq $0x1, %0\n\t" +- "jmp .LL3%=\n\t" +- ".LL1%=:\n\t" ++ "jmp 3f\n\t" ++ "1:\n\t" + "cmpq $0x8,%1\n\t" +- "jb .LL2%=\n\t" ++ "jb 2f\n\t" + "xorq %0, %0\n\t" +- "jmp .LL3%=\n\t" +- ".LL2%=:\n\t" ++ "jmp 3f\n\t" ++ "2:\n\t" + "negq %1\n\t" + "lea 0x40(,%1,8), %1\n\t" + "shlq %b1, %0\n\t" + "sete %b0\n\t" + "movzbq %b0, %0\n\t" +- ".LL3%=:\n" ++ "3:\n" + : "=&a"(ret), + "+c"(len), + "+r"(ptr) +-- +2.50.1 (Apple Git-155) + diff --git a/dev-lang/php/files/php-7.4.11-crosscompile.patch b/dev-lang/php/files/php-7.4.11-crosscompile.patch new file mode 100644 index 0000000..f26ee25 --- /dev/null +++ b/dev-lang/php/files/php-7.4.11-crosscompile.patch @@ -0,0 +1,82 @@ +Upstream-Status: Inappropriate [cross compile specific] + +diff -durpN php-7.4.11.orig/ext/iconv/config.m4 php-7.4.11/ext/iconv/config.m4 +--- php-7.4.11.orig/ext/iconv/config.m4 2020-10-09 08:04:45.951837732 -0400 ++++ php-7.4.11/ext/iconv/config.m4 2020-10-09 08:06:36.874657935 -0400 +@@ -150,9 +150,9 @@ int main() { + PHP_DEFINE([ICONV_SUPPORTS_ERRNO],0,[ext/iconv]) + AC_DEFINE([ICONV_SUPPORTS_ERRNO],0,[Whether iconv supports error no or not]) + ],[ +- AC_MSG_RESULT(no, cross-compiling) +- PHP_DEFINE([ICONV_SUPPORTS_ERRNO],0,[ext/iconv]) +- AC_DEFINE([ICONV_SUPPORTS_ERRNO],0,[Whether iconv supports error no or not]) ++ AC_MSG_RESULT(yes) ++ PHP_DEFINE([ICONV_SUPPORTS_ERRNO],1,[ext/iconv]) ++ AC_DEFINE([ICONV_SUPPORTS_ERRNO],1,[Whether iconv supports error no or not]) + ]) + + AC_MSG_CHECKING([if iconv supports //IGNORE]) +diff -durpN php-7.4.11.orig/ext/opcache/config.m4 php-7.4.11/ext/opcache/config.m4 +--- php-7.4.11.orig/ext/opcache/config.m4 2020-10-09 08:04:45.953837747 -0400 ++++ php-7.4.11/ext/opcache/config.m4 2020-10-09 08:06:36.874657935 -0400 +@@ -89,7 +89,9 @@ int main() { + } + ]])],[dnl + AC_DEFINE(HAVE_SHM_IPC, 1, [Define if you have SysV IPC SHM support]) +- msg=yes],[msg=no],[msg=no]) ++ msg=yes],[msg=no],[ ++ AC_DEFINE(HAVE_SHM_IPC, 1, [Define if you have SysV IPC SHM support]) ++ msg=yes]) + AC_MSG_RESULT([$msg]) + + AC_MSG_CHECKING(for mmap() using MAP_ANON shared memory support) +@@ -141,7 +143,9 @@ int main() { + } + ]])],[dnl + AC_DEFINE(HAVE_SHM_MMAP_ANON, 1, [Define if you have mmap(MAP_ANON) SHM support]) +- msg=yes],[msg=no],[msg=no]) ++ msg=yes],[msg=no],[ ++ AC_DEFINE(HAVE_SHM_MMAP_ANON, 1, [Define if you have mmap(MAP_ANON) SHM support]) ++ msg=yes]) + AC_MSG_RESULT([$msg]) + + PHP_CHECK_FUNC_LIB(shm_open, rt) +@@ -216,7 +220,9 @@ int main() { + ],[ + AC_MSG_RESULT([no]) + ],[ +- AC_MSG_RESULT([no]) ++ AC_DEFINE(HAVE_SHM_MMAP_POSIX, 1, [Define if you have POSIX mmap() SHM support]) ++ AC_MSG_RESULT([yes]) ++ PHP_CHECK_LIBRARY(rt, shm_unlink, [PHP_ADD_LIBRARY(rt,1,OPCACHE_SHARED_LIBADD)]) + ]) + + PHP_NEW_EXTENSION(opcache, +diff -durpN php-7.4.11.orig/ext/posix/config.m4 php-7.4.11/ext/posix/config.m4 +--- php-7.4.11.orig/ext/posix/config.m4 2020-10-09 08:04:45.954837755 -0400 ++++ php-7.4.11/ext/posix/config.m4 2020-10-09 08:06:36.875657943 -0400 +@@ -28,7 +28,10 @@ int main(int argc, char *argv[]) + ],[ + AC_MSG_RESULT([no, posix_ttyname() will be thread-unsafe]) + ], [ +- AC_MSG_RESULT([no, cannot detect working ttyname_r() when cross compiling. posix_ttyname() will be thread-unsafe]) ++ AC_CHECK_FUNCS(ttyname_r, ++ [AC_MSG_RESULT([yes]) ++ AC_DEFINE(HAVE_TTYNAME_R, 1, [Whether you have a working ttyname_r])], ++ [AC_MSG_RESULT([no, cannot detect working ttyname_r() when cross compiling. posix_ttyname() will be thread-unsafe])]) + ]) + + AC_CACHE_CHECK([for utsname.domainname], ac_cv_have_utsname_domainname, [ +diff -durpN php-7.4.11.orig/sapi/fpm/config.m4 php-7.4.11/sapi/fpm/config.m4 +--- php-7.4.11.orig/sapi/fpm/config.m4 2020-10-09 08:04:45.955837762 -0400 ++++ php-7.4.11/sapi/fpm/config.m4 2020-10-09 08:06:37.012658955 -0400 +@@ -262,7 +262,8 @@ AC_DEFUN([AC_FPM_TRACE], + proc_mem_file="" + AC_MSG_RESULT([no]) + ], [ +- AC_MSG_RESULT([skipped (cross-compiling)]) ++ AC_MSG_RESULT([cross compiling for Linux, using 'mem']) ++ proc_mem_file="mem" + ]) + fi + diff --git a/dev-lang/php/files/php-7.4.33-gcc14.patch b/dev-lang/php/files/php-7.4.33-gcc14.patch new file mode 100644 index 0000000..4d93ac9 --- /dev/null +++ b/dev-lang/php/files/php-7.4.33-gcc14.patch @@ -0,0 +1,203 @@ +Upstream-Status: Backport [aeaab8ee3e52f74c042a861e394437d6554b36be] + +diff -up php-7.4.33/ext/pdo_oci/oci_statement.c.gcc14 php-7.4.33/ext/pdo_oci/oci_statement.c +--- php-7.4.33/ext/pdo_oci/oci_statement.c.gcc14 2022-10-31 11:36:05.000000000 +0100 ++++ php-7.4.33/ext/pdo_oci/oci_statement.c 2024-02-14 15:05:34.224568567 +0100 +@@ -654,7 +654,7 @@ static ssize_t oci_blob_write(php_stream + return amt; + } + +-static size_t oci_blob_read(php_stream *stream, char *buf, size_t count) ++static ssize_t oci_blob_read(php_stream *stream, char *buf, size_t count) + { + struct oci_lob_self *self = (struct oci_lob_self*)stream->abstract; + ub4 amt; +@@ -666,7 +666,7 @@ static size_t oci_blob_read(php_stream * + NULL, NULL, 0, SQLCS_IMPLICIT); + + if (r != OCI_SUCCESS && r != OCI_NEED_DATA) { +- return (size_t)-1; ++ return -1; + } + + self->offset += amt; +diff -up php-7.4.33/sapi/litespeed/lsapi_main.c.gcc14 php-7.4.33/sapi/litespeed/lsapi_main.c +--- php-7.4.33/sapi/litespeed/lsapi_main.c.gcc14 2024-02-14 15:09:59.523706463 +0100 ++++ php-7.4.33/sapi/litespeed/lsapi_main.c 2024-02-14 15:10:13.979258854 +0100 +@@ -25,6 +25,7 @@ + #include "zend.h" + #include "ext/standard/basic_functions.h" + #include "ext/standard/info.h" ++#include "ext/standard/head.h" + #include "lsapilib.h" + + #include + + +Adapted for 7.4 from: + +From aeaab8ee3e52f74c042a861e394437d6554b36be Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 9 Sep 2019 21:29:03 +0200 +Subject: [PATCH] Port various autoconf bits to C99 compilers + +C99 no longer has implicit function declarations and implicit ints. +Current GCC versions enable them as an extension, but this will +change in a future GCC version. +--- + Zend/Zend.m4 | 2 ++ + build/libtool.m4 | 5 +---- + build/php.m4 | 17 ++++++++++------- + configure.ac | 2 ++ + ext/standard/config.m4 | 22 ++++++++++++++++++++++ + 5 files changed, 37 insertions(+), 11 deletions(-) + +diff --git a/Zend/Zend.m4 b/Zend/Zend.m4 +index 054e2621a4057..57a12ac36ba60 100644 +--- a/Zend/Zend.m4 ++++ b/Zend/Zend.m4 +@@ -157,6 +157,7 @@ AC_MSG_CHECKING(whether double cast to long preserves least significant bits) + + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include ++#include + + int main() + { +@@ -256,6 +257,7 @@ AC_MSG_CHECKING(for MM alignment and log values) + + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include ++#include + + typedef union _mm_align_test { + void *ptr; +diff --git a/build/libtool.m4 b/build/libtool.m4 +index f7f51642920f9..577dad4cbe313 100644 +--- a/build/libtool.m4 ++++ b/build/libtool.m4 +@@ -945,6 +945,7 @@ else + #endif + + #include ++#include + + #ifdef RTLD_GLOBAL + # define LT_DLGLOBAL RTLD_GLOBAL +diff --git a/build/php.m4 b/build/php.m4 +index 25f5aa762b892..529876b6b67c6 100644 +--- a/build/php.m4 ++++ b/build/php.m4 +@@ -1120,7 +1120,7 @@ AC_CACHE_CHECK(for type of reentrant time-related functions, ac_cv_time_r_type,[ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include + +-main() { ++int main() { + char buf[27]; + struct tm t; + time_t old = 0; +@@ -1136,7 +1136,7 @@ return (1); + ],[ + AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include +-main() { ++int main() { + struct tm t, *s; + time_t old = 0; + char buf[27], *p; +@@ -1597,7 +1600,7 @@ AC_DEFUN([PHP_CHECK_FUNC_LIB],[ + if test "$found" = "yes"; then + ac_libs=$LIBS + LIBS="$LIBS -l$2" +- AC_RUN_IFELSE([AC_LANG_SOURCE([[main() { return (0); }]])],[found=yes],[found=no],[found=no]) ++ AC_RUN_IFELSE([AC_LANG_SOURCE([[int main() { return (0); }]])],[found=yes],[found=no],[found=no]) + LIBS=$ac_libs + fi + +@@ -2285,7 +2288,7 @@ AC_DEFUN([PHP_TEST_WRITE_STDOUT],[ + + #define TEXT "This is the test message -- " + +-main() ++int main() + { + int n; + +diff --git a/configure.ac b/configure.ac +index d759b027517e5..e15b83ca25296 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -665,6 +665,8 @@ + #include + #include + #include ++#include ++#include + #ifndef AF_INET + # include + #endif +diff --git a/ext/standard/config.m4 b/ext/standard/config.m4 +index 9f85ec2b7080d..5b49e5d661f3c 100644 +--- a/ext/standard/config.m4 ++++ b/ext/standard/config.m4 +@@ -71,6 +71,9 @@ AC_CACHE_CHECK(for standard DES crypt, ac_cv_crypt_des,[ + #include + #endif + ++#include ++#include ++ + int main() { + #if HAVE_CRYPT + char *encrypted = crypt("rasmuslerdorf","rl"); +@@ -98,6 +101,9 @@ AC_CACHE_CHECK(for extended DES crypt, ac_cv_crypt_ext_des,[ + #include + #endif + ++#include ++#include ++ + int main() { + #if HAVE_CRYPT + char *encrypted = crypt("rasmuslerdorf","_J9..rasm"); +@@ -125,6 +131,9 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include + #endif + ++#include ++#include ++ + int main() { + #if HAVE_CRYPT + char salt[15], answer[40]; +@@ -162,6 +171,9 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include + #endif + ++#include ++#include ++ + int main() { + #if HAVE_CRYPT + char salt[30], answer[70]; +@@ -196,6 +208,9 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include + #endif + ++#include ++#include ++ + int main() { + #if HAVE_CRYPT + char salt[21], answer[21+86]; +@@ -229,6 +244,9 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ + #include + #endif + ++#include ++#include ++ + int main() { + #if HAVE_CRYPT + char salt[21], answer[21+43]; diff --git a/dev-lang/php/files/php-7.4.33-libxml212.patch b/dev-lang/php/files/php-7.4.33-libxml212.patch new file mode 100644 index 0000000..144abbc --- /dev/null +++ b/dev-lang/php/files/php-7.4.33-libxml212.patch @@ -0,0 +1,662 @@ +From 1fa2356f4f580d2df4068809a4aba6d5356a22e6 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Fri, 17 Nov 2023 19:45:40 +0100 +Subject: [PATCH 1/4] Fix GH-12702: libxml2 2.12.0 issue building from src + +Fixes GH-12702. + +Co-authored-by: nono303 +Upstream-Status: Backport [6a76e5d0a2dcf46b4ab74cc3ffcbfeb860c4fdb3] +--- + ext/dom/document.c | 1 + + ext/libxml/php_libxml.h | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/ext/dom/document.c b/ext/dom/document.c +index b478e1a1aa..707a1fbb20 100644 +--- a/ext/dom/document.c ++++ b/ext/dom/document.c +@@ -25,6 +25,7 @@ + #if HAVE_LIBXML && HAVE_DOM + #include "php_dom.h" + #include ++#include + #ifdef LIBXML_SCHEMAS_ENABLED + #include + #include +diff --git a/ext/libxml/php_libxml.h b/ext/libxml/php_libxml.h +index cf936e95de..9bbcbf6783 100644 +--- a/ext/libxml/php_libxml.h ++++ b/ext/libxml/php_libxml.h +@@ -37,6 +37,7 @@ extern zend_module_entry libxml_module_entry; + + #include "zend_smart_str.h" + #include ++#include + + #define LIBXML_SAVE_NOEMPTYTAG 1<<2 + +-- +2.43.0 + +From c2a134e08fe4ac4a2ed753548a18fc27da8ae2e1 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Fri, 1 Dec 2023 18:03:35 +0100 +Subject: [PATCH 2/4] Fix libxml2 2.12 build due to API breaks + +See https://github.com/php/php-src/actions/runs/7062192818/job/19225478601 +--- + ext/libxml/libxml.c | 14 ++++++++++---- + ext/soap/php_sdl.c | 2 +- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c +index d343135b98..b54ab40953 100644 +--- a/ext/libxml/libxml.c ++++ b/ext/libxml/libxml.c +@@ -530,7 +530,11 @@ static int _php_libxml_free_error(xmlErrorPtr error) + return 1; + } + +-static void _php_list_set_error_structure(xmlErrorPtr error, const char *msg) ++#if LIBXML_VERSION >= 21200 ++static void _php_list_set_error_structure(const xmlError *error, const char *msg) ++#else ++static void _php_list_set_error_structure(xmlError *error, const char *msg) ++#endif + { + xmlError error_copy; + int ret; +@@ -782,7 +786,11 @@ PHP_LIBXML_API void php_libxml_ctx_warning(void *ctx, const char *msg, ...) + va_end(args); + } + ++#if LIBXML_VERSION >= 21200 ++PHP_LIBXML_API void php_libxml_structured_error_handler(void *userData, const xmlError *error) ++#else + PHP_LIBXML_API void php_libxml_structured_error_handler(void *userData, xmlErrorPtr error) ++#endif + { + _php_list_set_error_structure(error, NULL); + +@@ -1061,9 +1069,7 @@ static PHP_FUNCTION(libxml_use_internal_errors) + Retrieve last error from libxml */ + static PHP_FUNCTION(libxml_get_last_error) + { +- xmlErrorPtr error; +- +- error = xmlGetLastError(); ++ const xmlError *error = xmlGetLastError(); + + if (error) { + object_init_ex(return_value, libxmlerror_class_entry); +diff --git a/ext/soap/php_sdl.c b/ext/soap/php_sdl.c +index 26a23f57db..3df532a2d6 100644 +--- a/ext/soap/php_sdl.c ++++ b/ext/soap/php_sdl.c +@@ -333,7 +333,7 @@ static void load_wsdl_ex(zval *this_ptr, char *struri, sdlCtx *ctx, int include) + sdl_restore_uri_credentials(ctx); + + if (!wsdl) { +- xmlErrorPtr xmlErrorPtr = xmlGetLastError(); ++ const xmlError *xmlErrorPtr = xmlGetLastError(); + + if (xmlErrorPtr) { + soap_error2(E_ERROR, "Parsing WSDL: Couldn't load from '%s' : %s", struri, xmlErrorPtr->message); +-- +2.43.0 + +From f9da49aa0a5b033c4b1e8072b9c0915d7672f34e Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Sat, 29 Apr 2023 21:07:50 +0200 +Subject: [PATCH 3/4] Fix GH-11160: Few tests failed building with new libxml + 2.11.0 + +It's possible to categorise the failures into 2 categories: + - Changed error message. In this case we either duplicate the test and + modify the error message. Or if the change in error message is + small, we use the EXPECTF matchers to make the test compatible with both + old and new versions of libxml2. + - Missing warnings. This is caused by a change in libxml2 where the + parser started using SAX APIs internally [1]. In this case the + error_type passed to php_libxml_internal_error_handler() changed from + PHP_LIBXML_ERROR to PHP_LIBXML_CTX_WARNING because it internally + started to use the SAX handlers instead of the generic handlers. + However, for the SAX handlers the current input stack is empty, so + nothing is actually printed. I fixed this by falling back to a + regular warning without a filename & line number reference, which + mimicks the old behaviour. Furthermore, this change now also shows + an additional warning in a test which was previously hidden. + +[1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/9a82b94a94bd310db426edd453b0f38c6c8f69f5 + +Closes GH-11162. +--- + .../DOMDocument_loadXML_error2_gte2_11.phpt | 34 +++++++ + ...> DOMDocument_loadXML_error2_pre2_11.phpt} | 4 + + .../DOMDocument_load_error2_gte2_11.phpt | 34 +++++++ + ...t => DOMDocument_load_error2_pre2_11.phpt} | 4 + + ext/libxml/libxml.c | 2 + + ext/libxml/tests/bug61367-read_2.phpt | 2 +- + .../tests/libxml_disable_entity_loader_2.phpt | 2 +- + ...set_external_entity_loader_variation2.phpt | 2 + + ext/xml/tests/bug26614_libxml_gte2_11.phpt | 95 +++++++++++++++++++ + ...bxml.phpt => bug26614_libxml_pre2_11.phpt} | 1 + + 10 files changed, 178 insertions(+), 2 deletions(-) + create mode 100644 ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt + rename ext/dom/tests/{DOMDocument_loadXML_error2.phpt => DOMDocument_loadXML_error2_pre2_11.phpt} (90%) + create mode 100644 ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt + rename ext/dom/tests/{DOMDocument_load_error2.phpt => DOMDocument_load_error2_pre2_11.phpt} (90%) + create mode 100644 ext/xml/tests/bug26614_libxml_gte2_11.phpt + rename ext/xml/tests/{bug26614_libxml.phpt => bug26614_libxml_pre2_11.phpt} (96%) + +diff --git a/ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt b/ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt +new file mode 100644 +index 0000000000..ff5ceb3fbe +--- /dev/null ++++ b/ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt +@@ -0,0 +1,34 @@ ++--TEST-- ++Test DOMDocument::loadXML() detects not-well formed XML ++--SKIPIF-- ++= 2.11'); ++?> ++--DESCRIPTION-- ++This test verifies the method detects attributes values not closed between " or ' ++Environment variables used in the test: ++- XML_FILE: the xml file to load ++- LOAD_OPTIONS: the second parameter to pass to the method ++- EXPECTED_RESULT: the expected result ++--CREDITS-- ++Antonio Diaz Ruiz ++--INI-- ++assert.bail=true ++--EXTENSIONS-- ++dom ++--ENV-- ++XML_FILE=/not_well_formed2.xml ++LOAD_OPTIONS=0 ++EXPECTED_RESULT=0 ++--FILE_EXTERNAL-- ++domdocumentloadxml_test_method.inc ++--EXPECTF-- ++Warning: DOMDocument::loadXML(): AttValue: " or ' expected in Entity, line: 4 in %s on line %d ++ ++Warning: DOMDocument::loadXML(): internal error: xmlParseStartTag: problem parsing attributes in Entity, line: 4 in %s on line %d ++ ++Warning: DOMDocument::loadXML(): Couldn't find end of Start Tag book line 4 in Entity, line: 4 in %s on line %d ++ ++Warning: DOMDocument::loadXML(): Opening and ending tag mismatch: books line 3 and book in Entity, line: 7 in %s on line %d ++ ++Warning: DOMDocument::loadXML(): Extra content at the end of the document in Entity, line: 8 in %s on line %d +diff --git a/ext/dom/tests/DOMDocument_loadXML_error2.phpt b/ext/dom/tests/DOMDocument_loadXML_error2_pre2_11.phpt +similarity index 90% +rename from ext/dom/tests/DOMDocument_loadXML_error2.phpt +rename to ext/dom/tests/DOMDocument_loadXML_error2_pre2_11.phpt +index 6d56a317ed..0e36d20905 100644 +--- a/ext/dom/tests/DOMDocument_loadXML_error2.phpt ++++ b/ext/dom/tests/DOMDocument_loadXML_error2_pre2_11.phpt +@@ -1,5 +1,9 @@ + --TEST-- + Test DOMDocument::loadXML() detects not-well formed XML ++--SKIPIF-- ++= 21100) die('skip libxml2 test variant for version < 2.11'); ++?> + --DESCRIPTION-- + This test verifies the method detects attributes values not closed between " or ' + Environment variables used in the test: +diff --git a/ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt b/ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt +new file mode 100644 +index 0000000000..32b6bf1611 +--- /dev/null ++++ b/ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt +@@ -0,0 +1,34 @@ ++--TEST-- ++Test DOMDocument::load() detects not-well formed ++--SKIPIF-- ++= 2.11'); ++?> ++--DESCRIPTION-- ++This test verifies the method detects attributes values not closed between " or ' ++Environment variables used in the test: ++- XML_FILE: the xml file to load ++- LOAD_OPTIONS: the second parameter to pass to the method ++- EXPECTED_RESULT: the expected result ++--CREDITS-- ++Antonio Diaz Ruiz ++--INI-- ++assert.bail=true ++--EXTENSIONS-- ++dom ++--ENV-- ++XML_FILE=/not_well_formed2.xml ++LOAD_OPTIONS=0 ++EXPECTED_RESULT=0 ++--FILE_EXTERNAL-- ++domdocumentload_test_method.inc ++--EXPECTF-- ++Warning: DOMDocument::load(): AttValue: " or ' expected in %s on line %d ++ ++Warning: DOMDocument::load(): internal error: xmlParseStartTag: problem parsing attributes in %s on line %d ++ ++Warning: DOMDocument::load(): Couldn't find end of Start Tag book line 4 in %s on line %d ++ ++Warning: DOMDocument::load(): Opening and ending tag mismatch: books line 3 and book in %s on line %d ++ ++Warning: DOMDocument::load(): Extra content at the end of the document in %s on line %d +diff --git a/ext/dom/tests/DOMDocument_load_error2.phpt b/ext/dom/tests/DOMDocument_load_error2_pre2_11.phpt +similarity index 90% +rename from ext/dom/tests/DOMDocument_load_error2.phpt +rename to ext/dom/tests/DOMDocument_load_error2_pre2_11.phpt +index f450cf1654..b97fff9d2f 100644 +--- a/ext/dom/tests/DOMDocument_load_error2.phpt ++++ b/ext/dom/tests/DOMDocument_load_error2_pre2_11.phpt +@@ -1,5 +1,9 @@ + --TEST-- + Test DOMDocument::load() detects not-well formed XML ++--SKIPIF-- ++= 21100) die('skip libxml2 test variant for version < 2.11'); ++?> + --DESCRIPTION-- + This test verifies the method detects attributes values not closed between " or ' + Environment variables used in the test: +diff --git a/ext/libxml/libxml.c b/ext/libxml/libxml.c +index b54ab40953..7917f636a9 100644 +--- a/ext/libxml/libxml.c ++++ b/ext/libxml/libxml.c +@@ -578,6 +578,8 @@ static void php_libxml_ctx_error_level(int level, void *ctx, const char *msg) + } else { + php_error_docref(NULL, level, "%s in Entity, line: %d", msg, parser->input->line); + } ++ } else { ++ php_error_docref(NULL, E_WARNING, "%s", msg); + } + } + +diff --git a/ext/libxml/tests/bug61367-read_2.phpt b/ext/libxml/tests/bug61367-read_2.phpt +index 8cc0b50144..12743adab1 100644 +--- a/ext/libxml/tests/bug61367-read_2.phpt ++++ b/ext/libxml/tests/bug61367-read_2.phpt +@@ -55,6 +55,6 @@ bool(true) + int(4) + bool(true) + +-Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file:///%s/test_bug_61367-read/bad" in %s on line %d ++Warning: DOMDocument::loadXML(): %Sfailed to load external entity "file:///%s/test_bug_61367-read/bad" in %s on line %d + + Notice: Trying to get property 'nodeValue' of non-object in %s on line %d +diff --git a/ext/libxml/tests/libxml_disable_entity_loader_2.phpt b/ext/libxml/tests/libxml_disable_entity_loader_2.phpt +index 845bd4bbe3..55d8e61ee0 100644 +--- a/ext/libxml/tests/libxml_disable_entity_loader_2.phpt ++++ b/ext/libxml/tests/libxml_disable_entity_loader_2.phpt +@@ -36,6 +36,6 @@ echo "Done\n"; + bool(true) + bool(false) + +-Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "%s" in %s on line %d ++Warning: DOMDocument::loadXML(): %Sfailed to load external entity "%s" in %s on line %d + bool(true) + Done +diff --git a/ext/libxml/tests/libxml_set_external_entity_loader_variation2.phpt b/ext/libxml/tests/libxml_set_external_entity_loader_variation2.phpt +index e51869cf47..0664de1ea6 100644 +--- a/ext/libxml/tests/libxml_set_external_entity_loader_variation2.phpt ++++ b/ext/libxml/tests/libxml_set_external_entity_loader_variation2.phpt +@@ -38,6 +38,8 @@ echo "Done.\n"; + string(10) "-//FOO/BAR" + string(%d) "%sfoobar.dtd" + ++Warning: DOMDocument::validate(): Failed to load external entity "-//FOO/BAR" in %s on line %d ++ + Warning: DOMDocument::validate(): Could not load the external subset "foobar.dtd" in %s on line %d + bool(false) + bool(true) +diff --git a/ext/xml/tests/bug26614_libxml_gte2_11.phpt b/ext/xml/tests/bug26614_libxml_gte2_11.phpt +new file mode 100644 +index 0000000000..9a81b67686 +--- /dev/null ++++ b/ext/xml/tests/bug26614_libxml_gte2_11.phpt +@@ -0,0 +1,95 @@ ++--TEST-- ++Bug #26614 (CDATA sections skipped on line count) ++--EXTENSIONS-- ++xml ++--SKIPIF-- ++= 2.11'); ++?> ++--FILE-- ++ ++ ++ ++'; ++ ++// Case 2: replace some characters so that we get comments instead ++$xmls["Comment"] =' ++ ++ ++'; ++ ++// Case 3: replace even more characters so that only textual data is left ++$xmls["Text"] =' ++ ++-!-- ATA[ ++multi ++line ++CDATA ++block ++--- ++'; ++ ++function startElement($parser, $name, $attrs) { ++ printf("<$name> at line %d, col %d (byte %d)\n", ++ xml_get_current_line_number($parser), ++ xml_get_current_column_number($parser), ++ xml_get_current_byte_index($parser)); ++} ++ ++function endElement($parser, $name) { ++ printf(" at line %d, col %d (byte %d)\n", ++ xml_get_current_line_number($parser), ++ xml_get_current_column_number($parser), ++ xml_get_current_byte_index($parser)); ++} ++ ++function characterData($parser, $data) { ++ // dummy ++} ++ ++foreach ($xmls as $desc => $xml) { ++ echo "$desc\n"; ++ $xml_parser = xml_parser_create(); ++ xml_set_element_handler($xml_parser, "startElement", "endElement"); ++ xml_set_character_data_handler($xml_parser, "characterData"); ++ if (!xml_parse($xml_parser, $xml, true)) ++ echo "Error: ".xml_error_string(xml_get_error_code($xml_parser))."\n"; ++ xml_parser_free($xml_parser); ++} ++?> ++--EXPECTF-- ++CDATA ++ at line 2, col %d (byte 50) ++ at line 9, col %d (byte 96) ++Comment ++ at line 2, col %d (byte 50) ++ at line 9, col %d (byte 96) ++Text ++ at line 2, col %d (byte 50) ++ at line 9, col %d (byte 96) +diff --git a/ext/xml/tests/bug26614_libxml.phpt b/ext/xml/tests/bug26614_libxml_pre2_11.phpt +similarity index 96% +rename from ext/xml/tests/bug26614_libxml.phpt +rename to ext/xml/tests/bug26614_libxml_pre2_11.phpt +index 3ddd35ed0e..afacaa1c59 100644 +--- a/ext/xml/tests/bug26614_libxml.phpt ++++ b/ext/xml/tests/bug26614_libxml_pre2_11.phpt +@@ -4,6 +4,7 @@ Bug #26614 (CDATA sections skipped on line count) + = 21100) die('skip libxml2 test variant for version < 2.11'); + ?> + --FILE-- + +Date: Wed, 29 Nov 2023 20:49:29 +0100 +Subject: [PATCH 4/4] Test fixes for libxml2 2.12.0 + +--- + ext/dom/tests/DOMDocument_loadXML_error1.phpt | 4 +++ + .../DOMDocument_loadXML_error1_gte2_12.phpt | 26 ++++++++++++++++ + .../DOMDocument_loadXML_error2_gte2_11.phpt | 2 +- + .../DOMDocument_loadXML_error2_gte2_12.phpt | 30 +++++++++++++++++++ + ext/dom/tests/DOMDocument_load_error1.phpt | 4 +++ + .../DOMDocument_load_error1_gte2_12.phpt | 26 ++++++++++++++++ + .../DOMDocument_load_error2_gte2_11.phpt | 2 +- + .../DOMDocument_load_error2_gte2_12.phpt | 30 +++++++++++++++++++ + ext/xml/tests/bug81351.phpt | 4 +-- + 9 files changed, 124 insertions(+), 4 deletions(-) + create mode 100644 ext/dom/tests/DOMDocument_loadXML_error1_gte2_12.phpt + create mode 100644 ext/dom/tests/DOMDocument_loadXML_error2_gte2_12.phpt + create mode 100644 ext/dom/tests/DOMDocument_load_error1_gte2_12.phpt + create mode 100644 ext/dom/tests/DOMDocument_load_error2_gte2_12.phpt + +diff --git a/ext/dom/tests/DOMDocument_loadXML_error1.phpt b/ext/dom/tests/DOMDocument_loadXML_error1.phpt +index 4d3b81db79..0549d67630 100644 +--- a/ext/dom/tests/DOMDocument_loadXML_error1.phpt ++++ b/ext/dom/tests/DOMDocument_loadXML_error1.phpt +@@ -1,5 +1,9 @@ + --TEST-- + Test DOMDocument::loadXML() detects not-well formed XML ++--SKIPIF-- ++= 21200) die('skip libxml2 test variant for version < 2.12'); ++?> + --DESCRIPTION-- + This test verifies the method detects an opening and ending tag mismatch + Environment variables used in the test: +diff --git a/ext/dom/tests/DOMDocument_loadXML_error1_gte2_12.phpt b/ext/dom/tests/DOMDocument_loadXML_error1_gte2_12.phpt +new file mode 100644 +index 0000000000..e1ded0ffad +--- /dev/null ++++ b/ext/dom/tests/DOMDocument_loadXML_error1_gte2_12.phpt +@@ -0,0 +1,26 @@ ++--TEST-- ++Test DOMDocument::loadXML() detects not-well formed XML ++--SKIPIF-- ++= 2.12'); ++?> ++--DESCRIPTION-- ++This test verifies the method detects an opening and ending tag mismatch ++Environment variables used in the test: ++- XML_FILE: the xml file to load ++- LOAD_OPTIONS: the second parameter to pass to the method ++- EXPECTED_RESULT: the expected result ++--CREDITS-- ++Antonio Diaz Ruiz ++--EXTENSIONS-- ++dom ++--ENV-- ++XML_FILE=/not_well_formed.xml ++LOAD_OPTIONS=0 ++EXPECTED_RESULT=0 ++--FILE_EXTERNAL-- ++domdocumentloadxml_test_method.inc ++--EXPECTF-- ++Warning: DOMDocument::load%r(XML){0,1}%r(): Opening and ending tag mismatch: title line 5 and book %s ++ ++Warning: DOMDocument::load%r(XML){0,1}%r(): %rexpected '>'|Opening and ending tag mismatch: book line (4|5) and books%r %s +diff --git a/ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt b/ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt +index ff5ceb3fbe..f52d334813 100644 +--- a/ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt ++++ b/ext/dom/tests/DOMDocument_loadXML_error2_gte2_11.phpt +@@ -2,7 +2,7 @@ + Test DOMDocument::loadXML() detects not-well formed XML + --SKIPIF-- + = 2.11'); ++if (LIBXML_VERSION < 21100 || LIBXML_VERSION >= 21200) die('skip libxml2 test variant for version >= 2.11 && <= 2.12'); + ?> + --DESCRIPTION-- + This test verifies the method detects attributes values not closed between " or ' +diff --git a/ext/dom/tests/DOMDocument_loadXML_error2_gte2_12.phpt b/ext/dom/tests/DOMDocument_loadXML_error2_gte2_12.phpt +new file mode 100644 +index 0000000000..6a3ff5841f +--- /dev/null ++++ b/ext/dom/tests/DOMDocument_loadXML_error2_gte2_12.phpt +@@ -0,0 +1,30 @@ ++--TEST-- ++Test DOMDocument::loadXML() detects not-well formed XML ++--SKIPIF-- ++= 2.12'); ++?> ++--DESCRIPTION-- ++This test verifies the method detects attributes values not closed between " or ' ++Environment variables used in the test: ++- XML_FILE: the xml file to load ++- LOAD_OPTIONS: the second parameter to pass to the method ++- EXPECTED_RESULT: the expected result ++--CREDITS-- ++Antonio Diaz Ruiz ++--EXTENSIONS-- ++dom ++--ENV-- ++XML_FILE=/not_well_formed2.xml ++LOAD_OPTIONS=0 ++EXPECTED_RESULT=0 ++--FILE_EXTERNAL-- ++domdocumentloadxml_test_method.inc ++--EXPECTF-- ++Warning: DOMDocument::loadXML(): AttValue: " or ' expected in Entity, line: 4 in %s on line %d ++ ++Warning: DOMDocument::loadXML(): internal error: xmlParseStartTag: problem parsing attributes in Entity, line: 4 in %s on line %d ++ ++Warning: DOMDocument::loadXML(): Couldn't find end of Start Tag book line 4 in Entity, line: 4 in %s on line %d ++ ++Warning: DOMDocument::loadXML(): Opening and ending tag mismatch: books line 3 and book in Entity, line: 7 in %s on line %d +diff --git a/ext/dom/tests/DOMDocument_load_error1.phpt b/ext/dom/tests/DOMDocument_load_error1.phpt +index 8ac181d769..4416f5f6fe 100644 +--- a/ext/dom/tests/DOMDocument_load_error1.phpt ++++ b/ext/dom/tests/DOMDocument_load_error1.phpt +@@ -1,5 +1,9 @@ + --TEST-- + Test DOMDocument::load() detects not-well formed XML ++--SKIPIF-- ++= 21200) die('skip libxml2 test variant for version < 2.12'); ++?> + --DESCRIPTION-- + This test verifies the method detects an opening and ending tag mismatch + Environment variables used in the test: +diff --git a/ext/dom/tests/DOMDocument_load_error1_gte2_12.phpt b/ext/dom/tests/DOMDocument_load_error1_gte2_12.phpt +new file mode 100644 +index 0000000000..183c8406fd +--- /dev/null ++++ b/ext/dom/tests/DOMDocument_load_error1_gte2_12.phpt +@@ -0,0 +1,26 @@ ++--TEST-- ++Test DOMDocument::load() detects not-well formed XML ++--SKIPIF-- ++= 2.12'); ++?> ++--DESCRIPTION-- ++This test verifies the method detects an opening and ending tag mismatch ++Environment variables used in the test: ++- XML_FILE: the xml file to load ++- LOAD_OPTIONS: the second parameter to pass to the method ++- EXPECTED_RESULT: the expected result ++--CREDITS-- ++Antonio Diaz Ruiz ++--EXTENSIONS-- ++dom ++--ENV-- ++XML_FILE=/not_well_formed.xml ++LOAD_OPTIONS=0 ++EXPECTED_RESULT=0 ++--FILE_EXTERNAL-- ++domdocumentload_test_method.inc ++--EXPECTF-- ++Warning: DOMDocument::load%r(XML){0,1}%r(): Opening and ending tag mismatch: title line 5 and book %s ++ ++Warning: DOMDocument::load%r(XML){0,1}%r(): %rexpected '>'|Opening and ending tag mismatch: book line (4|5) and books%r %s +diff --git a/ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt b/ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt +index 32b6bf1611..4d9f992b3b 100644 +--- a/ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt ++++ b/ext/dom/tests/DOMDocument_load_error2_gte2_11.phpt +@@ -2,7 +2,7 @@ + Test DOMDocument::load() detects not-well formed + --SKIPIF-- + = 2.11'); ++if (LIBXML_VERSION < 21100 || LIBXML_VERSION >= 21200) die('skip libxml2 test variant for version >= 2.11 && <= 2.12'); + ?> + --DESCRIPTION-- + This test verifies the method detects attributes values not closed between " or ' +diff --git a/ext/dom/tests/DOMDocument_load_error2_gte2_12.phpt b/ext/dom/tests/DOMDocument_load_error2_gte2_12.phpt +new file mode 100644 +index 0000000000..4fadf41736 +--- /dev/null ++++ b/ext/dom/tests/DOMDocument_load_error2_gte2_12.phpt +@@ -0,0 +1,30 @@ ++--TEST-- ++Test DOMDocument::load() detects not-well formed ++--SKIPIF-- ++= 2.12'); ++?> ++--DESCRIPTION-- ++This test verifies the method detects attributes values not closed between " or ' ++Environment variables used in the test: ++- XML_FILE: the xml file to load ++- LOAD_OPTIONS: the second parameter to pass to the method ++- EXPECTED_RESULT: the expected result ++--CREDITS-- ++Antonio Diaz Ruiz ++--EXTENSIONS-- ++dom ++--ENV-- ++XML_FILE=/not_well_formed2.xml ++LOAD_OPTIONS=0 ++EXPECTED_RESULT=0 ++--FILE_EXTERNAL-- ++domdocumentload_test_method.inc ++--EXPECTF-- ++Warning: DOMDocument::load(): AttValue: " or ' expected in %s on line %d ++ ++Warning: DOMDocument::load(): internal error: xmlParseStartTag: problem parsing attributes in %s on line %d ++ ++Warning: DOMDocument::load(): Couldn't find end of Start Tag book line 4 in %s on line %d ++ ++Warning: DOMDocument::load(): Opening and ending tag mismatch: books line 3 and book in %s on line %d +diff --git a/ext/xml/tests/bug81351.phpt b/ext/xml/tests/bug81351.phpt +index 19e4ca590b..dc934001be 100644 +--- a/ext/xml/tests/bug81351.phpt ++++ b/ext/xml/tests/bug81351.phpt +@@ -23,6 +23,6 @@ $code = xml_get_error_code($parser); + $error = xml_error_string($code); + echo "xml_parse returned $success, xml_get_error_code = $code, xml_error_string = $error\r\n"; + ?> +---EXPECT-- ++--EXPECTF-- + xml_parse returned 1, xml_get_error_code = 0, xml_error_string = No error +-xml_parse returned 0, xml_get_error_code = 5, xml_error_string = Invalid document end ++%rxml_parse returned 0, xml_get_error_code = 5, xml_error_string = Invalid document end|xml_parse returned 0, xml_get_error_code = 77, xml_error_string = Tag not finished%r +-- +2.43.0 + diff --git a/dev-lang/php/files/php-bug81744.patch b/dev-lang/php/files/php-bug81744.patch new file mode 100644 index 0000000..f47ae69 --- /dev/null +++ b/dev-lang/php/files/php-bug81744.patch @@ -0,0 +1,189 @@ +From 7437aaae38cf4b3357e7580f9e22fd4a403b6c23 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= +Date: Mon, 23 Jan 2023 21:15:24 +0100 +Subject: [PATCH 1/7] crypt: Fix validation of malformed BCrypt hashes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +PHP’s implementation of crypt_blowfish differs from the upstream Openwall +version by adding a “PHP Hack”, which allows one to cut short the BCrypt salt +by including a `$` character within the characters that represent the salt. + +Hashes that are affected by the “PHP Hack” may erroneously validate any +password as valid when used with `password_verify` and when comparing the +return value of `crypt()` against the input. + +The PHP Hack exists since the first version of PHP’s own crypt_blowfish +implementation that was added in 1e820eca02dcf322b41fd2fe4ed2a6b8309f8ab5. + +No clear reason is given for the PHP Hack’s existence. This commit removes it, +because BCrypt hashes containing a `$` character in their salt are not valid +BCrypt hashes. + +(cherry picked from commit c840f71524067aa474c00c3eacfb83bd860bfc8a) +Upstream-Status: Backport [c840f71524067aa474c00c3eacfb83bd860bfc8a] +--- + ext/standard/crypt_blowfish.c | 8 -- + .../tests/crypt/bcrypt_salt_dollar.phpt | 82 +++++++++++++++++++ + 2 files changed, 82 insertions(+), 8 deletions(-) + create mode 100644 ext/standard/tests/crypt/bcrypt_salt_dollar.phpt + +diff --git a/ext/standard/crypt_blowfish.c b/ext/standard/crypt_blowfish.c +index c1f945f29ed..aa7e1bc2e68 100644 +--- a/ext/standard/crypt_blowfish.c ++++ b/ext/standard/crypt_blowfish.c +@@ -376,7 +376,6 @@ static unsigned char BF_atoi64[0x60] = { + #define BF_safe_atoi64(dst, src) \ + { \ + tmp = (unsigned char)(src); \ +- if (tmp == '$') break; /* PHP hack */ \ + if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \ + tmp = BF_atoi64[tmp]; \ + if (tmp > 63) return -1; \ +@@ -404,13 +403,6 @@ static int BF_decode(BF_word *dst, const char *src, int size) + *dptr++ = ((c3 & 0x03) << 6) | c4; + } while (dptr < end); + +- if (end - dptr == size) { +- return -1; +- } +- +- while (dptr < end) /* PHP hack */ +- *dptr++ = 0; +- + return 0; + } + +diff --git a/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt +new file mode 100644 +index 00000000000..32e335f4b08 +--- /dev/null ++++ b/ext/standard/tests/crypt/bcrypt_salt_dollar.phpt +@@ -0,0 +1,82 @@ ++--TEST-- ++bcrypt correctly rejects salts containing $ ++--FILE-- ++ ++--EXPECT-- ++string(8) "$2y$04$$" ++string(2) "*0" ++bool(false) ++string(9) "$2y$04$0$" ++string(2) "*0" ++bool(false) ++string(10) "$2y$04$00$" ++string(2) "*0" ++bool(false) ++string(11) "$2y$04$000$" ++string(2) "*0" ++bool(false) ++string(12) "$2y$04$0000$" ++string(2) "*0" ++bool(false) ++string(13) "$2y$04$00000$" ++string(2) "*0" ++bool(false) ++string(14) "$2y$04$000000$" ++string(2) "*0" ++bool(false) ++string(15) "$2y$04$0000000$" ++string(2) "*0" ++bool(false) ++string(16) "$2y$04$00000000$" ++string(2) "*0" ++bool(false) ++string(17) "$2y$04$000000000$" ++string(2) "*0" ++bool(false) ++string(18) "$2y$04$0000000000$" ++string(2) "*0" ++bool(false) ++string(19) "$2y$04$00000000000$" ++string(2) "*0" ++bool(false) ++string(20) "$2y$04$000000000000$" ++string(2) "*0" ++bool(false) ++string(21) "$2y$04$0000000000000$" ++string(2) "*0" ++bool(false) ++string(22) "$2y$04$00000000000000$" ++string(2) "*0" ++bool(false) ++string(23) "$2y$04$000000000000000$" ++string(2) "*0" ++bool(false) ++string(24) "$2y$04$0000000000000000$" ++string(2) "*0" ++bool(false) ++string(25) "$2y$04$00000000000000000$" ++string(2) "*0" ++bool(false) ++string(26) "$2y$04$000000000000000000$" ++string(2) "*0" ++bool(false) ++string(27) "$2y$04$0000000000000000000$" ++string(2) "*0" ++bool(false) ++string(28) "$2y$04$00000000000000000000$" ++string(2) "*0" ++bool(false) ++string(29) "$2y$04$000000000000000000000$" ++string(2) "*0" ++bool(false) ++string(30) "$2y$04$0000000000000000000000$" ++string(60) "$2y$04$000000000000000000000u2a2UpVexIt9k3FMJeAVr3c04F5tcI8K" ++bool(false) +-- +2.39.1 + +From ed0281b588a6840cb95f3134a4e68847a3be5bb7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= +Date: Mon, 23 Jan 2023 22:13:57 +0100 +Subject: [PATCH 2/7] crypt: Fix possible buffer overread in php_crypt() + +(cherry picked from commit a92acbad873a05470af1a47cb785a18eadd827b5) +--- + ext/standard/crypt.c | 1 + + ext/standard/tests/password/password_bcrypt_short.phpt | 8 ++++++++ + 2 files changed, 9 insertions(+) + create mode 100644 ext/standard/tests/password/password_bcrypt_short.phpt + +diff --git a/ext/standard/crypt.c b/ext/standard/crypt.c +index 92430b69f77..04487f3fe5a 100644 +--- a/ext/standard/crypt.c ++++ b/ext/standard/crypt.c +@@ -151,6 +151,7 @@ PHPAPI zend_string *php_crypt(const char *password, const int pass_len, const ch + } else if ( + salt[0] == '$' && + salt[1] == '2' && ++ salt[2] != 0 && + salt[3] == '$') { + char output[PHP_MAX_SALT_LEN + 1]; + +diff --git a/ext/standard/tests/password/password_bcrypt_short.phpt b/ext/standard/tests/password/password_bcrypt_short.phpt +new file mode 100644 +index 00000000000..085bc8a2390 +--- /dev/null ++++ b/ext/standard/tests/password/password_bcrypt_short.phpt +@@ -0,0 +1,8 @@ ++--TEST-- ++Test that password_hash() does not overread buffers when a short hash is passed ++--FILE-- ++ ++--EXPECT-- ++bool(false) +-- +2.39.1 + diff --git a/dev-lang/php/files/php-cve-2023-3247.patch b/dev-lang/php/files/php-cve-2023-3247.patch new file mode 100644 index 0000000..44365af --- /dev/null +++ b/dev-lang/php/files/php-cve-2023-3247.patch @@ -0,0 +1,109 @@ +From 0cfca9aa1395271833848daec0bace51d965531d Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Sun, 16 Apr 2023 15:05:03 +0200 +Subject: [PATCH] Fix missing randomness check and insufficient random bytes + for SOAP HTTP Digest +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If php_random_bytes_throw fails, the nonce will be uninitialized, but +still sent to the server. The client nonce is intended to protect +against a malicious server. See section 5.10 and 5.12 of RFC 7616 [1], +and bullet point 2 below. + +Tim pointed out that even though it's the MD5 of the nonce that gets sent, +enumerating 31 bits is trivial. So we have still a stack information leak +of 31 bits. + +Furthermore, Tim found the following issues: +* The small size of cnonce might cause the server to erroneously reject + a request due to a repeated (cnonce, nc) pair. As per the birthday + problem 31 bits of randomness will return a duplication with 50% + chance after less than 55000 requests and nc always starts counting at 1. +* The cnonce is intended to protect the client and password against a + malicious server that returns a constant server nonce where the server + precomputed a rainbow table between passwords and correct client response. + As storage is fairly cheap, a server could precompute the client responses + for (a subset of) client nonces and still have a chance of reversing the + client response with the same probability as the cnonce duplication. + + Precomputing the rainbow table for all 2^31 cnonces increases the rainbow + table size by factor 2 billion, which is infeasible. But precomputing it + for 2^14 cnonces only increases the table size by factor 16k and the server + would still have a 10% chance of successfully reversing a password with a + single client request. + +This patch fixes the issues by increasing the nonce size, and checking +the return value of php_random_bytes_throw(). In the process we also get +rid of the MD5 hashing of the nonce. + +[1] RFC 7616: https://www.rfc-editor.org/rfc/rfc7616 + +Co-authored-by: Tim Düsterhus +(cherry picked from commit 126d517ce240e9f638d9a5eaa509eaca49ef562a) +Upstream-Status: Backport [126d517ce240e9f638d9a5eaa509eaca49ef562a] +--- + NEWS | 6 ++++++ + ext/soap/php_http.c | 21 +++++++++++++-------- + 2 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c +index ee3dcbdc9a..e3a9afdbe9 100644 +--- a/ext/soap/php_http.c ++++ b/ext/soap/php_http.c +@@ -666,18 +666,23 @@ int make_http_soap_request(zval *this_ptr, + if ((digest = zend_hash_str_find(Z_OBJPROP_P(this_ptr), "_digest", sizeof("_digest")-1)) != NULL) { + if (Z_TYPE_P(digest) == IS_ARRAY) { + char HA1[33], HA2[33], response[33], cnonce[33], nc[9]; +- zend_long nonce; ++ unsigned char nonce[16]; + PHP_MD5_CTX md5ctx; + unsigned char hash[16]; + +- php_random_bytes_throw(&nonce, sizeof(nonce)); +- nonce &= 0x7fffffff; ++ if (UNEXPECTED(php_random_bytes_throw(&nonce, sizeof(nonce)) != SUCCESS)) { ++ ZEND_ASSERT(EG(exception)); ++ php_stream_close(stream); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpurl", sizeof("httpurl")-1); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "httpsocket", sizeof("httpsocket")-1); ++ zend_hash_str_del(Z_OBJPROP_P(this_ptr), "_use_proxy", sizeof("_use_proxy")-1); ++ smart_str_free(&soap_headers_z); ++ smart_str_free(&soap_headers); ++ return FALSE; ++ } + +- PHP_MD5Init(&md5ctx); +- snprintf(cnonce, sizeof(cnonce), ZEND_LONG_FMT, nonce); +- PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce)); +- PHP_MD5Final(hash, &md5ctx); +- make_digest(cnonce, hash); ++ php_hash_bin2hex(cnonce, nonce, sizeof(nonce)); ++ cnonce[32] = 0; + + if ((tmp = zend_hash_str_find(Z_ARRVAL_P(digest), "nc", sizeof("nc")-1)) != NULL && + Z_TYPE_P(tmp) == IS_LONG) { +From 40439039c224bb8cdebd1b7b3d03b8cc11e7cce7 Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Tue, 6 Jun 2023 18:05:22 +0200 +Subject: [PATCH] Fix GH-11382 add missing hash header for bin2hex + +--- + ext/soap/php_http.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c +index e3a9afdbe9f..912b8e341d8 100644 +--- a/ext/soap/php_http.c ++++ b/ext/soap/php_http.c +@@ -22,6 +22,7 @@ + #include "ext/standard/base64.h" + #include "ext/standard/md5.h" + #include "ext/standard/php_random.h" ++#include "ext/hash/php_hash.h" + + static char *get_http_header_value_nodup(char *headers, char *type, size_t *len); + static char *get_http_header_value(char *headers, char *type); +-- + diff --git a/dev-lang/php/files/php-cve-2024-11233.patch b/dev-lang/php/files/php-cve-2024-11233.patch new file mode 100644 index 0000000..f46191d --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-11233.patch @@ -0,0 +1,70 @@ +From 44a5975f83a02eb8169d12af912e6222b28216d0 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Fri, 8 Nov 2024 22:04:21 +0100 +Subject: [PATCH 5/7] Fix GHSA-r977-prxv-hc43 + +Move the bound check upwards. Since this doesn't generate output we can +check the bound first. + +(cherry picked from commit 81030c9bbb5cd2e740b8398bb7212df9709f0274) +(cherry picked from commit 2cee10a1206f5bc7724232d3988be2cfcb0bc9df) + +Upstream-Status: Backport +--- + ext/standard/filters.c | 7 ++++--- + ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt | 12 ++++++++++++ + 2 files changed, 16 insertions(+), 3 deletions(-) + create mode 100644 ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt + +diff --git a/ext/standard/filters.c b/ext/standard/filters.c +index 018270c730d..5d5745c6bec 100644 +--- a/ext/standard/filters.c ++++ b/ext/standard/filters.c +@@ -1128,6 +1128,9 @@ static php_conv_err_t php_conv_qprint_decode_convert(php_conv_qprint_decode *ins + } break; + + case 5: { ++ if (icnt == 0) { ++ goto out; ++ } + if (!inst->lbchars && lb_cnt == 1 && *ps == '\n') { + /* auto-detect soft line breaks, found network line break */ + lb_cnt = lb_ptr = 0; +@@ -1141,15 +1144,13 @@ static php_conv_err_t php_conv_qprint_decode_convert(php_conv_qprint_decode *ins + /* soft line break */ + lb_cnt = lb_ptr = 0; + scan_stat = 0; +- } else if (icnt > 0) { ++ } else { + if (*ps == (unsigned char)inst->lbchars[lb_cnt]) { + lb_cnt++; + ps++, icnt--; + } else { + scan_stat = 6; /* no break for short-cut */ + } +- } else { +- goto out; + } + } break; + +diff --git a/ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt b/ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt +new file mode 100644 +index 00000000000..8fdcce8ff22 +--- /dev/null ++++ b/ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt +@@ -0,0 +1,12 @@ ++--TEST-- ++GHSA-r977-prxv-hc43: Single byte overread with convert.quoted-printable-decode filter ++--FILE-- ++ ++--EXPECT-- ++string(8190) "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX" +-- +2.47.0 + diff --git a/dev-lang/php/files/php-cve-2024-11234.patch b/dev-lang/php/files/php-cve-2024-11234.patch new file mode 100644 index 0000000..4aea18f --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-11234.patch @@ -0,0 +1,97 @@ +From 494de65139592da0e5e5b6fdf198c2f9c762f4d6 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka +Date: Fri, 8 Nov 2024 23:43:47 +0100 +Subject: [PATCH 3/7] Fix GHSA-c5f2-jwm7-mmq2: stream HTTP fulluri CRLF + injection + +(cherry picked from commit 426a6d4539ebee34879ac5de857036bb6ff0e732) +(cherry picked from commit bc1f192102dd8cbda028e40aa31604c4885d387c) +(cherry picked from commit 8d130e16fbfda7d154fedfa0f1ff1d5ad5e26815) + +Upstream-Status: Backport +--- + ext/standard/http_fopen_wrapper.c | 18 ++++++++---- + .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt | 28 +++++++++++++++++++ + 2 files changed, 40 insertions(+), 6 deletions(-) + create mode 100644 ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt + +diff --git a/ext/standard/http_fopen_wrapper.c b/ext/standard/http_fopen_wrapper.c +index 4d918b21e65..aeeb438f0f9 100644 +--- a/ext/standard/http_fopen_wrapper.c ++++ b/ext/standard/http_fopen_wrapper.c +@@ -186,6 +186,11 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, + return NULL; + } + ++ /* Should we send the entire path in the request line, default to no. */ ++ if (context && (tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) { ++ request_fulluri = zend_is_true(tmpzval); ++ } ++ + use_ssl = resource->scheme && (ZSTR_LEN(resource->scheme) > 4) && ZSTR_VAL(resource->scheme)[4] == 's'; + /* choose default ports */ + if (use_ssl && resource->port == 0) +@@ -205,6 +210,13 @@ static php_stream *php_stream_url_wrap_http_ex(php_stream_wrapper *wrapper, + } + } + ++ if (request_fulluri && (strchr(path, '\n') != NULL || strchr(path, '\r') != NULL)) { ++ php_stream_wrapper_log_error(wrapper, options, "HTTP wrapper full URI path does not allow CR or LF characters"); ++ php_url_free(resource); ++ efree(transport_string); ++ return NULL; ++ } ++ + if (context && (tmpzval = php_stream_context_get_option(context, wrapper->wops->label, "timeout")) != NULL) { + double d = zval_get_double(tmpzval); + #ifndef PHP_WIN32 +@@ -385,12 +397,6 @@ finish: + smart_str_appends(&req_buf, "GET "); + } + +- /* Should we send the entire path in the request line, default to no. */ +- if (!request_fulluri && context && +- (tmpzval = php_stream_context_get_option(context, "http", "request_fulluri")) != NULL) { +- request_fulluri = zend_is_true(tmpzval); +- } +- + if (request_fulluri) { + /* Ask for everything */ + smart_str_appends(&req_buf, path); +diff --git a/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt b/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt +new file mode 100644 +index 00000000000..5b2e04f94f2 +--- /dev/null ++++ b/ext/standard/tests/http/ghsa-c5f2-jwm7-mmq2.phpt +@@ -0,0 +1,28 @@ ++--TEST-- ++GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs) ++--INI-- ++allow_url_fopen=1 ++--CONFLICTS-- ++server ++--FILE-- ++ ['proxy' => 'tcp://' . $host, 'request_fulluri' => true]]); ++echo file_get_contents("http://$host/$userinput", false, $context); ++?> ++--EXPECTF-- ++Warning: file_get_contents(http://localhost:%d/index.php HTTP/1.1 ++Host: localhost:%d ++ ++GET /index2.php HTTP/1.1 ++Host: localhost:%d ++ ++GET /index.php): failed to open stream: HTTP wrapper full URI path does not allow CR or LF characters in %s on line %d +-- +2.47.0 + diff --git a/dev-lang/php/files/php-cve-2024-11236.patch b/dev-lang/php/files/php-cve-2024-11236.patch new file mode 100644 index 0000000..fb19442 --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-11236.patch @@ -0,0 +1,121 @@ +From 97546df8d6900b115536c17af9213f1da837b82e Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Thu, 24 Oct 2024 22:02:17 +0200 +Subject: [PATCH 1/7] Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib + quoter causing OOB writes + +(cherry picked from commit d9baa9fed8c3ba692a36b388c0c7762e5102e2e0) +(cherry picked from commit 5d9e54065ed18c51e4f25d8900635f90810c7394) + +Upstream-Status: Backport +--- + ext/pdo_dblib/dblib_driver.c | 8 ++++++- + ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt | 24 ++++++++++++++++++++ + 2 files changed, 31 insertions(+), 1 deletion(-) + create mode 100644 ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt + +diff --git a/ext/pdo_dblib/dblib_driver.c b/ext/pdo_dblib/dblib_driver.c +index f36451afeeb..1dc75a4d2e3 100644 +--- a/ext/pdo_dblib/dblib_driver.c ++++ b/ext/pdo_dblib/dblib_driver.c +@@ -154,6 +154,7 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu + + size_t i; + char * q; ++ size_t extralen = 0; + *quotedlen = 0; + + if (H->assume_national_character_set_strings) { +@@ -168,7 +169,7 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu + + /* Detect quoted length, adding extra char for doubled single quotes */ + for (i = 0; i < unquotedlen; i++) { +- if (unquoted[i] == '\'') ++*quotedlen; ++ if (unquoted[i] == '\'') ++extralen; + ++*quotedlen; + } + +@@ -176,6 +177,11 @@ static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unqu + if (use_national_character_set) { + ++*quotedlen; /* N prefix */ + } ++ if (UNEXPECTED(*quotedlen > ZSTR_MAX_LEN - extralen)) { ++ return 0; ++ } ++ ++ *quotedlen += extralen; + q = *quoted = emalloc(*quotedlen + 1); /* Add byte for terminal null */ + if (use_national_character_set) { + *q++ = 'N'; +diff --git a/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt b/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt +new file mode 100644 +index 00000000000..431c61951ee +--- /dev/null ++++ b/ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt +@@ -0,0 +1,24 @@ ++--TEST-- ++GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes) ++--EXTENSIONS-- ++pdo_dblib ++--SKIPIF-- ++ ++--INI-- ++memory_limit=-1 ++--FILE-- ++quote(str_repeat("'", 2147483646))); ++ ++?> ++--EXPECT-- ++bool(false) +-- +2.47.0 + +From 0530cbfe5c3044537de52d8382eba5d69dbac726 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Thu, 24 Oct 2024 22:02:36 +0200 +Subject: [PATCH 2/7] Fix GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird + quoter causing OOB writes + +(cherry picked from commit 69c5f68fdc3deed9ebce2cc44b4bf5e0c47cd28f) +(cherry picked from commit b4f73be75dbdde970a18cc7a636898b10400fb3f) +--- + ext/pdo_firebird/firebird_driver.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/ext/pdo_firebird/firebird_driver.c b/ext/pdo_firebird/firebird_driver.c +index 3e403afd368..5b74290abcc 100644 +--- a/ext/pdo_firebird/firebird_driver.c ++++ b/ext/pdo_firebird/firebird_driver.c +@@ -243,7 +243,7 @@ free_statement: + static int firebird_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, /* {{{ */ + char **quoted, size_t *quotedlen, enum pdo_param_type paramtype) + { +- int qcount = 0; ++ size_t qcount = 0; + char const *co, *l, *r; + char *c; + +@@ -258,6 +258,10 @@ static int firebird_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t u + /* count the number of ' characters */ + for (co = unquoted; (co = strchr(co,'\'')); qcount++, co++); + ++ if (UNEXPECTED(unquotedlen + 2 > ZSTR_MAX_LEN - qcount)) { ++ return 0; ++ } ++ + *quotedlen = unquotedlen + qcount + 2; + *quoted = c = emalloc(*quotedlen+1); + *c++ = '\''; +-- +2.47.0 + diff --git a/dev-lang/php/files/php-cve-2024-2756.patch b/dev-lang/php/files/php-cve-2024-2756.patch new file mode 100644 index 0000000..d330c4f --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-2756.patch @@ -0,0 +1,163 @@ +From a6c1c62a25ac23b08a86af11d68f0e2eaafc102b Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Sun, 17 Mar 2024 21:04:47 +0100 +Subject: [PATCH 1/4] Fix GHSA-wpj3-hf5j-x4v4: __Host-/__Secure- cookie bypass + due to partial CVE-2022-31629 fix + +The check happened too early as later code paths may perform more +mangling rules. Move the check downwards right before adding the actual +variable. + +(cherry picked from commit 093c08af25fb323efa0c8e6154aa9fdeae3d3b53) +(cherry picked from commit 2e07a3acd7a6b53c55325b94bed97748d7697b53) +Upstream-Status: Backport [093c08af25fb323efa0c8e6154aa9fdeae3d3b53, 2e07a3acd7a6b53c55325b94bed97748d7697b53] +--- + ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt | 63 +++++++++++++++++++++ + main/php_variables.c | 41 +++++++++----- + 2 files changed, 90 insertions(+), 14 deletions(-) + create mode 100644 ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt + +diff --git a/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt +new file mode 100644 +index 00000000000..77fcb680894 +--- /dev/null ++++ b/ext/standard/tests/ghsa-wpj3-hf5j-x4v4.phpt +@@ -0,0 +1,63 @@ ++--TEST-- ++ghsa-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix) ++--COOKIE-- ++..Host-test=ignore_1; ++._Host-test=ignore_2; ++.[Host-test=ignore_3; ++_.Host-test=ignore_4; ++__Host-test=ignore_5; ++_[Host-test=ignore_6; ++[.Host-test=ignore_7; ++[_Host-test=ignore_8; ++[[Host-test=ignore_9; ++..Host-test[]=ignore_10; ++._Host-test[]=ignore_11; ++.[Host-test[]=ignore_12; ++_.Host-test[]=ignore_13; ++__Host-test[]=legitimate_14; ++_[Host-test[]=legitimate_15; ++[.Host-test[]=ignore_16; ++[_Host-test[]=ignore_17; ++[[Host-test[]=ignore_18; ++..Secure-test=ignore_1; ++._Secure-test=ignore_2; ++.[Secure-test=ignore_3; ++_.Secure-test=ignore_4; ++__Secure-test=ignore_5; ++_[Secure-test=ignore_6; ++[.Secure-test=ignore_7; ++[_Secure-test=ignore_8; ++[[Secure-test=ignore_9; ++..Secure-test[]=ignore_10; ++._Secure-test[]=ignore_11; ++.[Secure-test[]=ignore_12; ++_.Secure-test[]=ignore_13; ++__Secure-test[]=legitimate_14; ++_[Secure-test[]=legitimate_15; ++[.Secure-test[]=ignore_16; ++[_Secure-test[]=ignore_17; ++[[Secure-test[]=ignore_18; ++--FILE-- ++ ++--EXPECT-- ++array(3) { ++ ["__Host-test"]=> ++ array(1) { ++ [0]=> ++ string(13) "legitimate_14" ++ } ++ ["_"]=> ++ array(2) { ++ ["Host-test["]=> ++ string(13) "legitimate_15" ++ ["Secure-test["]=> ++ string(13) "legitimate_15" ++ } ++ ["__Secure-test"]=> ++ array(1) { ++ [0]=> ++ string(13) "legitimate_14" ++ } ++} +diff --git a/main/php_variables.c b/main/php_variables.c +index 18f6b65a6c5..e971d497337 100644 +--- a/main/php_variables.c ++++ b/main/php_variables.c +@@ -65,6 +65,21 @@ static zend_always_inline void php_register_variable_quick(const char *name, siz + zend_string_release_ex(key, 0); + } + ++/* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- ++ * Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */ ++static zend_bool php_is_forbidden_variable_name(const char *mangled_name, size_t mangled_name_len, const char *pre_mangled_name) ++{ ++ if (mangled_name_len >= sizeof("__Host-")-1 && strncmp(mangled_name, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(pre_mangled_name, "__Host-", sizeof("__Host-")-1) != 0) { ++ return 1; ++ } ++ ++ if (mangled_name_len >= sizeof("__Secure-")-1 && strncmp(mangled_name, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(pre_mangled_name, "__Secure-", sizeof("__Secure-")-1) != 0) { ++ return 1; ++ } ++ ++ return 0; ++} ++ + PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars_array) + { + char *p = NULL; +@@ -115,20 +130,6 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars + } + var_len = p - var; + +- /* Discard variable if mangling made it start with __Host-, where pre-mangling it did not start with __Host- */ +- if (strncmp(var, "__Host-", sizeof("__Host-")-1) == 0 && strncmp(var_name, "__Host-", sizeof("__Host-")-1) != 0) { +- zval_ptr_dtor_nogc(val); +- free_alloca(var_orig, use_heap); +- return; +- } +- +- /* Discard variable if mangling made it start with __Secure-, where pre-mangling it did not start with __Secure- */ +- if (strncmp(var, "__Secure-", sizeof("__Secure-")-1) == 0 && strncmp(var_name, "__Secure-", sizeof("__Secure-")-1) != 0) { +- zval_ptr_dtor_nogc(val); +- free_alloca(var_orig, use_heap); +- return; +- } +- + if (var_len==0) { /* empty variable name, or variable name with a space in it */ + zval_ptr_dtor_nogc(val); + free_alloca(var_orig, use_heap); +@@ -226,6 +227,12 @@ PHPAPI void php_register_variable_ex(char *var_name, zval *val, zval *track_vars + return; + } + } else { ++ if (php_is_forbidden_variable_name(index, index_len, var_name)) { ++ zval_ptr_dtor_nogc(val); ++ free_alloca(var_orig, use_heap); ++ return; ++ } ++ + gpc_element_p = zend_symtable_str_find(symtable1, index, index_len); + if (!gpc_element_p) { + zval tmp; +@@ -263,6 +270,12 @@ plain_var: + zval_ptr_dtor_nogc(val); + } + } else { ++ if (php_is_forbidden_variable_name(index, index_len, var_name)) { ++ zval_ptr_dtor_nogc(val); ++ free_alloca(var_orig, use_heap); ++ return; ++ } ++ + zend_ulong idx; + + /* +-- + diff --git a/dev-lang/php/files/php-cve-2024-3096.patch b/dev-lang/php/files/php-cve-2024-3096.patch new file mode 100644 index 0000000..1fa9063 --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-3096.patch @@ -0,0 +1,55 @@ +From 4a7ceb9d6427f8d368f1a8739267b1f8310ec201 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka +Date: Fri, 29 Mar 2024 15:27:59 +0000 +Subject: [PATCH 3/4] Fix bug GHSA-q6x7-frmf-grcw: password_verify can + erroneously return true + +Disallow null character in bcrypt password + +(cherry picked from commit 0ba5229a3f7572846e91c8f5382e87785f543826) +(cherry picked from commit 81794c73068d9a44bf109bbcc9793e7b56a1c051) +Upstream-Status: Backport [0ba5229a3f7572846e91c8f5382e87785f543826, 81794c73068d9a44bf109bbcc9793e7b56a1c051] +--- + ext/standard/password.c | 5 +++++ + ext/standard/tests/password/password_bcrypt_errors.phpt | 6 ++++++ + 2 files changed, 11 insertions(+) + +diff --git a/ext/standard/password.c b/ext/standard/password.c +index 9fe7fb1a422..af80670246a 100644 +--- a/ext/standard/password.c ++++ b/ext/standard/password.c +@@ -260,6 +260,11 @@ static zend_string* php_password_bcrypt_hash(const zend_string *password, zend_a + zval *zcost; + zend_long cost = PHP_PASSWORD_BCRYPT_COST; + ++ if (memchr(ZSTR_VAL(password), '\0', ZSTR_LEN(password))) { ++ php_error_docref(NULL, E_WARNING, "Bcrypt password must not contain null character"); ++ return NULL; ++ } ++ + if (options && (zcost = zend_hash_str_find(options, "cost", sizeof("cost")-1)) != NULL) { + cost = zval_get_long(zcost); + } +diff --git a/ext/standard/tests/password/password_bcrypt_errors.phpt b/ext/standard/tests/password/password_bcrypt_errors.phpt +index a0826080e62..f95b72670ae 100644 +--- a/ext/standard/tests/password/password_bcrypt_errors.phpt ++++ b/ext/standard/tests/password/password_bcrypt_errors.phpt +@@ -16,6 +16,8 @@ var_dump(password_hash("foo", PASSWORD_BCRYPT, array("salt" => 123))); + + var_dump(password_hash("foo", PASSWORD_BCRYPT, array("cost" => "foo"))); + ++var_dump(password_hash("null\0password", PASSWORD_BCRYPT)); ++ + ?> + --EXPECTF-- + Warning: password_hash(): Invalid bcrypt cost parameter specified: 3 in %s on line %d +@@ -41,3 +43,7 @@ NULL + + Warning: password_hash(): Invalid bcrypt cost parameter specified: 0 in %s on line %d + NULL ++ ++Warning: password_hash(): Bcrypt password must not contain null character in %s on line %d ++NULL ++ +-- + diff --git a/dev-lang/php/files/php-cve-2024-5458.patch b/dev-lang/php/files/php-cve-2024-5458.patch new file mode 100644 index 0000000..fc134b5 --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-5458.patch @@ -0,0 +1,150 @@ +From 08be64e40197fc12dca5f802d16748d9c3cb4cb4 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Wed, 22 May 2024 22:25:02 +0200 +Subject: [PATCH 1/2] Fix GHSA-w8qr-v226-r27w + +We should not early-out with success status if we found an ipv6 +hostname, we should keep checking the rest of the conditions. +Because integrating the if-check of the ipv6 hostname in the +"Validate domain" if-check made the code hard to read, I extracted the +condition out to a separate function. This also required to make +a few pointers const in order to have some clean code. + +(cherry picked from commit 4066610b47e22c24cbee91be434a94357056a479) +Upstream-Status: Backport [4066610b47e22c24cbee91be434a94357056a479] +--- + ext/filter/logical_filters.c | 35 ++++++++++--------- + ext/filter/tests/ghsa-w8qr-v226-r27w.phpt | 41 +++++++++++++++++++++++ + 2 files changed, 61 insertions(+), 15 deletions(-) + create mode 100644 ext/filter/tests/ghsa-w8qr-v226-r27w.phpt + +diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c +index e5e87c01568..9c86ad072cc 100644 +--- a/ext/filter/logical_filters.c ++++ b/ext/filter/logical_filters.c +@@ -91,7 +91,7 @@ + #define FORMAT_IPV4 4 + #define FORMAT_IPV6 6 + +-static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]); ++static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]); + + static int php_filter_parse_int(const char *str, size_t str_len, zend_long *ret) { /* {{{ */ + zend_long ctx_value; +@@ -571,6 +571,14 @@ static int is_userinfo_valid(zend_string *str) + return 1; + } + ++static zend_bool php_filter_is_valid_ipv6_hostname(const char *s, size_t l) ++{ ++ const char *e = s + l; ++ const char *t = e - 1; ++ ++ return *s == '[' && *t == ']' && _php_filter_validate_ipv6(s + 1, l - 2, NULL); ++} ++ + void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ + { + php_url *url; +@@ -596,7 +604,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ + + if (url->scheme != NULL && + (zend_string_equals_literal_ci(url->scheme, "http") || zend_string_equals_literal_ci(url->scheme, "https"))) { +- char *e, *s, *t; ++ const char *s; + size_t l; + + if (url->host == NULL) { +@@ -605,17 +613,14 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ + + s = ZSTR_VAL(url->host); + l = ZSTR_LEN(url->host); +- e = s + l; +- t = e - 1; +- +- /* An IPv6 enclosed by square brackets is a valid hostname */ +- if (*s == '[' && *t == ']' && _php_filter_validate_ipv6((s + 1), l - 2, NULL)) { +- php_url_free(url); +- return; +- } + +- // Validate domain +- if (!_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME)) { ++ if ( ++ /* An IPv6 enclosed by square brackets is a valid hostname.*/ ++ !php_filter_is_valid_ipv6_hostname(s, l) && ++ /* Validate domain. ++ * This includes a loose check for an IPv4 address. */ ++ !_php_filter_validate_domain(ZSTR_VAL(url->host), l, FILTER_FLAG_HOSTNAME) ++ ) { + php_url_free(url); + RETURN_VALIDATION_FAILED + } +@@ -749,15 +754,15 @@ static int _php_filter_validate_ipv4(char *str, size_t str_len, int *ip) /* {{{ + } + /* }}} */ + +-static int _php_filter_validate_ipv6(char *str, size_t str_len, int ip[8]) /* {{{ */ ++static int _php_filter_validate_ipv6(const char *str, size_t str_len, int ip[8]) /* {{{ */ + { + int compressed_pos = -1; + int blocks = 0; + int num, n, i; + char *ipv4; +- char *end; ++ const char *end; + int ip4elm[4]; +- char *s = str; ++ const char *s = str; + + if (!memchr(str, ':', str_len)) { + return 0; +diff --git a/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt +new file mode 100644 +index 00000000000..0092408ee5a +--- /dev/null ++++ b/ext/filter/tests/ghsa-w8qr-v226-r27w.phpt +@@ -0,0 +1,41 @@ ++--TEST-- ++GHSA-w8qr-v226-r27w ++--EXTENSIONS-- ++filter ++--FILE-- ++ ++--EXPECT-- ++--- These ones should fail --- ++bool(false) ++bool(false) ++bool(false) ++bool(false) ++bool(false) ++bool(false) ++bool(false) ++bool(false) ++--- These ones should work --- ++string(21) "http://test@127.0.0.1" ++string(50) "http://test@[2001:db8:3333:4444:5555:6666:1.2.3.4]" ++string(17) "http://test@[::1]" +-- + diff --git a/dev-lang/php/files/php-cve-2024-8925.patch b/dev-lang/php/files/php-cve-2024-8925.patch new file mode 100644 index 0000000..f4722dd --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-8925.patch @@ -0,0 +1,228 @@ +From a24ac172f52e75101913f3946cfa5515f723c99f Mon Sep 17 00:00:00 2001 +From: Arnaud Le Blanc +Date: Mon, 9 Sep 2024 15:22:07 +0200 +Subject: [PATCH 04/11] Fix GHSA-9pqp-7h25-4f32 + +multipart/form-data boundaries larger than the read buffer result in erroneous +parsing, which violates data integrity. + +Limit boundary size, as allowed by RFC 1521: + + Encapsulation boundaries [...] must be no longer than 70 characters, not + counting the two leading hyphens. + +We correctly parse payloads with boundaries of length up to +FILLUNIT-strlen("\r\n--") bytes, so allow this for BC. + +(cherry picked from commit 19b49258d0c5a61398d395d8afde1123e8d161e0) +(cherry picked from commit 2b0daf421c162376892832588eccdfa9a286ed09) +Upstream-Status: Backport [19b49258d0c5a61398d395d8afde1123e8d161e0, 2b0daf421c162376892832588eccdfa9a286ed09] +--- + main/rfc1867.c | 7 ++ + tests/basic/GHSA-9pqp-7h25-4f32.inc | 3 + + tests/basic/GHSA-9pqp-7h25-4f32.phpt | 100 +++++++++++++++++++++++++++ + 3 files changed, 110 insertions(+) + create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.inc + create mode 100644 tests/basic/GHSA-9pqp-7h25-4f32.phpt + +diff --git a/main/rfc1867.c b/main/rfc1867.c +index 1b212c93325..43ccce120c3 100644 +--- a/main/rfc1867.c ++++ b/main/rfc1867.c +@@ -759,6 +759,13 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ + boundary_len = boundary_end-boundary; + } + ++ /* Boundaries larger than FILLUNIT-strlen("\r\n--") characters lead to ++ * erroneous parsing */ ++ if (boundary_len > FILLUNIT-strlen("\r\n--")) { ++ sapi_module.sapi_error(E_WARNING, "Boundary too large in multipart/form-data POST data"); ++ return; ++ } ++ + /* Initialize the buffer */ + if (!(mbuff = multipart_buffer_new(boundary, boundary_len))) { + sapi_module.sapi_error(E_WARNING, "Unable to initialize the input buffer"); +diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.inc b/tests/basic/GHSA-9pqp-7h25-4f32.inc +new file mode 100644 +index 00000000000..adf72a361a2 +--- /dev/null ++++ b/tests/basic/GHSA-9pqp-7h25-4f32.inc +@@ -0,0 +1,3 @@ ++ ++--FILE-- ++ '1', ++ 'CONTENT_TYPE' => "multipart/form-data; boundary=$boundary", ++ 'CONTENT_LENGTH' => strlen($body), ++ 'REQUEST_METHOD' => 'POST', ++ 'SCRIPT_FILENAME' => __DIR__ . '/GHSA-9pqp-7h25-4f32.inc', ++ ]); ++ ++ $spec = [ ++ 0 => ['pipe', 'r'], ++ 1 => STDOUT, ++ 2 => STDOUT, ++ ]; ++ ++ $pipes = []; ++ ++ print "Starting...\n"; ++ ++ $handle = proc_open($cmd, $spec, $pipes, getcwd(), $env); ++ ++ fwrite($pipes[0], $body); ++ ++ $status = proc_close($handle); ++ ++ print "\n"; ++} ++ ++for ($offset = -1; $offset <= 1; $offset++) { ++ test(FILLUNIT - strlen("\r\n--") + $offset); ++} ++ ++?> ++--EXPECTF-- ++Boundary len: 5115 ++Starting... ++X-Powered-By: %s ++Content-type: text/html; charset=UTF-8 ++ ++Hello world ++array(1) { ++ ["koko"]=> ++ string(5124) "BBB ++--AAA%sCCC" ++} ++ ++Boundary len: 5116 ++Starting... ++X-Powered-By: %s ++Content-type: text/html; charset=UTF-8 ++ ++Hello world ++array(1) { ++ ["koko"]=> ++ string(5125) "BBB ++--AAA%sCCC" ++} ++ ++Boundary len: 5117 ++Starting... ++X-Powered-By: %s ++Content-type: text/html; charset=UTF-8 ++ ++
++Warning: Boundary too large in multipart/form-data POST data in Unknown on line 0
++Hello world ++array(0) { ++} ++ +-- +2.46.1 + +From 2fd1b83817d20523e72bef3ad524cd5797f51acf Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka +Date: Mon, 23 Sep 2024 18:54:31 +0100 +Subject: [PATCH 08/11] Skip GHSA-9pqp-7h25-4f32 test on Windows + +(cherry picked from commit c70e25630832fa10d421328eed2b8e1a36af7a64) +(cherry picked from commit c75683864f6e4188439e8ca2adbb05824918be12) +--- + tests/basic/GHSA-9pqp-7h25-4f32.phpt | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt +index af819163705..29bcb6557d5 100644 +--- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt ++++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt +@@ -5,6 +5,9 @@ GHSA-9pqp-7h25-4f32 + if (!getenv('TEST_PHP_CGI_EXECUTABLE')) { + die("skip php-cgi not available"); + } ++if (substr(PHP_OS, 0, 3) == 'WIN') { ++ die("skip not for Windows in CI - probably resource issue"); ++} + ?> + --FILE-- + +Date: Thu, 26 Sep 2024 15:49:03 +0200 +Subject: [PATCH 11/11] adapt GHSA-9pqp-7h25-4f32 test for 7.x + +--- + tests/basic/GHSA-9pqp-7h25-4f32.phpt | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/basic/GHSA-9pqp-7h25-4f32.phpt b/tests/basic/GHSA-9pqp-7h25-4f32.phpt +index 29bcb6557d5..a1ead918ff3 100644 +--- a/tests/basic/GHSA-9pqp-7h25-4f32.phpt ++++ b/tests/basic/GHSA-9pqp-7h25-4f32.phpt +@@ -21,6 +21,7 @@ function test($boundaryLen) { + getenv('TEST_PHP_CGI_EXECUTABLE'), + '-C', + '-n', ++ '-dlog_errors=1', + __DIR__ . '/GHSA-9pqp-7h25-4f32.inc', + ]; + +@@ -92,11 +93,10 @@ array(1) { + + Boundary len: 5117 + Starting... ++PHP Warning: Boundary too large in multipart/form-data POST data in Unknown on line 0 + X-Powered-By: %s + Content-type: text/html; charset=UTF-8 + +-
+-Warning: Boundary too large in multipart/form-data POST data in Unknown on line 0
+ Hello world + array(0) { + } +-- +2.46.1 + diff --git a/dev-lang/php/files/php-cve-2024-8926.patch b/dev-lang/php/files/php-cve-2024-8926.patch new file mode 100644 index 0000000..ebb6856 --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-8926.patch @@ -0,0 +1,176 @@ +From fb718aa6f2117933566bb7bb2f70b2b0d9a9c08f Mon Sep 17 00:00:00 2001 +From: Jan Ehrhardt +Date: Wed, 5 Jun 2024 20:24:52 +0200 +Subject: [PATCH 01/11] Fix GHSA-3qgc-jrrr-25jv + +Upstream-Status: Backport [938267314835de3c2ed1a3da4f2959f1d2709468] +--- + sapi/cgi/cgi_main.c | 23 ++++++++++++++- + sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt | 38 +++++++++++++++++++++++++ + 2 files changed, 60 insertions(+), 1 deletion(-) + create mode 100644 sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt + +diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c +index a36f426d266..8d1342727dc 100644 +--- a/sapi/cgi/cgi_main.c ++++ b/sapi/cgi/cgi_main.c +@@ -1827,8 +1827,13 @@ int main(int argc, char *argv[]) + } + } + ++ /* Apache CGI will pass the query string to the command line if it doesn't contain a '='. ++ * This can create an issue where a malicious request can pass command line arguments to ++ * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode, ++ * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`. ++ * Therefore, this code only prevents passing arguments if the query string starts with a '-'. ++ * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */ + if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) { +- /* we've got query string that has no = - apache CGI will pass it to command line */ + unsigned char *p; + decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); +@@ -1838,6 +1843,22 @@ int main(int argc, char *argv[]) + if(*p == '-') { + skip_getopt = 1; + } ++ ++ /* On Windows we have to take into account the "best fit" mapping behaviour. */ ++#ifdef PHP_WIN32 ++ if (*p >= 0x80) { ++ wchar_t wide_buf[1]; ++ wide_buf[0] = *p; ++ char char_buf[4]; ++ size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]); ++ size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]); ++ if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0 ++ || char_buf[0] == '-') { ++ skip_getopt = 1; ++ } ++ } ++#endif ++ + free(decoded_query_string); + } + +diff --git a/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt +new file mode 100644 +index 00000000000..fd2fcdfbf89 +--- /dev/null ++++ b/sapi/cgi/tests/ghsa-3qgc-jrrr-25jv.phpt +@@ -0,0 +1,38 @@ ++--TEST-- ++GHSA-3qgc-jrrr-25jv ++--SKIPIF-- ++ ++--FILE-- ++'; ++file_put_contents($filename, $script); ++ ++$php = get_cgi_path(); ++reset_env_vars(); ++ ++putenv("SERVER_NAME=Test"); ++putenv("SCRIPT_FILENAME=$filename"); ++putenv("QUERY_STRING=%ads"); ++putenv("REDIRECT_STATUS=1"); ++ ++passthru("$php -s"); ++ ++?> ++--CLEAN-- ++ ++--EXPECTF-- ++X-Powered-By: PHP/%s ++Content-type: %s ++ ++hello world +-- +2.46.1 + +From 1158d06f0b20532ab7309cb20f0be843f9662e3c Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Fri, 14 Jun 2024 19:49:22 +0200 +Subject: [PATCH 05/11] Fix GHSA-p99j-rfp4-xqvq + +It's no use trying to work around whatever the operating system and Apache +do because we'll be fighting that until eternity. +Change the skip_getopt condition such that when we're running in +CGI or FastCGI mode we always skip the argument parsing. +This is a BC break, but this seems to be the only way to get rid of this +class of issues. + +(cherry picked from commit abcfd980bfa03298792fd3aba051c78d52f10642) +(cherry picked from commit 2d2552e092b6ff32cd823692d512f126ee629842) +--- + sapi/cgi/cgi_main.c | 26 ++++++++------------------ + 1 file changed, 8 insertions(+), 18 deletions(-) + +diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c +index 8d1342727dc..a2761aafd7b 100644 +--- a/sapi/cgi/cgi_main.c ++++ b/sapi/cgi/cgi_main.c +@@ -1777,7 +1777,6 @@ int main(int argc, char *argv[]) + int status = 0; + #endif + char *query_string; +- char *decoded_query_string; + int skip_getopt = 0; + + #if defined(SIGPIPE) && defined(SIG_IGN) +@@ -1832,10 +1831,15 @@ int main(int argc, char *argv[]) + * the executable. Ideally we skip argument parsing when we're in cgi or fastcgi mode, + * but that breaks PHP scripts on Linux with a hashbang: `#!/php-cgi -d option=value`. + * Therefore, this code only prevents passing arguments if the query string starts with a '-'. +- * Similarly, scripts spawned in subprocesses on Windows may have the same issue. */ ++ * Similarly, scripts spawned in subprocesses on Windows may have the same issue. ++ * However, Windows has lots of conversion rules and command line parsing rules that ++ * are too difficult and dangerous to reliably emulate. */ + if((query_string = getenv("QUERY_STRING")) != NULL && strchr(query_string, '=') == NULL) { ++#ifdef PHP_WIN32 ++ skip_getopt = cgi || fastcgi; ++#else + unsigned char *p; +- decoded_query_string = strdup(query_string); ++ char *decoded_query_string = strdup(query_string); + php_url_decode(decoded_query_string, strlen(decoded_query_string)); + for (p = (unsigned char *)decoded_query_string; *p && *p <= ' '; p++) { + /* skip all leading spaces */ +@@ -1844,22 +1848,8 @@ int main(int argc, char *argv[]) + skip_getopt = 1; + } + +- /* On Windows we have to take into account the "best fit" mapping behaviour. */ +-#ifdef PHP_WIN32 +- if (*p >= 0x80) { +- wchar_t wide_buf[1]; +- wide_buf[0] = *p; +- char char_buf[4]; +- size_t wide_buf_len = sizeof(wide_buf) / sizeof(wide_buf[0]); +- size_t char_buf_len = sizeof(char_buf) / sizeof(char_buf[0]); +- if (WideCharToMultiByte(CP_ACP, 0, wide_buf, wide_buf_len, char_buf, char_buf_len, NULL, NULL) == 0 +- || char_buf[0] == '-') { +- skip_getopt = 1; +- } +- } +-#endif +- + free(decoded_query_string); ++#endif + } + + while (!skip_getopt && (c = php_getopt(argc, argv, OPTIONS, &php_optarg, &php_optind, 0, 2)) != -1) { +-- +2.46.1 + diff --git a/dev-lang/php/files/php-cve-2024-8927.patch b/dev-lang/php/files/php-cve-2024-8927.patch new file mode 100644 index 0000000..0e65642 --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-8927.patch @@ -0,0 +1,58 @@ +From c7308ba7cd0533501b40eba255602bb5e085550f Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Tue, 18 Jun 2024 21:28:26 +0200 +Subject: [PATCH 06/11] Fix GHSA-94p6-54jq-9mwp + +Apache only generates REDIRECT_STATUS, so explicitly check for that +if the server name is Apache, don't allow other variable names. +Furthermore, redirect.so and Netscape no longer exist, so +remove those entries as we can't check their server name anymore. + +We now also check for the configuration override *first* such that it +always take precedence. This would allow for a mitigation path if +something like this happens in the future. + +(cherry picked from commit 48808d98f4fc2a05193cdcc1aedd6c66816450f1) +(cherry picked from commit 8aa748ee0657cdee8d883ba50d04b68bc450f686) +Upstream-Status: Backport [48808d98f4fc2a05193cdcc1aedd6c66816450f1, 8aa748ee0657cdee8d883ba50d04b68bc450f686] +--- + sapi/cgi/cgi_main.c | 23 +++++++++++------------ + 1 file changed, 11 insertions(+), 12 deletions(-) + +diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c +index a2761aafd7b..ebce6302b93 100644 +--- a/sapi/cgi/cgi_main.c ++++ b/sapi/cgi/cgi_main.c +@@ -1939,18 +1939,17 @@ int main(int argc, char *argv[]) + + /* check force_cgi after startup, so we have proper output */ + if (cgi && CGIG(force_redirect)) { +- /* Apache will generate REDIRECT_STATUS, +- * Netscape and redirect.so will generate HTTP_REDIRECT_STATUS. +- * redirect.so and installation instructions available from +- * http://www.koehntopp.de/php. +- * -- kk@netuse.de +- */ +- if (!getenv("REDIRECT_STATUS") && +- !getenv ("HTTP_REDIRECT_STATUS") && +- /* this is to allow a different env var to be configured +- * in case some server does something different than above */ +- (!CGIG(redirect_status_env) || !getenv(CGIG(redirect_status_env))) +- ) { ++ /* This is to allow a different environment variable to be configured ++ * in case the we cannot auto-detect which environment variable to use. ++ * Checking this first to allow user overrides in case the environment ++ * variable can be set by an untrusted party. */ ++ const char *redirect_status_env = CGIG(redirect_status_env); ++ if (!redirect_status_env) { ++ /* Apache will generate REDIRECT_STATUS. */ ++ redirect_status_env = "REDIRECT_STATUS"; ++ } ++ ++ if (!getenv(redirect_status_env)) { + zend_try { + SG(sapi_headers).http_response_code = 400; + PUTS("Security Alert! The PHP CGI cannot be accessed directly.\n\n\ +-- +2.46.1 + diff --git a/dev-lang/php/files/php-cve-2024-8932.patch b/dev-lang/php/files/php-cve-2024-8932.patch new file mode 100644 index 0000000..5ad746c --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-8932.patch @@ -0,0 +1,141 @@ +From 50e9e72530a4805980384b8ea6672877af816145 Mon Sep 17 00:00:00 2001 +From: Niels Dossche <7771979+nielsdos@users.noreply.github.com> +Date: Thu, 26 Sep 2024 22:22:27 +0200 +Subject: [PATCH 4/7] Fix GHSA-g665-fm4p-vhff: OOB access in ldap_escape + +(cherry picked from commit f9ecf90070a11dad09ca7671a712f81cc2a7d52f) +(cherry picked from commit 9f367d847989b339c33369737daf573e30bab5f1) + +Upstream-Status: Backport +--- + ext/ldap/ldap.c | 21 ++++++++++++++-- + ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt | 28 ++++++++++++++++++++++ + ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt | 29 +++++++++++++++++++++++ + 3 files changed, 76 insertions(+), 2 deletions(-) + create mode 100644 ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt + create mode 100644 ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt + +diff --git a/ext/ldap/ldap.c b/ext/ldap/ldap.c +index 72a39bd93df..75adf1b5df2 100644 +--- a/ext/ldap/ldap.c ++++ b/ext/ldap/ldap.c +@@ -49,6 +49,7 @@ + + #include "ext/standard/php_string.h" + #include "ext/standard/info.h" ++#include "Zend/zend_exceptions.h" + + #ifdef HAVE_LDAP_SASL + #include +@@ -3836,13 +3837,23 @@ static zend_string* php_ldap_do_escape(const zend_bool *map, const char *value, + zend_string *ret; + + for (i = 0; i < valuelen; i++) { +- len += (map[(unsigned char) value[i]]) ? 3 : 1; ++ size_t addend = (map[(unsigned char) value[i]]) ? 3 : 1; ++ if (len > ZSTR_MAX_LEN - addend) { ++ return NULL; ++ } ++ len += addend; + } + /* Per RFC 4514, a leading and trailing space must be escaped */ + if ((flags & PHP_LDAP_ESCAPE_DN) && (value[0] == ' ')) { ++ if (len > ZSTR_MAX_LEN - 2) { ++ return NULL; ++ } + len += 2; + } + if ((flags & PHP_LDAP_ESCAPE_DN) && ((valuelen > 1) && (value[valuelen - 1] == ' '))) { ++ if (len > ZSTR_MAX_LEN - 2) { ++ return NULL; ++ } + len += 2; + } + +@@ -3909,7 +3920,13 @@ PHP_FUNCTION(ldap_escape) + php_ldap_escape_map_set_chars(map, ignores, ignoreslen, 0); + } + +- RETURN_NEW_STR(php_ldap_do_escape(map, value, valuelen, flags)); ++ zend_string *result = php_ldap_do_escape(map, value, valuelen, flags); ++ if (UNEXPECTED(!result)) { ++ zend_throw_exception(NULL, "Argument #1 ($value) is too long", 0); ++ return; ++ } ++ ++ RETURN_NEW_STR(result); + } + + #ifdef STR_TRANSLATION +diff --git a/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt b/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt +new file mode 100644 +index 00000000000..734bbe91d42 +--- /dev/null ++++ b/ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt +@@ -0,0 +1,28 @@ ++--TEST-- ++GHSA-g665-fm4p-vhff (OOB access in ldap_escape) ++--EXTENSIONS-- ++ldap ++--INI-- ++memory_limit=-1 ++--SKIPIF-- ++ ++--FILE-- ++getMessage(), "\n"; ++} ++ ++try { ++ ldap_escape(str_repeat("#", 1431655758).' ', "", LDAP_ESCAPE_DN); ++} catch (Exception $e) { ++ echo $e->getMessage(), "\n"; ++} ++?> ++--EXPECT-- ++ldap_escape(): Argument #1 ($value) is too long ++ldap_escape(): Argument #1 ($value) is too long +diff --git a/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt b/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt +new file mode 100644 +index 00000000000..5c1b0fb6611 +--- /dev/null ++++ b/ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt +@@ -0,0 +1,29 @@ ++--TEST-- ++GHSA-g665-fm4p-vhff (OOB access in ldap_escape) ++--EXTENSIONS-- ++ldap ++--INI-- ++memory_limit=-1 ++--SKIPIF-- ++ ++--FILE-- ++getMessage(), "\n"; ++} ++ ++// would allocate a string of length 2 ++try { ++ ldap_escape(str_repeat("*", 1431655766), "", LDAP_ESCAPE_FILTER); ++} catch (Exception $e) { ++ echo $e->getMessage(), "\n"; ++} ++?> ++--EXPECT-- ++ldap_escape(): Argument #1 ($value) is too long ++ldap_escape(): Argument #1 ($value) is too long +-- +2.47.0 + diff --git a/dev-lang/php/files/php-cve-2024-9026.patch b/dev-lang/php/files/php-cve-2024-9026.patch new file mode 100644 index 0000000..717c49a --- /dev/null +++ b/dev-lang/php/files/php-cve-2024-9026.patch @@ -0,0 +1,205 @@ +From 4a8b8fa2592bd8862adeacb5b2faacb30500b9f9 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka +Date: Thu, 12 Sep 2024 13:11:11 +0100 +Subject: [PATCH 07/11] Fix GHSA-865w-9rf3-2wh5: FPM: Logs from childrens may + be altered + +(cherry picked from commit 1f8e16172c7961045c2b0f34ba7613e3f21cdee8) +(cherry picked from commit 22f4d3504d7613ce78bb96aa53cbfe7d672fa036) +Upstream-Status: Backport [1f8e16172c7961045c2b0f34ba7613e3f21cdee8, 22f4d3504d7613ce78bb96aa53cbfe7d672fa036] +--- + sapi/fpm/fpm/fpm_stdio.c | 2 +- + .../log-bwp-msg-flush-split-sep-pos-end.phpt | 47 +++++++++++++++++++ + ...log-bwp-msg-flush-split-sep-pos-start.phpt | 47 +++++++++++++++++++ + 3 files changed, 95 insertions(+), 1 deletion(-) + create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt + create mode 100644 sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt + +diff --git a/sapi/fpm/fpm/fpm_stdio.c b/sapi/fpm/fpm/fpm_stdio.c +index ddedfb48c7c..9d87273314a 100644 +--- a/sapi/fpm/fpm/fpm_stdio.c ++++ b/sapi/fpm/fpm/fpm_stdio.c +@@ -177,7 +177,7 @@ stdio_read: + if ((sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos) <= in_buf && + !memcmp(buf, &FPM_STDIO_CMD_FLUSH[cmd_pos], sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos)) { + zlog_stream_finish(log_stream); +- start = cmd_pos; ++ start = sizeof(FPM_STDIO_CMD_FLUSH) - cmd_pos; + } else { + zlog_stream_str(log_stream, &FPM_STDIO_CMD_FLUSH[0], cmd_pos); + } +diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt +new file mode 100644 +index 00000000000..52826320080 +--- /dev/null ++++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt +@@ -0,0 +1,47 @@ ++--TEST-- ++FPM: Buffered worker output plain log with msg with flush split position towards separator end ++--SKIPIF-- ++ ++--FILE-- ++start(); ++$tester->expectLogStartNotices(); ++$tester->request()->expectEmptyBody(); ++$tester->expectLogLine(str_repeat('a', 1013) . "Quarkslab", decorated: false); ++$tester->expectLogLine("Quarkslab", decorated: false); ++$tester->terminate(); ++$tester->expectLogTerminatingNotices(); ++$tester->close(); ++ ++?> ++Done ++--EXPECT-- ++Done ++--CLEAN-- ++ +diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt +new file mode 100644 +index 00000000000..34905938553 +--- /dev/null ++++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt +@@ -0,0 +1,47 @@ ++--TEST-- ++FPM: Buffered worker output plain log with msg with flush split position towards separator start ++--SKIPIF-- ++ ++--FILE-- ++start(); ++$tester->expectLogStartNotices(); ++$tester->request()->expectEmptyBody(); ++$tester->expectLogLine(str_repeat('a', 1009) . "Quarkslab", decorated: false); ++$tester->expectLogLine("Quarkslab", decorated: false); ++$tester->terminate(); ++$tester->expectLogTerminatingNotices(); ++$tester->close(); ++ ++?> ++Done ++--EXPECT-- ++Done ++--CLEAN-- ++ +-- +2.46.1 + +From bc574c256596abc4966e7f0e3e0913839092151e Mon Sep 17 00:00:00 2001 +From: Remi Collet +Date: Thu, 26 Sep 2024 15:48:11 +0200 +Subject: [PATCH 10/11] adapt GHSA-865w-9rf3-2wh5 test for 7.x + +--- + sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt | 4 ++-- + sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt | 4 ++-- + sapi/fpm/tests/tester.inc | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt +index 52826320080..bdd61782bfa 100644 +--- a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt ++++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-end.phpt +@@ -30,8 +30,8 @@ $tester = new FPM\Tester($cfg, $code); + $tester->start(); + $tester->expectLogStartNotices(); + $tester->request()->expectEmptyBody(); +-$tester->expectLogLine(str_repeat('a', 1013) . "Quarkslab", decorated: false); +-$tester->expectLogLine("Quarkslab", decorated: false); ++$tester->expectLogLine(str_repeat('a', 1013) . "Quarkslab", true, false); ++$tester->expectLogLine("Quarkslab", true, false); + $tester->terminate(); + $tester->expectLogTerminatingNotices(); + $tester->close(); +diff --git a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt +index 34905938553..f3461e4a0c8 100644 +--- a/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt ++++ b/sapi/fpm/tests/log-bwp-msg-flush-split-sep-pos-start.phpt +@@ -30,8 +30,8 @@ $tester = new FPM\Tester($cfg, $code); + $tester->start(); + $tester->expectLogStartNotices(); + $tester->request()->expectEmptyBody(); +-$tester->expectLogLine(str_repeat('a', 1009) . "Quarkslab", decorated: false); +-$tester->expectLogLine("Quarkslab", decorated: false); ++$tester->expectLogLine(str_repeat('a', 1009) . "Quarkslab", true, false); ++$tester->expectLogLine("Quarkslab", true, false); + $tester->terminate(); + $tester->expectLogTerminatingNotices(); + $tester->close(); +diff --git a/sapi/fpm/tests/tester.inc b/sapi/fpm/tests/tester.inc +index 7868afc4ac1..fe5f0c2fde7 100644 +--- a/sapi/fpm/tests/tester.inc ++++ b/sapi/fpm/tests/tester.inc +@@ -1315,7 +1315,7 @@ class Tester + * @param string $message + * @return bool + */ +- public function expectLogLine(string $message, bool $is_stderr = true) ++ public function expectLogLine(string $message, bool $is_stderr = true, bool $decorated = true) + { + $messageLen = strlen($message); + $limit = $messageLen > 1024 ? $messageLen + 16 : 1024; +@@ -1325,7 +1325,7 @@ class Tester + $this->message("LOG LINE: " . ($logLines[0] ?? '')); + } + +- return $this->logTool->checkWrappedMessage($logLines, false, true, $is_stderr); ++ return $this->logTool->checkWrappedMessage($logLines, false, $decorated, $is_stderr); + } + + /** +-- +2.46.1 + diff --git a/dev-lang/php/php-7.4.33-r2.ebuild b/dev-lang/php/php-7.4.33-r3.ebuild similarity index 92% rename from dev-lang/php/php-7.4.33-r2.ebuild rename to dev-lang/php/php-7.4.33-r3.ebuild index 2cc5011..d51a6b2 100644 --- a/dev-lang/php/php-7.4.33-r2.ebuild +++ b/dev-lang/php/php-7.4.33-r3.ebuild @@ -5,7 +5,7 @@ EAPI="7" WANT_AUTOMAKE="none" -inherit flag-o-matic systemd autotools +inherit flag-o-matic systemd autotools multilib MY_PV=${PV/_rc/RC} DESCRIPTION="The PHP language runtime engine" @@ -148,8 +148,37 @@ PHP_MV="$(ver_cut 1)" PATCHES=( "${FILESDIR}"/php-iodbc-header-location.patch "${FILESDIR}"/bug81656-gcc-11.patch - "${FILESDIR}"/php-7.4-openssl.patch "${FILESDIR}"/php-7.4.33-CVE-2022-31631.patch + # + # Patches from: https://github.com/zboszor/meta-parallel-php + "${FILESDIR}"/0001-ext-libxml-Use-ZEND_ATTRIBUTE_UNUSED-in-php_libxml_o.patch + "${FILESDIR}"/0001-Fix-cookie_seek_function_t-signature-under-musl-1389.patch + "${FILESDIR}"/0002-ext-intl-level-up-c-runtime-std-for-icu-74-and-onwar.patch + "${FILESDIR}"/php-bug81744.patch + "${FILESDIR}"/php-7.4.33-gcc14.patch + "${FILESDIR}"/php-7.4.33-libxml212.patch + "${FILESDIR}"/php-7.4.11-crosscompile.patch + # + # Patches from: https://github.com/shivammathur/php-src-backports/blob/main/patches/7.4 + "${FILESDIR}"/0002-Add-minimal-OpenSSL-3.0-patch-PHP7.4.patch + "${FILESDIR}"/0003-Fix-bug-79589-ssl3_read_n-unexpected-eof-while-reading-PHP7.4.patch + "${FILESDIR}"/0006-Use-ITIMER_REAL-for-timeout-handling-PHP-7.4.patch + "${FILESDIR}"/0007-Fix-PEAR-installation-with-libxml2.13.patch + "${FILESDIR}"/0009-Fix-w-strict-prototype-build-warnings-PHP-7.4.patch + "${FILESDIR}"/0010-Fix-GH-16168-Fix-inline-assembly-labels-to-not-crash-PHP7.4.patch + + "${FILESDIR}"/php-cve-2023-3247.patch + "${FILESDIR}"/php-cve-2024-2756.patch + "${FILESDIR}"/php-cve-2024-3096.patch + "${FILESDIR}"/php-cve-2024-5458.patch + "${FILESDIR}"/php-cve-2024-8925.patch + "${FILESDIR}"/php-cve-2024-8926.patch + "${FILESDIR}"/php-cve-2024-8927.patch + "${FILESDIR}"/php-cve-2024-8932.patch + "${FILESDIR}"/php-cve-2024-9026.patch + "${FILESDIR}"/php-cve-2024-11233.patch + "${FILESDIR}"/php-cve-2024-11234.patch + "${FILESDIR}"/php-cve-2024-11236.patch ) php_install_ini() { @@ -642,9 +671,9 @@ src_test() { fi REPORT_EXIT_STATUS=1 "${TEST_PHP_EXECUTABLE}" -n -d \ - "session.save_path=${T}" \ - "${WORKDIR}/sapis-build/cli/run-tests.php" -n -q -d \ - "session.save_path=${T}" + "session.save_path=${T}" \ + "${WORKDIR}/sapis-build/cli/run-tests.php" -n -q -d \ + "session.save_path=${T}" for name in ${EXPECTED_TEST_FAILURES}; do mv "${name}.out" "${name}.out.orig" 2>/dev/null || die