rpms
/
php
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:i10c-beta
Branches Tags
rpms:i9c-stream-8.2
rpms:c9-stream-8.2
rpms:i9c-stream-8.1
rpms:c9-stream-8.1
rpms:i8c-stream-8.2
rpms:c8-stream-8.2
rpms:i8c-stream-7.4
rpms:c8-stream-7.4
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta-stream-8.2
rpms:c8-beta-stream-8.2
rpms:i9c-beta-stream-8.2
rpms:c9-beta-stream-8.2
rpms:i8c-stream-8.0
rpms:c8-stream-8.0
rpms:i8c-stream-7.3
rpms:c8-stream-7.3
rpms:i8c-stream-7.2
rpms:c8-stream-7.2
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i9c-stream-8.2
rpms:c9-stream-8.2
rpms:i9c-stream-8.1
rpms:c9-stream-8.1
rpms:i8c-stream-8.2
rpms:c8-stream-8.2
rpms:i8c-stream-7.4
rpms:c8-stream-7.4
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c-beta-stream-8.2
rpms:c8-beta-stream-8.2
rpms:i9c-beta-stream-8.2
rpms:c9-beta-stream-8.2
rpms:i8c-stream-8.0
rpms:c8-stream-8.0
rpms:i8c-stream-7.3
rpms:c8-stream-7.3
rpms:i8c-stream-7.2
rpms:c8-stream-7.2
rpms:i9c
rpms:c9

No commits in common. 'i10c-beta' and 'c9' have entirely different histories.
i10c-beta ... c9

23 changed files with 6954 additions and 2460 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/php-8.3.10.tar.xz
SOURCES/php-8.0.30.tar.xz

2
.php.metadata
Unescape View File

@ -1 +1 @@
6778d61d52db00dc6c369c530963287ab990f5e5 SOURCES/php-8.3.10.tar.xz
f6d5137d6ce3e52b6d8a582e2990913f2807add4 SOURCES/php-8.0.30.tar.xz

15
SOURCES/10-opcache.ini
Unescape View File

@ -67,6 +67,10 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
; are cached.
;opcache.max_file_size=0
; Check the cache checksum each N requests.
; The default value of "0" means that the checks are disabled.
;opcache.consistency_checks=0
; How long to wait (in seconds) for a scheduled restart to begin if the cache
; is not being accessed.
;opcache.force_restart_timeout=180
@ -111,12 +115,7 @@ opcache.blacklist_filename=/etc/php.d/opcache*.blacklist
;opcache.file_cache_fallback=1
; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
; Under certain circumstances (if only a single global PHP process is
; started from which all others fork), this can increase performance
; by a tiny amount because TLB misses are reduced. On the other hand, this
; delays PHP startup, increases memory usage and degrades performance
; under memory pressure - use with care.
; Requires appropriate OS configuration.
; This should improve performance, but requires appropriate OS configuration.
opcache.huge_code_pages=0
; Validate cached file permissions.
@ -137,12 +136,12 @@ opcache.huge_code_pages=0
; Specifies a PHP script that is going to be compiled and executed at server
; start-up.
; https://php.net/opcache.preload
; http://php.net/opcache.preload
;opcache.preload=
; Preloading code as root is not allowed for security reasons. This directive
; facilitates to let the preloading to be run as another user.
; https://php.net/opcache.preload_user
; http://php.net/opcache.preload_user
;opcache.preload_user=
; Prevents caching files that are less than this number of seconds old. It

6
SOURCES/macros.php
Unescape View File

@ -18,10 +18,4 @@
%__php %{_bindir}/php
%__ztsphp %{_bindir}/zts-php
%__phpize %{_bindir}/phpize
%__ztsphpize %{_bindir}/zts-phpize
%__phpconfig %{_bindir}/php-config
%__ztsphpconfig %{_bindir}/zts-php-config
%pecl_xmldir %{_sharedstatedir}/php/peclxml

4
SOURCES/php-8.1.0-libdb.patch → SOURCES/php-7.4.0-libdb.patch
Unescape View File

@ -79,10 +79,10 @@ diff -up ./ext/dba/dba.c.libdb ./ext/dba/dba.c
PHP_MINIT_FUNCTION(dba);
PHP_MSHUTDOWN_FUNCTION(dba);
PHP_MINFO_FUNCTION(dba);
@@ -452,6 +456,10 @@ PHP_MINFO_FUNCTION(dba)
@@ -459,6 +463,10 @@ PHP_MINFO_FUNCTION(dba)
php_info_print_table_start();
php_info_print_table_row(2, "DBA support", "enabled");
php_info_print_table_row(2, "DBA support", "enabled");
+#ifdef DB_VERSION_STRING
+ php_info_print_table_row(2, "libdb header version", DB_VERSION_STRING);
+ php_info_print_table_row(2, "libdb library version", db_version(NULL, NULL, NULL));

34
SOURCES/php-7.4.0-phpize.patch
Unescape View File

@ -1,7 +1,7 @@
diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
--- ./scripts/phpize.in.headers 2019-07-23 10:05:11.000000000 +0200
+++ ./scripts/phpize.in 2019-07-23 10:18:13.648098089 +0200
@@ -166,6 +166,15 @@ phpize_autotools()
@@ -165,6 +165,15 @@ phpize_autotools()
$PHP_AUTOHEADER || exit 1
}
@ -17,7 +17,7 @@ diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
# Main script
case "$1" in
@@ -184,12 +193,15 @@ case "$1" in
@@ -183,12 +192,15 @@ case "$1" in
# Version
--version|-v)
@ -33,33 +33,3 @@ diff -up ./scripts/phpize.in.headers ./scripts/phpize.in
phpize_check_configm4 0
phpize_check_build_files
From c454f120857df6f771c5475bf1fcc99e683b87dc Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 7 Sep 2023 09:56:51 +0200
Subject: [PATCH] also display PHP version in phpize
---
scripts/phpize.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scripts/phpize.in b/scripts/phpize.in
index 7d9c1df14c8e..81605e06a590 100644
--- a/scripts/phpize.in
+++ b/scripts/phpize.in
@@ -59,6 +59,8 @@ phpize_check_configm4()
phpize_get_api_numbers()
{
# extracting API NOs:
+ PHP_MINOR_VERSION=`grep '#define PHP_MINOR_VERSION' $includedir/main/php_version.h|$SED 's/#define PHP_MINOR_VERSION //'`
+ PHP_MAJOR_VERSION=`grep '#define PHP_MAJOR_VERSION' $includedir/main/php_version.h|$SED 's/#define PHP_MAJOR_VERSION//'`
PHP_API_VERSION=`grep '#define PHP_API_VERSION' $includedir/main/php.h|$SED 's/#define PHP_API_VERSION//'`
ZEND_MODULE_API_NO=`grep '#define ZEND_MODULE_API_NO' $includedir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO//'`
ZEND_EXTENSION_API_NO=`grep '#define ZEND_EXTENSION_API_NO' $includedir/Zend/zend_extensions.h|$SED 's/#define ZEND_EXTENSION_API_NO//'`
@@ -68,6 +70,7 @@ phpize_print_api_numbers()
{
phpize_get_api_numbers
echo "Configuring for:"
+ echo "PHP Version: ${PHP_MAJOR_VERSION}.${PHP_MINOR_VERSION}"
echo "PHP Api Version: "$PHP_API_VERSION
echo "Zend Module Api No: "$ZEND_MODULE_API_NO
echo "Zend Extension Api No: "$ZEND_EXTENSION_API_NO

118
SOURCES/php-8.0.0-phpinfo.patch
Unescape View File

@ -0,0 +1,118 @@
Drop "Configure Command" from phpinfo as it doesn't
provide any useful information.
The available extensions are not related to this command.
Replace full GCC name by gcc in php -v output
Also apply
From 9bf43c45908433d382f0499d529849172d0d8206 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 28 Dec 2020 08:33:09 +0100
Subject: [PATCH] rename COMPILER and ARCHITECTURE macro (too generic)
---
configure.ac | 4 ++--
ext/standard/info.c | 8 ++++----
sapi/cli/php_cli.c | 8 ++++----
win32/build/confutils.js | 10 +++++-----
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9d9c8b155b07..143dc061346b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1289,10 +1289,10 @@ if test -n "${PHP_BUILD_PROVIDER}"; then
AC_DEFINE_UNQUOTED(PHP_BUILD_PROVIDER,"$PHP_BUILD_PROVIDER",[build provider])
fi
if test -n "${PHP_BUILD_COMPILER}"; then
- AC_DEFINE_UNQUOTED(COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
+ AC_DEFINE_UNQUOTED(PHP_BUILD_COMPILER,"$PHP_BUILD_COMPILER",[used compiler for build])
fi
if test -n "${PHP_BUILD_ARCH}"; then
- AC_DEFINE_UNQUOTED(ARCHITECTURE,"$PHP_BUILD_ARCH",[build architecture])
+ AC_DEFINE_UNQUOTED(PHP_BUILD_ARCH,"$PHP_BUILD_ARCH",[build architecture])
fi
PHP_SUBST_OLD(PHP_INSTALLED_SAPIS)
diff --git a/ext/standard/info.c b/ext/standard/info.c
index 153cb6cde014..8ceef31d9fe4 100644
--- a/ext/standard/info.c
+++ b/ext/standard/info.c
@@ -798,11 +798,11 @@ PHPAPI ZEND_COLD void php_print_info(int flag)
#ifdef PHP_BUILD_PROVIDER
php_info_print_table_row(2, "Build Provider", PHP_BUILD_PROVIDER);
#endif
-#ifdef COMPILER
- php_info_print_table_row(2, "Compiler", COMPILER);
+#ifdef PHP_BUILD_COMPILER
+ php_info_print_table_row(2, "Compiler", PHP_BUILD_COMPILER);
#endif
-#ifdef ARCHITECTURE
- php_info_print_table_row(2, "Architecture", ARCHITECTURE);
+#ifdef PHP_BUILD_ARCH
+ php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
#endif
#ifdef CONFIGURE_COMMAND
php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
diff --git a/sapi/cli/php_cli.c b/sapi/cli/php_cli.c
index 5092fb0ffd68..9d296acec631 100644
--- a/sapi/cli/php_cli.c
+++ b/sapi/cli/php_cli.c
@@ -640,12 +640,12 @@ static int do_cli(int argc, char **argv) /* {{{ */
#else
"NTS "
#endif
-#ifdef COMPILER
- COMPILER
+#ifdef PHP_BUILD_COMPILER
+ PHP_BUILD_COMPILER
" "
#endif
-#ifdef ARCHITECTURE
- ARCHITECTURE
+#ifdef PHP_BUILD_ARCH
+ PHP_BUILD_ARCH
" "
#endif
#if ZEND_DEBUG
diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c
--- ./ext/standard/info.c.phpinfo 2020-07-21 10:49:31.000000000 +0200
+++ ./ext/standard/info.c 2020-07-21 11:41:56.295633523 +0200
@@ -804,9 +804,6 @@ PHPAPI ZEND_COLD void php_print_info(int
#ifdef PHP_BUILD_ARCH
php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
#endif
-#ifdef CONFIGURE_COMMAND
- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
-#endif
if (sapi_module.pretty_name) {
php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt
--- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2020-07-21 10:49:31.000000000 +0200
+++ ./ext/standard/tests/general_functions/phpinfo.phpt 2020-07-21 11:41:56.296633522 +0200
@@ -17,7 +17,6 @@ PHP Version => %s
System => %s
Build Date => %s%a
-Configure Command => %s
Server API => Command Line Interface
Virtual Directory Support => %s
Configuration File (php.ini) Path => %s
diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c
--- ./sapi/cli/php_cli.c.phpinfo 2020-07-21 11:43:38.812475300 +0200
+++ ./sapi/cli/php_cli.c 2020-07-21 11:43:45.783464540 +0200
@@ -641,8 +641,7 @@ static int do_cli(int argc, char **argv)
"NTS "
#endif
#ifdef PHP_BUILD_COMPILER
- PHP_BUILD_COMPILER
- " "
+ "gcc "
#endif
#ifdef PHP_BUILD_ARCH
PHP_BUILD_ARCH

515
SOURCES/php-8.0.10-phar-sha.patch
Unescape View File

@ -0,0 +1,515 @@
Backported for 8.0 from
From 8bb0c74e24359a11216824117ac3adf3d5ef7b71 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 5 Aug 2021 11:10:15 +0200
Subject: [PATCH] switch phar to use sha256 signature by default
---
ext/phar/phar/pharcommand.inc | 2 +-
ext/phar/tests/create_new_and_modify.phpt | 4 ++--
ext/phar/tests/create_new_phar_c.phpt | 4 ++--
ext/phar/tests/phar_setsignaturealgo2.phpt | 2 +-
ext/phar/tests/tar/phar_setsignaturealgo2.phpt | 2 +-
ext/phar/tests/zip/phar_setsignaturealgo2.phpt | 2 +-
ext/phar/util.c | 6 +++---
ext/phar/zip.c | 2 +-
8 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
index a31290eee75fe..5f698b4bec26b 100644
--- a/ext/phar/phar/pharcommand.inc
+++ b/ext/phar/phar/pharcommand.inc
@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
'typ' => 'select',
'val' => NULL,
'inf' => '<method> Selects the hash algorithm.',
- 'select' => array('md5' => 'MD5','sha1' => 'SHA1')
+ 'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
),
'i' => array(
'typ' => 'regex',
diff --git a/ext/phar/tests/create_new_and_modify.phpt b/ext/phar/tests/create_new_and_modify.phpt
index 02e36c6cea2fe..32defcae8a639 100644
--- a/ext/phar/tests/create_new_and_modify.phpt
+++ b/ext/phar/tests/create_new_and_modify.phpt
@@ -49,8 +49,8 @@ include $pname . '/b.php';
<?php unlink(__DIR__ . '/' . basename(__FILE__, '.clean.php') . '.phar.php'); ?>
--EXPECTF--
brand new!
-string(40) "%s"
-string(40) "%s"
+string(%d) "%s"
+string(%d) "%s"
bool(true)
modified!
another!
diff --git a/ext/phar/tests/create_new_phar_c.phpt b/ext/phar/tests/create_new_phar_c.phpt
index 566d3c4d5f8ad..bf6d740fd1d10 100644
--- a/ext/phar/tests/create_new_phar_c.phpt
+++ b/ext/phar/tests/create_new_phar_c.phpt
@@ -20,7 +20,7 @@ var_dump($phar->getSignature());
--EXPECTF--
array(2) {
["hash"]=>
- string(40) "%s"
+ string(64) "%s"
["hash_type"]=>
- string(5) "SHA-1"
+ string(7) "SHA-256"
}
diff --git a/ext/phar/tests/phar_setsignaturealgo2.phpt b/ext/phar/tests/phar_setsignaturealgo2.phpt
index 293d3196713d8..4f31836fbbbcc 100644
--- a/ext/phar/tests/phar_setsignaturealgo2.phpt
+++ b/ext/phar/tests/phar_setsignaturealgo2.phpt
@@ -52,7 +52,7 @@ array(2) {
["hash"]=>
string(%d) "%s"
["hash_type"]=>
- string(5) "SHA-1"
+ string(7) "SHA-256"
}
array(2) {
["hash"]=>
diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
index 9923ac5c88476..cc10a241d739b 100644
--- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
@@ -51,7 +51,7 @@ array(2) {
["hash"]=>
string(%d) "%s"
["hash_type"]=>
- string(5) "SHA-1"
+ string(7) "SHA-256"
}
array(2) {
["hash"]=>
diff --git a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
index 8de77479d7825..60fec578ee894 100644
--- a/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
+++ b/ext/phar/tests/zip/phar_setsignaturealgo2.phpt
@@ -78,7 +78,7 @@ array(2) {
["hash"]=>
string(%d) "%s"
["hash_type"]=>
- string(5) "SHA-1"
+ string(7) "SHA-256"
}
array(2) {
["hash"]=>
diff --git a/ext/phar/util.c b/ext/phar/util.c
index 314acfe81a788..8d2db03b69601 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -1798,6 +1798,8 @@ int phar_create_signature(phar_archive_d
*signature_length = 64;
break;
}
+ default:
+ phar->sig_flags = PHAR_SIG_SHA256;
case PHAR_SIG_SHA256: {
unsigned char digest[32];
PHP_SHA256_CTX context;
@@ -1894,8 +1896,6 @@ int phar_create_signature(phar_archive_d
*signature_length = siglen;
}
break;
- default:
- phar->sig_flags = PHAR_SIG_SHA1;
case PHAR_SIG_SHA1: {
unsigned char digest[20];
PHP_SHA1_CTX context;
diff --git a/ext/phar/zip.c b/ext/phar/zip.c
index 31d4bd2998215..c5e38cabf7b87 100644
--- a/ext/phar/zip.c
+++ b/ext/phar/zip.c
@@ -1423,7 +1423,7 @@ int phar_zip_flush(phar_archive_data *phar, char *user_stub, zend_long len, int
memcpy(eocd.signature, "PK\5\6", 4);
if (!phar->is_data && !phar->sig_flags) {
- phar->sig_flags = PHAR_SIG_SHA1;
+ phar->sig_flags = PHAR_SIG_SHA256;
}
if (phar->sig_flags) {
PHAR_SET_16(eocd.counthere, zend_hash_num_elements(&phar->manifest) + 1);
From c51af22fef988c1b2f92b7b9e3a9d745f7084815 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 5 Aug 2021 16:49:48 +0200
Subject: [PATCH] implement openssl_256 and openssl_512 for phar singatures
---
ext/openssl/openssl.c | 1 +
ext/phar/phar.1.in | 10 +++-
ext/phar/phar.c | 8 +++-
ext/phar/phar/pharcommand.inc | 14 +++++-
ext/phar/phar_internal.h | 2 +
ext/phar/phar_object.c | 24 ++++++++--
ext/phar/tests/files/openssl256.phar | Bin 0 -> 7129 bytes
ext/phar/tests/files/openssl256.phar.pubkey | 6 +++
ext/phar/tests/files/openssl512.phar | Bin 0 -> 7129 bytes
ext/phar/tests/files/openssl512.phar.pubkey | 6 +++
.../phar_get_supported_signatures_002a.phpt | 6 ++-
.../tests/tar/phar_setsignaturealgo2.phpt | 16 +++++++
ext/phar/tests/test_signaturealgos.phpt | 8 ++++
ext/phar/util.c | 45 ++++++++++++++----
14 files changed, 128 insertions(+), 18 deletions(-)
create mode 100644 ext/phar/tests/files/openssl256.phar
create mode 100644 ext/phar/tests/files/openssl256.phar.pubkey
create mode 100644 ext/phar/tests/files/openssl512.phar
create mode 100644 ext/phar/tests/files/openssl512.phar.pubkey
diff --git a/ext/phar/phar.1.in b/ext/phar/phar.1.in
index 77912b241dfd5..323e77b0e2a3b 100644
--- a/ext/phar/phar.1.in
+++ b/ext/phar/phar.1.in
@@ -475,7 +475,15 @@ SHA512
.TP
.PD
.B openssl
-OpenSSL
+OpenSSL using SHA-1
+.TP
+.PD
+.B openssl_sha256
+OpenSSL using SHA-256
+.TP
+.PD
+.B openssl_sha512
+OpenSSL using SHA-512
.SH SEE ALSO
For a more or less complete description of PHAR look here:
diff --git a/ext/phar/phar.c b/ext/phar/phar.c
index 77f21cef9da53..bc08e4edde05d 100644
--- a/ext/phar/phar.c
+++ b/ext/phar/phar.c
@@ -869,6 +869,8 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
PHAR_GET_32(sig_ptr, sig_flags);
switch(sig_flags) {
+ case PHAR_SIG_OPENSSL_SHA512:
+ case PHAR_SIG_OPENSSL_SHA256:
case PHAR_SIG_OPENSSL: {
uint32_t signature_len;
char *sig;
@@ -903,7 +905,7 @@ static int phar_parse_pharfile(php_stream *fp, char *fname, size_t fname_len, ch
return FAILURE;
}
- if (FAILURE == phar_verify_signature(fp, end_of_phar, PHAR_SIG_OPENSSL, sig, signature_len, fname, &signature, &sig_len, error)) {
+ if (FAILURE == phar_verify_signature(fp, end_of_phar, sig_flags, sig, signature_len, fname, &signature, &sig_len, error)) {
efree(savebuf);
efree(sig);
php_stream_close(fp);
@@ -3162,7 +3164,9 @@ int phar_flush(phar_archive_data *phar, char *user_stub, zend_long len, int conv
php_stream_write(newfile, digest, digest_len);
efree(digest);
- if (phar->sig_flags == PHAR_SIG_OPENSSL) {
+ if (phar->sig_flags == PHAR_SIG_OPENSSL ||
+ phar->sig_flags == PHAR_SIG_OPENSSL_SHA256 ||
+ phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
phar_set_32(sig_buf, digest_len);
php_stream_write(newfile, sig_buf, 4);
}
diff --git a/ext/phar/phar/pharcommand.inc b/ext/phar/phar/pharcommand.inc
index 5f698b4bec26b..1b1eeca59c560 100644
--- a/ext/phar/phar/pharcommand.inc
+++ b/ext/phar/phar/pharcommand.inc
@@ -92,7 +92,7 @@ class PharCommand extends CLICommand
'typ' => 'select',
'val' => NULL,
'inf' => '<method> Selects the hash algorithm.',
- 'select' => array('md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL')
+ 'select' => ['md5' => 'MD5','sha1' => 'SHA1', 'sha256' => 'SHA256', 'sha512' => 'SHA512', 'openssl' => 'OPENSSL', 'openssl_sha256' => 'OPENSSL_SHA256', 'openssl_sha512' => 'OPENSSL_SHA512']
),
'i' => array(
'typ' => 'regex',
@@ -156,6 +156,8 @@ class PharCommand extends CLICommand
$hash_avail = Phar::getSupportedSignatures();
$hash_optional = array('SHA-256' => 'SHA256',
'SHA-512' => 'SHA512',
+ 'OpenSSL_sha256' => 'OpenSSL_SHA256',
+ 'OpenSSL_sha512' => 'OpenSSL_SHA512',
'OpenSSL' => 'OpenSSL');
if (!in_array('OpenSSL', $hash_avail)) {
unset($phar_args['y']);
@@ -429,6 +431,16 @@ class PharCommand extends CLICommand
self::error("Cannot use OpenSSL signing without key.\n");
}
return Phar::OPENSSL;
+ case 'openssl_sha256':
+ if (!$privkey) {
+ self::error("Cannot use OpenSSL signing without key.\n");
+ }
+ return Phar::OPENSSL_SHA256;
+ case 'openssl_sha512':
+ if (!$privkey) {
+ self::error("Cannot use OpenSSL signing without key.\n");
+ }
+ return Phar::OPENSSL_SHA512;
}
}
// }}}
diff --git a/ext/phar/phar_internal.h b/ext/phar/phar_internal.h
index a9f81e2ab994a..30b408a8c4462 100644
--- a/ext/phar/phar_internal.h
+++ b/ext/phar/phar_internal.h
@@ -88,6 +88,8 @@
#define PHAR_SIG_SHA256 0x0003
#define PHAR_SIG_SHA512 0x0004
#define PHAR_SIG_OPENSSL 0x0010
+#define PHAR_SIG_OPENSSL_SHA256 0x0011
+#define PHAR_SIG_OPENSSL_SHA512 0x0012
/* flags byte for each file adheres to these bitmasks.
All unused values are reserved */
diff --git a/ext/phar/phar_object.c b/ext/phar/phar_object.c
index 9c1e5f2fa1eef..c05970e657f18 100644
--- a/ext/phar/phar_object.c
+++ b/ext/phar/phar_object.c
@@ -1246,9 +1246,13 @@ PHP_METHOD(Phar, getSupportedSignatures)
add_next_index_stringl(return_value, "SHA-512", 7);
#ifdef PHAR_HAVE_OPENSSL
add_next_index_stringl(return_value, "OpenSSL", 7);
+ add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
+ add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
#else
if (zend_hash_str_exists(&module_registry, "openssl", sizeof("openssl")-1)) {
add_next_index_stringl(return_value, "OpenSSL", 7);
+ add_next_index_stringl(return_value, "OpenSSL_SHA256", 14);
+ add_next_index_stringl(return_value, "OpenSSL_SHA512", 14);
}
#endif
}
@@ -3028,6 +3032,8 @@ PHP_METHOD(Phar, setSignatureAlgorithm)
case PHAR_SIG_MD5:
case PHAR_SIG_SHA1:
case PHAR_SIG_OPENSSL:
+ case PHAR_SIG_OPENSSL_SHA256:
+ case PHAR_SIG_OPENSSL_SHA512:
if (phar_obj->archive->is_persistent && FAILURE == phar_copy_on_write(&(phar_obj->archive))) {
zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" is persistent, unable to copy on write", phar_obj->archive->fname);
RETURN_THROWS();
@@ -3066,19 +3072,25 @@ PHP_METHOD(Phar, getSignature)
add_assoc_stringl(return_value, "hash", phar_obj->archive->signature, phar_obj->archive->sig_len);
switch(phar_obj->archive->sig_flags) {
case PHAR_SIG_MD5:
- add_assoc_stringl(return_value, "hash_type", "MD5", 3);
+ add_assoc_string(return_value, "hash_type", "MD5");
break;
case PHAR_SIG_SHA1:
- add_assoc_stringl(return_value, "hash_type", "SHA-1", 5);
+ add_assoc_string(return_value, "hash_type", "SHA-1");
break;
case PHAR_SIG_SHA256:
- add_assoc_stringl(return_value, "hash_type", "SHA-256", 7);
+ add_assoc_string(return_value, "hash_type", "SHA-256");
break;
case PHAR_SIG_SHA512:
- add_assoc_stringl(return_value, "hash_type", "SHA-512", 7);
+ add_assoc_string(return_value, "hash_type", "SHA-512");
break;
case PHAR_SIG_OPENSSL:
- add_assoc_stringl(return_value, "hash_type", "OpenSSL", 7);
+ add_assoc_string(return_value, "hash_type", "OpenSSL");
+ break;
+ case PHAR_SIG_OPENSSL_SHA256:
+ add_assoc_string(return_value, "hash_type", "OpenSSL_SHA256");
+ break;
+ case PHAR_SIG_OPENSSL_SHA512:
+ add_assoc_string(return_value, "hash_type", "OpenSSL_SHA512");
break;
default:
unknown = strpprintf(0, "Unknown (%u)", phar_obj->archive->sig_flags);
@@ -5103,6 +5115,8 @@ void phar_object_init(void) /* {{{ */
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "PHPS", PHAR_MIME_PHPS)
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "MD5", PHAR_SIG_MD5)
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL", PHAR_SIG_OPENSSL)
+ REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA256", PHAR_SIG_OPENSSL_SHA256)
+ REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "OPENSSL_SHA512", PHAR_SIG_OPENSSL_SHA512)
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA1", PHAR_SIG_SHA1)
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA256", PHAR_SIG_SHA256)
REGISTER_PHAR_CLASS_CONST_LONG(phar_ce_archive, "SHA512", PHAR_SIG_SHA512)
diff --git a/ext/phar/tests/phar_get_supported_signatures_002a.phpt b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
index 06d811f2c35c2..639143b3d2c90 100644
--- a/ext/phar/tests/phar_get_supported_signatures_002a.phpt
+++ b/ext/phar/tests/phar_get_supported_signatures_002a.phpt
@@ -14,7 +14,7 @@ phar.readonly=0
var_dump(Phar::getSupportedSignatures());
?>
--EXPECT--
-array(5) {
+array(7) {
[0]=>
string(3) "MD5"
[1]=>
@@ -25,4 +25,8 @@ array(5) {
string(7) "SHA-512"
[4]=>
string(7) "OpenSSL"
+ [5]=>
+ string(14) "OpenSSL_SHA256"
+ [6]=>
+ string(14) "OpenSSL_SHA512"
}
diff --git a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
index cc10a241d739b..c2eb5d77a5bf0 100644
--- a/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
+++ b/ext/phar/tests/tar/phar_setsignaturealgo2.phpt
@@ -38,6 +38,10 @@ $pkey = '';
openssl_pkey_export($private, $pkey, NULL, $config_arg);
$p->setSignatureAlgorithm(Phar::OPENSSL, $pkey);
var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA512, $pkey);
+var_dump($p->getSignature());
+$p->setSignatureAlgorithm(Phar::OPENSSL_SHA256, $pkey);
+var_dump($p->getSignature());
} catch (Exception $e) {
echo $e->getMessage();
}
@@ -83,3 +87,15 @@ array(2) {
["hash_type"]=>
string(7) "OpenSSL"
}
+array(2) {
+ ["hash"]=>
+ string(%d) "%s"
+ ["hash_type"]=>
+ string(14) "OpenSSL_SHA512"
+}
+array(2) {
+ ["hash"]=>
+ string(%d) "%s"
+ ["hash_type"]=>
+ string(14) "OpenSSL_SHA256"
+}
diff --git a/ext/phar/util.c b/ext/phar/util.c
index 8d2db03b69601..515830bf2c70a 100644
--- a/ext/phar/util.c
+++ b/ext/phar/util.c
@@ -34,7 +34,7 @@
#include <openssl/ssl.h>
#include <openssl/pkcs12.h>
#else
-static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len);
+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type);
#endif
/* for links to relative location, prepend cwd of the entry */
@@ -1381,11 +1381,11 @@ static int phar_hex_str(const char *digest, size_t digest_len, char **signature)
/* }}} */
#ifndef PHAR_HAVE_OPENSSL
-static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len) /* {{{ */
+static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t end, char *key, size_t key_len, char **signature, size_t *signature_len, php_uint32 sig_type) /* {{{ */
{
zend_fcall_info fci;
zend_fcall_info_cache fcc;
- zval retval, zp[3], openssl;
+ zval retval, zp[4], openssl;
zend_string *str;
ZVAL_STRINGL(&openssl, is_sign ? "openssl_sign" : "openssl_verify", is_sign ? sizeof("openssl_sign")-1 : sizeof("openssl_verify")-1);
@@ -1402,6 +1402,14 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
} else {
ZVAL_EMPTY_STRING(&zp[0]);
}
+ if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
+ ZVAL_LONG(&zp[3], 9); /* value from openssl.c #define OPENSSL_ALGO_SHA512 9 */
+ } else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
+ ZVAL_LONG(&zp[3], 7); /* value from openssl.c #define OPENSSL_ALGO_SHA256 7 */
+ } else {
+ /* don't rely on default value which may change in the future */
+ ZVAL_LONG(&zp[3], 1); /* value from openssl.c #define OPENSSL_ALGO_SHA1 1 */
+ }
if ((size_t)end != Z_STRLEN(zp[0])) {
zval_ptr_dtor_str(&zp[0]);
@@ -1419,7 +1427,7 @@ static int phar_call_openssl_signverify(int is_sign, php_stream *fp, zend_off_t
return FAILURE;
}
- fci.param_count = 3;
+ fci.param_count = 4;
fci.params = zp;
Z_ADDREF(zp[0]);
if (is_sign) {
@@ -1482,12 +1490,22 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
php_stream_rewind(fp);
switch (sig_type) {
+ case PHAR_SIG_OPENSSL_SHA512:
+ case PHAR_SIG_OPENSSL_SHA256:
case PHAR_SIG_OPENSSL: {
#ifdef PHAR_HAVE_OPENSSL
BIO *in;
EVP_PKEY *key;
- EVP_MD *mdtype = (EVP_MD *) EVP_sha1();
+ const EVP_MD *mdtype;
EVP_MD_CTX *md_ctx;
+
+ if (sig_type == PHAR_SIG_OPENSSL_SHA512) {
+ mdtype = EVP_sha512();
+ } else if (sig_type == PHAR_SIG_OPENSSL_SHA256) {
+ mdtype = EVP_sha256();
+ } else {
+ mdtype = EVP_sha1();
+ }
#else
size_t tempsig;
#endif
@@ -1521,7 +1539,7 @@ int phar_verify_signature(php_stream *fp, size_t end_of_phar, uint32_t sig_type,
#ifndef PHAR_HAVE_OPENSSL
tempsig = sig_len;
- if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig)) {
+ if (FAILURE == phar_call_openssl_signverify(0, fp, end_of_phar, pubkey ? ZSTR_VAL(pubkey) : NULL, pubkey ? ZSTR_LEN(pubkey) : 0, &sig, &tempsig, sig_type)) {
if (pubkey) {
zend_string_release_ex(pubkey, 0);
}
@@ -1815,6 +1833,8 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
*signature_length = 32;
break;
}
+ case PHAR_SIG_OPENSSL_SHA512:
+ case PHAR_SIG_OPENSSL_SHA256:
case PHAR_SIG_OPENSSL: {
unsigned char *sigbuf;
#ifdef PHAR_HAVE_OPENSSL
@@ -1822,6 +1842,15 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
BIO *in;
EVP_PKEY *key;
EVP_MD_CTX *md_ctx;
+ const EVP_MD *mdtype;
+
+ if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA512) {
+ mdtype = EVP_sha512();
+ } else if (phar->sig_flags == PHAR_SIG_OPENSSL_SHA256) {
+ mdtype = EVP_sha256();
+ } else {
+ mdtype = EVP_sha1();
+ }
in = BIO_new_mem_buf(PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len));
@@ -1847,7 +1876,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
siglen = EVP_PKEY_size(key);
sigbuf = emalloc(siglen + 1);
- if (!EVP_SignInit(md_ctx, EVP_sha1())) {
+ if (!EVP_SignInit(md_ctx, mdtype)) {
EVP_PKEY_free(key);
efree(sigbuf);
if (error) {
@@ -1885,7 +1914,7 @@ int phar_create_signature(phar_archive_data *phar, php_stream *fp, char **signat
siglen = 0;
php_stream_seek(fp, 0, SEEK_END);
- if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen)) {
+ if (FAILURE == phar_call_openssl_signverify(1, fp, php_stream_tell(fp), PHAR_G(openssl_privatekey), PHAR_G(openssl_privatekey_len), (char **)&sigbuf, &siglen, phar->sig_flags)) {
if (error) {
spprintf(error, 0, "unable to write phar \"%s\" with requested openssl signature", phar->fname);
}

143
SOURCES/php-8.0.10-snmp-sha.patch
Unescape View File

@ -0,0 +1,143 @@
Backported for 8.0 from
From 718e91343fddb8817a004f96f111c424843bf746 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@php.net>
Date: Wed, 11 Aug 2021 13:02:18 +0200
Subject: [PATCH] add SHA256 and SHA512 for security protocol
---
ext/snmp/config.m4 | 18 +++++++++-
ext/snmp/snmp.c | 33 ++++++++++++++++++-
.../tests/snmp-object-setSecurity_error.phpt | 2 +-
ext/snmp/tests/snmp3-error.phpt | 2 +-
4 files changed, 51 insertions(+), 4 deletions(-)
diff --git a/ext/snmp/config.m4 b/ext/snmp/config.m4
index 1475ddfe2b7f0..f285a572de9cb 100644
--- a/ext/snmp/config.m4
+++ b/ext/snmp/config.m4
@@ -30,7 +30,7 @@ if test "$PHP_SNMP" != "no"; then
AC_MSG_ERROR([Could not find the required paths. Please check your net-snmp installation.])
fi
else
- AC_MSG_ERROR([Net-SNMP version 5.3 or greater reqired (detected $snmp_full_version).])
+ AC_MSG_ERROR([Net-SNMP version 5.3 or greater required (detected $snmp_full_version).])
fi
else
AC_MSG_ERROR([Could not find net-snmp-config binary. Please check your net-snmp installation.])
@@ -54,6 +54,22 @@ if test "$PHP_SNMP" != "no"; then
$SNMP_SHARED_LIBADD
])
+ dnl Check whether usmHMAC192SHA256AuthProtocol exists.
+ PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC192SHA256AuthProtocol,
+ [
+ AC_DEFINE(HAVE_SNMP_SHA256, 1, [ ])
+ ], [], [
+ $SNMP_SHARED_LIBADD
+ ])
+
+ dnl Check whether usmHMAC384SHA512AuthProtocol exists.
+ PHP_CHECK_LIBRARY($SNMP_LIBNAME, usmHMAC384SHA512AuthProtocol,
+ [
+ AC_DEFINE(HAVE_SNMP_SHA512, 1, [ ])
+ ], [], [
+ $SNMP_SHARED_LIBADD
+ ])
+
PHP_NEW_EXTENSION(snmp, snmp.c, $ext_shared)
PHP_SUBST(SNMP_SHARED_LIBADD)
fi
diff --git a/ext/snmp/snmp.c b/ext/snmp/snmp.c
index 69d6549405b17..f0917501751f5 100644
--- a/ext/snmp/snmp.c
+++ b/ext/snmp/snmp.c
@@ -29,6 +29,7 @@
#include "php_snmp.h"
#include "zend_exceptions.h"
+#include "zend_smart_string.h"
#include "ext/spl/spl_exceptions.h"
#include "snmp_arginfo.h"
@@ -938,16 +939,48 @@ static int netsnmp_session_set_auth_protocol(struct snmp_session *s, char *prot)
if (!strcasecmp(prot, "MD5")) {
s->securityAuthProto = usmHMACMD5AuthProtocol;
s->securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
- } else
+ return 0;
+ }
#endif
+
if (!strcasecmp(prot, "SHA")) {
s->securityAuthProto = usmHMACSHA1AuthProtocol;
s->securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;
- } else {
- zend_value_error("Authentication protocol must be either \"MD5\" or \"SHA\"");
- return (-1);
+ return 0;
}
- return (0);
+
+#ifdef HAVE_SNMP_SHA256
+ if (!strcasecmp(prot, "SHA256")) {
+ s->securityAuthProto = usmHMAC192SHA256AuthProtocol;
+ s->securityAuthProtoLen = sizeof(usmHMAC192SHA256AuthProtocol) / sizeof(oid);
+ return 0;
+ }
+#endif
+
+#ifdef HAVE_SNMP_SHA512
+ if (!strcasecmp(prot, "SHA512")) {
+ s->securityAuthProto = usmHMAC384SHA512AuthProtocol;
+ s->securityAuthProtoLen = sizeof(usmHMAC384SHA512AuthProtocol) / sizeof(oid);
+ return 0;
+ }
+#endif
+
+ smart_string err = {0};
+
+ smart_string_appends(&err, "Authentication protocol must be \"SHA\"");
+#ifdef HAVE_SNMP_SHA256
+ smart_string_appends(&err, " or \"SHA256\"");
+#endif
+#ifdef HAVE_SNMP_SHA512
+ smart_string_appends(&err, " or \"SHA512\"");
+#endif
+#ifndef DISABLE_MD5
+ smart_string_appends(&err, " or \"MD5\"");
+#endif
+ smart_string_0(&err);
+ zend_value_error("%s", err.c);
+ smart_string_free(&err);
+ return -1;
}
/* }}} */
diff --git a/ext/snmp/tests/snmp-object-setSecurity_error.phpt b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
index f8de846492a75..cf4f928837773 100644
--- a/ext/snmp/tests/snmp-object-setSecurity_error.phpt
+++ b/ext/snmp/tests/snmp-object-setSecurity_error.phpt
@@ -59,7 +59,7 @@ var_dump($session->close());
--EXPECTF--
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
-Authentication protocol must be either "MD5" or "SHA"
+Authentication protocol must be %s
Warning: SNMP::setSecurity(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
bool(false)
diff --git a/ext/snmp/tests/snmp3-error.phpt b/ext/snmp/tests/snmp3-error.phpt
index 849e363b45058..389800dad6b28 100644
--- a/ext/snmp/tests/snmp3-error.phpt
+++ b/ext/snmp/tests/snmp3-error.phpt
@@ -58,7 +58,7 @@ try {
Checking error handling
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
Security level must be one of "noAuthNoPriv", "authNoPriv", or "authPriv"
-Authentication protocol must be either "MD5" or "SHA"
+Authentication protocol must be %s
Warning: snmp3_get(): Error generating a key for authentication pass phrase '': Generic error (The supplied password length is too short.) in %s on line %d
bool(false)

71
SOURCES/php-8.3.0-systzdata-v24.patch → SOURCES/php-8.0.10-systzdata-v21.patch
Unescape View File

@ -5,10 +5,8 @@ Add support for use of the system timezone database, rather
than embedding a copy. Discussed upstream but was not desired.
History:
f24: add internal UTC if tzdata is missing
r23: fix possible buffer overflow
r22: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
r21: adapt for timelib 2021.03 (in 8.1.0)
r22: fix possible buffer overflow
r21: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
r20: adapt for timelib 2020.03 (in 8.0.10RC1)
r19: adapt for timelib 2020.02 (in 8.0.0beta2)
r18: adapt for autotool change in 7.3.3RC1
@ -35,9 +33,8 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
r2: add filesystem trawl to set up name alias index
r1: initial revision
diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
index 6b803bf33e..53c3cdb3f4 100644
index 20e4164aaa..a61243646d 100644
--- a/ext/date/config0.m4
+++ b/ext/date/config0.m4
@@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
@ -57,14 +54,14 @@ index 6b803bf33e..53c3cdb3f4 100644
+ fi
+fi
+
PHP_DATE_CFLAGS="-Wno-implicit-fallthrough -I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/parse_posix.c
PHP_DATE_CFLAGS="-I@ext_builddir@/lib -DZEND_ENABLE_STATIC_TSRMLS_CACHE=1 -DHAVE_TIMELIB_CONFIG_H=1"
timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c
lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
index c7f93580d7..ec196a98b6 100644
index e9bd0f136d..c04ff01adc 100644
--- a/ext/date/lib/parse_tz.c
+++ b/ext/date/lib/parse_tz.c
@@ -26,9 +26,33 @@
@@ -26,8 +26,21 @@
#include "timelib.h"
#include "timelib_private.h"
@ -77,20 +74,8 @@ index c7f93580d7..ec196a98b6 100644
+
+#include "php_scandir.h"
+
+static const unsigned char internal_utc[] = {
+ 0x54, 0x5a, 0x69, 0x66, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x55, 0x54, 0x43, 0x00, 0x54, 0x5a, 0x69, 0x66, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
+ 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x54, 0x43, 0x00, 0x0a, 0x55, 0x54, 0x43,
+ 0x30, 0x0a
+};
+
+#else
#define TIMELIB_SUPPORTS_V2DATA
#define TIMELIB_SUPPORT_SLIM_FILE
#include "timezonedb.h"
+#endif
+
@ -98,7 +83,7 @@ index c7f93580d7..ec196a98b6 100644
#if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
# if defined(__LITTLE_ENDIAN__)
@@ -95,6 +119,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
@@ -94,6 +107,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
{
uint32_t version;
@ -110,7 +95,7 @@ index c7f93580d7..ec196a98b6 100644
/* read ID */
version = (*tzf)[3] - '0';
*tzf += 4;
@@ -577,7 +606,475 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
@@ -435,7 +453,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
}
}
@ -340,6 +325,7 @@ index c7f93580d7..ec196a98b6 100644
+ return timelib_strcasecmp(alpha->id, beta->id);
+}
+
+
+/* Retrieve tzdata version. */
+static void retrieve_zone_version(timelib_tzdb *db)
+{
@ -378,7 +364,6 @@ index c7f93580d7..ec196a98b6 100644
+ }
+}
+
+
+/* Create the zone identifier index by trawling the filesystem. */
+static void create_zone_index(timelib_tzdb *db)
+{
@ -454,9 +439,6 @@ index c7f93580d7..ec196a98b6 100644
+
+ qsort(db_index, index_next, sizeof *db_index, sysdbcmp);
+
+ if (!index_next) {
+ db_index[index_next++].id = strdup("UTC");
+ }
+ db->index = db_index;
+ db->index_size = index_next;
+
@ -563,12 +545,7 @@ index c7f93580d7..ec196a98b6 100644
+
+ fd = open(fname, O_RDONLY);
+ if (fd == -1) {
+ if (strcmp(timezone, "UTC")) {
+ return NULL;
+ } else {
+ *length = sizeof(internal_utc);
+ return internal_utc;
+ }
+ return NULL;
+ } else if (fstat(fd, &st) != 0 || !is_valid_tzfile(&st, fd)) {
+ close(fd);
+ return NULL;
@ -587,7 +564,7 @@ index c7f93580d7..ec196a98b6 100644
{
int left = 0, right = tzdb->index_size - 1;
@@ -603,9 +1100,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
@@ -461,9 +939,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
return 0;
}
@ -621,7 +598,7 @@ index c7f93580d7..ec196a98b6 100644
+ if (timezonedb_system == NULL) {
+ timelib_tzdb *tmp = malloc(sizeof *tmp);
+
+ tmp->version = "0";
+ tmp->version = "0.system";
+ tmp->data = NULL;
+ create_zone_index(tmp);
+ retrieve_zone_version(tmp);
@ -637,7 +614,7 @@ index c7f93580d7..ec196a98b6 100644
}
const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
@@ -617,7 +1154,32 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
@@ -475,7 +993,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
{
const unsigned char *tzf;
@ -651,9 +628,7 @@ index c7f93580d7..ec196a98b6 100644
+ if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
+ return 0;
+ }
+ if (!strcmp(timezone, "UTC")) {
+ return 1;
+ }
+
+ if (system_location_table) {
+ if (find_zone_info(system_location_table, timezone) != NULL) {
+ /* found in cache */
@ -671,7 +646,7 @@ index c7f93580d7..ec196a98b6 100644
}
static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
@@ -662,6 +1224,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
@@ -517,6 +1058,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
{
const unsigned char *tzf;
@ -680,7 +655,7 @@ index c7f93580d7..ec196a98b6 100644
timelib_tzinfo *tmp;
int version;
int transitions_result, types_result;
@@ -669,7 +1233,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
@@ -524,7 +1067,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
*error_code = TIMELIB_ERROR_NO_ERROR;
@ -689,9 +664,9 @@ index c7f93580d7..ec196a98b6 100644
tmp = timelib_tzinfo_ctor(timezone);
version = read_preamble(&tzf, tmp, &type);
@@ -712,11 +1276,38 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
return NULL;
@@ -563,11 +1106,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
}
skip_posix_string(&tzf, tmp);
+#ifdef HAVE_SYSTEM_TZDATA
+ if (memmap) {
@ -712,9 +687,7 @@ index c7f93580d7..ec196a98b6 100644
+ }
+
+ /* Now done with the mmap segment - discard it. */
+ if (memmap != internal_utc) {
+ munmap(memmap, maplen);
+ }
+ munmap(memmap, maplen);
+ } else {
+#endif
if (type == TIMELIB_TZINFO_PHP) {
@ -729,10 +702,10 @@ index c7f93580d7..ec196a98b6 100644
*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
tmp = NULL;
diff --git a/ext/date/php_date.c b/ext/date/php_date.c
index 48c82bf7ec..443299c089 100644
index 2d5cffb963..389f09f313 100644
--- a/ext/date/php_date.c
+++ b/ext/date/php_date.c
@@ -490,7 +490,11 @@ PHP_MINFO_FUNCTION(date)
@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date)
php_info_print_table_row(2, "date/time support", "enabled");
php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION);
php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version);

45
SOURCES/php-8.0.13-crypt.patch
Unescape View File

@ -0,0 +1,45 @@
From fc4e31467c352032ee709ac55d3c67bc22abcd8d Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Fri, 15 Oct 2021 17:11:12 +0200
Subject: [PATCH] add --with-external-libcrypt build option display an error
message if some algo not available in external libcrypt
---
ext/standard/config.m4 | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/ext/standard/config.m4 b/ext/standard/config.m4
index 58b9c5e658a4..3ec18be4d7df 100644
--- a/ext/standard/config.m4
+++ b/ext/standard/config.m4
@@ -267,14 +267,25 @@ int main() {
])])
+PHP_ARG_WITH([external-libcrypt],
+ [for external libcrypt or libxcrypt],
+ [AS_HELP_STRING([--with-external-libcrypt],
+ [Use external libcrypt or libxcrypt])],
+ [no],
+ [no])
+
dnl
dnl If one of them is missing, use our own implementation, portable code is then possible
dnl
-dnl TODO This is currently always enabled
-if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || true; then
- AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
-
- PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
+dnl This is currently enabled by default
+if test "$ac_cv_crypt_blowfish" = "no" || test "$ac_cv_crypt_des" = "no" || test "$ac_cv_crypt_ext_des" = "no" || test "$ac_cv_crypt_md5" = "no" || test "$ac_cv_crypt_sha512" = "no" || test "$ac_cv_crypt_sha256" = "no" || test "$ac_cv_func_crypt_r" != "yes" || test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
+ if test "$PHP_EXTERNAL_LIBCRYPT" = "no"; then
+ AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 1, [Whether PHP has to use its own crypt_r for blowfish, des, ext des and md5])
+
+ PHP_ADD_SOURCES(PHP_EXT_DIR(standard), crypt_freesec.c crypt_blowfish.c crypt_sha512.c crypt_sha256.c php_crypt_r.c)
+ else
+ AC_MSG_ERROR([Cannot use external libcrypt as some algo are missing])
+ fi
else
AC_DEFINE_UNQUOTED(PHP_USE_PHP_CRYPT_R, 0, [Whether PHP has to use its own crypt_r for blowfish, des and ext des])
fi

8
SOURCES/php-8.3.3-parser.patch → SOURCES/php-8.0.19-parser.patch
Unescape View File

@ -1,16 +1,16 @@
diff -up ./build/gen_stub.php.syslib ./build/gen_stub.php
--- ./build/gen_stub.php.syslib 2020-06-25 08:11:51.782046813 +0200
+++ ./build/gen_stub.php 2020-06-25 08:13:11.188860368 +0200
@@ -3265,6 +3265,12 @@ function initPhpParser() {
@@ -1075,6 +1075,12 @@ function initPhpParser() {
}
$isInitialized = true;
+
+ if (file_exists('/usr/share/php/PhpParser5/autoload.php')) {
+ require_once '/usr/share/php/PhpParser5/autoload.php';
+ if (file_exists('/usr/share/php/PhpParser4/autoload.php')) {
+ require_once '/usr/share/php/PhpParser4/autoload.php';
+ return;
+ }
+
$version = "5.0.0";
$version = "4.13.0";
$phpParserDir = __DIR__ . "/PHP-Parser-$version";
if (!is_dir($phpParserDir)) {

4761
SOURCES/php-8.0.21-openssl3.patch
View File

File diff suppressed because one or more lines are too long

16
SOURCES/php-8.0.30.tar.xz.asc
Unescape View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEObZBND2MEEsrFG3D+cOdwLlphUQFAmTL4VIACgkQ+cOdwLlp
hUQzrQ//cGopLQ71fiXCM+IYoT7RITJWWeh81fuDpL7bqZblaLRjpoI5I7iUoD10
seJMLrzRxh72A3yY5GoF+LVBFc8J4MsOTJLXpIVWYheOY+BVLDhQHOFSZpT3JDN5
UH6q21WS6wobwj3fFzJzHSSo8GDeSQ60D1Vq5t5ZVWb6uvmzf/cctcjlWB/Zp/X+
hFS6HzrxqM/LBd1IocnTJoLJ2SFCyOS6n9yRJGOW4M3bSqtaTwv1Rd4kTybO0cnF
7bJ71+RAQJZIRG9sOHF3ZtPx08kR5NKR3Ev/9YmlrBWMXMOZs3NvM1UB7zcJ8Qok
CbYrVsyoEk8La8oCV6Jm2jjD73XY7QIWKBuZMerTP9Y+FTP2m699gXeoamuizriY
vWF3j0to67mUY9wWq+4ahfVFdX043mWs2pzvjYTcFcKX0MxFOKMILnAN70a7dKGh
D45B0PdCezJvRjsbO9ynfBmCuBzWGWeQDIM9UlJatu8ND4dS+dWp6FPqgZY8wQke
8/P6FZlZ9wBsKvfWyA/xLr3fN71u+C3CLgTIOzYhI12FDyb6Cbxy8cq8ruGF4D5x
CaSvaOSAXKIPmOhtLgwk2V5jcLlj45cNyFm9PTvqLo3urJFSDXdLJ2Rns5+xjMX9
tMiJS4N8UvvhhVDSJr2/qvmh6inhsTRHuUdR8dacapnW0AgsN88=
=Gqmv
-----END PGP SIGNATURE-----

400
SOURCES/php-8.0.6-deprecated.patch
Unescape View File

@ -0,0 +1,400 @@
From 4dc8b3c0efaae25b08c8f59b068f17c97c59d0ae Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 5 May 2021 15:41:00 +0200
Subject: [PATCH] get rid of inet_aton and inet_ntoa use inet_ntop iand
inet_pton where available standardize buffer size
---
ext/sockets/sockaddr_conv.c | 4 ++++
ext/sockets/sockets.c | 48 +++++++++++++++++++++++++------------
ext/standard/dns.c | 16 ++++++++++++-
main/network.c | 20 ++++++++++++++--
4 files changed, 70 insertions(+), 18 deletions(-)
diff --git a/ext/sockets/sockaddr_conv.c b/ext/sockets/sockaddr_conv.c
index 57996612d2d7e..65c8418fb3a6f 100644
--- a/ext/sockets/sockaddr_conv.c
+++ b/ext/sockets/sockaddr_conv.c
@@ -87,7 +87,11 @@ int php_set_inet_addr(struct sockaddr_in *sin, char *string, php_socket *php_soc
struct in_addr tmp;
struct hostent *host_entry;
+#ifdef HAVE_INET_PTON
+ if (inet_pton(AF_INET, string, &tmp)) {
+#else
if (inet_aton(string, &tmp)) {
+#endif
sin->sin_addr.s_addr = tmp.s_addr;
} else {
if (strlen(string) > MAXFQDNLEN || ! (host_entry = php_network_gethostbyname(string))) {
diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index 16ad3e8013a4c..85c938d1b97b1 100644
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -220,8 +220,10 @@ zend_module_entry sockets_module_entry = {
ZEND_GET_MODULE(sockets)
#endif
+#ifndef HAVE_INET_NTOP
/* inet_ntop should be used instead of inet_ntoa */
int inet_ntoa_lock = 0;
+#endif
static int php_open_listen_sock(php_socket *sock, int port, int backlog) /* {{{ */
{
@@ -1082,10 +1084,12 @@ PHP_FUNCTION(socket_getsockname)
struct sockaddr_in *sin;
#if HAVE_IPV6
struct sockaddr_in6 *sin6;
- char addr6[INET6_ADDRSTRLEN+1];
+#endif
+#ifdef HAVE_INET_NTOP
+ char addrbuf[INET6_ADDRSTRLEN];
#endif
struct sockaddr_un *s_un;
- char *addr_string;
+ const char *addr_string;
socklen_t salen = sizeof(php_sockaddr_storage);
if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &addr, &port) == FAILURE) {
@@ -1106,8 +1110,8 @@ PHP_FUNCTION(socket_getsockname)
#if HAVE_IPV6
case AF_INET6:
sin6 = (struct sockaddr_in6 *) sa;
- inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
- ZEND_TRY_ASSIGN_REF_STRING(addr, addr6);
+ inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
+ ZEND_TRY_ASSIGN_REF_STRING(addr, addrbuf);
if (port != NULL) {
ZEND_TRY_ASSIGN_REF_LONG(port, htons(sin6->sin6_port));
@@ -1117,11 +1121,14 @@ PHP_FUNCTION(socket_getsockname)
#endif
case AF_INET:
sin = (struct sockaddr_in *) sa;
+#ifdef HAVE_INET_NTOP
+ addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
+#else
while (inet_ntoa_lock == 1);
inet_ntoa_lock = 1;
addr_string = inet_ntoa(sin->sin_addr);
inet_ntoa_lock = 0;
-
+#endif
ZEND_TRY_ASSIGN_REF_STRING(addr, addr_string);
if (port != NULL) {
@@ -1154,10 +1161,12 @@ PHP_FUNCTION(socket_getpeername)
struct sockaddr_in *sin;
#if HAVE_IPV6
struct sockaddr_in6 *sin6;
- char addr6[INET6_ADDRSTRLEN+1];
+#endif
+#ifdef HAVE_INET_NTOP
+ char addrbuf[INET6_ADDRSTRLEN];
#endif
struct sockaddr_un *s_un;
- char *addr_string;
+ const char *addr_string;
socklen_t salen = sizeof(php_sockaddr_storage);
if (zend_parse_parameters(ZEND_NUM_ARGS(), "Oz|z", &arg1, socket_ce, &arg2, &arg3) == FAILURE) {
@@ -1178,9 +1187,9 @@ PHP_FUNCTION(socket_getpeername)
#if HAVE_IPV6
case AF_INET6:
sin6 = (struct sockaddr_in6 *) sa;
- inet_ntop(AF_INET6, &sin6->sin6_addr, addr6, INET6_ADDRSTRLEN);
+ inet_ntop(AF_INET6, &sin6->sin6_addr, addrbuf, sizeof(addrbuf));
- ZEND_TRY_ASSIGN_REF_STRING(arg2, addr6);
+ ZEND_TRY_ASSIGN_REF_STRING(arg2, addrbuf);
if (arg3 != NULL) {
ZEND_TRY_ASSIGN_REF_LONG(arg3, htons(sin6->sin6_port));
@@ -1191,11 +1200,14 @@ PHP_FUNCTION(socket_getpeername)
#endif
case AF_INET:
sin = (struct sockaddr_in *) sa;
+#ifdef HAVE_INET_NTOP
+ addr_string = inet_ntop(AF_INET, &sin->sin_addr, addrbuf, sizeof(addrbuf));
+#else
while (inet_ntoa_lock == 1);
inet_ntoa_lock = 1;
addr_string = inet_ntoa(sin->sin_addr);
inet_ntoa_lock = 0;
-
+#endif
ZEND_TRY_ASSIGN_REF_STRING(arg2, addr_string);
if (arg3 != NULL) {
@@ -1527,12 +1539,14 @@ PHP_FUNCTION(socket_recvfrom)
struct sockaddr_in sin;
#if HAVE_IPV6
struct sockaddr_in6 sin6;
- char addr6[INET6_ADDRSTRLEN];
+#endif
+#ifdef HAVE_INET_NTOP
+ char addrbuf[INET6_ADDRSTRLEN];
#endif
socklen_t slen;
int retval;
zend_long arg3, arg4;
- char *address;
+ const char *address;
zend_string *recv_buf;
if (zend_parse_parameters(ZEND_NUM_ARGS(), "Ozllz|z", &arg1, socket_ce, &arg2, &arg3, &arg4, &arg5, &arg6) == FAILURE) {
@@ -1590,7 +1604,11 @@ PHP_FUNCTION(socket_recvfrom)
ZSTR_LEN(recv_buf) = retval;
ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
+#ifdef HAVE_INET_NTOP
+ address = inet_ntop(AF_INET, &sin.sin_addr, addrbuf, sizeof(addrbuf));
+#else
address = inet_ntoa(sin.sin_addr);
+#endif
ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
ZEND_TRY_ASSIGN_REF_STRING(arg5, address ? address : "0.0.0.0");
@@ -1617,11 +1635,11 @@ PHP_FUNCTION(socket_recvfrom)
ZSTR_LEN(recv_buf) = retval;
ZSTR_VAL(recv_buf)[ZSTR_LEN(recv_buf)] = '\0';
- memset(addr6, 0, INET6_ADDRSTRLEN);
- inet_ntop(AF_INET6, &sin6.sin6_addr, addr6, INET6_ADDRSTRLEN);
+ memset(addrbuf, 0, INET6_ADDRSTRLEN);
+ inet_ntop(AF_INET6, &sin6.sin6_addr, addrbuf, sizeof(addrbuf));
ZEND_TRY_ASSIGN_REF_NEW_STR(arg2, recv_buf);
- ZEND_TRY_ASSIGN_REF_STRING(arg5, addr6[0] ? addr6 : "::");
+ ZEND_TRY_ASSIGN_REF_STRING(arg5, addrbuf[0] ? addrbuf : "::");
ZEND_TRY_ASSIGN_REF_LONG(arg6, ntohs(sin6.sin6_port));
break;
#endif
diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index 41b98424edb60..6efdbbe894b46 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -228,6 +228,9 @@ PHP_FUNCTION(gethostbynamel)
struct hostent *hp;
struct in_addr in;
int i;
+#ifdef HAVE_INET_NTOP
+ char addr4[INET_ADDRSTRLEN];
+#endif
ZEND_PARSE_PARAMETERS_START(1, 1)
Z_PARAM_PATH(hostname, hostname_len)
@@ -255,7 +258,11 @@ PHP_FUNCTION(gethostbynamel)
}
in = *h_addr_entry;
+#ifdef HAVE_INET_NTOP
+ add_next_index_string(return_value, inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN));
+#else
add_next_index_string(return_value, inet_ntoa(in));
+#endif
}
}
/* }}} */
@@ -266,7 +273,10 @@ static zend_string *php_gethostbyname(char *name)
struct hostent *hp;
struct in_addr *h_addr_0; /* Don't call this h_addr, it's a macro! */
struct in_addr in;
- char *address;
+#ifdef HAVE_INET_NTOP
+ char addr4[INET_ADDRSTRLEN];
+#endif
+ const char *address;
hp = php_network_gethostbyname(name);
if (!hp) {
@@ -281,7 +291,11 @@ static zend_string *php_gethostbyname(char *name)
memcpy(&in.s_addr, h_addr_0, sizeof(in.s_addr));
+#ifdef HAVE_INET_NTOP
+ address = inet_ntop(AF_INET, &in, addr4, INET_ADDRSTRLEN);
+#else
address = inet_ntoa(in);
+#endif
return zend_string_init(address, strlen(address), 0);
}
/* }}} */
diff --git a/main/network.c b/main/network.c
index 2c504952b2dd1..7f2f714ec42df 100644
--- a/main/network.c
+++ b/main/network.c
@@ -236,8 +236,12 @@ PHPAPI int php_network_getaddresses(const char *host, int socktype, struct socka
} while ((sai = sai->ai_next) != NULL);
freeaddrinfo(res);
+#else
+#ifdef HAVE_INET_PTON
+ if (!inet_pton(AF_INET, host, &in)) {
#else
if (!inet_aton(host, &in)) {
+#endif
if(strlen(host) > MAXFQDNLEN) {
host_info = NULL;
errno = E2BIG;
@@ -555,7 +559,11 @@ PHPAPI int php_network_parse_network_address_with_port(const char *addr, zend_lo
goto out;
}
#endif
+#ifdef HAVE_INET_PTON
+ if (inet_pton(AF_INET, tmp, &in4->sin_addr) > 0) {
+#else
if (inet_aton(tmp, &in4->sin_addr) > 0) {
+#endif
in4->sin_port = htons(port);
in4->sin_family = AF_INET;
*sl = sizeof(struct sockaddr_in);
@@ -617,15 +625,19 @@ PHPAPI void php_network_populate_name_from_sockaddr(
}
if (textaddr) {
-#if HAVE_IPV6 && HAVE_INET_NTOP
+#ifdef HAVE_INET_NTOP
char abuf[256];
#endif
- char *buf = NULL;
+ const char *buf = NULL;
switch (sa->sa_family) {
case AF_INET:
/* generally not thread safe, but it *is* thread safe under win32 */
+#ifdef HAVE_INET_NTOP
+ buf = inet_ntop(AF_INET, &((struct sockaddr_in*)sa)->sin_addr, (char *)&abuf, sizeof(abuf));
+#else
buf = inet_ntoa(((struct sockaddr_in*)sa)->sin_addr);
+#endif
if (buf) {
*textaddr = strpprintf(0, "%s:%d",
buf, ntohs(((struct sockaddr_in*)sa)->sin_port));
@@ -862,7 +874,11 @@ php_socket_t php_network_connect_socket_to_host(const char *host, unsigned short
in4->sin_family = sa->sa_family;
in4->sin_port = htons(bindport);
+#ifdef HAVE_INET_PTON
+ if (!inet_pton(AF_INET, bindto, &in4->sin_addr)) {
+#else
if (!inet_aton(bindto, &in4->sin_addr)) {
+#endif
php_error_docref(NULL, E_WARNING, "Invalid IP Address: %s", bindto);
goto skip_bind;
}
From e5b6f43ec7813392d83ea586b7902e0396a1f792 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 6 May 2021 14:21:29 +0200
Subject: [PATCH] get rid of inet_addr usage
---
main/fastcgi.c | 4 ++++
sapi/litespeed/lsapilib.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/main/fastcgi.c b/main/fastcgi.c
index 071f69d3a7f0..c936d42405de 100644
--- a/main/fastcgi.c
+++ b/main/fastcgi.c
@@ -688,8 +688,12 @@ int fcgi_listen(const char *path, int backlog)
if (!*host || !strncmp(host, "*", sizeof("*")-1)) {
sa.sa_inet.sin_addr.s_addr = htonl(INADDR_ANY);
} else {
+#ifdef HAVE_INET_PTON
+ if (!inet_pton(AF_INET, host, &sa.sa_inet.sin_addr)) {
+#else
sa.sa_inet.sin_addr.s_addr = inet_addr(host);
if (sa.sa_inet.sin_addr.s_addr == INADDR_NONE) {
+#endif
struct hostent *hep;
if(strlen(host) > MAXFQDNLEN) {
diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
index a72b5dc1b988..305f3326a682 100644
--- a/sapi/litespeed/lsapilib.c
+++ b/sapi/litespeed/lsapilib.c
@@ -2672,8 +2672,12 @@ int LSAPI_ParseSockAddr( const char * pBind, struct sockaddr * pAddr )
((struct sockaddr_in *)pAddr)->sin_addr.s_addr = htonl( INADDR_LOOPBACK );
else
{
+#ifdef HAVE_INET_PTON
+ if (!inet_pton(AF_INET, p, &((struct sockaddr_in *)pAddr)->sin_addr))
+#else
((struct sockaddr_in *)pAddr)->sin_addr.s_addr = inet_addr( p );
if ( ((struct sockaddr_in *)pAddr)->sin_addr.s_addr == INADDR_BROADCAST)
+#endif
{
doAddrInfo = 1;
}
From 99d67d121acd4c324738509679d23acaf759d065 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Thu, 6 May 2021 16:35:48 +0200
Subject: [PATCH] use getnameinfo instead of gethostbyaddr
---
ext/standard/dns.c | 34 ++++++++++++++++++++++------------
1 file changed, 22 insertions(+), 12 deletions(-)
diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index edd9a4549f5c..540c777faaba 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -169,20 +169,30 @@ PHP_FUNCTION(gethostbyaddr)
static zend_string *php_gethostbyaddr(char *ip)
{
#if HAVE_IPV6 && HAVE_INET_PTON
- struct in6_addr addr6;
-#endif
- struct in_addr addr;
- struct hostent *hp;
+ struct sockaddr_in sa4;
+ struct sockaddr_in6 sa6;
+ char out[NI_MAXHOST];
-#if HAVE_IPV6 && HAVE_INET_PTON
- if (inet_pton(AF_INET6, ip, &addr6)) {
- hp = gethostbyaddr((char *) &addr6, sizeof(addr6), AF_INET6);
- } else if (inet_pton(AF_INET, ip, &addr)) {
- hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
- } else {
- return NULL;
+ if (inet_pton(AF_INET6, ip, &sa6.sin6_addr)) {
+ sa6.sin6_family = AF_INET6;
+
+ if (getnameinfo((struct sockaddr *)&sa6, sizeof(sa6), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
+ return zend_string_init(ip, strlen(ip), 0);
+ }
+ return zend_string_init(out, strlen(out), 0);
+ } else if (inet_pton(AF_INET, ip, &sa4.sin_addr)) {
+ sa4.sin_family = AF_INET;
+
+ if (getnameinfo((struct sockaddr *)&sa4, sizeof(sa4), out, sizeof(out), NULL, 0, NI_NAMEREQD) < 0) {
+ return zend_string_init(ip, strlen(ip), 0);
+ }
+ return zend_string_init(out, strlen(out), 0);
}
+ return NULL; /* not a valid IP */
#else
+ struct in_addr addr;
+ struct hostent *hp;
+
addr.s_addr = inet_addr(ip);
if (addr.s_addr == -1) {
@@ -190,13 +200,13 @@ static zend_string *php_gethostbyaddr(char *ip)
}
hp = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET);
-#endif
if (!hp || hp->h_name == NULL || hp->h_name[0] == '\0') {
return zend_string_init(ip, strlen(ip), 0);
}
return zend_string_init(hp->h_name, strlen(hp->h_name), 0);
+#endif
}
/* }}} */

44
SOURCES/php-8.1.0-phpinfo.patch
Unescape View File

@ -1,44 +0,0 @@
Drop "Configure Command" from phpinfo as it doesn't
provide any useful information.
The available extensions are not related to this command.
Replace full GCC name by gcc in php -v output
diff -up ./ext/standard/info.c.phpinfo ./ext/standard/info.c
--- ./ext/standard/info.c.phpinfo 2020-07-21 10:49:31.000000000 +0200
+++ ./ext/standard/info.c 2020-07-21 11:41:56.295633523 +0200
@@ -805,9 +805,6 @@ PHPAPI ZEND_COLD void php_print_info(int
#ifdef PHP_BUILD_ARCH
php_info_print_table_row(2, "Architecture", PHP_BUILD_ARCH);
#endif
-#ifdef CONFIGURE_COMMAND
- php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
-#endif
if (sapi_module.pretty_name) {
php_info_print_table_row(2, "Server API", sapi_module.pretty_name );
diff -up ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo ./ext/standard/tests/general_functions/phpinfo.phpt
--- ./ext/standard/tests/general_functions/phpinfo.phpt.phpinfo 2020-07-21 10:49:31.000000000 +0200
+++ ./ext/standard/tests/general_functions/phpinfo.phpt 2020-07-21 11:41:56.296633522 +0200
@@ -17,7 +17,6 @@ PHP Version => %s
System => %s
Build Date => %s%a
-Configure Command => %s
Server API => Command Line Interface
Virtual Directory Support => %s
Configuration File (php.ini) Path => %s
diff -up ./sapi/cli/php_cli.c.phpinfo ./sapi/cli/php_cli.c
--- ./sapi/cli/php_cli.c.phpinfo 2020-07-21 11:43:38.812475300 +0200
+++ ./sapi/cli/php_cli.c 2020-07-21 11:43:45.783464540 +0200
@@ -645,7 +645,7 @@ static int do_cli(int argc, char **argv)
"NTS"
#endif
#ifdef PHP_BUILD_COMPILER
- " " PHP_BUILD_COMPILER
+ " gcc"
#endif
#ifdef PHP_BUILD_ARCH
" " PHP_BUILD_ARCH

47
SOURCES/php-8.3.0-openssl-ec-param.patch
Unescape View File

@ -1,47 +0,0 @@
From 21f9d16e130b412b6839494dcf30a2f1d7dcee0f Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 24 Jul 2023 10:54:49 +0200
Subject: [PATCH] Always warn about missing curve_name
Both Fedora and RHEL do not support arbitrary EC parameters
See https://bugzilla.redhat.com/2223953
---
ext/openssl/openssl.c | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 33f51bfa4d..340b0467d3 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -4299,13 +4299,8 @@ static bool php_openssl_pkey_init_legacy_ec(EC_KEY *eckey, zval *data, bool *is_
OPENSSL_PKEY_SET_BN(data, b);
OPENSSL_PKEY_SET_BN(data, order);
+ php_error_docref(NULL, E_WARNING, "Missing params: curve_name (params only is not supported by OpenSSL)");
if (!(p && a && b && order)) {
- if (!p && !a && !b && !order) {
- php_error_docref(NULL, E_WARNING, "Missing params: curve_name");
- } else {
- php_error_docref(
- NULL, E_WARNING, "Missing params: curve_name or p, a, b, order");
- }
goto clean_exit;
}
@@ -4455,12 +4450,8 @@ static EVP_PKEY *php_openssl_pkey_init_ec(zval *data, bool *is_private) {
OPENSSL_PKEY_SET_BN(data, b);
OPENSSL_PKEY_SET_BN(data, order);
+ php_error_docref(NULL, E_WARNING, "Missing params: curve_name");
if (!(p && a && b && order)) {
- if (!p && !a && !b && !order) {
- php_error_docref(NULL, E_WARNING, "Missing params: curve_name");
- } else {
- php_error_docref(NULL, E_WARNING, "Missing params: curve_name or p, a, b, order");
- }
goto cleanup;
}
--
2.41.0

16
SOURCES/php-8.3.10.tar.xz.asc
Unescape View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEESx/A2d+SMhztn2FdvsVV4ioUNVMFAmao7zoACgkQvsVV4ioU
NVPe4A//dQyTvynxV6pjRy3LscoIX9D6y966K9YKbjQabkXm0i+RcMlF68tAlRxu
jZLNiWLRriZsr9Mjt0r/M2DvxnsHDxRBgNxRfVVRlkx1ubwtjken9GPhJQ9qYs31
EC/qMDfeaimvWtUCY7iCKMOR4WOcmD5gkmfp6/lbNE7DYGXQXkyJxqtVbjOcWBg1
3w7XL19LsA4tdWdNE9NKlSmWSLG2iJy8cAUAGx4bG24iQAUgq2T/AreQe6BZhmSZ
BGrLimqzIIUo8ytbbIKFG9MS6z9A7mMH60sHo18AoqcBnlrKacpYriLHqQDd9fCw
stQWykimGnnRqzm1YCCakM97fsGSmBHULU7FKENXGvEG+PbYCj11Pwh7+2fXTOor
mSxaldxluJARDeSlGJdQTDEO7l6m1vb9UNrfQQu23VeXekl7DJPQzkcSu5zZVmqE
hmqAo+Dcl+mfgHM7OFpLl48d+WkoP08HUMOZwDN0N/Akbo4DrbeqVf6dGNegAhDp
NKK10Zz0Y7A2STYSChpWEUb1o3XHkGNO5PKtkwghLgP+PDeehPqNY0FPcV6D4u7K
ETnkrDErA0dQGbNM3cmr+3XQT8o/fcFTHndwNTZjd3V4YkQeb3kECaiLEaswALuJ
Hh9+Aztg2Xr8lonvpXBpJHG1d2pIlQinH1LnOBdhjLubcz8QJME=
=l9LG
-----END PGP SIGNATURE-----

842
SOURCES/php-8.3.7-argon2.patch
Unescape View File

@ -1,842 +0,0 @@
From c6c39b2b1cb1ff9916a8db606b19fc4282feacd2 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 17 Apr 2024 15:58:49 +0200
Subject: [PATCH] Implement PASSWORD_ARGON2 from OpenSSL 3.2 Backported from
8.4 to 8.3
---
ext/openssl/config0.m4 | 2 +-
ext/openssl/openssl.c | 24 +
ext/openssl/openssl_pwhash.c | 412 ++++++++++++++++++
ext/openssl/openssl_pwhash.stub.php | 38 ++
ext/openssl/openssl_pwhash_arginfo.h | Bin 0 -> 2571 bytes
ext/openssl/php_openssl.h | 31 +-
ext/openssl/tests/openssl_password.phpt | 42 ++
.../tests/openssl_password_compat.phpt | 52 +++
.../tests/openssl_password_compat2.phpt | 52 +++
9 files changed, 651 insertions(+), 2 deletions(-)
create mode 100644 ext/openssl/openssl_pwhash.c
create mode 100644 ext/openssl/openssl_pwhash.stub.php
create mode 100644 ext/openssl/openssl_pwhash_arginfo.h
create mode 100644 ext/openssl/tests/openssl_password.phpt
create mode 100644 ext/openssl/tests/openssl_password_compat.phpt
create mode 100644 ext/openssl/tests/openssl_password_compat2.phpt
diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
index ffd4e0751c..aae3812752 100644
--- a/ext/openssl/config0.m4
+++ b/ext/openssl/config0.m4
@@ -18,7 +18,7 @@ PHP_ARG_WITH([system-ciphers],
[no])
if test "$PHP_OPENSSL" != "no"; then
- PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared)
+ PHP_NEW_EXTENSION(openssl, openssl.c openssl_pwhash.c xp_ssl.c, $ext_shared)
PHP_SUBST(OPENSSL_SHARED_LIBADD)
if test "$PHP_KERBEROS" != "no"; then
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 6f85e9852f..1f164a60b6 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -263,9 +263,21 @@ static void php_openssl_pkey_free_obj(zend_object *object)
zend_object_std_dtor(&key_object->std);
}
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+static const zend_module_dep openssl_deps[] = {
+ ZEND_MOD_REQUIRED("standard")
+ ZEND_MOD_END
+};
+#endif
+
/* {{{ openssl_module_entry */
zend_module_entry openssl_module_entry = {
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ STANDARD_MODULE_HEADER_EX, NULL,
+ openssl_deps,
+#else
STANDARD_MODULE_HEADER,
+#endif
"openssl",
ext_functions,
PHP_MINIT(openssl),
@@ -1321,6 +1333,12 @@ PHP_MINIT_FUNCTION(openssl)
REGISTER_INI_ENTRIES();
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ if (FAILURE == PHP_MINIT(openssl_pwhash)(INIT_FUNC_ARGS_PASSTHRU)) {
+ return FAILURE;
+ }
+#endif
+
return SUCCESS;
}
/* }}} */
@@ -1395,6 +1413,12 @@ PHP_MSHUTDOWN_FUNCTION(openssl)
php_stream_xport_unregister("tlsv1.3");
#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ if (FAILURE == PHP_MSHUTDOWN(openssl_pwhash)(SHUTDOWN_FUNC_ARGS_PASSTHRU)) {
+ return FAILURE;
+ }
+#endif
+
/* reinstate the default tcp handler */
php_stream_xport_register("tcp", php_stream_generic_socket_factory);
diff --git a/ext/openssl/openssl_pwhash.c b/ext/openssl/openssl_pwhash.c
new file mode 100644
index 0000000000..56ab62ff83
--- /dev/null
+++ b/ext/openssl/openssl_pwhash.c
@@ -0,0 +1,412 @@
+/*
+ +----------------------------------------------------------------------+
+ | Copyright (c) The PHP Group |
+ +----------------------------------------------------------------------+
+ | This source file is subject to version 3.01 of the PHP license, |
+ | that is bundled with this package in the file LICENSE, and is |
+ | available through the world-wide-web at the following url: |
+ | https://www.php.net/license/3_01.txt |
+ | If you did not receive a copy of the PHP license and are unable to |
+ | obtain it through the world-wide-web, please send a note to |
+ | license@php.net so we can mail you a copy immediately. |
+ +----------------------------------------------------------------------+
+ | Authors: Remi Collet <remi@php.net> |
+ +----------------------------------------------------------------------+
+*/
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "php.h"
+#include "ext/standard/php_password.h"
+#include "php_openssl.h"
+
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+#include "Zend/zend_attributes.h"
+#include "openssl_pwhash_arginfo.h"
+#include <ext/standard/base64.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
+#include <openssl/kdf.h>
+#include <openssl/thread.h>
+#include <openssl/rand.h>
+
+#define PHP_OPENSSL_MEMLIMIT_MIN 8u
+#define PHP_OPENSSL_MEMLIMIT_MAX UINT32_MAX
+#define PHP_OPENSSL_ITERLIMIT_MIN 1u
+#define PHP_OPENSSL_ITERLIMIT_MAX UINT32_MAX
+#define PHP_OPENSSL_THREADS_MIN 1u
+#define PHP_OPENSSL_THREADS_MAX UINT32_MAX
+
+#define PHP_OPENSSL_ARGON_VERSION 0x13
+
+#define PHP_OPENSSL_SALT_SIZE 16
+#define PHP_OPENSSL_HASH_SIZE 32
+#define PHP_OPENSSL_DIGEST_SIZE 128
+
+static inline zend_result get_options(zend_array *options, uint32_t *memlimit, uint32_t *iterlimit, uint32_t *threads)
+{
+ zval *opt;
+
+ *iterlimit = PHP_OPENSSL_PWHASH_ITERLIMIT;
+ *memlimit = PHP_OPENSSL_PWHASH_MEMLIMIT;
+ *threads = PHP_OPENSSL_PWHASH_THREADS;
+
+ if (!options) {
+ return SUCCESS;
+ }
+ if ((opt = zend_hash_str_find(options, "memory_cost", strlen("memory_cost")))) {
+ zend_long smemlimit = zval_get_long(opt);
+
+ if ((smemlimit < 0) || (smemlimit < PHP_OPENSSL_MEMLIMIT_MIN) || (smemlimit > (PHP_OPENSSL_MEMLIMIT_MAX))) {
+ zend_value_error("Memory cost is outside of allowed memory range");
+ return FAILURE;
+ }
+ *memlimit = smemlimit;
+ }
+ if ((opt = zend_hash_str_find(options, "time_cost", strlen("time_cost")))) {
+ zend_long siterlimit = zval_get_long(opt);
+ if ((siterlimit < PHP_OPENSSL_ITERLIMIT_MIN) || (siterlimit > PHP_OPENSSL_ITERLIMIT_MAX)) {
+ zend_value_error("Time cost is outside of allowed time range");
+ return FAILURE;
+ }
+ *iterlimit = siterlimit;
+ }
+ if ((opt = zend_hash_str_find(options, "threads", strlen("threads"))) && (zval_get_long(opt) != 1)) {
+ zend_long sthreads = zval_get_long(opt);
+ if ((sthreads < PHP_OPENSSL_THREADS_MIN) || (sthreads > PHP_OPENSSL_THREADS_MAX)) {
+ zend_value_error("Invalid number of threads");
+ return FAILURE;
+ }
+ *threads = sthreads;
+ }
+ return SUCCESS;
+}
+
+static bool php_openssl_argon2_compute_hash(
+ const char *algo,
+ uint32_t version, uint32_t memlimit, uint32_t iterlimit, uint32_t threads,
+ const char *pass, size_t pass_len,
+ const unsigned char *salt, size_t salt_len,
+ unsigned char *hash, size_t hash_len)
+{
+ OSSL_PARAM params[7], *p = params;
+ EVP_KDF *kdf = NULL;
+ EVP_KDF_CTX *kctx = NULL;
+ bool ret = false;
+
+ if (threads > 1) {
+ if (OSSL_set_max_threads(NULL, threads) != 1) {
+ goto fail;
+ }
+ }
+ p = params;
+ *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_THREADS,
+ &threads);
+ *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_LANES,
+ &threads);
+ *p++= OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ITER,
+ &iterlimit);
+ *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_MEMCOST,
+ &memlimit);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
+ (void *)salt, salt_len);
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
+ (void *)pass, pass_len);
+ *p++ = OSSL_PARAM_construct_end();
+
+ if ((kdf = EVP_KDF_fetch(NULL, algo, NULL)) == NULL) {
+ goto fail;
+ }
+ if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL) {
+ goto fail;
+ }
+ if (EVP_KDF_derive(kctx, hash, hash_len, params) != 1) {
+ zend_value_error("Unexpected failure hashing password");
+ goto fail;
+ }
+
+ ret = true;
+
+fail:
+ EVP_KDF_free(kdf);
+ EVP_KDF_CTX_free(kctx);
+
+ if (threads > 1) {
+ OSSL_set_max_threads(NULL, 0);
+ }
+ return ret;
+}
+
+static zend_string *php_openssl_argon2_hash(const zend_string *password, zend_array *options, const char *algo)
+{
+ uint32_t iterlimit, memlimit, threads, version = PHP_OPENSSL_ARGON_VERSION;
+ zend_string *digest = NULL, *salt64 = NULL, *hash64 = NULL;
+ unsigned char hash[PHP_OPENSSL_HASH_SIZE+1], salt[PHP_OPENSSL_SALT_SIZE+1];
+
+ if ((ZSTR_LEN(password) >= UINT32_MAX)) {
+ zend_value_error("Password is too long");
+ return NULL;
+ }
+ if (get_options(options, &memlimit, &iterlimit, &threads) == FAILURE) {
+ return NULL;
+ }
+ if (RAND_bytes(salt, PHP_OPENSSL_SALT_SIZE) <= 0) {
+ return NULL;
+ }
+
+ if (!php_openssl_argon2_compute_hash(algo, version, memlimit, iterlimit, threads,
+ ZSTR_VAL(password), ZSTR_LEN(password), salt, PHP_OPENSSL_SALT_SIZE, hash, PHP_OPENSSL_HASH_SIZE)) {
+ return NULL;
+ }
+
+ hash64 = php_base64_encode(hash, PHP_OPENSSL_HASH_SIZE);
+ /* No padding utsing 32 *4 / 3 = 42.6 (43 + 1 padding char) */
+ ZEND_ASSERT(ZSTR_LEN(hash64)==44 && ZSTR_VAL(hash64)[43]=='=');
+ ZSTR_VAL(hash64)[43] = 0;
+ ZSTR_LEN(hash64) = 43;
+
+ salt64 = php_base64_encode(salt, PHP_OPENSSL_SALT_SIZE);
+ /* No padding using 16 *4 / 3 = 21.3 (22 + 2 padding char) */
+ ZEND_ASSERT(ZSTR_LEN(salt64)==24 && ZSTR_VAL(salt64)[22]=='=' && ZSTR_VAL(salt64)[23]=='=');
+ ZSTR_VAL(salt64)[22] = 0;
+ ZSTR_LEN(salt64) = 22;
+
+ digest = zend_string_alloc(PHP_OPENSSL_DIGEST_SIZE, 0);
+ ZSTR_LEN(digest) = snprintf(ZSTR_VAL(digest), ZSTR_LEN(digest), "$%s$v=%d$m=%u,t=%u,p=%u$%s$%s",
+ algo, version, memlimit, iterlimit, threads, ZSTR_VAL(salt64), ZSTR_VAL(hash64));
+
+ zend_string_release(salt64);
+ zend_string_release(hash64);
+
+ return digest;
+}
+
+static int php_openssl_argon2_extract(
+ const zend_string *digest, uint32_t *version, uint32_t *memlimit, uint32_t *iterlimit,
+ uint32_t *threads, zend_string **salt, zend_string **hash)
+{
+ const char *p;
+ char *hash64, *salt64;
+
+ if (!digest || (ZSTR_LEN(digest) < sizeof("$argon2id$"))) {
+ return FAILURE;
+ }
+ p = ZSTR_VAL(digest);
+ if (!memcmp(p, "$argon2i$", strlen("$argon2i$"))) {
+ p += strlen("$argon2i$");
+ } else if (!memcmp(p, "$argon2id$", strlen("$argon2id$"))) {
+ p += strlen("$argon2id$");
+ } else {
+ return FAILURE;
+ }
+ if (sscanf(p, "v=%" PRIu32 "$m=%" PRIu32 ",t=%" PRIu32 ",p=%" PRIu32,
+ version, memlimit, iterlimit, threads) != 4) {
+ return FAILURE;
+ }
+ if (salt && hash) {
+ /* start of param */
+ p = strchr(p, '$');
+ if (!p) {
+ return FAILURE;
+ }
+ /* start of salt */
+ p = strchr(p+1, '$');
+ if (!p) {
+ return FAILURE;
+ }
+ salt64 = estrdup(p+1);
+ /* start of hash */
+ hash64 = strchr(salt64, '$');
+ if (!hash64) {
+ efree(salt64);
+ return FAILURE;
+ }
+ *hash64++ = 0;
+ *salt = php_base64_decode((unsigned char *)salt64, strlen(salt64));
+ *hash = php_base64_decode((unsigned char *)hash64, strlen(hash64));
+ efree(salt64);
+ }
+ return SUCCESS;
+}
+
+static bool php_openssl_argon2_verify(const zend_string *password, const zend_string *digest, const char *algo)
+{
+ uint32_t version, iterlimit, memlimit, threads;
+ zend_string *salt, *hash, *new;
+ bool ret = false;
+
+ if ((ZSTR_LEN(password) >= UINT32_MAX) || (ZSTR_LEN(digest) >= UINT32_MAX)) {
+ return false;
+ }
+ if (FAILURE == php_openssl_argon2_extract(digest, &version, &memlimit, &iterlimit, &threads, &salt, &hash)) {
+ return false;
+ }
+
+ new = zend_string_alloc(ZSTR_LEN(hash), 0);
+ if (php_openssl_argon2_compute_hash(algo, version, memlimit, iterlimit, threads,
+ ZSTR_VAL(password), ZSTR_LEN(password), (unsigned char *)ZSTR_VAL(salt),
+ ZSTR_LEN(salt), (unsigned char *)ZSTR_VAL(new), ZSTR_LEN(new))) {
+ ret = (php_safe_bcmp(hash, new) == 0);
+ }
+
+ zend_string_release(new);
+ zend_string_release(salt);
+ zend_string_release(hash);
+
+ return ret;
+}
+
+static bool php_openssl_argon2i_verify(const zend_string *password, const zend_string *digest)
+{
+ return php_openssl_argon2_verify(password, digest, "argon2i");
+}
+
+static bool php_openssl_argon2id_verify(const zend_string *password, const zend_string *digest)
+{
+ return php_openssl_argon2_verify(password, digest, "argon2id");
+}
+
+static bool php_openssl_argon2_needs_rehash(const zend_string *hash, zend_array *options)
+{
+ uint32_t version, iterlimit, memlimit, threads;
+ uint32_t new_version = PHP_OPENSSL_ARGON_VERSION, new_iterlimit, new_memlimit, new_threads;
+
+ if (FAILURE == get_options(options, &new_memlimit, &new_iterlimit, &new_threads)) {
+ return true;
+ }
+ if (FAILURE == php_openssl_argon2_extract(hash, &version, &memlimit, &iterlimit, &threads, NULL, NULL)) {
+ return true;
+ }
+
+ // Algo already checked in pasword_needs_rehash implementation
+ return (version != new_version) ||
+ (iterlimit != new_iterlimit) ||
+ (memlimit != new_memlimit) ||
+ (threads != new_threads);
+}
+
+static int php_openssl_argon2_get_info(zval *return_value, const zend_string *hash)
+{
+ uint32_t v, threads;
+ uint32_t memory_cost;
+ uint32_t time_cost;
+
+ if (FAILURE == php_openssl_argon2_extract(hash, &v, &memory_cost, &time_cost, &threads, NULL, NULL)) {
+ return FAILURE;
+ }
+ add_assoc_long(return_value, "memory_cost", memory_cost);
+ add_assoc_long(return_value, "time_cost", time_cost);
+ add_assoc_long(return_value, "threads", threads);
+
+ return SUCCESS;
+}
+
+
+static zend_string *php_openssl_argon2i_hash(const zend_string *password, zend_array *options)
+{
+ return php_openssl_argon2_hash(password, options, "argon2i");
+}
+
+static const php_password_algo openssl_algo_argon2i = {
+ "argon2i",
+ php_openssl_argon2i_hash,
+ php_openssl_argon2i_verify,
+ php_openssl_argon2_needs_rehash,
+ php_openssl_argon2_get_info,
+ NULL,
+};
+
+static zend_string *php_openssl_argon2id_hash(const zend_string *password, zend_array *options)
+{
+ return php_openssl_argon2_hash(password, options, "argon2id");
+}
+
+static const php_password_algo openssl_algo_argon2id = {
+ "argon2id",
+ php_openssl_argon2id_hash,
+ php_openssl_argon2id_verify,
+ php_openssl_argon2_needs_rehash,
+ php_openssl_argon2_get_info,
+ NULL,
+};
+
+PHP_FUNCTION(openssl_password_hash)
+{
+ zend_string *password, *algo, *digest;
+ zend_array *options = NULL;
+
+ ZEND_PARSE_PARAMETERS_START(2, 3)
+ Z_PARAM_STR(algo)
+ Z_PARAM_STR(password)
+ Z_PARAM_OPTIONAL
+ Z_PARAM_ARRAY_HT(options)
+ ZEND_PARSE_PARAMETERS_END();
+
+ if (strcmp(ZSTR_VAL(algo), "argon2i") && strcmp(ZSTR_VAL(algo), "argon2id")) {
+ zend_argument_value_error(1, "must be a valid password openssl hashing algorithm");
+ RETURN_THROWS();
+ }
+
+ digest = php_openssl_argon2_hash(password, options, ZSTR_VAL(algo));
+ if (!digest) {
+ if (!EG(exception)) {
+ zend_throw_error(NULL, "Password hashing failed for unknown reason");
+ }
+ RETURN_THROWS();
+ }
+
+ RETURN_NEW_STR(digest);
+}
+
+PHP_FUNCTION(openssl_password_verify)
+{
+ zend_string *password, *algo, *digest;
+
+ ZEND_PARSE_PARAMETERS_START(3, 3)
+ Z_PARAM_STR(algo)
+ Z_PARAM_STR(password)
+ Z_PARAM_STR(digest)
+ ZEND_PARSE_PARAMETERS_END();
+
+ if (strcmp(ZSTR_VAL(algo), "argon2i") && strcmp(ZSTR_VAL(algo), "argon2id")) {
+ zend_argument_value_error(1, "must be a valid password openssl hashing algorithm");
+ RETURN_THROWS();
+ }
+
+ RETURN_BOOL(php_openssl_argon2_verify(password, digest, ZSTR_VAL(algo)));
+}
+
+PHP_MINIT_FUNCTION(openssl_pwhash)
+{
+ zend_string *argon2i = ZSTR_INIT_LITERAL("argon2i", 1);
+
+ zend_register_functions(NULL, ext_functions, NULL, type);
+
+ if (php_password_algo_find(argon2i)) {
+ /* Nothing to do. Core or sodium has registered these algorithms for us. */
+ zend_string_release(argon2i);
+ return SUCCESS;
+ }
+ zend_string_release(argon2i);
+
+ register_openssl_pwhash_symbols(module_number);
+
+ if (FAILURE == php_password_algo_register("argon2i", &openssl_algo_argon2i)) {
+ return FAILURE;
+ }
+ if (FAILURE == php_password_algo_register("argon2id", &openssl_algo_argon2id)) {
+ return FAILURE;
+ }
+
+ return SUCCESS;
+}
+
+PHP_MSHUTDOWN_FUNCTION(openssl_pwhash)
+{
+ zend_unregister_functions(ext_functions, -1, NULL);
+
+ return SUCCESS;
+}
+#endif /* PHP_OPENSSL_API_VERSION >= 0x30200 */
diff --git a/ext/openssl/openssl_pwhash.stub.php b/ext/openssl/openssl_pwhash.stub.php
new file mode 100644
index 0000000000..85c2f04d55
--- /dev/null
+++ b/ext/openssl/openssl_pwhash.stub.php
@@ -0,0 +1,38 @@
+<?php
+
+/** @generate-class-entries */
+
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2I = "argon2i";
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2ID = "argon2id";
+/**
+ * @var int
+ * @cvalue PHP_OPENSSL_PWHASH_MEMLIMIT
+ */
+const PASSWORD_ARGON2_DEFAULT_MEMORY_COST = UNKNOWN;
+/**
+ * @var int
+ * @cvalue PHP_OPENSSL_PWHASH_ITERLIMIT
+ */
+const PASSWORD_ARGON2_DEFAULT_TIME_COST = UNKNOWN;
+/**
+ * @var int
+ * @cvalue PHP_OPENSSL_PWHASH_THREADS
+ */
+const PASSWORD_ARGON2_DEFAULT_THREADS = UNKNOWN;
+/**
+ * @var string
+ */
+const PASSWORD_ARGON2_PROVIDER = "openssl";
+
+function openssl_password_hash(string $algo, #[\SensitiveParameter] string $password, array $options = []): string {}
+function openssl_password_verify(string $algo, #[\SensitiveParameter] string $password, string $hash): bool {}
+
+#endif
+
diff --git a/ext/openssl/openssl_pwhash_arginfo.h b/ext/openssl/openssl_pwhash_arginfo.h
new file mode 100644
index 0000000000..f60a1f5b08
--- /dev/null
+++ b/ext/openssl/openssl_pwhash_arginfo.h
@@ -0,0 +1,68 @@
+/* This is a generated file, edit the .stub.php file instead.
+ * Stub hash: a01216f790c4c42499bd85448aacb3a6d58acc94 */
+
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_password_hash, 0, 2, IS_STRING, 0)
+ ZEND_ARG_TYPE_INFO(0, algo, IS_STRING, 0)
+ ZEND_ARG_TYPE_INFO(0, password, IS_STRING, 0)
+ ZEND_ARG_TYPE_INFO_WITH_DEFAULT_VALUE(0, options, IS_ARRAY, 0, "[]")
+ZEND_END_ARG_INFO()
+#endif
+
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ZEND_BEGIN_ARG_WITH_RETURN_TYPE_INFO_EX(arginfo_openssl_password_verify, 0, 3, _IS_BOOL, 0)
+ ZEND_ARG_TYPE_INFO(0, algo, IS_STRING, 0)
+ ZEND_ARG_TYPE_INFO(0, password, IS_STRING, 0)
+ ZEND_ARG_TYPE_INFO(0, hash, IS_STRING, 0)
+ZEND_END_ARG_INFO()
+#endif
+
+
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ZEND_FUNCTION(openssl_password_hash);
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ZEND_FUNCTION(openssl_password_verify);
+#endif
+
+
+static const zend_function_entry ext_functions[] = {
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ ZEND_FE(openssl_password_hash, arginfo_openssl_password_hash)
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ ZEND_FE(openssl_password_verify, arginfo_openssl_password_verify)
+#endif
+ ZEND_FE_END
+};
+
+static void register_openssl_pwhash_symbols(int module_number)
+{
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ REGISTER_STRING_CONSTANT("PASSWORD_ARGON2I", "argon2i", CONST_PERSISTENT);
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ REGISTER_STRING_CONSTANT("PASSWORD_ARGON2ID", "argon2id", CONST_PERSISTENT);
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_MEMORY_COST", PHP_OPENSSL_PWHASH_MEMLIMIT, CONST_PERSISTENT);
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_TIME_COST", PHP_OPENSSL_PWHASH_ITERLIMIT, CONST_PERSISTENT);
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ REGISTER_LONG_CONSTANT("PASSWORD_ARGON2_DEFAULT_THREADS", PHP_OPENSSL_PWHASH_THREADS, CONST_PERSISTENT);
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+ REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "openssl", CONST_PERSISTENT);
+#endif
+
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+
+ zend_add_parameter_attribute(zend_hash_str_find_ptr(CG(function_table), "openssl_password_hash", sizeof("openssl_password_hash") - 1), 1, ZSTR_KNOWN(ZEND_STR_SENSITIVEPARAMETER), 0);
+#endif
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+
+ zend_add_parameter_attribute(zend_hash_str_find_ptr(CG(function_table), "openssl_password_verify", sizeof("openssl_password_verify") - 1), 1, ZSTR_KNOWN(ZEND_STR_SENSITIVEPARAMETER), 0);
+#endif
+}
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index 304854b4bf..9532cfe6f9 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -39,8 +39,10 @@ extern zend_module_entry openssl_module_entry;
#define PHP_OPENSSL_API_VERSION 0x10002
#elif OPENSSL_VERSION_NUMBER < 0x30000000L
#define PHP_OPENSSL_API_VERSION 0x10100
-#else
+#elif OPENSSL_VERSION_NUMBER < 0x30200000L
#define PHP_OPENSSL_API_VERSION 0x30000
+#else
+#define PHP_OPENSSL_API_VERSION 0x30200
#endif
#endif
@@ -158,6 +160,33 @@ static inline php_openssl_certificate_object *php_openssl_certificate_from_obj(z
#define Z_OPENSSL_CERTIFICATE_P(zv) php_openssl_certificate_from_obj(Z_OBJ_P(zv))
+#if PHP_OPENSSL_API_VERSION >= 0x30200
+/**
+ * MEMLIMIT is normalized to KB even though sodium uses Bytes in order to
+ * present a consistent user-facing API.
+ *
+ * When updating these values, synchronize ext/standard/php_password.h values.
+ */
+#if defined(PHP_PASSWORD_ARGON2_MEMORY_COST)
+#define PHP_OPENSSL_PWHASH_MEMLIMIT PHP_PASSWORD_ARGON2_MEMORY_COST
+#else
+#define PHP_OPENSSL_PWHASH_MEMLIMIT (64 << 10)
+#endif
+#if defined(PHP_PASSWORD_ARGON2_TIME_COST)
+#define PHP_OPENSSL_PWHASH_ITERLIMIT PHP_PASSWORD_ARGON2_TIME_COST
+#else
+#define PHP_OPENSSL_PWHASH_ITERLIMIT 4
+#endif
+#if defined(PHP_PASSWORD_ARGON2_THREADS)
+#define PHP_OPENSSL_PWHASH_THREADS PHP_PASSWORD_ARGON2_THREADS
+#else
+#define PHP_OPENSSL_PWHASH_THREADS 1
+#endif
+
+PHP_MINIT_FUNCTION(openssl_pwhash);
+PHP_MSHUTDOWN_FUNCTION(openssl_pwhash);
+#endif
+
PHP_MINIT_FUNCTION(openssl);
PHP_MSHUTDOWN_FUNCTION(openssl);
PHP_MINFO_FUNCTION(openssl);
diff --git a/ext/openssl/tests/openssl_password.phpt b/ext/openssl/tests/openssl_password.phpt
new file mode 100644
index 0000000000..7881803038
--- /dev/null
+++ b/ext/openssl/tests/openssl_password.phpt
@@ -0,0 +1,42 @@
+--TEST--
+Basic features of password_hash
+--EXTENSIONS--
+openssl
+--SKIPIF--
+<?php
+if (!function_exists('openssl_password_hash')) {
+ echo "skip - No openssl_password_hash";
+}
+?>
+--FILE--
+<?php
+
+echo 'Argon2 provider: ';
+var_dump(PASSWORD_ARGON2_PROVIDER);
+
+foreach([1, 2] as $mem) {
+ foreach([1, 2] as $time) {
+ $opts = [
+ 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST / $mem,
+ 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST / $time,
+ 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+ ];
+ foreach(['argon2i', 'argon2id'] as $algo) {
+ $pass = "secret$mem$time$algo";
+ $hash = openssl_password_hash($algo, $pass, $opts);
+ var_dump(openssl_password_verify($algo, $pass, $hash));
+ }
+ }
+}
+?>
+--EXPECTF--
+Argon2 provider: string(%d) "%s"
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+
diff --git a/ext/openssl/tests/openssl_password_compat.phpt b/ext/openssl/tests/openssl_password_compat.phpt
new file mode 100644
index 0000000000..0de683616a
--- /dev/null
+++ b/ext/openssl/tests/openssl_password_compat.phpt
@@ -0,0 +1,52 @@
+--TEST--
+Compatibility of password_hash (libsodium / openssl)
+--EXTENSIONS--
+openssl
+sodium
+--SKIPIF--
+<?php
+if (!function_exists('sodium_crypto_pwhash_str_verify')) {
+ echo "skip - No crypto_pwhash_str_verify";
+}
+
+if (!function_exists('openssl_password_hash')) {
+ echo "skip - No crypto_pwhash_str_verify";
+}
+?>
+--FILE--
+<?php
+
+echo 'Argon2 provider: ';
+var_dump(PASSWORD_ARGON2_PROVIDER);
+
+foreach([1, 2] as $mem) {
+ foreach([1, 2] as $time) {
+ $opts = [
+ 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST / $mem,
+ 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST / $time,
+ 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+ ];
+ $algo = 'argon2id';
+ $pass = "secret$mem$time$algo";
+
+ /* hash with libsodium / verify with openssl */
+ $hash = sodium_crypto_pwhash_str($pass, PASSWORD_ARGON2_DEFAULT_TIME_COST / $time, PASSWORD_ARGON2_DEFAULT_MEMORY_COST / $mem);
+ var_dump(openssl_password_verify($algo, $pass, $hash));
+
+ /* hash with openssl / verify with libsodium */
+ $hash = openssl_password_hash($algo, $pass, $opts);
+ var_dump(sodium_crypto_pwhash_str_verify($hash, $pass));
+ }
+}
+?>
+--EXPECTF--
+Argon2 provider: string(%d) "%s"
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+
diff --git a/ext/openssl/tests/openssl_password_compat2.phpt b/ext/openssl/tests/openssl_password_compat2.phpt
new file mode 100644
index 0000000000..42cf8682fd
--- /dev/null
+++ b/ext/openssl/tests/openssl_password_compat2.phpt
@@ -0,0 +1,52 @@
+--TEST--
+Compatibility of password_hash (libargon2 / openssl)
+--EXTENSIONS--
+openssl
+sodium
+--SKIPIF--
+<?php
+if (PASSWORD_ARGON2_PROVIDER != "standard") {
+ echo "skip - libargon2 not available";
+}
+
+if (!function_exists('openssl_password_hash')) {
+ echo "skip - No crypto_pwhash_str_verify";
+}
+?>
+--FILE--
+<?php
+
+echo 'Argon2 provider: ';
+var_dump(PASSWORD_ARGON2_PROVIDER);
+
+foreach([1, 2] as $mem) {
+ foreach([1, 2] as $time) {
+ $opts = [
+ 'memory_cost' => PASSWORD_ARGON2_DEFAULT_MEMORY_COST / $mem,
+ 'time_cost' => PASSWORD_ARGON2_DEFAULT_TIME_COST / $time,
+ 'threads' => PASSWORD_ARGON2_DEFAULT_THREADS,
+ ];
+ $algo = 'argon2id';
+ $pass = "secret$mem$time$algo";
+
+ /* hash with libargon2 / verify with openssl */
+ $hash = password_hash($pass, PASSWORD_ARGON2ID, $opts);
+ var_dump(openssl_password_verify($algo, $pass, $hash));
+
+ /* hash with openssl / verify with libargon2 */
+ $hash = openssl_password_hash($algo, $pass, $opts);
+ var_dump(password_verify($pass, $hash));
+ }
+}
+?>
+--EXPECT--
+Argon2 provider: string(8) "standard"
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+bool(true)
+
--
2.45.0

10
SOURCES/php-fpm.conf
Unescape View File

@ -5,6 +5,11 @@
; All relative paths in this configuration file are relative to PHP's install
; prefix.
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
;;;;;;;;;;;;;;;;;;
; Global Options ;
;;;;;;;;;;;;;;;;;;
@ -128,8 +133,5 @@ daemonize = yes
; used in logs and stats. There is no limitation on the number of pools which
; FPM can handle. Your system will tell you anyway :)
; Include one or more files. If glob(3) exists, it is used to include a bunch of
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
include=/etc/php-fpm.d/*.conf
; See /etc/php-fpm.d/*.conf

1371
SOURCES/php-keyring.gpg
View File

File diff suppressed because it is too large Load Diff

399
SOURCES/php.ini
View File

File diff suppressed because it is too large Load Diff

545
SPECS/php.spec
Unescape View File

@ -7,8 +7,8 @@
#
# API/ABI check
%global apiver 20230831
%global zendver 20230831
%global apiver 20200930
%global zendver 20200930
%global pdover 20170320
# we don't want -z defs linker flag
@ -18,7 +18,7 @@
%global _hardened_build 1
# version used for php embedded library soname
%global embed_version 8.3
%global embed_version 8.0
%global mysql_sock %(mysql_config --socket 2>/dev/null || echo /var/lib/mysql/mysql.sock)
@ -35,35 +35,29 @@
%if 0%{?fedora}
# Enabled by default on Fedora
%ifarch s390x
# https://bugzilla.redhat.com/show_bug.cgi?id=1969393
# firebird have ExcludeArch: s390x
%bcond_with firebird
%else
%bcond_without zts
%bcond_without firebird
%endif
%bcond_without freetds
%bcond_without sodium
%bcond_without pspell
%bcond_without tidy
%bcond_without db4
%bcond_without qdbm
%else
# Disabled by default on RHEL
%bcond_with zts
%bcond_with firebird
%bcond_with freetds
%bcond_with sodium
%bcond_with pspell
%bcond_with tidy
%bcond_with db4
%bcond_with qdbm
%endif
%bcond_with zts
%bcond_with modphp
%bcond_with imap
%bcond_without lmdb
%global upver 8.3.10
%global upver 8.0.30
#global rcver RC1
Summary: PHP scripting language for creating dynamic web sites
Name: php
@ -75,8 +69,7 @@ Release: 1%{?dist}
# main/snprintf.c, main/spprintf.c and main/rfc1867.c are ASL 1.0
# ext/date/lib is MIT
# Zend/zend_sort is NCSA
# Zend/asm is Boost
License: PHP-3.01 AND Zend-2.0 AND BSD-2-Clause AND MIT AND Apache-1.0 AND NCSA AND BSL-1.0
License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA
URL: http://www.php.net/
Source0: https://www.php.net/distributions/php-%{upver}%{?rcver}.tar.xz
@ -103,26 +96,31 @@ Source53: 20-ffi.ini
Patch1: php-7.4.0-httpd.patch
Patch5: php-7.2.0-includedir.patch
Patch6: php-8.0.0-embed.patch
Patch8: php-8.1.0-libdb.patch
Patch8: php-7.4.0-libdb.patch
# get rid of deprecated functions from 8.1
Patch9: php-8.0.6-deprecated.patch
# Functional changes
# Use system nikic/php-parser
Patch41: php-8.3.3-parser.patch
Patch41: php-8.0.19-parser.patch
# use system tzdata
Patch42: php-8.3.0-systzdata-v24.patch
Patch42: php-8.0.10-systzdata-v21.patch
# See http://bugs.php.net/53436
# + display PHP version backported from 8.4
Patch43: php-7.4.0-phpize.patch
# Use -lldap_r for OpenLDAP
Patch45: php-7.4.0-ldap_r.patch
# drop "Configure command" from phpinfo output
# and only use gcc (instead of full version)
Patch47: php-8.1.0-phpinfo.patch
# Always warn about missing curve_name
# Both Fedora and RHEL do not support arbitrary EC parameters
Patch48: php-8.3.0-openssl-ec-param.patch
# Backport Argon2 password hashing in OpenSSL ext
Patch49: php-8.3.7-argon2.patch
Patch47: php-8.0.0-phpinfo.patch
# add sha256 / sha512 security protocol, from 8.1
Patch48: php-8.0.10-snmp-sha.patch
# switch phar to use sha256 signature by default, from 8.1
# implement openssl_256 and openssl_512 for phar signatures, from 8.1
Patch49: php-8.0.10-phar-sha.patch
# compatibility with OpenSSL 3.0, from 8.1
Patch50: php-8.0.21-openssl3.patch
# use system libxcrypt
Patch51: php-8.0.13-crypt.patch
# Upstream fixes (100+)
@ -144,7 +142,7 @@ BuildRequires: httpd-filesystem
BuildRequires: nginx-filesystem
BuildRequires: libstdc++-devel
# no pkgconfig to avoid compat-openssl10
BuildRequires: openssl-devel >= 1.0.2
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: pkgconfig(sqlite3) >= 3.7.4
BuildRequires: pkgconfig(zlib) >= 1.2.0.4
BuildRequires: smtpdaemon
@ -163,7 +161,6 @@ BuildRequires: libtool-ltdl-devel
BuildRequires: systemtap-sdt-devel
# used for tests
BuildRequires: %{_bindir}/ps
BuildRequires: tzdata
%if %{with zts}
Provides: php-zts = %{version}-%{release}
@ -217,7 +214,7 @@ running in prefork mode. This module is deprecated.
%package cli
Summary: Command-line interface for PHP
# sapi/cli/ps_title.c is PostgreSQL
License: PHP-3.01 AND Zend-2.0 AND BSD-2-Clause AND MIT AND Apache-1.0 AND NCSA AND PostgreSQL
License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA and PostgreSQL
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-cgi = %{version}-%{release}, php-cgi%{?_isa} = %{version}-%{release}
Provides: php-pcntl, php-pcntl%{?_isa}
@ -240,7 +237,6 @@ The php-dbg package contains the interactive PHP debugger.
Summary: PHP FastCGI Process Manager
BuildRequires: libacl-devel
BuildRequires: pkgconfig(libsystemd) >= 209
BuildRequires: pkgconfig(libselinux)
Requires: php-common%{?_isa} = %{version}-%{release}
%{?systemd_requires}
# To ensure correct /var/lib/php/session ownership:
@ -263,8 +259,7 @@ Summary: Common files for PHP
# All files licensed under PHP version 3.01, except
# fileinfo is licensed under PHP version 3.0
# regex, libmagic are licensed under BSD
License: PHP-3.01 AND BSD-2-Clause
Requires: tzdata
License: PHP and BSD
# ABI/API check - Arch specific
Provides: php(api) = %{apiver}-%{__isa_bits}
Provides: php(zend-abi) = %{zendver}-%{__isa_bits}
@ -279,7 +274,7 @@ Provides: php-date, php-date%{?_isa}
Provides: bundled(timelib)
Provides: php-exif, php-exif%{?_isa}
Provides: php-fileinfo, php-fileinfo%{?_isa}
Provides: bundled(libmagic) = 5.43
Provides: bundled(libmagic) = 5.29
Provides: php-filter, php-filter%{?_isa}
Provides: php-ftp, php-ftp%{?_isa}
Provides: php-gettext, php-gettext%{?_isa}
@ -292,7 +287,6 @@ Provides: php-libxml, php-libxml%{?_isa}
Provides: php-openssl, php-openssl%{?_isa}
Provides: php-phar, php-phar%{?_isa}
Provides: php-pcre, php-pcre%{?_isa}
Provides: php-random, php-random%{?_isa}
Provides: php-reflection, php-reflection%{?_isa}
Provides: php-session, php-session%{?_isa}
Provides: php-sockets, php-sockets%{?_isa}
@ -318,14 +312,14 @@ Requires: libtool
# see "php-config --libs"
Requires: krb5-devel%{?_isa}
Requires: libxml2-devel%{?_isa}
Requires: openssl-devel%{?_isa} >= 1.0.2
Requires: openssl-devel%{?_isa} >= 1.0.1
Requires: pcre2-devel%{?_isa}
Requires: zlib-devel%{?_isa}
%if %{with zts}
Provides: php-zts-devel = %{version}-%{release}
Provides: php-zts-devel%{?_isa} = %{version}-%{release}
%endif
Recommends: php-nikic-php-parser5 >= 5.0.0
Recommends: php-nikic-php-parser4 >= 4.13.0
%description devel
@ -335,8 +329,7 @@ need to install this package.
%package opcache
Summary: The Zend OPcache
License: PHP-3.01
BuildRequires: pkgconfig(capstone) >= 3.0
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-pecl-zendopcache = %{version}
Provides: php-pecl-zendopcache%{?_isa} = %{version}
@ -354,11 +347,11 @@ bytecode optimization patterns that make code execution faster.
%package imap
Summary: A module for PHP applications that use IMAP
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(krb5)
BuildRequires: pkgconfig(krb5-gssapi)
BuildRequires: openssl-devel >= 1.0.2
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: libc-client-devel
%description imap
@ -370,11 +363,11 @@ messages on mail servers. PHP is an HTML-embedded scripting language.
%package ldap
Summary: A module for PHP applications that use LDAP
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(libsasl2)
BuildRequires: openldap-devel
BuildRequires: openssl-devel >= 1.0.2
BuildRequires: openssl-devel >= 1.0.1
%description ldap
The php-ldap adds Lightweight Directory Access Protocol (LDAP)
@ -385,7 +378,7 @@ language.
%package pdo
Summary: A database access abstraction module for PHP applications
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
# ABI/API check - Arch specific
Provides: php-pdo-abi = %{pdover}-%{__isa_bits}
@ -402,7 +395,7 @@ databases.
%package mysqlnd
Summary: A module for PHP applications that use MySQL databases
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database
Provides: php-mysqli = %{version}-%{release}
@ -421,12 +414,12 @@ This package use the MySQL Native Driver
%package pgsql
Summary: A PostgreSQL database module for PHP
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database
Provides: php-pdo_pgsql, php-pdo_pgsql%{?_isa}
BuildRequires: krb5-devel
BuildRequires: openssl-devel >= 1.0.2
BuildRequires: openssl-devel >= 1.0.1
BuildRequires: libpq-devel
%description pgsql
@ -440,7 +433,7 @@ php package.
%package process
Summary: Modules for PHP script using system process interfaces
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-posix, php-posix%{?_isa}
Provides: php-shmop, php-shmop%{?_isa}
@ -457,7 +450,7 @@ communication.
Summary: A module for PHP applications that use ODBC databases
# All files licensed under PHP version 3.01, except
# pdo_odbc is licensed under PHP version 3.0
License: PHP-3.01
License: PHP
Requires: php-pdo%{?_isa} = %{version}-%{release}
Provides: php_database
Provides: php-pdo_odbc, php-pdo_odbc%{?_isa}
@ -475,7 +468,7 @@ package.
%package soap
Summary: A module for PHP applications that use the SOAP protocol
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(libxml-2.0)
@ -487,7 +480,7 @@ support to PHP for using the SOAP web services protocol.
%package pdo-firebird
Summary: PDO driver for Interbase/Firebird databases
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
# for fb_config command
BuildRequires: firebird-devel
Requires: php-pdo%{?_isa} = %{version}-%{release}
@ -502,7 +495,7 @@ Interbase/Firebird databases.
%package snmp
Summary: A module for PHP applications that query SNMP-managed devices
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}, net-snmp
BuildRequires: net-snmp-devel
@ -515,7 +508,7 @@ will need to install this package and the php package.
%package xml
Summary: A module for PHP applications which use XML
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
Provides: php-dom, php-dom%{?_isa}
Provides: php-domxml, php-domxml%{?_isa}
@ -537,7 +530,7 @@ Summary: A module for PHP applications which need multi-byte string handling
# All files licensed under PHP version 3.01, except
# libmbfl is licensed under LGPLv2
# ucgendat is licensed under OpenLDAP
License: PHP-3.01 AND LGPL-2.1-only AND OLDAP-2.8
License: PHP and LGPLv2 and OpenLDAP
BuildRequires: pkgconfig(oniguruma) >= 6.8
Provides: bundled(libmbfl) = 1.3.2
Requires: php-common%{?_isa} = %{version}-%{release}
@ -549,7 +542,7 @@ support for multi-byte string handling to PHP.
%package gd
Summary: A module for PHP applications for using the gd graphics library
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(gdlib) >= 2.1.1
@ -561,7 +554,7 @@ support for using the gd graphics library to PHP.
Summary: A module for PHP applications for using the bcmath library
# All files licensed under PHP version 3.01, except
# libbcmath is licensed under LGPLv2+
License: PHP-3.01 AND LGPL-2.1-or-later
License: PHP and LGPLv2+
Requires: php-common%{?_isa} = %{version}-%{release}
%description bcmath
@ -571,7 +564,7 @@ support for using the bcmath library to PHP.
%package gmp
Summary: A module for PHP applications for using the GNU MP library
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
BuildRequires: gmp-devel
Requires: php-common%{?_isa} = %{version}-%{release}
@ -582,7 +575,7 @@ using the GNU MP library.
%package dba
Summary: A database abstraction layer module for PHP applications
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
%if %{with db4}
BuildRequires: libdb-devel
%endif
@ -590,9 +583,6 @@ BuildRequires: tokyocabinet-devel
%if %{with lmdb}
BuildRequires: lmdb-devel
%endif
%if %{with qdbm}
BuildRequires: qdbm-devel
%endif
Requires: php-common%{?_isa} = %{version}-%{release}
%description dba
@ -603,7 +593,7 @@ support for using the DBA database abstraction layer to PHP.
%package tidy
Summary: Standard PHP module provides tidy library support
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: libtidy-devel
@ -616,7 +606,7 @@ support for using the tidy library to PHP.
%package pdo-dblib
Summary: PDO driver for Microsoft SQL Server and Sybase databases
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-pdo%{?_isa} = %{version}-%{release}
BuildRequires: freetds-devel
Provides: php-pdo_dblib, php-pdo_dblib%{?_isa}
@ -642,7 +632,7 @@ into applications to provide PHP scripting language support.
%package pspell
Summary: A module for PHP applications for using pspell interfaces
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: aspell-devel >= 0.50.0
@ -654,7 +644,7 @@ support for using the pspell library to PHP.
%package intl
Summary: Internationalization extension for PHP applications
# All files licensed under PHP version 3.01
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(icu-i18n) >= 50.1
BuildRequires: pkgconfig(icu-io) >= 50.1
@ -667,7 +657,7 @@ support for using the ICU library to PHP.
%package enchant
Summary: Enchant spelling extension for PHP applications
# All files licensed under PHP version 3.0
License: PHP-3.01
License: PHP
Requires: php-common%{?_isa} = %{version}-%{release}
BuildRequires: pkgconfig(enchant-2)
@ -679,7 +669,7 @@ support for using the enchant library to PHP.
%package sodium
Summary: Wrapper for the Sodium cryptographic library
# All files licensed under PHP version 3.0.1
License: PHP-3.01
License: PHP
BuildRequires: pkgconfig(libsodium) >= 1.0.9
Requires: php-common%{?_isa} = %{version}-%{release}
@ -696,7 +686,8 @@ low-level PHP extension for the libsodium cryptographic library.
%package ffi
Summary: Foreign Function Interface
# All files licensed under PHP version 3.0.1
License: PHP-3.01
License: PHP
Group: System Environment/Libraries
BuildRequires: pkgconfig(libffi)
Requires: php-common%{?_isa} = %{version}-%{release}
@ -718,14 +709,20 @@ in pure PHP.
%patch -P5 -p1 -b .includedir
%patch -P6 -p1 -b .embed
%patch -P8 -p1 -b .libdb
%patch -P9 -p1 -b .deprecated
%patch -P41 -p1 -b .syslib
%patch -P42 -p1 -b .systzdata
%patch -P43 -p1 -b .headers
%if 0%{?fedora} >= 18 || 0%{?rhel} >= 7
%patch -P45 -p1 -b .ldap_r
%endif
%patch -P47 -p1 -b .phpinfo
%patch -P48 -p1 -b .ec-param
%patch -P49 -p1 -b .argon2
%patch -P48 -p1 -b .sha
%patch -P49 -p1 -b .pharsha
%patch -P50 -p1 -b .openssl3
rm ext/openssl/tests/p12_with_extra_certs.p12
%patch -P51 -p1 -b .libxcrypt
# upstream patches
@ -738,10 +735,9 @@ in pure PHP.
# Prevent %%doc confusion over LICENSE files
cp Zend/LICENSE ZEND_LICENSE
cp TSRM/LICENSE TSRM_LICENSE
cp Zend/asm/LICENSE BOOST_LICENSE
cp sapi/fpm/LICENSE fpm_LICENSE
cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE
# cp ext/fileinfo/libmagic/LICENSE libmagic_LICENSE
cp ext/fileinfo/libmagic/LICENSE libmagic_LICENSE
cp ext/bcmath/libbcmath/LICENSE libbcmath_LICENSE
cp ext/date/lib/LICENSE.rst timelib_LICENSE
@ -758,8 +754,6 @@ mkdir build-cgi build-embedded \
# ----- Manage known as failed test -------
# affected by systzdata patch
rm ext/date/tests/timezone_location_get.phpt
rm ext/date/tests/timezone_version_get.phpt
rm ext/date/tests/timezone_version_get_basic1.phpt
# fails sometime
rm ext/sockets/tests/mcast_ipv?_recv.phpt
# cause stack exhausion
@ -767,9 +761,6 @@ rm Zend/tests/bug54268.phpt
rm Zend/tests/bug68412.phpt
# tar issue
rm ext/zlib/tests/004-mb.phpt
# Both Fedora and RHEL do not support arbitrary EC parameters
# https://bugzilla.redhat.com/2223953
rm ext/openssl/tests/ecc_custom_params.phpt
# Safety check for API version change.
pver=$(sed -n '/#define PHP_VERSION /{s/.* "//;s/".*$//;p}' main/php_version.h)
@ -866,7 +857,6 @@ mkdir Zend && cp ../Zend/zend_{language,ini}_{parser,scanner}.[ch] Zend
# date, ereg, filter, libxml, reflection, spl: not supported
# hash: for PHAR_SIG_SHA256 and PHAR_SIG_SHA512
# session: dep on hash, used by soap
# sockets: heavily used by FPM test suite
# pcre: used by filter, zip
# pcntl, readline: only used by CLI sapi
# openssl: for PHAR_SIG_OPENSSL
@ -900,7 +890,6 @@ ln -sf ../configure
--with-mhash \
--without-password-argon2 \
--enable-dtrace \
--enable-sockets \
$*
if test $? != 0; then
tail -500 config.log
@ -917,7 +906,6 @@ pushd build-cgi
build --libdir=%{_libdir}/php \
--enable-pcntl \
--enable-opcache \
--with-capstone \
--enable-phpdbg \
%if %{with imap}
--with-imap=shared --with-imap-ssl \
@ -938,14 +926,12 @@ build --libdir=%{_libdir}/php \
--with-tcadb=%{_prefix} \
%if %{with lmdb}
--with-lmdb=%{_prefix} \
%endif
%if %{with qdbm}
--with-qdbm=%{_prefix} \
%endif
--enable-exif=shared \
--enable-ftp=shared \
--with-gettext=shared \
--with-iconv=shared \
--enable-sockets=shared \
--enable-tokenizer=shared \
--with-ldap=shared --with-ldap-sasl \
--enable-mysqlnd=shared \
@ -1008,7 +994,7 @@ without_shared="--without-gd \
--without-curl --disable-posix --disable-xml \
--disable-simplexml --disable-exif --without-gettext \
--without-iconv --disable-ftp --without-bz2 --disable-ctype \
--disable-shmop --disable-tokenizer \
--disable-shmop --disable-sockets --disable-tokenizer \
--disable-sysvmsg --disable-sysvshm --disable-sysvsem"
%if %{with modphp}
@ -1027,7 +1013,6 @@ pushd build-fpm
build --enable-fpm \
--with-fpm-acl \
--with-fpm-systemd \
--with-fpm-selinux \
--libdir=%{_libdir}/php \
--without-mysqli \
--disable-pdo \
@ -1055,7 +1040,6 @@ build --includedir=%{_includedir}/php-zts \
--with-config-file-scan-dir=%{_sysconfdir}/php-zts.d \
--enable-pcntl \
--enable-opcache \
--with-capstone \
%if %{with imap}
--with-imap=shared --with-imap-ssl \
%endif
@ -1075,12 +1059,10 @@ build --includedir=%{_includedir}/php-zts \
--with-tcadb=%{_prefix} \
%if %{with lmdb}
--with-lmdb=%{_prefix} \
%endif
%if %{with qdbm}
--with-qdbm=%{_prefix} \
%endif
--with-gettext=shared \
--with-iconv=shared \
--enable-sockets=shared \
--enable-tokenizer=shared \
--enable-exif=shared \
--enable-ftp=shared \
@ -1154,7 +1136,7 @@ export NO_INTERACTION=1 REPORT_EXIT_STATUS=1 MALLOC_CHECK_=2
export SKIP_ONLINE_TESTS=1
export SKIP_IO_CAPTURE_TESTS=1
unset TZ LANG LC_ALL
if ! make test TESTS=%{?_smp_mflags}; then
if ! make test TESTS=-j4; then
set +x
for f in $(find .. -name \*.diff -type f -print); do
if ! grep -q XFAIL "${f/.diff/.phpt}"
@ -1238,8 +1220,8 @@ mv $RPM_BUILD_ROOT%{_sysconfdir}/php-fpm.d/www.conf.default .
# install systemd unit files and scripts for handling server startup
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/php-fpm.service.d
install -Dm 644 %{SOURCE6} $RPM_BUILD_ROOT%{_unitdir}/php-fpm.service
install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/httpd.service.d/php-fpm.conf
install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/nginx.service.d/php-fpm.conf
install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/httpd.service.d/php-fpm.conf
install -Dm 644 %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/nginx.service.d/php-fpm.conf
# LogRotate
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d
install -m 644 %{SOURCE7} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/php-fpm
@ -1264,7 +1246,7 @@ for mod in pgsql odbc ldap snmp \
mysqlnd mysqli \
mbstring gd dom xsl soap bcmath dba \
simplexml bz2 calendar ctype exif ftp gettext gmp iconv \
tokenizer opcache \
sockets tokenizer opcache \
sqlite3 \
enchant phar fileinfo intl \
ffi \
@ -1357,7 +1339,7 @@ cat files.sqlite3 >> files.pdo
# Package curl, phar and fileinfo in -common.
cat files.curl files.phar files.fileinfo \
files.exif files.gettext files.iconv files.calendar \
files.ftp files.bz2 files.ctype \
files.ftp files.bz2 files.ctype files.sockets \
files.tokenizer > files.common
# The default Zend OPcache blacklist file
@ -1417,8 +1399,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%files common -f files.common
%doc EXTENSIONS NEWS UPGRADING* README.REDIST.BINS *md docs
%license LICENSE TSRM_LICENSE ZEND_LICENSE BOOST_LICENSE
#license libmagic_LICENSE
%license LICENSE TSRM_LICENSE ZEND_LICENSE
%license libmagic_LICENSE
%license timelib_LICENSE
%doc php.ini-*
%config(noreplace) %{_sysconfdir}/php.ini
@ -1476,8 +1458,8 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%config(noreplace) %{_sysconfdir}/nginx/conf.d/php-fpm.conf
%config(noreplace) %{_sysconfdir}/nginx/default.d/php.conf
%{_unitdir}/php-fpm.service
%config(noreplace) %{_sysconfdir}/systemd/system/httpd.service.d/php-fpm.conf
%config(noreplace) %{_sysconfdir}/systemd/system/nginx.service.d/php-fpm.conf
%{_unitdir}/httpd.service.d/php-fpm.conf
%{_unitdir}/nginx.service.d/php-fpm.conf
%{_sbindir}/php-fpm
%dir %{_sysconfdir}/systemd/system/php-fpm.service.d
%dir %{_sysconfdir}/php-fpm.d
@ -1553,351 +1535,60 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%changelog
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 8.3.10-1
- Rebuilt for MSVSphere 10
* Tue Aug 6 2024 Remi Collet <rcollet@redhat.com> - 8.3.10-1
- rebase to 8.3.10
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 8.3.7-3
- Bump release for June 2024 mass rebuild
* Mon May 27 2024 Remi Collet <rcollet@redhat.com> - 8.3.7-2
- rebuild
* Thu May 16 2024 Remi Collet <rcollet@redhat.com> - 8.3.7-1
- rebase to 8.3.7
- backport Argon2 password hashing in OpenSSL ext
* Wed Jan 31 2024 Remi Collet <remi@remirepo.net> - 8.3.2~RC1-1
- update to 8.3.3RC1
- drop GCC 14 patch merged upstream
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.3.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Remi Collet <remi@remirepo.net> - 8.3.2-2
- add temporary patch for GCC 14
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 8.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jan 16 2024 Remi Collet <remi@remirepo.net> - 8.3.2-1
- Update to 8.3.2 - http://www.php.net/releases/8_3_2.php
* Wed Jan 3 2024 Remi Collet <remi@remirepo.net> - 8.3.2~RC1-1
- update to 8.3.2RC1
* Wed Dec 20 2023 Remi Collet <remi@remirepo.net> - 8.3.1-1
- Update to 8.3.1 - http://www.php.net/releases/8_3_1.php
* Thu Dec 7 2023 Remi Collet <remi@remirepo.net> - 8.3.1~RC3-1
- update to 8.3.1RC3
* Thu Nov 30 2023 Remi Collet <remi@remirepo.net> - 8.3.0-2
- rebuild for libcapstone
* Wed Nov 22 2023 Remi Collet <remi@remirepo.net> - 8.3.0-1
- Update to 8.3.0 GA - http://www.php.net/releases/8_3_0.php
* Wed Nov 8 2023 Remi Collet <remi@remirepo.net> - 8.3.0~RC6-2
- build sockets extension statically
* Wed Nov 8 2023 Remi Collet <remi@remirepo.net> - 8.3.0~RC6-1
- update to 8.3.0RC6
* Tue Oct 24 2023 Remi Collet <remi@remirepo.net> - 8.3.0~RC5-1
- update to 8.3.0RC5
* Wed Oct 11 2023 Remi Collet <remi@remirepo.net> - 8.3.0~RC4-1
- update to 8.3.0RC4
* Thu Oct 05 2023 Remi Collet <remi@remirepo.net> - 8.3.0~RC3-3
- rebuild for new libsodium
* Tue Sep 26 2023 Remi Collet <remi@remirepo.net> - 8.3.0~RC3-2
- tzdata is required
* Tue Sep 26 2023 Remi Collet <remi@remirepo.net> - 8.3.0~RC3-1
- update to 8.3.0RC3 https://fedoraproject.org/wiki/Changes/php83
- add internal UTC if tzdata is missing
- bump to final API/ABI
- switch to nikic/php-parser version 5
- openssl: always warn about missing curve_name
* Tue Sep 26 2023 Remi Collet <remi@remirepo.net> - 8.2.11-1
- Update to 8.2.11 - http://www.php.net/releases/8_2_11.php
* Tue Sep 19 2023 Remi Collet <remi@remirepo.net> - 8.2.11~RC1-2
- require tzdata
* Tue Sep 12 2023 Remi Collet <remi@remirepo.net> - 8.2.11~RC1-1
- update to 8.2.11RC1
* Tue Aug 29 2023 Remi Collet <remi@remirepo.net> - 8.2.10-1
- Update to 8.2.10 - http://www.php.net/releases/8_2_10.php
* Thu Aug 3 2023 Remi Collet <remi@remirepo.net> - 8.2.9-2
- Update to 8.2.9 - http://www.php.net/releases/8_2_9.php
- rebuild for new sources
* Tue Aug 1 2023 Remi Collet <remi@remirepo.net> - 8.2.9-1
- Update to 8.2.9 - http://www.php.net/releases/8_2_9.php
* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.2.9~RC1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 18 2023 Remi Collet <remi@remirepo.net> - 8.2.9~RC1-1
- update to 8.2.9RC1
* Tue Jul 11 2023 František Zatloukal <fzatlouk@redhat.com> - 8.2.8-3
- Rebuilt for ICU 73.2
* Wed Jul 5 2023 Remi Collet <remi@remirepo.net> - 8.2.8-2
- move httpd/nginx wants directive to config files in /etc
* Wed Jul 5 2023 Remi Collet <remi@remirepo.net> - 8.2.8-1
- Update to 8.2.8 - http://www.php.net/releases/8_2_8.php
* Tue Jun 20 2023 Remi Collet <remi@remirepo.net> - 8.2.8~RC1-1
- update to 8.2.8RC1
* Wed Jun 7 2023 Remi Collet <remi@remirepo.net> - 8.2.7-2
- Update to 8.2.7 - http://www.php.net/releases/8_2_7.php
- rebuild for new sources
* Tue Jun 6 2023 Remi Collet <remi@remirepo.net> - 8.2.7-1
- Update to 8.2.7 - http://www.php.net/releases/8_2_7.php
* Wed May 24 2023 Remi Collet <remi@remirepo.net> - 8.2.7~RC1-1
- update to 8.2.7RC1
* Wed May 10 2023 Remi Collet <remi@remirepo.net> - 8.2.6-1
- Update to 8.2.6 - http://www.php.net/releases/8_2_6.php
* Thu May 4 2023 Remi Collet <remi@remirepo.net> - 8.2.6~RC1-2
- use SPDX license IDs
* Wed Apr 26 2023 Remi Collet <remi@remirepo.net> - 8.2.6~RC1-1
- update to 8.2.6RC1
* Wed Apr 12 2023 Remi Collet <remi@remirepo.net> - 8.2.5-1
- Update to 8.2.5 - http://www.php.net/releases/8_2_5.php
* Wed Mar 29 2023 Remi Collet <remi@remirepo.net> - 8.2.5~RC1-1
- update to 8.2.5RC1
* Wed Mar 15 2023 Remi Collet <remi@remirepo.net> - 8.2.4-1
- Update to 8.2.4 - http://www.php.net/releases/8_2_4.php
* Wed Mar 1 2023 Remi Collet <remi@remirepo.net> - 8.2.4~RC1-1
- update to 8.2.4RC1
* Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 8.2.3-1
- Update to 8.2.3 - http://www.php.net/releases/8_2_3.php
* Fri Oct 6 2023 Remi Collet <rcollet@redhat.com> - 8.0.30-1
- rebase to 8.0.30
- Resolves: RHEL-11946
* Wed Feb 1 2023 Remi Collet <remi@remirepo.net> - 8.2.2-1
- Update to 8.2.2 - http://www.php.net/releases/8_2_2.php
* Fri Jan 13 2023 Remi Collet <rcollet@redhat.com> - 8.0.27-1
- rebase to 8.0.27
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 8.2.2~RC1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Aug 1 2022 Remi Collet <rcollet@redhat.com> - 8.0.20-3
- snmp3 calls using authPriv or authNoPriv immediately return false #2104630
* Wed Jan 18 2023 Remi Collet <remi@remirepo.net> - 8.2.2~RC1-1
- update to 8.2.2RC1
* Mon Jun 13 2022 Remi Collet <rcollet@redhat.com> - 8.0.20-2
- fix patch41 not applied (use system nikic/php-parser when available)
* Wed Jan 4 2023 Remi Collet <remi@remirepo.net> - 8.2.1-1
- Update to 8.2.1 - http://www.php.net/releases/8_2_1.php
* Sat Dec 31 2022 Pete Walter <pwalter@fedoraproject.org> - 8.2.1~RC1-3
- Rebuild for ICU 72
* Mon Dec 19 2022 Remi Collet <remi@remirepo.net> - 8.2.1~RC1-2
- php-fpm.conf: move include directive after [global] section
following upstream example
* Wed Dec 14 2022 Remi Collet <remi@remirepo.net> - 8.2.1~RC1-1
- update to 8.2.1RC1
* Tue Dec 6 2022 Remi Collet <remi@remirepo.net> - 8.2.0-1
- update to 8.2.0 GA
* Wed Nov 23 2022 Remi Collet <remi@remirepo.net> - 8.2.0~RC7-1
- update to 8.2.0RC7
* Tue Nov 8 2022 Remi Collet <remi@remirepo.net> - 8.2.0~RC6-1
- update to 8.2.0RC6
* Wed Oct 26 2022 Remi Collet <remi@remirepo.net> - 8.2.0~RC5-1
- update to 8.2.0RC5
* Tue Oct 11 2022 Remi Collet <remi@remirepo.net> - 8.2.0~RC4-1
- update to 8.2.0RC4
* Wed Sep 28 2022 Remi Collet <remi@remirepo.net> - 8.2.0~RC3-1
- update to 8.2.0RC3
- bump API/ABI
- new random extension
- add dependency on libselinux
* Wed Sep 28 2022 Remi Collet <remi@remirepo.net> - 8.1.11-1
- Update to 8.1.11 - http://www.php.net/releases/8_1_11.php
* Wed Sep 14 2022 Remi Collet <remi@remirepo.net> - 8.1.11~RC1-1
- update to 8.1.11RC1
* Thu Sep 8 2022 Remi Collet <remi@remirepo.net> - 8.1.10-1
- Update to 8.1.10 - http://www.php.net/releases/8_1_10.php
* Wed Aug 17 2022 Remi Collet <remi@remirepo.net> - 8.1.10~RC1-1
- update to 8.1.10RC1
* Tue Aug 2 2022 Remi Collet <remi@remirepo.net> - 8.1.9-1
- Update to 8.1.9 - http://www.php.net/releases/8_1_9.php
* Mon Aug 01 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 8.1.9~RC1-3
- Rebuilt for ICU 71.1
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.1.9~RC1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jul 20 2022 Remi Collet <remi@remirepo.net> - 8.1.9~RC1-1
- update to 8.1.9RC1
* Wed Jul 6 2022 Remi Collet <remi@remirepo.net> - 8.1.8-1
- Update to 8.1.8 - http://www.php.net/releases/8_1_8.php
* Tue Jun 21 2022 Remi Collet <remi@remirepo.net> - 8.1.8~RC1-1
- update to 8.1.8RC1
* Wed Jun 8 2022 Remi Collet <remi@remirepo.net> - 8.1.7-1
- Update to 8.1.7 - http://www.php.net/releases/8_1_7.php
* Mon Jun 13 2022 Remi Collet <rcollet@redhat.com> - 8.0.20-1
- rebase to 8.0.20 #2095752
- clean unneeded dependency on useradd command #2095447
- add upstream patch to initialize pcre before mbstring
- retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
* Wed May 25 2022 Remi Collet <remi@remirepo.net> - 8.1.7~RC1-1
- update to 8.1.7RC1
* Wed May 11 2022 Remi Collet <remi@remirepo.net> - 8.1.6-1
- Update to 8.1.6 - http://www.php.net/releases/8_1_6.php
* Wed Apr 27 2022 Remi Collet <remi@remirepo.net> - 8.1.6~RC1-1
- update to 8.1.6RC1
* Wed Apr 13 2022 Remi Collet <remi@remirepo.net> - 8.1.5-1
- Update to 8.1.5 - http://www.php.net/releases/8_1_5.php
* Mon Apr 4 2022 Remi Collet <remi@remirepo.net> - 8.1.5~RC1-1
- update to 8.1.5RC1
* Wed Mar 16 2022 Remi Collet <remi@remirepo.net> - 8.1.4-1
- Update to 8.1.4 - http://www.php.net/releases/8_1_4.php
* Thu Mar 3 2022 Remi Collet <remi@remirepo.net> - 8.1.4~RC1-1
- update to 8.1.4RC1
* Wed Feb 23 2022 Remi Collet <remi@remirepo.net> - 8.1.3-2
- retrieve tzdata version #2056611
* Wed Feb 16 2022 Remi Collet <remi@remirepo.net> - 8.1.3-1
- Update to 8.1.3 - http://www.php.net/releases/8_1_3.php
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 8.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jan 19 2022 Remi Collet <remi@remirepo.net> - 8.1.2-1
- Update to 8.1.2 - http://www.php.net/releases/8_1_2.php
* Sat Jan 08 2022 Miro Hrončok <mhroncok@redhat.com> - 8.1.2~RC1-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34
* Wed Jan 5 2022 Remi Collet <remi@remirepo.net> - 8.1.2~RC1-1
- update to 8.1.2RC1
* Wed Dec 15 2021 Remi Collet <remi@remirepo.net> - 8.1.1-1
- Update to 8.1.1 - http://www.php.net/releases/8_1_1.php
* Thu Dec 2 2021 Remi Collet <remi@remirepo.net> - 8.1.1~RC1-1
- update to 8.1.1RC1
* Wed Nov 24 2021 Remi Collet <remi@remirepo.net> - 8.1.0-1
- update to 8.1.0 GA
* Wed Nov 10 2021 Remi Collet <remi@remirepo.net> - 8.1.0~RC6-1
- update to 8.1.0RC6
* Tue Oct 26 2021 Remi Collet <remi@remirepo.net> - 8.1.0~RC5-1
- update to 8.1.0RC5 - https://fedoraproject.org/wiki/Changes/php81
- bump API version
* Tue Oct 19 2021 Remi Collet <remi@remirepo.net> - 8.0.12-2
- dba: enable qdbm backend
* Tue Oct 19 2021 Remi Collet <remi@remirepo.net> - 8.0.12-1
- Update to 8.0.12 - http://www.php.net/releases/8_0_12.php
* Mon Oct 18 2021 Remi Collet <remi@remirepo.net> - 8.0.12~RC1-2
- build using system libxcrypt
* Wed Oct 6 2021 Remi Collet <remi@remirepo.net> - 8.0.12~RC1-1
- update to 8.0.12RC1
* Wed Sep 22 2021 Remi Collet <remi@remirepo.net> - 8.0.11-1
- Update to 8.0.11 - http://www.php.net/releases/8_0_11.php
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 8.0.11~RC1-4
- Rebuilt with OpenSSL 3.0.0
* Mon Sep 13 2021 Remi Collet <remi@remirepo.net> - 8.0.11~RC1-3
- more changes for OpenSSL 3 from PHP 8.1
* Fri Sep 10 2021 Remi Collet <remi@remirepo.net> - 8.0.11~RC1-2
- backport changes for OpenSSL 3 from PHP 8.1
* Tue Sep 7 2021 Remi Collet <remi@remirepo.net> - 8.0.11~RC1-1
- update to 8.0.11RC1
* Thu Aug 26 2021 Remi Collet <remi@remirepo.net> - 8.0.10-1
- Update to 8.0.10 - http://www.php.net/releases/8_0_10.php
* Wed Aug 11 2021 Remi Collet <remi@remirepo.net> - 8.0.10~RC1-3
- phar: switch to sha256 signature by default, backported from 8.1
- phar: implement openssl_256 and openssl_512 for signatures, backported from 8.1
* Wed Aug 11 2021 Remi Collet <remi@remirepo.net> - 8.0.10~RC1-2
- snmp: add sha256 / sha512 security protocol, backported from 8.1
* Tue Aug 10 2021 Remi Collet <remi@remirepo.net> - 8.0.10~RC1-1
- update to 8.0.10RC1
- adapt systzdata patch for timelib 2020.03 (v20)
* Tue Aug 3 2021 Remi Collet <remi@remirepo.net> - 8.0.9-2
- add upstream patch for https://bugs.php.net/81325 segfault in simplexml
* Thu Jul 29 2021 Remi Collet <remi@remirepo.net> - 8.0.9-1
- Update to 8.0.9 - http://www.php.net/releases/8_0_9.php
* Wed Dec 15 2021 Remi Collet <rcollet@redhat.com> - 8.0.13-1
- rebase to 8.0.13 #2032429
- refresh configuration files from upstream
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.9~RC1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Oct 26 2021 Remi Collet <rcollet@redhat.com> - 8.0.12-1
- rebase to 8.0.12 #2017111 #1981423
- build using system libxcrypt #2015903
* Mon Jul 19 2021 Remi Collet <remi@remirepo.net> - 8.0.9~RC1-1
- update to 8.0.9RC1
* Tue Sep 14 2021 Remi Collet <rcollet@redhat.com> - 8.0.10-1
- rebase to 8.0.10 #1992513
- compatibility with OpenSSL 3.0 #1992492
- snmp: add sha256 / sha512 security protocol #1936635
- phar: implement openssl_256 and openssl_512 for phar signatures
- phar: use sha256 signature by default
* Tue Jun 29 2021 Remi Collet <remi@remirepo.net> - 8.0.8-1
- Update to 8.0.8 - http://www.php.net/releases/8_0_8.php
* Thu Aug 19 2021 DJ Delorie <dj@redhat.com> - 8.0.6-9
- Rebuilt for libffi 3.4.2 SONAME transition.
Related: rhbz#1891914
* Tue Jun 15 2021 Remi Collet <remi@remirepo.net> - 8.0.8~RC1-1
- update to 8.0.8RC1
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 8.0.6-8
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jun 2 2021 Remi Collet <remi@remirepo.net> - 8.0.7-1
- Update to 8.0.7 - http://www.php.net/releases/8_0_7.php
* Fri Aug 6 2021 Florian Weimer <fweimer@redhat.com> - 8.0.6-7
- Rebuild to pick up new build flags from redhat-rpm-config (#1984652)
* Thu May 27 2021 Remi Collet <remi@remirepo.net> - 8.0.7~RC1-2
- fix snmp extension for net-snmp without DES
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 8.0.6-6
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Thu May 20 2021 Remi Collet <remi@remirepo.net> - 8.0.7~RC1-1
- update to 8.0.7RC1
* Mon May 31 2021 Remi Collet <rcollet@redhat.com> - 8.0.6-5
- fix build with net-snmp without DES #1953492
* Thu May 20 2021 Pete Walter <pwalter@fedoraproject.org> - 8.0.6-4
- Rebuild for ICU 69
* Tue May 18 2021 Remi Collet <rcollet@redhat.com> - 8.0.6-4
- fix build with openssl 3.0 #1953492
* Sat May 8 2021 Remi Collet <remi@remirepo.net> - 8.0.6-3
- get rid of inet_addr and gethostbyaddr calls

Write Preview
Loading…
Cancel
Save