diff --git a/backport-CVE-2021-21708-Fix-81708.patch b/backport-CVE-2021-21708-Fix-81708.patch deleted file mode 100644 index 84095da..0000000 --- a/backport-CVE-2021-21708-Fix-81708.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 82f1bf1b6bc3a43aba62214870e6d0931e93a6d9 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Mon, 31 Jan 2022 15:43:24 +0100 -Subject: [PATCH] Fix #81708: UAF due to php_filter_float() failing for ints - -We must only release the zval, if we actually assign a new zval. ---- - ext/filter/logical_filters.c | 2 +- - ext/filter/tests/bug81708.phpt | 20 ++++++++++++++++++++ - 2 files changed, 21 insertions(+), 1 deletion(-) - create mode 100644 ext/filter/tests/bug81708.phpt - -diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c -index 1bf7c00d13c6..95f7a99e34b1 100644 ---- a/ext/filter/logical_filters.c -+++ b/ext/filter/logical_filters.c -@@ -436,10 +436,10 @@ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */ - - switch (is_numeric_string(num, p - num, &lval, &dval, 0)) { - case IS_LONG: -- zval_ptr_dtor(value); - if ((min_range_set && (lval < min_range)) || (max_range_set && (lval > max_range))) { - goto error; - } -+ zval_ptr_dtor(value); - ZVAL_DOUBLE(value, (double)lval); - break; - case IS_DOUBLE: -diff --git a/ext/filter/tests/bug81708.phpt b/ext/filter/tests/bug81708.phpt -new file mode 100644 -index 000000000000..d0036af13682 ---- /dev/null -+++ b/ext/filter/tests/bug81708.phpt -@@ -0,0 +1,20 @@ -+--TEST-- -+Bug #81708 (UAF due to php_filter_float() failing for ints) -+--SKIPIF-- -+ -+--INI-- -+opcache.enable_cli=0 -+--FILE-- -+ ['min_range' => -1, 'max_range' => 1]] -+); -+var_dump($input); -+?> -+--EXPECT-- -+string(3) "+11" diff --git a/backport-CVE-2022-31625.patch b/backport-CVE-2022-31625.patch deleted file mode 100644 index f0c4c64..0000000 --- a/backport-CVE-2022-31625.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 55f6895f4b4c677272fd4ee1113acdbd99c4b5ab Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Tue, 17 May 2022 12:59:23 +0200 -Subject: [PATCH] Fix #81720: Uninitialized array in pg_query_params() leading - to RCE - -We must not free parameters which we haven't initialized yet. - -We also fix the not directly related issue, that we checked for the -wrong value being `NULL`, potentially causing a segfault. ---- - ext/pgsql/pgsql.c | 6 +++--- - ext/pgsql/tests/bug81720.phpt | 27 +++++++++++++++++++++++++++ - 2 files changed, 30 insertions(+), 3 deletions(-) - create mode 100644 ext/pgsql/tests/bug81720.phpt - ---- a/ext/pgsql/pgsql.c -+++ b/ext/pgsql/pgsql.c -@@ -1201,7 +1201,7 @@ PHP_FUNCTION(pg_query_params) - } else { - zend_string *param_str = zval_try_get_string(tmp); - if (!param_str) { -- _php_pgsql_free_params(params, num_params); -+ _php_pgsql_free_params(params, i); - RETURN_THROWS(); - } - params[i] = estrndup(ZSTR_VAL(param_str), ZSTR_LEN(param_str)); -@@ -3918,8 +3918,8 @@ PHP_FUNCTION(pg_send_execute) - params[i] = NULL; - } else { - zend_string *tmp_str = zval_try_get_string(tmp); -- if (UNEXPECTED(!tmp)) { -- _php_pgsql_free_params(params, num_params); -+ if (UNEXPECTED(!tmp_str)) { -+ _php_pgsql_free_params(params, i); - return; - } - params[i] = estrndup(ZSTR_VAL(tmp_str), ZSTR_LEN(tmp_str)); ---- /dev/null -+++ b/ext/pgsql/tests/bug81720.phpt -@@ -0,0 +1,27 @@ -+--TEST-- -+Bug #81720 (Uninitialized array in pg_query_params() leading to RCE) -+--SKIPIF-- -+ -+--FILE-- -+getMessage(), PHP_EOL; -+} -+ -+try { -+ pg_send_prepare($conn, "my_query", 'SELECT $1, $2'); -+ pg_get_result($conn); -+ pg_send_execute($conn, "my_query", [1, new stdClass()]); -+} catch (Throwable $ex) { -+ echo $ex->getMessage(), PHP_EOL; -+} -+?> -+--EXPECT-- -+Object of class stdClass could not be converted to string -+Object of class stdClass could not be converted to string diff --git a/backport-CVE-2022-31626.patch b/backport-CVE-2022-31626.patch deleted file mode 100644 index f8ea8e8..0000000 --- a/backport-CVE-2022-31626.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001 -From: Stanislav Malyshev -Date: Mon, 6 Jun 2022 00:56:51 -0600 -Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow - ---- - ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/ext/mysqlnd/mysqlnd_wireprotocol.c -+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c -@@ -768,7 +768,8 @@ php_mysqlnd_change_auth_response_write(M - MYSQLND_VIO * vio = conn->vio; - MYSQLND_STATS * stats = conn->stats; - MYSQLND_CONNECTION_STATE * connection_state = &conn->state; -- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len); -+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE; -+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size); - zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */ - - DBG_ENTER("php_mysqlnd_change_auth_response_write"); diff --git a/backport-CVE-2022-31627.patch b/backport-CVE-2022-31627.patch deleted file mode 100644 index 00cb0a3..0000000 --- a/backport-CVE-2022-31627.patch +++ /dev/null @@ -1,356 +0,0 @@ -From ca6d511fa54b34d5b75bf120a86482a1b9e1e686 Mon Sep 17 00:00:00 2001 -From: "Christoph M. Becker" -Date: Thu, 30 Jun 2022 17:15:22 +0200 -Subject: [PATCH] Fix #81723: Memory corruption in finfo_buffer() - -We need to use the same memory allocator throughout. ---- - ext/fileinfo/libmagic.patch | 112 +++++++++++++++++------------- - ext/fileinfo/libmagic/softmagic.c | 8 +-- - ext/fileinfo/tests/bug81723.phpt | 12 ++++ - 3 files changed, 79 insertions(+), 53 deletions(-) - create mode 100644 ext/fileinfo/tests/bug81723.phpt - -diff --git a/ext/fileinfo/libmagic.patch b/ext/fileinfo/libmagic.patch -index 27124692a0..3373ae4519 100644 ---- a/ext/fileinfo/libmagic.patch -+++ b/ext/fileinfo/libmagic.patch -@@ -1,6 +1,6 @@ --diff -ur libmagic.orig/apprentice.c libmagic/apprentice.c -+diff -u libmagic.orig/apprentice.c libmagic/apprentice.c - --- libmagic.orig/apprentice.c 2021-02-23 01:51:11.000000000 +0100 --+++ libmagic/apprentice.c 2021-04-06 21:34:57.332978922 +0200 -++++ libmagic/apprentice.c 2022-06-16 13:39:41.570984700 +0200 - @@ -29,6 +29,8 @@ - * apprentice - make one pass through /etc/magic, learning its secrets. - */ -@@ -925,9 +925,9 @@ diff -ur libmagic.orig/apprentice.c libmagic/apprentice.c - m->str_range = swap4(m->str_range); - m->str_flags = swap4(m->str_flags); - } --diff -ur libmagic.orig/ascmagic.c libmagic/ascmagic.c -+diff -u libmagic.orig/ascmagic.c libmagic/ascmagic.c - --- libmagic.orig/ascmagic.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/ascmagic.c 2021-04-06 21:34:57.332978922 +0200 -++++ libmagic/ascmagic.c 2022-06-16 13:39:41.570984700 +0200 - @@ -96,7 +96,7 @@ - rv = file_ascmagic_with_encoding(ms, &bb, - ubuf, ulen, code, type, text); -@@ -956,9 +956,9 @@ diff -ur libmagic.orig/ascmagic.c libmagic/ascmagic.c - - return rv; - } --diff -ur libmagic.orig/buffer.c libmagic/buffer.c -+diff -u libmagic.orig/buffer.c libmagic/buffer.c - --- libmagic.orig/buffer.c 2021-02-23 01:49:26.000000000 +0100 --+++ libmagic/buffer.c 2021-04-06 21:34:57.332978922 +0200 -++++ libmagic/buffer.c 2021-09-21 13:27:27.982716100 +0200 - @@ -31,19 +31,23 @@ - #endif /* lint */ - -@@ -1012,9 +1012,9 @@ diff -ur libmagic.orig/buffer.c libmagic/buffer.c - b->ebuf = NULL; - goto out; - } --diff -ur libmagic.orig/cdf.c libmagic/cdf.c -+diff -u libmagic.orig/cdf.c libmagic/cdf.c - --- libmagic.orig/cdf.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/cdf.c 2021-04-06 21:34:57.332978922 +0200 -++++ libmagic/cdf.c 2021-09-21 13:27:27.983695600 +0200 - @@ -43,7 +43,17 @@ - #include - #endif -@@ -1247,9 +1247,9 @@ diff -ur libmagic.orig/cdf.c libmagic/cdf.c - } - - #endif --diff -ur libmagic.orig/cdf.h libmagic/cdf.h -+diff -u libmagic.orig/cdf.h libmagic/cdf.h - --- libmagic.orig/cdf.h 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/cdf.h 2021-04-06 21:34:57.332978922 +0200 -++++ libmagic/cdf.h 2021-09-21 13:27:27.984674900 +0200 - @@ -35,10 +35,10 @@ - #ifndef _H_CDF_ - #define _H_CDF_ -@@ -1264,9 +1264,9 @@ diff -ur libmagic.orig/cdf.h libmagic/cdf.h - #endif - #ifdef __DJGPP__ - #define timespec timeval --diff -ur libmagic.orig/cdf_time.c libmagic/cdf_time.c -+diff -u libmagic.orig/cdf_time.c libmagic/cdf_time.c - --- libmagic.orig/cdf_time.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/cdf_time.c 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/cdf_time.c 2021-09-21 13:27:27.985654400 +0200 - @@ -23,6 +23,7 @@ - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. -@@ -1293,9 +1293,9 @@ diff -ur libmagic.orig/cdf_time.c libmagic/cdf_time.c - if (ptr != NULL) - return buf; - (void)snprintf(buf, 26, "*Bad* %#16.16" INT64_T_FORMAT "x\n", --diff -ur libmagic.orig/compress.c libmagic/compress.c -+diff -u libmagic.orig/compress.c libmagic/compress.c - --- libmagic.orig/compress.c 2021-02-23 01:49:07.000000000 +0100 --+++ libmagic/compress.c 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/compress.c 2022-06-16 13:39:41.586609800 +0200 - @@ -51,7 +51,7 @@ - #ifndef HAVE_SIG_T - typedef void (*sig_t)(int); -@@ -1430,9 +1430,9 @@ diff -ur libmagic.orig/compress.c libmagic/compress.c - } - #endif - +#endif --diff -ur libmagic.orig/der.c libmagic/der.c -+diff -u libmagic.orig/der.c libmagic/der.c - --- libmagic.orig/der.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/der.c 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/der.c 2022-06-16 13:39:41.586609800 +0200 - @@ -54,7 +54,9 @@ - #include "magic.h" - #include "der.h" -@@ -1443,9 +1443,9 @@ diff -ur libmagic.orig/der.c libmagic/der.c - #include - #include - #endif --diff -ur libmagic.orig/elfclass.h libmagic/elfclass.h -+diff -u libmagic.orig/elfclass.h libmagic/elfclass.h - --- libmagic.orig/elfclass.h 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/elfclass.h 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/elfclass.h 2021-09-21 13:27:27.989571700 +0200 - @@ -41,7 +41,7 @@ - return toomany(ms, "program headers", phnum); - flags |= FLAGS_IS_CORE; -@@ -1473,9 +1473,9 @@ diff -ur libmagic.orig/elfclass.h libmagic/elfclass.h - CAST(size_t, elf_getu16(swap, elfhdr.e_shentsize)), - fsize, elf_getu16(swap, elfhdr.e_machine), - CAST(int, elf_getu16(swap, elfhdr.e_shstrndx)), --diff -ur libmagic.orig/encoding.c libmagic/encoding.c -+diff -u libmagic.orig/encoding.c libmagic/encoding.c - --- libmagic.orig/encoding.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/encoding.c 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/encoding.c 2022-06-16 13:39:41.586609800 +0200 - @@ -98,14 +98,14 @@ - nbytes = ms->encoding_max; - -@@ -1514,9 +1514,9 @@ diff -ur libmagic.orig/encoding.c libmagic/encoding.c - } \ - if (u < 3) \ - return 0; \ --diff -ur libmagic.orig/file.h libmagic/file.h -+diff -u libmagic.orig/file.h libmagic/file.h - --- libmagic.orig/file.h 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/file.h 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/file.h 2022-06-16 13:39:41.586609800 +0200 - @@ -33,17 +33,14 @@ - #ifndef __file_h__ - #define __file_h__ -@@ -1775,9 +1775,9 @@ diff -ur libmagic.orig/file.h libmagic/file.h - +#endif - + - #endif /* __file_h__ */ --diff -ur libmagic.orig/fsmagic.c libmagic/fsmagic.c -+diff -u libmagic.orig/fsmagic.c libmagic/fsmagic.c - --- libmagic.orig/fsmagic.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/fsmagic.c 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/fsmagic.c 2021-09-21 13:27:27.992511000 +0200 - @@ -66,26 +66,10 @@ - # define minor(dev) ((dev) & 0xff) - #endif -@@ -2068,9 +2068,9 @@ diff -ur libmagic.orig/fsmagic.c libmagic/fsmagic.c - #ifdef S_IFSOCK - #ifndef __COHERENT__ - case S_IFSOCK: --diff -ur libmagic.orig/funcs.c libmagic/funcs.c -+diff -u libmagic.orig/funcs.c libmagic/funcs.c - --- libmagic.orig/funcs.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/funcs.c 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/funcs.c 2022-06-16 13:39:41.586609800 +0200 - @@ -51,6 +51,13 @@ - #define SIZE_MAX ((size_t)~0) - #endif -@@ -2388,9 +2388,9 @@ diff -ur libmagic.orig/funcs.c libmagic/funcs.c - - protected char * - file_strtrim(char *str) --diff -ur libmagic.orig/magic.c libmagic/magic.c -+diff -u libmagic.orig/magic.c libmagic/magic.c - --- libmagic.orig/magic.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/magic.c 2021-04-06 21:34:57.336978894 +0200 -++++ libmagic/magic.c 2022-06-16 13:39:41.586609800 +0200 - @@ -25,11 +25,6 @@ - * SUCH DAMAGE. - */ -@@ -2867,9 +2867,9 @@ diff -ur libmagic.orig/magic.c libmagic/magic.c - return NULL; - } - return file_getbuffer(ms); --diff -ur libmagic.orig/magic.h libmagic/magic.h ----- libmagic.orig/magic.h 2021-04-06 22:37:37.647426536 +0200 --+++ libmagic/magic.h 2021-04-06 21:34:57.336978894 +0200 -+diff -u libmagic.orig/magic.h libmagic/magic.h -+--- libmagic.orig/magic.h 2022-06-30 17:16:06.144009900 +0200 -++++ libmagic/magic.h 2022-06-16 13:39:41.586609800 +0200 - @@ -126,6 +126,7 @@ - - const char *magic_getpath(const char *, int); -@@ -2878,9 +2878,9 @@ diff -ur libmagic.orig/magic.h libmagic/magic.h - const char *magic_descriptor(magic_t, int); - const char *magic_buffer(magic_t, const void *, size_t); - --diff -ur libmagic.orig/print.c libmagic/print.c -+diff -u libmagic.orig/print.c libmagic/print.c - --- libmagic.orig/print.c 2021-02-23 01:49:07.000000000 +0100 --+++ libmagic/print.c 2021-04-06 21:34:57.340978869 +0200 -++++ libmagic/print.c 2021-09-21 13:27:27.998388700 +0200 - @@ -28,6 +28,7 @@ - /* - * print.c - debugging printout routines -@@ -2943,9 +2943,9 @@ diff -ur libmagic.orig/print.c libmagic/print.c - - if (pp == NULL) - goto out; --diff -ur libmagic.orig/readcdf.c libmagic/readcdf.c -+diff -u libmagic.orig/readcdf.c libmagic/readcdf.c - --- libmagic.orig/readcdf.c 2021-02-23 01:49:08.000000000 +0100 --+++ libmagic/readcdf.c 2021-04-06 21:34:57.340978869 +0200 -++++ libmagic/readcdf.c 2021-09-21 13:27:27.999369100 +0200 - @@ -31,7 +31,11 @@ - - #include -@@ -3067,9 +3067,9 @@ diff -ur libmagic.orig/readcdf.c libmagic/readcdf.c - out0: - /* If we handled it already, return */ - if (i != -1) --diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c -+diff -u libmagic.orig/softmagic.c libmagic/softmagic.c - --- libmagic.orig/softmagic.c 2021-02-23 01:49:06.000000000 +0100 --+++ libmagic/softmagic.c 2021-04-06 21:34:57.340978869 +0200 -++++ libmagic/softmagic.c 2022-06-30 16:58:15.521661800 +0200 - @@ -43,6 +43,10 @@ - #include - #include "der.h" -@@ -3247,7 +3247,29 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c - return rv; - } - --@@ -1845,15 +1847,15 @@ -+@@ -1531,11 +1533,7 @@ -+ size_t len; -+ *c = ms->c; -+ len = c->len * sizeof(*c->li); -+- ms->c.li = CAST(struct level_info *, malloc(len)); -+- if (ms->c.li == NULL) { -+- ms->c = *c; -+- return -1; -+- } -++ ms->c.li = CAST(struct level_info *, emalloc(len)); -+ memcpy(ms->c.li, c->li, len); -+ return 0; -+ } -+@@ -1543,7 +1541,7 @@ -+ private void -+ restore_cont(struct magic_set *ms, struct cont *c) -+ { -+- free(ms->c.li); -++ efree(ms->c.li); -+ ms->c = *c; -+ } -+ -+@@ -1845,15 +1843,15 @@ - if ((ms->flags & MAGIC_NODESC) == 0 && - file_printf(ms, F(ms, m->desc, "%u"), offset) == -1) - { -@@ -3266,7 +3288,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c - return rv; - - case FILE_USE: --@@ -1958,10 +1960,13 @@ -+@@ -1958,10 +1956,13 @@ - } - else if ((flags & STRING_COMPACT_WHITESPACE) && - isspace(*a)) { -@@ -3281,7 +3303,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c - b++; - } - else { --@@ -1997,6 +2002,60 @@ -+@@ -1997,6 +1998,60 @@ - return file_strncmp(a, b, len, maxlen, flags); - } - -@@ -3342,7 +3364,7 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c - private int - magiccheck(struct magic_set *ms, struct magic *m) - { --@@ -2176,65 +2235,77 @@ -+@@ -2176,65 +2231,77 @@ - break; - } - case FILE_REGEX: { -@@ -3471,9 +3493,9 @@ diff -ur libmagic.orig/softmagic.c libmagic/softmagic.c - break; - } - case FILE_USE: --diff -ur libmagic.orig/strcasestr.c libmagic/strcasestr.c -+diff -u libmagic.orig/strcasestr.c libmagic/strcasestr.c - --- libmagic.orig/strcasestr.c 2021-02-23 01:49:12.000000000 +0100 --+++ libmagic/strcasestr.c 2021-04-06 21:34:57.340978869 +0200 -++++ libmagic/strcasestr.c 2021-09-21 13:27:28.002306200 +0200 - @@ -39,6 +39,8 @@ - - #include "file.h" -@@ -3483,7 +3505,3 @@ diff -ur libmagic.orig/strcasestr.c libmagic/strcasestr.c - #include - #include - #include ----- libmagic/config.h 2021-04-06 22:19:57.552120067 +0200 --+++ /dev/null 2021-03-31 20:37:24.776503884 +0200 --@@ -1 +0,0 @@ ---#include "php.h" -diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c -index c86524e31e..5132b4ddea 100644 ---- a/ext/fileinfo/libmagic/softmagic.c -+++ b/ext/fileinfo/libmagic/softmagic.c -@@ -1533,11 +1533,7 @@ save_cont(struct magic_set *ms, struct cont *c) - size_t len; - *c = ms->c; - len = c->len * sizeof(*c->li); -- ms->c.li = CAST(struct level_info *, malloc(len)); -- if (ms->c.li == NULL) { -- ms->c = *c; -- return -1; -- } -+ ms->c.li = CAST(struct level_info *, emalloc(len)); - memcpy(ms->c.li, c->li, len); - return 0; - } -@@ -1545,7 +1541,7 @@ save_cont(struct magic_set *ms, struct cont *c) - private void - restore_cont(struct magic_set *ms, struct cont *c) - { -- free(ms->c.li); -+ efree(ms->c.li); - ms->c = *c; - } - -diff --git a/ext/fileinfo/tests/bug81723.phpt b/ext/fileinfo/tests/bug81723.phpt -new file mode 100644 -index 0000000000..16bfb81f10 ---- /dev/null -+++ b/ext/fileinfo/tests/bug81723.phpt -@@ -0,0 +1,12 @@ -+--TEST-- -+Bug #81723 (Memory corruption in finfo_buffer()) -+--EXTENSIONS-- -+fileinfo -+--FILE-- -+ -+--EXPECT-- --- -2.27.0 - diff --git a/php-8.1.1.tar.xz b/php-8.1.10.tar.xz similarity index 59% rename from php-8.1.1.tar.xz rename to php-8.1.10.tar.xz index 55b8028..28a7ba9 100644 Binary files a/php-8.1.1.tar.xz and b/php-8.1.10.tar.xz differ diff --git a/php.spec b/php.spec index a31a0d3..7d31837 100644 --- a/php.spec +++ b/php.spec @@ -22,11 +22,11 @@ %global with_freetds 0 %global with_sodium 0 %global with_pspell 0 -%global upver 8.1.1 +%global upver 8.1.10 Name: php Version: %{upver} -Release: 5 +Release: 1 Summary: PHP scripting language for creating dynamic web sites License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA and Boost URL: http://www.php.net/ @@ -56,10 +56,6 @@ Patch5: php-7.4.0-phpize.patch Patch6: php-7.4.0-ldap_r.patch Patch7: php-8.1.0-phpinfo.patch Patch8: php-7.4.0-datetests.patch -Patch9: backport-CVE-2021-21708-Fix-81708.patch -Patch10: backport-CVE-2022-31625.patch -Patch11: backport-CVE-2022-31626.patch -Patch12: backport-CVE-2022-31627.patch BuildRequires: bzip2-devel, curl-devel >= 7.9, httpd-devel >= 2.0.46-1, pam-devel, httpd-filesystem, nginx-filesystem BuildRequires: libstdc++-devel, openssl-devel, sqlite-devel >= 3.6.0, zlib-devel, smtpdaemon, libedit-devel