Sat Apr 13 02:51:54 2024 UTC (44d)
lang/php83: update to 8.3.5

This release includes security fixes.

11 Apr 2024, PHP 8.3.5

- Core:
  . Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when
    scanning WeakMaps). (Arnaud)
  . Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
    (nielsdos)
  . Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
  . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
  . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
    destructor). (Arnaud)

- DOM:
  . Add some missing ZPP checks. (nielsdos)
  . Fix potential memory leak in XPath evaluation results. (nielsdos)

- FPM:
  . Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
    (Jakub Zelenka)
  . Fix incorrect check in fpm_shm_free(). (nielsdos)

- GD:
  . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

- Gettext:
  . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
    with category set to LC_ALL. (David Carlier)

- MySQLnd:
  . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
  . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

- Opcache:
  . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
    (Arnaud, Dmitry)
  . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
    method of internal trait when opcache is loaded). (Bob)

- Random:
  . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
    modes). (timwolla)
  . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
    requests when MT_RAND_PHP is used). (timwolla)

- Session:
  . Fixed bug GH-13680 (Segfault with session_decode and compilation error).
    (nielsdos)

- SPL:
  . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

- Standard:
  . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
  . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
    (SakiTakamachi)
  . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
    (divinity76)
  . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
    parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
  . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
    partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
    Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some
    inputs). (CVE-2024-2757) (Alex Dowad)


(taca)
diff -r1.427 -r1.428 pkgsrc/lang/php/phpversion.mk
diff -r1.5 -r1.6 pkgsrc/lang/php83/distinfo
diff -r1.3 -r1.4 pkgsrc/lang/php83/patches/patch-configure
cvs diff -r1.427 -r1.428 pkgsrc/lang/php/phpversion.mk (expand / switch to unified diff)

--- pkgsrc/lang/php/phpversion.mk 2024/04/13 02:49:41 1.427
+++ pkgsrc/lang/php/phpversion.mk 2024/04/13 02:51:54 1.428
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: phpversion.mk,v 1.427 2024/04/13 02:49:41 taca Exp $ 1# $NetBSD: phpversion.mk,v 1.428 2024/04/13 02:51:54 taca Exp $
2# 2#
3# This file selects a PHP version, based on the user's preferences and 3# This file selects a PHP version, based on the user's preferences and
4# the installed packages. It does not add a dependency on the PHP 4# the installed packages. It does not add a dependency on the PHP
5# package. 5# package.
6# 6#
7# === User-settable variables === 7# === User-settable variables ===
8# 8#
9# PHP_VERSION_DEFAULT 9# PHP_VERSION_DEFAULT
10# The PHP version to choose when more than one is acceptable to 10# The PHP version to choose when more than one is acceptable to
11# the package. 11# the package.
12# 12#
13# Possible: 56 74 80 81 82 83 13# Possible: 56 74 80 81 82 83
14# Default: 82 14# Default: 82
@@ -83,27 +83,27 @@ @@ -83,27 +83,27 @@
83# 83#
84# Keywords: php 84# Keywords: php
85# 85#
86 86
87.if !defined(PHPVERSION_MK) 87.if !defined(PHPVERSION_MK)
88PHPVERSION_MK= defined 88PHPVERSION_MK= defined
89 89
90# Define each PHP's version. 90# Define each PHP's version.
91PHP56_VERSION= 5.6.40 91PHP56_VERSION= 5.6.40
92PHP74_VERSION= 7.4.33 92PHP74_VERSION= 7.4.33
93PHP80_VERSION= 8.0.30 93PHP80_VERSION= 8.0.30
94PHP81_VERSION= 8.1.27 94PHP81_VERSION= 8.1.27
95PHP82_VERSION= 8.2.18 95PHP82_VERSION= 8.2.18
96PHP83_VERSION= 8.3.4 96PHP83_VERSION= 8.3.5
97 97
98# Define API version or initial release of major version. 98# Define API version or initial release of major version.
99PHP56_RELDATE= 20140828 99PHP56_RELDATE= 20140828
100PHP74_RELDATE= 20191128 100PHP74_RELDATE= 20191128
101PHP80_RELDATE= 20201124 101PHP80_RELDATE= 20201124
102PHP81_RELDATE= 20211125 102PHP81_RELDATE= 20211125
103PHP82_RELDATE= 20220829 103PHP82_RELDATE= 20220829
104PHP83_RELDATE= 20231123 104PHP83_RELDATE= 20231123
105 105
106_VARGROUPS+= php 106_VARGROUPS+= php
107_USER_VARS.php= PHP_VERSION_DEFAULT 107_USER_VARS.php= PHP_VERSION_DEFAULT
108_PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD 108_PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD
109_SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ 109_SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \
cvs diff -r1.5 -r1.6 pkgsrc/lang/php83/distinfo (expand / switch to unified diff)

--- pkgsrc/lang/php83/distinfo 2024/03/17 16:48:19 1.5
+++ pkgsrc/lang/php83/distinfo 2024/04/13 02:51:54 1.6
@@ -1,17 +1,17 @@ @@ -1,17 +1,17 @@
1$NetBSD: distinfo,v 1.5 2024/03/17 16:48:19 taca Exp $ 1$NetBSD: distinfo,v 1.6 2024/04/13 02:51:54 taca Exp $
2 2
3BLAKE2s (php-8.3.4.tar.xz) = 4502a9122864f77bc8f05f46717796f637fee78b002c5c10b179a01a332bc9ea 3BLAKE2s (php-8.3.5.tar.xz) = cf85b04006f4ac04268c3cf86f57e0be5800813accf93e10ae36842b642bb49f
4SHA512 (php-8.3.4.tar.xz) = 7254421c57de6c8f9f84079212ead38b397e053ad2dc202bd4e0c9d63aa5d9884a6a856fb93fcdbc9e671051436814188439bc5de480979e53fdcb5488cdc321 4SHA512 (php-8.3.5.tar.xz) = 6ae60efe2e4df60bf217808cbd710fb3b71a4494de8ded8e0ae7ed9ad5f737fcb49acd004abcb2f7dfcc216108b39143e8094dc40096aefcce72a59b55d4c4bd
5Size (php-8.3.4.tar.xz) = 12443980 bytes 5Size (php-8.3.5.tar.xz) = 12461308 bytes
6SHA1 (patch-configure) = c6c1657a10caeca4f9c2abf5e66f8fa16e5feca1 6SHA1 (patch-configure) = fdeb39ffcd2abd085c4cda6ced05de748b1a0a68
7SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b 7SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b
8SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd 8SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd
9SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640 9SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640
10SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7 10SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7
11SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd 11SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd
12SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483 12SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483
13SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72 13SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72
14SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6 14SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6
15SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8 15SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8
16SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 16SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3
17SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0 17SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0
cvs diff -r1.3 -r1.4 pkgsrc/lang/php83/patches/patch-configure (expand / switch to unified diff)

--- pkgsrc/lang/php83/patches/patch-configure 2024/03/17 16:48:19 1.3
+++ pkgsrc/lang/php83/patches/patch-configure 2024/04/13 02:51:54 1.4
@@ -1,59 +1,59 @@ @@ -1,59 +1,59 @@
1$NetBSD: patch-configure,v 1.3 2024/03/17 16:48:19 taca Exp $ 1$NetBSD: patch-configure,v 1.4 2024/04/13 02:51:54 taca Exp $
2 2
3* Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS. 3* Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS.
4* Don't autodetect maintainer-zts. 4* Don't autodetect maintainer-zts.
5* Shell portability. 5* Shell portability.
6 6
7--- configure.orig 2024-03-12 23:42:26.000000000 +0000 7--- configure.orig 2024-04-09 21:35:09.000000000 +0000
8+++ configure 8+++ configure
9@@ -3735,6 +3735,10 @@ EOF 9@@ -4326,6 +4326,10 @@ EOF
10 else 10 else
11 break 11 break
12 fi 12 fi
13+ case "$CURRENT_ARG" in 13+ case "$CURRENT_ARG" in
14+ \'PKG_CONFIG\=*) CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";; 14+ \'PKG_CONFIG\=*) CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";;
15+ \'PKG_CONFIG_LIBDIR\=*) CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";; 15+ \'PKG_CONFIG_LIBDIR\=*) CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";;
16+ esac 16+ esac
17 $as_echo "$CURRENT_ARG \\" >>config.nice 17 printf "%s\n" "$CURRENT_ARG \\" >>config.nice
18 CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG" 18 CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG"
19 done 19 done
20@@ -7016,30 +7020,6 @@ EOF 20@@ -7548,30 +7552,6 @@ EOF
21 ;; 21 ;;
22 esac 22 esac
23  23
24- if test "$APACHE_VERSION" -lt 2004001; then 24- if test "$APACHE_VERSION" -lt 2004001; then
25- APXS_MPM=`$APXS -q MPM_NAME` 25- APXS_MPM=`$APXS -q MPM_NAME`
26- if test "$APXS_MPM" != "prefork" && test "$APXS_MPM" != "peruser" && test "$APXS_MPM" != "itk"; then 26- if test "$APXS_MPM" != "prefork" && test "$APXS_MPM" != "peruser" && test "$APXS_MPM" != "itk"; then
27- 27-
28- enable_zts=yes 28- enable_zts=yes
29- if test "$pthreads_working" != "yes"; then 29- if test "$pthreads_working" != "yes"; then
30- as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5 30- as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5
31- fi 31- fi
32- 32-
33- fi 33- fi
34- else 34- else
35- APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'` 35- APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'`
36- if test -n "$APACHE_THREADED_MPM"; then 36- if test -n "$APACHE_THREADED_MPM"; then
37- 37-
38- enable_zts=yes 38- enable_zts=yes
39- if test "$pthreads_working" != "yes"; then 39- if test "$pthreads_working" != "yes"; then
40- as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5 40- as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5
41- fi 41- fi
42- 42-
43- fi 43- fi
44- fi 44- fi
45- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 45- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
46-$as_echo "yes" >&6; } 46-printf "%s\n" "yes" >&6; }
47- 47-
48 PHP_VAR_SUBST="$PHP_VAR_SUBST APXS" 48 PHP_VAR_SUBST="$PHP_VAR_SUBST APXS"
49  49
50 else 50 else
51@@ -77760,7 +77740,7 @@ $as_echo "#define HAVE_TIDYBUFFIO_H 1" > 51@@ -80460,7 +80440,7 @@ printf "%s\n" "#define HAVE_TIDYBUFFIO_H
52 fi 52 fi
53  53
54 TIDY_LIBDIR=$TIDY_DIR/$PHP_LIBDIR 54 TIDY_LIBDIR=$TIDY_DIR/$PHP_LIBDIR
55- if test "$TIDY_LIB_NAME" == 'tidyp'; then 55- if test "$TIDY_LIB_NAME" == 'tidyp'; then
56+ if test "$TIDY_LIB_NAME" = 'tidyp'; then 56+ if test "$TIDY_LIB_NAME" = 'tidyp'; then
57  57
58 $as_echo "#define HAVE_TIDYP_H 1" >>confdefs.h 58 printf "%s\n" "#define HAVE_TIDYP_H 1" >>confdefs.h
59  59