Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package php8 for openSUSE:Factory checked in at 2024-06-09 20:18:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php8 (Old) and /work/SRC/openSUSE:Factory/.php8.new.19518 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php8" Sun Jun 9 20:18:51 2024 rev:68 rq:1179157 version:8.3.8 Changes: -------- --- /work/SRC/openSUSE:Factory/php8/php8.changes 2024-05-11 18:19:08.885735517 +0200 +++ /work/SRC/openSUSE:Factory/.php8.new.19518/php8.changes 2024-06-09 20:19:03.755076335 +0200 @@ -1,0 +2,39 @@ +Fri Jun 7 07:02:10 UTC 2024 - [email protected] + +- version update to 8.3.8 [bsc#1226073] + CGI: + Fixed buffer limit on Windows, replacing read call usage by _read. + Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) + CLI: + Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). + Core: + Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). + DOM: + Fix crashes when entity declaration is removed while still having entity references. + Fix references not handled correctly in C14N. + Fix crash when calling childNodes next() when iterator is exhausted. + Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. + Filter: + Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) + FPM: + Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). + Hash: + ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) + Intl: + Fixed build regression on systems without C++17 compilers. + MySQLnd: + Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). + Opcache: + Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). + OpenSSL: + The openssl_private_decrypt function in PHP and Marvin attack. + Standard: + Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) + XML: + Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). + XMLReader: + Fixed bug GH-14183 (XMLReader::open() can't be overridden). +- modified patches + % php-build-reproducible-phar.patch (refreshed) + +------------------------------------------------------------------- Old: ---- php-8.3.7.tar.xz php-8.3.7.tar.xz.asc New: ---- php-8.3.8.tar.xz php-8.3.8.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php8.spec ++++++ --- /var/tmp/diff_new_pack.JsLbnm/_old 2024-06-09 20:19:06.891185732 +0200 +++ /var/tmp/diff_new_pack.JsLbnm/_new 2024-06-09 20:19:06.911186430 +0200 @@ -57,7 +57,7 @@ %bcond_without sodium Name: %{pprefix}%{php_name}%{psuffix} -Version: 8.3.7 +Version: 8.3.8 Release: 0 Summary: Interpreter for the PHP scripting language version 8 License: MIT AND PHP-3.01 ++++++ php-8.3.7.tar.xz -> php-8.3.8.tar.xz ++++++ /work/SRC/openSUSE:Factory/php8/php-8.3.7.tar.xz /work/SRC/openSUSE:Factory/.php8.new.19518/php-8.3.8.tar.xz differ: char 26, line 1 ++++++ php-ar-flags.patch ++++++ --- /var/tmp/diff_new_pack.JsLbnm/_old 2024-06-09 20:19:07.363202197 +0200 +++ /var/tmp/diff_new_pack.JsLbnm/_new 2024-06-09 20:19:07.367202337 +0200 @@ -1,8 +1,8 @@ -Index: php-8.3.2/configure.ac +Index: php-8.3.8/configure.ac =================================================================== ---- php-8.3.2.orig/configure.ac -+++ php-8.3.2/configure.ac -@@ -1657,7 +1657,7 @@ PHP_CONFIGURE_PART(Configuring libtool) +--- php-8.3.8.orig/configure.ac ++++ php-8.3.8/configure.ac +@@ -1660,7 +1660,7 @@ PHP_CONFIGURE_PART(Configuring libtool) dnl Silence warning: `ar: 'u' modifier ignored since 'D' is the default` dnl See https://github.com/php/php-src/pull/3017 ++++++ php-build-reproducible-phar.patch ++++++ --- /var/tmp/diff_new_pack.JsLbnm/_old 2024-06-09 20:19:07.379202756 +0200 +++ /var/tmp/diff_new_pack.JsLbnm/_new 2024-06-09 20:19:07.383202895 +0200 @@ -16,11 +16,11 @@ ext/phar/zip.c | 2 +- 6 files changed, 18 insertions(+), 5 deletions(-) -Index: php-8.3.3/ext/phar/phar.c +Index: php-8.3.8/ext/phar/phar.c =================================================================== ---- php-8.3.3.orig/ext/phar/phar.c -+++ php-8.3.3/ext/phar/phar.c -@@ -2993,7 +2993,7 @@ int phar_flush(phar_archive_data *phar, +--- php-8.3.8.orig/ext/phar/phar.c ++++ php-8.3.8/ext/phar/phar.c +@@ -2996,7 +2996,7 @@ int phar_flush(phar_archive_data *phar, 4: metadata-len +: metadata */ @@ -29,10 +29,10 @@ phar_set_32(entry_buffer, entry->uncompressed_filesize); phar_set_32(entry_buffer+4, mytime); phar_set_32(entry_buffer+8, entry->compressed_filesize); -Index: php-8.3.3/ext/phar/phar_internal.h +Index: php-8.3.8/ext/phar/phar_internal.h =================================================================== ---- php-8.3.3.orig/ext/phar/phar_internal.h -+++ php-8.3.3/ext/phar/phar_internal.h +--- php-8.3.8.orig/ext/phar/phar_internal.h ++++ php-8.3.8/ext/phar/phar_internal.h @@ -427,6 +427,21 @@ static inline enum phar_fp_type phar_get return PHAR_G(cached_fp)[entry->phar->phar_pos].manifest[entry->manifest_pos].fp_type; } @@ -55,10 +55,10 @@ static inline zend_off_t phar_get_fp_offset(phar_entry_info *entry) { if (!entry->is_persistent) { -Index: php-8.3.3/ext/phar/stream.c +Index: php-8.3.8/ext/phar/stream.c =================================================================== ---- php-8.3.3.orig/ext/phar/stream.c -+++ php-8.3.3/ext/phar/stream.c +--- php-8.3.8.orig/ext/phar/stream.c ++++ php-8.3.8/ext/phar/stream.c @@ -474,7 +474,7 @@ static int phar_stream_flush(php_stream phar_entry_data *data = (phar_entry_data *) stream->abstract; @@ -68,10 +68,10 @@ ret = phar_flush(data->phar, 0, 0, 0, &error); if (error) { php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS, "%s", error); -Index: php-8.3.3/ext/phar/tar.c +Index: php-8.3.8/ext/phar/tar.c =================================================================== ---- php-8.3.3.orig/ext/phar/tar.c -+++ php-8.3.3/ext/phar/tar.c +--- php-8.3.8.orig/ext/phar/tar.c ++++ php-8.3.8/ext/phar/tar.c @@ -965,7 +965,7 @@ int phar_tar_flush(phar_archive_data *ph char halt_stub[] = "__HALT_COMPILER();"; @@ -81,10 +81,10 @@ entry.is_modified = 1; entry.is_crc_checked = 1; entry.is_tar = 1; -Index: php-8.3.3/ext/phar/util.c +Index: php-8.3.8/ext/phar/util.c =================================================================== ---- php-8.3.3.orig/ext/phar/util.c -+++ php-8.3.3/ext/phar/util.c +--- php-8.3.8.orig/ext/phar/util.c ++++ php-8.3.8/ext/phar/util.c @@ -584,7 +584,7 @@ phar_entry_data *phar_get_or_create_entr phar_add_virtual_dirs(phar, path, path_len); @@ -94,10 +94,10 @@ etemp.is_crc_checked = 1; etemp.phar = phar; etemp.filename = estrndup(path, path_len); -Index: php-8.3.3/ext/phar/zip.c +Index: php-8.3.8/ext/phar/zip.c =================================================================== ---- php-8.3.3.orig/ext/phar/zip.c -+++ php-8.3.3/ext/phar/zip.c +--- php-8.3.8.orig/ext/phar/zip.c ++++ php-8.3.8/ext/phar/zip.c @@ -1236,7 +1236,7 @@ int phar_zip_flush(phar_archive_data *ph pass.error = &temperr;
