Pullup ticket #6865 - requested by taca

lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.433 - lang/php81/Makefile 1.22-1.23 - lang/php81/Makefile.php 1.2 - lang/php81/distinfo 1.33 - lang/php81/patches/patch-build_php.m4 1.1 - lang/php81/patches/patch-configure deleted - lang/php81/patches/patch-sapi_apache2handler_config.m4 1.1 --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 13:54:25 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: Makefile distinfo Added Files: pkgsrc/lang/php81/patches: patch-build_php.m4 patch-sapi_apache2handler_config.m4 Removed Files: pkgsrc/lang/php81/patches: patch-configure Log Message: lang/php81: update to 8.1.29 pkgsrc change: Instead of patch configure, patch m4 files and use autoconf to generate configure. PHP 8.1.29 (2024-06-06) - CGI: . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: openssl/openssl#13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 23:11:41 UTC 2024 Modified Files: pkgsrc/lang/php81: Makefile Makefile.php pkgsrc/lang/php82: Makefile Makefile.php pkgsrc/lang/php83: Makefile Makefile.php pkgsrc/www/ap-php: Makefile pkgsrc/www/php-fpm: Makefile Log Message: Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too.
NetBSD · Jun 24, 2024 · 50f068d · 50f068d
1 parent ec41624
commit 50f068d
Show file tree

Hide file tree

Showing 7 changed files with 66 additions and 80 deletions.
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.426.2.6 2024/06/13 14:34:05 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.426.2.7 2024/06/24 18:04:51 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -91,7 +91,7 @@ PHPVERSION_MK=	defined
 PHP56_VERSION=	5.6.40
 PHP74_VERSION=	7.4.33
 PHP80_VERSION=	8.0.30
-PHP81_VERSION=	8.1.28
+PHP81_VERSION=	8.1.29
 PHP82_VERSION=	8.2.18
 PHP83_VERSION=	8.3.8
 

diff --git a/lang/php81/Makefile b/lang/php81/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.20 2023/11/24 06:03:45 taca Exp $
+# $NetBSD: Makefile,v 1.20.4.1 2024/06/24 18:04:51 bsiegert Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
@@ -10,7 +10,7 @@ LICENSE=		php
 
 TEST_TARGET=		test
 
-USE_TOOLS+=		gmake lex
+USE_TOOLS+=		autoconf gmake lex
 LIBTOOL_OVERRIDE=	# empty
 PHP_CHECK_INSTALLED=	No
 
@@ -42,16 +42,6 @@ PHP_PKGCONFIG_PATH=	${PKGCONFIG_PATHS:ts:}
 
 REPLACE_PHP=		ext/phar/phar/phar.php run-tests.php
 
-SUBST_CLASSES+=		path
-SUBST_MESSAGE.path=	Fixing common paths.
-SUBST_STAGE.path=	pre-configure
-SUBST_FILES.path=	configure
-SUBST_FILES.path+=	php.ini-development php.ini-production
-SUBST_FILES.path+=	sapi/cgi/Makefile.frag
-SUBST_VARS.path=	CGIDIR
-SUBST_VARS.path+=	PREFIX
-SUBST_VARS.path+=	TOOLS_PATH.pkg-config PHP_PKGCONFIG_PATH
-
 INSTALLATION_DIRS+=	${CGIDIR} ${PHP_EXTENSION_DIR} ${EGDIR} share/php
 
 # Make sure modules can link correctly
@@ -65,6 +55,9 @@ INSTALL_UNSTRIPPED=	yes
 CFLAGS+=	-DSQLITE_ENABLE_LOCKING_STYLE=0 -DSQLITE_WITHOUT_ZONEMALLOC
 .endif
 
+pre-configure:
+	cd ${WRKSRC} && autoconf -f
+
 post-install:
 	cd ${WRKSRC}; ${INSTALL_DATA} php.ini-development php.ini-production \
 		${DESTDIR}${EGDIR}

diff --git a/lang/php81/Makefile.php b/lang/php81/Makefile.php
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.1 2021/11/27 07:24:43 taca Exp $
+# $NetBSD: Makefile.php,v 1.1.20.1 2024/06/24 18:04:51 bsiegert Exp $
 # used by lang/php81/Makefile
 # used by www/ap-php/Makefile
 # used by www/php-fpm/Makefile
@@ -47,6 +47,16 @@
 
 CONFIGURE_ENV+=		EXTENSION_DIR="${PREFIX}/${PHP_EXTENSION_DIR}"
 
+SUBST_CLASSES+=		path
+SUBST_MESSAGE.path=	Fixing common paths.
+SUBST_STAGE.path=	pre-configure
+SUBST_FILES.path=	build/php.m4
+SUBST_FILES.path+=	php.ini-development php.ini-production
+SUBST_FILES.path+=	sapi/cgi/Makefile.frag
+SUBST_VARS.path=	CGIDIR
+SUBST_VARS.path+=	PREFIX
+SUBST_VARS.path+=	TOOLS_PATH.pkg-config PHP_PKGCONFIG_PATH
+
 .include "../../textproc/libxml2/buildlink3.mk"
 
 #CONFIGURE_ARGS+=	--with-pcre-regex=${BUILDLINK_PREFIX.pcre2}

diff --git a/lang/php81/distinfo b/lang/php81/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.31.2.1 2024/04/22 12:56:30 bsiegert Exp $
+$NetBSD: distinfo,v 1.31.2.2 2024/06/24 18:04:51 bsiegert Exp $
 
-BLAKE2s (php-8.1.28.tar.xz) = 3c9676ad6d04d5006f3135f377f22fab86b3f1f6804977b290e4bf9685d214c0
-SHA512 (php-8.1.28.tar.xz) = d56ecac164e00e9514cd3c6c8c453598b323118dc7d7ae7cc14ba0847d50a2e455b2391f52e0d81af325b02d8f73a7d2ed66bf66d068dac4a496d777c83a398f
-Size (php-8.1.28.tar.xz) = 11848504 bytes
-SHA1 (patch-configure) = bf9d652aa5b5509b08ce7cdb6168936ca7b80584
+BLAKE2s (php-8.1.29.tar.xz) = ba21a632f93e60e0a7111abba136333a5430f04e5ba64336838a24137934f0df
+SHA512 (php-8.1.29.tar.xz) = fd4f75224f71111a4cc40b3015ae70ac57a623326a3299da9ab8bd9dfad4ea27ff345d0eb75f1407d183207e763d372d738bbd8d217d01ec1414d29a547e8ba7
+Size (php-8.1.29.tar.xz) = 11826292 bytes
+SHA1 (patch-build_php.m4) = 5b86e63ccdce4e654acc9361f4d275f23b5afd46
 SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640
 SHA1 (patch-ext_enchant_enchant.c) = 7924acc5fdadea89b3a385cf744ef982795bf89d
 SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd
@@ -12,6 +12,7 @@ SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd
 SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483
 SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72
 SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6
+SHA1 (patch-sapi_apache2handler_config.m4) = 0cc7e66a81797b4a00fba38f547c4862870de417
 SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8
 SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3
 SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0
diff --git a/lang/php81/patches/patch-build_php.m4 b/lang/php81/patches/patch-build_php.m4
@@ -0,0 +1,17 @@
+$NetBSD: patch-build_php.m4,v 1.1.2.2 2024/06/24 18:04:52 bsiegert Exp $
+
+Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS.
+
+--- build/php.m4.orig	2024-06-05 05:51:57.000000000 +0000
++++ build/php.m4
+@@ -2152,6 +2152,10 @@ EOF
+    else
+     break
+    fi
++   case "$CURRENT_ARG" in
++       \'PKG_CONFIG\=*)	CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";;
++       \'PKG_CONFIG_LIBDIR\=*)	CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";;
++   esac
+    AS_ECHO(["$CURRENT_ARG \\"]) >>$1
+    CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG"
+   done
diff --git a/lang/php81/patches/patch-configure b/lang/php81/patches/patch-configure
diff --git a/lang/php81/patches/patch-sapi_apache2handler_config.m4 b/lang/php81/patches/patch-sapi_apache2handler_config.m4
@@ -0,0 +1,25 @@
+$NetBSD: patch-sapi_apache2handler_config.m4,v 1.1.2.2 2024/06/24 18:04:52 bsiegert Exp $
+
+Don't autodetect maintainer-zts.
+
+--- sapi/apache2handler/config.m4.orig	2024-06-05 05:51:57.000000000 +0000
++++ sapi/apache2handler/config.m4
+@@ -108,18 +108,6 @@ if test "$PHP_APXS2" != "no"; then
+     ;;
+   esac
+
+-  if test "$APACHE_VERSION" -lt 2004001; then
+-    APXS_MPM=`$APXS -q MPM_NAME`
+-    if test "$APXS_MPM" != "prefork" && test "$APXS_MPM" != "peruser" && test "$APXS_MPM" != "itk"; then
+-      PHP_BUILD_THREAD_SAFE
+-    fi
+-  else
+-    APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'`
+-    if test -n "$APACHE_THREADED_MPM"; then
+-      PHP_BUILD_THREAD_SAFE
+-    fi
+-  fi
+-  AC_MSG_RESULT(yes)
+   PHP_SUBST(APXS)
+ else
+   AC_MSG_RESULT(no)