License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e418ee4657)
[Bug fix only updates plus: CVE-2020-7071 ]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since commit c4ffcaa2[php: split out phpdbg into a separate package],
package php is empty, we might met error:
nothing provides php needed by php-cli-7.4.9-r0.corei7_64
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9be6b4f5a2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Since PHP 7.0 the phpdbg debugger is built by default and gets shipped
in the main php package, increasing its size by several MB; split it
out into a php-phpdbg package, following Debian naming.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c4ffcaa2ab)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Appending ${TMPDIR} to ${D} doesn't make any sense, because both are
absolute paths. And additionally, the code fails:
rmdir: failed to remove '/usr/src/oe/tmp-musl/work/core2-64-oe-linux-musl/php/7.1.9-r0/image//usr': Directory not empty
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit f6338892d9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Upgrade to release 7.4.9:
- Fixed: Upgrade apache2handler's php_apache_sapi_get_request_time
to return usec
- Fixed: BSTR to PHP string conversion not binary safe
- Fixed: DCOM does not work with Username, Password parameter
- Fixed: serialize() and unserialize() methods can not be called
statically
- Fixed: Segfault in php_str_replace_common
- Fixed: Assertion failure if dumping closure with unresolved
static variable
- Fixed: Assertion failure when assigning property of string
offset by reference
- Fixed: HT iterators not removed if empty array is destroyed
- Fixed: Changing array during undef index RW error segfaults
- Fixed: Use after free if changing array during undef var during
array write fetch
- Fixed: Use after free if string used in undefined index warning
is changed
- Fixed: Public non-static property in child should take priority
over private static
- Fixed: getimagesize function silently truncates after a null
byte
- Fixed: finfo_file crash (FILEINFO_MIME)
- Fixed: ftp_size on large files
- Fixed: mb_strimwidth does not trim string
- Fixed: Use of freed hash key in the phar_parse_zipfile function
- Fixed: ::getStaticProperties() ignores property modifications
- Fixed: ::getStaticPropertyValue() throws on protected props
- Fixed: Use after free when type duplicated into
ReflectionProperty gets resolved
- Fixed: Can't copy() large 'data://' with open_basedir
- Fixed: dns_check_record() always return true on Alpine
- Fixed: array_walk() does not respect property types
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f46931abf0)
[Bug fix on update. lts version]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The source of the issue is the update for PHP 7.4 support in
0001-opcache-config.m4-enable-opcache.patch (commit 7cc7a9ec). Instead
of working around the issue in the recipe file, update the patch to
restore the call to PHP_ADD_LIBRARY().
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3cfd16be4e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Explicitly specifying -lrt is required for opcache to be linked against
the proper dependencies. Additionally, PHP disables libdl when it
detects a cross-compilation environment for some reason. In order to
load any type of extension, re-enabling libdl is required.
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0145cb4645)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
PHP 7.4 enables libxml by default and removed it as a configurable
option.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7aeef522ff)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--enable-zip and --with-libzip were removed in PHP 7.x.
These are replaced by --with-zip --with-zlib-dir.
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6690afa59e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
License-Update: License updated (year updated)
note: for 7.4, pear is disabled by default,
and it will be deprecated in future.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This change makes the parsing go though, we still might have build
issues, which will be reported in world builds seprately
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Patch for issue fixed upstream removed.
Also merge the inc into the recipe.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Patch for php to sync with the fix for the same issue in
libgd.
CVE: CVE-2019-6978
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The apache2 module's path has been changed from ${libdir} to
${libexecdir} in commit 8d4d608b4e. Update
mod_php.conf to adapt it.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
It redefines apache2's libexecdir. Update php to sync with that change.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Lets remove it directly, since October would be a year after
EOL so waiting until then would make it quite stale
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
with configuration:
IMAGE_INSTALL_append = " apache2 php-fpm-apache2"
systemctl status apache2.service report error:
httpd: Syntax error on line 509 of /etc/apache2/httpd.conf: Syntax error on line 3 of /etc/apache2/conf.d/php-fpm.conf: Cannot load lib/apache
fix by correct the module path
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Configuration:
IMAGE_INSTALL_append = " modphp apache2 phpmyadmin xdebug"
PACKAGECONFIG_append_pn-php = " apache2"
Apache2 service start up with error:
[php7:crit] [pid 3943:tid 140477147074880] Apache is running a threaded MPM,
but your PHP Module is not compiled to be threadsafe.
Fix:
after apache2 is upgraded from 2.4.34 to 2.4.39, apache2-native
installs httpd into STAGING_SBINDIR_NATIVE, correct it so that
ZTS feature is open, and php is compiled to be threadsafe.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: 7.x version trim trailing whitespace
7.x:
* drop CVE-2017-9120.patch since it cannot resolve the CVE
* use recommand option --with-libzip, bundled libzip is deprecated
* update patches
5.x:
* use recommand option --with-libzip, bundled libzip is deprecated
* update patches
* Fix php 7.x cross build on hosts which have libxml2 installed
libxml2 is not detected properly, it pokes at host and takes the
libraries and header files added to build which links in libraries like
libicu which may not be available in sysroot causing configure failures
like
checking for sqlite3 files in default path... found in TOPDIR/build/tmp/work/aarch64-yoe-linux/php/7.3.2-r0/recipe-sysroot/usr/lib/..
checking for SQLite 3.3.9+... checking for sqlite3_prepare_v2 in -lsqlite3... no
not found
configure: error: Please install SQLite 3.3.9 first or check libsqlite3 is present
the reason is configure test fails to find icu libraries since they were
added based on build host's libxml2.pc
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
A couple have still been missed in the past despite multiple
attempts at doing so (or simply have re-appeared?).
Search & replace made using the following command:
sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \
-i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \
| cut -d':' -f1 \
| sort -u)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The autoconf variable `ac_cv_func_dlopen` controls whether `dlopen()`
is available without linking `libdl.so`. But that doesn't work:
tmp-glibc/work/aarch64-oe-linux/php/7.2.10-r0/recipe-sysroot-native/usr/bin/aarch64-oe-linux/../../libexec/aarch64-oe-linux/gcc/aarch64-oe-linux/8.2.0/ld: ext/sqlite3/libsqlite/sqlite3.o: undefined reference to symbol 'dlsym@@GLIBC_2.17'
tmp-glibc/work/aarch64-oe-linux/php/7.2.10-r0/recipe-sysroot-native/usr/bin/aarch64-oe-linux/../../libexec/aarch64-oe-linux/gcc/aarch64-oe-linux/8.2.0/ld: tmp-glibc/work/aarch64-oe-linux/php/7.2.10-r0/recipe-sysroot/lib/libdl.so.2: error adding symbols: DSO missing from command line
Leave `ac_cv_lib_dl_dlopen=yes`, because that's the one which controls
whether `-ldl` is needed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Removing "sqlite3" from `PACKAGECONFIG` doesn't actually disable
SQLite, because those options default to "yes". It just switches from
the system SQLite to PHP's internal SQLite copy.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1. Upgrade 7.2.9 -> 7.2.10
2. php 5.x not support valgrind config, so move it to php_7.x.bb
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
configure will look by default for valgrind.h in some host directories.
We override this by setting --with-valgrind even if we do not want it.
The default value of PACKAGECONFIG does not enable valgrind support.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The PHP recipe depends on OpenSSL but support is disabled unless you pass
--with-openssl.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The PHP recipe depends on OpenSSL but support is disabled unless you pass
--with-openssl. Add a PACKAGECONFIG for openssl and enable it by default.
Also for clarity pass --enable-opcache when the opcache is enabled.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Joe Slater
Mingli Yu
Changqing Li
Diego Santa Cruz
Zheng Ruoqin
Max Kellermann
Leon Anavi
Claude Bing
Claude Bing
Konrad Weihmann
Wang Mingyu
Li Zhou
Khem Raj
Adrian Bunk
Trevor Gamblin
Yi Zhao
Kai Kang
Yuan Chao
Zang Ruochen
Hongxu Jia
Hong Liu
André Draszik
Ross Burton