Changelog:
==========
- CLI:
. Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
- Core:
. Fixed build for the riscv64 architecture/GCC 12.
- Curl:
. Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
- Date:
. Fixed bug GH-11455 (Segmentation fault with custom object date properties).
- DOM:
. Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions
and segfaults with replaceWith).
. Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty
attribute value).
. Fix return value in stub file for DOMNodeList::item.
. Fix spec compliance error with '*' namespace for
DOMDocument::getElementsByTagNameNS.
. Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
. Fixed bug GH-11347 (Memory leak when calling a static method inside an
xpath query).
. Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile
namespaces).
. Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node
with itself).
. Fixed bug #77686 (Removed elements are still returned by getElementById).
. Fixed bug #70359 (print_r() on DOMAttr causes Segfault in
php_libxml_node_free_list()).
. Fixed bug #78577 (Crash in DOMNameSpace debug info handlers).
. Fix lifetime issue with getAttributeNodeNS().
. Fix "invalid state error" with cloned namespace declarations.
. Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation
issues).
. Fixed bug #80332 (Completely broken array access functionality with
DOMNamedNodeMap).
- Opcache:
. Fix allocation loop in zend_shared_alloc_startup().
. Access violation on smm_shared_globals with ALLOC_FALLBACK.
. Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem
with opcache.file_cache_only=1 but it was never locked).
- OpenSSL:
. Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in
subjectAltNames
- PCRE:
. Fix preg_replace_callback_array() pattern validation.
- PGSQL:
. Fixed intermittent segfault with pg_trace.
- Phar:
. Fix cross-compilation check in phar generation for FreeBSD.
- SPL:
. Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one
slash).
- Standard:
. Fix access on NULL pointer in array_merge_recursive().
. Fix exception handling in array_multisort().
- SQLite3:
. Fixed bug GH-11451 (Invalid associative array containing duplicate
keys).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is new patch-status QA check in oe-core:
https://git.openembedded.org/openembedded-core/commit/?id=76a685bfcf927593eac67157762a53259089ea8a
This is temporary work around just to hide _many_ warnings from
optional patch-status (if you add it to WARN_QA).
This just added
Upstream-Status: Pending
everywhere without actually investigating what's the proper status.
This is just to hide current QA warnings and to catch new .patch files being
added without Upstream-Status, but the number of Pending patches is now terrible:
5 (26%) meta-xfce
6 (50%) meta-perl
15 (42%) meta-webserver
21 (36%) meta-gnome
25 (57%) meta-filesystems
26 (43%) meta-initramfs
45 (45%) meta-python
47 (55%) meta-multimedia
312 (63%) meta-networking
756 (61%) meta-oe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
. Fixed bug GH-11152 (Unable to alias namespaces containing reserved class
names).
. Fixed bug GH-9068 (Conditional jump or move depends on uninitialised
value(s)).
. Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves
the array in an invalid state).
. Fixed bug GH-11063 (Compilation error on old GCC versions).
. Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
If my git skills don't trick me, forcing ARM mode for PHP
dates back to year 2015 with commit e836f8f93.
I wondered whether the compile problem still persists and just
tested that it compiles fine for qemuarm nowaydays.
I also tested the binaries on a physical device, a
NXP iMX6ULL based one, and did not notice any problems
so far.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
==========
Added optional support for max_execution_time in ZTS/Linux builds
Fixed use-after-free in recursive AST evaluation.
Fixed bug GH-8646 (Memory leak PHP FPM 8.1).
Re-add some CTE functions that were removed from being CTE by a mistake.
Remove CTE flag from array_diff_ukey(), which was added by mistake.
Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache).
Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
Fix potential memory corruption when mixing __callStatic() and FFI.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- Core:
. Fixed incorrect check condition in type inference.
. Fix incorrect check in zend_internal_call_should_throw().
. Fixed overflow check in OnUpdateMemoryConsumption.
. Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a
Generator emits an unavoidable fatal error or crashes).
. Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown
function after bailout).
. Fixed SSA object type update for compound assignment opcodes.
. Fixed language scanner generation build.
. Fixed zend_update_static_property() calling zend_update_static_property_ex()
misleadingly with the wrong return type.
. Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer
constant name).
. Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle()
freeing dangling pointers on the handle as it was uninitialized.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
-D_LARGEFILE64_SOURCE is needed for musl explicitly. Its added
indirectly via -D_GNU_SOURCE on glibc but not on musl feature macros
Signed-off-by: Khem Raj <raj.khem@gmail.com>
CVE-2007-2728, CVE-2007-3205 and CVE-2007-4596 are patched in our
version of php but they don't have a vulnerable version range in the
NVD database, that's why they need to be ignored.
Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This patch is not only needed for target but also needed for native and
nativesdk variants.
Fixes
do_populate_sysroot: QA Issue: : /work/x86_64-linux/php-native/8.1.7-r0/sysroot-destdir/
work/x86_64-linux/php-native/8.1.7-r0/recipe-sysroot-native/usr/bin/phar.phar maximum shebang size exceeded, the ma
ximum size is 128. [shebang-size]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=========
Core:
------
Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
Fixed bug #7896 (Environment vars may be mangled on Windows).
Fixed bug #7883 (Segfault when INI file is not readable).
FFI:
-----
Fixed bug #7867 (FFI::cast() from pointer to array is broken).
Filter:
------
Fix#81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708)
FPM:
-----
Fixed memory leak on invalid port.
Fixed bug #7842 (Invalid OpenMetrics response format returned by FPM status page.
MBString:
--------
Fixed bug #7902 (mb_send_mail may delimit headers with LF only).
MySQLnd:
--------
Fixed bug #7972 (MariaDB version prefix 5.5.5- is not stripped).
pcntl:
------
Fixed pcntl_rfork build for DragonFlyBSD.
Sockets:
-------
Fixed bug #7978 (sockets extension compilation errors).
Standard:
---------
Fixed bug #7899 (Regression in unpack for negative int value).
Fixed bug #7875 (mails are sent even if failure to log throws exception).
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
- Add fibers support for RISCV64
- Disable build on RISCV32 musl since getcontext/setcontext APIs do not
exist on musl which are needed for fibers
- Detailed changes are here [1]
[1] https://www.php.net/ChangeLog-8.php#PHP_8_1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
libtool is now longer renamed to ${host}-libtool, so remove the changes
to support this.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
wrong name make service apache2 start failed with failure:
httpd: Syntax error on line 511 of /etc/apache2/httpd.conf: Syntax error on line 1 of /etc/apache2/modules.d/70_mod_php8.conf: Cannot load /usr/libexec/apache2/modules/libphp7.so into server: /usr/libexec/apache2/modules/libphp7.so: cannot open shared object file: No such file or directory
httpd: Syntax error on line 511 of /etc/apache2/httpd.conf: Syntax error on line 1 of /etc/apache2/modules.d/70_mod_php8.conf: Can't locate API module structure `php7_module' in file /usr/libexec/apache2/modules/libphp.so: /usr/libexec/apache2/modules/libphp.so: undefined symbol: php7_module
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
minilua, by default, is compiled by the host machine as a
dependency for compiling the JIT/opcache extension. To
successfully cross-compile, this needs to be run under QEMU to
match the target architecture.
According to the [RFC](https://wiki.php.net/rfc/jit), only
x86 and x86_64 targets are supported.
Signed-off-by: Ashley Cox <ashleyc@cybernetics.com>
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
License-Update: License updated (year updated)
Fix some security issues such as CVE-2021-21702 and remove two
cve patches which already included in the new version.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since commit c4ffcaa2[php: split out phpdbg into a separate package],
package php is empty, we might met error:
nothing provides php needed by php-cli-7.4.9-r0.corei7_64
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since PHP 7.0 the phpdbg debugger is built by default and gets shipped
in the main php package, increasing its size by several MB; split it
out into a php-phpdbg package, following Debian naming.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Appending ${TMPDIR} to ${D} doesn't make any sense, because both are
absolute paths. And additionally, the code fails:
rmdir: failed to remove '/usr/src/oe/tmp-musl/work/core2-64-oe-linux-musl/php/7.1.9-r0/image//usr': Directory not empty
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
/var/run has been deprecated by systemd, so use /run instead,
as suggested by systemd.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Upgrade to release 7.4.9:
- Fixed: Upgrade apache2handler's php_apache_sapi_get_request_time
to return usec
- Fixed: BSTR to PHP string conversion not binary safe
- Fixed: DCOM does not work with Username, Password parameter
- Fixed: serialize() and unserialize() methods can not be called
statically
- Fixed: Segfault in php_str_replace_common
- Fixed: Assertion failure if dumping closure with unresolved
static variable
- Fixed: Assertion failure when assigning property of string
offset by reference
- Fixed: HT iterators not removed if empty array is destroyed
- Fixed: Changing array during undef index RW error segfaults
- Fixed: Use after free if changing array during undef var during
array write fetch
- Fixed: Use after free if string used in undefined index warning
is changed
- Fixed: Public non-static property in child should take priority
over private static
- Fixed: getimagesize function silently truncates after a null
byte
- Fixed: finfo_file crash (FILEINFO_MIME)
- Fixed: ftp_size on large files
- Fixed: mb_strimwidth does not trim string
- Fixed: Use of freed hash key in the phar_parse_zipfile function
- Fixed: ::getStaticProperties() ignores property modifications
- Fixed: ::getStaticPropertyValue() throws on protected props
- Fixed: Use after free when type duplicated into
ReflectionProperty gets resolved
- Fixed: Can't copy() large 'data://' with open_basedir
- Fixed: dns_check_record() always return true on Alpine
- Fixed: array_walk() does not respect property types
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The source of the issue is the update for PHP 7.4 support in
0001-opcache-config.m4-enable-opcache.patch (commit 7cc7a9ec). Instead
of working around the issue in the recipe file, update the patch to
restore the call to PHP_ADD_LIBRARY().
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Explicitly specifying -lrt is required for opcache to be linked against
the proper dependencies. Additionally, PHP disables libdl when it
detects a cross-compilation environment for some reason. In order to
load any type of extension, re-enabling libdl is required.
Signed-off-by: Claude Bing <cbing@cybernetics.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add mbstring to PACKAGECONFIG to enable
multibyte string support in php
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
--enable-zip and --with-libzip were removed in PHP 7.x.
These are replaced by --with-zip --with-zlib-dir.
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Wang Mingyu
Martin Jansa
Michael Heimpold
Mingli Yu
Khem Raj
Davide Gardenal
Ross Burton
Changqing Li
Claude Bing
Alexander Kanavin
Joe Slater
Diego Santa Cruz
Zheng Ruoqin
Max Kellermann
Qi.Chen@windriver.com
Leon Anavi
Claude Bing
Konrad Weihmann