[pkgsrc/pkgsrc-2022Q4]: pkgsrc/lang Pullup ticket #6718 - requested by taca

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/3d878de025cc
branches:  pkgsrc-2022Q4
changeset: 391366:3d878de025cc
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sun Jan 08 17:57:21 2023 +0000

description:
Pullup ticket #6718 - requested by taca
lang/php82: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.385
- lang/php82/distinfo                                           1.2
- lang/php82/patches/patch-configure                            1.2
- lang/php82/patches/patch-sapi_fpm_fpm_events_port.c           deleted

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sat Jan  7 07:42:15 UTC 2023

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php82: distinfo
        pkgsrc/lang/php82/patches: patch-configure
   Removed Files:
        pkgsrc/lang/php82/patches: patch-sapi_fpm_fpm_events_port.c

   Log Message:
   lang/php82: update to 8.2.1

   PHP 8.2.1 (2023-01-05)

   - Core:
     . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
       (cmb)
     . Fixed bug GH-9918 (License information for xxHash is not included in
       README.REDIST.BINS file). (Akama Hitoshi)
     . Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows). (cmb)
     . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Vo=F8=ED=B9ek)
     . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb)
     . Fixed GH-9769 (Misleading error message for unpacking of objects). (jhdxr)

   - Apache:
     . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)

   - FPM:
     . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug
       #66694). (Petr Sumbera)
     . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
       (Jakub Zelenka)
     . Fixed bug #80669 (FPM numeric user fails to set groups). (Jakub Zelenka)
     . Fixed bug GH-8517 (Random crash of FPM master process in
       fpm_stdio_child_said). (Jakub Zelenka)

   - Imap:
     . Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is
       still open). (Girgias)

   - MBString:
     . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in
       PHP8.1). (Nathan Freeman)

   - Opcache:
     . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
       (Arnaud, michdingpayc)

   - OpenSSL:
     . Fixed bug GH-9997 (OpenSSL engine clean up segfault). (Jakub Zelenka)
     . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
       (Jakub Zelenka)
     . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with
       no-dsa). (Jakub Zelenka)

   - Pcntl:
     . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
       (Erki Aring)

   - PDO_Firebird:
     . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
       (cmb)

   - PDO/SQLite:
     . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
       (cmb)

   - Session:
     . Fixed GH-9932 (session name silently fails with . and [). (David Carlier)

   - SPL:
     . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias)
     . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be
       unregistered). (Girgias)

   - SQLite3:
     . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb)

   - TSRM:
     . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre)

diffstat:

 lang/php/phpversion.mk                              |   4 +-
 lang/php82/distinfo                                 |  11 +++---
 lang/php82/patches/patch-configure                  |  21 ++++++-------
 lang/php82/patches/patch-sapi_fpm_fpm_events_port.c |  33 ---------------------
 4 files changed, 17 insertions(+), 52 deletions(-)

diffs (137 lines):

diff -r 8c070c577e6f -r 3d878de025cc lang/php/phpversion.mk
--- a/lang/php/phpversion.mk    Sun Jan 08 16:15:56 2023 +0000
+++ b/lang/php/phpversion.mk    Sun Jan 08 17:57:21 2023 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.383.2.1 2023/01/08 16:15:56 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.383.2.2 2023/01/08 17:57:21 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -91,7 +91,7 @@
 PHP74_VERSION= 7.4.33
 PHP80_VERSION= 8.0.26
 PHP81_VERSION= 8.1.14
-PHP82_VERSION= 8.2.0
+PHP82_VERSION= 8.2.1
 
 # Define API version or initial release of major version.
 PHP56_RELDATE= 20140828
diff -r 8c070c577e6f -r 3d878de025cc lang/php82/distinfo
--- a/lang/php82/distinfo       Sun Jan 08 16:15:56 2023 +0000
+++ b/lang/php82/distinfo       Sun Jan 08 17:57:21 2023 +0000
@@ -1,10 +1,10 @@
-$NetBSD: distinfo,v 1.1 2022/12/11 14:12:29 taca Exp $
+$NetBSD: distinfo,v 1.1.2.1 2023/01/08 17:57:22 bsiegert Exp $
 
-BLAKE2s (php-8.2.0.tar.xz) = 9d41cdf07c6523e1b3f5971f7428a9e76023dc57170b4e3012c3b1786fcfd134
-SHA512 (php-8.2.0.tar.xz) = 0b201ca1de5210c2b44a6223556720c3409e21db3d8f976894f29ad43eebb8b60334b971aa90bc115ef113e3f06624c80175d04530466b5a02743f2fcd4c9806
-Size (php-8.2.0.tar.xz) = 11920436 bytes
+BLAKE2s (php-8.2.1.tar.xz) = 64f5f921168105d995cfcd0d18e449a809948792e75b0df82025cb89753573ae
+SHA512 (php-8.2.1.tar.xz) = 9927ccb9e5581c24d0ef3e408a7a1b32bc99f43ce88e83e4430dbd4faa3a2498b299ad6b3a70696facded139100c85bb7ae66223a72b2c043ccab0d80a2c2826
+Size (php-8.2.1.tar.xz) = 12031632 bytes
 SHA1 (patch-build_libtool.m4) = e58a2bcebe9e9d7dc7255354fd9fe57878e3f8a6
-SHA1 (patch-configure) = 65091563fe52dfe6c128698564d3aedc49d0bb52
+SHA1 (patch-configure) = c2b7f1abdc0609091409b5a5d3e3e9fb1e801773
 SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b
 SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd
 SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640
@@ -15,5 +15,4 @@
 SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6
 SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8
 SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3
-SHA1 (patch-sapi_fpm_fpm_events_port.c) = 30ecee10f6d34b7422972e1e275b4f73c7fd964d
 SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0
diff -r 8c070c577e6f -r 3d878de025cc lang/php82/patches/patch-configure
--- a/lang/php82/patches/patch-configure        Sun Jan 08 16:15:56 2023 +0000
+++ b/lang/php82/patches/patch-configure        Sun Jan 08 17:57:21 2023 +0000
@@ -1,13 +1,12 @@
-$NetBSD: patch-configure,v 1.1 2022/12/11 14:12:29 taca Exp $
+$NetBSD: patch-configure,v 1.1.2.1 2023/01/08 17:57:22 bsiegert Exp $
 
 * Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS.
-* Don't automatically add libgcc on SunOS. Reported upstream as #75941.
 * Don't autodetect maintainer-zts.
-* The meta_ccld removal reported upstream as #75940.
+* Shell portability.
 
---- configure.orig     2022-12-06 14:26:47.000000000 +0000
+--- configure.orig     2023-01-03 18:40:55.000000000 +0000
 +++ configure
-@@ -4320,6 +4320,10 @@ EOF
+@@ -3729,6 +3729,10 @@ EOF
     else
      break
     fi
@@ -15,10 +14,10 @@
 +       \'PKG_CONFIG\=*)       CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";;
 +       \'PKG_CONFIG_LIBDIR\=*)        CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";;
 +   esac
-    printf "%s\n" "$CURRENT_ARG \\" >>config.nice
+    $as_echo "$CURRENT_ARG \\" >>config.nice
     CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG"
    done
-@@ -7550,30 +7554,6 @@ EOF
+@@ -7019,30 +7023,6 @@ EOF
      ;;
    esac
  
@@ -43,18 +42,18 @@
 -
 -    fi
 -  fi
--  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
--printf "%s\n" "yes" >&6; }
+-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+-$as_echo "yes" >&6; }
 -
    PHP_VAR_SUBST="$PHP_VAR_SUBST APXS"
  
  else
-@@ -80852,7 +80832,7 @@ printf "%s\n" "#define HAVE_TIDYBUFFIO_H
+@@ -78214,7 +78194,7 @@ $as_echo "#define HAVE_TIDYBUFFIO_H 1" >
    fi
  
    TIDY_LIBDIR=$TIDY_DIR/$PHP_LIBDIR
 -  if test "$TIDY_LIB_NAME" == 'tidyp'; then
 +  if test "$TIDY_LIB_NAME" = 'tidyp'; then
  
- printf "%s\n" "#define HAVE_TIDYP_H 1" >>confdefs.h
+ $as_echo "#define HAVE_TIDYP_H 1" >>confdefs.h
  
diff -r 8c070c577e6f -r 3d878de025cc lang/php82/patches/patch-sapi_fpm_fpm_events_port.c
--- a/lang/php82/patches/patch-sapi_fpm_fpm_events_port.c       Sun Jan 08 16:15:56 2023 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-$NetBSD: patch-sapi_fpm_fpm_events_port.c,v 1.1 2022/12/11 14:12:29 taca Exp $
-
-Similar to upstream bug #65800. We should resubmit this patch and
-get that bugfix intergrated, by changing port_associate() call to
-use the wrapper fpm_event_port_add().
-
---- sapi/fpm/fpm/events/port.c.orig    2021-06-01 18:43:05.000000000 +0000
-+++ sapi/fpm/fpm/events/port.c
-@@ -145,14 +145,23 @@ static int fpm_event_port_wait(struct fp
-       }
- 
-       for (i = 0; i < nget; i++) {
-+              struct fpm_event_s *ev;
- 
-               /* do we have a ptr to the event ? */
-               if (!events[i].portev_user) {
-                       continue;
-               }
- 
-+              ev = (struct fpm_event_s *)events[i].portev_user;
-+
-+              if (port_associate(pfd, PORT_SOURCE_FD,
-+                  ev->fd, POLLIN, (void *)ev) < 0) {
-+                      zlog(ZLOG_ERROR, "port: unable to add the event");
-+                      return -1;
-+              }
-+
-               /* fire the event */
--              fpm_event_fire((struct fpm_event_s *)events[i].portev_user);
-+              fpm_event_fire(ev);
- 
-               /* sanity check */
-               if (fpm_globals.parent_pid != getpid()) {