From 211a54292cfd75b7a893152fff7344fe300cd86b Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sun, 24 Nov 2024 19:34:52 +0100 Subject: [PATCH] php81: 8.1.30 -> 8.1.31 Fixes * CVE-2024-8932 * CVE-2024-8929 * CVE-2024-11236 * CVE-2024-11234 * CVE-2024-11233 * GHSA-4w77-75f9-2c8w ChangeLog: https://www.php.net/ChangeLog-8.php#8.1.31 --- pkgs/development/interpreters/php/8.1.nix | 31 +----- pkgs/top-level/php-packages.nix | 109 +--------------------- 2 files changed, 3 insertions(+), 137 deletions(-) diff --git a/pkgs/development/interpreters/php/8.1.nix b/pkgs/development/interpreters/php/8.1.nix index adf8fbfe5981..51610fb40985 100644 --- a/pkgs/development/interpreters/php/8.1.nix +++ b/pkgs/development/interpreters/php/8.1.nix @@ -2,35 +2,8 @@ let base = callPackage ./generic.nix ((removeAttrs _args [ "fetchpatch" ]) // { - version = "8.1.30"; - hash = "sha256-yxYl5axJuRA3R34+d2e7BiQ0OXGuuZL0eRthivVx0j4="; - extraPatches = [ - # Fix build with libxml2 2.12+. - # Patch from https://github.com/php/php-src/commit/0a39890c967aa57225bb6bdf4821aff7a3a3c082 - (fetchpatch { - url = "https://github.com/php/php-src/commit/0a39890c967aa57225bb6bdf4821aff7a3a3c082.patch"; - hash = "sha256-HvpTL7aXO9gr4glFdhqUWQPrG8TYTlvbNINq33M3zS0="; - }) - # Fix tests with libxml2 2.12 - (fetchpatch { - url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch"; - hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU="; - excludes = [ - "NEWS" - ]; - }) - # Backport of PHP_LIBXML_IGNORE_DEPRECATIONS_START and PHP_LIBXML_IGNORE_DEPRECATIONS_END - # Required for libxml2 2.13 compatibility patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/e2d97314ab342d434e778cd00a2f34e4bdb07664.patch"; - hash = "sha256-w0hyYUgbRGpvIBfWeDTSEUGpiJdyrtNjKy+Fn1vyAO0="; - }) - # Fix build with libxml2 2.13+. Has to be applied after libxml2 2.12 patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/4fe821311cafb18ca8bdf20b9d796c48a13ba552.patch"; - hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY="; - }) - ]; + version = "8.1.31"; + hash = "sha256-CzmCizRRUcrxt5XZ9LkjyYhyMXdsMwdt/J2QpEOQ0Nw="; }); in base.withExtensions ({ all, ... }: with all; ([ diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix index 69661ef6f3c1..dd925256e3ab 100644 --- a/pkgs/top-level/php-packages.nix +++ b/pkgs/top-level/php-packages.nix @@ -395,29 +395,6 @@ in { configureFlags = [ "--enable-dom" ]; - # Add a PHP lower version bound constraint to avoid applying the patch on older PHP versions. - patches = lib.optionals (lib.versions.majorMinor php.version == "8.1") [ - # Fix tests with libxml 2.12 - # Part of 8.3.1RC1+, 8.2.14RC1+ - (fetchpatch { - url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch"; - hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU="; - excludes = [ - "NEWS" - ]; - }) - ] ++ lib.optionals (lib.versions.majorMinor php.version == "8.1") [ - # Backport of PHP_LIBXML_IGNORE_DEPRECATIONS_START and PHP_LIBXML_IGNORE_DEPRECATIONS_END - (fetchpatch { - url = "https://github.com/php/php-src/commit/e2d97314ab342d434e778cd00a2f34e4bdb07664.patch"; - hash = "sha256-w0hyYUgbRGpvIBfWeDTSEUGpiJdyrtNjKy+Fn1vyAO0="; - }) - # Fix build with libxml2 2.13+. Has to be applied after libxml2 2.12 patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/4fe821311cafb18ca8bdf20b9d796c48a13ba552.patch"; - hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY="; - }) - ]; } { name = "enchant"; @@ -625,27 +602,6 @@ in { configureFlags = [ "--enable-simplexml" ]; - patches = lib.optionals (lib.versions.majorMinor php.version == "8.1") [ - # Fix tests with libxml2 2.12 - (fetchpatch { - url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch"; - hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU="; - excludes = [ - "NEWS" - ]; - }) - # Backport of PHP_LIBXML_IGNORE_DEPRECATIONS_START and PHP_LIBXML_IGNORE_DEPRECATIONS_END - # Required for libxml2 2.13 compatibility patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/e2d97314ab342d434e778cd00a2f34e4bdb07664.patch"; - hash = "sha256-w0hyYUgbRGpvIBfWeDTSEUGpiJdyrtNjKy+Fn1vyAO0="; - }) - # Fix build with libxml2 2.13+. Has to be applied after libxml2 2.12 patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/4fe821311cafb18ca8bdf20b9d796c48a13ba552.patch"; - hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY="; - }) - ]; } { name = "snmp"; @@ -664,28 +620,7 @@ in { # Unknown: php_network_getaddresses: getaddrinfo for localhost failed: nodename nor servname provided doCheck = !stdenv.hostPlatform.isDarwin && lib.versionOlder php.version "8.4"; internalDeps = [ php.extensions.session ]; - patches = lib.optionals (lib.versions.majorMinor php.version == "8.1") [ - # Fix tests with libxml2 2.12 - (fetchpatch { - url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch"; - hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU="; - excludes = [ - "NEWS" - ]; - }) - # Backport of PHP_LIBXML_IGNORE_DEPRECATIONS_START and PHP_LIBXML_IGNORE_DEPRECATIONS_END - # Required for libxml2 2.13 compatibility patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/e2d97314ab342d434e778cd00a2f34e4bdb07664.patch"; - hash = "sha256-w0hyYUgbRGpvIBfWeDTSEUGpiJdyrtNjKy+Fn1vyAO0="; - }) - # Fix build with libxml2 2.13+. Has to be applied after libxml2 2.12 patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/4fe821311cafb18ca8bdf20b9d796c48a13ba552.patch"; - hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY="; - }) - ] - ++ lib.optionals (lib.versionAtLeast php.version "8.3" && lib.versionOlder php.version "8.4") [ + patches = lib.optionals (lib.versionAtLeast php.version "8.3" && lib.versionOlder php.version "8.4") [ # https://github.com/php/php-src/pull/16733 (fix soap test) (fetchpatch { url = "https://github.com/php/php-src/commit/5c308d61db104854e4ff84ab123e3ea56e1b4046.patch"; @@ -724,27 +659,6 @@ in { "--enable-xml" ]; doCheck = false; - patches = lib.optionals (lib.versions.majorMinor php.version == "8.1") [ - # Fix tests with libxml2 2.12 - (fetchpatch { - url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch"; - hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU="; - excludes = [ - "NEWS" - ]; - }) - # Backport of PHP_LIBXML_IGNORE_DEPRECATIONS_START and PHP_LIBXML_IGNORE_DEPRECATIONS_END - # Required for libxml2 2.13 compatibility patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/e2d97314ab342d434e778cd00a2f34e4bdb07664.patch"; - hash = "sha256-w0hyYUgbRGpvIBfWeDTSEUGpiJdyrtNjKy+Fn1vyAO0="; - }) - # Fix build with libxml2 2.13+. Has to be applied after libxml2 2.12 patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/4fe821311cafb18ca8bdf20b9d796c48a13ba552.patch"; - hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY="; - }) - ]; } { name = "xmlreader"; @@ -762,27 +676,6 @@ in { configureFlags = [ "--enable-xmlwriter" ]; - patches = lib.optionals (lib.versions.majorMinor php.version == "8.1") [ - # Fix tests with libxml2 2.12 - (fetchpatch { - url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch"; - hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU="; - excludes = [ - "NEWS" - ]; - }) - # Backport of PHP_LIBXML_IGNORE_DEPRECATIONS_START and PHP_LIBXML_IGNORE_DEPRECATIONS_END - # Required for libxml2 2.13 compatibility patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/e2d97314ab342d434e778cd00a2f34e4bdb07664.patch"; - hash = "sha256-w0hyYUgbRGpvIBfWeDTSEUGpiJdyrtNjKy+Fn1vyAO0="; - }) - # Fix build with libxml2 2.13+. Has to be applied after libxml2 2.12 patch. - (fetchpatch { - url = "https://github.com/php/php-src/commit/4fe821311cafb18ca8bdf20b9d796c48a13ba552.patch"; - hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY="; - }) - ]; } { name = "xsl";