community/php85: upgrade to 8.5.5

2026-05-05 20:36:40 +02:00 · 2026-03-24 21:39:08 +01:00 · 2026-03-24 21:39:08 +01:00 · 21871b7170
commit 21871b7170
parent 66d3ed3074
3 changed files with 298 additions and 2 deletions
--- a/community/php85/APKBUILD
+++ b/community/php85/APKBUILD
@ -26,7 +26,7 @@

 maintainer="Andy Postnikov <apostnikov@gmail.com>"
 pkgname=php85
-pkgver=8.5.4
+pkgver=8.5.5
 pkgrel=0
 _apiver=20250925
 _suffix=${pkgname#php}
@ -112,6 +112,8 @@ source="https://www.php.net/distributions/php-$pkgver.tar.xz
 	sharedir.patch
 	$pkgname-fpm-version-suffix.patch
 	phpinfo-avif.patch
+	fix-curl.patch
+	fix-cert.patch
 	"
 builddir="$srcdir/php-$pkgver"

@ -601,7 +603,7 @@ _extensions_by_load_order() {
 }

 sha512sums="
-e21723dc511b3bece1562f4b7a672b8db1775460515e345904a3a8283dd6bd398a8248507aae5ab2f89b4d5d8515875da7e34593fba471a675d8931a30bf49df  php-8.5.4.tar.xz
+aac94c5788ea26fddd59b1bf9604c4bba393ae7fc8539efa0522c9389cc97e8e63f95e924ae81e54dc9e12f05897f05372fae3fafde8f1694c50a82b4cbf3896  php-8.5.5.tar.xz
 7e08969f99a3ccaa0b6a9e5b91ce7dc8775978f096cc4eeffe378988fd52b61c78fc230b8e686521a458dabc1741bbf160039fa334cf5548281b5dec9820e1f6  php85-fpm.initd
 be2926ba61d0a7ef99178eb1c02e9e5a6698e9423f51b090f997e6ec056dbf8f87c2cd627dbc96eae86b1442c9c1b2df16ed406295023a29c02470ba284e4c69  php85-fpm.logrotate
 57ef049fd8e659eed6b1e5895b8c8c04356873b80fdc7d2c66a7e750efdb27e8a3cd6c5bfa35ceae75d8f0885f1915611619260154f0ef2e6c60a27b7cc7909e  php85-module.conf
@ -615,4 +617,6 @@ b4f802ec3e69190cfa6f2b00bfc9c7741e8300aba479728a00345cbde1c4f20b9ce46b08b861f8d4
 61b007983c56dabbd1841255b209c0b9f2ddb83c8ade0dbd97a0ef59157c90bc785fe2b9f11e43e9d0db540fd96802dbca4adaeea72da8780f2a1a2d9895c37f  sharedir.patch
 73ae19d2b02873f560c4a25ed79a7436857fc405298a0b1e271638bf5dcc00f0bca403085517a59ab65739f03a12e77a838a22f90800ce8a8550c60ca6e7cf84  php85-fpm-version-suffix.patch
 6eb4d3272b7030611c0654133d380c01d1cae9faae52e8b5972df2f867d02a7d0b023699cb838594908c25601856ad69adf086fe3927c4d81a36861cdd56fce2  phpinfo-avif.patch
+5720247ec565d5ae34e51c2cf25b87b98ee4171c2efa1418a34ebeed73a14161d7bef8b38bfa38320dad2d00a61c47e639143f855334f5fe6cb8a6c7c319e966  fix-curl.patch
+c89c732e8ec484fc9aed77f7490cf76f0cd3b6c0f057c026e703dc3a22f81b48978be48a380f5df5b99f36b33748493ae207c61abaf85503b4cae5cfbc8257c5  fix-cert.patch
 "
--- a/community/php85/fix-cert.patch
+++ b/community/php85/fix-cert.patch
@ -0,0 +1,208 @@
+Patch-Source: https://github.com/php/php-src/commit/178a30b9e700d32a8aac4f49864838829bedd389
+From 178a30b9e700d32a8aac4f49864838829bedd389 Mon Sep 17 00:00:00 2001
+From: Jakub Zelenka <bukka@php.net>
+Date: Sat, 4 Apr 2026 00:28:29 +0200
+Subject: [PATCH] Fix SNI tests for bugs #80770 and #74796
+
+---
+ ext/openssl/tests/bug74796.phpt | 29 ++++++++++++++++++++------
+ ext/openssl/tests/bug80770.phpt | 31 ++++++++++++++++------------
+ php-8.3.30.manifest             | 36 +++++++++++++++++++++++++++++++++
+ 3 files changed, 77 insertions(+), 19 deletions(-)
+ create mode 100644 php-8.3.30.manifest
+
+diff --git a/ext/openssl/tests/bug74796.phpt b/ext/openssl/tests/bug74796.phpt
+index b3f594d5e60f4..8ec5590c064f8 100644
+--- a/ext/openssl/tests/bug74796.phpt
+++ b/ext/openssl/tests/bug74796.phpt
+@@ -12,13 +12,24 @@ if (substr(PHP_OS, 0, 3) == 'WIN') {
+ --FILE--
+ <?php
+ 
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$caFile = __DIR__ . '/bug74796_ca.pem.tmp';
+$csFile = __DIR__ . '/bug74796_cs.pem.tmp';
+$ukFile = __DIR__ . '/bug74796_uk.pem.tmp';
+$usFile = __DIR__ . '/bug74796_us.pem.tmp';
+$certificateGenerator->saveCaCert($caFile);
+$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
+$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
+$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
+
+ $serverCode = <<<'CODE'
+     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
+     $ctx = stream_context_create(['ssl' => [
+         'SNI_server_certs' => [
+-            "cs.php.net" => __DIR__ . "/sni_server_cs.pem",
+-            "uk.php.net" => __DIR__ . "/sni_server_uk.pem",
+-            "us.php.net" => __DIR__ . "/sni_server_us.pem"
+            "cs.php.net" => '%s',
+            "uk.php.net" => '%s',
+            "us.php.net" => '%s',
+         ]
+     ]]);
+ 
+@@ -33,6 +44,7 @@ $serverCode = <<<'CODE'
+ 
+     phpt_wait();
+ CODE;
+$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile);
+ 
+ $proxyCode = <<<'CODE'
+     function parse_sni_from_client_hello($data) {
+@@ -134,7 +146,7 @@ CODE;
+ $clientCode = <<<'CODE'
+     $clientCtx = stream_context_create([
+         'ssl' => [
+-            'cafile' => __DIR__ . '/sni_server_ca.pem',
+            'cafile' => '%s',
+             'verify_peer' => true,
+             'verify_peer_name' => true,
+         ],
+@@ -155,16 +167,21 @@ $clientCode = <<<'CODE'
+ 
+     phpt_notify('server');
+ CODE;
+$clientCode = sprintf($clientCode, $caFile);
+ 
+ include 'ServerClientTestCase.inc';
+ ServerClientTestCase::getInstance()->run($clientCode, [
+-    'server' => $serverCode,
+-    'proxy' => $proxyCode,
+        'server' => $serverCode,
+        'proxy' => $proxyCode,
+ ]);
+ ?>
+ --CLEAN--
+ <?php
+ @unlink(__DIR__ . "/bug74796_proxy_sni.log");
+@unlink(__DIR__ . '/bug74796_ca.pem.tmp');
+@unlink(__DIR__ . '/bug74796_cs.pem.tmp');
+@unlink(__DIR__ . '/bug74796_uk.pem.tmp');
+@unlink(__DIR__ . '/bug74796_us.pem.tmp');
+ ?>
+ --EXPECT--
+ string(19) "Hello from server 0"
+diff --git a/ext/openssl/tests/bug80770.phpt b/ext/openssl/tests/bug80770.phpt
+index 9100aaa5aa188..21860dc78eb7a 100644
+--- a/ext/openssl/tests/bug80770.phpt
+++ b/ext/openssl/tests/bug80770.phpt
+@@ -11,14 +11,25 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required");
+ <?php
+ $clientCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp';
+ $caCertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp';
+$csFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp';
+$ukFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp';
+$usFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp';
+
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveCaCert($caCertFile);
+$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile);
+$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile);
+$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile);
+$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
+ 
+ $serverCode = <<<'CODE'
+     $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN;
+     $ctx = stream_context_create(['ssl' => [
+         'SNI_server_certs' => [
+-            "cs.php.net" => __DIR__ . "/sni_server_cs.pem",
+-            "uk.php.net" => __DIR__ . "/sni_server_uk.pem",
+-            "us.php.net" => __DIR__ . "/sni_server_us.pem"
+            "cs.php.net" => '%s',
+            "uk.php.net" => '%s',
+            "us.php.net" => '%s',
+         ],
+         'verify_peer' => true,
+         'cafile' => '%s',
+@@ -28,7 +39,6 @@ $serverCode = <<<'CODE'
+     ]]);
+     $server = stream_socket_server('tcp://127.0.0.1:0', $errno, $errstr, $flags, $ctx);
+     phpt_notify_server_start($server);
+-
+     $client = stream_socket_accept($server, 30);
+     if ($client) {
+         $success = stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER);
+@@ -43,7 +53,7 @@ $serverCode = <<<'CODE'
+         phpt_notify(message: "ACCEPT_FAILED");
+     }
+ CODE;
+-$serverCode = sprintf($serverCode, $caCertFile);
+$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile, $caCertFile);
+ 
+ $clientCode = <<<'CODE'
+     $flags = STREAM_CLIENT_CONNECT;
+@@ -58,19 +68,11 @@ $clientCode = <<<'CODE'
+     if ($client) {
+         stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_CLIENT);
+     }
+-
+     $result = phpt_wait();
+     echo trim($result);
+ CODE;
+ $clientCode = sprintf($clientCode, $clientCertFile);
+ 
+-include 'CertificateGenerator.inc';
+-
+-// Generate CA and client certificate signed by that CA
+-$certificateGenerator = new CertificateGenerator();
+-$certificateGenerator->saveCaCert($caCertFile);
+-$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile);
+-
+ include 'ServerClientTestCase.inc';
+ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ ?>
+@@ -78,6 +80,9 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
+ <?php
+ @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_client.pem.tmp');
+ @unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_ca.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_cs.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_uk.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug80770_us.pem.tmp');
+ ?>
+ --EXPECTF--
+ CLIENT_CERT_CAPTURED
+diff --git a/php-8.3.30.manifest b/php-8.3.30.manifest
+new file mode 100644
+index 0000000000000..ef6ffe8aa803f
+--- /dev/null
+++ b/php-8.3.30.manifest
+@@ -0,0 +1,36 @@
+php-8.3.30.tar.bz2
+SHA256 hash: 800b7b6ed50b73c8ee7844ee5f2f7cc612faa7875a0aa7c4529e8ed5866a5030
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
+5FioAPwK1gjqwBbGr5g3y1TikqxgKVWMHCtir1n46yGN2hYvtwD/flOR9EqRejNU
+wW4RMkmRwXGsXY28V1DH+NKnDKTEWQ8=
+=jkCu
+-----END PGP SIGNATURE-----
+
+
+php-8.3.30.tar.gz
+SHA256 hash: e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd
+5F4eAP44IkpP3p3FRq3S9pDm9Y6bJnrpzxafqfXlZ949ECmUIgEAxFb+m5Tz7gcb
+DSU+taIv2W6EQeijjaXPvAE2t1dGswo=
+=kn1U
+-----END PGP SIGNATURE-----
+
+
+php-8.3.30.tar.xz
+SHA256 hash: 67f084d36852daab6809561a7c8023d130ca07fc6af8fb040684dd1414934d48
+PGP signature:
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsQAKCRAcB3ncXAqd
+5NYpAP9Is0pCLlEuLiSRdAbgWPDee0jPA5JGoriGOFNkdMk67AD/WTzYCx7+dEVG
+8Gb54wK005bk9nRGYQqwvZb+r1gqaQU=
+=vSr4
+-----END PGP SIGNATURE-----
+
+
--- a/community/php85/fix-curl.patch
+++ b/community/php85/fix-curl.patch
@ -0,0 +1,84 @@
+From e5f3237707ab6854885f556012be6eb13eeb7f7e Mon Sep 17 00:00:00 2001
+From: Shivam Mathur <shivam_jpr@hotmail.com>
+Date: Wed, 25 Mar 2026 14:14:41 +0530
+Subject: [PATCH] Fix curl_setopt_ssl test for curl 8.19.0
+
+---
+ ext/curl/tests/curl_setopt_ssl.phpt | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+diff --git a/ext/curl/tests/curl_setopt_ssl.phpt b/ext/curl/tests/curl_setopt_ssl.phpt
+index ff08528321a0f..e3b97a3ea7326 100644
+--- a/ext/curl/tests/curl_setopt_ssl.phpt
+++ b/ext/curl/tests/curl_setopt_ssl.phpt
+@@ -37,6 +37,7 @@ function check_response($response, $clientCertSubject) {
+ }
+ 
+ $clientCertSubject = "Subject: C=US, ST=TX, L=Clientlocation, O=Clientcompany, CN=clientname/emailAddress=test@example.com";
+$rejectsZeroLengthBlobs = curl_version()['version_number'] >= 0x081300;
+ 
+ // load server cert
+ $serverCertPath = __DIR__ . DIRECTORY_SEPARATOR . 'curl_setopt_ssl_servercert.pem';
+@@ -91,7 +92,7 @@ try {
+     echo "\n";
+     echo "case 2: empty client cert and key from string\n";
+     $ch = curl_init("https://127.0.0.1:$port/");
+-    var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, ''));
+    var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, '') === !$rejectsZeroLengthBlobs);
+     var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, $clientKey));
+     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false));
+     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
+@@ -99,14 +100,14 @@ try {
+ 
+     $response = curl_exec($ch);
+     check_response($response, $clientCertSubject);
+-    check_error($ch);
+    check_error($ch, $rejectsZeroLengthBlobs ? 56 : 58);
+     $ch = null;
+ 
+     echo "\n";
+     echo "case 3: client cert and empty key from string\n";
+     $ch = curl_init("https://127.0.0.1:$port/");
+     var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, $clientCert));
+-    var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, ''));
+    var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, '') === !$rejectsZeroLengthBlobs);
+     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false));
+     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false));
+     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+@@ -166,7 +167,7 @@ try {
+     echo "case 7: empty issuer cert from string\n";
+     $ch = curl_init("https://127.0.0.1:$port/");
+     var_dump(curl_setopt($ch, CURLOPT_CAINFO, $serverCertPath));
+-    var_dump(curl_setopt($ch, CURLOPT_ISSUERCERT_BLOB, ''));
+    var_dump(curl_setopt($ch, CURLOPT_ISSUERCERT_BLOB, '') === !$rejectsZeroLengthBlobs);
+     var_dump(curl_setopt($ch, CURLOPT_SSLCERT, $clientCertPath));
+     var_dump(curl_setopt($ch, CURLOPT_SSLKEY, $clientKeyPath));
+     var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true));
+@@ -174,8 +175,8 @@ try {
+     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ 
+     $response = curl_exec($ch);
+-    check_response($response, $clientCertSubject);
+-    check_error($ch);
+    var_dump((is_string($response) && strpos($response, $clientCertSubject) !== false) === $rejectsZeroLengthBlobs);
+    var_dump(curl_errno($ch) === ($rejectsZeroLengthBlobs ? 0 : 83));
+     $ch = null;
+ 
+ } finally {
+@@ -199,7 +200,7 @@ bool(true)
+ bool(true)
+ bool(true)
+ client cert subject not in response
+-CURL ERROR: 58
+CURL ERROR: EXPECTED
+ 
+ case 3: client cert and empty key from string
+ bool(true)
+@@ -241,5 +242,5 @@ bool(true)
+ bool(true)
+ bool(true)
+ bool(true)
+-client cert subject not in response
+-CURL ERROR: 83
+bool(true)
+bool(true)