diff --git a/community/php85/APKBUILD b/community/php85/APKBUILD index b5c21bb1bc8..7470b30710d 100644 --- a/community/php85/APKBUILD +++ b/community/php85/APKBUILD @@ -26,7 +26,7 @@ maintainer="Andy Postnikov " pkgname=php85 -pkgver=8.5.4 +pkgver=8.5.5 pkgrel=0 _apiver=20250925 _suffix=${pkgname#php} @@ -112,6 +112,8 @@ source="https://www.php.net/distributions/php-$pkgver.tar.xz sharedir.patch $pkgname-fpm-version-suffix.patch phpinfo-avif.patch + fix-curl.patch + fix-cert.patch " builddir="$srcdir/php-$pkgver" @@ -601,7 +603,7 @@ _extensions_by_load_order() { } sha512sums=" -e21723dc511b3bece1562f4b7a672b8db1775460515e345904a3a8283dd6bd398a8248507aae5ab2f89b4d5d8515875da7e34593fba471a675d8931a30bf49df php-8.5.4.tar.xz +aac94c5788ea26fddd59b1bf9604c4bba393ae7fc8539efa0522c9389cc97e8e63f95e924ae81e54dc9e12f05897f05372fae3fafde8f1694c50a82b4cbf3896 php-8.5.5.tar.xz 7e08969f99a3ccaa0b6a9e5b91ce7dc8775978f096cc4eeffe378988fd52b61c78fc230b8e686521a458dabc1741bbf160039fa334cf5548281b5dec9820e1f6 php85-fpm.initd be2926ba61d0a7ef99178eb1c02e9e5a6698e9423f51b090f997e6ec056dbf8f87c2cd627dbc96eae86b1442c9c1b2df16ed406295023a29c02470ba284e4c69 php85-fpm.logrotate 57ef049fd8e659eed6b1e5895b8c8c04356873b80fdc7d2c66a7e750efdb27e8a3cd6c5bfa35ceae75d8f0885f1915611619260154f0ef2e6c60a27b7cc7909e php85-module.conf @@ -615,4 +617,6 @@ b4f802ec3e69190cfa6f2b00bfc9c7741e8300aba479728a00345cbde1c4f20b9ce46b08b861f8d4 61b007983c56dabbd1841255b209c0b9f2ddb83c8ade0dbd97a0ef59157c90bc785fe2b9f11e43e9d0db540fd96802dbca4adaeea72da8780f2a1a2d9895c37f sharedir.patch 73ae19d2b02873f560c4a25ed79a7436857fc405298a0b1e271638bf5dcc00f0bca403085517a59ab65739f03a12e77a838a22f90800ce8a8550c60ca6e7cf84 php85-fpm-version-suffix.patch 6eb4d3272b7030611c0654133d380c01d1cae9faae52e8b5972df2f867d02a7d0b023699cb838594908c25601856ad69adf086fe3927c4d81a36861cdd56fce2 phpinfo-avif.patch +5720247ec565d5ae34e51c2cf25b87b98ee4171c2efa1418a34ebeed73a14161d7bef8b38bfa38320dad2d00a61c47e639143f855334f5fe6cb8a6c7c319e966 fix-curl.patch +c89c732e8ec484fc9aed77f7490cf76f0cd3b6c0f057c026e703dc3a22f81b48978be48a380f5df5b99f36b33748493ae207c61abaf85503b4cae5cfbc8257c5 fix-cert.patch " diff --git a/community/php85/fix-cert.patch b/community/php85/fix-cert.patch new file mode 100644 index 00000000000..83755cb2e0d --- /dev/null +++ b/community/php85/fix-cert.patch @@ -0,0 +1,208 @@ +Patch-Source: https://github.com/php/php-src/commit/178a30b9e700d32a8aac4f49864838829bedd389 +From 178a30b9e700d32a8aac4f49864838829bedd389 Mon Sep 17 00:00:00 2001 +From: Jakub Zelenka +Date: Sat, 4 Apr 2026 00:28:29 +0200 +Subject: [PATCH] Fix SNI tests for bugs #80770 and #74796 + +--- + ext/openssl/tests/bug74796.phpt | 29 ++++++++++++++++++++------ + ext/openssl/tests/bug80770.phpt | 31 ++++++++++++++++------------ + php-8.3.30.manifest | 36 +++++++++++++++++++++++++++++++++ + 3 files changed, 77 insertions(+), 19 deletions(-) + create mode 100644 php-8.3.30.manifest + +diff --git a/ext/openssl/tests/bug74796.phpt b/ext/openssl/tests/bug74796.phpt +index b3f594d5e60f4..8ec5590c064f8 100644 +--- a/ext/openssl/tests/bug74796.phpt ++++ b/ext/openssl/tests/bug74796.phpt +@@ -12,13 +12,24 @@ if (substr(PHP_OS, 0, 3) == 'WIN') { + --FILE-- + saveCaCert($caFile); ++$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile); ++$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile); ++$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile); ++ + $serverCode = <<<'CODE' + $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN; + $ctx = stream_context_create(['ssl' => [ + 'SNI_server_certs' => [ +- "cs.php.net" => __DIR__ . "/sni_server_cs.pem", +- "uk.php.net" => __DIR__ . "/sni_server_uk.pem", +- "us.php.net" => __DIR__ . "/sni_server_us.pem" ++ "cs.php.net" => '%s', ++ "uk.php.net" => '%s', ++ "us.php.net" => '%s', + ] + ]]); + +@@ -33,6 +44,7 @@ $serverCode = <<<'CODE' + + phpt_wait(); + CODE; ++$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile); + + $proxyCode = <<<'CODE' + function parse_sni_from_client_hello($data) { +@@ -134,7 +146,7 @@ CODE; + $clientCode = <<<'CODE' + $clientCtx = stream_context_create([ + 'ssl' => [ +- 'cafile' => __DIR__ . '/sni_server_ca.pem', ++ 'cafile' => '%s', + 'verify_peer' => true, + 'verify_peer_name' => true, + ], +@@ -155,16 +167,21 @@ $clientCode = <<<'CODE' + + phpt_notify('server'); + CODE; ++$clientCode = sprintf($clientCode, $caFile); + + include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, [ +- 'server' => $serverCode, +- 'proxy' => $proxyCode, ++ 'server' => $serverCode, ++ 'proxy' => $proxyCode, + ]); + ?> + --CLEAN-- + + --EXPECT-- + string(19) "Hello from server 0" +diff --git a/ext/openssl/tests/bug80770.phpt b/ext/openssl/tests/bug80770.phpt +index 9100aaa5aa188..21860dc78eb7a 100644 +--- a/ext/openssl/tests/bug80770.phpt ++++ b/ext/openssl/tests/bug80770.phpt +@@ -11,14 +11,25 @@ if (OPENSSL_VERSION_NUMBER < 0x10101000) die("skip OpenSSL v1.1.1 required"); + saveCaCert($caCertFile); ++$certificateGenerator->saveNewCertAsFileWithKey('cs.php.net', $csFile); ++$certificateGenerator->saveNewCertAsFileWithKey('uk.php.net', $ukFile); ++$certificateGenerator->saveNewCertAsFileWithKey('us.php.net', $usFile); ++$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile); + + $serverCode = <<<'CODE' + $flags = STREAM_SERVER_BIND|STREAM_SERVER_LISTEN; + $ctx = stream_context_create(['ssl' => [ + 'SNI_server_certs' => [ +- "cs.php.net" => __DIR__ . "/sni_server_cs.pem", +- "uk.php.net" => __DIR__ . "/sni_server_uk.pem", +- "us.php.net" => __DIR__ . "/sni_server_us.pem" ++ "cs.php.net" => '%s', ++ "uk.php.net" => '%s', ++ "us.php.net" => '%s', + ], + 'verify_peer' => true, + 'cafile' => '%s', +@@ -28,7 +39,6 @@ $serverCode = <<<'CODE' + ]]); + $server = stream_socket_server('tcp://127.0.0.1:0', $errno, $errstr, $flags, $ctx); + phpt_notify_server_start($server); +- + $client = stream_socket_accept($server, 30); + if ($client) { + $success = stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_SERVER); +@@ -43,7 +53,7 @@ $serverCode = <<<'CODE' + phpt_notify(message: "ACCEPT_FAILED"); + } + CODE; +-$serverCode = sprintf($serverCode, $caCertFile); ++$serverCode = sprintf($serverCode, $csFile, $ukFile, $usFile, $caCertFile); + + $clientCode = <<<'CODE' + $flags = STREAM_CLIENT_CONNECT; +@@ -58,19 +68,11 @@ $clientCode = <<<'CODE' + if ($client) { + stream_socket_enable_crypto($client, true, STREAM_CRYPTO_METHOD_TLS_CLIENT); + } +- + $result = phpt_wait(); + echo trim($result); + CODE; + $clientCode = sprintf($clientCode, $clientCertFile); + +-include 'CertificateGenerator.inc'; +- +-// Generate CA and client certificate signed by that CA +-$certificateGenerator = new CertificateGenerator(); +-$certificateGenerator->saveCaCert($caCertFile); +-$certificateGenerator->saveNewCertAsFileWithKey('Bug80770 Test Client', $clientCertFile); +- + include 'ServerClientTestCase.inc'; + ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + ?> +@@ -78,6 +80,9 @@ ServerClientTestCase::getInstance()->run($clientCode, $serverCode); + + --EXPECTF-- + CLIENT_CERT_CAPTURED +diff --git a/php-8.3.30.manifest b/php-8.3.30.manifest +new file mode 100644 +index 0000000000000..ef6ffe8aa803f +--- /dev/null ++++ b/php-8.3.30.manifest +@@ -0,0 +1,36 @@ ++php-8.3.30.tar.bz2 ++SHA256 hash: 800b7b6ed50b73c8ee7844ee5f2f7cc612faa7875a0aa7c4529e8ed5866a5030 ++PGP signature: ++-----BEGIN PGP SIGNATURE----- ++ ++iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd ++5FioAPwK1gjqwBbGr5g3y1TikqxgKVWMHCtir1n46yGN2hYvtwD/flOR9EqRejNU ++wW4RMkmRwXGsXY28V1DH+NKnDKTEWQ8= ++=jkCu ++-----END PGP SIGNATURE----- ++ ++ ++php-8.3.30.tar.gz ++SHA256 hash: e587dc95fb7f62730299fa7b36b6e4f91e6708aaefa2fff68a0098d320c16386 ++PGP signature: ++-----BEGIN PGP SIGNATURE----- ++ ++iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsAAKCRAcB3ncXAqd ++5F4eAP44IkpP3p3FRq3S9pDm9Y6bJnrpzxafqfXlZ949ECmUIgEAxFb+m5Tz7gcb ++DSU+taIv2W6EQeijjaXPvAE2t1dGswo= ++=kn1U ++-----END PGP SIGNATURE----- ++ ++ ++php-8.3.30.tar.xz ++SHA256 hash: 67f084d36852daab6809561a7c8023d130ca07fc6af8fb040684dd1414934d48 ++PGP signature: ++-----BEGIN PGP SIGNATURE----- ++ ++iHUEABYKAB0WIQTCjZN1dWA+tKu3JYYcB3ncXAqd5AUCaWbJsQAKCRAcB3ncXAqd ++5NYpAP9Is0pCLlEuLiSRdAbgWPDee0jPA5JGoriGOFNkdMk67AD/WTzYCx7+dEVG ++8Gb54wK005bk9nRGYQqwvZb+r1gqaQU= ++=vSr4 ++-----END PGP SIGNATURE----- ++ ++ diff --git a/community/php85/fix-curl.patch b/community/php85/fix-curl.patch new file mode 100644 index 00000000000..11d94200a1c --- /dev/null +++ b/community/php85/fix-curl.patch @@ -0,0 +1,84 @@ +From e5f3237707ab6854885f556012be6eb13eeb7f7e Mon Sep 17 00:00:00 2001 +From: Shivam Mathur +Date: Wed, 25 Mar 2026 14:14:41 +0530 +Subject: [PATCH] Fix curl_setopt_ssl test for curl 8.19.0 + +--- + ext/curl/tests/curl_setopt_ssl.phpt | 19 ++++++++++--------- + 1 file changed, 10 insertions(+), 9 deletions(-) + +diff --git a/ext/curl/tests/curl_setopt_ssl.phpt b/ext/curl/tests/curl_setopt_ssl.phpt +index ff08528321a0f..e3b97a3ea7326 100644 +--- a/ext/curl/tests/curl_setopt_ssl.phpt ++++ b/ext/curl/tests/curl_setopt_ssl.phpt +@@ -37,6 +37,7 @@ function check_response($response, $clientCertSubject) { + } + + $clientCertSubject = "Subject: C=US, ST=TX, L=Clientlocation, O=Clientcompany, CN=clientname/emailAddress=test@example.com"; ++$rejectsZeroLengthBlobs = curl_version()['version_number'] >= 0x081300; + + // load server cert + $serverCertPath = __DIR__ . DIRECTORY_SEPARATOR . 'curl_setopt_ssl_servercert.pem'; +@@ -91,7 +92,7 @@ try { + echo "\n"; + echo "case 2: empty client cert and key from string\n"; + $ch = curl_init("https://127.0.0.1:$port/"); +- var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, '')); ++ var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, '') === !$rejectsZeroLengthBlobs); + var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, $clientKey)); + var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)); + var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false)); +@@ -99,14 +100,14 @@ try { + + $response = curl_exec($ch); + check_response($response, $clientCertSubject); +- check_error($ch); ++ check_error($ch, $rejectsZeroLengthBlobs ? 56 : 58); + $ch = null; + + echo "\n"; + echo "case 3: client cert and empty key from string\n"; + $ch = curl_init("https://127.0.0.1:$port/"); + var_dump(curl_setopt($ch, CURLOPT_SSLCERT_BLOB, $clientCert)); +- var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, '')); ++ var_dump(curl_setopt($ch, CURLOPT_SSLKEY_BLOB, '') === !$rejectsZeroLengthBlobs); + var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)); + var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false)); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); +@@ -166,7 +167,7 @@ try { + echo "case 7: empty issuer cert from string\n"; + $ch = curl_init("https://127.0.0.1:$port/"); + var_dump(curl_setopt($ch, CURLOPT_CAINFO, $serverCertPath)); +- var_dump(curl_setopt($ch, CURLOPT_ISSUERCERT_BLOB, '')); ++ var_dump(curl_setopt($ch, CURLOPT_ISSUERCERT_BLOB, '') === !$rejectsZeroLengthBlobs); + var_dump(curl_setopt($ch, CURLOPT_SSLCERT, $clientCertPath)); + var_dump(curl_setopt($ch, CURLOPT_SSLKEY, $clientKeyPath)); + var_dump(curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true)); +@@ -174,8 +175,8 @@ try { + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + + $response = curl_exec($ch); +- check_response($response, $clientCertSubject); +- check_error($ch); ++ var_dump((is_string($response) && strpos($response, $clientCertSubject) !== false) === $rejectsZeroLengthBlobs); ++ var_dump(curl_errno($ch) === ($rejectsZeroLengthBlobs ? 0 : 83)); + $ch = null; + + } finally { +@@ -199,7 +200,7 @@ bool(true) + bool(true) + bool(true) + client cert subject not in response +-CURL ERROR: 58 ++CURL ERROR: EXPECTED + + case 3: client cert and empty key from string + bool(true) +@@ -241,5 +242,5 @@ bool(true) + bool(true) + bool(true) + bool(true) +-client cert subject not in response +-CURL ERROR: 83 ++bool(true) ++bool(true)