commit: 817446c1e669f2c20e017dff61428542b9e3967c Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> AuthorDate: Thu Jul 1 21:04:37 2021 +0000 Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> CommitDate: Thu Jul 1 22:10:40 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=817446c1
dev-lang/php: new point releases to fix CVE-2021-2170[45]. We also require libsodium[-minimal] in the new ebuilds, to avoid problems (bug 686602) with the build-time feature detection in PHP. This is unrelated to the security fixes. Closes: https://bugs.gentoo.org/686602 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org> dev-lang/php/Manifest | 5 +- .../php/{php-7.4.20.ebuild => php-7.3.29.ebuild} | 248 +++++++++++---------- .../php/{php-7.4.20.ebuild => php-7.4.21.ebuild} | 2 +- .../php/{php-8.0.7.ebuild => php-8.0.8.ebuild} | 2 +- 4 files changed, 133 insertions(+), 124 deletions(-) diff --git a/dev-lang/php/Manifest b/dev-lang/php/Manifest index 42bb39b662b..0f6e5d6212b 100644 --- a/dev-lang/php/Manifest +++ b/dev-lang/php/Manifest @@ -1,5 +1,6 @@ DIST php-7.3.28.tar.xz 12139380 BLAKE2B 696c573878866e97fcae5fe3e33e83e75bf706d0eec2a66b2532ec54ce730e3f4b3fa6f0659ebf14193b6b2a6292d624bf478706790aab60b13b5cea0a1299fb SHA512 91f4f23fea6e2c5ea1fa5774075e1b1f7cfcc46064ab0d2f03e4f1b9b6c3dd7fd5a59854ed3fe3a8e2962283045f6a1c3273438b4bc0c68b11f41b9338f44274 +DIST php-7.3.29.tar.xz 12139492 BLAKE2B 7e1287e0fd236252f5bc92009e4ff51676eccd197c1c579f0e79a5428fa3920b5d1f95a459cdd77c22699fbe83984a6d726ab4fc0fc1e309da8b34e0e3998071 SHA512 8a495546d575a31f864f85139d8d7931361e6ac421f2cf5ef3b4cb57f59c44568cb9ad0c8793f50169d8d9933abdcec14ab90add2d7fab056e19e7f66d60689f DIST php-7.4.19.tar.xz 10341424 BLAKE2B b5f549603a2d108d2d4c16dfb15c2088612e040e9e4756cc7c1403c67e152ad3461d84915e4f542b1e558469ae3143721c6d7ec25ef03c3b4a6142fe972bd775 SHA512 2ac51b9920069ebe8ac68a94f8e9aac2b3d44d69668f340aba95f8303632fe1bfc4c3f2ce398cc7e2c2ea48583d8e04dedfc66f7147c1f4470a55417554d0071 -DIST php-7.4.20.tar.xz 10345912 BLAKE2B 4efb53a30caee049aec11269aa64a4f60d3fc9f7abc3c1ee861cfad94b5533833c4d4d1c8aa740db4161d58e58071e9b077488fd970d4e1e53e17367ed751971 SHA512 40261c5a85341fa7c495db86ef3526d1ae2751c6abb05251819c2b7080050715eb44a19c3f8655d101f4308209487ce16dcf94067b71b084c912470796b217f7 +DIST php-7.4.21.tar.xz 10346628 BLAKE2B f758d6bef60f5e0c99bd097533d1663640362c2b752a3bd54389acc3bd7d173c1ba5d4b1c119b6ad50f5029aabe2349bb4646a33212dc3cf34fd294f24def401 SHA512 778ddbfe614fdc6a00bc82c61f4c636bdbe815ce3398415a29bd24a2fd4ca2113b3b804303585d8830242e04b0c202bbc7c725a46c9bad79b070a0e896e5e681 DIST php-8.0.6.tar.xz 10764932 BLAKE2B 9ab23dfcefe2c94a88184fbb3e18267c38fdcabeca0e9ba12a616528895f85790b1238fdb6e0578db2183b6eee26f26d9d7b744b7344495ea20a6e58668136d1 SHA512 4915b9b5024ce1fb7bc3ba7c1a00831841bc970ebb68b6b1e6a00cbec4d8dcbbca3ca043882ffd9c4719a988d08275f77f9cee07ff3d45a71402dfc51bd31e04 -DIST php-8.0.7.tar.xz 10769208 BLAKE2B 6c20cf6c49c56112199bfe4a3154269b1bade7035e07341ec9031ac2a7d0202ecdcaa465baf1f08c76ce09e966f3ca6bf8ce32c111fb710b0e971ca366dfbab8 SHA512 54d0355977a69c3c466054e9e277147874eaab192bc384a199eb98582f9fcccebc685b370dabeb65d2de3bad4d2e4b2490c0164d2ce406af76b0e972ea67bbd0 +DIST php-8.0.8.tar.xz 10674548 BLAKE2B d2446ae5b80e692106b89418864e4253e000741addb7526599ec8db96713f91a5ab3bccd5bbd2f536b16cc58afafdf22b19996d424dfdce3218a8083ee2bdf37 SHA512 1f8b94083b64705e24365af57169f8ff08115f31a7471238d9ed7a24b692e46c789f3fc00ff2bef2205243b9cd9c4736831e995a004afc7fc4127f3b74932428 diff --git a/dev-lang/php/php-7.4.20.ebuild b/dev-lang/php/php-7.3.29.ebuild similarity index 83% copy from dev-lang/php/php-7.4.20.ebuild copy to dev-lang/php/php-7.3.29.ebuild index 7b09eb440f4..ca53010503c 100644 --- a/dev-lang/php/php-7.4.20.ebuild +++ b/dev-lang/php/php-7.3.29.ebuild @@ -3,8 +3,6 @@ EAPI="7" -WANT_AUTOMAKE="none" - inherit flag-o-matic systemd autotools MY_PV=${PV/_rc/RC} @@ -35,44 +33,15 @@ IUSE="${IUSE} IUSE="${IUSE} acl argon2 bcmath berkdb bzip2 calendar cdb cjk coverage +ctype curl debug - enchant exif ffi +fileinfo +filter firebird - +flatfile ftp gd gdbm gmp +iconv imap inifile + enchant exif +fileinfo +filter firebird + +flatfile ftp gd gdbm gmp +hash +iconv imap inifile intl iodbc ipv6 +jit +json kerberos ldap ldap-sasl libedit lmdb mhash mssql mysql mysqli nls oci8-instant-client odbc +opcache pcntl pdo +phar +posix postgres qdbm - readline selinux +session session-mm sharedmem + readline recode selinux +session session-mm sharedmem +simplexml snmp soap sockets sodium spell sqlite ssl - sysvipc systemd test tidy +tokenizer tokyocabinet truetype unicode webp - +xml xmlreader xmlwriter xmlrpc xpm xslt zip zlib" - -# Without USE=readline or libedit, the interactive "php -a" CLI will hang. -# The Oracle instant client provides its own incompatible ldap library. -REQUIRED_USE=" - || ( cli cgi fpm apache2 embed phpdbg ) - cli? ( ^^ ( readline libedit ) ) - !cli? ( ?? ( readline libedit ) ) - truetype? ( gd zlib ) - webp? ( gd zlib ) - cjk? ( gd zlib ) - exif? ( gd zlib ) - xpm? ( gd zlib ) - gd? ( zlib ) - simplexml? ( xml ) - soap? ( xml ) - xmlrpc? ( xml iconv ) - xmlreader? ( xml ) - xmlwriter? ( xml ) - xslt? ( xml ) - ldap-sasl? ( ldap ) - oci8-instant-client? ( !ldap ) - qdbm? ( !gdbm ) - session-mm? ( session !threads ) - mysql? ( || ( mysqli pdo ) ) - firebird? ( pdo ) - mssql? ( pdo ) -" - -RESTRICT="!test? ( test )" + sysvipc systemd test tidy +tokenizer tokyocabinet truetype unicode wddx webp + +xml xmlreader xmlwriter xmlrpc xpm xslt zip zip-encryption zlib" # The supported (that is, autodetected) versions of BDB are listed in # the ./configure script. Other versions *work*, but we need to stick to @@ -94,29 +63,32 @@ COMMON_DEPEND=" coverage? ( dev-util/lcov ) curl? ( >=net-misc/curl-7.10.5 ) enchant? ( <app-text/enchant-2.0:0 ) - ffi? ( >=dev-libs/libffi-3.0.11 ) firebird? ( dev-db/firebird ) - gd? ( >=virtual/jpeg-0-r3:0 media-libs/libpng:0= ) + gd? ( >=virtual/jpeg-0-r3:0 media-libs/libpng:0= >=sys-libs/zlib-1.2.0.4 ) gdbm? ( >=sys-libs/gdbm-1.8.0:0= ) gmp? ( dev-libs/gmp:0= ) iconv? ( virtual/libiconv ) imap? ( >=virtual/imap-c-client-2[kerberos=,ssl=] ) intl? ( dev-libs/icu:= ) + iodbc? ( dev-db/libiodbc ) kerberos? ( virtual/krb5 ) ldap? ( >=net-nds/openldap-1.2.11 ) - ldap-sasl? ( dev-libs/cyrus-sasl ) + ldap-sasl? ( dev-libs/cyrus-sasl >=net-nds/openldap-1.2.11 ) libedit? ( dev-libs/libedit ) lmdb? ( dev-db/lmdb:= ) mssql? ( dev-db/freetds[mssql] ) nls? ( sys-devel/gettext ) oci8-instant-client? ( dev-db/oracle-instantclient[sdk] ) - odbc? ( iodbc? ( dev-db/libiodbc ) !iodbc? ( >=dev-db/unixODBC-1.8.13 ) ) + odbc? ( >=dev-db/unixODBC-1.8.13 ) postgres? ( dev-db/postgresql:* ) qdbm? ( dev-db/qdbm ) readline? ( sys-libs/readline:0= ) + recode? ( app-text/recode:0= ) session-mm? ( dev-libs/mm ) + simplexml? ( >=dev-libs/libxml2-2.6.8 ) snmp? ( >=net-analyzer/net-snmp-5.2 ) - sodium? ( dev-libs/libsodium:= ) + soap? ( >=dev-libs/libxml2-2.6.8 ) + sodium? ( dev-libs/libsodium:=[-minimal] ) spell? ( >=app-text/aspell-0.50 ) sqlite? ( >=dev-db/sqlite-3.7.6.3 ) ssl? ( >=dev-libs/openssl-1.0.1:0= ) @@ -124,11 +96,16 @@ COMMON_DEPEND=" tokyocabinet? ( dev-db/tokyocabinet ) truetype? ( =media-libs/freetype-2* ) unicode? ( dev-libs/oniguruma:= ) + wddx? ( >=dev-libs/libxml2-2.6.8 ) webp? ( media-libs/libwebp:0= ) - xml? ( >=dev-libs/libxml2-2.7.6 ) + xml? ( >=dev-libs/libxml2-2.6.8 ) + xmlrpc? ( >=dev-libs/libxml2-2.6.8 virtual/libiconv ) + xmlreader? ( >=dev-libs/libxml2-2.6.8 ) + xmlwriter? ( >=dev-libs/libxml2-2.6.8 ) xpm? ( x11-libs/libXpm ) - xslt? ( dev-libs/libxslt ) - zip? ( >=dev-libs/libzip-1.2.0:= ) + xslt? ( dev-libs/libxslt >=dev-libs/libxml2-2.6.8 ) + zip? ( >=sys-libs/zlib-1.2.0.4:0= ) + zip-encryption? ( >=dev-libs/libzip-1.2.0:= ) zlib? ( >=sys-libs/zlib-1.2.0.4:0= ) " @@ -147,12 +124,43 @@ DEPEND="${COMMON_DEPEND} BDEPEND="virtual/pkgconfig" -PHP_MV="$(ver_cut 1)" +# Without USE=readline or libedit, the interactive "php -a" CLI will hang. +# The Oracle instant client provides its own incompatible ldap library. +REQUIRED_USE=" + || ( cli cgi fpm apache2 embed phpdbg ) + cli? ( ^^ ( readline libedit ) ) + truetype? ( gd zlib ) + webp? ( gd zlib ) + cjk? ( gd zlib ) + exif? ( gd zlib ) + xpm? ( gd zlib ) + gd? ( zlib ) + simplexml? ( xml ) + soap? ( xml ) + wddx? ( xml ) + xmlrpc? ( || ( xml iconv ) ) + xmlreader? ( xml ) + xslt? ( xml ) + ldap-sasl? ( ldap ) + mhash? ( hash ) + oci8-instant-client? ( !ldap ) + phar? ( hash ) + qdbm? ( !gdbm ) + readline? ( !libedit ) + recode? ( !imap !mysqli !mysql ) + session-mm? ( session !threads ) + mysql? ( || ( mysqli pdo ) ) + zip-encryption? ( zip ) +" + +RESTRICT="!test? ( test )" PATCHES=( - "${FILESDIR}"/php-iodbc-header-location.patch + "${FILESDIR}/php-freetype-2.9.1.patch" ) +PHP_MV="$(ver_cut 1)" + php_install_ini() { local phpsapi="${1}" @@ -221,11 +229,10 @@ src_prepare() { sapi/fpm/php-fpm.conf.in \ || die 'failed to move the include directory in php-fpm.conf' - # Emulate buildconf to support cross-compilation - rm -fr aclocal.m4 autom4te.cache config.cache \ - configure main/php_config.h.in || die - eautoconf --force - eautoheader + # Bug 669566 - necessary so that build tools are updated for commands like pecl + # Force rebuilding aclocal.m4 + rm -f aclocal.m4 || die "failed to remove aclocal.m4 in src_prepare" + eautoreconf } src_configure() { @@ -249,88 +256,96 @@ src_configure() { our_conf+=( $(use_with argon2 password-argon2 "${EPREFIX}/usr") - $(use_enable bcmath) + $(use_enable bcmath bcmath) $(use_with bzip2 bz2 "${EPREFIX}/usr") - $(use_enable calendar) + $(use_enable calendar calendar) $(use_enable coverage gcov) - $(use_enable ctype) - $(use_with curl) + $(use_enable ctype ctype) + $(use_with curl curl "${EPREFIX}/usr") $(use_enable xml dom) - $(use_with enchant) - $(use_enable exif) - $(use_with ffi) - $(use_enable fileinfo) - $(use_enable filter) - $(use_enable ftp) + $(use_with enchant enchant "${EPREFIX}/usr") + $(use_enable exif exif) + $(use_enable fileinfo fileinfo) + $(use_enable filter filter) + $(use_enable ftp ftp) $(use_with nls gettext "${EPREFIX}/usr") $(use_with gmp gmp "${EPREFIX}/usr") + $(use_enable hash hash) $(use_with mhash mhash "${EPREFIX}/usr") $(use_with iconv iconv \ $(use elibc_glibc || use elibc_musl || use elibc_FreeBSD || echo "${EPREFIX}/usr")) - $(use_enable intl) - $(use_enable ipv6) - $(use_enable json) - $(use_with kerberos) - $(use_with xml libxml) + $(use_enable intl intl) + $(use_enable ipv6 ipv6) + $(use_enable json json) + $(use_with kerberos kerberos "${EPREFIX}/usr") + $(use_enable xml libxml) + $(use_with xml libxml-dir "${EPREFIX}/usr") $(use_enable unicode mbstring) - $(use_with ssl openssl) - $(use_enable pcntl) - $(use_enable phar) - $(use_enable pdo) - $(use_enable opcache) + $(use_with unicode onig "${EPREFIX}/usr") + $(use_with ssl openssl "${EPREFIX}/usr") + $(use_with ssl openssl-dir "${EPREFIX}/usr") + $(use_enable pcntl pcntl) + $(use_enable phar phar) + $(use_enable pdo pdo) + $(use_enable opcache opcache) $(use_with postgres pgsql "${EPREFIX}/usr") - $(use_enable posix) + $(use_enable posix posix) $(use_with spell pspell "${EPREFIX}/usr") - $(use_enable simplexml) + $(use_with recode recode "${EPREFIX}/usr") + $(use_enable simplexml simplexml) $(use_enable sharedmem shmop) $(use_with snmp snmp "${EPREFIX}/usr") - $(use_enable soap) - $(use_enable sockets) - $(use_with sodium) - $(use_with sqlite sqlite3) + $(use_enable soap soap) + $(use_enable sockets sockets) + $(use_with sodium sodium "${EPREFIX}/usr") + $(use_with sqlite sqlite3 "${EPREFIX}/usr") $(use_enable sysvipc sysvmsg) $(use_enable sysvipc sysvsem) $(use_enable sysvipc sysvshm) $(use_with tidy tidy "${EPREFIX}/usr") - $(use_enable tokenizer) - $(use_enable xml) - $(use_enable xmlreader) - $(use_enable xmlwriter) - $(use_with xmlrpc) - $(use_with xslt xsl) - $(use_with zip) + $(use_enable tokenizer tokenizer) + $(use_enable wddx wddx) + $(use_enable xml xml) + $(use_enable xmlreader xmlreader) + $(use_enable xmlwriter xmlwriter) + $(use_with xmlrpc xmlrpc) + $(use_with xslt xsl "${EPREFIX}/usr") + $(use_enable zip zip) + $(use_with zip-encryption libzip "${EPREFIX}/usr") $(use_with zlib zlib "${EPREFIX}/usr") - $(use_enable debug) + $(use_enable debug debug) ) # DBA support if use cdb || use berkdb || use flatfile || use gdbm || use inifile \ || use qdbm || use lmdb || use tokyocabinet ; then - our_conf+=( "--enable-dba" ) + our_conf+=( "--enable-dba${shared}" ) fi # DBA drivers support our_conf+=( - $(use_with cdb) + $(use_with cdb cdb) $(use_with berkdb db4 "${EPREFIX}/usr") - $(use_enable flatfile) + $(use_enable flatfile flatfile) $(use_with gdbm gdbm "${EPREFIX}/usr") - $(use_enable inifile) + $(use_enable inifile inifile) $(use_with qdbm qdbm "${EPREFIX}/usr") - $(use_with tokyocabinet tcadb "${EPREFIX}/usr") $(use_with lmdb lmdb "${EPREFIX}/usr") ) # Support for the GD graphics library our_conf+=( - $(use_with truetype freetype) + $(use_with truetype freetype-dir "${EPREFIX}/usr") $(use_enable cjk gd-jis-conv) - $(use_with gd jpeg) - $(use_with xpm) - $(use_with webp) + $(use_with gd jpeg-dir "${EPREFIX}/usr") + $(use_with gd png-dir "${EPREFIX}/usr") + $(use_with xpm xpm-dir "${EPREFIX}/usr") ) + if use webp; then + our_conf+=( --with-webp-dir="${EPREFIX}/usr" ) + fi # enable gd last, so configure can pick up the previous settings - our_conf+=( $(use_enable gd) ) + our_conf+=( $(use_with gd gd) ) # IMAP support if use imap ; then @@ -340,11 +355,14 @@ src_configure() { ) fi + # Interbase/firebird support + our_conf+=( $(use_with firebird interbase "${EPREFIX}/usr") ) + # LDAP support if use ldap ; then our_conf+=( $(use_with ldap ldap "${EPREFIX}/usr") - $(use_with ldap-sasl) + $(use_with ldap-sasl ldap-sasl "${EPREFIX}/usr") ) fi @@ -360,25 +378,10 @@ src_configure() { fi # ODBC support - if use odbc && use iodbc ; then - our_conf+=( - --without-unixODBC - --with-iodbc - $(use_with pdo pdo-odbc "iODBC,${EPREFIX}/usr") - ) - elif use odbc ; then - our_conf+=( - --with-unixODBC="${EPREFIX}/usr" - --without-iodbc - $(use_with pdo pdo-odbc "unixODBC,${EPREFIX}/usr") - ) - else - our_conf+=( - --without-unixODBC - --without-iodbc - --without-pdo-odbc - ) - fi + our_conf+=( + $(use_with odbc unixODBC "${EPREFIX}/usr") + $(use_with iodbc iodbc "${EPREFIX}/usr") + ) # Oracle support our_conf+=( $(use_with oci8-instant-client oci8) ) @@ -389,8 +392,9 @@ src_configure() { $(use_with mssql pdo-dblib "${EPREFIX}/usr") $(use_with mysql pdo-mysql "${mysqllib}") $(use_with postgres pdo-pgsql) - $(use_with sqlite pdo-sqlite) + $(use_with sqlite pdo-sqlite "${EPREFIX}/usr") $(use_with firebird pdo-firebird "${EPREFIX}/usr") + $(use_with odbc pdo-odbc "unixODBC,${EPREFIX}/usr") $(use_with oci8-instant-client pdo-oci) ) fi @@ -398,23 +402,27 @@ src_configure() { # readline/libedit support our_conf+=( $(use_with readline readline "${EPREFIX}/usr") - $(use_with libedit) + $(use_with libedit libedit "${EPREFIX}/usr") ) # Session support if use session ; then our_conf+=( $(use_with session-mm mm "${EPREFIX}/usr") ) else - our_conf+=( $(use_enable session) ) + our_conf+=( $(use_enable session session) ) fi # Use pic for shared modules such as apache2's mod_php our_conf+=( --with-pic ) # we use the system copy of pcre - # --with-external-pcre affects ext/pcre + # --with-pcre-regex affects ext/pcre + # --with-pcre-dir affects ext/filter and ext/zip + # --with-pcre-valgrind cannot be enabled with system pcre our_conf+=( - --with-external-pcre + --with-pcre-regex="${EPREFIX}/usr" + --with-pcre-dir="${EPREFIX}/usr" + --without-pcre-valgrind $(use_with jit pcre-jit) ) diff --git a/dev-lang/php/php-7.4.20.ebuild b/dev-lang/php/php-7.4.21.ebuild similarity index 99% rename from dev-lang/php/php-7.4.20.ebuild rename to dev-lang/php/php-7.4.21.ebuild index 7b09eb440f4..d747f5c16da 100644 --- a/dev-lang/php/php-7.4.20.ebuild +++ b/dev-lang/php/php-7.4.21.ebuild @@ -116,7 +116,7 @@ COMMON_DEPEND=" readline? ( sys-libs/readline:0= ) session-mm? ( dev-libs/mm ) snmp? ( >=net-analyzer/net-snmp-5.2 ) - sodium? ( dev-libs/libsodium:= ) + sodium? ( dev-libs/libsodium:=[-minimal] ) spell? ( >=app-text/aspell-0.50 ) sqlite? ( >=dev-db/sqlite-3.7.6.3 ) ssl? ( >=dev-libs/openssl-1.0.1:0= ) diff --git a/dev-lang/php/php-8.0.7.ebuild b/dev-lang/php/php-8.0.8.ebuild similarity index 99% rename from dev-lang/php/php-8.0.7.ebuild rename to dev-lang/php/php-8.0.8.ebuild index bf9240b404a..54e951e5c95 100644 --- a/dev-lang/php/php-8.0.7.ebuild +++ b/dev-lang/php/php-8.0.8.ebuild @@ -115,7 +115,7 @@ COMMON_DEPEND=" readline? ( sys-libs/readline:0= ) session-mm? ( dev-libs/mm ) snmp? ( >=net-analyzer/net-snmp-5.2 ) - sodium? ( dev-libs/libsodium:= ) + sodium? ( dev-libs/libsodium:=[-minimal] ) spell? ( >=app-text/aspell-0.50 ) sqlite? ( >=dev-db/sqlite-3.7.6.3 ) ssl? ( >=dev-libs/openssl-1.0.1:0= )