From 2268d1246d2eb8905487049f64b3aa7605ce6868 Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 27 Oct 2024 23:22:07 +0000 Subject: [PATCH 1/4] apacheHttpdPackages.php: 8.2.24 -> 8.2.25 (cherry picked from commit c59e45ce4254d0ec97072629958980b4693d24e7) --- pkgs/development/interpreters/php/8.2.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/php/8.2.nix b/pkgs/development/interpreters/php/8.2.nix index 50f70617fe1cd..e1b8d2201e577 100644 --- a/pkgs/development/interpreters/php/8.2.nix +++ b/pkgs/development/interpreters/php/8.2.nix @@ -2,8 +2,8 @@ let base = callPackage ./generic.nix (_args // { - version = "8.2.24"; - hash = "sha256-TMduxkTu6X0XySv+jQ6EcU/t8pmlOLffrcBjndDcQy8="; + version = "8.2.25"; + hash = "sha256-B7QcXpbGDAllEORfAvgYQU0RvdDV2htoQN26K6colAE="; }); in base.withExtensions ({ all, ... }: with all; ([ From 24310d19566f13bbcb9ff5a12e6d6f568336246a Mon Sep 17 00:00:00 2001 From: "R. Ryantm" Date: Sun, 24 Nov 2024 01:50:45 +0000 Subject: [PATCH 2/4] php82: 8.2.25 -> 8.2.26 (cherry picked from commit c9ac44d1f1a304a6e671d6be82d06dff6ae328c3) --- pkgs/development/interpreters/php/8.2.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/php/8.2.nix b/pkgs/development/interpreters/php/8.2.nix index e1b8d2201e577..4fdcf60354f57 100644 --- a/pkgs/development/interpreters/php/8.2.nix +++ b/pkgs/development/interpreters/php/8.2.nix @@ -2,8 +2,8 @@ let base = callPackage ./generic.nix (_args // { - version = "8.2.25"; - hash = "sha256-B7QcXpbGDAllEORfAvgYQU0RvdDV2htoQN26K6colAE="; + version = "8.2.26"; + hash = "sha256-vlfDR9RRyQW8tDNoMqhk2ZKN0OIJibhycF/qC6ZHbGs="; }); in base.withExtensions ({ all, ... }: with all; ([ From 4ba1283c6cdb4a7831e01f65fd994a1f608cf547 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sun, 24 Nov 2024 19:24:37 +0100 Subject: [PATCH 3/4] php83: 8.3.13 -> 8.3.14 Fixes * CVE-2024-8932 * CVE-2024-8929 * CVE-2024-11236 * CVE-2024-11234 * CVE-2024-11233 * GHSA-4w77-75f9-2c8w ChangeLog: https://www.php.net/ChangeLog-8.php#8.3.14 (cherry picked from commit 6f6d0f283887fc8bcc466473e9d9bdc4997715cb) --- pkgs/development/interpreters/php/8.3.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/interpreters/php/8.3.nix b/pkgs/development/interpreters/php/8.3.nix index 43dbc2ce033dc..c51dd4d014154 100644 --- a/pkgs/development/interpreters/php/8.3.nix +++ b/pkgs/development/interpreters/php/8.3.nix @@ -2,8 +2,8 @@ let base = callPackage ./generic.nix (_args // { - version = "8.3.13"; - hash = "sha256-x3kcguGlVMyvhKQLpxzBQXupr2f7Wzl4CDf9fH628SQ="; + version = "8.3.14"; + hash = "sha256-9W+mac5MAUUqKSH0ADTXedjCuX0HSUk61HgYE7kiHPg="; }); in base.withExtensions ({ all, ... }: with all; ([ From 714f870cfd23b2b55413df343a80acc89394ee32 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Sun, 24 Nov 2024 19:34:52 +0100 Subject: [PATCH 4/4] php81: 8.1.30 -> 8.1.31 Fixes * CVE-2024-8932 * CVE-2024-8929 * CVE-2024-11236 * CVE-2024-11234 * CVE-2024-11233 * GHSA-4w77-75f9-2c8w ChangeLog: https://www.php.net/ChangeLog-8.php#8.1.31 (cherry picked from commit 211a54292cfd75b7a893152fff7344fe300cd86b) --- pkgs/development/interpreters/php/8.1.nix | 12 ++---------- pkgs/top-level/php-packages.nix | 12 ------------ 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/pkgs/development/interpreters/php/8.1.nix b/pkgs/development/interpreters/php/8.1.nix index 3938ca414524b..51610fb409851 100644 --- a/pkgs/development/interpreters/php/8.1.nix +++ b/pkgs/development/interpreters/php/8.1.nix @@ -2,16 +2,8 @@ let base = callPackage ./generic.nix ((removeAttrs _args [ "fetchpatch" ]) // { - version = "8.1.30"; - hash = "sha256-yxYl5axJuRA3R34+d2e7BiQ0OXGuuZL0eRthivVx0j4="; - extraPatches = [ - # Fix build with libxml 2.12+. - # Patch from https://github.com/php/php-src/commit/0a39890c967aa57225bb6bdf4821aff7a3a3c082 - (fetchpatch { - url = "https://github.com/php/php-src/commit/0a39890c967aa57225bb6bdf4821aff7a3a3c082.patch"; - hash = "sha256-HvpTL7aXO9gr4glFdhqUWQPrG8TYTlvbNINq33M3zS0="; - }) - ]; + version = "8.1.31"; + hash = "sha256-CzmCizRRUcrxt5XZ9LkjyYhyMXdsMwdt/J2QpEOQ0Nw="; }); in base.withExtensions ({ all, ... }: with all; ([ diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix index e008dbc233204..de28c0ac66dac 100644 --- a/pkgs/top-level/php-packages.nix +++ b/pkgs/top-level/php-packages.nix @@ -382,18 +382,6 @@ in { configureFlags = [ "--enable-dom" ]; - # Add a PHP lower version bound constraint to avoid applying the patch on older PHP versions. - patches = lib.optionals ((lib.versions.majorMinor php.version == "8.2" && lib.versionOlder php.version "8.2.14" && lib.versionAtLeast php.version "8.2.7") || (lib.versions.majorMinor php.version == "8.1" && lib.versionAtLeast php.version "8.1.27")) [ - # Fix tests with libxml 2.12 - # Part of 8.3.1RC1+, 8.2.14RC1+ - (fetchpatch { - url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch"; - hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU="; - excludes = [ - "NEWS" - ]; - }) - ]; } { name = "enchant";