Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-21 18:25:41 +03:00
Code Issues Wiki Activity
aports/community/php82/APKBUILD
Andy Postnikov 73fafc1e58 community/php82: security upgrade to 8.2.3 
- CVE-2023-0567
- CVE-2023-0568
- CVE-2023-0662
2023-02-14 23:52:09 +01:00

659 lines
18 KiB
Text
Raw Blame History

# Contributor: Valery Kartel <valery.kartel@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Andy Postnikov <apostnikov@gmail.com>
# Bundled libraries
#
# Name | License | Location | State
# ----------+---------------------+------------------------+---------
# bcmath | LGPL-2.1-or-later | ext/bcmath/libbcmath | used
# date | MIT | ext/date/lib | used
# fileinfo | BSD-2-Clause | ext/fileinfo/libmagic | used
# gd | BSD | ext/gd/libgd | used
# hash | CC0-1.0 | ext/hash/sha3 | used
# xxHash | BSD-2-Clause | ext/hash/xxhash | used
# libmbfl | LGPL-2.1-only | ext/mbstring/libmbfl | used
# pcre | BSD-3-Clause | ext/pcre/pcrelib | not used
# sqlite3 | Public | ext/sqlite3/libsqlite | not used
# libzip | BSD-3-Clause | ext/zip/lib | not used
# Static extensions
#
# Name | Reason
# ----------+--------------------------------------------
# zlib | https://bugs.alpinelinux.org/issues/8299
# json | https://wiki.php.net/rfc/always_enable_json
pkgname=php82
_pkgreal=php
pkgver=8.2.3
pkgrel=0
_apiver=20220829
_suffix=${pkgname#php}
# Is this package the default (latest) PHP version?
_default_php="no"
provides="$pkgname-cli php-cli php" # for backward compatibility
# priority of community/php81 is 100
provider_priority=60
pkgdesc="The PHP$_suffix language runtime engine"
url="https://www.php.net/"
arch="all"
license="PHP-3.01 BSD-3-Clause LGPL-2.0-or-later MIT Zend-2.0"
depends="$pkgname-common"
depends_dev="$pkgname=$pkgver-r$pkgrel autoconf pcre2-dev re2c"
# Most dependencies between extensions is auto-discovered (see _extension()).
_depends_mysqlnd="$pkgname-openssl"
_depends_pdo_mysql="$pkgname-pdo $pkgname-mysqlnd"
_depends_phar="$pkgname"
# openssl is actually transitive dependency here, but we need to because of
# load index based on number of dependencies.
_depends_mysqli="$pkgname-mysqlnd $pkgname-openssl"
makedepends="
$depends_dev
acl-dev
apache2-dev
argon2-dev
aspell-dev
bison
bzip2-dev
clang
curl-dev
enchant2-dev
freetds-dev
freetype-dev
gdbm-dev
gettext-dev
gmp-dev
icu-dev
imap-dev
krb5-dev
libavif-dev
libedit-dev
libical-dev
libjpeg-turbo-dev
libpng-dev
libpq-dev
lmdb-dev
oniguruma-dev
libsodium-dev
libwebp-dev
libxml2-dev
libxpm-dev
libxslt-dev
libzip-dev
net-snmp-dev
openldap-dev
patchelf
sqlite-dev
tidyhtml-dev
unixodbc-dev
zlib-dev
"
checkdepends="icu-data-full"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc
$pkgname-phpdbg $pkgname-apache2
$pkgname-embed $pkgname-cgi $pkgname-fpm
$pkgname-pear::noarch
"
source="https://php.net/distributions/$_pkgreal-$pkgver.tar.xz
$pkgname-fpm.initd
$pkgname-fpm.logrotate
$pkgname-module.conf
disabled-tests.list
disabled-tests.x86.list
disabled-tests.ppc64le.list
install-pear.patch
includedir.patch
sharedir.patch
$pkgname-fpm-version-suffix.patch
fix-tests-devserver.patch
xfail-openssl-1.1-test.patch
phpinfo-avif.patch
fibers-x86-10407.patch
"
builddir="$srcdir/$_pkgreal-$pkgver"
_libdir="/usr/lib/$pkgname"
_extension_dir="$_libdir/modules"
_extension_confd="/etc/$pkgname/conf.d"
_extensions="
bcmath
bz2
calendar
ctype
curl
dba
dom
enchant
exif
ffi
fileinfo
ftp
gd
gettext
gmp
iconv
imap
intl
ldap
mbstring
mysqli
mysqlnd
odbc
opcache
openssl
pcntl
pdo
pdo_dblib
pdo_mysql
pdo_odbc
pdo_pgsql
pdo_sqlite
pgsql
phar
posix
pspell
session
shmop
simplexml
snmp
soap
sodium
sockets
sqlite3
sysvmsg
sysvsem
sysvshm
tidy
tokenizer
xml
xmlreader
xmlwriter
xsl
zip
"
for _ext in $_extensions; do
case "$_ext" in
phar) subpackages="$subpackages $pkgname-$_ext:$_ext";;
*) subpackages="$subpackages $pkgname-$_ext:_extension";;
esac
done
subpackages="$subpackages $pkgname-common::noarch"
subpackages="$subpackages $pkgname-litespeed"
# secfixes:
# 8.2.3-r0:
# - CVE-2023-0567
# - CVE-2023-0568
# - CVE-2023-0662
# 8.2.1-r0:
# - CVE-2022-31631
# 8.2.0_rc5-r0:
# - CVE-2022-31630
# - CVE-2022-37454
prepare() {
default_prepare
local vapi=$(sed -n '/#define PHP_API_VERSION/{s/.* //;p}' main/php.h)
if [ "$vapi" != "$_apiver" ]; then
error "Upstream API version is now $vapi. Expecting $_apiver"
error "After updating _apiver, all 3rd-party extensions must be rebuilt."
return 1
fi
# https://bugs.php.net/63362 - Not needed but installed headers.
# Drop some Windows specific headers to avoid installation,
# before build to ensure they are really not needed.
rm -f TSRM/tsrm_win32.h \
TSRM/tsrm_config.w32.h \
Zend/zend_config.w32.h \
ext/mysqlnd/config-win.h \
ext/standard/winver.h
# Fix some bogus permissions.
find . -name '*.[ch]' -exec chmod 644 {} \;
# Remove failing tests includng arch specific ones.
local tests="disabled-tests.list disabled-tests.${CARCH}.list"
local file; for file in $tests; do [ -f "$srcdir"/$file ] && \
sed -n '/^[^#]/p' "$srcdir"/$file | while read -r item; do
rm -r $item # do it in this way to apply globbing...
done
done
autoconf
}
# Notes:
# * gd-jis-conv breaks any non-latin font rendering (vakartel).
# * libxml cannot be build as shared.
# * -D_LARGEFILE_SOURCE and -D_FILE_OFFSET_BITS=64 (https://www.php.net/manual/en/intro.filesystem.php andypost)
# * -O2 optimize for apps usage (andypost)
_build() {
export CFLAGS="${CFLAGS/-Os/-O2} -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
export CXXFLAGS="${CXXFLAGS/-Os/-O2} -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"
local without_pcre_jit
[ "$CARCH" = "s390x" ] && without_pcre_jit="--without-pcre-jit"
export CC=clang
export CXX=clang++
EXTENSION_DIR=$_extension_dir ./configure \
--build=$CBUILD \
--host=$CHOST \
--prefix=/usr \
--program-suffix=$_suffix \
--libdir=$_libdir \
--datadir=/usr/share/$pkgname \
--sysconfdir=/etc/$pkgname \
--localstatedir=/var \
--with-layout=GNU \
--with-pic \
--with-config-file-path=/etc/$pkgname \
--with-config-file-scan-dir=$_extension_confd \
--disable-short-tags \
\
--enable-bcmath=shared \
--with-bz2=shared \
--enable-calendar=shared \
--enable-ctype=shared \
--with-curl=shared \
--enable-dba=shared \
--with-dbmaker=shared \
--with-gdbm \
--with-lmdb \
--enable-dom=shared \
--with-enchant=shared \
--enable-exif=shared \
--with-ffi=shared \
--enable-fileinfo=shared \
--enable-ftp=shared \
--enable-gd=shared \
--with-avif \
--with-freetype \
--with-jpeg \
--with-webp \
--with-xpm \
--disable-gd-jis-conv \
--with-gettext=shared \
--with-gmp=shared \
--with-iconv=shared \
--with-imap=shared \
--with-imap-ssl \
--enable-intl=shared \
--with-ldap=shared \
--with-ldap-sasl \
--with-libedit \
--with-libxml \
--enable-mbstring=shared \
--with-mysqli=shared \
--with-mysql-sock=/run/mysqld/mysqld.sock \
--enable-mysqlnd=shared \
--enable-opcache=shared \
--with-openssl=shared \
--with-kerberos \
--with-system-ciphers \
--with-password-argon2 \
--enable-pcntl=shared \
--with-external-pcre \
$without_pcre_jit \
--enable-pdo=shared \
--with-pdo-dblib=shared,/usr \
--with-pdo-mysql=shared,mysqlnd \
--with-pdo-odbc=shared,unixODBC,/usr \
--with-pdo-pgsql=shared \
--with-pdo-sqlite=shared \
--with-pgsql=shared \
--enable-phar=shared \
--enable-posix=shared \
--with-pspell=shared \
--without-readline \
--enable-session=shared \
--enable-shmop=shared \
--enable-simplexml=shared \
--with-snmp=shared \
--enable-soap=shared \
--with-sodium=shared \
--enable-sockets=shared \
--with-sqlite3=shared \
--enable-sysvmsg=shared \
--enable-sysvsem=shared \
--enable-sysvshm=shared \
--with-tidy=shared \
--enable-tokenizer=shared \
--with-unixODBC=shared,/usr \
--enable-xml=shared \
--enable-xmlreader=shared \
--enable-xmlwriter=shared \
--with-xsl=shared \
--with-zip=shared \
--with-zlib \
"$@"
rm -f modules/* # clean-up possible previous build
make
}
build() {
# build phpcgi and apache2 SAPIs first
# because not fixed https://bugs.php.net/bug.php?id=52419
# apache2 module
_build --disable-phpdbg \
--disable-cli \
--with-apxs2
mv libs/libphp.so sapi/apache2handler/mod_php$_suffix.so
local enable_litespeed
[ -z ${subpackages##*-litespeed*} ] && enable_litespeed=--enable-litespeed
# cgi, cli, fpm, embed, phpdbg, pear/pecl, litespeed
_build --enable-phpdbg \
--with-pear=/usr/share/$pkgname \
--enable-fpm \
--with-fpm-acl \
$enable_litespeed \
--enable-embed
}
check() {
# PHP is so stupid that it's not able to resolve dependencies
# between extensions and load them in correct order, so we must
# help it...
# opcache is Zend extension, it's handled specially in Makefile
local php_modules=$(_extensions_by_load_order \
| grep -vx opcache \
| xargs -n 1 printf "'$builddir/modules/%s.la' ")
sed -i "/^PHP_TEST_SHARED_EXTENSIONS/,/extension=/ \
s|in \$(PHP_MODULES)\"*|in $php_modules|" Makefile
# XXX: Few tests fail on the named platforms.
# Ignore it for now and continue build even on test failures.
local allow_fail='no'
case "$CARCH" in
no ) allow_fail='yes'
esac
TESTS="${TESTS:- --show-diff }" NO_INTERACTION=1 REPORT_EXIT_STATUS=1 \
SKIP_SLOW_TESTS=1 SKIP_ONLINE_TESTS=1 TEST_TIMEOUT=10 \
SKIP_PERF_SENSITIVE=1 \
TZ='' LANG='' LC_ALL='' TEST_FPM_EXTENSION_DIR=modules \
TRAVIS=true SKIP_IO_CAPTURE_TESTS=1 \
make test || [ "$allow_fail" = yes ]
echo 'NOTE: We have skipped quite a lot tests, see disabled-tests.list.'
}
package() {
make -j1 INSTALL_ROOT="$pkgdir" install
install -Dm644 php.ini-production "$pkgdir"/etc/$pkgname/php.ini
local file; for file in pear peardev pecl; do
sed -i -e "s|/usr/bin/php|/usr/bin/php$_suffix|g" \
-e "s|PHP=php|PHP=php$_suffix|" \
"$pkgdir"/usr/bin/$file
done
find "$pkgdir" -name '.*' -print0 | xargs -0 rm -rf
rmdir "$pkgdir"/var/run
if [ "$_default_php" = yes ]; then
ln -s php$_suffix "$pkgdir"/usr/bin/php
fi
install -D -m 755 sapi/apache2handler/mod_php$_suffix.so \
"$pkgdir"/usr/lib/apache2/mod_php$_suffix.so
install -D -m 644 "$srcdir"/php$_suffix-module.conf \
"$pkgdir"/etc/apache2/conf.d/php$_suffix-module.conf
}
dev() {
default_dev
replaces="php-dev"
depends="$depends"
cd "$pkgdir"
_mv usr/bin/php-config$_suffix \
usr/bin/phpize$_suffix \
"$subpkgdir"/usr/bin/
_mv ./$_libdir/build "$subpkgdir"/$_libdir/
if [ "$_default_php" = yes ]; then
ln -s phpize$_suffix "$subpkgdir"/usr/bin/phpize
ln -s php-config$_suffix "$subpkgdir"/usr/bin/php-config
fi
}
doc() {
default_doc
cd "$builddir"
mkdir -p "$subpkgdir"/usr/share/doc/$pkgname
cp CODING_STANDARDS.md EXTENSIONS LICENSE NEWS \
README* UPGRADING* \
"$subpkgdir"/usr/share/doc/$pkgname/
}
apache2() {
pkgdesc="PHP$_suffix Module for Apache2"
depends="$depends apache2"
provides="php-apache2"
amove usr/lib/apache2/mod_php$_suffix.so
amove etc/apache2/conf.d/php$_suffix-module.conf
}
phpdbg() {
pkgdesc="Interactive PHP$_suffix debugger"
provides="php-phpdbg"
amove usr/bin/phpdbg$_suffix
if [ "$_default_php" = yes ]; then
ln -s phpdbg$_suffix "$subpkgdir"/usr/bin/phpdbg
fi
}
embed() {
pkgdesc="PHP$_suffix Embedded Library"
provides="php-embed"
mkdir -p "$subpkgdir"/usr/lib
mv "$pkgdir"/usr/lib/libphp.so "$subpkgdir"/usr/lib/libphp$_suffix.so
# we do this so it matches the name, otherwise SONAME libphp.so conflicts
patchelf --set-soname libphp$_suffix.so "$subpkgdir"/usr/lib/libphp$_suffix.so
}
litespeed() {
pkgdesc="PHP$_suffix LiteSpeed SAPI"
provides="php-lightspeed"
mkdir -p "$subpkgdir"/usr/bin
mv "$pkgdir"/usr/bin/lsphp$_suffix "$subpkgdir"/usr/bin
if [ "$_default_php" = yes ]; then
ln -s lsphp$_suffix "$subpkgdir"/usr/bin/lsphp
fi
}
cgi() {
pkgdesc="PHP$_suffix Common Gateway Interface"
provides="php-cgi"
_mv "$pkgdir"/usr/bin/php-cgi$_suffix "$subpkgdir"/usr/bin/
if [ "$_default_php" = yes ]; then
ln -s php-cgi$_suffix "$subpkgdir"/usr/bin/php-cgi
fi
}
fpm() {
pkgdesc="PHP$_suffix FastCGI Process Manager"
provides="php-fpm"
cd "$pkgdir"
_mv var "$subpkgdir"/
_mv usr/share/$pkgname/fpm "$subpkgdir"/var/lib/$pkgname/
_mv usr/sbin "$subpkgdir"/usr/
_mv etc/$pkgname/php-fpm* "$subpkgdir"/etc/$pkgname/
local file; for file in php-fpm.conf php-fpm.d/www.conf; do
mv "$subpkgdir"/etc/$pkgname/$file.default \
"$subpkgdir"/etc/$pkgname/$file
done
install -D -m 755 "$srcdir"/$pkgname-fpm.initd \
"$subpkgdir"/etc/init.d/php-fpm$_suffix
install -D -m 644 "$srcdir"/$pkgname-fpm.logrotate \
"$subpkgdir"/etc/logrotate.d/php-fpm$_suffix
mkdir -p "$subpkgdir"/var/log/$pkgname
}
pear() {
pkgdesc="PHP$_suffix Extension and Application Repository"
depends="$pkgname $pkgname-xml"
provides="php-pear"
cd "$pkgdir"
mkdir -p "$subpkgdir"/usr/bin
local file; for file in pecl pear peardev; do
mv usr/bin/$file "$subpkgdir"/usr/bin/$file$_suffix
if [ "$_default_php" = yes ]; then
ln -s $file$_suffix "$subpkgdir"/usr/bin/$file
fi
done
_mv etc/$pkgname/pear.conf "$subpkgdir"/etc/$pkgname/
_mv usr/share "$subpkgdir"/usr/
}
common() {
pkgdesc="$pkgdesc (common config)"
provides="php-common $pkgname-zlib php-zlib $pkgname-json php-json" # for backward compatibility
depends=""
cd "$pkgdir"
_mv usr/lib "$subpkgdir"/usr/
_mv etc "$subpkgdir"/
mkdir -p "$subpkgdir"/$_extension_confd
}
phar() {
_extension
cd "$pkgdir"
mkdir -p "$subpkgdir"/usr/bin
mv usr/bin/phar$_suffix.phar "$subpkgdir"/usr/bin/phar.phar$_suffix
rm usr/bin/phar$_suffix
ln -s phar.phar$_suffix "$subpkgdir"/usr/bin/phar$_suffix
if [ "$_default_php" = yes ]; then
ln -s phar.phar$_suffix "$subpkgdir"/usr/bin/phar.phar
ln -s phar.phar$_suffix "$subpkgdir"/usr/bin/phar
fi
}
_extension() {
local extname="${subpkgname#$pkgname-}"
local extdepends="$(eval "echo \$_depends_$extname")"
local extdesc="$(head -n1 "$builddir"/ext/$extname/CREDITS 2>/dev/null ||:)"
pkgdesc="PHP$_suffix extension: ${extdesc:-$extname}"
provides="php-$extname"
: ${extdepends:=$(_resolve_extension_deps "$extname")}
depends="$depends $extdepends"
local load_order=$(_extension_load_order "$extname")
# extension prefix
local prefix=
[ "$extname" != "opcache" ] || prefix="zend_"
_mv "$pkgdir"/$_extension_dir/$extname.so \
"$subpkgdir"/$_extension_dir/
mkdir -p "$subpkgdir"/$_extension_confd
echo "${prefix}extension=$extname" \
> "$subpkgdir"/$_extension_confd/"$(printf %02d $load_order)"_$extname.ini
}
# Resolves dependencies of the given extension name (without $pkgname- prefix)
# on other extensions in $_extensions and prints them with $pkgname- prefix.
_resolve_extension_deps() {
local name="$1"
# We use config.w32 just because it's more accurate than config.m4.
local config="$builddir/ext/$name/config.w32"
[ -f "$config" ] || return 0
cat "$config" \
| sed -En "s/.*ADD_EXTENSION_DEP\('$name', ([^)]+)\).*/\1/p" \
| tr -d "'," | tr ' ' '\n' \
| sort -u \
| while read -r dep; do
if echo "$_extensions" | grep -qw "$dep"; then
echo "$pkgname-$dep"
fi
done
}
# Prints a load order (0-based integer) for the given extension name. Extension
# with lower load order should be loaded before exts with higher load order.
# It's based on number of dependencies of the extension (with exception for
# "imap"), which is flawed, but simple and good enough for now.
_extension_load_order() {
local name="$1"
local deps=$(eval "echo \$_depends_$name")
case "$name" in
# XXX: This must be loaded after recode, even though it does
# not depend on it. So we must use this hack...
*) echo "${deps:=$(_resolve_extension_deps $name)}" | wc -w;;
esac
}
# Prints $_extensions sorted by load order and name.
_extensions_by_load_order() {
local deps list name
for name in $_extensions; do
list="$list $(_extension_load_order $name);$name"
done
printf '%s\n' $list | sort -t ';' -k 1 | sed -E 's/\d+;//'
}
_mv() {
local dest; for dest; do true; done # get last argument
mkdir -p "$dest"
mv "$@"
}
sha512sums="
4e3ae840ac486868d5bedc2ae771e3ff5d4939ba4c2f7c769b7052322a5eccc8fba253df311a77f3ea852bf42f9dec34653baf828f68c9c191d3a425a8968d4c php-8.2.3.tar.xz
65bd907ea11e12efff1c06b86609a2acaecaac2c49caa087ef9529d26d89891fcad1c49a4faa494ba0aab1683abf56cc2e45d9727a50aa2dc16369425974bf51 php82-fpm.initd
29dc69d06c25ecc194b617e9af7c42fbdbe634a8312a5c6a1ab8e2d582cb64ed2f53308eeaa45dcf71b7f5618e6ef3e9d8a9d6932685e0d8af86203f43481bd9 php82-fpm.logrotate
504f0e4aca2dfd36f428006fe6442557e99f8608f683467ae95519b5219208951bf3ba7223af69728a4e055110f5e491ea4b484db2f696410ce35f4999a8481a php82-module.conf
e576ffdd8d5bfa3a22780ef9e781b90f2a62d8cae30bd32cd3e90c7ebbb9830bea570c50a987039c64ecf48b56f0d3fdf4f1e89516eb8b79a9aaee575a1f6de1 disabled-tests.list
08fa95fb741d2017f41bf36fd32ad02e6076cde806a7035e8e324b4ba3147bc6b96e124e662a87ff62bd1d33b5be1739e5a839e2023ef0da9e08bd6393a5a53c disabled-tests.x86.list
65676dea36ff8823dd1e8d7165e48c2719133ca8cf5287d6051f35f70e4bc57f1c93fe9b0196c9307c072187deb08409731f1eef281387ae4367655472f882d3 disabled-tests.ppc64le.list
ec206639d076ddac6c2d1db697a5428ed3be979157db39417af7fbe6ab837e8dc00315ae0e55aea4f92f45ca5827c88cc4933099fad9c962f029ca81bef779d7 install-pear.patch
f93c6544fe7cc630b72c2315b312e327b39d7a46e9bcd0d00d37d92863dd44c06f96f74539f0ef93768f73d81f38356c753901621a62e69966c3fe8aaa58ba9e includedir.patch
8fb98b369b522eb2d5b0735773343e5ca31bcdf422cba0dc0c014d57e63de0f8c746c8b4cedcfa874aa053488ec8642a84771aad16eeee50b1bfd84343f37c05 sharedir.patch
804f376d3a58318edc792ab0f898bf9f2f719dd56c16dbac21e0ea020b32556ef3283a7c14ea5a2791594af0c1b96ae99906033fc947feea340ab04b95626c68 php82-fpm-version-suffix.patch
1b64a7cef9e81387f955cb60ffa4e3d2277b4f6072e9328d779c0d447c202c8ee9dff0d8d8c34abc82c150311f51c4e9316a3b72a383ca6c9a6e683bc5b349a0 fix-tests-devserver.patch
d90e839cfae1cbb42c1dfb0fb73defa55154dbef69bc9a8206e561c2d0ceb43ca778e35dcfa3224570deabe7d59d35dac3f21d0c4bd82ac92cebd5477a30a89d xfail-openssl-1.1-test.patch
8833c5c6f5225f5e85a9cd842274e4e6b2f55dc572a13bdb3066c624f82c9f39fa07cb2f8f242092ff814f61f0cb8abaa792b1f93c16ad341f1a8dec05a6ca2d phpinfo-avif.patch
0cc17ec011bbd4a3e84aa5fabae9b726690d0a018cf65194673999dd6e326684515b2174831b3403c6f3d68305091c6fbb42ef6230af231736c8ba7d474e673e fibers-x86-10407.patch
"
Reference in a new issue View git blame Copy permalink