[MEDIUM] Minor version of php upgraded to 8.3.23 - to fix CVE-2025-1735, CVE-2025-6491, CVE-2025-1220 (#14297)

aninda-al · web-flow · commit 0965813827a0 · 2025-08-07T13:51:27.000+05:30
diff --git a/SPECS/php/php-8.3.20-embed.patch b/SPECS/php/php-8.3.20-embed.patch
@@ -1,19 +1,19 @@
 diff -up ./sapi/embed/config.m4.embed ./sapi/embed/config.m4
---- ./sapi/embed/config.m4.embed	2020-07-07 13:51:05.879764972 +0200
-+++ ./sapi/embed/config.m4	2020-07-07 13:52:50.128412148 +0200
-@@ -12,7 +12,8 @@ if test "$PHP_EMBED" != "no"; then
-     yes|shared)
-       LIBPHP_CFLAGS="-shared"
-       PHP_EMBED_TYPE=shared
+--- ./sapi/embed/config.m4.embed	2025-03-26 08:07:06.692333414 +0100
++++ ./sapi/embed/config.m4	2025-03-26 08:07:42.872879994 +0100
+@@ -15,7 +15,8 @@ if test "$PHP_EMBED" != "no"; then
+         SAPI_SHARED="libs/libphp.dylib"
+         PHP_EMBED_TYPE=shared-dylib
+       ], [PHP_EMBED_TYPE=shared])
 -      INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(prefix)/lib; \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)\$(prefix)/lib"
 +      EXTRA_LDFLAGS="$EXTRA_LDFLAGS -release \$(PHP_MAJOR_VERSION).\$(PHP_MINOR_VERSION)"
 +      INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)\$(libdir); \$(LIBTOOL) --mode=install \$(INSTALL) -m 0755 \$(OVERALL_TARGET) \$(INSTALL_ROOT)\$(libdir)"
        ;;
      static)
        LIBPHP_CFLAGS="-static"
 diff -up ./scripts/php-config.in.embed ./scripts/php-config.in
---- ./scripts/php-config.in.embed	2020-07-07 12:54:42.000000000 +0200
-+++ ./scripts/php-config.in	2020-07-07 13:51:05.880764968 +0200
+--- ./scripts/php-config.in.embed	2025-03-25 22:00:06.000000000 +0100
++++ ./scripts/php-config.in	2025-03-26 08:07:06.692518461 +0100
 @@ -18,7 +18,7 @@ exe_extension="@EXEEXT@"
  php_cli_binary=NONE
  php_cgi_binary=NONE
@@ -22,4 +22,4 @@ diff -up ./scripts/php-config.in.embed ./scripts/php-config.in
 +php_sapis="apache2handler litespeed fpm phpdbg @PHP_INSTALLED_SAPIS@"
  ini_dir="@EXPANDED_PHP_CONFIG_FILE_SCAN_DIR@"
  ini_path="@EXPANDED_PHP_CONFIG_FILE_PATH@"
- 
+ 
diff --git a/SPECS/php/php.signatures.json b/SPECS/php/php.signatures.json
@@ -1,19 +1,19 @@
 {
-  "Signatures": {
-    "10-opcache.ini": "6065beb2ace54d6cb5a8cde751330ea358bd23692073c6e3d2c57f7c97bec869",
-    "20-ffi.ini": "f5e968fdd3eca54f3dab2399e243931cf16cd9da034f0364800aefab222271c0",
-    "macros.php": "917104496e8239e1ed1d4812871be772a5fa8b38cf80c4c59ec3e0c36d48310e",
-    "nginx-fpm.conf": "5a222ab2c3fc0145cb67a1c5125471bbf097de304e77c9858e7077a3b4fcad59",
-    "nginx-php.conf": "b3b3f744c4c122302fcb11f39cac78d01cef15ee6f8bd67e98b3438efcf8dc95",
-    "opcache-default.blacklist": "4eef0875e1a0c6a75b8a2bafd4ddc029b83be74dd336a6a99214b0c32808cb38",
-    "php-fpm-www.conf": "1cacdd4962c01a0a968933c38db503023940ad9105f021bdab85d6cdc46dcbb8",
-    "php-fpm.conf": "bb261d53b9b42bb163a7637bb373ffa18a20dddf27a3efe6cb5ed1b1cf5981a9",
-    "php-fpm.logrotate": "7d8279bebb9ffabc596a2699150e93d4ce4513245890b9b786d337288b19fa79",
-    "php-fpm.service": "574f50dec5a0edd60e60e44e7cc2d03575bc728bdc0b0cab021ce3c55abc0117",
-    "php-fpm.wants": "846297e91ba02bd0e29b6635eeddcca01a7ad4faf5a8f27113543804331d0328",
-    "php.conf": "e2388be032eccf7c0197d597ba72259a095bf8434438a184e6a640edb4b59de2",
-    "php.ini": "8fd5a4d891c19320c07010fbbbac982c886b422bc8d062acaeae49d70c136fc8",
-    "php.modconf": "dc7303ea584452d2f742d002a648abe74905025aabf240259c7e8bd01746d278",
-    "php-8.3.19.tar.xz": "976e4077dd25bec96b5dfe8938052d243bbd838f95368a204896eff12756545f"
-  }
-}
+ "Signatures": {
+  "10-opcache.ini": "6065beb2ace54d6cb5a8cde751330ea358bd23692073c6e3d2c57f7c97bec869",
+  "20-ffi.ini": "f5e968fdd3eca54f3dab2399e243931cf16cd9da034f0364800aefab222271c0",
+  "macros.php": "917104496e8239e1ed1d4812871be772a5fa8b38cf80c4c59ec3e0c36d48310e",
+  "nginx-fpm.conf": "5a222ab2c3fc0145cb67a1c5125471bbf097de304e77c9858e7077a3b4fcad59",
+  "nginx-php.conf": "b3b3f744c4c122302fcb11f39cac78d01cef15ee6f8bd67e98b3438efcf8dc95",
+  "opcache-default.blacklist": "4eef0875e1a0c6a75b8a2bafd4ddc029b83be74dd336a6a99214b0c32808cb38",
+  "php-8.3.23.tar.xz": "08be64700f703bca6ff1284bf1fdaffa37ae1b9734b6559f8350248e8960a6db",
+  "php-fpm-www.conf": "1cacdd4962c01a0a968933c38db503023940ad9105f021bdab85d6cdc46dcbb8",
+  "php-fpm.conf": "bb261d53b9b42bb163a7637bb373ffa18a20dddf27a3efe6cb5ed1b1cf5981a9",
+  "php-fpm.logrotate": "7d8279bebb9ffabc596a2699150e93d4ce4513245890b9b786d337288b19fa79",
+  "php-fpm.service": "574f50dec5a0edd60e60e44e7cc2d03575bc728bdc0b0cab021ce3c55abc0117",
+  "php-fpm.wants": "846297e91ba02bd0e29b6635eeddcca01a7ad4faf5a8f27113543804331d0328",
+  "php.conf": "e2388be032eccf7c0197d597ba72259a095bf8434438a184e6a640edb4b59de2",
+  "php.ini": "8fd5a4d891c19320c07010fbbbac982c886b422bc8d062acaeae49d70c136fc8",
+  "php.modconf": "dc7303ea584452d2f742d002a648abe74905025aabf240259c7e8bd01746d278"
+ }
+}
diff --git a/SPECS/php/php.spec b/SPECS/php/php.spec
@@ -32,7 +32,7 @@
 %global with_qdbm     0
 Summary:        PHP scripting language for creating dynamic web sites
 Name:           php
-Version:        8.3.19
+Version:        8.3.23
 Release:        1%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
@@ -64,7 +64,7 @@ Source53:       20-ffi.ini
 # Build fixes
 Patch1:         php-7.4.0-httpd.patch
 Patch5:         php-7.2.0-includedir.patch
-Patch6:         php-8.0.0-embed.patch
+Patch6:         php-8.3.20-embed.patch
 Patch8:         php-8.1.0-libdb.patch
 # Functional changes
 # Use system nikic/php-parser
@@ -1514,6 +1514,10 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 %dir %{_datadir}/php/preload
 
 %changelog
+* Tue Jul 15 2025 Aninda Pradhan <v-anipradhan@microsoft.com> - 8.3.23-1
+- Upgrade to 8.3.23 to fix CVE-2025-1735, CVE-2025-6491, CVE-2025-1220
+- Fixed build issue by replacing php-8.0.0-embed.patch with php-8.3.20-embed.patch
+
 * Sun Mar 30 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 8.3.19-1
 - Auto-upgrade to 8.3.19 - for CVE-2025-1217 CVE-2025-1219, CVE-2025-1736, CVE-2025-1861
 
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -21083,8 +21083,8 @@
         "type": "other",
         "other": {
           "name": "php",
-          "version": "8.3.19",
-          "downloadUrl": "https://www.php.net/distributions/php-8.3.19.tar.xz"
+          "version": "8.3.23",
+          "downloadUrl": "https://www.php.net/distributions/php-8.3.23.tar.xz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -21083,8 +21083,8 @@`
`21083`	`21083`	`"type": "other",`
`21084`	`21084`	`"other": {`
`21085`	`21085`	`"name": "php",`
`21086`		`- "version": "8.3.19",`
`21087`		`- "downloadUrl": "https://www.php.net/distributions/php-8.3.19.tar.xz"`
	`21086`	`+ "version": "8.3.23",`
	`21087`	`+ "downloadUrl": "https://www.php.net/distributions/php-8.3.23.tar.xz"`
`21088`	`21088`	`}`
`21089`	`21089`	`}`
`21090`	`21090`	`},`