php7-7.4.33-150200.3.46.2

- version update to 7.4.33 [bsc#1204577][bsc#1204979]
    03 Nov 2022
    GD:
    Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
    Hash:
    Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)

- version update to 7.4.32 [jsc#SLE-23639]
  Version 7.4.32
  29 Sep 2022
    Core:
    Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
    Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
  Version 7.4.30
  09 Jun 2022
    mysqlnd:
    Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
    pgsql:
    Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
  Version 7.4.29
  14 Apr 2022
    Core:
    No source changes to this release. This update allows for re-building the Windows binaries against upgraded dependencies which have received security updates.
    Date:
    Updated to latest IANA timezone database (2022a).
  Version 7.4.28
  17 Feb 2022
    Filter:
    Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)
  Version 7.4.27
  16 Dec 2021
    Core:
    Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
    FPM:
    Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
    GD:
    Fixed bug #71316 (libpng warning from imagecreatefromstring).
    OpenSSL:
    Fixed bug #75725 (./configure: detecting RAND_egd).
    PCRE:
    Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
    Standard:
    Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type).
    Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
  Version 7.4.26
  18 Nov 2021
    Core:
    Fixed bug #81518 (Header injection via default_mimetype / default_charset).
    Date:
    Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
    MBString:
    Fixed bug #76167 (mbstring may use pointer from some previous request).
    MySQLi:
    Fixed bug #81494 (Stopped unbuffered query does not throw error).
    PCRE:
    Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
    Streams:
    Fixed bug #54340 (Memory corruption with user_filter).
    XML:
    Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
- fixes [bsc#1203867] and [bsc#1203870]
- deleted patches
  - php7-CVE-2021-21707.patch (upstreamed)
  - php7-CVE-2021-21708.patch (upstreamed)
  - php7-CVE-2022-31625.patch (upstreamed)
  - php7-CVE-2022-31626.patch (upstreamed)

- fix ghost name for /run/php-fpm [bsc#1173786]

- security update
- added patches
  fix CVE-2020-7069 [bsc#1177351], when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is used
  + php7-CVE-2020-7069.patch
  fix CVE-2020-7070 [bsc#1177352], Percent-encoded cookies can be used to overwrite existing prefixed cookie names
  + php7-CVE-2020-7070.patch

- security update
- added patches
  fix CVE-2020-7068 [bsc#1175223], Use of freed hash key in the phar_parse_zipfile function
  + php7-CVE-2020-7068.patch

- do not install outdated README.SUSE [bsc#1174010]

- do not install %{_tmpfilesdir}, %{_tmpfilesdir}/php-fpm.conf in
  test favour

- added tmpfiles.d for php-fpm to provide a base base for a socket
  (boo#1173786)

- security update
- added patches
  fix CVE-2019-11048 [bsc#1171999], supplying overly long filenames or field names if HTTP file uploads are allowed could lead to exhausting disk space on the server
  + php7-CVE-2019-11048.patch

- security update
- added patches
  fix CVE-2020-7064 [bsc#1168326], read one byte of uninitialized memory via malicious data
  + php7-CVE-2020-7064.patch
  fix CVE-2020-7066 [bsc#1168352], URL truncation if the URL contains zero (\0) character
  + php7-CVE-2020-7066.patch

- security update
- added patches
  fix CVE-2020-7062 [bsc#1165280], null pointer dereference when using file upload functionality under specific circumstances
  + php7-CVE-2020-7062.patch
  fix CVE-2020-7063 [bsc#1165289], creating PHAR archive using PharData:buildFromIterator() function will add files with default permissions
  + php7-CVE-2020-7063.patch

- security update
- added patches
  CVE-2020-7059 [bsc#1162629]
  + php7-CVE-2020-7059.patch
  CVE-2020-7060 [bsc#1162632]
  + php7-CVE-2020-7060.patch

- security update
- added patches
  CVE-2019-11045 [bsc#1159923]
  + php7-CVE-2019-11045.patch
  CVE-2019-11046 [bsc#1159924]
  + php7-CVE-2019-11046.patch
  CVE-2019-11047 [bsc#1159922]
  + php7-CVE-2019-11047.patch
  CVE-2019-11050 [bsc#1159927]
  + php7-CVE-2019-11050.patch

- security update
- added patches
  CVE-2019-11043 [bsc#1154999]
  + php7-CVE-2019-11043.patch

- provide test results via multibuild :test [bsc#1119396]
- added sources
  + _multibuild

- drop -n from php invocation from pecl [bsc#1151793]
  https://github.com/pear/pear-core/commit/f94454a74785865cec50bf9d64c410efc29b587a

- turn off run of testsuite as we get Kernel panic on s390x

- security update
- added patches
  CVE-2019-11041 [bsc#1146360]
  + php7-CVE-2019-11041.patch
  CVE-2019-11042 [bsc#1145095]
  + php7-CVE-2019-11042.patch

- security update
- added patches
  CVE-2019-11039 [bsc#1138173]
  + php-CVE-2019-11039.patch
  CVE-2019-11040 [bsc#1138172]
  + php-CVE-2019-11040.patch

- security update
- added patches
  CVE-2019-11036 [bsc#1134322]
  + php-CVE-2019-11036.patch

- security update
- added patches
  CVE-2019-11034 [bsc#1132838]
  + php-CVE-2019-11034.patch
  CVE-2019-11035 [bsc#1132837]
  + php-CVE-2019-11035.patch

- security update
- added patches
  CVE-2019-9637 [bsc#1128892]
  + php-CVE-2019-9637.patch
  CVE-2019-9675 [bsc#1128886]
  + php-CVE-2019-9675.patch
  CVE-2019-9638 [bsc#1128889], CVE-2019-9639 [bsc#1128887]
  + php-CVE-2019-9638,9639.patch
  CVE-2019-9640 [bsc#1128883]
  + php-CVE-2019-9640.patch

- upstream bug #41631 is already fixed [bsc#1129032]
- deleted sources
  - README.default_socket_timeout (not needed)

- security update
  * CVE-2019-9024 [bsc#1126821]
    + php-CVE-2019-9024.patch
  * CVE-2019-9020 [bsc#1126711]
    + php-CVE-2019-9020.patch
  * CVE-2018-20783 [bsc#1127122]
    + php-CVE-2018-20783.patch
  * CVE-2019-9021 [bsc#1126713]
    + php-CVE-2019-9021.patch
  * CVE-2019-9022 [bsc#1126827]
    + php-CVE-2019-9022.patch
  * CVE-2019-9023 [bsc#1126823]
    + php-CVE-2019-9023.patch
  * CVE-2019-9641 [bsc#1128722]
    + php-CVE-2019-9641.patch

- asan_build: build ASAN included
- debug_build: build more suitable for debugging

- Enable testsuite during build time and save log to subpackage
   testresults (boo#1119396)

- add security patch of imap extension, which is currently disabled
  * CVE-2018-19935 [bsc#1118832]
    + php-CVE-2018-19935.patch

- security update
  * CVE-2018-17082 [bsc#1108753]
    + php-CVE-2018-17082.patch

- reenable php7-dba support of Berkeley DB [bsc#1108554]

- align patch names:
  php7-CVE-2018-14851.patch -> php-CVE-2018-14851.patch
  php7-CVE-2017-9120.patch -> php-CVE-2017-9120.patch
  php7-CVE-2018-1000222.patch -> php-CVE-2018-1000222.patch

- security update:
  * CVE-2018-1000222 [bsc#1105434]
    + php-CVE-2018-1000222.patch

- security update
  * CVE-2018-14851 [bsc#1103659]
    + php-CVE-2018-14851.patch
  * CVE-2017-9120 [bsc#1103661]
    + php-CVE-2017-9120.patch

- security update
  * CVE-2018-12882 [bsc#1099098]
    + php-CVE-2018-12882.patch

- main package requires wwwrun:www user [bsc#1093025]

- better workaround for [bsc#1089487]: build mod_phpN.so
  instead of libphpN.so

- rename freetype-pkgconfig.patch to php7-freetype-pkgconfig.patch
  to align with the rest of patch names

- Add freetype-pkgconfig.patch to fix build with new Freetype:
  use pkg-config to find Freetype libraries

- updated to 7.2.5: This is a security release which also contains
  several minor bug fixes.
  http://php.net/ChangeLog-7.php#7.2.5

- build-test.sh: generic spec file name