[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade php to 8.3.19 for CVE-2025-1219, CVE-2025-1736, CVE-2025-1861, CVE-2025-1734, CVE-2025-1217 - branch 3.0-dev (#13223)

CBL-Mariner-Bot · web-flow · commit 08389446f374 · 2025-03-31T15:01:20.000-04:00
diff --git a/SPECS/php/php.signatures.json b/SPECS/php/php.signatures.json
@@ -1,19 +1,19 @@
 {
- "Signatures": {
-  "10-opcache.ini": "6065beb2ace54d6cb5a8cde751330ea358bd23692073c6e3d2c57f7c97bec869",
-  "20-ffi.ini": "f5e968fdd3eca54f3dab2399e243931cf16cd9da034f0364800aefab222271c0",
-  "macros.php": "917104496e8239e1ed1d4812871be772a5fa8b38cf80c4c59ec3e0c36d48310e",
-  "nginx-fpm.conf": "5a222ab2c3fc0145cb67a1c5125471bbf097de304e77c9858e7077a3b4fcad59",
-  "nginx-php.conf": "b3b3f744c4c122302fcb11f39cac78d01cef15ee6f8bd67e98b3438efcf8dc95",
-  "opcache-default.blacklist": "4eef0875e1a0c6a75b8a2bafd4ddc029b83be74dd336a6a99214b0c32808cb38",
-  "php-8.3.14.tar.xz": "58b4cb9019bf70c0cbcdb814c7df79b9065059d14cf7dbf48d971f8e56ae9be7",
-  "php-fpm-www.conf": "1cacdd4962c01a0a968933c38db503023940ad9105f021bdab85d6cdc46dcbb8",
-  "php-fpm.conf": "bb261d53b9b42bb163a7637bb373ffa18a20dddf27a3efe6cb5ed1b1cf5981a9",
-  "php-fpm.logrotate": "7d8279bebb9ffabc596a2699150e93d4ce4513245890b9b786d337288b19fa79",
-  "php-fpm.service": "574f50dec5a0edd60e60e44e7cc2d03575bc728bdc0b0cab021ce3c55abc0117",
-  "php-fpm.wants": "846297e91ba02bd0e29b6635eeddcca01a7ad4faf5a8f27113543804331d0328",
-  "php.conf": "e2388be032eccf7c0197d597ba72259a095bf8434438a184e6a640edb4b59de2",
-  "php.ini": "8fd5a4d891c19320c07010fbbbac982c886b422bc8d062acaeae49d70c136fc8",
-  "php.modconf": "dc7303ea584452d2f742d002a648abe74905025aabf240259c7e8bd01746d278"
- }
-}
+  "Signatures": {
+    "10-opcache.ini": "6065beb2ace54d6cb5a8cde751330ea358bd23692073c6e3d2c57f7c97bec869",
+    "20-ffi.ini": "f5e968fdd3eca54f3dab2399e243931cf16cd9da034f0364800aefab222271c0",
+    "macros.php": "917104496e8239e1ed1d4812871be772a5fa8b38cf80c4c59ec3e0c36d48310e",
+    "nginx-fpm.conf": "5a222ab2c3fc0145cb67a1c5125471bbf097de304e77c9858e7077a3b4fcad59",
+    "nginx-php.conf": "b3b3f744c4c122302fcb11f39cac78d01cef15ee6f8bd67e98b3438efcf8dc95",
+    "opcache-default.blacklist": "4eef0875e1a0c6a75b8a2bafd4ddc029b83be74dd336a6a99214b0c32808cb38",
+    "php-fpm-www.conf": "1cacdd4962c01a0a968933c38db503023940ad9105f021bdab85d6cdc46dcbb8",
+    "php-fpm.conf": "bb261d53b9b42bb163a7637bb373ffa18a20dddf27a3efe6cb5ed1b1cf5981a9",
+    "php-fpm.logrotate": "7d8279bebb9ffabc596a2699150e93d4ce4513245890b9b786d337288b19fa79",
+    "php-fpm.service": "574f50dec5a0edd60e60e44e7cc2d03575bc728bdc0b0cab021ce3c55abc0117",
+    "php-fpm.wants": "846297e91ba02bd0e29b6635eeddcca01a7ad4faf5a8f27113543804331d0328",
+    "php.conf": "e2388be032eccf7c0197d597ba72259a095bf8434438a184e6a640edb4b59de2",
+    "php.ini": "8fd5a4d891c19320c07010fbbbac982c886b422bc8d062acaeae49d70c136fc8",
+    "php.modconf": "dc7303ea584452d2f742d002a648abe74905025aabf240259c7e8bd01746d278",
+    "php-8.3.19.tar.xz": "976e4077dd25bec96b5dfe8938052d243bbd838f95368a204896eff12756545f"
+  }
+}
diff --git a/SPECS/php/php.spec b/SPECS/php/php.spec
@@ -32,7 +32,7 @@
 %global with_qdbm     0
 Summary:        PHP scripting language for creating dynamic web sites
 Name:           php
-Version:        8.3.14
+Version:        8.3.19
 Release:        1%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
@@ -1514,6 +1514,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 %dir %{_datadir}/php/preload
 
 %changelog
+* Sun Mar 30 2025 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 8.3.19-1
+- Auto-upgrade to 8.3.19 - for CVE-2025-1217 CVE-2025-1219, CVE-2025-1736, CVE-2025-1861
+
 * Wed Dec 04 2024 Kavya Sree Kaitepalli <kkaitepalli@microsoft.com> - 8.3.14-1
 - Upgrade to 8.3.14 to fix CVE-2024-8932, CVE-2024-11234, CVE-2024-11233, CVE-2024-11236
 - Update patch for phpinfo
diff --git a/cgmanifest.json b/cgmanifest.json
@@ -21063,8 +21063,8 @@
         "type": "other",
         "other": {
           "name": "php",
-          "version": "8.3.14",
-          "downloadUrl": "https://www.php.net/distributions/php-8.3.14.tar.xz"
+          "version": "8.3.19",
+          "downloadUrl": "https://www.php.net/distributions/php-8.3.19.tar.xz"
         }
       }
     },

Original file line number	Diff line number	Diff line change
`@@ -21063,8 +21063,8 @@`
`21063`	`21063`	`"type": "other",`
`21064`	`21064`	`"other": {`
`21065`	`21065`	`"name": "php",`
`21066`		`- "version": "8.3.14",`
`21067`		`- "downloadUrl": "https://www.php.net/distributions/php-8.3.14.tar.xz"`
	`21066`	`+ "version": "8.3.19",`
	`21067`	`+ "downloadUrl": "https://www.php.net/distributions/php-8.3.19.tar.xz"`
`21068`	`21068`	`}`
`21069`	`21069`	`}`
`21070`	`21070`	`},`