Welcome to Centmin Mod Community
Become a Member

Stable Branch add missed PHP 8.0 security fix backports in 132.00stable

Discussion in 'Centmin Mod Github Commits' started by eva2000, Jul 11, 2026 at 12:24 AM.

  1. eva2000

    eva2000 Administrator Staff Member

    59,160
    12,507
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,139
    Local Time:
    8:09 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    add missed PHP 8.0 security fix backports in 132.00stable

    Backport four PHP 8.0 security fixes that earlier rounds applied to PHP 7.4
    but skipped for PHP 8.0, and remove stale duplicate PHP 7.4 patch files.


    Changes:
    - inc/php_patch.inc: add cve-2024-8929 cve-2025-6491 cve-2025-1220
    cve-2025-1735 to the PHP 8.0.x backport patch list at their upstream
    chain positions
    - patches/php/: add php80-cve-2024-8929.patch (mysqlnd), php80-cve-2025-6491.patch
    (SOAP), php80-cve-2025-1220.patch (fsockopen hostname), php80-cve-2025-1735.patch
    (pgsql/pdo_pgsql escaping) patch files
    - patches/php/: remove php74-cve-2025-14177.patch, php74-cve-2025-14178.patch,
    php74-ghsa-www2-q4fc-65wf.patch - byte-identical duplicates of the correctly
    prefixed php742-* files which the patch loop actually uses
    - full PHP 8.0.30 patch chain dry-run verified: all 34 patches apply with
    zero rejects - restoring cve-2024-8929 at its chain position also fixes
    the previous cosmetic NEWS-only rejects on fresh rebuilds

    Continue reading...

    132.00stable branch