From 034a82b55cf35d7d9a3de3e822531a0713becfad Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Fri, 27 Sep 2024 21:30:57 +0200
Subject: [PATCH 1/4] php81: 8.1.29 -> 8.1.30

Fixes CVE-2024-8927, CVE-2024-9026 and CVE-2024-8925.

Changes:
https://www.php.net/ChangeLog-8.php#8.1.30
---
 pkgs/development/interpreters/php/8.1.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/interpreters/php/8.1.nix b/pkgs/development/interpreters/php/8.1.nix
index 4b53f9e6c84b3..3938ca414524b 100644
--- a/pkgs/development/interpreters/php/8.1.nix
+++ b/pkgs/development/interpreters/php/8.1.nix
@@ -2,8 +2,8 @@
 
 let
   base = callPackage ./generic.nix ((removeAttrs _args [ "fetchpatch" ]) // {
-    version = "8.1.29";
-    hash = "sha256-h6YDEyY/L1M/GA5xknLKXkfNmITU7DyTcgGY6v+uCCc=";
+    version = "8.1.30";
+    hash = "sha256-yxYl5axJuRA3R34+d2e7BiQ0OXGuuZL0eRthivVx0j4=";
     extraPatches = [
       # Fix build with libxml 2.12+.
       # Patch from https://github.com/php/php-src/commit/0a39890c967aa57225bb6bdf4821aff7a3a3c082

From 3b953826cf2e0ee99cf51d6842e0c02e569b252a Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Fri, 27 Sep 2024 21:32:19 +0200
Subject: [PATCH 2/4] php82: 8.2.23 -> 8.2.24

Fixes CVE-2024-8927, CVE-2024-9026 and CVE-2024-8925.

Changes:
https://www.php.net/ChangeLog-8.php#8.2.24
---
 pkgs/development/interpreters/php/8.2.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/interpreters/php/8.2.nix b/pkgs/development/interpreters/php/8.2.nix
index a119dec0ca4e7..50f70617fe1cd 100644
--- a/pkgs/development/interpreters/php/8.2.nix
+++ b/pkgs/development/interpreters/php/8.2.nix
@@ -2,8 +2,8 @@
 
 let
   base = callPackage ./generic.nix (_args // {
-    version = "8.2.23";
-    hash = "sha256-98kM2no8HeAfO/t7Rp1S3snrovO4MyCDYAT5wu7K4ms=";
+    version = "8.2.24";
+    hash = "sha256-TMduxkTu6X0XySv+jQ6EcU/t8pmlOLffrcBjndDcQy8=";
   });
 in
 base.withExtensions ({ all, ... }: with all; ([

From 85b9abbf209da38a6b8c0768dede24a067ef7308 Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Fri, 27 Sep 2024 21:33:36 +0200
Subject: [PATCH 3/4] php83: 8.3.11 -> 8.3.12

Fixes CVE-2024-8927, CVE-2024-9026 and CVE-2024-8925.

Changes:
https://www.php.net/ChangeLog-8.php#8.3.12
---
 pkgs/development/interpreters/php/8.3.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/interpreters/php/8.3.nix b/pkgs/development/interpreters/php/8.3.nix
index bb314d4e854d6..cc7d87038a7dc 100644
--- a/pkgs/development/interpreters/php/8.3.nix
+++ b/pkgs/development/interpreters/php/8.3.nix
@@ -2,8 +2,8 @@
 
 let
   base = callPackage ./generic.nix (_args // {
-    version = "8.3.11";
-    hash = "sha256-ZkDiRVCAqJrcQdTle7BPjCv7fuxif+GZr5c7/zTX8O4=";
+    version = "8.3.12";
+    hash = "sha256-gHYzSWzNs3CokFRY24K9ZzZumKbVlyiRS3l7h+nK7L8=";
   });
 in
 base.withExtensions ({ all, ... }: with all; ([

From 738b28d29c582774ee70747d4c910709c7643528 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sat, 28 Sep 2024 18:07:27 +0200
Subject: [PATCH 4/4] Revert "php82Extensions.soap: fix tests"

This reverts commit bc9dacde24956f300faaa7a7cecc57ff4ff0cb77.

Patch is now upstream.
---
 pkgs/top-level/php-packages.nix | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix
index e008dbc233204..f22c0d22d7840 100644
--- a/pkgs/top-level/php-packages.nix
+++ b/pkgs/top-level/php-packages.nix
@@ -619,7 +619,38 @@ in {
           configureFlags = [
             "--enable-soap"
           ];
-          doCheck = false;
+           doCheck = stdenv.hostPlatform.isDarwin;  # TODO: a couple tests still fail on *-linux
+           internalDeps = [ php.extensions.session ];
+           patches = lib.optionals (lib.versions.majorMinor php.version == "8.1") [
+             # Fix tests with libxml2 2.12
+             (fetchpatch {
+               url = "https://github.com/php/php-src/commit/061058a9b1bbd90d27d97d79aebcf2b5029767b0.patch";
+               hash = "sha256-0hOlAG+pOYp/gUU0MUMZvzWpgr0ncJi5GB8IeNxxyEU=";
+               excludes = [
+                 "NEWS"
+               ];
+             })
+             # Backport of PHP_LIBXML_IGNORE_DEPRECATIONS_START and PHP_LIBXML_IGNORE_DEPRECATIONS_END
+             # Required for libxml2 2.13 compatibility patch.
+             ../development/interpreters/php/php81-fix-libxml2-2.13-compatibility.patch
+             # Fix build with libxml2 2.13+. Has to be applied after libxml2 2.12 patch.
+             (fetchpatch {
+               url = "https://github.com/php/php-src/commit/9b4f6b09d58a4e54ee60443bf9a8b166852c03e0.patch";
+               hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY=";
+             })
+           ] ++ lib.optionals (lib.versions.majorMinor php.version == "8.2" && lib.versionOlder php.version "8.2.22") [
+             # Fixes compatibility with libxml2 2.13. Part of 8.3.10RC1+, 8.2.22RC1+
+             (fetchpatch {
+               url = "https://github.com/php/php-src/commit/4fe821311cafb18ca8bdf20b9d796c48a13ba552.diff?full_index=1";
+               hash = "sha256-YC3I0BQi3o3+VmRu/UqpqPpaSC+ekPqzbORTHftbPvY=";
+             })
+           ] ++ lib.optionals (lib.versions.majorMinor php.version == "8.3" && lib.versionOlder php.version "8.3.10") [
+             (fetchpatch {
+               url = "https://github.com/php/php-src/commit/ecf0bb0fd12132d853969c5e9a212e5f627f2da2.diff?full_index=1";
+               hash = "sha256-sodGODHb4l04P0srn3L8l3K+DjZzCsCNbamfkmIyF+k=";
+               excludes = [ "NEWS" ];
+             })
+           ];
         }
         {
           name = "sockets";