lang/php83: update to 8.3.8

pkgsrc change:

Instead of patch configure, patch m4 files and use autoconf to generate
configure.

PHP 8.3.8 (2024-06-06)

- CGI:
  . Fixed buffer limit on Windows, replacing read call usage by _read.
    (David Carlier)
  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
    in PHP-CGI). (CVE-2024-4577) (nielsdos)

- CLI:
  . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles
    quoted heredoc literals.). (nielsdos)

- Core:
  . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for
    non-compile-time expressions). (ilutov)

- DOM:
  . Fix crashes when entity declaration is removed while still having entity
    references. (nielsdos)
  . Fix references not handled correctly in C14N. (nielsdos)
  . Fix crash when calling childNodes next() when iterator is exhausted.
    (nielsdos)
  . Fix crash in ParentNode::append() when dealing with a fragment
    containing text nodes. (nielsdos)

- Filter:
  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
    (CVE-2024-5458) (nielsdos)

- FPM:
  . Fix bug GH-14175 (Show decimal number instead of scientific notation in
    systemd status). (Benjamin Cremer)

- Hash:
  . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
    (Saki Takamachi)

- Intl:
  . Fixed build regression on systems without C++17 compilers. (Calvin Buckley,
    Peter Kokot)

- MySQLnd:
  . Fix bug GH-14255 (mysqli_fetch_assoc reports error from
    nested query). (Kamil Tekiela)

- Opcache:
  . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in
    shm). (ilutov)

- OpenSSL:
  . The openssl_private_decrypt function in PHP, when using PKCS1 padding
    (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
    unless it is used with an OpenSSL version that includes the changes from this pull
    request: openssl/openssl#13817 (rsa_pkcs1_implicit_rejection).
    These changes are part of OpenSSL 3.2 and have also been backported to stable
    versions of various Linux distributions, as well as to the PHP builds provided for
    Windows since the previous release. All distributors and builders should ensure that
    this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)

- Standard:
  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
    (CVE-2024-5585) (nielsdos)

- XML:
  . Fixed bug GH-14124 (Segmentation fault with XML extension under certain
    memory limit). (nielsdos)

- XMLReader:
  . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos)

lang/php/phpversion.mk

@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.433 2024/06/07 13:54:25 taca Exp $
+# $NetBSD: phpversion.mk,v 1.434 2024/06/07 13:57:24 taca Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -91,7 +91,7 @@ PHP56_VERSION=	5.6.40
 PHP74_VERSION=	7.4.33
 PHP81_VERSION=	8.1.29
 PHP82_VERSION=	8.2.19
-PHP83_VERSION=	8.3.7
+PHP83_VERSION=	8.3.8
 
 # Define API version or initial release of major version.
 PHP56_RELDATE=	20140828

lang/php83/Makefile

@@ -1,17 +1,16 @@
-# $NetBSD: Makefile,v 1.2 2024/05/29 16:33:16 adam Exp $
+# $NetBSD: Makefile,v 1.3 2024/06/07 13:57:24 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_VERSION:S/RC/rc/}
-PKGREVISION=		1
 
 COMMENT=		PHP Hypertext Preprocessor version 8.3
 LICENSE=		php
 
 TEST_TARGET=		test
 
-USE_TOOLS+=		gmake lex
+USE_TOOLS+=		autoconf gmake lex
 LIBTOOL_OVERRIDE=	# empty
 PHP_CHECK_INSTALLED=	No
 
@@ -46,7 +45,7 @@ REPLACE_PHP=		ext/phar/phar/phar.php run-tests.php
 SUBST_CLASSES+=		path
 SUBST_MESSAGE.path=	Fixing common paths.
 SUBST_STAGE.path=	pre-configure
-SUBST_FILES.path=	configure
+SUBST_FILES.path=	build/php.m4
 SUBST_FILES.path+=	php.ini-development php.ini-production
 SUBST_FILES.path+=	sapi/cgi/Makefile.frag
 SUBST_VARS.path=	CGIDIR
@@ -66,6 +65,9 @@ INSTALL_UNSTRIPPED=	yes
 CFLAGS+=	-DSQLITE_ENABLE_LOCKING_STYLE=0 -DSQLITE_WITHOUT_ZONEMALLOC
 .endif
 
+pre-configure:
+	cd ${WRKSRC} && autoconf -f
+
 post-install:
 	cd ${WRKSRC}; ${INSTALL_DATA} php.ini-development php.ini-production \
 		${DESTDIR}${EGDIR}

lang/php83/distinfo

@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.7 2024/05/10 15:50:34 taca Exp $
+$NetBSD: distinfo,v 1.8 2024/06/07 13:57:24 taca Exp $
 
-BLAKE2s (php-8.3.7.tar.xz) = 009b796292f0f05c1a21a6f0f40886e1ec5c6a01f4cbae0c7de34a4fc5c9db96
-SHA512 (php-8.3.7.tar.xz) = ff2c16a5cc08b1a59a61eee9df75c4c9a6dda7054d48198b75d104c194e934109fed3665005ba798eeca3d7294d7dc81df3a14e63a527baf9f196e229068d9a3
-Size (php-8.3.7.tar.xz) = 12456020 bytes
-SHA1 (patch-configure) = 3d7106a039a3bffaf9f439c8fed77048f1072749
+BLAKE2s (php-8.3.8.tar.xz) = ba672f712e3d735c0320f301bf5f3a09bbf3440e09abd44813a57ed001a0db57
+SHA512 (php-8.3.8.tar.xz) = 1a2840f0b5dcbea6dfcc3894cb9e38d103bf4110c1b956438199deee0b60e5ae63cce34be25ca6f03ac8d26581a852657f8800f92fefe38345e20443b646bb3e
+Size (php-8.3.8.tar.xz) = 12480896 bytes
+SHA1 (patch-build_php.m4) = c85864ae22556c0a5f14b323d2cf031523625e9b
 SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b
 SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd
 SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640
@@ -12,6 +12,7 @@ SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd
 SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483
 SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72
 SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6
+SHA1 (patch-sapi_apache2handler_config.m4) = c5650a7d07a8213038fe2e2a6a1ce345d325df82
 SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8
 SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3
 SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0

lang/php83/patches/patch-build_php.m4

@@ -0,0 +1,17 @@
+$NetBSD: patch-build_php.m4,v 1.1 2024/06/07 13:57:24 taca Exp $
+
+Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS.
+
+--- build/php.m4.orig	2024-06-04 14:53:17.000000000 +0000
++++ build/php.m4
+@@ -2151,6 +2151,10 @@ EOF
+    else
+     break
+    fi
++   case "$CURRENT_ARG" in
++       \'PKG_CONFIG\=*)	CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";;
++       \'PKG_CONFIG_LIBDIR\=*)	CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";;
++   esac
+    AS_ECHO(["$CURRENT_ARG \\"]) >>$1
+    CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG"
+   done

lang/php83/patches/patch-sapi_apache2handler_config.m4

@@ -0,0 +1,25 @@
+$NetBSD: patch-sapi_apache2handler_config.m4,v 1.1 2024/06/07 13:57:24 taca Exp $
+
+Don't autodetect maintainer-zts.
+
+--- sapi/apache2handler/config.m4.orig	2024-06-04 14:53:17.000000000 +0000
++++ sapi/apache2handler/config.m4
+@@ -108,18 +108,6 @@ if test "$PHP_APXS2" != "no"; then
+     ;;
+   esac
+
+-  if test "$APACHE_VERSION" -lt 2004001; then
+-    APXS_MPM=`$APXS -q MPM_NAME`
+-    if test "$APXS_MPM" != "prefork" && test "$APXS_MPM" != "peruser" && test "$APXS_MPM" != "itk"; then
+-      PHP_BUILD_THREAD_SAFE
+-    fi
+-  else
+-    APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'`
+-    if test -n "$APACHE_THREADED_MPM"; then
+-      PHP_BUILD_THREAD_SAFE
+-    fi
+-  fi
+-  AC_MSG_RESULT(yes)
+   PHP_SUBST(APXS)
+ else
+   AC_MSG_RESULT(no)