diff --git a/php-7.4.30-svace.patch b/php-7.4.30-svace.patch
new file mode 100644
index 0000000..795aba3
--- /dev/null
+++ b/php-7.4.30-svace.patch
@@ -0,0 +1,330 @@
+Return value of a function 'xmlNodeGetContent' is
+dereferenced at entity.c:109 without checking for NULL,
+but it is usually checked for this function (12/13).
+diff -ur php-7.4.30/ext/dom/entity.c php-7.4.30_patched/ext/dom/entity.c
+--- php-7.4.30/ext/dom/entity.c	2022-06-07 11:38:23.000000000 +0300
++++ php-7.4.30_patched/ext/dom/entity.c	2023-10-05 16:03:18.936740216 +0300
+@@ -106,8 +106,14 @@
+ 		ZVAL_NULL(retval);
+ 	} else {
+ 		content = (char *) xmlNodeGetContent((xmlNodePtr) nodep);
+-		ZVAL_STRING(retval, content);
+-		xmlFree(content);
++		if (!content) {
++			return FAILURE;
++		}
++		if (content != NULL && content[0] != '\0') {
++			ZVAL_STRING(retval, content);
++			xmlFree(content);
++			content = NULL;
++		}
+ 	}
+ 
+ 	return SUCCESS;
+After having been compared to a NULL value at
+phar.c:2520, pointer 'error' is dereferenced at phar.c:2745.
+diff -ur php-7.4.30/ext/phar/phar.c php-7.4.30_patched/ext/phar/phar.c
+--- php-7.4.30/ext/phar/phar.c	2022-06-07 11:38:23.000000000 +0300
++++ php-7.4.30_patched/ext/phar/phar.c	2023-10-05 15:24:55.453002457 +0300
+@@ -2742,9 +2742,11 @@
+ 			newentry = phar_open_jit(phar, entry, error);
+ 			if (!newentry) {
+ 				/* major problem re-opening, so we ignore this file and the error */
+-				efree(*error);
+-				*error = NULL;
+-				continue;
++				if (error) {
++					efree(*error);
++					*error = NULL;
++					continue;
++				}
+ 			}
+ 			entry = newentry;
+ 		}
+Pointer 'temp', that can have only NULL value (checked at
+phar_object.c:3488), is dereferenced at phar_object.c:3488.
+https://github.com/php/php-src/commit/7b2c3c11b2c9121421a81e416e893ce6114369d1
+diff -ur php-7.4.30/ext/phar/phar_object.c php-7.4.30_patched/ext/phar/phar_object.c
+--- php-7.4.30/ext/phar/phar_object.c	2022-06-07 11:38:23.000000000 +0300
++++ php-7.4.30_patched/ext/phar/phar_object.c	2023-10-05 20:30:46.577499264 +0300
+@@ -2654,16 +2654,14 @@
+ 		zend_throw_exception_ex(phar_ce_PharException, 0, "phar \"%s\" is persistent, unable to copy on write", phar_obj->archive->fname);
+ 		return;
+ 	}
+-	if (zend_hash_str_exists(&phar_obj->archive->manifest, fname, (uint32_t) fname_len)) {
+-		if (NULL != (entry = zend_hash_str_find_ptr(&phar_obj->archive->manifest, fname, (uint32_t) fname_len))) {
+-			if (entry->is_deleted) {
+-				/* entry is deleted, but has not been flushed to disk yet */
+-				RETURN_TRUE;
+-			} else {
+-				entry->is_deleted = 1;
+-				entry->is_modified = 1;
+-				phar_obj->archive->is_modified = 1;
+-			}
++	if (NULL != (entry = zend_hash_str_find_ptr(&phar_obj->archive->manifest, fname, (uint32_t) fname_len))) {
++		if (entry->is_deleted) {
++			/* entry is deleted, but has not been flushed to disk yet */
++			RETURN_TRUE;
++		} else {
++			entry->is_deleted = 1;
++			entry->is_modified = 1;
++			phar_obj->archive->is_modified = 1;
+ 		}
+ 	} else {
+ 		zend_throw_exception_ex(spl_ce_BadMethodCallException, 0, "Entry %s does not exist and cannot be deleted", fname);
+@@ -3478,18 +3476,16 @@
+ 		RETURN_FALSE;
+ 	}
+ 
+-	if (!zend_hash_str_exists(&phar_obj->archive->manifest, oldfile, (uint32_t) oldfile_len) || NULL == (oldentry = zend_hash_str_find_ptr(&phar_obj->archive->manifest, oldfile, (uint32_t) oldfile_len)) || oldentry->is_deleted) {
++	if (NULL == (oldentry = zend_hash_str_find_ptr(&phar_obj->archive->manifest, oldfile, (uint32_t) oldfile_len)) || oldentry->is_deleted) {
+ 		zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
+ 			"file \"%s\" cannot be copied to file \"%s\", file does not exist in %s", oldfile, newfile, phar_obj->archive->fname);
+ 		RETURN_FALSE;
+ 	}
+ 
+-	if (zend_hash_str_exists(&phar_obj->archive->manifest, newfile, (uint32_t) newfile_len)) {
+-		if (NULL != (temp = zend_hash_str_find_ptr(&phar_obj->archive->manifest, newfile, (uint32_t) newfile_len)) || !temp->is_deleted) {
+-			zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
+-				"file \"%s\" cannot be copied to file \"%s\", file must not already exist in phar %s", oldfile, newfile, phar_obj->archive->fname);
+-			RETURN_FALSE;
+-		}
++	if (NULL != (temp = zend_hash_str_find_ptr(&phar_obj->archive->manifest, newfile, (uint32_t) newfile_len)) && !temp->is_deleted) {
++		zend_throw_exception_ex(spl_ce_UnexpectedValueException, 0,
++			"file \"%s\" cannot be copied to file \"%s\", file must not already exist in phar %s", oldfile, newfile, phar_obj->archive->fname);
++		RETURN_FALSE;
+ 	}
+ 
+ 	tmp_len = newfile_len;
+After having been compared to a NULL value at tar.c:888,
+pointer 'buf->s' is dereferenced at tar.c:902.
+diff -ur php-7.4.30/ext/phar/tar.c php-7.4.30_patched/ext/phar/tar.c
+--- php-7.4.30/ext/phar/tar.c	2022-06-07 11:38:23.000000000 +0300
++++ php-7.4.30_patched/ext/phar/tar.c	2023-10-05 15:21:28.122687349 +0300
+@@ -899,7 +899,7 @@
+ 		spprintf(error, 0, "phar error: unable to create temporary file");
+ 		return -1;
+ 	}
+-	if (ZSTR_LEN(entry->metadata_str.s) != php_stream_write(entry->fp, ZSTR_VAL(entry->metadata_str.s), ZSTR_LEN(entry->metadata_str.s))) {
++	if (entry->metadata_str.s && ZSTR_LEN(entry->metadata_str.s) != php_stream_write(entry->fp, ZSTR_VAL(entry->metadata_str.s), ZSTR_LEN(entry->metadata_str.s))) {
+ 		spprintf(error, 0, "phar tar error: unable to write metadata to magic metadata file \"%s\"", entry->filename);
+ 		zend_hash_str_del(&(entry->phar->manifest), entry->filename, entry->filename_len);
+ 		return ZEND_HASH_APPLY_STOP;
+After having been compared to a NULL value at
+sqlite3.c:877, pointer 'agg_context' is dereferenced at
+sqlite3.c:880.
+diff -ur php-7.4.30/ext/sqlite3/sqlite3.c php-7.4.30_patched/ext/sqlite3/sqlite3.c
+--- php-7.4.30/ext/sqlite3/sqlite3.c	2022-06-07 11:38:19.000000000 +0300
++++ php-7.4.30_patched/ext/sqlite3/sqlite3.c	2023-10-05 15:17:22.836229909 +0300
+@@ -877,8 +877,10 @@
+ 		if (agg_context && !Z_ISUNDEF(agg_context->zval_context)) {
+ 			zval_ptr_dtor(&agg_context->zval_context);
+ 		}
+-		ZVAL_COPY_VALUE(&agg_context->zval_context, &retval);
+-		ZVAL_UNDEF(&retval);
++		if (agg_context) {
++			ZVAL_COPY_VALUE(&agg_context->zval_context, &retval);
++			ZVAL_UNDEF(&retval);
++		}
+ 	}
+ 
+ 	if (!Z_ISUNDEF(retval)) {
+After having been compared to a NULL value at
+filters.c:809, pointer 'inst->lbchars' is dereferenced at
+filters.c:841.
+diff -ur php-7.4.30/ext/standard/filters.c php-7.4.30_patched/ext/standard/filters.c
+--- php-7.4.30/ext/standard/filters.c	2022-06-07 11:38:25.000000000 +0300
++++ php-7.4.30_patched/ext/standard/filters.c	2023-10-05 15:20:01.716639804 +0300
+@@ -766,7 +766,7 @@
+ }
+ 
+ #define NEXT_CHAR(ps, icnt, lb_ptr, lb_cnt, lbchars) \
+-	((lb_ptr) < (lb_cnt) ? (lbchars)[(lb_ptr)] : *(ps))
++	(((lb_ptr) < (lb_cnt)) && (lbchars) ? (lbchars)[(lb_ptr)] : *(ps))
+ 
+ #define CONSUME_CHAR(ps, icnt, lb_ptr, lb_cnt) \
+ 	if ((lb_ptr) < (lb_cnt)) { \
+Return value of a function 'zend_hash_index_find' is
+dereferenced at var.c:1073 without checking for NULL, but
+it is usually checked for this function (64/66).
+diff -ur php-7.4.30/ext/standard/var.c php-7.4.30_patched/ext/standard/var.c
+--- php-7.4.30/ext/standard/var.c	2022-06-07 11:38:28.000000000 +0300
++++ php-7.4.30_patched/ext/standard/var.c	2023-10-05 16:15:32.104092921 +0300
+@@ -1070,8 +1070,10 @@
+ 						/* Mark this value in the var_hash, to avoid creating references to it. */
+ 						zval *var_idx = zend_hash_index_find(&var_hash->ht,
+ 							(zend_ulong) (zend_uintptr_t) Z_COUNTED_P(struc));
+-						ZVAL_LONG(var_idx, -1);
+-						smart_str_appendl(buf, "N;", 2);
++						if (var_idx) {
++							ZVAL_LONG(var_idx, -1);
++							smart_str_appendl(buf, "N;", 2);
++						}
+ 					}
+ 					if (serialized_data) {
+ 						efree(serialized_data);
+Missing break at the end of case at line 884
+diff -ur php-7.4.30/main/streams/plain_wrapper.c php-7.4.30_patched/main/streams/plain_wrapper.c
+--- php-7.4.30/main/streams/plain_wrapper.c	2022-06-07 11:38:19.000000000 +0300
++++ php-7.4.30_patched/main/streams/plain_wrapper.c	2023-10-05 16:18:15.475383413 +0300
+@@ -925,6 +925,7 @@
+ #endif
+ 				}
+ 			}
++			return PHP_STREAM_OPTION_RETURN_NOTIMPL;
+ 
+ #ifdef PHP_WIN32
+ 		case PHP_STREAM_OPTION_PIPE_BLOCKING:
+Pointer '&(*path)[strlen(...)]' is dereferenced at fpm_
+conf.c:724 by calling function 'strdup' after the referenced
+memory was deallocated at fpm_conf.c:723 by calling
+function 'free'.
+diff -ur php-7.4.30/sapi/fpm/fpm/fpm_conf.c php-7.4.30_patched/sapi/fpm/fpm/fpm_conf.c
+--- php-7.4.30/sapi/fpm/fpm/fpm_conf.c	2022-06-07 11:38:19.000000000 +0300
++++ php-7.4.30_patched/sapi/fpm/fpm/fpm_conf.c	2023-10-05 15:12:07.548354240 +0300
+@@ -720,8 +720,8 @@
+ 			}
+ 
+ 			if (strlen(*path) > strlen("$prefix")) {
+-				free(*path);
+ 				tmp = strdup((*path) + strlen("$prefix"));
++				free(*path);
+ 				*path = tmp;
+ 			} else {
+ 				free(*path);
+Uninitialized data is read from local variable 'append' at
+zlog.c:403.
+Pointer 'stream->msg_suffix' is passed to a function at
+zlog.c:647 after the referenced memory was deallocated at
+zlog.c:642 by calling function 'free'.
+diff -ur php-7.4.30/sapi/fpm/fpm/zlog.c php-7.4.30_patched/sapi/fpm/fpm/zlog.c
+--- php-7.4.30/sapi/fpm/fpm/zlog.c	2022-06-07 11:38:19.000000000 +0300
++++ php-7.4.30_patched/sapi/fpm/fpm/zlog.c	2023-10-05 16:25:22.197680894 +0300
+@@ -348,7 +348,7 @@
+ static inline ssize_t zlog_stream_unbuffered_write(
+ 		struct zlog_stream *stream, const char *buf, size_t len) /* {{{ */
+ {
+-	const char *append;
++	const char *append = NULL;
+ 	size_t append_len = 0, required_len, reserved_len;
+ 	ssize_t written;
+ 
+@@ -637,10 +637,10 @@
+ 	if (suffix != NULL) {
+ 		stream->msg_suffix_len = strlen(suffix);
+ 		len = stream->msg_suffix_len + 1;
+-		stream->msg_suffix = malloc(len);
+ 		if (stream->msg_suffix != NULL) {
+ 			free(stream->msg_suffix);
+ 		}
++		stream->msg_suffix = malloc(len);
+ 		if (stream->msg_suffix == NULL) {
+ 			return ZLOG_FALSE;
+ 		}
+@@ -650,10 +650,10 @@
+ 	if (final_suffix != NULL) {
+ 		stream->msg_final_suffix_len = strlen(final_suffix);
+ 		len = stream->msg_final_suffix_len + 1;
+-		stream->msg_final_suffix = malloc(len);
+ 		if (stream->msg_final_suffix != NULL) {
+-			free(stream->msg_suffix);
++			free(stream->msg_final_suffix);
+ 		}
++		stream->msg_final_suffix = malloc(len);
+ 		if (stream->msg_final_suffix == NULL) {
+ 			return ZLOG_FALSE;
+ 		}
+Return value of a function 'zend_hash_find_ptr' is
+dereferenced at phpdbg_prompt.c:554 without checking for
+NULL, but it is usually checked for this function (127/128).
+Pointer 'module_entry', that can have only NULL value
+(checked at phpdbg_prompt.c:1351), is dereferenced at
+phpdbg_prompt.c:1352.
+diff -ur php-7.4.30/sapi/phpdbg/phpdbg_prompt.c php-7.4.30_patched/sapi/phpdbg/phpdbg_prompt.c
+--- php-7.4.30/sapi/phpdbg/phpdbg_prompt.c	2022-06-07 11:38:19.000000000 +0300
++++ php-7.4.30_patched/sapi/phpdbg/phpdbg_prompt.c	2023-10-05 16:14:28.246542871 +0300
+@@ -544,6 +544,9 @@
+ 		/* remove trailing data after zero byte, used for avoiding conflicts in eval()'ed code snippets */
+ 		zend_string *source_path = strpprintf(0, "Standard input code%c%p", 0, PHPDBG_G(ops)->opcodes);
+ 		phpdbg_file_source *data = zend_hash_find_ptr(&PHPDBG_G(file_sources), source_path);
++		if (!data) {
++			return FAILURE;
++		}
+ 		dtor_func_t dtor = PHPDBG_G(file_sources).pDestructor;
+ 		PHPDBG_G(file_sources).pDestructor = NULL;
+ 		zend_hash_del(&PHPDBG_G(file_sources), source_path);
+@@ -1349,7 +1352,7 @@
+ 		module_entry->handle = handle;
+ 
+ 		if ((module_entry = zend_register_module_ex(module_entry)) == NULL) {
+-			phpdbg_error("dl", "type=\"registerfailure\" module=\"%s\"", "Unable to register module %s", module_entry->name);
++			phpdbg_error("dl", "type=\"registerfailure\" module=\"%s\"", "Unable to register module %s", "Unkonown module");
+ 
+ 			goto quit;
+ 		}
+After having been compared to a NULL value at zend_
+builtin_functions.c:1638, pointer 'error_handler_name' is
+passed as 1st parameter in call to function 'zend_string_
+release_ex' at zend_builtin_functions.c:1639, where it is
+dereferenced at zend_string.h:291.
+diff -ur php-7.4.30/Zend/zend_builtin_functions.c php-7.4.30_patched/Zend/zend_builtin_functions.c
+--- php-7.4.30/Zend/zend_builtin_functions.c	2022-06-07 11:38:30.000000000 +0300
++++ php-7.4.30_patched/Zend/zend_builtin_functions.c	2023-10-05 15:44:19.299611397 +0300
+@@ -1636,7 +1636,9 @@
+ 			zend_string *error_handler_name = zend_get_callable_name(error_handler);
+ 			zend_error(E_WARNING, "%s() expects the argument (%s) to be a valid callback",
+ 					   get_active_function_name(), error_handler_name?ZSTR_VAL(error_handler_name):"unknown");
+-			zend_string_release_ex(error_handler_name, 0);
++			if (error_handler_name != NULL) {
++				zend_string_release_ex(error_handler_name, 0);
++			}
+ 			return;
+ 		}
+ 	}
+@@ -1703,7 +1705,10 @@
+ 		zend_string *exception_handler_name = zend_get_callable_name(exception_handler);
+ 			zend_error(E_WARNING, "%s() expects the argument (%s) to be a valid callback",
+ 					   get_active_function_name(), exception_handler_name?ZSTR_VAL(exception_handler_name):"unknown");
+-			zend_string_release_ex(exception_handler_name, 0);
++			if (exception_handler_name != NULL) {
++				zend_string_release_ex(exception_handler_name, 0);
++				exception_handler_name = NULL;
++			}
+ 			return;
+ 		}
+ 	}
+After having been compared to a NULL value at zend_
+exceptions.c:1040, pointer 'file' is passed as 1st parameter
+in call to function 'zend_string_release_ex' at zend_
+exceptions.c:1044, where it is dereferenced at zend_
+string.h:291.
+diff -ur php-7.4.30/Zend/zend_exceptions.c php-7.4.30_patched/Zend/zend_exceptions.c
+--- php-7.4.30/Zend/zend_exceptions.c	2022-06-07 11:38:30.000000000 +0300
++++ php-7.4.30_patched/Zend/zend_exceptions.c	2023-10-05 15:40:16.354123300 +0300
+@@ -1041,7 +1041,9 @@
+ 			"Uncaught %s\n  thrown", ZSTR_VAL(str));
+ 
+ 		zend_string_release_ex(str, 0);
+-		zend_string_release_ex(file, 0);
++		if (file != NULL) {
++			zend_string_release_ex(file, 0);
++		}
+ 	} else {
+ 		zend_error(severity, "Uncaught exception '%s'", ZSTR_VAL(ce_exception->name));
+ 	}
+Return value of a function 'zend_ini_string' is dereferenced
+at zend_multibyte.c:118 without checking for NULL, but it
+is usually checked for this function (6/7).
+diff -ur php-7.4.30/Zend/zend_multibyte.c php-7.4.30_patched/Zend/zend_multibyte.c
+--- php-7.4.30/Zend/zend_multibyte.c	2022-06-07 11:38:30.000000000 +0300
++++ php-7.4.30_patched/Zend/zend_multibyte.c	2023-10-05 16:07:52.618526000 +0300
+@@ -115,6 +115,9 @@
+ 	 */
+ 	{
+ 		const char *value = zend_ini_string("zend.script_encoding", sizeof("zend.script_encoding") - 1, 0);
++		if (!value) {
++			return FAILURE;
++		}
+ 		zend_multibyte_set_script_encoding_by_string(value, strlen(value));
+ 	}
+ 	return SUCCESS;
diff --git a/php7.spec b/php7.spec
index 431962b..70165e8 100644
--- a/php7.spec
+++ b/php7.spec
@@ -27,7 +27,7 @@
 Summary:	The PHP7 scripting language
 Name:		php
 Version:	7.4.30
-Release:	3
+Release:	4
 Source0:	http://ch1.php.net/distributions/php-%{version}.tar.gz
 Source1:	macros.php
 Group:		Development/PHP
@@ -88,6 +88,8 @@ Patch124:	0060-Fix-regression-introduced-by-fixing-bug-81726.patch
 Patch125:	0061-Fix-81727-Don-t-mangle-HTTP-variable-names-that-clas.patch
 # CVE-2022-37454
 Patch126:	0062-Fix-bug-81738-buffer-overflow-in-hash_update-on-long.patch
+# Svace 11.05.23
+Patch127:	php-7.4.30-svace.patch
 Patch200:	fix-include-e2k.patch
 
 BuildRequires:	autoconf
@@ -1284,6 +1286,7 @@ fi
 %patch124 -p1
 %patch125 -p1
 %patch126 -p1
+%patch127 -p1
 %ifarch %{e2k}
 %patch200 -p1
 %endif