Navigation:
Browse pkgsrc
(this page)
lang php56
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2015-03-04 19:52:36 by Matthias Scheler | Files touched by this commit (6) |  |
Log message:
Pullup ticket #4633 - requested by taca
lang/php56: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.88
- lang/php56/Makefile 1.4
- lang/php56/PLIST 1.2
- lang/php56/distinfo 1.6
- lang/php56/patches/patch-ext_date_php_date.c deleted
- lang/php56/patches/patch-ext_date_tests_bug68942.phpt deleted
- lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 20 01:17:50 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php56: Makefile PLIST distinfo
Removed Files:
pkgsrc/lang/php56/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942.phpt
patch-ext_date_tests_bug68942_2.phpt
Log message:
Update php56 to 5.6.6 (PHP 5.6.6).
19 Feb 2015, PHP 5.6.6
- Core:
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 â GHOST: glibc \
gethostbyname
buffer overflow). (Stas)
. Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
specified by ini_set) (Yasuo)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
. Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
correctly). (Anatol)
. Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
gifs). (Anatol)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- JSON:
. Fixed bug #50224 (json_encode() does not always encode a float as a float)
by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
- LIBXML:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Opcache:
. Fixed bug with try blocks being removed when extended_info opcode
generation is turned on. (Laruence)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198 at aol dot com)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI). (Anatol)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
|
| 2015-02-19 20:18:59 by Matthias Scheler | Files touched by this commit (5) |
Log message:
Pullup ticket #4618 - requested by sevan
lang/php56: security patch
Revisions pulled up:
- lang/php56/Makefile 1.3
- lang/php56/distinfo 1.5
- lang/php56/patches/patch-ext_date_php_date.c 1.1
- lang/php56/patches/patch-ext_date_tests_bug68942.phpt 1.1
- lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Thu Feb 19 00:23:20 UTC 2015
Modified Files:
pkgsrc/lang/php56: Makefile distinfo
Added Files:
pkgsrc/lang/php56/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942.phpt
patch-ext_date_tests_bug68942_2.phpt
Log message:
Fix CVE-2015-0273 php: #68942 Use after free vulnerability in
unserialize() with DateTimeZone
Reviewed by wiz@
|
| 2015-01-27 20:48:35 by Matthias Scheler | Files touched by this commit (1) | |
Log message:
Pullup ticket #4599 - requested by taca
lang/php56: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.85
- lang/php56/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 23 16:11:38 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php56: distinfo
Log message:
Update php56 to 5.6.5.
22 Jan 2015, PHP 5.6.5
- Core:
. Upgraded crypt_blowfish to version 1.3. (Leigh)
. Fixed bug #60704 (unlink() bug with some files path).
. Fixed bug #65419 (Inside trait, self::class !=3D __CLASS__). (Julie=
n)
. Fixed bug #68536 (pack for 64bits integer is broken on bigendian). =
(Remi)
. Fixed bug #55541 (errors spawn MessageBox, which blocks test automa=
tion).
(Anatol)
. Fixed bug #68297 (Application Popup provides too few information). =
(Anatol)
. Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
. Fixed bug #65230 (setting locale randomly broken). (Anatol)
. Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_D=
ATADIR
correctly). (Ferenc)
. Fixed bug #68583 (Crash in timeout thread). (Anatol)
. Fixed bug #65576 (Constructor from trait conflicts with inherited
constructor). (dunglas at gmail dot com)
. Fixed bug #68676 (Explicit Double Free). (Kalle)
. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize=
()).
(CVE-2015-0231) (Stefan Esser)
- CGI:
. Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-94=
27)
(Stas)
- CLI server:
. Fixed bug #68745 (Invalid HTTP requests make web server segfault). =
(Adam)
- cURL:
. Fixed bug #67643 (curl_multi_getcontent returns '' when
CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
- Date:
. Implemented FR #68268 (DatePeriod: Getter for start date, end date =
and
interval). (Marc Bennewitz)
- EXIF:
. Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-023=
2)
(Stas)
- Fileinfo:
. Fixed bug #68398 (msooxml matches too many archives). (Anatol)
. Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol=
Belski)
. Fixed bug #68671 (incorrect expression in libmagic).
(Joshua Rogers, Anatol Belski)
. Removed readelf.c and related code from libmagic sources
(Remi, Anatol)
. Fixed bug #68735 (fileinfo out-of-bounds memory access).
(Anatol)
- FPM:
. Fixed request #68526 (Implement POSIX Access Control List for UDS).=
(Remi)
. Fixed bug #68751 (listen.allowed_clients is broken). (Remi)
- GD:
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, R=
emi)
. Fixed request #68656 (Report gd library version). (Remi)
- mbstring:
. Fixed bug #68504 (--with-libmbfl configure option not present on Wi=
ndows).
(Ashesh Vashi)
- Opcache:
. Fixed bug #68644 (strlen incorrect : mbstring + func_overload=3D2 +=
UTF-8
+ Opcache). (Laruence)
. Fixed bug #67111 (Memory leak when using "continue 2" inside two fo=
reach
loops). (Nikita)
- OpenSSL:
. Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)
- pcntl:
. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old ha=
ndler
when setting SIG_DFL). (Julien)
- PCRE:
. Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
(Rainer Jung, Anatol Belski)
- pgsql:
. Fixed bug #68697 (lo_export return -1 on failure). (Ond=F8ej Sur=FD=
)
- PDO:
. Fixed bug #68371 (PDO#getAttribute() cannot be called with platform=
-specifi
attribute names). (Matteo)
- PDO_mysql:
. Fixed bug #68424 (Add new PDO mysql connection attr to control mult=
i
statements option). (peter dot wolanin at acquia dot com)
- SPL:
. Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
breaks the RecursiveIterator). (Paul Garvin)
. Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv)=
. (Salathe)
- SQLite:
. Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)
- Streams:
. Fixed bug #68532 (convert.base64-encode omits padding bytes).
(blaesius at krumedia dot de)
|
New packages: