./lang/php70, PHP Hypertext Preprocessor version 7.0

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2015Q4, Version: 7.0.4, Package name: php-7.0.4, Maintainer: pkgsrc-users

PHP is an HTML-embedded scripting language. It is modular, with
some object-oriented features. Much of its syntax is borrowed from
C, Java and Perl with a couple of unique PHP-specific features
thrown in. The language is designed to allow web developers to
write dynamically generated pages quickly.

This package provides PHP version 7.0.x.

PHP 7.0.0 comes with a new version of the Zend Engine, numerous improvements
and new features such as

* Improved performance: PHP 7 is up to twice as fast as PHP 5.6
* Significantly reduced memory usage
* Abstract Syntax Tree
* Consistent 64-bit support
* Improved Exception hierarchy
* Many fatal errors converted to Exceptions
* Secure random number generator
* Removed old and unsupported SAPIs and extensions
* The null coalescing operator (??)
* Return and Scalar Type Declarations
* Anonymous Classes
* Zero cost asserts


Required to run:
[textproc/libxml2]


Package options: inet6, ssl

Master sites: (Expand)

SHA1: 4e6ad0af73e9b8de66844dee2f14cc089cb5aea8
RMD160: 026b36537a9f86864bcb932389760c0dd1f5acd2
Filesize: 13698.328 KB

Version history: (Expand)


CVS history: (Expand)


   2016-03-09 21:03:23 by Benny Siegert | Files touched by this commit (3)
Log message:
Pullup ticket #4946 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.128
- lang/php70/distinfo                                           1.6
- lang/php70/patches/patch-configure                            1.2
- lang/php70/patches/patch-ext_opcache_config.m4                deleted

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sat Mar  5 05:20:17 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php70: distinfo
           pkgsrc/lang/php70/patches: patch-configure
   Removed Files:
           pkgsrc/lang/php70/patches: patch-ext_opcache_config.m4

   Log message:
   Update php70 to 7.0.4 (PHP 7.0.4), including security fxies.

   03 Mar 2016 PHP 7.0.4

   - Core:
     . Fixed bug (Low probability segfault in zend_arena). (Laruence)
     . Fixed bug #71441 (Typehinted Generator with return in try/finally crashes).
       (Bob)
     . Fixed bug #71442 (forward_static_call crash). (Laruence)
     . Fixed bug #71443 (Segfault using built-in webserver with intl using
       symfony). (Laruence)
     . Fixed bug #71449 (An integer overflow bug in php_implode()). (Stas)
     . Fixed bug #71450 (An integer overflow bug in php_str_to_str_ex()). (Stas)
     . Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
       (Dmitry)
     . Fixed bug #71485 (Return typehint on internal func causes Fatal error
       when it throws exception). (Laruence)
     . Fixed bug #71529 (Variable references on array elements don't work when
       using count). (Nikita)
     . Fixed bug #71601 (finally block not executed after yield from). (Bob)
     . Fixed bug #71637 (Multiple Heap Overflow due to integer overflows in
       xml/filter_url/addcslashes). (Stas)

   - CLI server:
     . Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
       (Johannes, Anatol)

   - CURL:
     . Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes
       while curl_multi_exec). (Laruence)
     . Fixed memory leak in curl_getinfo(). (Leigh)

   - Date:
     . Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time,
       causing date_date_set issues). (Sean DuBois)

   - Fileinfo:
     . Fixed bug #71434 (finfo throws notice for specific python file). (Laruence)

   - FPM:
     . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi
       setup). (Matt Haught, Remi)
     . Fixed bug #71269 (php-fpm dumped core). (Mickaël)

   - Opcache:
     . Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
       (Yussuf Khalil)

   - PCRE:
     . Fixed bug #71537 (PCRE segfault from Opcache). (Laruence)

   - phpdbg:
     . Fixed inherited functions from unspecified files being included in
       phpdbg_get_executable(). (Bob)

   - SOAP:
     . Fixed bug #71610 (Type Confusion Vulnerability - SOAP /
       make_http_soap_request()). (Stas)

   - Standard:
     . Fixed bug #71603 (compact() maintains references in php7). (Laruence)
     . Fixed bug #70720 (strip_tags improper php code parsing). (Julien)

   - XMLRPC:
     . Fixed bug #71501 (xmlrpc_encode_request ignores encoding option). (Hieu Le)

   - Zip:
     . Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence)
   2016-02-10 21:45:48 by Benny Siegert | Files touched by this commit (2)
Log message:
Pullup ticket #4918 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.125
- lang/php70/distinfo                                           1.4-1.5
- lang/php70/patches/patch-ext_pcre_pcrelib_config.h            1.1-1.2

---
   Module Name:	pkgsrc
   Committed By:	jklos
   Date:		Thu Jan 21 21:47:24 UTC 2016

   Modified Files:
   	pkgsrc/lang/php70: distinfo
   Added Files:
   	pkgsrc/lang/php70/patches: patch-ext_pcre_pcrelib_config.h

   Log message:
   Selectively enable just-in-time support in PCRE for supported architectures.
   Same issue as seen in older php:
   https://mail-index.netbsd.org/pkgsrc-bugs/2015/09/13/msg057792.html

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Feb  6 07:14:44 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php70: distinfo
   	pkgsrc/lang/php70/patches: patch-ext_pcre_pcrelib_config.h

   Log message:
   Update php70 to 7.0.3 (PHP 7.0.3).

   04 Feb 2016 PHP 7.0.3

   - Core:
     . Added support for new HTTP 451 code. (Julien)
     . Fixed bug #71039 (exec functions ignore length but look for NULL termination).
       (Anatol)
     . Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
     . Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
     . Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via
       ob_start). (hugh at allthethings dot co dot nz)
     . Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
     . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
       (Anatol)
     . Fixed Bug #71275 (Bad method called on cloning an object having a trait).
       (Bob)
     . Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
     . Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
     . Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
     . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
       input). (Leo Gaspard)
     . Fixed bug #71336 (Wrong is_ref on properties as exposed via
       get_object_vars()). (Laruence)
     . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)

   - Apache2handler:
     . Fix >2G Content-Length headers in apache2handler. (Adam Harvey)

   - CURL:
     . Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
     . Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
       reference to CURLFile). (Laruence)

   - Interbase:
     . Fixed Bug #71305 (Crash when optional resource is omitted).
     (Laruence, Anatol)

   - LDAP:
     . Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string
       "Array"). (Laruence)

   - mbstring:
     . Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)

   - OpenSSL:
     . Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)

   - Phar:
     . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
     . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
       (Stas)
     . Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)

   - SOAP:
     . Fixed bug #70979 (crash with bad soap request). (Anatol)

   - SPL:
     . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
       (Laruence)
     . Fixed bug #71202 (Autoload function registered by another not activated
       immediately). (Laruence)
     . Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
       unserialize)). (Sean Heelan)
     . Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage,
       unserialize)). (Sean Heelan)

   - Standard:
     . Fixed bug #71287 (Error message contains hexadecimal instead of decimal
       number). (Laruence)
     . Fixed bug #71264 (file_put_contents() returns unexpected value when
       filesystem runs full). (Laruence)
     . Fixed bug #71245 (file_get_contents() ignores "header" context \ 
option if
       it's a reference). (Laruence)
     . Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start).
       (hugh at allthethings dot co dot nz)
     . Fixed bug #71190 (substr_replace converts integers in original $search
       array to strings). (Laruence)
     . Fixed bug #71188 (str_replace converts integers in original $search array
       to strings). (Laruence)
     . Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)

   - WDDX:
     . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
   2016-01-18 21:14:19 by Benny Siegert | Files touched by this commit (1)
Log message:
Pullup ticket #4893 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.122
- lang/php70/distinfo                                           1.3

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Jan  8 03:29:12 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php70: distinfo

   Log message:
   Update php70 to 7.0.2, including security fix.

   07 Jan 2016 PHP 7.0.2

   - Core:
     . Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
       (y dot uchiyama dot 1015 at gmail dot com)
     . Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence)
     . Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). \ 
(Laruence)
     . Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence)
     . Fixed bug memleak in header_register_callback. (Laruence)
     . Fixed bug #71067 (Local object in class method stays in memory for each
       call). (Laruence)
     . Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
     . Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
       (Francois Laupretre)
     . Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
     . Fixed bug #71086 (Invalid numeric literal parse error within
       highlight_string() function). (Nikita)
     . Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse).
       (Nikita)
     . Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea)
     . Fixed bug #66179 (var_export() exports float as integer). (Andrea)
     . Fixed bug #70804 (Unary add on negative zero produces positive zero).
       (Andrea)

   - CURL:
     . Fixed bug #71144 (Sementation fault when using cURL with ZTS).
       (Michael Maroszek, Laruence)

   - DBA:
     . Fixed key leak with invalid resource. (Laruence)

   - Filter:
     . Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia)

   - FTP:
     . Implemented FR #55651 (Option to ignore the returned FTP PASV address).
       (abrender at elitehosts dot com)

   - FPM:
     . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)

   - GD:
     . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
       Out of Bounds). (emmanuel dot law at gmail dot com).

   - Mbstring:
     . Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV,
       Segmentation fault). (Laruence)

   - Opcache:
     . Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)

   - PCRE:
     . Fixed bug #71178 (preg_replace with arrays creates [0] in replace array
       if not already set). (Laruence)

   - Readline:
     . Fixed bug #71094 (readline_completion_function corrupts static array on
       second TAB). (Nikita)

   - Session:
     . Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo)

   - SPL:
     . Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns
       wrong number of parameters). (Laruence)
     . Fixed bug #71153 (Performance Degradation in ArrayIterator with large
       arrays). (Nikita)

   - Standard:
     . Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions).
       (emmanuel dot law at gmail dot com)

   - WDDX:
     . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet \ 
Deserialization).
       (taoguangchen at icloud dot com)
     . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
       Vulnerability). (taoguangchen at icloud dot com)

   - XMLRPC
     . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).
       (Julien)