Path to this page:
Next | Query returned 3 messages, browsing 1 to 10 | previous
CVS Commit History:
2016-06-28 21:37:34 by Benny Siegert | Files touched by this commit (2) |
Log message:
Pullup ticket #5051 - requested by taca
lang/php56: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.140
- lang/php56/Makefile 1.12
- lang/php56/distinfo 1.28
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jun 24 15:25:21 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php56: Makefile distinfo
Log message:
Update php56 to 5.6.23 (PHP 5.6.23), including security fixes.
pkgsrc change: remove confiugre from SUBST_FILES.path.
23 Jun 2016, PHP 5.6.23
- Core:
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- GD:
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow). (Pierre)
- Intl:
. Fixed bug #70484 (selectordinal doesn't work with named parameters).
(Anatol)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- Phar:
. Fixed bug #72321 (invalid free in phar_extract_file()).
(hji at dyntopia dot com)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- OpenSSL:
. Fixed bug #72140 (segfault after calling ERR_free_strings()).
(Jakub Zelenka)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- zip:
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
|
2016-06-04 21:50:02 by Benny Siegert | Files touched by this commit (2) |
Log message:
Pullup ticket #5035 - requested by taca
lang/php56: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.137
- lang/php56/DESCR 1.2
- lang/php56/distinfo 1.27
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 16 04:13:59 UTC 2016
Modified Files:
pkgsrc/lang/php56: DESCR
Log message:
This package is not for PHP 5.5.x but 5.6.x. Noted by Edgar Fu_ via
privaet E-mail.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 27 13:28:07 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php56: distinfo
Log message:
Update php56 to 5.6.22 (PHP 5.6.22), including security fix.
26 May 2016, PHP 5.6.22
- Core:
. Fixed bug #72172 (zend_hex_strtod should not use strlen).
(bwitz at hotmail dot com )
. Fixed bug #72114 (Integer underflow / arbitrary null write in
fread/gzread). (Stas)
. Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
- Intl
. Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
. Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas)
- Postgres:
. Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
|
2016-05-08 16:08:45 by Benny Siegert | Files touched by this commit (4) |
Log message:
Pullup ticket #4973 - requested by taca
lang/php56: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.134
- lang/php56/distinfo 1.26
- lang/php56/patches/patch-configure 1.3
- lang/php56/patches/patch-ext_opcache_config.m4 deleted
- lang/php56/patches/patch-ext_standard_php__dns.h 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 2 13:08:00 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php56: distinfo
pkgsrc/lang/php56/patches: patch-configure
patch-ext_standard_php__dns.h
Removed Files:
pkgsrc/lang/php56/patches: patch-ext_opcache_config.m4
Log message:
Update php56 to 5.6.21.
pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
pkgsrc-users@.
28 Apr 2016, PHP 5.6.21
- Core:
. Fixed bug #69537 (__debugInfo with empty string for key gives error).
(krakjoe)
. Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)
- BCmath:
. Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
_one_ definition). (Stas)
- Curl:
. Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
(Michael Sierks)
- Date:
. Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)
- EXIF:
. Fixed bug #72094 (Out of bounds heap read access in exif header \
processing). (Stas)
- GD:
. Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas)
. Fixed bug #71912 (libgd: signedness vulnerability). (Stas)
- Intl:
. Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
offset). (Stas)
- OCI8:
. Fixed bug #71422 (Fix ORA-01438: value larger than specified precision
allowed for this column). (Chris Jones)
- ODBC:
. Fixed bug #63171 (Script hangs after max_execution_time). (Remi)
- Opcache:
. Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
(Laruence)
- PDO:
. Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
(Daniel Kalaspuffar, Julien)
. Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
- Postgres:
. Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol)
- SPL:
. Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
offsetExists()). (Nikita)
- Standard:
. Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
. Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
_REENTRANT is not defined). (Nikita)
- XML:
. Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)
|
Next | Query returned 3 messages, browsing 1 to 10 | previous