Next | Query returned 2 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2016-11-21 07:08:51 by Benny Siegert | Files touched by this commit (1)
Log message:
Pullup ticket #5157 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php56/distinfo                                           1.36

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Nov 12 15:34:00 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log message:
   Update php56 to 5.6.28 (PHP 5.6.28), including security fix (as usual).

   10 Nov 2016, PHP 5.6.28

   - Core:
     . Fixed bug #73337 (try/catch not working with two exceptions inside a same
       operation). (Dmitry)

   - Bz2:
     . Fixed bug #73356 (crash in bzcompress function). (Stas)

   -GD:
     . Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
     . Fixed bug #73272 (imagescale() is not affected by, but affects
       imagesetinterpolation()). (cmb)
     . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
     . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
     . Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
       (cmb)
     . Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)

   - Imap:
     . Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads \ 
Heap Overflow).
       (Anatol)

   - SPL:
     . Fixed bug #73144 (Use-after-free in ArrayObject Deserialization). (Stas)

   - SOAP:
     . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)

   - SQLite3:
     . Fixed bug #73333 (2147483647 is fetched as string). (cmb)

   - Standard:
     . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
     . Fixed bug #73188 (use after free in userspace streams). (Sara)

   - Wddx:
     . Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
       with PDORow). (Stas)
   2016-10-21 20:47:33 by Benny Siegert | Files touched by this commit (1)
Log message:
Pullup ticket #5140 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.161
- lang/php56/distinfo                                           1.35

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Oct 16 11:58:42 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log message:
   Update php56 to 5.6.27.

   13 Oct 2016, PHP 5.6.27

   - Core:
     . Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of
       zend_virtual_cwd.c). (cmb)
     . Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
     . Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
       password_verify). (Anatol)
     . Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
     . Fixed bug #73147 (Use After Free in unserialize()). (Stas)

   - BCmath:
     . Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)

   - DOM:
     . Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)

   - Ereg:
     . Fixed bug #73284 (heap overflow in php_ereg_replace function). (Stas)

   - Filter:
     . Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
       FILTER_FLAG_NO_PRIV_RANGE). (julien)
     . Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN,
       FILTER_NULL_ON_FAILURE). (levim, cmb)
     . Fixed bug #73054 (default option ignored when object passed to int filter).
       (cmb)

   - GD:
     . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
       (cmb)
     . Fixed bug #50194 (imagettftext broken on transparent background w/o
       alphablending). (cmb)
     . Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab,
       cmb)
     . Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
       (Mark Plomer, cmb)
     . Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
     . Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
     . Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted
       files). (cmb)
     . Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)

   - Intl:
     . Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)

   - Imap:
     . Fixed bug #73208 (integer overflow in imap_8bit caused heap corruption).
       (Stas)

   - Mbstring:
     . Fixed bug #72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
     . Fixed bug #66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
     . Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
       (Yasuo)
     . Fixed bug #73082 (string length overflow in mb_encode_* function). (Stas)

   - PCRE:
     . Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas)

   - Opcache:
     . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
       (Keyur) (julien backport)

   - OpenSSL:
     . Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
       (Jakub Zelenka)
     . Fixed bug #73275 (crash in openssl_encrypt function). (Stas)
     . Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)

   - Session:
     . Fixed bug #68015 (Session does not report invalid uid for files save handler).
       (Yasuo)
     . Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
       (cmb)

   - SimpleXML:
     . Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
       (Stas)

   - SPL:
     . Fixed bug #73073 (CachingIterator null dereference when convert to string).
       (Stas)

   - Standard:
     . Fixed bug #73240 (Write out of bounds at number_format). (Stas)
     . Fixed bug #73017 (memory corruption in wordwrap function). (Stas)

   - Stream:
     . Fixed bug #73069 (readfile() mangles files larger than 2G). (Laruence)

   - Zip:
     . Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
       (cmb)

Next | Query returned 2 messages, browsing 1 to 10 | previous