Navigation:
Browse pkgsrc
(this page) 2021-11-23 23:50:50 by Thomas Merkel | Files touched by this commit (1) |  |
Log message:
Pullup ticket #6543 - requested by taca
lang/php80: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.347
- lang/php80/distinfo 1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Nov 19 14:29:05 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php80: distinfo
Log message:
lang/php80: update to 8.0.13
This release contains security fix.
18 Nov 2021, PHP 8.0.13
- Core:
. Fixed bug #81518 (Header injection via default_mimetype / default_charset).
(cmb)
- Date:
. Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
(cmb)
- MBString:
. Fixed bug #76167 (mbstring may use pointer from some previous request).
(cmb, cataphract)
- Opcache:
. Fixed bug #81512 (Unexpected behavior with arrays and JIT). (Dmitry)
- PCRE:
. Fixed bug #81424 (PCRE2 10.35 JIT performance regression). (cmb)
- XML:
. Fixed bug #79971 (special character is breaking the path in xml function).
(CVE-2021-21707) (cmb)
- XMLReader:
. Fixed bug #81521 (XMLReader::getParserProperty may throw with a valid
property). (Nikita)
|
| 2021-11-02 19:28:45 by Thomas Merkel | Files touched by this commit (1) | |
Log message:
Pullup ticket #6526 - requested by taca
lang/php80: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.342
- lang/php80/distinfo 1.11
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 22 15:09:52 UTC 2021
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php80: distinfo
Log message:
lang/php80: update to 8.0.12
This is a security fix release.
21 Oct 2021, PHP 8.0.12
- CLI:
. Fixed bug #81496 (Server logs incorrect request method). (lauri)
- Core:
. Fixed bug #81435 (Observer current_observed_frame may point to an old
(overwritten) frame). (Bob)
. Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
- DOM:
. Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
(Viktor Volkov)
- FFI:
. Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not
defined). (Dmitry)
- FPM:
. Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege
escalation) (CVE-2021-21703). (Jakub Zelenka)
- Fileinfo:
. Fixed bug #78987 (High memory usage during encoding detection). (Anatol)
- Filter:
. Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
(cmb, Nikita)
- Opcache:
. Fixed bug #81472 (Cannot support large linux major/minor device number when
read /proc/self/maps). (Lin Yang)
- Reflection:
. ReflectionAttribute is no longer final. (sasezaki)
- SPL:
. Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
(cmb, Nikita, Tyson Andre)
. Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1). (cmb)
- Standard:
. Fixed bug #69751 (Change Error message of sprintf/printf for missing/typo
position specifier). (Aliaksandr Bystry)
- Streams:
. Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
(cmb)
- XML:
. Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
(Aliaksandr Bystry, cmb)
- Zip:
. Fixed bug #81490 (ZipArchive::extractTo() may leak memory). (cmb, Remi)
. Fixed bug #77978 (Dirname ending in colon unzips to wrong dir). (cmb)
|
New packages: