2016-02-06 08:11:06 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update php55 to 5.5.32 (PHP 5.5.32).
04 Feb 2016, PHP 5.5.32
- Core:
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- GD:
. Improved the fix for bug #70976. (Remi)
- PCRE:
. Upgraded pcrelib to 8.38.
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
|
2016-01-08 04:27:23 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update php55 to 5.5.31, security fix.
07 Jan 2015, PHP 5.5.31
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
(Julien)
|
2015-11-03 23:50:46 by Alistair G. Crooks | Files touched by this commit (194) |
Log message:
Add SHA512 digests for distfiles for lang category
Problems found with existing digests:
Package nhc98 distfile nhc98src-1.22.tar.gz
a8adc8f22371998ee0657bc0e01058a57d876abc [recorded]
81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated]
Problems found locating distfiles:
Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz
Package icc11: missing distfile l_cproc_p_11.1.080.tgz
Package jini: missing distfile jini-1_2_1_001-src.zip
Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2
Package openjdk7: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk7: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk7: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk7: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk7: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk7: missing distfile \
openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package openjdk8: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk8: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk8: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk8: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk8: missing distfile \
openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk8: missing distfile \
openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz
Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz
Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz
Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz
Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin
Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh
Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz
Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz
Package sun-jre6: missing distfile jce_policy-6.zip
Package sun-jre6: missing distfile jre-6u45-linux-x64.bin
Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh
Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz
Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
2015-10-27 10:08:20 by Jonathan Perkin | Files touched by this commit (3) |
Log message:
Pass --disable-libgcc when using SunOS/clang, clang doesn't support the
test and will handle libgcc itself as appropriate.
|
2015-10-02 16:36:35 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update php55 to 5.5.30.
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
** PHP 5.5 is in security-only mode , please do not commit to this branch **
01 Oct 2015, PHP 5.5.30
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
|
2015-09-07 14:02:07 by Jonathan Perkin | Files touched by this commit (29) |
Log message:
Now that _STRIPFLAG_INSTALL is disabled by default on Darwin, remove manual
settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.
|
2015-09-06 14:26:37 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update php55 to 5.5.29 including security fixes.
03 Sep 2015, PHP 5.5.29
- Core:
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
(taoguangchen at icloud dot com)
- EXIF:
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
value of 32 bytes). (Stas)
- hash:
. Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
at naver dot com)
- PCRE:
. Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
(Anatol Belski)
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
- SPL:
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- XSLT:
. Fixed bug #69782 (NULL pointer dereference). (Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
|
2015-08-08 02:12:22 by Takahiro Kambe | Files touched by this commit (1) |
Log message:
Update php55 to 5.5.28.
06 Aug 2015, PHP 5.5.28
- Core:
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- OpenSSL:
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
|
2015-07-11 02:30:11 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update php55 to 5.5.27.
09 Jul 2015, PHP 5.5.27
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
(Andrey)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (Stas)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
|
2015-06-28 17:34:50 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Add fix to https://bugs.php.net/bug.php?id=69737.
Bump PKGREVISION.
|