Navigation:
Browse pkgsrc
(this page) 2024-10-24 15:52:06 by Takahiro Kambe | Files touched by this commit (1) |  |
Log message:
lang/php83: update to 8.3.13
24 Oct 2024, PHP 8.3.13
- Calendar:
. Fixed GH-16240: jdtounix overflow on argument value. (David Carlier)
. Fixed GH-16241: easter_days/easter_date overflow on year argument.
(David Carlier)
. Fixed GH-16263: jddayofweek overflow. (cmb)
. Fixed GH-16234: jewishtojd overflow. (nielsdos)
- CLI:
. Fixed bug GH-16137: duplicate http headers when set several times by
the client. (David Carlier)
- Core:
. Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator
list while adding). (nielsdos)
. Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). (cmb)
. Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to
exception). (ilutov)
. Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of
nested generator frame). (ilutov)
. Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). (Arnaud)
. Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). (Arnaud)
. Fixed bug GH-16233 (Observer segfault when calling user function in
internal function via trampoline). (nielsdos)
- DOM:
. Fixed bug GH-16039 (Segmentation fault (access null pointer) in
ext/dom/parentnode/tree.c). (nielsdos)
. Fixed bug GH-16149 (Null pointer dereference in
DOMElement->getAttributeNames()). (nielsdos)
. Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c).
(nielsdos)
. Fixed bug GH-16150 (Use after free in php_dom.c). (nielsdos)
. Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument).
(nielsdos)
- JSON:
. Fixed bug GH-15168 (stack overflow in json_encode()). (nielsdos)
- GD:
. Fixed bug GH-16232 (bitshift overflow on wbmp file content reading /
fix backport from upstream). (David Carlier)
. Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value)
(David Carlier)
. Fixed bug GH-16274 (imagescale underflow on RBG channels /
fix backport from upstream). (David Carlier)
- LDAP:
. Fixed bug GH-16032 (Various NULL pointer dereferencements in
ldap_modify_batch()). (Girgias)
. Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search()
when LDAPs array is not a list). (Girgias)
. Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated
by ZMM.). (Girgias)
. Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a
proper dictionary). (Girgias)
- MBString:
. Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()).
(nielsdos)
- OpenSSL:
. Fixed stub for openssl_csr_new. (Jakub Zelenka)
- PCRE:
. Fixed bug GH-16189 (underflow on offset argument). (David Carlier)
. Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c).
(nielsdos)
- PHPDBG:
. Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb)
. Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).
(cmb)
- Reflection:
. Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c).
(DanielEScherzer)
- SAPI:
. Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).
(Jakub Zelenka, David Carlier)
- SimpleXML:
. Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).
(nielsdos)
- Sockets:
. Fixed bug GH-16267 (socket_strerror overflow on errno argument).
(David Carlier)
- SOAP:
. Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP
headers in array form). (nielsdos)
. Fixed bug #62900 (Wrong namespace on xsd import error message). (nielsdos)
. Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value).
(nielsdos)
. Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). (nielsdos)
. Fix Soap leaking http_msg on error. (nielsdos)
. Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460).
(nielsdos)
. Fixed bug GH-16259 (Soap segfault when classmap instantiation fails).
(nielsdos)
- SPL:
. Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c).
(nielsdos)
- Standard:
. Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). (Arnaud)
. Fixed bug GH-15169 (stack overflow when var serialization in
ext/standard/var). (nielsdos)
- Streams:
. Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c).
(nielsdos)
. Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c).
(cmb)
- TSRM:
. Prevent closing of unrelated handles. (cmb)
- Windows:
. Fixed minimal Windows version. (cmb)
|
| 2024-09-28 17:03:38 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php83: update to 8.3.12
PHP 8.3.12 (2024-09-26)
- CGI:
. Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
Vulnerability). (CVE-2024-8926) (nielsdos)
. Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
bypassable due to the environment variable collision). (CVE-2024-8927)
(nielsdos)
- Core:
. Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer).
(zeriyoshi)
. Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot)
. Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot)
. Fixed bug GH-15565 (--disable-ipv6 during compilation produces error
EAI_SYSTEM not found). (nielsdos)
. Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
(Bernd Kuhls, Thomas Petazzoni)
. Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud)
. Fixed uninitialized lineno in constant AST of internal enums. (ilutov)
- Curl:
. FIxed bug GH-15547 (curl_multi_select overflow on timeout argument).
(David Carlier)
- DOM:
. Fixed bug GH-15551 (Segmentation fault (access null pointer) in
ext/dom/xml_common.h). (nielsdos)
. Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c).
(nielsdos)
- Fileinfo:
. Fixed bug GH-15752 (Incorrect error message for finfo_file
with an empty filename argument). (DanielEScherzer)
- FPM:
. Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
(CVE-2024-9026) (Jakub Zelenka)
- MySQLnd:
. Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb,
Kamil Tekiela)
- Opcache:
. Fixed bug GH-15661 (Access null pointer in
Zend/Optimizer/zend_inference.c). (nielsdos)
. Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h).
(nielsdos)
- SAPI:
. Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
(CVE-2024-8925) (Arnaud)
- Standard:
. Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb)
- Streams:
. Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated).
(cmb)
|
| 2024-08-31 06:36:24 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php83: update to 8.3.11
PHP 8.3.11 (2024-08-29)
- Core:
. Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c).
(nielsdos)
. Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). (nielsdos)
. Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally).
(Peter Kokot)
. Fix uninitialized memory in network.c. (nielsdos)
. Fixed bug GH-15108 (Segfault when destroying generator during shutdown).
(Arnaud)
. Fixed bug GH-15275 (Crash during GC of suspended generator delegate).
(Arnaud)
- Curl:
. Fixed case when curl_error returns an empty string.
(David Carlier)
- DOM:
. Fix UAF when removing doctype and using foreach iteration. (nielsdos)
- FFI:
. Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory
leak). (nielsdos, dstogov)
- Hash:
. Fix crash when converting array data for array in shm in xxh3. (nielsdos)
- Intl:
. Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). (cmb)
- Opcache:
. Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4).
(Bob)
. Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
(Arnaud, nielsdos)
- Output:
. Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in
ext/standard/url_scanner_ex.re). (nielsdos)
- PDO_Firebird:
. Fix bogus fallthrough path in firebird_handle_get_attribute(). (nielsdos)
- PHPDBG:
. Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode
with libedit/readline). (Peter Kokot)
. Fixed bug GH-15268 (heap buffer overflow in phpdbg
(zend_hash_num_elements() Zend/zend_hash.h)). (nielsdos)
. Fixed bug GH-15210 use-after-free on watchpoint allocations. (nielsdos)
- Soap:
. Fixed bug #55639 (Digest autentication dont work). (nielsdos)
. Fix SoapFault property destruction. (nielsdos)
. Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap
constructor option). (nielsdos)
- Standard:
. Fix passing non-finite timeout values in stream functions. (nielsdos)
. Fixed GH-14780 p(f)sockopen timeout overflow. (David Carlier)
- Streams:
. Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). (nielsdos)
. Fixed bug GH-15034 (Integer overflow on stream_notification_callback
byte_max parameter with files bigger than 2GB). (nielsdos)
. Reverted fix for GH-14930 (Custom stream wrapper dir_readdir output
truncated to 255 characters). (Jakub Zelenka)
- Tidy:
. Fix memory leaks in ext/tidy basedir restriction code. (nielsdos)
|
| 2024-08-02 17:29:30 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php83: update to 8.3.10
8.3.10 (2024-08-01)
- Core:
. Fixed bug GH-13922 (Fixed support for systems with
sysconf(_SC_GETPW_R_SIZE_MAX) == -1). (Arnaud)
. Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). (Arnaud)
. Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
(nielsdos)
. Fixed OSS-Fuzz #69765. (nielsdos)
. Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). (nielsdos)
. Fixed bug GH-14969 (Use-after-free in property coercion with __toString()).
(ilutov)
- Dom:
. Fixed bug GH-14702 (DOMDocument::xinclude() crash). (nielsdos)
- Fileinfo:
. Fixed bug GH-14888 (README.REDIST.BINS refers to non-existing LICENSE).
(cmb)
- Gd:
. ext/gd/tests/gh10614.phpt: skip if no PNG support. (orlitzky)
. restored warning instead of fata error. (dryabov)
- LibXML:
. Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). (nielsdos)
- Opcache:
. Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that
opcache.jit is implictly disabled). (nielsdos)
- Output:
. Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with
empty output buffer). (nielsdos)
- PDO:
. Fixed bug GH-14712 (Crash with PDORow access to null property).
(David Carlier)
- Phar:
. Fixed bug GH-14603 (null string from zip entry).
(David Carlier)
- PHPDBG:
. Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
(David Carlier)
. Fixed bug GH-14553 (echo output trimmed at NULL byte). (nielsdos)
- Shmop:
. Fixed bug GH-14537 (shmop Windows 11 crashes the process). (nielsdos)
- SPL:
. Fixed bug GH-14639 (Member access within null pointer in
ext/spl/spl_observer.c). (nielsdos)
- Standard:
. Fixed bug GH-14775 (range function overflow with negative step argument).
(David Carlier)
. Fix 32-bit wordwrap test failures. (orlitzky)
. Fixed bug GH-14774 (time_sleep_until overflow). (David Carlier)
- Streams:
. Fixed bug GH-14930 (Custom stream wrapper dir_readdir output truncated to
255 characters in PHP 8.3). (Joe Cai)
- Tidy:
. Fix memory leak in tidy_repair_file(). (nielsdos)
- Treewide:
. Fix compatibility with libxml2 2.13.2. (nielsdos)
- XML:
. Move away from to-be-deprecated libxml fields. (nielsdos)
. Fixed bug GH-14834 (Error installing PHP when --with-pear is used).
(nielsdos)
|
| 2024-07-05 05:32:40 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php83: update to 8.3.9
PHP 8.3.9 (2024-07-04)
- Core:
. Fixed bug GH-14315 (Incompatible pointer type warnings). (Peter Kokot)
. Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14
when running on Apple Silicon). (Manuel Kress)
. Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from
values during Generator->throw()). (Bob)
. Fixed bug GH-14456 (Attempting to initialize class with private constructor
calls destructor). (Girgias)
. Fixed bug GH-14510 (memleak due to missing pthread_attr_destroy()-call).
(Florian Engelhardt)
. Fixed bug GH-14549 (Incompatible function pointer type for fclose).
(Ryan Carsten Schmidt)
- BCMatch:
. Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). (Girgias)
- Curl:
. Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). (nielsdos)
- DOM:
. Fixed bug GH-14343 (Memory leak in xml and dom). (nielsdos)
- FPM:
. Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are
ignored in status pool). (Wilhansen Li, Pierrick Charron)
- GD:
. Fix parameter numbers for imagecolorset(). (Giovanni Giacobbi)
- Intl:
. Fix reference handling in SpoofChecker. (nielsdos)
- MySQLnd:
. Partially fix bug GH-10599 (Apache crash on Windows when using a
self-referencing anonymous function inside a class with an active
mysqli connection). (nielsdos)
- Opcache:
. Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime).
(ilutov)
. Fixed TLS access in JIT on FreeBSD/amd64. (Arnaud)
. Fixed bug GH-11188 (Error when building TSRM in ARM64). (nielsdos)
- PDO ODBC:
. Fixed bug GH-14367 (incompatible SDWORD type with iODBC). (Calvin Buckley)
- PHPDBG:
. Fixed bug GH-13681 (segfault on watchpoint addition failure). (David Carlier)
- Soap:
. Fixed bug #47925 (PHPClient can't decompress response). (nielsdos)
. Fix missing error restore code. (nielsdos)
. Fix memory leak if calling SoapServer::setObject() twice. (nielsdos)
. Fix memory leak if calling SoapServer::setClass() twice. (nielsdos)
. Fix reading zlib ini settings in ext-soap. (nielsdos)
. Fix memory leaks with string function name lookups. (nielsdos)
. Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class
name). (nielsdos)
. Fixed bug #76232 (SoapClient Cookie Header Semicolon). (nielsdos)
. Fixed memory leaks when calling SoapFault::__construct() twice. (Girgias)
- Sodium:
. Fix memory leaks in ext/sodium on failure of some functions. (nielsdos)
- SPL:
. Fixed bug GH-14290 (Member access within null pointer in extension spl).
(nielsdos)
- Standard:
. Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract
namespace Unix sockets). (Derick)
- Streams:
. Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not
allocated and malloc: double free for ptr errors). (nielsdos)
|
| 2024-06-11 15:14:01 by Jonathan Perkin | Files touched by this commit (3) |
Log message: php8*: Run autoconf under CONFIGURE_ENV. Without this, depending on the user's LANG, the configure stage can break due to the --disable-pdo option being parsed after the checks for individual PDO modules, which then fail. Something in the maze of m4 includes is dependent on the locale for correct ordering when generating configure. |
| 2024-06-08 01:11:41 by Takahiro Kambe | Files touched by this commit (8) |
Log message: Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too. |
| 2024-06-07 15:57:24 by Takahiro Kambe | Files touched by this commit (5) | |
Log message:
lang/php83: update to 8.3.8
pkgsrc change:
Instead of patch configure, patch m4 files and use autoconf to generate
configure.
PHP 8.3.8 (2024-06-06)
- CGI:
. Fixed buffer limit on Windows, replacing read call usage by _read.
(David Carlier)
. Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
in PHP-CGI). (CVE-2024-4577) (nielsdos)
- CLI:
. Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles
quoted heredoc literals.). (nielsdos)
- Core:
. Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for
non-compile-time expressions). (ilutov)
- DOM:
. Fix crashes when entity declaration is removed while still having entity
references. (nielsdos)
. Fix references not handled correctly in C14N. (nielsdos)
. Fix crash when calling childNodes next() when iterator is exhausted.
(nielsdos)
. Fix crash in ParentNode::append() when dealing with a fragment
containing text nodes. (nielsdos)
- Filter:
. Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
(CVE-2024-5458) (nielsdos)
- FPM:
. Fix bug GH-14175 (Show decimal number instead of scientific notation in
systemd status). (Benjamin Cremer)
- Hash:
. ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
(Saki Takamachi)
- Intl:
. Fixed build regression on systems without C++17 compilers. (Calvin Buckley,
Peter Kokot)
- MySQLnd:
. Fix bug GH-14255 (mysqli_fetch_assoc reports error from
nested query). (Kamil Tekiela)
- Opcache:
. Fixed bug GH-14109 (Fix accidental persisting of internal class constant in
shm). (ilutov)
- OpenSSL:
. The openssl_private_decrypt function in PHP, when using PKCS1 padding
(OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
unless it is used with an OpenSSL version that includes the changes from \
this pull
request: https://github.com/openssl/openssl/pull/13817 \
(rsa_pkcs1_implicit_rejection).
These changes are part of OpenSSL 3.2 and have also been backported to stable
versions of various Linux distributions, as well as to the PHP builds \
provided for
Windows since the previous release. All distributors and builders should \
ensure that
this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)
- Standard:
. Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
(CVE-2024-5585) (nielsdos)
- XML:
. Fixed bug GH-14124 (Segmentation fault with XML extension under certain
memory limit). (nielsdos)
- XMLReader:
. Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos)
|
| 2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1929) | |
Log message: revbump after icu and protobuf updates |
| 2024-04-13 04:51:54 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php83: update to 8.3.5
This release includes security fixes.
11 Apr 2024, PHP 8.3.5
- Core:
. Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when
scanning WeakMaps). (Arnaud)
. Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
(nielsdos)
. Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
. Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
. Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
destructor). (Arnaud)
- DOM:
. Add some missing ZPP checks. (nielsdos)
. Fix potential memory leak in XPath evaluation results. (nielsdos)
- FPM:
. Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
(Jakub Zelenka)
. Fix incorrect check in fpm_shm_free(). (nielsdos)
- GD:
. Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
- Gettext:
. Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
with category set to LC_ALL. (David Carlier)
- MySQLnd:
. Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
. Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
- Opcache:
. Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
(Arnaud, Dmitry)
. Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
method of internal trait when opcache is loaded). (Bob)
- Random:
. Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
modes). (timwolla)
. Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
requests when MT_RAND_PHP is used). (timwolla)
- Session:
. Fixed bug GH-13680 (Segfault with session_decode and compilation error).
(nielsdos)
- SPL:
. Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
- Standard:
. Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
. Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
(SakiTakamachi)
. Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
(divinity76)
. Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
. Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some
inputs). (CVE-2024-2757) (Alex Dowad)
|
New packages: