Navigation:
Browse pkgsrc
(this page)| 2024-06-11 15:14:01 by Jonathan Perkin | Files touched by this commit (3) |
Log message: php8*: Run autoconf under CONFIGURE_ENV. Without this, depending on the user's LANG, the configure stage can break due to the --disable-pdo option being parsed after the checks for individual PDO modules, which then fail. Something in the maze of m4 includes is dependent on the locale for correct ordering when generating configure. |
| 2024-06-08 01:11:41 by Takahiro Kambe | Files touched by this commit (8) |
Log message: Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too. |
2024-06-07 15:57:24 by Takahiro Kambe | Files touched by this commit (5) |  |
Log message:
lang/php83: update to 8.3.8
pkgsrc change:
Instead of patch configure, patch m4 files and use autoconf to generate
configure.
PHP 8.3.8 (2024-06-06)
- CGI:
. Fixed buffer limit on Windows, replacing read call usage by _read.
(David Carlier)
. Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
in PHP-CGI). (CVE-2024-4577) (nielsdos)
- CLI:
. Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles
quoted heredoc literals.). (nielsdos)
- Core:
. Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for
non-compile-time expressions). (ilutov)
- DOM:
. Fix crashes when entity declaration is removed while still having entity
references. (nielsdos)
. Fix references not handled correctly in C14N. (nielsdos)
. Fix crash when calling childNodes next() when iterator is exhausted.
(nielsdos)
. Fix crash in ParentNode::append() when dealing with a fragment
containing text nodes. (nielsdos)
- Filter:
. Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
(CVE-2024-5458) (nielsdos)
- FPM:
. Fix bug GH-14175 (Show decimal number instead of scientific notation in
systemd status). (Benjamin Cremer)
- Hash:
. ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
(Saki Takamachi)
- Intl:
. Fixed build regression on systems without C++17 compilers. (Calvin Buckley,
Peter Kokot)
- MySQLnd:
. Fix bug GH-14255 (mysqli_fetch_assoc reports error from
nested query). (Kamil Tekiela)
- Opcache:
. Fixed bug GH-14109 (Fix accidental persisting of internal class constant in
shm). (ilutov)
- OpenSSL:
. The openssl_private_decrypt function in PHP, when using PKCS1 padding
(OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
unless it is used with an OpenSSL version that includes the changes from \
this pull
request: https://github.com/openssl/openssl/pull/13817 \
(rsa_pkcs1_implicit_rejection).
These changes are part of OpenSSL 3.2 and have also been backported to stable
versions of various Linux distributions, as well as to the PHP builds \
provided for
Windows since the previous release. All distributors and builders should \
ensure that
this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)
- Standard:
. Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
(CVE-2024-5585) (nielsdos)
- XML:
. Fixed bug GH-14124 (Segmentation fault with XML extension under certain
memory limit). (nielsdos)
- XMLReader:
. Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos)
|
| 2024-05-29 18:35:19 by Adam Ciarcinski | Files touched by this commit (1929) | |
Log message: revbump after icu and protobuf updates |
| 2024-04-13 04:51:54 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php83: update to 8.3.5
This release includes security fixes.
11 Apr 2024, PHP 8.3.5
- Core:
. Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when
scanning WeakMaps). (Arnaud)
. Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
(nielsdos)
. Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov)
. Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
. Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
destructor). (Arnaud)
- DOM:
. Add some missing ZPP checks. (nielsdos)
. Fix potential memory leak in XPath evaluation results. (nielsdos)
- FPM:
. Fixed GH-11086 (FPM: config test runs twice in daemonised mode).
(Jakub Zelenka)
. Fix incorrect check in fpm_shm_free(). (nielsdos)
- GD:
. Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)
- Gettext:
. Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
with category set to LC_ALL. (David Carlier)
- MySQLnd:
. Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
. Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)
- Opcache:
. Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
(Arnaud, Dmitry)
. Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
method of internal trait when opcache is loaded). (Bob)
- Random:
. Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
modes). (timwolla)
. Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
requests when MT_RAND_PHP is used). (timwolla)
- Session:
. Fixed bug GH-13680 (Segfault with session_decode and compilation error).
(nielsdos)
- SPL:
. Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)
- Standard:
. Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
. Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
(SakiTakamachi)
. Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
(divinity76)
. Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
. Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some
inputs). (CVE-2024-2757) (Alex Dowad)
|
| 2024-03-17 17:48:20 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php83: update to 8.3.4
PHP 8.3.4 (2024-03-14)
- Core:
. Fix ZTS persistent resource crashes on shutdown. (nielsdos)
- Curl:
. Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh)
- DOM:
. Fix unlikely memory leak in case of namespace removal with extremely deep
trees. (nielsdos)
. Fix reference access in dimensions for DOMNodeList and DOMNodeMap.
(nielsdos)
- Fileinfo:
. Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null),
backport). (nielsdos)
- FPM:
. Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
(Jakub Zelenka)
- GD:
. Fixed bug GH-12019 (detection of image formats in system gd library).
(Michael Orlitzky)
- MySQLnd:
. Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error
if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi)
- PDO:
. Fix various PDORow bugs. (Girgias)
- PGSQL:
. Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute
with null value passed by reference). (George Barbarosie)
- SPL:
. Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
in PHP 8.2.15). (nielsdos)
- Standard:
. Fixed bug GH-13279 (Instable array during in-place modification in uksort).
(ilutov)
. Fixed array key as hash to string (case insensitive) comparison typo
for the second operand buffer size (albeit unused for now). (A. Slepykh)
- XML:
. Fixed bug GH-13517 (Multiple test failures when building with
--with-expat). (nielsdos)
|
| 2024-02-16 14:15:20 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php83: update to 8.3.3
15 Feb 2024, PHP 8.3.3
- Core:
. Fixed timer leak in zend-max-execution-timers builds. (withinboredom)
. Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus)
. Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown
Exception). (nielsdos)
. Fixed bug GH-13177 (PHP 8.3.2: final private constructor not allowed
when used in trait). (nielsdos)
. Fixed bug GH-13215 (GCC 14 build failure). (Remi)
- Curl:
. Fix missing error check in curl_multi_init(). (divinity76)
- FPM:
. Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when
plus in path). (Jakub Zelenka)
- GD:
. Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
(nielsdos)
. Fixed bug GH-10614 (imagerotate will turn the picture all black, when
rotated 90). (nielsdos)
- LibXML:
. Fix crashes with entity references and predefined entities. (nielsdos)
- MySQLnd:
. Fixed bug GH-12107 (When running a stored procedure (that returns a result
set) twice, PHP crashes). (nielsdos)
- Opcache:
. Fixed bug GH-13145 (strtok() is not comptime). (ilutov)
. Fixed type inference of range(). (ilutov)
. Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but
JIT_debug is still on). (nielsdos)
- OpenSSL:
. Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set.
(David Carlier).
- PDO_Firebird:
. Fix GH-13119 (Changed to convert float and double values into strings using
`H` format). (SakiTakamachi)
- Phar:
. Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos)
. Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos)
- Random:
. Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken
engines). (timwolla)
- Session:
. Fixed bug GH-12504 (Corrupted session written when there's a fatal error
in autoloader). (nielsdos)
- Standard:
. Fixed bug GH-13094 (range(9.9, '0') causes segmentation fault). (nielsdos)
- Streams:
. Fixed bug GH-13071 (Copying large files using mmap-able source streams may
exhaust available memory and fail). (nielsdos)
|
| 2024-01-21 08:53:53 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php83: update to 8.3.2
8.3.2 (2024-01-18)
- Core:
. Fixed bug GH-12953 (false positive SSA integrity verification failed when
loading composer classmaps with more than 11k elements). (nielsdos)
. Fixed bug GH-12999 (zend_strnlen build when strnlen is unsupported).
(rainerjung)
. Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf
doesn't emit warnings). (Peter Kokot)
. Fixed bug GH-12854 (8.3 - as final trait-used method does not correctly
report visibility in Reflection). (nielsdos)
- Cli:
. Fix incorrect timeout in built-in web server when using router script and
max_input_time. (ilutov)
- DOM:
. Fixed bug GH-12870 (Creating an xmlns attribute results in a DOMException).
(nielsdos)
. Fix crash when toggleAttribute() is used without a document. (nielsdos)
. Fix crash in adoptNode with attribute references. (nielsdos)
. Fixed bug GH-13012 (DOMNode::isEqualNode() is incorrect when attribute
order is different). (nielsdos)
- FFI:
. Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData).
(Jakub Zelenka)
. Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos)
- Intl:
. Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
(David Carlier)
- Hash:
. Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on
strings >= 4GiB). (nielsdos)
- ODBC:
. Fix crash on Apache shutdown with persistent connections. (nielsdos)
- Opcache:
. Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM
with NULL when DIM is the same var as result). (ilutov)
. Added workaround for SELinux mprotect execheap issue.
See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov)
- OpenSSL:
. Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
(Jakub Zelenka)
- PDO:
. Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
(SakiTakamachi)
- PDO_ODBC:
. Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
(SakiTakamachi)
- PGSQL:
. Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier)
. Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
(nielsdos)
- Phar:
. Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos)
- PHPDBG:
. Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos)
- SimpleXML:
. Fix getting the address of an uninitialized property of a SimpleXMLElement
resulting in a crash. (nielsdos)
. Fixed bug GH-12929 (SimpleXMLElement with stream_wrapper_register can
segfault). (nielsdos)
- Tidy:
. Fixed bug GH-12980 (tidynode.props.attribute is missing
"Boolean Attributes" and empty attributes). (nielsdos)
|
| 2024-01-05 03:08:41 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php83: update to 8.3.1
PHP 8.3.1 (2023-12-21)
- Core:
. Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
. Fix various missing NULL checks. (nielsdos, dstogov)
. Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
(ilutov)
. Fixed bug GH-12826 (Weird pointers issue in nested loops). (nielsdos)
- FPM:
. Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
(Patrick Prasse)
- FTP:
. Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos)
- LibXML:
. Fixed test failures for libxml2 2.12.0. (nielsdos)
- MySQLnd:
. Avoid using uninitialised struct. (mikhainin)
. Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
(nielsdos)
- Opcache:
. Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning
at the same time as invalid offset Error). (Girgias)
. Fixed JIT bug (JIT emits "Attempt to assign property of non-object"
warning at the same time as Error is being thrown). (Girgias)
- PDO PGSQL:
. Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)
- SOAP:
. Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
(nielsdos)
- Standard
. Fixed GH-12745 (http_build_query() default null argument for $arg_separator
is implicitly coerced to string). (Girgias)
|
| 2023-11-30 17:14:51 by Takahiro Kambe | Files touched by this commit (21) |
Log message: lang/php83: add version 8.3.0 PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. It is modular, and object-oriented. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The language is designed to allow web developers to write dynamically generated pages quickly. PHP 8.3 comes with numerous improvements and new features such as * Typed Class Constants * Fetch class constant dynamically syntax * Readonly Amendments * Override Attribute * New Randomizer method Random\Randomizer::getBytesFromString * New function json_validate * And much much more... |
New packages: