Navigation:
Browse pkgsrc
(this page) 2024-04-13 04:53:35 by Takahiro Kambe | Files touched by this commit (1) |  |
Log message:
lang/php81: update to 8.1.27
This release includes security fixes.
11 Apr 2024, PHP 8.1.28
- Standard:
. Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
. Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
|
| 2024-01-05 03:10:35 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php81: update to 8.1.27
PHP 8.1.27 (2023-12-21)
- Core:
. Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious
error handler). (ilutov)
. Fixed oss-fuzz #64209 (In-place modification of filename in
php_message_handler_for_zend). (ilutov)
. Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
- DOM:
. Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid
default: prefix). (nielsdos)
- FPM:
. Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
(Patrick Prasse)
- Intl:
. Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos)
- LibXML:
. Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303)
- MySQLnd:
. Avoid using uninitialised struct. (mikhainin)
- OpenSSL:
. Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos)
- PGSQL:
. Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov)
- PHPDBG:
. Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos)
- SQLite3:
. Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
(SakiTakamachi)
- Standard:
. Fix memory leak in syslog device handling. (danog)
. Fixed bug GH-12621 (browscap segmentation fault when configured in the
vhost). (nielsdos)
. Fixed bug GH-12655 (proc_open() does not take into account references
in the descriptor array). (nielsdos)
- Streams:
. Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
(Jakub Zelenka)
- Zip:
. Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option
Behavior). (Remi)
|
| 2023-11-24 07:03:45 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php81: update to 8.1.26
PHP 8.1.26 (2023-11-23)
- Core:
. Fixed bug GH-12468 (Double-free of doc_comment when overriding static
property via trait). (ilutov)
. Fixed segfault caused by weak references to FFI objects. (sj-i)
. Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas)
- DOM:
. Fix registerNodeClass with abstract class crashing. (nielsdos)
. Add missing NULL pointer error check. (icy17)
. Fix validation logic of php:function() callbacks. (nielsdos)
- Fiber:
. Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi)
- FPM:
. Fixed bug GH-9921 (Loading ext in FPM config does not register module
handlers). (Jakub Zelenka)
. Fixed bug GH-12232 (FPM: segfault dynamically loading extension without
opcache). (Jakub Zelenka)
- Intl:
. Removed the BC break on IntlDateFormatter::construct which threw an
exception with an invalid locale. (David Carlier)
- Opcache:
. Added warning when JIT cannot be enabled. (danog)
. Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
- OpenSSL:
. Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-11374 (Backport upstream fix, Different preg_match result
with -d pcre.jit=0). (mvorisek)
- SOAP:
. Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
(nielsdos)
. Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation
Fault). (nielsdos)
. Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos)
. Fix incorrect uri check in SOAP caching. (nielsdos)
. Fix segfault and assertion failure with refcounted props and arrays.
(nielsdos)
. Fix potential crash with an edge case of persistent encoders. (nielsdos)
. Fixed bug #75306 (Memleak in SoapClient). (nielsdos)
- Streams:
. Fixed bug #75708 (getimagesize with "&$imageinfo" fails on \
StreamWrappers).
(Jakub Zelenka)
- XMLReader:
. Add missing NULL pointer error check. (icy17)
- XMLWriter:
. Add missing NULL pointer error check. (icy17)
- XSL:
. Add missing module dependency. (nielsdos)
. Fix validation logic of php:function() callbacks. (nielsdos)
|
| 2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message: *: recursive bump for icu 74.1 |
| 2023-10-27 17:04:30 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php81: update to 8.1.25
26 Oct 2023, PHP 8.1.25
- Core:
. Fixed bug GH-12207 (memory leak when class using trait with doc block).
(rioderelfte)
. Fixed bug GH-12215 (Module entry being overwritten causes type errors in
ext/dom). (nielsdos)
. Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky)
. Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)
- CLI:
. Ensure a single Date header is present. (coppolafab)
- CType:
. Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
(nielsdos)
- DOM:
. Restore old namespace reconciliation behaviour. (nielsdos)
. Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos)
- Fileinfo:
. Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise)
- Filter:
. Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
- Hash:
. Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
(MaxSem)
- Intl:
. Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
(David Carlier)
. Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception
on an invalid locale). (David Carlier)
- MySQLnd:
. Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library)
'mysqlnd.so' in Unknown on line). (nielsdos)
- Opcache:
. Fixed opcache_invalidate() on deleted file. (mikhainin)
. Fixed bug GH-12380 (JIT+private array property access inside closure
accesses private property in child class). (nielsdos)
- PCRE:
. Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with
JIT enabled gives different result). (nielsdos)
- SimpleXML:
. Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos)
. Fixed bug GH-12223 (Entity reference produces infinite loop in
var_dump/print_r). (nielsdos)
. Fixed bug GH-12167 (Unable to get processing instruction contents in
SimpleXML). (nielsdos)
. Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
(nielsdos)
- Streams:
. Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
(David Carlier)
- XML:
. Fix return type of stub of xml_parse_into_struct(). (nielsdos)
. Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos)
- XSL:
. Fix type error on XSLTProcessor::transformToDoc return value with
SimpleXML. (nielsdos)
- Sockets:
. Fix socket_export_stream() with wrong protocol (twosee)
|
| 2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
| 2023-09-29 17:11:00 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php81: update to 8.1.24
28 Sep 2023, PHP 8.1.24
- Core:
. Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov)
. Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
(Jeremie Courreges-Anglas)
. Fixed bug GH-12073 (Segfault when freeing incompletely initialized
closures). (ilutov)
. Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
(ju1ius)
. Fixed bug GH-12102 (Incorrect compile error when using array access on TMP
value in function call). (ilutov)
- DOM:
. Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos)
- Iconv:
. Fixed build for NetBSD which still uses the old iconv signature.
(David Carlier)
- Intl:
. Fixed bug GH-12020 (intl_get_error_message() broken after
MessageFormatter::formatMessage() fails). (Girgias)
- MySQLnd:
. Fixed bug GH-10270 (Invalid error message when connection via SSL fails:
"trying to connect via (null)"). (Kamil Tekiela)
- ODBC:
. Fixed memory leak with failed SQLPrepare. (NattyNarwhal)
. Fixed persistent procedural ODBC connections not getting closed.
(NattyNarwhal)
- SimpleXML:
. Fixed bug #52751 (XPath processing-instruction() function is not
supported). (nielsdos)
- SPL:
. Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
(nielsdos)
- SQLite3:
. Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with
a callable array). (nielsdos, arnaud-lb)
|
| 2023-09-02 16:49:39 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php81: update to 8.1.23
31 Aug 2023, PHP 8.1.23
- CLI:
. Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with
ZEND_RC_DEBUG=1). (nielsdos)
. Fixed bug GH-10964 (Improve man page about the built-in server).
(Alexandre Daubois)
- Core:
. Fixed strerror_r detection at configuration time. (Kévin Dunglas)
- Date:
. Fixed bug GH-11416: Crash with DatePeriod when uninitialised objects
are passed in. (Derick)
- DOM:
. Fix DOMEntity field getter bugs. (nielsdos)
. Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
(nielsdos)
. Fix DOMCharacterData::replaceWith() with itself. (nielsdos)
. Fix empty argument cases for DOMParentNode methods. (nielsdos)
. Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
(nielsdos)
. Fix json_encode result on DOMDocument. (nielsdos)
. Fix manually calling __construct() on DOM classes. (nielsdos)
. Fixed bug GH-11830 (ParentNode methods should perform their checks
upfront). (nielsdos)
. Fix segfault when DOMParentNode::prepend() is called when the child
disappears. (nielsdos)
- FFI:
. Fix leaking definitions when using FFI::cdef()->new(...). (ilutov)
- MySQLnd:
. Fixed bug GH-11440 (authentication to a sha256_password account fails over
SSL). (nielsdos)
. Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password
accounts using passwords longer than 19 characters).
(nielsdos, Kamil Tekiela)
. Fixed bug GH-11550 (MySQL Statement has a empty query result when
the response field has changed, also Segmentation fault).
(Yurunsoft)
. Fixed invalid error message "Malformed packet" when connection is \
dropped.
(Kamil Tekiela)
- Opcache:
. Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
opcache_get_status() / phpinfo() is wrong). (nielsdos)
. Avoid adding an unnecessary read-lock when loading script from shm if
restart is in progress. (mikhainin)
- PCNTL:
. Revert behaviour of receiving SIGCHLD signals back to the behaviour
before 8.1.22. (nielsdos)
- SPL:
. Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
(nielsdos)
- Standard:
. Prevent int overflow on $decimals in number_format. (Marc Bennewitz)
. Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix)
(athos-ribeiro)
|
| 2023-08-05 10:43:16 by Takahiro Kambe | Files touched by this commit (3) | |
Log message:
lang/php81: update to 8.1.22
03 Aug 2023, PHP 8.1.22
- Build:
. Fixed bug GH-11522 (PHP version check fails with '-' separator).
(SVGAnimate)
- CLI:
. Fix interrupted CLI output causing the process to exit. (nielsdos)
- Core:
. Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
(ilutov)
. Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
. Fixed build for FreeBSD before the 11.0 releases. (David Carlier)
- Curl:
. Fix crash when an invalid callback function is passed to
CURLMOPT_PUSHFUNCTION. (nielsdos)
- Date:
. Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
- DOM:
. Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with
DOMDocumentFragment but just deletes node or causes wrapping <></>
depending on libxml2 version). (nielsdos)
- Fileinfo:
. Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)
- FTP:
. Fix context option check for "overwrite". (JonasQuinten)
. Fixed bug GH-10562 (Memory leak and invalid state with consecutive
ftp_nb_fget). (nielsdos)
- GD:
. Fix most of the external libgd test failures. (Michael Orlitzky)
- Hash:
. Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options
parameter in signature. (ilutov)
- Intl:
. Fix memory leak in MessageFormatter::format() on failure. (Girgias)
- Libxml:
. Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)
- MBString:
. Fix GH-11300 (license issue: restricted unicode license headers).
(nielsdos)
- Opcache:
. Fixed bug GH-10914 (OPCache with Enum and Callback functions results in
segmentation fault). (nielsdos)
. Prevent potential deadlock if accelerated globals cannot be allocated.
(nielsdos)
- PCNTL:
. Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
(nielsdos)
- PCRE:
. Mangle PCRE regex cache key with JIT option. (mvorisek)
- PDO:
. Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true
and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer
filled). (SakiTakamachi)
- PDO SQLite:
. Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
(KapitanOczywisty, CViniciusSDias)
- Phar:
. Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
. Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
(CVE-2023-3824) (nielsdos)
- PHPDBG:
. Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr)
- Session:
. Removed broken url support for transferring session ID. (ilutov)
- Standard:
. Fix serialization of RC1 objects appearing in object graph twice. (ilutov)
- SQLite3:
. Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)
|
| 2023-07-07 14:51:19 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php81: update to 8.1.21
PHP 8.1.21 (2023-07-06)
- CLI:
. Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
(James Lucas)
- Core:
. Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili)
- Curl:
. Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
(nielsdos)
- DOM:
. Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions
and segfaults with replaceWith). (nielsdos)
. Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty
attribute value). (nielsdos)
. Fix return value in stub file for DOMNodeList::item. (divinity76)
. Fix spec compliance error with '*' namespace for
DOMDocument::getElementsByTagNameNS. (nielsdos)
. Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
(nielsdos)
. Fixed bug GH-11347 (Memory leak when calling a static method inside an
xpath query). (nielsdos)
. Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile
namespaces). (nielsdos)
. Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node
with itself). (nielsdos)
. Fixed bug #77686 (Removed elements are still returned by getElementById).
(nielsdos)
. Fixed bug #70359 (print_r() on DOMAttr causes Segfault in
php_libxml_node_free_list()). (nielsdos)
. Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos)
. Fix lifetime issue with getAttributeNodeNS(). (nielsdos)
. Fix "invalid state error" with cloned namespace declarations. \
(nielsdos)
. Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation
issues). (nielsdos)
. Fixed bug #80332 (Completely broken array access functionality with
DOMNamedNodeMap). (nielsdos)
- Opcache:
. Fix allocation loop in zend_shared_alloc_startup(). (nielsdos)
. Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB)
. Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem
with opcache.file_cache_only=1 but it was never locked). (nielsdos)
- OpenSSL:
. Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in
subjectAltNames (James Lucas, Jakub Zelenka).
- PGSQL:
. Fixed intermittent segfault with pg_trace. (David Carlier)
- Phar:
. Fix cross-compilation check in phar generation for FreeBSD. (peter279k)
- SPL:
. Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one
slash). (nielsdos)
- Standard:
. Fix access on NULL pointer in array_merge_recursive(). (ilutov)
. Fix exception handling in array_multisort(). (ilutov)
|
New packages: