Path to this page:
Subject: CVS commit: [pkgsrc-2013Q2] pkgsrc/lang
From: Matthias Scheler
Date: 2013-08-25 19:26:38
Message id: 20130825172638.EA5A496@cvs.netbsd.org
Log Message:
Pullup ticket #4222 - requested by taca
lang/php54: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.40,1.42 via patch
- lang/php54/Makefile 1.13-1.14
- lang/php54/Makefile.common patch
- lang/php54/PLIST 1.5
- lang/php54/distinfo 1.22-1.26 via patch
- lang/php54/patches/patch-configure 1.3
- lang/php54/patches/patch-ext_openssl_openssl.c deleted
- lang/php54/patches/patch-ext_xml_xml.c deleted
- lang/php54/patches/patch-sapi_cgi_Makefile.frag 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Aug 14 15:43:22 UTC 2013
Modified Files:
pkgsrc/lang/php54: Makefile distinfo
Added Files:
pkgsrc/lang/php54/patches: patch-ext_openssl_openssl.c
Log Message:
Add fix fo openssl, CVE-2013-4073.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 16 00:38:24 UTC 2013
Modified Files:
pkgsrc/lang/php54: distinfo
pkgsrc/lang/php54/patches: patch-ext_openssl_openssl.c
Log Message:
Since openssl's security problem has assigned CVE-2013-4248, update comment
in the patch file.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 16 15:28:23 UTC 2013
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: Makefile PLIST distinfo
pkgsrc/lang/php54/patches: patch-configure patch-sapi_cgi_Makefile.frag
Removed Files:
pkgsrc/lang/php54/patches: patch-ext_openssl_openssl.c
patch-ext_xml_xml.c
Log Message:
Update php54 to 5.4.18.
15 Aug 2013, PHP 5.4.18
- Core:
. Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was
erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey
avp200681 gmail com).
. Fixed bug #65254 (Exception not catchable when exception thrown in autoload
with a namespace). (Laruence)
. Fixed bug #65108 (is_callable() triggers Fatal Error).
(David Soria Parra, Laruence)
. Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
(Adam)
. Fixed bug #62964 (Possible XSS on "Registered stream filters" info).
(david at nnucomputerwhiz dot com)
. Fixed bug #62672 (Error on serialize of ArrayObject). (Lior Kaplan)
. Fixed bug #62475 (variant_* functions causes crash when null given as an
argument). (Felipe)
. Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana)
. Fixed bug #65226 (chroot() does not get enabled). (Anatol)
- CGI:
. Fixed Bug #65143 (Missing php-cgi man page). (Remi)
- CLI server:
. Fixed bug #65066 (Cli server not responsive when responding with 422 http
status code). (Adam)
- CURL:
. Fixed bug #62665 (curl.cainfo doesn't appear in php.ini). (Lior Kaplan)
- FPM:
. Fixed bug #63983 (enabling FPM borks compile on FreeBSD).
(chibisuke at web dot de, Felipe)
- FTP:
. Fixed bug #65228 (FTPs memory leak with SSL).
(marco dot beierer at mbsecurity dot ch)
- GMP:
. Fixed bug #65227 (Memory leak in gmp_cmp second parameter). (Felipe)
- Imap:
. Fixed bug #64467 (Segmentation fault after imap_reopen failure).
(askalski at gmail dot com)
- Intl:
. Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas)
. Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
(Stas)
- mysqlnd:
. Fixed segfault in mysqlnd when doing long prepare. (Andrey)
- ODBC:
. Fixed bug #61387 (NULL valued anonymous column causes segfault in
odbc_fetch_array). (Brandon Kirsch)
- Openssl:
. Fixed handling null bytes in subjectAltName (CVE-2013-4073).
(Christian Heimes)
- PDO:
. Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
(Chris Jones)
- PDO_dblib:
. Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" \
not sent)).
(Stanley Sufficool)
- PDO_pgsql:
. Fixed meta data retrieve when OID is larger than 2^31. (Yasuo)
- Phar:
. Fixed Bug #65142 (Missing phar man page). (Remi)
- Session
. Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as
documented). (Arpad)
. Fixed bug #35703 (when session_name("123") consist only digits,
should warning). (Yasuo)
. Fixed bug #49175 (mod_files.sh does not support hash bits). Patch by
oorza2k5 at gmail dot com (Yasuo)
- Sockets:
. Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option).
(Damjan Cvetko)
- SPL:
. Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence)
. Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator
/Spl(Temp)FileObject ctor twice). (Laruence)
. Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0,
keys are strings). (Adam)
- XML:
. Fixed bug #65236 (heap corruption in xml parser, CVE-2013-4113). (Rob)
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 17 00:35:08 UTC 2013
Modified Files:
pkgsrc/lang/php54: distinfo
Log Message:
Make sure to update distinfo. Thanks to Greg Oster noted the problem to me.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Aug 23 03:11:55 UTC 2013
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: distinfo
Log Message:
Update php54 to 5.4.19.
22 Aug 2013, PHP 5.4.19
- Core:
. Fixed bug #64503 (Compilation fails with error: conflicting types for
'zendparse'). (Laruence)
- Openssl:
. Fixed UMR in fix for CVE-2013-4248.
Files: