Path to this page:
Subject: CVS commit: [pkgsrc-2014Q4] pkgsrc/lang
From: Matthias Scheler
Date: 2015-01-27 20:37:21
Message id: 20150127193721.9254198@cvs.netbsd.org
Log Message:
Pullup ticket #4598 - requested by taca
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.84
- lang/php55/distinfo 1.33
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 23 16:10:34 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: distinfo
Log Message:
Update php55 to 5.5.21.
22 Jan 2014, PHP 5.5.21
- Core:
. Upgraded crypt_blowfish to version 1.3. (Leigh)
. Fixed bug #60704 (unlink() bug with some files path).
. Fixed bug #65419 (Inside trait, self::class !=3D __CLASS__). (Julie=
n)
. Fixed bug #65576 (Constructor from trait conflicts with inherited
constructor). (dunglas at gmail dot com)
. Fixed bug #55541 (errors spawn MessageBox, which blocks test automa=
tion).
(Anatol)
. Fixed bug #68297 (Application Popup provides too few information). =
(Anatol)
. Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
. Fixed bug #65230 (setting locale randomly broken). (Anatol)
. Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_D=
ATADIR
correctly). (Ferenc)
. Fixed bug #68583 (Crash in timeout thread). (Anatol)
. Fixed bug #68594 (Use after free vulnerability in unserialize()).
(CVE-2014-8142) (Stefan Esser)
. Fixed bug #68676 (Explicit Double Free). (Kalle)
. Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize=
()).
(CVE-2015-0231) (Stefan Esser)
- CGI:
. Fixed bug #68618 (out of bounds read crashes php-cgi).(CVE-2014-942=
7)
(Stas)
- CLI server:
. Fixed bug #68745 (Invalid HTTP requests make web server segfault). =
(Adam)
- cURL:
. Fixed bug #67643 (curl_multi_getcontent returns '' when
CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
- EXIF:
. Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-023=
2)
(Stas)
- Fileinfo:
. Fixed bug #68671 (incorrect expression in libmagic).
(Joshua Rogers, Anatol Belski)
. Removed readelf.c and related code from libmagic sources
(Remi, Anatol)
. Fixed bug #68735 (fileinfo out-of-bounds memory access).
(Anatol)
- FPM:
. Fixed bug #68751 (listen.allowed_clients is broken). (Remi)
- GD:
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, R=
emi)
- Mbstring:
. Fixed bug #68504 (--with-libmbfl configure option not present on Wi=
ndows).
(Ashesh Vashi)
- Mcrypt:
. Fixed possible read after end of buffer and use after free. (Dmitry=
)
- Opcache:
. Fixed bug #67111 (Memory leak when using "continue 2" inside two fo=
reach
loops). (Nikita)
- OpenSSL:
. Fixed bug #55618 (use case-insensitive cert name matching). (Daniel=
Lowrey)
- Pcntl:
. Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old ha=
ndler
when setting SIG_DFL). (Julien)
- PCRE:
. Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
(Rainer Jung, Anatol Belski)
- pgsql:
. Fixed bug #68697 (lo_export return -1 on failure). (Ond=F8ej Sur=FD=
)
- PDO:
. Fixed bug #68371 (PDO#getAttribute() cannot be called with platform=
-specific
attribute names). (Matteo)
- PDO_mysql:
. Fixed bug #68424 (Add new PDO mysql connection attr to control mult=
i
statements option). (peter dot wolanin at acquia dot com)
- SPL:
. Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
breaks the RecursiveIterator). (Paul Garvin)
. Fixed bug #65213 (cannot cast SplFileInfo to boolean) (Tjerk)
. Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv)=
. (Salathe)
- SQLite:
. Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)
- Streams:
. Fixed bug #68532 (convert.base64-encode omits padding bytes).
(blaesius at krumedia dot de)
Files: