Path to this page:
Subject: CVS commit: [pkgsrc-2018Q2] pkgsrc/lang
From: Benny Siegert
Date: 2018-08-17 18:04:01
Message id: 20180817160401.1B3AAFBEC@cvs.NetBSD.org
Log Message:
Pullup ticket #5797 - requested by taca
lang/php71: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.222
- lang/php71/Makefile 1.14-1.15
- lang/php71/Makefile.php 1.7-1.8
- lang/php71/distinfo 1.39-1.40
- lang/php71/patches/patch-disable-filter-url 1.1
---
Module Name: pkgsrc
Committed By: maya
Date: Mon Jul 16 10:58:50 UTC 2018
Modified Files:
pkgsrc/lang/php70: Makefile Makefile.php
pkgsrc/lang/php71: Makefile Makefile.php
pkgsrc/lang/php72: Makefile Makefile.php
Log Message:
php*: disable global regs on i386.
Fixes PR pkg/53222 that resurfaced
Remove the previous workaround to add GCC_REQD, which isn't sufficient
any more, possibly due to enabling ssp/fortify?
XXX bumping PKGREVISION might not be sufficient, for the same reason the
GCC_REQD had to be moved to Makefile.php, it affects modules too.
---
Module Name: pkgsrc
Committed By: manu
Date: Wed Jul 18 07:33:12 UTC 2018
Modified Files:
pkgsrc/lang/php56: Makefile.php distinfo
pkgsrc/lang/php70: Makefile.php distinfo
pkgsrc/lang/php71: Makefile.php distinfo
pkgsrc/lang/php72: Makefile.php distinfo
Added Files:
pkgsrc/lang/php56/patches: patch-disable-filter-url
pkgsrc/lang/php70/patches: patch-disable-filter-url
pkgsrc/lang/php71/patches: patch-disable-filter-url
pkgsrc/lang/php72/patches: patch-disable-filter-url
Log Message:
Add pkgsrc build option disable-filter-url to disable php://filter URL
php://filter URL is a feature documented here:
http://php.net/manual/en/wrappers.php.php
Unfortunately, it allows remote control of include() behavior
beyond what many developpers expected, enabling easy dump of
PHP source files. The administrator may want to disable the
feature for security sake, and this option makes that possible.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 20 13:23:47 UTC 2018
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php71: Makefile distinfo
Log Message:
lang/php71: update to 7.1.20
19 Jul 2018, PHP 7.1.20
- Core:
. Fixed bug #76534 (PHP hangs on 'illegal string offset on string references
with an error handler). (Laruence)
. Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize
properly). (Nikita)
- Date:
. Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)
- exif:
. Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
exif_thumbnail_extract of exif.c). (Stas)
. Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
data). (Stas)
- FPM:
. Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to
non-blocking). (Nikita)
- GMP:
. Fixed bug #74670 (Integer Underflow when unserializing GMP and possible
other classes). (Nikita)
- intl:
. Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong
type). (cmb)
- mbstring:
. Fixed bug #76532 (Integer overflow and excessive memory usage
in mb_strimwidth). (MarcusSchwarz)
- PGSQL:
. Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)
- phpdbg:
. Fix arginfo wrt. optional/required parameters. (cmb)
- Reflection:
. Fixed bug #76536 (PHP crashes with core dump when throwing exception in
error handler). (Laruence)
. Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with
inherited classes). (Nikita)
- Standard:
. Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
(Laruence)
. Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
- Win32:
. Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
Files: