Navigation:
Browse pkgsrc
(this page)
lang php81
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2024-04-13 04:53:35 by Takahiro Kambe | Files touched by this commit (1) |  |
Log message:
lang/php81: update to 8.1.27
This release includes security fixes.
11 Apr 2024, PHP 8.1.28
- Standard:
. Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
. Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
. Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)
|
| 2024-01-05 03:10:35 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php81: update to 8.1.27
PHP 8.1.27 (2023-12-21)
- Core:
. Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious
error handler). (ilutov)
. Fixed oss-fuzz #64209 (In-place modification of filename in
php_message_handler_for_zend). (ilutov)
. Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
- DOM:
. Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid
default: prefix). (nielsdos)
- FPM:
. Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
(Patrick Prasse)
- Intl:
. Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos)
- LibXML:
. Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303)
- MySQLnd:
. Avoid using uninitialised struct. (mikhainin)
- OpenSSL:
. Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos)
- PGSQL:
. Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov)
- PHPDBG:
. Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos)
- SQLite3:
. Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
(SakiTakamachi)
- Standard:
. Fix memory leak in syslog device handling. (danog)
. Fixed bug GH-12621 (browscap segmentation fault when configured in the
vhost). (nielsdos)
. Fixed bug GH-12655 (proc_open() does not take into account references
in the descriptor array). (nielsdos)
- Streams:
. Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
(Jakub Zelenka)
- Zip:
. Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option
Behavior). (Remi)
|
| 2023-11-24 07:03:45 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php81: update to 8.1.26
PHP 8.1.26 (2023-11-23)
- Core:
. Fixed bug GH-12468 (Double-free of doc_comment when overriding static
property via trait). (ilutov)
. Fixed segfault caused by weak references to FFI objects. (sj-i)
. Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas)
- DOM:
. Fix registerNodeClass with abstract class crashing. (nielsdos)
. Add missing NULL pointer error check. (icy17)
. Fix validation logic of php:function() callbacks. (nielsdos)
- Fiber:
. Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi)
- FPM:
. Fixed bug GH-9921 (Loading ext in FPM config does not register module
handlers). (Jakub Zelenka)
. Fixed bug GH-12232 (FPM: segfault dynamically loading extension without
opcache). (Jakub Zelenka)
- Intl:
. Removed the BC break on IntlDateFormatter::construct which threw an
exception with an invalid locale. (David Carlier)
- Opcache:
. Added warning when JIT cannot be enabled. (danog)
. Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)
- OpenSSL:
. Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
(Jakub Zelenka)
- PCRE:
. Fixed bug GH-11374 (Backport upstream fix, Different preg_match result
with -d pcre.jit=0). (mvorisek)
- SOAP:
. Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
(nielsdos)
. Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation
Fault). (nielsdos)
. Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos)
. Fix incorrect uri check in SOAP caching. (nielsdos)
. Fix segfault and assertion failure with refcounted props and arrays.
(nielsdos)
. Fix potential crash with an edge case of persistent encoders. (nielsdos)
. Fixed bug #75306 (Memleak in SoapClient). (nielsdos)
- Streams:
. Fixed bug #75708 (getimagesize with "&$imageinfo" fails on \
StreamWrappers).
(Jakub Zelenka)
- XMLReader:
. Add missing NULL pointer error check. (icy17)
- XMLWriter:
. Add missing NULL pointer error check. (icy17)
- XSL:
. Add missing module dependency. (nielsdos)
. Fix validation logic of php:function() callbacks. (nielsdos)
|
| 2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message: *: recursive bump for icu 74.1 |
| 2023-10-27 17:04:30 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
lang/php81: update to 8.1.25
26 Oct 2023, PHP 8.1.25
- Core:
. Fixed bug GH-12207 (memory leak when class using trait with doc block).
(rioderelfte)
. Fixed bug GH-12215 (Module entry being overwritten causes type errors in
ext/dom). (nielsdos)
. Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky)
. Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)
- CLI:
. Ensure a single Date header is present. (coppolafab)
- CType:
. Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
(nielsdos)
- DOM:
. Restore old namespace reconciliation behaviour. (nielsdos)
. Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos)
- Fileinfo:
. Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise)
- Filter:
. Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)
- Hash:
. Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
(MaxSem)
- Intl:
. Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
(David Carlier)
. Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception
on an invalid locale). (David Carlier)
- MySQLnd:
. Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library)
'mysqlnd.so' in Unknown on line). (nielsdos)
- Opcache:
. Fixed opcache_invalidate() on deleted file. (mikhainin)
. Fixed bug GH-12380 (JIT+private array property access inside closure
accesses private property in child class). (nielsdos)
- PCRE:
. Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with
JIT enabled gives different result). (nielsdos)
- SimpleXML:
. Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos)
. Fixed bug GH-12223 (Entity reference produces infinite loop in
var_dump/print_r). (nielsdos)
. Fixed bug GH-12167 (Unable to get processing instruction contents in
SimpleXML). (nielsdos)
. Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
(nielsdos)
- Streams:
. Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
(David Carlier)
- XML:
. Fix return type of stub of xml_parse_into_struct(). (nielsdos)
. Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos)
- XSL:
. Fix type error on XSLTProcessor::transformToDoc return value with
SimpleXML. (nielsdos)
- Sockets:
. Fix socket_export_stream() with wrong protocol (twosee)
|
| 2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
| 2023-09-29 17:11:00 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php81: update to 8.1.24
28 Sep 2023, PHP 8.1.24
- Core:
. Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov)
. Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
(Jeremie Courreges-Anglas)
. Fixed bug GH-12073 (Segfault when freeing incompletely initialized
closures). (ilutov)
. Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
(ju1ius)
. Fixed bug GH-12102 (Incorrect compile error when using array access on TMP
value in function call). (ilutov)
- DOM:
. Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos)
- Iconv:
. Fixed build for NetBSD which still uses the old iconv signature.
(David Carlier)
- Intl:
. Fixed bug GH-12020 (intl_get_error_message() broken after
MessageFormatter::formatMessage() fails). (Girgias)
- MySQLnd:
. Fixed bug GH-10270 (Invalid error message when connection via SSL fails:
"trying to connect via (null)"). (Kamil Tekiela)
- ODBC:
. Fixed memory leak with failed SQLPrepare. (NattyNarwhal)
. Fixed persistent procedural ODBC connections not getting closed.
(NattyNarwhal)
- SimpleXML:
. Fixed bug #52751 (XPath processing-instruction() function is not
supported). (nielsdos)
- SPL:
. Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
(nielsdos)
- SQLite3:
. Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with
a callable array). (nielsdos, arnaud-lb)
|
| 2023-09-02 16:49:39 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
lang/php81: update to 8.1.23
31 Aug 2023, PHP 8.1.23
- CLI:
. Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with
ZEND_RC_DEBUG=1). (nielsdos)
. Fixed bug GH-10964 (Improve man page about the built-in server).
(Alexandre Daubois)
- Core:
. Fixed strerror_r detection at configuration time. (Kévin Dunglas)
- Date:
. Fixed bug GH-11416: Crash with DatePeriod when uninitialised objects
are passed in. (Derick)
- DOM:
. Fix DOMEntity field getter bugs. (nielsdos)
. Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
(nielsdos)
. Fix DOMCharacterData::replaceWith() with itself. (nielsdos)
. Fix empty argument cases for DOMParentNode methods. (nielsdos)
. Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
(nielsdos)
. Fix json_encode result on DOMDocument. (nielsdos)
. Fix manually calling __construct() on DOM classes. (nielsdos)
. Fixed bug GH-11830 (ParentNode methods should perform their checks
upfront). (nielsdos)
. Fix segfault when DOMParentNode::prepend() is called when the child
disappears. (nielsdos)
- FFI:
. Fix leaking definitions when using FFI::cdef()->new(...). (ilutov)
- MySQLnd:
. Fixed bug GH-11440 (authentication to a sha256_password account fails over
SSL). (nielsdos)
. Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password
accounts using passwords longer than 19 characters).
(nielsdos, Kamil Tekiela)
. Fixed bug GH-11550 (MySQL Statement has a empty query result when
the response field has changed, also Segmentation fault).
(Yurunsoft)
. Fixed invalid error message "Malformed packet" when connection is \
dropped.
(Kamil Tekiela)
- Opcache:
. Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
opcache_get_status() / phpinfo() is wrong). (nielsdos)
. Avoid adding an unnecessary read-lock when loading script from shm if
restart is in progress. (mikhainin)
- PCNTL:
. Revert behaviour of receiving SIGCHLD signals back to the behaviour
before 8.1.22. (nielsdos)
- SPL:
. Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
(nielsdos)
- Standard:
. Prevent int overflow on $decimals in number_format. (Marc Bennewitz)
. Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix)
(athos-ribeiro)
|
New packages: