pkgsrc.se | The NetBSD package collection

./lang/php81, PHP Hypertext Preprocessor version 8.1

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 8.1.31, Package name: php-8.1.31, Maintainer: pkgsrc-users

PHP is a widely-used open source general-purpose scripting language
that is especially suited for web development and can be embedded
into HTML. It is modular, and object-oriented. Much of its syntax
is borrowed from C, Java and Perl with a couple of unique PHP-specific
features thrown in. The language is designed to allow web developers
to write dynamically generated pages quickly.

PHP 8.1 comes with numerous improvements and new features such as

* Enumerations
* Readonly properties
* Fibers
* Pure Intersection Types
* never return type
* First-class Callable Syntax
* "final" modifier for class constants
* New fsync and fdatasync functions
* New array_is_list function
* Explicit Octal numeral notation
* And much much more...

Package options: inet6, readline, ssl

Master sites:

https://www.php.net/distributions/ (Download)

Filesize: 11637.387 KB

Version history: (Expand)

(2024-11-25) Updated to version: php-8.1.31
(2024-11-15) Updated to version: php-8.1.30nb3
(2024-11-01) Updated to version: php-8.1.30nb2
(2024-11-01) Updated to version: php-8.1.30nb1
(2024-09-28) Updated to version: php-8.1.30
(2024-06-07) Updated to version: php-8.1.29

CVS history: (Expand)

2024-11-25 15:39:26 by Takahiro Kambe | Files touched by this commit (2) | Package updated

Log message:
lang/php81: update to 8.1.31

PHP 8.1.31 (2024-11-21)

- CLI:
  . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
    Processing in CLI SAPI Interface). (nielsdos)

- LDAP:
  . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
    (nielsdos)

- MySQLnd:
  . Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through
    heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka)

- PDO DBLIB:
  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
    OOB writes). (CVE-2024-11236) (nielsdos)

- PDO Firebird:
  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
    causing OOB writes). (CVE-2024-11236) (nielsdos)

- Streams:
  . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
    might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
  . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
    convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)

2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429)

Log message:
*: recursive bump for icu 76 shlib major version bump

2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426)

Log message:
*: revbump for icu downgrade

2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427)

Log message:
*: recursive bump for icu 76.1 shlib bump

2024-09-28 17:08:01 by Takahiro Kambe | Files touched by this commit (1) | Package updated

Log message:
lang/php81: update to 8.1.30

PHP 8.1.30 (2024-09-26)

- CGI:
  . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
    Vulnerability). (CVE-2024-8926) (nielsdos)
  . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
    bypassable due to the environment variable collision). (CVE-2024-8927)
    (nielsdos)

- FPM:
  . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
    (CVE-2024-9026) (Jakub Zelenka)

- SAPI:
  . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
    (CVE-2024-8925) (Arnaud)

06 Jun 2024, PHP 8.1.29

- CGI:
  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
    in PHP-CGI). (CVE-2024-4577) (nielsdos)

- Filter:
  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
    (CVE-2024-5458) (nielsdos)

- OpenSSL:
  . The openssl_private_decrypt function in PHP, when using PKCS1 padding
    (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
    unless it is used with an OpenSSL version that includes the changes from \ 
this pull
    request: https://github.com/openssl/openssl/pull/13817 \ 
(rsa_pkcs1_implicit_rejection).
    These changes are part of OpenSSL 3.2 and have also been backported to stable
    versions of various Linux distributions, as well as to the PHP builds \ 
provided for
    Windows since the previous release. All distributors and builders should \ 
ensure that
    this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)

- Standard:
  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
    (CVE-2024-5585) (nielsdos)

2024-06-11 15:14:01 by Jonathan Perkin | Files touched by this commit (3)

Log message:
php8*: Run autoconf under CONFIGURE_ENV.

Without this, depending on the user's LANG, the configure stage can break due
to the --disable-pdo option being parsed after the checks for individual PDO
modules, which then fail.  Something in the maze of m4 includes is dependent on
the locale for correct ordering when generating configure.

2024-06-08 01:11:41 by Takahiro Kambe | Files touched by this commit (8)

Log message:
Fix build problem of www/ap-php and www/php-fpm.

Switch these packages to use autoconf, too.

2024-06-07 15:54:25 by Takahiro Kambe | Files touched by this commit (5) | Package updated

Log message:
lang/php81: update to 8.1.29

pkgsrc change:

Instead of patch configure, patch m4 files and use autoconf to generate
configure.

PHP 8.1.29 (2024-06-06)

- CGI:
  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
    in PHP-CGI). (CVE-2024-4577) (nielsdos)

- Filter:
  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
    (CVE-2024-5458) (nielsdos)

- OpenSSL:
  . The openssl_private_decrypt function in PHP, when using PKCS1 padding
    (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
    unless it is used with an OpenSSL version that includes the changes from \ 
this pull
    request: https://github.com/openssl/openssl/pull/13817 \ 
(rsa_pkcs1_implicit_rejection).
    These changes are part of OpenSSL 3.2 and have also been backported to stable
    versions of various Linux distributions, as well as to the PHP builds \ 
provided for
    Windows since the previous release. All distributors and builders should \ 
ensure that
    this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)

- Standard:
  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
    (CVE-2024-5585) (nielsdos)