Next | Query returned 70 messages, browsing 31 to 40 | Previous

History of commit frequency

CVS Commit History:


   2015-01-17 15:56:50 by Benny Siegert | Files touched by this commit (1)
Log message:
Apply the necessary flags to sqlite so that php55 builds correctly on Darwin
prior to v9. From Sevan Janiyan in PR pkg/49527.
   2014-12-19 17:10:39 by Takahiro Kambe | Files touched by this commit (2)
Log message:
Update php55 to 5.5.20, including security fix.

17 Dec 2014, PHP 5.5.20

- Core:
  . Fixed bug #68091 (Some Zend headers lack appropriate extern "C" \ 
blocks).
    (Adam)
  . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly
    triggered). (Julien)
  . Fixed bug #68370 ("unset($this)" can make the program crash). \ 
(Laruence)
  . Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)
  . Fixed bug #68594 (Use after free vulnerability in unserialize()).
    (CVE-2014-8142) (Stefan Esser)

- Date:
  . Fixed day_of_week function as it could sometimes return negative values
    internally. (Derick)

- FPM:
  . Fixed bug #68381 (fpm_unix_init_main ignores log_level).
    (David Zuelke, Remi)
  . Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all
    addresses). (Remi)
  . Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
  . Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
  . Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
  . Fixed bug #68452 (php-fpm man page is oudated). (Remi)
  . Fixed request #68458 (Change pm.start_servers default warning to
    notice). (David Zuelke, Remi)
  . Fixed bug #68463 (listen.allowed_clients can silently result
    in no allowed access). (Remi)
  . Fixed request #68391 (php-fpm conf files loading order).
    (Florian Margaine, Remi)
  . Fixed bug #68478 (access.log don't use prefix). (Remi)

- Mcrypt:
  . Fixed possible read after end of buffer and use after free. (Dmitry)

- PDO_pgsql:
  . Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
  . Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception
  when not in transaction) (Matteo)
  . Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving)
  (Matteo)

- zlib:
  . Fixed bug #53829 (Compiling PHP with large file support will replace
    function gzopen by gzopen64) (Sascha Kettler, Matteo)
   2014-11-15 15:53:12 by Takahiro Kambe | Files touched by this commit (2)
Log message:
Update php55 to 5.5.19.

13 Nov 2014, PHP 5.5.19

- Core:
  . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in
    php_getopt()). (Stas)
  . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita)
  . Fixed bug #68129 (parse_url() - incomplete support for empty usernames
    and passwords) (Tjerk)
    Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in
    zend_hash_copy). (Dmitry)

- Fileinfo:
  . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
  . Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
    (CVE-2014-3710) (Remi)

- FPM:
  . Implemented FR #55508 (listen and listen.allowed_clients should take IPv6
    addresses). (Robin Gloster)

- GD:
  . Fixed bug #65171 (imagescale() fails without height param). (Remi)

- GMP:
  . Fixed bug #63595 (GMP memory management conflicts with other libraries
    using GMP). (Remi)

- Mysqli:
  . Fixed bug #68114 (linker error on some OS X machines with fixed width
    decimal support) (Keyur Govande)

- ODBC:
  . Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by
    a VARCHAR column) (Keyur Govande)

- SPL:
  . Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)

- CURL:
  . Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
    CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
   2014-10-18 16:27:30 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Update php55 to 5.5.18.

16 Oct 2014, PHP 5.5.18

- Core:
  . Fixed bug #67985 (Incorrect last used array index copied to new array after
    unset). (Tjerk)
  . Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported
    as 6.2 (instead of 6.3)). (Christian Wenz)
  . Fixed bug #67633 (A foreach on an array returned from a function not doing
    copy-on-write). (Nikita)
  . Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol)
  . Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
    (CVE-2014-3669) (Stas)

- cURL:
  . Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)

- EXIF:
  . Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
    (Stas)

- FPM:
  . Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable
    when using Apache, mod_proxy-fcgi and ProxyPass). (Remi)

- OpenSSL:
  . Revert regression introduced by fix of bug #41631

- Reflection:
  . Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi)

- Session:
  . Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)

- XMLRPC:
  . Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
    (CVE-2014-3668) (Stas)
   2014-09-30 10:14:25 by Takahiro Kambe | Files touched by this commit (1)
Log message:
Update php55 to 5.5.17, approved by wiz@.

18 Sep 2014, PHP 5.5.17

- Core:
  . Fixed bug #47358 (glob returns error, should be empty array()). (Pierre)
  . Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
  . Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
  . Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)

- COM:
  . Fixed bug #41577 (DOTNET is successful once per server run)
    (Aidas Kasparas)

- FPM:
  . Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke)

- OpenSSL:
  . Fixed bug #41631 (socket timeouts not honored in blocking SSL reads).
    (Daniel Lowrey)
  . Fixed bug #67850 (extension won't build if openssl compiled without SSLv3)
    (Daniel Lowrey)

- SPL:
  . Fixed bug #67813 (CachingIterator::__construct InvalidArgumentException
    wrong message). (tim_siebels_aurich at yahoo dot de)

- Date:
  . Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk)
  . Fixed bug #66985 (Some timezones are no longer valid in PHP 5.5.10).
    (Derick)
  . Fixed bug #67109 (First uppercase letter breaks date string parsing).
    (Derick)

- GD
  . Made fontFetch's path parser thread-safe. (Sara).

- MySQLi:
  . Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)

- Zlib:
  . Fixed bug #67724 (chained zlib filters silently fail with large amounts of
    data). (Mike)
  . Fixed bug #67865 (internal corruption phar error). Mike
   2014-08-23 18:09:21 by Takahiro Kambe | Files touched by this commit (2)
Log message:
Update php55 to 5.5.16 (PHP 5.5.16).

21 Aug 2014, PHP 5.5.16

- COM:
  . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).

- Fileinfo:
  . Fixed bug #67705 (extensive backtracking in rule regular expression).
    (CVE-2014-3538) (Remi)
  . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)

- FPM:
  . Fixed bug #67635 (php links to systemd libraries without using pkg-config).
    (pacho@gentoo.org, Remi)

- GD:
  . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
    (CVE-2014-2497) (Remi)
  . Fixed bug #67730 (Null byte injection possible with imagexxx functions).
    (CVE-2014-5120) (Ryan Mauger)

- Milter:
  . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)

- OpenSSL:
  . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).

- readline:
  . Fixed bug #55496 (Interactive mode doesn't force a newline before the
    prompt). (Bob, Johannes)
  . Fixed bug #67496 (Save command history when exiting interactive shell
    with control-c). (Dmitry Saprykin, Johannes)

- Sessions:
  . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).

- Core:
  . Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
  . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)

- ODBC:
  . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
    char fields). (Keyur)
   2014-07-26 02:11:55 by Takahiro Kambe | Files touched by this commit (7)
Log message:
Update php55 to 5.5.15.

24 Jul 2014, PHP 5.5.15

- Core:
  . Fixed bug #67428 (header('Location: foo') will override a 308-399 response
    code). (Adam)
  . Fixed bug #67436 (Autoloader isn't called if two method definitions don't
    match). (Bob)
  . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
    (Ferenc)
  . Fixed bug #67497 (eval with parse error causes segmentation fault in
    generator). (Nikita)
  . Fixed bug #67151 (strtr with empty array crashes). (Nikita)
  . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
    2012). (Christian Wenz)

- CLI server:
  . Implemented FR #67429 (CLI server is missing some new HTTP response codes).
    (Adam)
  . Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
    (Adam)

- FPM:
  . Fixed bug #67530 (error_log=syslog ignored). (Remi)
  . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)

- Intl:
  . Fixed bug #66921 (Wrong argument type hint for function
    intltz_from_date_time_zone). (Stas)
  . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
    (Stas)

- OPCache:
  . Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
    happen) (Dmitry, Laruence)

- pgsql:
  . Fixed bug #67550 (Error in code "form" instead of \ 
"from", pgsql.c, line 756),
    which affected builds against libpq < 7.3. (Adam)

- Phar:
  . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)

- SPL:
  . Fixed bug #67539 (ArrayIterator use-after-free due to object change during
    sorting). (research at insighti dot org, Laruence)
  . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)

- Streams:
  . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
   2014-07-13 17:23:42 by Takahiro Kambe | Files touched by this commit (4)
Log message:
Add fix for CVE-2014-4698 and CVE-2014-4670.

Bump PKGREVISION.
   2014-06-27 13:34:19 by Takahiro Kambe | Files touched by this commit (2)
Log message:
Update php55 to 5.5.14 which includes several security fixes.

26 Jun 2014, PHP 5.5.14

- Core:
  . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
  . Fixed bug #66622 (Closures do not correctly capture the late bound class
    (static::) in some cases). (Levi Morrison)
  . Fixed bug #67390 (insecure temporary file use in the configure script).
    (CVE-2014-3981) (Remi)
  . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
  . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
    (Stefan Esser)

- CLI server:
  . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

- Date:
  . Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
    (Adam)
  . Fixed regression in fix for bug #67118 (constructor can't be called twice).
    (Remi)

- Fileinfo:
  . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
    (CVE-2014-0207)
  . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
    string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
    check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
    (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
    check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

- Intl:
  . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
  . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
    uloc_getDisplayName (libicu 4.8.1)). (Stas)

- Network:
  . Fixed bug #67432 (Fix potential segfault in dns_get_record()).
    (CVE-2014-4049). (Sara)

- OPCache:
  . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)

- OpenSSL:
  . Fixed bug #65698 (certificates validity parsing does not work past 2050).
    (Paul Oehler)
  . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
    (Paul Oehler)

- PDO-ODBC:
  . Fixed bug #50444 (PDO-ODBC changes for 64-bit).

- SOAP:
  . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)

- SPL:
  . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
  . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
  . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
  . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
    Confusion). (CVE-2014-3515) (Stefan Esser)

  . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- DOM:
  . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
    not only the subset). (Anatol)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
    performance degradation) (CVE-2014-0237).

- FPM:
  . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
    (Julio Pintos)

- GD:
  . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)

- PCRE:
  . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
    from the upstream). (Anatol)

- Phar:
  . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
    in its name). (PR #588)
   2014-06-13 16:31:19 by Filip Hajny | Files touched by this commit (5)
Log message:
Remove detection of a threaded Apache MPM at configure time.
Fixes the problem where thread safety was not consistent in
the php, ap-php and php-* extension packages, and makes ap-php
adhere to the maintainer-zts option. Bump PKGREVISION.

Next | Query returned 70 messages, browsing 31 to 40 | Previous