Navigation:
Browse pkgsrc
(this page)| 2016-06-28 21:38:32 by Benny Siegert | Files touched by this commit (3) |
Log message:
Pullup ticket #5052 - requested by taca
lang/php70: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.141
- lang/php70/Makefile 1.4
- lang/php70/Makefile.php 1.2
- lang/php70/distinfo 1.14
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jun 24 15:27:57 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php70: Makefile Makefile.php distinfo
Log message:
Update php70 to 7.0.8 (PHP 7.0.8), including security fixes.
pkgsrc change:
* remove confiugre from SUBST_FILES.path.
* Remove --with-regex=3Dsystem and --without-mysql from CONFIGURE_ARGS.=
* Add --without-mysqli to CONFIGURE_ARGS.
23 Jun 2016 PHP 7.0.8
- Core:
. Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashe=
s).
(Esminis at esminis dot lt)
. Fixed bug #72221 (segfault, past-the-end access). (Lauri Kentt=E4)
. Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Sta=
s)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL).=
(Stas)
- FPM:
. Fixed bug #72308 (fastcgi_finish_request and logging environment
variables). (Laruence)
- GD:
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)=
- Intl:
. Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (=
Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- PCRE:
. Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe)
- PDO_pgsql:
. Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
(Laruence)
. Fixed bug #72294 (Segmentation fault/invalid pointer in connection
with pgsql_stmt_dtor). (Anatol)
- Phpdbg:
. Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob)
- Postgres:
. Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (La=
ruence)
. Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (S=
tas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorith=
m and
unserialize). (Dmitry)
- Standard:
. Fixed bug #72017 (range() with float step produces unexpected resul=
t).
(Thomas Punt)
. Fixed bug #72193 (dns_get_record returns array containing elements =
of
type 'unknown'). (Laruence)
. Fixed bug #72229 (Wrong reference when serialize/unserialize an obj=
ect).
(Laruence)
. Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruenc=
e)
- XML:
. Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Jo=
e)
- XMLRPC:
. Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
(Joe, Laruence)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (St=
as)
- Zip:
. Fixed ug #72258 (ZipArchive converts filenames to unrecoverable for=
m).
(Anatol)
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in =
PHP's GC
algorithm and unserialize). (Dmitry)
|
| 2016-06-28 20:59:07 by Benny Siegert | Files touched by this commit (2) |
Log message: Pullup ticket #5042 - requested by joerg lang/php70: build fix Revisions pulled up: - lang/php70/distinfo 1.13 - lang/php70/patches/patch-sapi_cli_Makefile.frag 1.3 --- Module Name: pkgsrc Committed By: joerg Date: Tue Jun 7 19:23:50 UTC 2016 Modified Files: pkgsrc/lang/php70: distinfo pkgsrc/lang/php70/patches: patch-sapi_cli_Makefile.frag Log message: Unbreak unprivileged build. Actually test for executable. |
| 2016-06-04 21:56:37 by Benny Siegert | Files touched by this commit (2) |
Log message:
Pullup ticket #5036 - requested by taca
lang/php70: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.138
- lang/php70/distinfo 1.10-1.12
- lang/php70/patches/patch-sapi_cli_Makefile.frag 1.1-1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 27 13:29:58 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php70: distinfo
Log message:
Update php70 to 7.0.7 (PHP 7.0.7), including security fix.
26 May 2016 PHP 7.0.7
- Core:
. Fixed bug #72162 (use-after-free - error_reporting). (Laruence)
. Add compiler option to disable special case function calls. (Joe)
. Fixed bug #72101 (crash on complex code). (Dmitry)
. Fixed bug #72100 (implode() inserts garbage into resulting string when
joins very big integer). (Mikhail Galanin)
. Fixed bug #72057 (PHP Hangs when using custom error handler and typehint).
(Nikita Nefedov)
. Fixed bug #72038 (Function calls with values to a by-ref parameter don't
always throw a notice). (Bob)
. Fixed bug #71737 (Memory leak in closure with parameter named $this).
(Nikita)
. Fixed bug #72059 (?? is not allowed on constant expressions). (Bob, Marcio)
. Fixed bug #72159 (Imported Class Overrides Local Class Name). (Nikita)
- Curl:
. Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). (Pierrick)
- DBA:
. Fixed bug #72157 (use-after-free caused by dba_open). (Shm, Laruence)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
- Intl:
. Fixed #72241 (get_icu_value_internal out-of-bounds read). (Stas)
- JSON:
. Fixed bug #72069 (Behavior \JsonSerializable different from json_encode).
(Laruence)
- Mbstring:
. Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace). (Laruence)
- OCI8:
. Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight
columns). (Tian Yang)
- Opcache:
. Fixed bug #72014 (Including a file with anonymous classes multiple times
leads to fatal error). (Laruence)
- OpenSSL:
. Fixed bug #72165 (Null pointer dereference - openssl_csr_new). (Anatol)
- PCNTL:
. Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure
overwrite). (Laruence)
- POSIX:
. Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL).
(esminis at esminis dot lt)
- Postgres:
. Fixed bug #72028 (pg_query_params(): NULL converts to empty string).
(Laruence)
. Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype
timestamp). (denver at timothy dot io)
. Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
- Reflection:
. Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call).
(Nikita)
- Session:
. Fixed bug #71972 (Cyclic references causing session_start(): Failed to
decode session object). (Laruence)
- Sockets:
. Added socket_export_stream() function for getting a stream compatible
resource from a socket resource. (Chris Wright, Bob)
- SPL:
. Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as
expected). (Laruence)
- SQLite3:
. Fixed bug #68849 (bindValue is not using the right data type). (Anatol)
- Standard:
. Fixed bug #72075 (Referencing socket resources breaks stream_select).
(Laruence)
. Fixed bug #72031 (array_column() against an array of objects discards all
values matching null). (Nikita)
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat May 28 08:02:26 UTC 2016
Modified Files:
pkgsrc/lang/php70: distinfo
Added Files:
pkgsrc/lang/php70/patches: patch-sapi_cli_Makefile.frag
Log message:
Mark php binary with paxctl +m because of JIT code.
Needed on NetBSD-current with PaX MPROTECT.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat May 28 08:13:15 UTC 2016
Modified Files:
pkgsrc/lang/php70: distinfo
pkgsrc/lang/php70/patches: patch-sapi_cli_Makefile.frag
Log message:
Add upstream bug report URL.
|
| 2016-05-08 16:27:23 by Benny Siegert | Files touched by this commit (4) |
Log message:
Pullup ticket #4974 - requested by taca
lang/php70: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.135
- lang/php70/distinfo 1.9
- lang/php70/patches/patch-configure 1.3
- lang/php70/patches/patch-ext_opcache_config.m4 deleted
- lang/php70/patches/patch-ext_standard_php__dns.h 1.2
---
Module Name: pkgsrc
Committed By: taca
Date: Mon May 2 13:09:49 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php70: distinfo
pkgsrc/lang/php70/patches: patch-configure
patch-ext_standard_php__dns.h
Removed Files:
pkgsrc/lang/php70/patches: patch-ext_opcache_config.m4
Log message:
Update php70 to 7.0.6.
pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
pkgsrc-users@.
28 Apr 2016 PHP 7.0.6
- Core:
. Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1'
failed). (Laruence)
. Fixed bug #71922 (Crash on assert(new class{})). (Nikita)
. Fixed bug #71914 (Reference is lost in "switch"). (Laruence)
. Fixed bug #71871 (Interfaces allow final and abstract functions). (Nikita)
. Fixed Bug #71859 (zend_objects_store_call_destructors operates on realloced
memory, crashing). (Laruence)
. Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)
. Fixed bug #71750 (Multiple Heap Overflows in php_raw_url_encode/
php_url_encode). (Stas)
. Fixed bug #71731 (Null coalescing operator and ArrayAccess). (Nikita)
. Fixed bug #71609 (Segmentation fault on ZTS with gethostbyname). (krakjoe)
. Fixed bug #71428 (inheritance and allow_null). (krakjoe)
. Fixed bug #71414 (Inheritance, traits and interfaces). (krakjoe)
. Fixed bug #71359 (Null coalescing operator and magic). (krakjoe)
. Fixed bug #71334 (Cannot access array keys while uksort()). (Nikita)
. Fixed bug #69659 (ArrayAccess, isset() and the offsetExists method).
(Nikita)
. Fixed bug #69537 (__debugInfo with empty string for key gives error).
(krakjoe)
. Fixed bug #62059 (ArrayObject and isset are not friends). (Nikita)
. Fixed bug #71980 (Decorated/Nested Generator is Uncloseable in Finally).
(Nikita)
- BCmath:
. Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
_one_ definition). (Stas)
- Curl:
. Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
(Michael Sierks)
- Date:
. Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)
- EXIF:
. Fixed bug #72094 (Out of bounds heap read access in exif header \
processing). (Stas)
- GD:
. Fixed bug #71912 (libgd: signedness vulnerability). (Stas)
- Intl:
. Fixed bug #71516 (IntlDateFormatter looses locale if pattern is set via
constructor). (Anatol)
. Fixed bug #70455 (Missing constant: IntlChar::NO_NUMERIC_VALUE). (Anatol)
. Fixed bug #70451, #70452 (Inconsistencies in return values of IntlChar
methods). (Daniel Persson)
. Fixed bug #68893 (Stackoverflow in datefmt_create). (Anatol)
. Fixed bug #66289 (Locale::lookup incorrectly returns en or en_US if locale
is empty). (Anatol)
. Fixed bug #70484 (selectordinal doesn't work with named parameters).
(Anatol)
. Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
offset). (Stas)
- ODBC:
. Fixed bug #63171 (Script hangs after max_execution_time). (Remi)
- Opcache:
. Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
(Laruence)
- PDO:
. Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
(Daniel kalaspuffar, Julien)
. Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
- PDO_DBlib:
. Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte).
(Adam Baratz)
. Add DBLIB-specific attributes for controlling timeouts. (Adam Baratz)
- PDO_pgsql:
. Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used).
(Joseph Bylund)
- Postgres:
. Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol)
. Fixed bug #71998 (Function pg_insert does not insert when column
type = inet). (Anatol)
- SOAP:
. Fixed bug #71986 (Nested foreach assign-by-reference creates broken
variables). (Laruence)
- SPL:
. Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't
access properties in PHP). (Nikita)
. Fixed bug #71735 (Double-free in SplDoublyLinkedList::offsetSet). (Stas)
. Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
offsetExists()). (Nikita)
. Fixed bug #52339 (SPL autoloader breaks class_exists()). (Nikita)
- Standard:
. Fixed bug #71995 (Returning the same var twice from __sleep() produces
broken serialized data). (Laruence)
. Fixed bug #71940 (Unserialize crushes on restore object reference).
(Laruence)
. Fixed bug #71969 (str_replace returns an incorrect resulting array after
a foreach by reference). (Laruence)
. Fixed bug #71891 (header_register_callback() and
register_shutdown_function()). (Laruence)
. Fixed bug #71884 (Null pointer deref (segfault) in
stream_context_get_default). (Laruence)
. Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
. Fixed bug #71837 (Wrong arrays behaviour). (Laruence)
. Fixed bug #71827 (substr_replace bug, string length). (krakjoe)
. Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
_REENTRANT is not defined). (Nikita)
. Fixed bug #72116 (array_fill optimization breaks implementation). (Bob)
- XML:
. Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)
- Zip:
. Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). (Stas)
|
New packages: