Path to this page:
Subject: CVS commit: [pkgsrc-2014Q4] pkgsrc/lang
From: Matthias Scheler
Date: 2015-03-03 21:58:46
Message id: 20150303205846.299E998@cvs.netbsd.org
Log Message:
Pullup ticket #4632 - requested by taca
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.87
- lang/php55/Makefile 1.19
- lang/php55/PLIST 1.5
- lang/php55/distinfo 1.35
- lang/php55/patches/patch-ext_date_php_date.c deleted
- lang/php55/patches/patch-ext_date_tests_bug68942.phpt deleted
- lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 19 13:35:24 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile PLIST distinfo
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942.phpt
patch-ext_date_tests_bug68942_2.phpt
Log Message:
Update php55 to 5.5.22 (PHP 5.5.22).
19 Feb 2015, PHP 5.5.22
- Core:
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 â GHOST: glibc \
gethostbyname
buffer overflow). (Stas)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
- Date:
. Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- Libxml:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- OpenSSL:
. Fixed bug #55618 (use case-insensitive cert name matching).
(Daniel Lowrey)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198@aol.com)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
Files: