![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / lang / php55
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.28, Sun Sep 11 17:00:31 2016 UTC (7 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: HEAD
Changes since 1.27: +1 -1
lines
FILE REMOVED
Remove php55 pacakge from pkgsrc since it is EOL on 21 Jul 2016.
Revision 1.26.2.1 / (download) - annotate - [select for diffs], Tue Jun 28 19:35:57 2016 UTC (7 years, 5 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored) next main 1.27 (colored)
Pullup ticket #5050 - requested by taca
lang/php55: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.139
- lang/php55/Makefile 1.27
- lang/php55/distinfo 1.54
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jun 24 15:23:00 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile distinfo
Log Message:
Update php55 to 5.5.37 (PHP 5.5.37), including security fixes.
pkgsrc change: remove confiugre from SUBST_FILES.path.
23 Jun 2016, PHP 5.5.37
- Core:
. Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- GD:
. Fixed bug #66387 (Stack overflow with imagefilltoborder) (CVE-2015-8874).
(cmb)
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow). (Pierre)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- zip:
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
Revision 1.27 / (download) - annotate - [select for diffs], Fri Jun 24 15:23:00 2016 UTC (7 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored)
Update php55 to 5.5.37 (PHP 5.5.37), including security fixes.
pkgsrc change: remove confiugre from SUBST_FILES.path.
23 Jun 2016, PHP 5.5.37
- Core:
. Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- GD:
. Fixed bug #66387 (Stack overflow with imagefilltoborder) (CVE-2015-8874).
(cmb)
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow). (Pierre)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- zip:
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
Revision 1.26 / (download) - annotate - [select for diffs], Sat Apr 2 08:59:24 2016 UTC (7 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.25: +1 -2
lines
Diff to previous 1.25 (colored)
Update php55 to 5.5.34, including security fix.
Add add an patch to fix memory leak noted from Zafer Aydo¾»įn via
private mail.
31 Mar 2016, PHP 5.5.34
- Fileinfo:
. Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic
file). (Anatol)
- Mbstring:
. Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
mbfl_strcut). (Stas)
- OBBC
. Fixed bug #71860 (Invalid memory write in phar on filename with \0 in
name). (Stas)
- SNMP:
. Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
(andrew at jmpesp dot org)
- Standard
. Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen at icloud dot com, Stas)
Revision 1.25 / (download) - annotate - [select for diffs], Sat Mar 5 11:28:43 2016 UTC (7 years, 9 months ago) by jperkin
Branch: MAIN
Changes since 1.24: +2 -1
lines
Diff to previous 1.24 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.24 / (download) - annotate - [select for diffs], Tue Oct 27 09:08:20 2015 UTC (8 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4
Changes since 1.23: +7 -1
lines
Diff to previous 1.23 (colored)
Pass --disable-libgcc when using SunOS/clang, clang doesn't support the test and will handle libgcc itself as appropriate.
Revision 1.23 / (download) - annotate - [select for diffs], Mon Sep 7 12:02:05 2015 UTC (8 years, 3 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base,
pkgsrc-2015Q3
Changes since 1.22: +1 -7
lines
Diff to previous 1.22 (colored)
Now that _STRIPFLAG_INSTALL is disabled by default on Darwin, remove manual settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.
Revision 1.21.2.1 / (download) - annotate - [select for diffs], Tue Jul 14 22:11:16 2015 UTC (8 years, 4 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.21: +1 -2
lines
Diff to previous 1.21 (colored) next main 1.22 (colored)
Pullup ticket #4773 - requested by taca
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.104
- lang/php55/Makefile 1.22
- lang/php55/distinfo 1.43
- lang/php55/patches/patch-ext_spl_spl__heap.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 11 00:30:11 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile distinfo
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_spl_spl__heap.c
Log Message:
Update php55 to 5.5.27.
09 Jul 2015, PHP 5.5.27
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
(Andrey)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (Stas)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
Revision 1.22 / (download) - annotate - [select for diffs], Sat Jul 11 00:30:11 2015 UTC (8 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.21: +1 -2
lines
Diff to previous 1.21 (colored)
Update php55 to 5.5.27.
09 Jul 2015, PHP 5.5.27
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
(Andrey)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (Stas)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
Revision 1.21 / (download) - annotate - [select for diffs], Sun Jun 28 15:34:50 2015 UTC (8 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Changes since 1.20: +2 -1
lines
Diff to previous 1.20 (colored)
Add fix to https://bugs.php.net/bug.php?id=69737. Bump PKGREVISION.
Revision 1.20 / (download) - annotate - [select for diffs], Mon Mar 16 00:26:31 2015 UTC (8 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Fix problem by PHP_BASE_VERS related changes.
Revision 1.16.4.2 / (download) - annotate - [select for diffs], Tue Mar 3 20:58:45 2015 UTC (8 years, 9 months ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.16.4.1: +0 -1
lines
Diff to previous 1.16.4.1 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Pullup ticket #4632 - requested by taca
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.87
- lang/php55/Makefile 1.19
- lang/php55/PLIST 1.5
- lang/php55/distinfo 1.35
- lang/php55/patches/patch-ext_date_php_date.c deleted
- lang/php55/patches/patch-ext_date_tests_bug68942.phpt deleted
- lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Feb 19 13:35:24 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile PLIST distinfo
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942.phpt
patch-ext_date_tests_bug68942_2.phpt
Log Message:
Update php55 to 5.5.22 (PHP 5.5.22).
19 Feb 2015, PHP 5.5.22
- Core:
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 ćąGHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
- Date:
. Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- Libxml:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- OpenSSL:
. Fixed bug #55618 (use case-insensitive cert name matching).
(Daniel Lowrey)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198@aol.com)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
Revision 1.19 / (download) - annotate - [select for diffs], Thu Feb 19 13:35:24 2015 UTC (8 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.18: +1 -2
lines
Diff to previous 1.18 (colored)
Update php55 to 5.5.22 (PHP 5.5.22).
19 Feb 2015, PHP 5.5.22
- Core:
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
- Date:
. Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- Libxml:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- OpenSSL:
. Fixed bug #55618 (use case-insensitive cert name matching).
(Daniel Lowrey)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198@aol.com)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
Revision 1.16.4.1 / (download) - annotate - [select for diffs], Wed Feb 18 18:54:20 2015 UTC (8 years, 9 months ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.16: +2 -1
lines
Diff to previous 1.16 (colored)
Pullup ticket #4617 - requested by sevan
lang/php55: security patch
Revisions pulled up:
- lang/php55/Makefile 1.18
- lang/php55/distinfo 1.34
- lang/php55/patches/patch-ext_date_php_date.c 1.1
- lang/php55/patches/patch-ext_date_tests_bug68942.phpt 1.1
- lang/php55/patches/patch-ext_date_tests_bug68942_2.phpt 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Wed Feb 18 11:14:16 UTC 2015
Modified Files:
pkgsrc/lang/php55: Makefile distinfo
Added Files:
pkgsrc/lang/php55/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942.phpt
patch-ext_date_tests_bug68942_2.phpt
Log Message:
Fix CVE-2015-0273 php: #68942 Use after free vulnerability in
unserialize() with DateTimeZone
Reviewed by wiz@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Feb 18 11:14:15 2015 UTC (8 years, 9 months ago) by sevan
Branch: MAIN
Changes since 1.17: +2 -1
lines
Diff to previous 1.17 (colored)
Fix CVE-2015-0273 php: #68942 Use after free vulnerability in unserialize() with DateTimeZone Reviewed by wiz@
Revision 1.17 / (download) - annotate - [select for diffs], Sat Jan 17 14:56:50 2015 UTC (8 years, 10 months ago) by bsiegert
Branch: MAIN
Changes since 1.16: +8 -1
lines
Diff to previous 1.16 (colored)
Apply the necessary flags to sqlite so that php55 builds correctly on Darwin prior to v9. From Sevan Janiyan in PR pkg/49527.
Revision 1.14.2.2 / (download) - annotate - [select for diffs], Mon Aug 25 16:14:59 2014 UTC (9 years, 3 months ago) by tron
Branch: pkgsrc-2014Q2
Changes since 1.14.2.1: +0 -1
lines
Diff to previous 1.14.2.1 (colored) to branchpoint 1.14 (colored) next main 1.15 (colored)
Pullup ticket #4487 - requested by tron
lang/php55: security update
Revisions pulled up:
- lang/php/phpversion.mk patch
- lang/php55/Makefile 1.16
- lang/php55/distinfo 1.27-1.28
- lang/php55/patches/patch-aclocal.m4 1.2
- lang/php55/patches/patch-build_libtool.m4 1.2
- lang/php55/patches/patch-configure 1.8
- lang/php55/patches/patch-ext_gd_libgd_gdxpm.c deleted
- lang/php55/patches/patch-ext_spl_spl__array.c deleted
- lang/php55/patches/patch-ext_spl_spl__dllist.c deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Jul 26 00:11:55 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile distinfo
pkgsrc/lang/php55/patches: patch-aclocal.m4 patch-build_libtool.m4
patch-configure
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_spl_spl__array.c
patch-ext_spl_spl__dllist.c
Log Message:
Update php55 to 5.5.15.
24 Jul 2014, PHP 5.5.15
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67497 (eval with parse error causes segmentation fault in
generator). (Nikita)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #66921 (Wrong argument type hint for function
intltz_from_date_time_zone). (Stas)
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- OPCache:
. Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
happen) (Dmitry, Laruence)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 23 16:09:21 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: distinfo
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c
Log Message:
Update php55 to 5.5.16 (PHP 5.5.16).
21 Aug 2014, PHP 5.5.16
- COM:
. Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
- Fileinfo:
. Fixed bug #67705 (extensive backtracking in rule regular expression).
(CVE-2014-3538) (Remi)
. Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi)
- FPM:
. Fixed bug #67635 (php links to systemd libraries without using pkg-config).
(pacho@gentoo.org, Remi)
- GD:
. Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
(CVE-2014-2497) (Remi)
. Fixed bug #67730 (Null byte injection possible with imagexxx functions).
(CVE-2014-5120) (Ryan Mauger)
- Milter:
. Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
- OpenSSL:
. Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
- readline:
. Fixed bug #55496 (Interactive mode doesn't force a newline before the
prompt). (Bob, Johannes)
. Fixed bug #67496 (Save command history when exiting interactive shell
with control-c). (Dmitry Saprykin, Johannes)
- Sessions:
. Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
- Core:
. Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
. Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi)
- ODBC:
. Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte
char fields). (Keyur)
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jul 26 00:11:55 2014 UTC (9 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3
Branch point for: pkgsrc-2014Q4
Changes since 1.15: +1 -2
lines
Diff to previous 1.15 (colored)
Update php55 to 5.5.15.
24 Jul 2014, PHP 5.5.15
- Core:
. Fixed bug #67428 (header('Location: foo') will override a 308-399 response
code). (Adam)
. Fixed bug #67436 (Autoloader isn't called if two method definitions don't
match). (Bob)
. Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
(Ferenc)
. Fixed bug #67497 (eval with parse error causes segmentation fault in
generator). (Nikita)
. Fixed bug #67151 (strtr with empty array crashes). (Nikita)
. Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server
2012). (Christian Wenz)
- CLI server:
. Implemented FR #67429 (CLI server is missing some new HTTP response codes).
(Adam)
. Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
(Adam)
- FPM:
. Fixed bug #67530 (error_log=syslog ignored). (Remi)
. Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
- Intl:
. Fixed bug #66921 (Wrong argument type hint for function
intltz_from_date_time_zone). (Stas)
. Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
(Stas)
- OPCache:
. Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault
happen) (Dmitry, Laruence)
- pgsql:
. Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756),
which affected builds against libpq < 7.3. (Adam)
- Phar:
. Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
- SPL:
. Fixed bug #67539 (ArrayIterator use-after-free due to object change during
sorting). (research at insighti dot org, Laruence)
. Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
- Streams:
. Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
Revision 1.14.2.1 / (download) - annotate - [select for diffs], Thu Jul 17 18:03:59 2014 UTC (9 years, 4 months ago) by tron
Branch: pkgsrc-2014Q2
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
Pullup ticket #4453 - requested by taca lang/php55: security patch Revisions pulled up: - lang/php55/Makefile 1.15 - lang/php55/distinfo 1.26 - lang/php55/patches/patch-ext_spl_spl__array.c 1.1 - lang/php55/patches/patch-ext_spl_spl__dllist.c 1.1 --- Module Name: pkgsrc Committed By: taca Date: Sun Jul 13 15:23:42 UTC 2014 Modified Files: pkgsrc/lang/php55: Makefile distinfo Added Files: pkgsrc/lang/php55/patches: patch-ext_spl_spl__array.c patch-ext_spl_spl__dllist.c Log Message: Add fix for CVE-2014-4698 and CVE-2014-4670. Bump PKGREVISION.
Revision 1.15 / (download) - annotate - [select for diffs], Sun Jul 13 15:23:42 2014 UTC (9 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
Add fix for CVE-2014-4698 and CVE-2014-4670. Bump PKGREVISION.
Revision 1.14 / (download) - annotate - [select for diffs], Fri Jun 27 11:34:19 2014 UTC (9 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base
Branch point for: pkgsrc-2014Q2
Changes since 1.13: +1 -2
lines
Diff to previous 1.13 (colored)
Update php55 to 5.5.14 which includes several security fixes.
26 Jun 2014, PHP 5.5.14
- Core:
. Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
. Fixed bug #66622 (Closures do not correctly capture the late bound class
(static::) in some cases). (Levi Morrison)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(CVE-2014-3981) (Remi)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
(Stefan Esser)
- CLI server:
. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
- Date:
. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
(Adam)
. Fixed regression in fix for bug #67118 (constructor can't be called twice).
(Remi)
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
(CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)
- Intl:
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
uloc_getDisplayName (libicu 4.8.1)). (Stas)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()).
(CVE-2014-4049). (Sara)
- OPCache:
. Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)
- OpenSSL:
. Fixed bug #65698 (certificates validity parsing does not work past 2050).
(Paul Oehler)
. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
(Paul Oehler)
- PDO-ODBC:
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
- SOAP:
. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
- SPL:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion). (CVE-2014-3515) (Stefan Esser)
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation) (CVE-2014-0237).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- GD:
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jun 13 14:13:20 2014 UTC (9 years, 6 months ago) by fhajny
Branch: MAIN
Changes since 1.12: +2 -1
lines
Diff to previous 1.12 (colored)
Add the mysqlnd (MySQL Native Driver) include files. Bump PKGREVISION for this and the previous commit.
Revision 1.11.2.1 / (download) - annotate - [select for diffs], Sun Jun 1 13:20:22 2014 UTC (9 years, 6 months ago) by spz
Branch: pkgsrc-2014Q1
Changes since 1.11: +1 -2
lines
Diff to previous 1.11 (colored) next main 1.12 (colored)
Pullup ticket #4422 - requested by taca
graphics/php-gd: version bump
lang/php: version bump
lang/php53: security update
lang/php54: security update
lang/php55: security update
Revisions pulled up:
- graphics/php-gd/Makefile 1.36
- lang/php/phpversion.mk 1.59-1.62
- lang/php53/distinfo 1.73
- lang/php53/patches/patch-ext_gd_libgd_gdxpm.c 1.1
- lang/php54/Makefile 1.21
- lang/php54/Makefile.php 1.7
- lang/php54/distinfo 1.37-1.39
- lang/php54/patches/patch-configure 1.7
- lang/php54/patches/patch-ext_fileinfo_data__file.c deleted
- lang/php54/patches/patch-ext_gd_libgd_gdxpm.c 1.1
- lang/php54/patches/patch-php.ini-development 1.3
- lang/php54/patches/patch-php.ini-production 1.3
- lang/php55/Makefile 1.12
- lang/php55/distinfo 1.18-1.21
- lang/php55/patches/patch-configure 1.6
- lang/php55/patches/patch-ext_fileinfo_data__file.c deleted
- lang/php55/patches/patch-ext_gd_libgd_gdxpm.c 1.1
- lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c 1.2
- lang/php55/patches/patch-php.ini-development 1.4
- lang/php55/patches/patch-php.ini-production 1.4
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri Apr 4 03:05:00 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: Makefile distinfo
pkgsrc/lang/php55/patches: patch-php.ini-development
patch-php.ini-production
Removed Files:
pkgsrc/lang/php55/patches: patch-ext_fileinfo_data__file.c
Log Message:
Update php55 to 5.5.11.
CVE-2013-7345 is already fixed in 5.5.10nb2.
03 Apr 2014, PHP 5.5.11
- Core:
. Allow zero length comparison in substr_compare() (Tjerk)
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- SPL:
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
- cURL:
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
(Adam)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- Fileinfo:
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- GD:
. Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
. Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
. Fixed bug #66890 (imagescale segfault). (Remi)
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
- Hash:
. hash_pbkdf2() now works correctly if the $length argument is not specified.
(Nikita)
- Intl:
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
encoding) (Stas)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- OPCache
. Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
- GMP
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
- SQLite:
. Updated bundled libsqlite to 3.8.3.1 (Anatol)
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/php55/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/php55/patches/patch-ext_fileinfo_data__file.c
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php55/patches/patch-php.ini-development \
pkgsrc/lang/php55/patches/patch-php.ini-production
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sat Apr 5 03:43:40 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: Makefile Makefile.php distinfo
pkgsrc/lang/php54/patches: patch-php.ini-development
patch-php.ini-production
Removed Files:
pkgsrc/lang/php54/patches: patch-ext_fileinfo_data__file.c
Log Message:
Update php54 to 5.4.27. CVE-2013-7345 is already fixed in 5.4.26nb2.
03 Apr 2014, PHP 5.4.27
- Core:
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- Fileinfo:
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- GMP
. fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php54/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/Makefile.php
cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/php54/distinfo
cvs rdiff -u -r1.1 -r0 \
pkgsrc/lang/php54/patches/patch-ext_fileinfo_data__file.c
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php54/patches/patch-php.ini-development \
pkgsrc/lang/php54/patches/patch-php.ini-production
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Mon Apr 14 10:17:19 UTC 2014
Modified Files:
pkgsrc/lang/php55: distinfo
Added Files:
pkgsrc/lang/php55/patches: patch-ext_sqlite3_libsqlite_sqlite3.c
Log Message:
Don't define _XOPEN_SOURCE on SunOS, it conflicts with the environment
from the PHP build.
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Thu May 1 15:52:33 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php55: distinfo
pkgsrc/lang/php55/patches: patch-configure
patch-ext_sqlite3_libsqlite_sqlite3.c
Log Message:
Update php55 to 5.5.12.
01 May 2014, PHP 5.5.12
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
. Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
- cURL:
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
- Fileinfo:
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- LDAP:
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- mysqli:
. Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
(extra comma) and third parameters (lack of escaping). (Andrey)
- OpenSSL:
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- SQLite:
. Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Apache2 Handler SAPI:
. Fixed Apache log issue caused by APR's lack of support for %zu
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
(Jeff Trawick)
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.19 -r1.20 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/php55/patches/patch-configure
cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri May 2 13:04:12 UTC 2014
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php54: distinfo
pkgsrc/lang/php54/patches: patch-configure
Log Message:
Update php54 to 5.4.28.
01 May 2014, PHP 5.4.28
- Core:
. Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
. Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
UNIX sockets). (Mike)
. Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
(Jann Horn, Stas)
. Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
. Fixed bug #66736 (fpassthru broken). (Mike)
. Fixed bug #67024 (getimagesize should recognize BMP files with negative
height). (Gabor Buella)
- cURL:
. Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
(Freek Lijten)
- Date:
. Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
supplied). (Boro Sitnikovski)
- Embed:
. Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)
- Fileinfo:
. Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
(Remi)
- FPM:
. Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
. Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
default configuration) (CVE-2014-0185). (Stas)
- JSON:
. Fixed bug #66021 (Blank line inside empty array/object when
JSON_PRETTY_PRINT is set). (Kevin Israel)
- LDAP:
. Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
- OpenSSL:
. Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
. Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
- SimpleXML:
. Fixed bug #66084 (simplexml_load_string() mangles empty node name)
(Anatol)
- XSL:
. Fixed bug #53965 (<xsl:include> cannot find files with relative paths
when loaded with "file://"). (Anatol)
- Apache2 Handler SAPI:
. Fixed Apache log issue caused by APR's lack of support for %zu
(APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
(Jeff Trawick)
To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php54/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/patches/patch-configure
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: he
Date: Sun May 11 11:20:48 UTC 2014
Modified Files:
pkgsrc/graphics/php-gd: Makefile
pkgsrc/lang/php53: distinfo
pkgsrc/lang/php54: distinfo
pkgsrc/lang/php55: distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-ext_gd_libgd_gdxpm.c
pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c
pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c
Log Message:
Apply a patch to fix CVE-2014-2497, taken from
https://bugs.php.net/patch-display.php?bug_id=66901
Bump PKGREVISION for php-gd correspondingly.
To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 pkgsrc/graphics/php-gd/Makefile
cvs rdiff -u -r1.72 -r1.73 pkgsrc/lang/php53/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php54/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php55/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_gd_libgd_gdxpm.c
Revision 1.12 / (download) - annotate - [select for diffs], Fri Apr 4 03:04:59 2014 UTC (9 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.11: +1 -2
lines
Diff to previous 1.11 (colored)
Update php55 to 5.5.11.
CVE-2013-7345 is already fixed in 5.5.10nb2.
03 Apr 2014, PHP 5.5.11
- Core:
. Allow zero length comparison in substr_compare() (Tjerk)
. Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
- SPL:
. Added feature #65545 (SplFileObject::fread()) (Tjerk)
- cURL:
. Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
. Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
(Adam)
- FPM:
. Added clear_env configuration directive to disable clearenv() call.
(Github PR# 598, Paul Annesley)
- Fileinfo:
. Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
expression). (CVE-2013-7345) (Remi)
- GD:
. Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
. Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
. Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
. Fixed bug #66890 (imagescale segfault). (Remi)
. Fixed bug #66893 (imagescale ignore method argument). (Remi)
- Hash:
. hash_pbkdf2() now works correctly if the $length argument is not specified.
(Nikita)
- Intl:
. Fixed bug #66873 (A reproductible crash in UConverter when given invalid
encoding) (Stas)
- Mail:
. Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
- MySQLi:
. Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
(Remi)
- OPCache
. Added function opcache_is_script_cached(). (Danack)
. Added information about interned strings usage. (Terry, Julien, Dmitry)
- Openssl:
. Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
- GMP
. Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
- SQLite:
. Updated bundled libsqlite to 3.8.3.1 (Anatol)
Revision 1.11 / (download) - annotate - [select for diffs], Sat Mar 29 22:10:15 2014 UTC (9 years, 8 months ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base
Branch point for: pkgsrc-2014Q1
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Apply patch to fix CVE-2013-7345. Bump PKGREVISION. OK'ed by wiz.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Mar 19 21:56:31 2014 UTC (9 years, 8 months ago) by asau
Branch: MAIN
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
Stop treating FreeBSD 10 as FreeBSD 1. This lets a number of PHP extensions build. Bump package revision.
Revision 1.9 / (download) - annotate - [select for diffs], Sun Mar 9 14:09:20 2014 UTC (9 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.8: +1 -2
lines
Diff to previous 1.8 (colored)
Update php55 to 5.5.10 (PHP 5.5.10).
Version 5.5.10
6-Mar-2014
* Core:
- Fixed bug #66574 (Allow multiple paths in php_ini_scanned_path).
* Date:
- Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones
per offset too).
* Fileinfo:
- Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)).
- Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)).
* GD:
- Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer
(CVE-2013-7327)).
* JSON:
- Fixed bug #65753 (JsonSerializeable couldn't implement on module extension).
* LDAP:
- Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch).
* Openssl:
- Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
* PCRE:
- Upgraded to PCRE 8.34.
* Pgsql:
- Added warning for dangerous client encoding and remove possible injections
for pg_insert()/pg_update()/pg_delete()/pg_select().
Revision 1.8 / (download) - annotate - [select for diffs], Wed Feb 12 23:18:05 2014 UTC (9 years, 9 months ago) by tron
Branch: MAIN
Changes since 1.7: +2 -1
lines
Diff to previous 1.7 (colored)
Recursive PKGREVISION bump for OpenSSL API version bump.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Dec 13 15:33:22 2013 UTC (10 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4
Changes since 1.6: +1 -2
lines
Diff to previous 1.6 (colored)
Update php55 to 5.5.7 (PHP 5.5.7).
12 Dec 2013, PHP 5.5.7
- CLI server:
. Added some MIME types to the CLI web server (Chris Jones)
. Implemented FR #65917 (getallheaders() is not supported by the built-in web
server) - also implements apache_response_headers() (Andrea Faulds)
- Core:
. Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a
string). (Laruence)
- OPCache
. Fixed bug #66176 (Invalid constant substitution). (Dmitry)
. Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
. Fixed bug #65559 (Opcache: cache not cleared if changes occur while
running). (Dmitry)
- OpenSSL:
. Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420).
(Stefan Esser).
- readline
. Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)
Revision 1.6 / (download) - annotate - [select for diffs], Thu Dec 5 16:17:47 2013 UTC (10 years ago) by taca
Branch: MAIN
Changes since 1.5: +2 -1
lines
Diff to previous 1.5 (colored)
Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION.
Revision 1.5 / (download) - annotate - [select for diffs], Sat Aug 17 13:15:21 2013 UTC (10 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base,
pkgsrc-2013Q3
Changes since 1.4: +1 -2
lines
Diff to previous 1.4 (colored)
Update php55 to 5.5.2.
15 Aug 2013, PHP 5.5.2
- Core:
. Fixed bug #62691 (solaris sed has no -i switch). (Chris Jones)
. Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold)
. Fixed bug #61268 (--enable-dtrace leads make to clobber
Zend/zend_dtrace.d) (Chris Jones)
- DOM:
. Added flags option to DOMDocument::schemaValidate() and
DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag.
(Chris Wright)
- Sessions:
. Implemented strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
which protects against session fixation attacks and session collisions.
(Yasuo Ohgaki)
. Fixed possible buffer overflow under Windows. Note: Not a security fix.
(Yasuo)
. Changed session.auto_start to PHP_INI_PERDIR. (Yasuo)
- Pgsql:
. Fixed bug #62978 (Disallow possible SQL injections with pg_select()
/pg_update()/pg_delete()/pg_insert()). (Yasuo)
?? ??? 2013, PHP 5.5.2
- Core:
. Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference
fails). (Laruence)
. Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was
erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey
avp200681 gmail com).
. Fixed bug #65304 (Use of max int in array_sum). (Laruence)
. Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very
limited case). (Arpad)
- OPcache:
. Added opcache.restrict_api configuration directive that may limit
usage of OPcahce API functions only to patricular script(s). (Dmitry)
. Added support for glob symbols in blacklist entries (?, *, **).
(Terry Elison, Dmitry)
. Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on
shutdown). (Dmitry)
- Openssl:
. Fixed handling null bytes in subjectAltName (CVE-2013-4073).
(Christian Heimes)
- PDO_mysql:
. Fixed bug #65299 (pdo mysql parsing errors). (Johannes)
- Phar:
. Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for
some specific contents). (Stas)
- SOAP:
. Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry)
- SPL:
. Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence)
. Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua
Thijssen)
. Fixed bug #61697 (spl_autoload_functions returns lambda functions
incorrectly). (Laruence)
- Streams:
. Fixed bug #65268 (select() implementation uses outdated tick API). (Anatol)
- Pgsql:
. Fixed bug #65336 (pg_escape_literal/identifier() scilently returns false).
(Yasuo)
Revision 1.4 / (download) - annotate - [select for diffs], Wed Aug 14 15:43:40 2013 UTC (10 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.3: +2 -1
lines
Diff to previous 1.3 (colored)
Add fix fo openssl, CVE-2013-4073. Bump PKGREVISION.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Aug 14 14:53:03 2013 UTC (10 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Correct checking condition of PHP_CHECK_INSTALLED.
Revision 1.2 / (download) - annotate - [select for diffs], Tue Aug 13 10:22:26 2013 UTC (10 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.1: +3 -1
lines
Diff to previous 1.1 (colored)
Allow only the PHP version itself, otherwise the multi-version logic will trigger with failing distinfo entries.
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jul 29 16:41:02 2013 UTC (10 years, 4 months ago) by taca
Branch: MAIN
Add PHP 5.5.1 as lang/php55 version 5.5.1 package. This is new stable release of PHP. Please refer UPGRADING file for changes and updating. PHP is an HTML-embedded scripting language. It is modular, with some object-oriented features. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The language is designed to allow web developers to write dynamically generated pages quickly. This package provices PHP version 5.5.x.