The NetBSD Project

CVS log for pkgsrc/lang/php56/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / php56

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.61 / (download) - annotate - [select for diffs], Thu Dec 9 00:13:07 2021 UTC (21 months, 2 weeks ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, HEAD
Changes since 1.60: +3 -2 lines
Diff to previous 1.60 (colored)

php56-intl: fix icu>=70 fallout. Backport from php74-intl.

Revision 1.60 / (download) - annotate - [select for diffs], Tue Oct 26 10:51:47 2021 UTC (23 months ago) by nia
Branch: MAIN
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored)

lang: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles could not be fetched (possibly fetched
conditionally?):

./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-musl.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-armv7-unknown-netbsd-eabihf.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-i686-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-sparc64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-apple-darwin.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-freebsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-musl.tar.gz
./lang/smlnj/distinfo smlnj-110.73/boot.ppc-unix.tgz
./lang/smlnj/distinfo smlnj-110.73/boot.sparc-unix.tgz
./lang/oracle-jre8/distinfo jce_policy-8.zip
./lang/oracle-jre8/distinfo jre-8u202-linux-i586.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-linux-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-macosx-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-solaris-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-i586.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-solaris-x64.tar.gz
./lang/ghc80/distinfo ghc-7.10.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-i386-unknown-freebsd.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-x86_64-unknown-freebsd.tar.xz
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/rust/distinfo rust-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-illumos.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-std-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/smlnj11072/distinfo smlnj-110.72/boot.ppc-unix.tgz
./lang/smlnj11072/distinfo smlnj-110.72/boot.sparc-unix.tgz
./lang/ghc84/distinfo ghc-8.0.2-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.10.3-boot-i386-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-i386-unknown-solaris2.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-powerpc-apple-darwin.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-8.10.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-aarch64-unknown-netbsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-i386-unknown-freebsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-apple-darwin.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-unknown-freebsd.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.8.181-netbsd-8-aarch64-20180917.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.6-amd64-20140719.tar.bz2
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
./lang/go-bin/distinfo go1.14.2.darwin-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-386.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-arm64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-armv6l.tar.gz
./lang/go-bin/distinfo go1.14.2.netbsd-arm64.tar.gz
./lang/go-bin/distinfo go1.16beta1.darwin-arm64.tar.gz
./lang/gcc6-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/ghc810/distinfo ghc-8.8.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/sun-jre7/distinfo UnlimitedJCEPolicyJDK7.zip
./lang/sun-jre7/distinfo jre-7u80-linux-x64.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-i586.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-x64.tar.gz
./lang/ghc88/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/gcc-aux/distinfo ada-bootstrap.i386.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/gcc6/distinfo ecj-4.5.jar
./lang/openjdk11/distinfo bootstrap-jdk-1.11.0.7.10-netbsd-9-aarch64-20200509.tar.xz
./lang/sun-jdk7/distinfo jdk-7u80-linux-x64.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-i586.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-x64.tar.gz

Revision 1.59 / (download) - annotate - [select for diffs], Thu Oct 7 14:21:05 2021 UTC (23 months, 2 weeks ago) by nia
Branch: MAIN
Changes since 1.58: +1 -3 lines
Diff to previous 1.58 (colored)

lang: Remove SHA1 hashes for distfiles

Revision 1.58 / (download) - annotate - [select for diffs], Tue Sep 28 14:39:49 2021 UTC (23 months, 4 weeks ago) by jperkin
Branch: MAIN
Changes since 1.57: +2 -1 lines
Diff to previous 1.57 (colored)

php56: Support OpenSSL 3.

Revision 1.57 / (download) - annotate - [select for diffs], Mon Nov 16 12:10:05 2020 UTC (2 years, 10 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.56: +12 -1 lines
Diff to previous 1.56 (colored)

php56: Fix php-intl module build with textproc/icu-68.1

Revision 1.56 / (download) - annotate - [select for diffs], Mon Nov 25 03:12:50 2019 UTC (3 years, 10 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.55: +5 -5 lines
Diff to previous 1.55 (colored)

lang/php: switch to use ".tar.xz" distfiles

Switch to use ".tar.xz" distfiles instead of ".tar.bz2".

No functional change.

Revision 1.55 / (download) - annotate - [select for diffs], Sun Mar 31 20:48:18 2019 UTC (4 years, 5 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.54: +5 -1 lines
Diff to previous 1.54 (colored)

php56: add the zettasystems patch to support openssl 1.1

Revision 1.53.2.1 / (download) - annotate - [select for diffs], Sat Jan 19 21:57:11 2019 UTC (4 years, 8 months ago) by bsiegert
Branch: pkgsrc-2018Q4
Changes since 1.53: +5 -5 lines
Diff to previous 1.53 (colored) next main 1.54 (colored)

Pullup ticket #5899 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.245
- lang/php56/Makefile                                           1.20
- lang/php56/distinfo                                           1.54

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Jan 12 15:01:34 UTC 2019

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: Makefile distinfo

   Log Message:
   lang/php56: udate to 5.6.40

   10 Jan 2019, PHP 5.6.40

   - GD:
     . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to
       use-after-free). (cmb)
     . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb)

   - Mbstring:
     . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas)
     . Fixed bug #77371 (heap buffer overflow in mb regex functions
       - compile_string_node). (Stas)
     . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas)
     . Fixed bug #77382 (heap buffer overflow due to incorrect length in
       expand_case_fold_string). (Stas)
     . Fixed bug #77385 (buffer overflow in fetch_token). (Stas)
     . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas)
     . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas)

   - Phar:
     . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas)

   - Xmlrpc:
     . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb)
     . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)

Revision 1.54 / (download) - annotate - [select for diffs], Sat Jan 12 15:01:34 2019 UTC (4 years, 8 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1
Changes since 1.53: +5 -5 lines
Diff to previous 1.53 (colored)

lang/php56: udate to 5.6.40

10 Jan 2019, PHP 5.6.40

- GD:
  . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to
    use-after-free). (cmb)
  . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb)

- Mbstring:
  . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas)
  . Fixed bug #77371 (heap buffer overflow in mb regex functions
    - compile_string_node). (Stas)
  . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas)
  . Fixed bug #77382 (heap buffer overflow due to incorrect length in
    expand_case_fold_string). (Stas)
  . Fixed bug #77385 (buffer overflow in fetch_token). (Stas)
  . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas)
  . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas)

- Phar:
  . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas)

- Xmlrpc:
  . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb)
  . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)

Revision 1.53 / (download) - annotate - [select for diffs], Sat Dec 15 16:58:57 2018 UTC (4 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q4-base
Branch point for: pkgsrc-2018Q4
Changes since 1.52: +1 -2 lines
Diff to previous 1.52 (colored)

lang/php56: remove unused patch

sqlite3 support moved todatabases/php-sqlite3 and it dose not use in-tree
sqlite3.  So, this patch is not required any more.

Revision 1.52 / (download) - annotate - [select for diffs], Fri Dec 7 17:14:58 2018 UTC (4 years, 9 months ago) by taca
Branch: MAIN
Changes since 1.51: +5 -5 lines
Diff to previous 1.51 (colored)

lang/php56: update to 5.6.39

06 Dec 2018, PHP 5.6.39

- Core:
  . Fixed bug #77231 (Segfault when using convert.quoted-printable-encode
    filter). (Stas)

- IMAP:
  . Fixed bug #77020 (null pointer dereference in imap_mail). (cmb)
  . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via
    mailbox parameter). (Stas)

- Phar:
  . Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas)
  . Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
    (Stas)

Revision 1.48.2.2 / (download) - annotate - [select for diffs], Tue Sep 18 19:01:01 2018 UTC (5 years ago) by bsiegert
Branch: pkgsrc-2018Q2
Changes since 1.48.2.1: +4 -4 lines
Diff to previous 1.48.2.1 (colored) to branchpoint 1.48 (colored) next main 1.49 (colored)

Pullup ticket #5835 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.231
- lang/php56/distinfo                                           1.51

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Sep 13 15:47:46 UTC 2018

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   lang/php56: Update to 5.6.38

   13 Sep 2018, PHP 5.6.38

   - Apache2
     . Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (Stas)

Revision 1.51 / (download) - annotate - [select for diffs], Thu Sep 13 15:47:46 2018 UTC (5 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.50: +5 -5 lines
Diff to previous 1.50 (colored)

lang/php56: Update to 5.6.38

13 Sep 2018, PHP 5.6.38

- Apache2
  . Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (Stas)

Revision 1.48.2.1 / (download) - annotate - [select for diffs], Fri Aug 17 17:39:36 2018 UTC (5 years, 1 month ago) by bsiegert
Branch: pkgsrc-2018Q2
Changes since 1.48: +6 -5 lines
Diff to previous 1.48 (colored)

Pullup ticket #5800 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.225
- lang/php56/Makefile.php                                       1.5
- lang/php56/distinfo                                           1.49-1.50
- lang/php56/patches/patch-disable-filter-url                   1.1

---
   Module Name:	pkgsrc
   Committed By:	manu
   Date:		Wed Jul 18 07:33:12 UTC 2018

   Modified Files:
   	pkgsrc/lang/php56: Makefile.php distinfo
   	pkgsrc/lang/php70: Makefile.php distinfo
   	pkgsrc/lang/php71: Makefile.php distinfo
   	pkgsrc/lang/php72: Makefile.php distinfo
   Added Files:
   	pkgsrc/lang/php56/patches: patch-disable-filter-url
   	pkgsrc/lang/php70/patches: patch-disable-filter-url
   	pkgsrc/lang/php71/patches: patch-disable-filter-url
   	pkgsrc/lang/php72/patches: patch-disable-filter-url

   Log Message:
   Add pkgsrc build option disable-filter-url to disable php://filter URL

   php://filter URL is a feature documented here:
   http://php.net/manual/en/wrappers.php.php

   Unfortunately, it allows remote control of include() behavior
   beyond what many developpers expected, enabling easy dump of
   PHP source files. The administrator may want to disable the
   feature for security sake, and this option makes that possible.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jul 20 13:28:48 UTC 2018

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   lang/php56: update to 5.6.37

   19 Jul 2018, PHP 5.6.37

   - Exif:
     . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
       exif_thumbnail_extract of exif.c). (Stas)
     . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
       data). (Stas)

   - Win32:
     . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)

Revision 1.50 / (download) - annotate - [select for diffs], Fri Jul 20 13:28:48 2018 UTC (5 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.49: +5 -5 lines
Diff to previous 1.49 (colored)

lang/php56: update to 5.6.37

19 Jul 2018, PHP 5.6.37

- Exif:
  . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
    exif_thumbnail_extract of exif.c). (Stas)
  . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
    data). (Stas)

- Win32:
  . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)

Revision 1.49 / (download) - annotate - [select for diffs], Wed Jul 18 07:33:12 2018 UTC (5 years, 2 months ago) by manu
Branch: MAIN
Changes since 1.48: +2 -1 lines
Diff to previous 1.48 (colored)

Add pkgsrc build option disable-filter-url to disable php://filter URL

php://filter URL is a feature documented here:
http://php.net/manual/en/wrappers.php.php

Unfortunately, it allows remote control of include() behavior
beyond what many developpers expected, enabling easy dump of
PHP source files. The administrator may want to disable the
feature for security sake, and this option makes that possible.

Revision 1.47.2.1 / (download) - annotate - [select for diffs], Sun May 6 11:37:36 2018 UTC (5 years, 4 months ago) by spz
Branch: pkgsrc-2018Q1
Changes since 1.47: +5 -5 lines
Diff to previous 1.47 (colored) next main 1.48 (colored)

Pullup ticket #5750 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.217
- lang/php56/distinfo                                           1.48

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Apr 29 16:26:40 UTC 2018

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   lang/php56: update to 5.6.36

   26 Apr 2018 PHP 5.6.36

   - Exif:
     . Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
     (Stas)

   - iconv:
     . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
       invalid sequence). (Stas)

   - LDAP:
     . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

   - Phar:
     . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)


   To generate a diff of this commit:
   cvs rdiff -u -r1.216 -r1.217 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.47 -r1.48 pkgsrc/lang/php56/distinfo

Revision 1.48 / (download) - annotate - [select for diffs], Sun Apr 29 16:26:40 2018 UTC (5 years, 4 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base
Branch point for: pkgsrc-2018Q2
Changes since 1.47: +5 -5 lines
Diff to previous 1.47 (colored)

lang/php56: update to 5.6.36

26 Apr 2018 PHP 5.6.36

- Exif:
  . Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
  (Stas)

- iconv:
  . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
    invalid sequence). (Stas)

- LDAP:
  . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

- Phar:
  . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)

Revision 1.47 / (download) - annotate - [select for diffs], Fri Mar 30 00:37:16 2018 UTC (5 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2018Q1-base
Branch point for: pkgsrc-2018Q1
Changes since 1.46: +5 -5 lines
Diff to previous 1.46 (colored)

lang/php56: update to 5.6.35

29 Mar 2018, PHP 5.6.35

- FPM:
  . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
    access controls). (Jakub Zelenka)

Revision 1.43.2.2 / (download) - annotate - [select for diffs], Sat Mar 3 09:23:30 2018 UTC (5 years, 6 months ago) by spz
Branch: pkgsrc-2017Q4
Changes since 1.43.2.1: +6 -6 lines
Diff to previous 1.43.2.1 (colored) to branchpoint 1.43 (colored) next main 1.44 (colored)

Pullup ticket #5715 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php56/DESCR                                              1.3
- lang/php56/MESSAGE                                            1.2
- lang/php56/Makefile                                           1.16
- lang/php56/distinfo                                           1.45-1.46
- lang/php56/patches/patch-configure                            1.4

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Tue Jan 16 11:28:09 UTC 2018

   Modified Files:
   	pkgsrc/lang/php56: Makefile distinfo
   	pkgsrc/lang/php56/patches: patch-configure

   Log Message:
   php56: Convert libgcc fix to a patch to mirror php7*.


   To generate a diff of this commit:
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/lang/php56/Makefile
   cvs rdiff -u -r1.44 -r1.45 pkgsrc/lang/php56/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php56/patches/patch-configure

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	jdolecek
   Date:		Sun Feb  4 11:35:39 UTC 2018

   Modified Files:
   	pkgsrc/lang/php56: DESCR MESSAGE
   	pkgsrc/lang/php70: DESCR MESSAGE

   Log Message:
   note a planned End of Life for support of PHP 5.6.x and PHP 7.0.x

   Those releases will stop getting official support on Dec 31 2018 and
   Dec 3 2018 respectively, and they should be removed from pkgsrc by then.


   To generate a diff of this commit:
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php56/DESCR
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/php56/MESSAGE

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Mar  2 02:13:44 UTC 2018

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   lang/php56: update to 5.6.34

   01 Mar 2018, PHP 5.6.34

   - Standard:
     . Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)


   To generate a diff of this commit:
   cvs rdiff -u -r1.45 -r1.46 pkgsrc/lang/php56/distinfo

Revision 1.46 / (download) - annotate - [select for diffs], Fri Mar 2 02:13:44 2018 UTC (5 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.45: +5 -5 lines
Diff to previous 1.45 (colored)

lang/php56: update to 5.6.34

01 Mar 2018, PHP 5.6.34

- Standard:
  . Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)

Revision 1.45 / (download) - annotate - [select for diffs], Tue Jan 16 11:28:09 2018 UTC (5 years, 8 months ago) by jperkin
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)

php56: Convert libgcc fix to a patch to mirror php7*.

Revision 1.43.2.1 / (download) - annotate - [select for diffs], Sun Jan 7 17:30:26 2018 UTC (5 years, 8 months ago) by bsiegert
Branch: pkgsrc-2017Q4
Changes since 1.43: +5 -5 lines
Diff to previous 1.43 (colored)

Pullup ticket #5673 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.198
- lang/php56/distinfo                                           1.44

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan  5 03:08:36 UTC 2018

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   lang/php56: update to 5.6.33

   04 Jan 2017, PHP 5.6.33

   - GD:
     . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb)

   - Phar:
     . Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas)

Revision 1.44 / (download) - annotate - [select for diffs], Fri Jan 5 03:08:36 2018 UTC (5 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.43: +5 -5 lines
Diff to previous 1.43 (colored)

lang/php56: update to 5.6.33

04 Jan 2017, PHP 5.6.33

- GD:
  . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb)

- Phar:
  . Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas)

Revision 1.42.4.1 / (download) - annotate - [select for diffs], Tue Oct 31 18:13:26 2017 UTC (5 years, 10 months ago) by spz
Branch: pkgsrc-2017Q3
Changes since 1.42: +5 -5 lines
Diff to previous 1.42 (colored) next main 1.43 (colored)

Pullup ticket #5613 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php56/Makefile                                           1.15
- lang/php56/distinfo                                           1.43
- lang/php/phpversion.mk                                        patch

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Oct 27 08:45:06 UTC 2017

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: Makefile distinfo

   Log Message:
   lang/php56: Update to 5.6.32

   * pkgsrc change: remove post-extract which is not required any more.
   * including securiy fixes.

   26 Sep 2017, PHP 5.6.32

   - Date:
     . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

   - mcrypt:
     . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)

   - PCRE:
     . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)


   To generate a diff of this commit:
   cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/php56/Makefile
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/php56/distinfo

Revision 1.43 / (download) - annotate - [select for diffs], Fri Oct 27 08:45:06 2017 UTC (5 years, 11 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base
Branch point for: pkgsrc-2017Q4
Changes since 1.42: +5 -5 lines
Diff to previous 1.42 (colored)

lang/php56: Update to 5.6.32

* pkgsrc change: remove post-extract which is not required any more.
* including securiy fixes.

26 Sep 2017, PHP 5.6.32

- Date:
  . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

- mcrypt:
  . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)

- PCRE:
  . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)

Revision 1.41.2.1 / (download) - annotate - [select for diffs], Sat Jul 15 19:23:43 2017 UTC (6 years, 2 months ago) by bsiegert
Branch: pkgsrc-2017Q2
Changes since 1.41: +5 -5 lines
Diff to previous 1.41 (colored) next main 1.42 (colored)

Pullup ticket #5509 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.184
- lang/php56/Makefile                                           1.14
- lang/php56/distinfo                                           1.42

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jul  7 03:13:48 UTC 2017

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: Makefile distinfo

   Log Message:
   Update php56 to 5.6.31.

   06 Jul 2017, PHP 5.6.31

   - Core:
     . Fixed bug #73807 (Performance problem with processing post request over
       2000000 chars). (Nikita)
     . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
       unserialize). (Nikita)
     . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
       (Stas)
     . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
       php_parse_date()). (Derick)

   - GD:
     . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

   - mbstring:
     . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
       CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

   - OpenSSL:
     . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
       (Stas)

   - PCRE:
     . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
       (Stas)

   - WDDX:
      . Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas)

Revision 1.42 / (download) - annotate - [select for diffs], Fri Jul 7 03:13:48 2017 UTC (6 years, 2 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2017Q3-base
Branch point for: pkgsrc-2017Q3
Changes since 1.41: +5 -5 lines
Diff to previous 1.41 (colored)

Update php56 to 5.6.31.

06 Jul 2017, PHP 5.6.31

- Core:
  . Fixed bug #73807 (Performance problem with processing post request over
    2000000 chars). (Nikita)
  . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
    unserialize). (Nikita)
  . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
    (Stas)
  . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
    php_parse_date()). (Derick)

- GD:
  . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

- mbstring:
  . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
    CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

- OpenSSL:
  . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
    (Stas)

- PCRE:
  . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
    (Stas)

- WDDX:
   . Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas)

Revision 1.40.2.1 / (download) - annotate - [select for diffs], Wed Apr 12 18:22:19 2017 UTC (6 years, 5 months ago) by bsiegert
Branch: pkgsrc-2017Q1
Changes since 1.40: +2 -1 lines
Diff to previous 1.40 (colored) next main 1.41 (colored)

Pullup ticket #5243 - requested by sevan
lang/php56: build fix
lang/php70: build fix
lang/php71: build fix

Revisions pulled up:
- lang/php56/Makefile                                           1.13
- lang/php56/Makefile.php                                       1.2
- lang/php56/PLIST                                              1.3
- lang/php56/distinfo                                           1.41
- lang/php56/patches/patch-ext_xsl_php__xsl.h                   1.1
- lang/php70/Makefile                                           1.6
- lang/php70/Makefile.php                                       1.3
- lang/php70/PLIST                                              1.3
- lang/php70/distinfo                                           1.31
- lang/php70/patches/patch-ext_xsl_php__xsl.h                   1.1
- lang/php71/Makefile                                           1.9
- lang/php71/Makefile.php                                       1.2
- lang/php71/PLIST                                              1.3
- lang/php71/distinfo                                           1.17
- lang/php71/patches/patch-ext_xsl_php__xsl.h                   1.1
- textproc/Makefile                                             1.918
- textproc/php-dom/DESCR                                        deleted
- textproc/php-dom/Makefile                                     deleted

---
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Wed Apr  5 12:28:59 UTC 2017

   Modified Files:
           pkgsrc/lang/php56: Makefile Makefile.php PLIST distinfo
           pkgsrc/lang/php70: Makefile Makefile.php PLIST distinfo
           pkgsrc/lang/php71: Makefile Makefile.php PLIST distinfo
   Added Files:
           pkgsrc/lang/php56/patches: patch-ext_xsl_php__xsl.h
           pkgsrc/lang/php70/patches: patch-ext_xsl_php__xsl.h
           pkgsrc/lang/php71/patches: patch-ext_xsl_php__xsl.h

   Log Message:
   Build the dom extension embedded. This enables full functionality in xmlreader and fixes joyent/pkgsrc/issues/477. Bump PKREVISION.

---
   Module Name:    pkgsrc
   Committed By:   fhajny
   Date:           Wed Apr  5 12:34:47 UTC 2017

   Modified Files:
           pkgsrc/textproc: Makefile
   Removed Files:
           pkgsrc/textproc/php-dom: DESCR Makefile

   Log Message:
   Remove textproc/php-dom, the module is now built into the resp. PHP packages.

Revision 1.41 / (download) - annotate - [select for diffs], Wed Apr 5 12:28:59 2017 UTC (6 years, 5 months ago) by fhajny
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base
Branch point for: pkgsrc-2017Q2
Changes since 1.40: +2 -1 lines
Diff to previous 1.40 (colored)

Build the dom extension embedded. This enables full functionality in xmlreader and fixes joyent/pkgsrc/issues/477. Bump PKREVISION.

Revision 1.40 / (download) - annotate - [select for diffs], Mon Feb 20 09:35:17 2017 UTC (6 years, 7 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base
Branch point for: pkgsrc-2017Q1
Changes since 1.39: +2 -1 lines
Diff to previous 1.39 (colored)

Fix build with tidy-5.x.

Revision 1.38.2.1 / (download) - annotate - [select for diffs], Sat Jan 21 10:49:15 2017 UTC (6 years, 8 months ago) by bsiegert
Branch: pkgsrc-2016Q4
Changes since 1.38: +5 -5 lines
Diff to previous 1.38 (colored) next main 1.39 (colored)

Pullup ticket #5198 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.171
- lang/php56/distinfo                                           1.39

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan 20 00:44:01 UTC 2017

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.30.

   PHP                                                                        NEWS
   |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
   19 Jan 2017, PHP 5.6.30

   - EXIF:
    . Fixed bug #73737 (FPE when parsing a tag format). (Stas)

   - GD:
    . Fixed bug #73549 (Use after free when stream is passed to imagepng). (cmb)
    . Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
    . Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)

   - Intl:
    . Fixed bug #68447 (grapheme_extract take an extra trailing character).
      (SAT Kentar)

   - Phar:
    . Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
    . Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
    . Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)

   - SQLite3:
    . Reverted fix for bug #73530	(Unsetting result set may reset other result
      set). (cmb)

   - Standard:
    . Fixed bug #70213 (Unserialize context shared on double class lookup).
      (Taoguang Chen)
    . Fixed bug #73825 (Heap out of bounds read on unserialize in
      finish_nested_data()). (Stas)

Revision 1.39 / (download) - annotate - [select for diffs], Fri Jan 20 00:44:01 2017 UTC (6 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.38: +5 -5 lines
Diff to previous 1.38 (colored)

Update php56 to 5.6.30.

PHP                                                                        NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017, PHP 5.6.30

- EXIF:
  . Fixed bug #73737 (FPE when parsing a tag format). (Stas)

- GD:
  . Fixed bug #73549 (Use after free when stream is passed to imagepng). (cmb)
  . Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
  . Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)

- Intl:
  . Fixed bug #68447 (grapheme_extract take an extra trailing character).
    (SAT Kentar)

- Phar:
  . Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
  . Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
  . Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)

- SQLite3:
  . Reverted fix for bug #73530	(Unsetting result set may reset other result
    set). (cmb)

- Standard:
  . Fixed bug #70213 (Unserialize context shared on double class lookup).
    (Taoguang Chen)
  . Fixed bug #73825 (Heap out of bounds read on unserialize in
    finish_nested_data()). (Stas)

Revision 1.38 / (download) - annotate - [select for diffs], Sat Dec 10 07:08:39 2016 UTC (6 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base
Branch point for: pkgsrc-2016Q4
Changes since 1.37: +5 -5 lines
Diff to previous 1.37 (colored)

Update php56 to 5.6.29 (PHP 5.6.29).

08 Dec 2016, PHP 5.6.29

- Mysqlnd:
  . Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb)

- Opcache:
  . Fixed bug #73402 (Opcache segfault when using class constant to call a
    method). (Laruence)
  . Fixed bug #69090 (check cached files permissions)

- OpenSSL
  . Fixed bug #72776 (Invalid parameter in memcpy function trough
    openssl_pbkdf2). (Jakub Zelenka)

- Postgres:
  . Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()). (Craig Duncan)

- SOAP:
  . Fixed bug #73452 (Segfault (Regression for #69152)). (Dmitry)

- SQLite3:
  . Fixed bug #73530 (Unsetting result set may reset other result set). (cmb)

- Standard:
  . Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
    (rowan dot collins at gmail dot com)

- WDDX:
  . Fixed bug #73631 (Memory leak due to invalid wddx stack processing).
    (bughunter at fosec dot vn).

Revision 1.37 / (download) - annotate - [select for diffs], Mon Dec 5 18:17:11 2016 UTC (6 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.36: +2 -2 lines
Diff to previous 1.36 (colored)

On Darwin, allow native iconv when Command Line Tools are not installed.

Revision 1.34.2.2 / (download) - annotate - [select for diffs], Mon Nov 21 06:08:51 2016 UTC (6 years, 10 months ago) by bsiegert
Branch: pkgsrc-2016Q3
Changes since 1.34.2.1: +5 -5 lines
Diff to previous 1.34.2.1 (colored) to branchpoint 1.34 (colored) next main 1.35 (colored)

Pullup ticket #5157 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php56/distinfo                                           1.36

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Nov 12 15:34:00 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.28 (PHP 5.6.28), including security fix (as usual).

   10 Nov 2016, PHP 5.6.28

   - Core:
     . Fixed bug #73337 (try/catch not working with two exceptions inside a same
       operation). (Dmitry)

   - Bz2:
     . Fixed bug #73356 (crash in bzcompress function). (Stas)

   -GD:
     . Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
     . Fixed bug #73272 (imagescale() is not affected by, but affects
       imagesetinterpolation()). (cmb)
     . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
     . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
     . Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
       (cmb)
     . Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)

   - Imap:
     . Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads Heap Overflow).
       (Anatol)

   - SPL:
     . Fixed bug #73144 (Use-after-free in ArrayObject Deserialization). (Stas)

   - SOAP:
     . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)

   - SQLite3:
     . Fixed bug #73333 (2147483647 is fetched as string). (cmb)

   - Standard:
     . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
     . Fixed bug #73188 (use after free in userspace streams). (Sara)

   - Wddx:
     . Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
       with PDORow). (Stas)

Revision 1.36 / (download) - annotate - [select for diffs], Sat Nov 12 15:34:00 2016 UTC (6 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.35: +5 -5 lines
Diff to previous 1.35 (colored)

Update php56 to 5.6.28 (PHP 5.6.28), including security fix (as usual).

10 Nov 2016, PHP 5.6.28

- Core:
  . Fixed bug #73337 (try/catch not working with two exceptions inside a same
    operation). (Dmitry)

- Bz2:
  . Fixed bug #73356 (crash in bzcompress function). (Stas)

-GD:
  . Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
  . Fixed bug #73272 (imagescale() is not affected by, but affects
    imagesetinterpolation()). (cmb)
  . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
  . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
  . Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
    (cmb)
  . Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)

- Imap:
  . Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads Heap Overflow).
    (Anatol)

- SPL:
  . Fixed bug #73144 (Use-after-free in ArrayObject Deserialization). (Stas)

- SOAP:
  . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)

- SQLite3:
  . Fixed bug #73333 (2147483647 is fetched as string). (cmb)

- Standard:
  . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
  . Fixed bug #73188 (use after free in userspace streams). (Sara)

- Wddx:
  . Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
    with PDORow). (Stas)

Revision 1.34.2.1 / (download) - annotate - [select for diffs], Fri Oct 21 18:47:33 2016 UTC (6 years, 11 months ago) by bsiegert
Branch: pkgsrc-2016Q3
Changes since 1.34: +5 -5 lines
Diff to previous 1.34 (colored)

Pullup ticket #5140 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.161
- lang/php56/distinfo                                           1.35

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Oct 16 11:58:42 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.27.

   13 Oct 2016, PHP 5.6.27

   - Core:
     . Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of
       zend_virtual_cwd.c). (cmb)
     . Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
     . Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
       password_verify). (Anatol)
     . Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
     . Fixed bug #73147 (Use After Free in unserialize()). (Stas)

   - BCmath:
     . Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)

   - DOM:
     . Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)

   - Ereg:
     . Fixed bug #73284 (heap overflow in php_ereg_replace function). (Stas)

   - Filter:
     . Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
       FILTER_FLAG_NO_PRIV_RANGE). (julien)
     . Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN,
       FILTER_NULL_ON_FAILURE). (levim, cmb)
     . Fixed bug #73054 (default option ignored when object passed to int filter).
       (cmb)

   - GD:
     . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
       (cmb)
     . Fixed bug #50194 (imagettftext broken on transparent background w/o
       alphablending). (cmb)
     . Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab,
       cmb)
     . Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
       (Mark Plomer, cmb)
     . Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
     . Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
     . Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted
       files). (cmb)
     . Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)

   - Intl:
     . Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)

   - Imap:
     . Fixed bug #73208 (integer overflow in imap_8bit caused heap corruption).
       (Stas)

   - Mbstring:
     . Fixed bug #72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
     . Fixed bug #66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
     . Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
       (Yasuo)
     . Fixed bug #73082 (string length overflow in mb_encode_* function). (Stas)

   - PCRE:
     . Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas)

   - Opcache:
     . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
       (Keyur) (julien backport)

   - OpenSSL:
     . Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
       (Jakub Zelenka)
     . Fixed bug #73275 (crash in openssl_encrypt function). (Stas)
     . Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)

   - Session:
     . Fixed bug #68015 (Session does not report invalid uid for files save handler).
       (Yasuo)
     . Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
       (cmb)

   - SimpleXML:
     . Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
       (Stas)

   - SPL:
     . Fixed bug #73073 (CachingIterator null dereference when convert to string).
       (Stas)

   - Standard:
     . Fixed bug #73240 (Write out of bounds at number_format). (Stas)
     . Fixed bug #73017 (memory corruption in wordwrap function). (Stas)

   - Stream:
     . Fixed bug #73069 (readfile() mangles files larger than 2G). (Laruence)

   - Zip:
     . Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
       (cmb)

Revision 1.35 / (download) - annotate - [select for diffs], Sun Oct 16 11:58:42 2016 UTC (6 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.34: +5 -5 lines
Diff to previous 1.34 (colored)

Update php56 to 5.6.27.

13 Oct 2016, PHP 5.6.27

- Core:
  . Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of
    zend_virtual_cwd.c). (cmb)
  . Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
  . Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
    password_verify). (Anatol)
  . Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
  . Fixed bug #73147 (Use After Free in unserialize()). (Stas)

- BCmath:
  . Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)

- DOM:
  . Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)

- Ereg:
  . Fixed bug #73284 (heap overflow in php_ereg_replace function). (Stas)

- Filter:
  . Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
    FILTER_FLAG_NO_PRIV_RANGE). (julien)
  . Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN,
    FILTER_NULL_ON_FAILURE). (levim, cmb)
  . Fixed bug #73054 (default option ignored when object passed to int filter).
    (cmb)

- GD:
  . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
    (cmb)
  . Fixed bug #50194 (imagettftext broken on transparent background w/o
    alphablending). (cmb)
  . Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab,
    cmb)
  . Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
    (Mark Plomer, cmb)
  . Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
  . Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
  . Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted
    files). (cmb)
  . Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)

- Intl:
  . Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)

- Imap:
  . Fixed bug #73208 (integer overflow in imap_8bit caused heap corruption).
    (Stas)

- Mbstring:
  . Fixed bug #72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
  . Fixed bug #66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
  . Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
    (Yasuo)
  . Fixed bug #73082 (string length overflow in mb_encode_* function). (Stas)

- PCRE:
  . Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas)

- Opcache:
  . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
    (Keyur) (julien backport)

- OpenSSL:
  . Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
    (Jakub Zelenka)
  . Fixed bug #73275 (crash in openssl_encrypt function). (Stas)
  . Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)

- Session:
  . Fixed bug #68015 (Session does not report invalid uid for files save handler).
    (Yasuo)
  . Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
    (cmb)

- SimpleXML:
  . Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
    (Stas)

- SPL:
  . Fixed bug #73073 (CachingIterator null dereference when convert to string).
    (Stas)

- Standard:
  . Fixed bug #73240 (Write out of bounds at number_format). (Stas)
  . Fixed bug #73017 (memory corruption in wordwrap function). (Stas)

- Stream:
  . Fixed bug #73069 (readfile() mangles files larger than 2G). (Laruence)

- Zip:
  . Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
    (cmb)

Revision 1.28.2.3 / (download) - annotate - [select for diffs], Sat Sep 24 17:21:18 2016 UTC (7 years ago) by bsiegert
Branch: pkgsrc-2016Q2
Changes since 1.28.2.2: +5 -5 lines
Diff to previous 1.28.2.2 (colored) to branchpoint 1.28 (colored) next main 1.29 (colored)

Pullup ticket #5105 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.156
- lang/php56/distinfo                                           1.34

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Sep 16 16:09:24 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.26 (PHP 5.6.26).

   15 Sep 2016, PHP 5.6.26

   - Core:
     . Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer
       (zend_gc.c:260)). (Laruence)

   - Dba:
     . Fixed bug #71514 (Bad dba_replace condition because of wrong API usage).
       (cmb)
     . Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
       (cmb)

   - EXIF:
     . Fixed bug #72926 (Uninitialized Thumbail Data Leads To Memory Leakage in
       exif_process_IFD_in_TIFF). (Stas)

   - FTP:
     . Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
       require_ssl_reuse). (Benedict Singer)

   - GD:
     . Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
       images). (cmb)
     . Fixed bug #72913 (imagecopy() loses single-color transparency on palette
       images). (cmb)
     . Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)

   - Intl:
     . Fixed bug #73007 (add locale length check). (Stas)

   - JSON:
     . Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka)

   - mbstring:
     . Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
     . Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by
       mb_ereg_match()). (Stas)

   - MSSQL:
     . Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)

   - Mysqlnd:
     . Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)

   - Phar:
     . Fixed bug #72928 (Out of bound when verify signature of zip phar in
       phar_parse_zipfile). (Stas)
     . Fixed bug #73035 (Out of bound when verify signature of tar phar in
       phar_parse_tarfile). (Stas)

   - PDO:
     . Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
       returns false). (cmb)

   - PDO_pgsql:
     . Implemented FR #72633 (Postgres PDO lastInsertId() should work without
       specifying a sequence). (Pablo Santiago Sa'nchez, Matteo)
     . Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)

   - SPL:
     . Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)

   - Standard:
     . Fixed bug #72823 (strtr out-of-bound access). (cmb)
     . Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
     . Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
       (cmb)
     . Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
       (cmb)
     . Fixed bug #73011 (integer overflow in fgets cause heap corruption). (Stas)
     . Fixed bug #73017 (memory corruption in wordwrap function). (Stas)
     . Fixed bug #73045 (integer overflow in fgetcsv caused heap corruption). (Stas)
     . Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)
       (Stas)

   - Streams:
     . Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)

   - Wddx:
     . Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
     . Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)

   - XML:
     . Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
     . Fixed bug #72927 (integer overflow in xml_utf8_encode). (Stas)

   - ZIP:
     . Fixed bug #68302 (impossible to compile php with zip support). (cmb)

Revision 1.34 / (download) - annotate - [select for diffs], Fri Sep 16 16:09:24 2016 UTC (7 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base
Branch point for: pkgsrc-2016Q3
Changes since 1.33: +5 -5 lines
Diff to previous 1.33 (colored)

Update php56 to 5.6.26 (PHP 5.6.26).

15 Sep 2016, PHP 5.6.26

- Core:
  . Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer
    (zend_gc.c:260)). (Laruence)

- Dba:
  . Fixed bug #71514 (Bad dba_replace condition because of wrong API usage).
    (cmb)
  . Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
    (cmb)

- EXIF:
  . Fixed bug #72926 (Uninitialized Thumbail Data Leads To Memory Leakage in
    exif_process_IFD_in_TIFF). (Stas)

- FTP:
  . Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
    require_ssl_reuse). (Benedict Singer)

- GD:
  . Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
    images). (cmb)
  . Fixed bug #72913 (imagecopy() loses single-color transparency on palette
    images). (cmb)
  . Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)

- Intl:
  . Fixed bug #73007 (add locale length check). (Stas)

- JSON:
  . Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka)

- mbstring:
  . Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
  . Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by
    mb_ereg_match()). (Stas)

- MSSQL:
  . Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)

- Mysqlnd:
  . Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)

- Phar:
  . Fixed bug #72928 (Out of bound when verify signature of zip phar in
    phar_parse_zipfile). (Stas)
  . Fixed bug #73035 (Out of bound when verify signature of tar phar in
    phar_parse_tarfile). (Stas)

- PDO:
  . Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
    returns false). (cmb)

- PDO_pgsql:
  . Implemented FR #72633 (Postgres PDO lastInsertId() should work without
    specifying a sequence). (Pablo Santiago Sánchez, Matteo)
  . Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)

- SPL:
  . Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)

- Standard:
  . Fixed bug #72823 (strtr out-of-bound access). (cmb)
  . Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
  . Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
    (cmb)
  . Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
    (cmb)
  . Fixed bug #73011 (integer overflow in fgets cause heap corruption). (Stas)
  . Fixed bug #73017 (memory corruption in wordwrap function). (Stas)
  . Fixed bug #73045 (integer overflow in fgetcsv caused heap corruption). (Stas)
  . Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)
    (Stas)

- Streams:
  . Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)

- Wddx:
  . Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
  . Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)

- XML:
  . Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
  . Fixed bug #72927 (integer overflow in xml_utf8_encode). (Stas)

- ZIP:
  . Fixed bug #68302 (impossible to compile php with zip support). (cmb)

Revision 1.28.2.2 / (download) - annotate - [select for diffs], Wed Sep 7 18:23:59 2016 UTC (7 years ago) by bsiegert
Branch: pkgsrc-2016Q2
Changes since 1.28.2.1: +5 -5 lines
Diff to previous 1.28.2.1 (colored) to branchpoint 1.28 (colored)

Pullup ticket #5094 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.149
- lang/php56/distinfo                                           1.33

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Aug 19 03:29:00 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.25 (PHP 5.6.25).

   18 Aug 2016, PHP 5.6.25

   - Bz2:
     . Fixed bug #72837 (integer overflow in bzdecompress caused heap
       corruption). (Stas)

   - Core:
     . Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
       (Taoguang Chen)
     . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
     . Fixed bug #72581 (previous property undefined in Exception after
       deserialization). (Laruence)
     . Implemented FR #72614 (Support "nmake test" on building extensions by
       phpize). (Yuji Uchiyama)
     . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
       (Yuji Uchiyama)
     . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
       __wakeup() in Deserialization). (Stas)
     . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)

   - Calendar:
     . Fixed bug #67976 (cal_days_month() fails for final month of the French
       calendar). (cmb)
     . Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
       zif_cal_from_jd). (cmb)

   - Curl:
     . Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
       (maroszek at gmx dot net)
     . Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
       (Pierrick)
     . Fixed bug #72807 (integer overflow in curl_escape caused heap
       corruption). (Stas)

   - DOM:
     . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)

   - Ereg:
     . Fixed bug #72838 (Integer overflow lead to heap corruption in
       sql_regcase). (Stas)

   - EXIF:
     . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
     . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)

   - Filter:
     . Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
       range). (bugs dot php dot net at majkl578 dot cz)

   - FPM:
     . Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
       (gooh)

   - GD:
     . Fixed bug #43828 (broken transparency of imagearc for truecolor in
       blendingmode). (cmb)
     . Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
     . Fixed bug #68712 (suspicious if-else statements). (cmb)
     . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
     . Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
     . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
     . Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
     . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
     . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)

   - Intl:
     . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
       names). (cmb)

   - mbstring:
     . Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
       (cmb)
     . Fixed bug #72693 (mb_ereg_search increments search position when a match
       zero-width). (cmb)
     . Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
       position). (cmb)
     . Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
       (ju1ius)

   - PCRE:
     . Fixed bug #72688 (preg_match missing group names in matches). (cmb)

   - PDO_pgsql:
     . Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)

   - Reflection:
     . Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
       (Nikita Nefedov)

   - SNMP:
     . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
       allocation). (djodjo at gmail dot com)

   - Standard:
     . Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
       UTF chars). (cmb)
     . Fixed bug #72836 (integer overflow in base64_decode). (Stas)
     . Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas)
     . Fixed bug #72849 (integer overflow in urlencode). (Stas)
     . Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
     . Fixed bug #72716 (initialize buffer before read). (Stas)

   - Streams:
     . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
     . Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
     . Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
       non-existent directories). (vhuk)
     . Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
       with IIS FTP 7.5, 8.5). (vhuk)
     . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
       attack). (Stas)

   - SPL:
     . Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer)
     . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
       character). (cmb)
     . Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)

   - SQLite3:
     . Implemented FR #72653 (SQLite should allow opening with empty filename).
       (cmb)

   - Wddx:
     . Fixed bug #72142 (WDDX Packet Injection Vulnerability in
       wddx_serialize_value()). (Taoguang Chen)
     . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
     . Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
     . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
       (Stas)
     . Fixed bug #72799 (wddx_deserialize null dereference in
       php_wddx_pop_element). (Stas)

Revision 1.33 / (download) - annotate - [select for diffs], Fri Aug 19 03:29:00 2016 UTC (7 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.32: +5 -5 lines
Diff to previous 1.32 (colored)

Update php56 to 5.6.25 (PHP 5.6.25).

18 Aug 2016, PHP 5.6.25

- Bz2:
  . Fixed bug #72837 (integer overflow in bzdecompress caused heap
    corruption). (Stas)

- Core:
  . Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
    (Taoguang Chen)
  . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
  . Fixed bug #72581 (previous property undefined in Exception after
    deserialization). (Laruence)
  . Implemented FR #72614 (Support "nmake test" on building extensions by
    phpize). (Yuji Uchiyama)
  . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
    (Yuji Uchiyama)
  . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
    __wakeup() in Deserialization). (Stas)
  . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)

- Calendar:
  . Fixed bug #67976 (cal_days_month() fails for final month of the French
    calendar). (cmb)
  . Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
    zif_cal_from_jd). (cmb)

- Curl:
  . Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
    (maroszek at gmx dot net)
  . Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
    (Pierrick)
  . Fixed bug #72807 (integer overflow in curl_escape caused heap
    corruption). (Stas)

- DOM:
  . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)

- Ereg:
  . Fixed bug #72838 (Integer overflow lead to heap corruption in
    sql_regcase). (Stas)

- EXIF:
  . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
  . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)

- Filter:
  . Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
    range). (bugs dot php dot net at majkl578 dot cz)

- FPM:
  . Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
    (gooh)

- GD:
  . Fixed bug #43828 (broken transparency of imagearc for truecolor in
    blendingmode). (cmb)
  . Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
  . Fixed bug #68712 (suspicious if-else statements). (cmb)
  . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
  . Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
  . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
  . Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
  . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
  . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)

- Intl:
  . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
    names). (cmb)

- mbstring:
  . Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
    (cmb)
  . Fixed bug #72693 (mb_ereg_search increments search position when a match
    zero-width). (cmb)
  . Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
    position). (cmb)
  . Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
    (ju1ius)

- PCRE:
  . Fixed bug #72688 (preg_match missing group names in matches). (cmb)

- PDO_pgsql:
  . Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)

- Reflection:
  . Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
    (Nikita Nefedov)

- SNMP:
  . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
    allocation). (djodjo at gmail dot com)

- Standard:
  . Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
    UTF chars). (cmb)
  . Fixed bug #72836 (integer overflow in base64_decode). (Stas)
  . Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas)
  . Fixed bug #72849 (integer overflow in urlencode). (Stas)
  . Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
  . Fixed bug #72716 (initialize buffer before read). (Stas)

- Streams:
  . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
  . Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
  . Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
    non-existent directories). (vhuk)
  . Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
    with IIS FTP 7.5, 8.5). (vhuk)
  . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
    attack). (Stas)

- SPL:
  . Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer)
  . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
    character). (cmb)
  . Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)

- SQLite3:
  . Implemented FR #72653 (SQLite should allow opening with empty filename).
    (cmb)

- Wddx:
  . Fixed bug #72142 (WDDX Packet Injection Vulnerability in
    wddx_serialize_value()). (Taoguang Chen)
  . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
  . Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
  . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
    (Stas)
  . Fixed bug #72799 (wddx_deserialize null dereference in
    php_wddx_pop_element). (Stas)

Revision 1.32 / (download) - annotate - [select for diffs], Sat Aug 13 17:34:41 2016 UTC (7 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

* Switch to use external gd (graphics/gd package).
* Use the same PKG_OPTIONS as graphics/gd.

Bump PKGREVISION of php-gd.

Revision 1.28.2.1 / (download) - annotate - [select for diffs], Thu Jul 28 14:58:39 2016 UTC (7 years, 1 month ago) by spz
Branch: pkgsrc-2016Q2
Changes since 1.28: +5 -5 lines
Diff to previous 1.28 (colored)

Pullup ticket #5069 - requested by taca
lang/php56: security update
lang/php: subsequent adjustment

Revisions pulled up:
- lang/php/phpversion.mk                                        1.143
- lang/php56/distinfo                                           1.29

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Jul 24 02:18:02 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.24 (PHP 5.6.24).

   21 Jul 2016, PHP 5.6.24

   - Core:
     . Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
       (mike dot laspina at gmail dot com, Remi)
     . Fixed bug #72496 (Cannot declare public method with signature incompatible
       with parent private method). (Pedro Magalhães)
     . Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
     . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
       virtual_file_ex). (loianhtuan at gmail dot com)
     . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
       Deserialization). (taoguangchen at icloud dot com)
     . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
       applications). (CVE-2016-5385) (Stas)

   - bz2:
     . Fixed bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at
       stealien dot com).
     . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)

   - EXIF:
     . Fixed bug #50845 (exif_read_data() returns corrupted exif headers).
       (Bartosz Dziewoski)
   - EXIF:
     . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
       (Stas)
     . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
       (Stas)

   - GD:
     . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
     . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
     . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
     . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
       access). (Pierre)
     . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
     . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
       (CVE-2016-6207) (Pierre)

   - Intl:
     . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)

   - ODBC:
     . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

   - OpenSSL:
     . Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe).
       (Jakub Zelenka)
     . Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params).
       (Jakub Zelenka)

   - SNMP:
     . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
       unserialize()). (taoguangchen at icloud dot com)

   - SPL:
     . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VLCIU)

   - SQLite3:
     . Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
       (cmb)

   - Streams:
     . Fixed bug #72439 (Stream socket with remote address leads to a segmentation
       fault). (Laruence)

   - Xmlrpc:
     . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
       (Stas)

   - Zip:
     . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
       php_stream_zip_opener). (loianhtuan at gmail dot com)


   To generate a diff of this commit:
   cvs rdiff -u -r1.142 -r1.143 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.28 -r1.29 pkgsrc/lang/php56/distinfo

Revision 1.31 / (download) - annotate - [select for diffs], Sun Jul 24 13:29:56 2016 UTC (7 years, 2 months ago) by jdolecek
Branch: MAIN
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)

fixup checksum for patches/patch-ext_recode_recode.c after adding the comment there

Revision 1.30 / (download) - annotate - [select for diffs], Sun Jul 24 13:27:23 2016 UTC (7 years, 2 months ago) by jdolecek
Branch: MAIN
Changes since 1.29: +2 -1 lines
Diff to previous 1.29 (colored)

add patch for ext/recode/recode.c so that the variable 'program_name' required by recode library is provided unconditionally; it should not depend on whether or not program without this symbol happens to compile

Revision 1.29 / (download) - annotate - [select for diffs], Sun Jul 24 02:18:02 2016 UTC (7 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.28: +5 -5 lines
Diff to previous 1.28 (colored)

Update php56 to 5.6.24 (PHP 5.6.24).

21 Jul 2016, PHP 5.6.24

- Core:
  . Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
    (mike dot laspina at gmail dot com, Remi)
  . Fixed bug #72496 (Cannot declare public method with signature incompatible
    with parent private method). (Pedro Magalhães)
  . Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
  . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
    virtual_file_ex). (loianhtuan at gmail dot com)
  . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
    Deserialization). (taoguangchen at icloud dot com)
  . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
    applications). (CVE-2016-5385) (Stas)

- bz2:
  . Fixed bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at
    stealien dot com).
  . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)

- EXIF:
  . Fixed bug #50845 (exif_read_data() returns corrupted exif headers).
    (Bartosz Dziewoski)
- EXIF:
  . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
    (Stas)
  . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
    (Stas)

- GD:
  . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
  . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
  . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
  . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
    access). (Pierre)
  . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
  . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
    (CVE-2016-6207) (Pierre)

- Intl:
  . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)

- ODBC:
  . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

- OpenSSL:
  . Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe).
    (Jakub Zelenka)
  . Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params).
    (Jakub Zelenka)

- SNMP:
  . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
    unserialize()). (taoguangchen at icloud dot com)

- SPL:
  . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VLCIU)

- SQLite3:
  . Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
    (cmb)

- Streams:
  . Fixed bug #72439 (Stream socket with remote address leads to a segmentation
    fault). (Laruence)

- Xmlrpc:
  . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
    (Stas)

- Zip:
  . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
    php_stream_zip_opener). (loianhtuan at gmail dot com)

Revision 1.25.2.3 / (download) - annotate - [select for diffs], Tue Jun 28 19:37:34 2016 UTC (7 years, 2 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.25.2.2: +5 -5 lines
Diff to previous 1.25.2.2 (colored) to branchpoint 1.25 (colored) next main 1.26 (colored)

Pullup ticket #5051 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.140
- lang/php56/Makefile                                           1.12
- lang/php56/distinfo                                           1.28

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jun 24 15:25:21 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: Makefile distinfo

   Log Message:
   Update php56 to 5.6.23 (PHP 5.6.23), including security fixes.

   pkgsrc change: remove confiugre from SUBST_FILES.path.

   23 Jun 2016, PHP 5.6.23

   - Core:
     . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
       json_utf8_to_utf16()). (Stas)
     . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
     . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)

   - GD:
     . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
     . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
     . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
       heap overflow). (Pierre)
     . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
     . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
       in heap overflow). (Pierre)

   - Intl:
     . Fixed bug #70484 (selectordinal doesn't work with named parameters).
       (Anatol)

   - mbstring:
      . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)

   - mcrypt:
      . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)

   - Phar:
     . Fixed bug #72321 (invalid free in phar_extract_file()).
       (hji at dyntopia dot com)

   - SPL:
     . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
     . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
       unserialize). (Dmitry)

   - OpenSSL:
     . Fixed bug #72140 (segfault after calling ERR_free_strings()).
       (Jakub Zelenka)

   - WDDX:
     . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)

   - zip:
     . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
       algorithm and unserialize). (Dmitry)

Revision 1.28 / (download) - annotate - [select for diffs], Fri Jun 24 15:25:21 2016 UTC (7 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base
Branch point for: pkgsrc-2016Q2
Changes since 1.27: +5 -5 lines
Diff to previous 1.27 (colored)

Update php56 to 5.6.23 (PHP 5.6.23), including security fixes.

pkgsrc change: remove confiugre from SUBST_FILES.path.

23 Jun 2016, PHP 5.6.23

- Core:
  . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
    json_utf8_to_utf16()). (Stas)
  . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
  . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)

- GD:
  . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
  . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
  . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
    heap overflow). (Pierre)
  . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
  . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
    in heap overflow). (Pierre)

- Intl:
  . Fixed bug #70484 (selectordinal doesn't work with named parameters).
    (Anatol)

- mbstring:
   . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)

- mcrypt:
   . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)

- Phar:
  . Fixed bug #72321 (invalid free in phar_extract_file()).
    (hji at dyntopia dot com)

- SPL:
  . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
  . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
    unserialize). (Dmitry)

- OpenSSL:
  . Fixed bug #72140 (segfault after calling ERR_free_strings()).
    (Jakub Zelenka)

- WDDX:
  . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)

- zip:
  . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
    algorithm and unserialize). (Dmitry)

Revision 1.25.2.2 / (download) - annotate - [select for diffs], Sat Jun 4 19:50:02 2016 UTC (7 years, 3 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.25.2.1: +5 -5 lines
Diff to previous 1.25.2.1 (colored) to branchpoint 1.25 (colored)

Pullup ticket #5035 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.137
- lang/php56/DESCR                                              1.2
- lang/php56/distinfo                                           1.27

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon May 16 04:13:59 UTC 2016

   Modified Files:
   	pkgsrc/lang/php56: DESCR

   Log Message:
   This package is not for PHP 5.5.x but 5.6.x.  Noted by Edgar Fu_ via
   privaet E-mail.

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri May 27 13:28:07 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.22 (PHP 5.6.22), including security fix.

   26 May 2016, PHP 5.6.22

   - Core:
     . Fixed bug #72172 (zend_hex_strtod should not use strlen).
       (bwitz at hotmail dot com )
     . Fixed bug #72114 (Integer underflow / arbitrary null write in
       fread/gzread). (Stas)
     . Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)

   - GD:
     . Fixed bug #72227 (imagescale out-of-bounds read). (Stas)

   - Intl
     . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
     . Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas)

   - Postgres:
     . Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)

Revision 1.27 / (download) - annotate - [select for diffs], Fri May 27 13:28:07 2016 UTC (7 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.26: +5 -5 lines
Diff to previous 1.26 (colored)

Update php56 to 5.6.22 (PHP 5.6.22), including security fix.

26 May 2016, PHP 5.6.22

- Core:
  . Fixed bug #72172 (zend_hex_strtod should not use strlen).
    (bwitz at hotmail dot com )
  . Fixed bug #72114 (Integer underflow / arbitrary null write in
    fread/gzread). (Stas)
  . Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)

- GD:
  . Fixed bug #72227 (imagescale out-of-bounds read). (Stas)

- Intl
  . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
  . Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas)

- Postgres:
  . Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)

Revision 1.25.2.1 / (download) - annotate - [select for diffs], Sun May 8 14:08:45 2016 UTC (7 years, 4 months ago) by bsiegert
Branch: pkgsrc-2016Q1
Changes since 1.25: +7 -8 lines
Diff to previous 1.25 (colored)

Pullup ticket #4973 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.134
- lang/php56/distinfo                                           1.26
- lang/php56/patches/patch-configure                            1.3
- lang/php56/patches/patch-ext_opcache_config.m4                deleted
- lang/php56/patches/patch-ext_standard_php__dns.h              1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon May  2 13:08:00 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo
   	pkgsrc/lang/php56/patches: patch-configure
   	    patch-ext_standard_php__dns.h
   Removed Files:
   	pkgsrc/lang/php56/patches: patch-ext_opcache_config.m4

   Log Message:
   Update php56 to 5.6.21.

   pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
   pkgsrc-users@.

   28 Apr 2016, PHP 5.6.21

   - Core:
    . Fixed bug #69537 (__debugInfo with empty string for key gives error).
      (krakjoe)
    . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)

   - BCmath:
    . Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
      _one_ definition). (Stas)

   - Curl:
    . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
      (Michael Sierks)

   - Date:
    . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)

   - EXIF:
    . Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas)

   - GD:
    . Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas)
    . Fixed bug #71912 (libgd: signedness vulnerability). (Stas)

   - Intl:
    . Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
      offset). (Stas)

   - OCI8:
    . Fixed bug #71422 (Fix ORA-01438: value larger than specified precision
      allowed for this column). (Chris Jones)

   - ODBC:
    . Fixed bug #63171 (Script hangs after max_execution_time). (Remi)

   - Opcache:
    . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
      (Laruence)

   - PDO:
    . Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
      (Daniel Kalaspuffar, Julien)
    . Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)

   - Postgres:
    . Fixed bug #71820 (pg_fetch_object binds parameters before call
      constructor). (Anatol)

   - SPL:
    . Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
      offsetExists()). (Nikita)

   - Standard:
    . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
    . Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
      _REENTRANT is not defined). (Nikita)

   - XML:
    . Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)

Revision 1.26 / (download) - annotate - [select for diffs], Mon May 2 13:08:00 2016 UTC (7 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.25: +7 -8 lines
Diff to previous 1.25 (colored)

Update php56 to 5.6.21.

pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
pkgsrc-users@.

28 Apr 2016, PHP 5.6.21

- Core:
  . Fixed bug #69537 (__debugInfo with empty string for key gives error).
    (krakjoe)
  . Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)

- BCmath:
  . Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
    _one_ definition). (Stas)

- Curl:
  . Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
    (Michael Sierks)

- Date:
  . Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)

- EXIF:
  . Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas)

- GD:
  . Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas)
  . Fixed bug #71912 (libgd: signedness vulnerability). (Stas)

- Intl:
  . Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
    offset). (Stas)

- OCI8:
  . Fixed bug #71422 (Fix ORA-01438: value larger than specified precision
    allowed for this column). (Chris Jones)

- ODBC:
  . Fixed bug #63171 (Script hangs after max_execution_time). (Remi)

- Opcache:
  . Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
    (Laruence)

- PDO:
  . Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
    (Daniel Kalaspuffar, Julien)
  . Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)

- Postgres:
  . Fixed bug #71820 (pg_fetch_object binds parameters before call
    constructor). (Anatol)

- SPL:
  . Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
    offsetExists()). (Nikita)

- Standard:
  . Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
  . Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
    _REENTRANT is not defined). (Nikita)

- XML:
  . Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)

Revision 1.25 / (download) - annotate - [select for diffs], Sat Apr 2 09:00:25 2016 UTC (7 years, 5 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base
Branch point for: pkgsrc-2016Q1
Changes since 1.24: +6 -5 lines
Diff to previous 1.24 (colored)

Update php56 to 5.6.20, including security fix.
Add add an patch to fix memory leak noted from Zafer Aydon via
private mail.

31 Mar 2016, PHP 5.6.20

- CLI Server:
  . Fixed bug #69953 (Support MKCALENDAR request method). (Christoph)

- Core:
  . Fixed bug #71596 (Segmentation fault on ZTS with date function
    (setlocale)). (Anatol)

- Curl:
  . Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw)

- Date:
  . Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt)

- Fileinfo:
  . Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic
    file). (Anatol)

- Mbstring:
  . Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
    mbfl_strcut). (Stas)

- ODBC:
  . Fixed bug #47803, #69526 (Executing prepared statements is succesfull only
    for the first two statements). (einavitamar at gmail dot com, Anatol)
  . Fixed bug #71860 (Invalid memory write in phar on filename with \0 in
    name). (Stas)

- PDO_DBlib:
  . Bug #54648 (PDO::MSSQL forces format of datetime fields).
    (steven dot lambeth at gmx dot de, Anatol)

- Phar:
  . Fixed bug #71625 (Crash in php7.dll with bad phar filename).
    (Anatol)
  . Fixed bug #71504 (Parsing of tar file with duplicate filenames causes
    memory leak). (Jos Elstgeest)

- SNMP:
  . Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
    (andrew at jmpesp dot org)

- Standard
  . Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
    (taoguangchen at icloud dot com, Stas)

Revision 1.20.2.3 / (download) - annotate - [select for diffs], Tue Mar 8 15:37:56 2016 UTC (7 years, 6 months ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.20.2.2: +5 -5 lines
Diff to previous 1.20.2.2 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored)

Pullup ticket #4945 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.127
- lang/php56/distinfo                                           1.24

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Mar  5 05:18:51 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.19 (PHP 5.6.19), including security fixes.

   03 Mar 2016, PHP 5.6.19

   - CLI server:
     . Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
       (Johannes, Anatol)

   - CURL:
     . Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes
       while curl_multi_exec). (Laruence)

   - Date:
     . Fixed bug #68078 (Datetime comparisons ignore microseconds). (Willem-Jan
       Zijderveld)
     . Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time,
       causing date_date_set issues). (Sean DuBois)

   - Fileinfo:
     . Fixed bug #71434 (finfo throws notice for specific python file). (Laruence)

   - FPM:
     . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi
       setup). (Matt Haught, Remi)

   - Opcache:
     . Fixed bug  #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
       (Yussuf Khalil)

   - PDO MySQL:
     . Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita)

   - Phar:
     . Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()). (Stas)

   - Standard:
     . Fixed bug #70720 (strip_tags improper php code parsing). (Julien)

   - WDDX:
     . Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize). (Stas)

   - XSL:
     . Fixed bug #71540 (NULL pointer dereference in xsl_ext_function_php()).
       (Stas)

   - Zip:
     . Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence)

Revision 1.24 / (download) - annotate - [select for diffs], Sat Mar 5 05:18:51 2016 UTC (7 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.23: +5 -5 lines
Diff to previous 1.23 (colored)

Update php56 to 5.6.19 (PHP 5.6.19), including security fixes.

03 Mar 2016, PHP 5.6.19

- CLI server:
  . Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
    (Johannes, Anatol)

- CURL:
  . Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes
    while curl_multi_exec). (Laruence)

- Date:
  . Fixed bug #68078 (Datetime comparisons ignore microseconds). (Willem-Jan
    Zijderveld)
  . Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time,
    causing date_date_set issues). (Sean DuBois)

- Fileinfo:
  . Fixed bug #71434 (finfo throws notice for specific python file). (Laruence)

- FPM:
  . Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi
    setup). (Matt Haught, Remi)

- Opcache:
  . Fixed bug  #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
    (Yussuf Khalil)

- PDO MySQL:
  . Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita)

- Phar:
  . Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()). (Stas)

- Standard:
  . Fixed bug #70720 (strip_tags improper php code parsing). (Julien)

- WDDX:
  . Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize). (Stas)

- XSL:
  . Fixed bug #71540 (NULL pointer dereference in xsl_ext_function_php()).
    (Stas)

- Zip:
  . Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence)

Revision 1.23 / (download) - annotate - [select for diffs], Wed Feb 17 01:17:16 2016 UTC (7 years, 7 months ago) by jklos
Branch: MAIN
Changes since 1.22: +2 -1 lines
Diff to previous 1.22 (colored)

Same as other php versions - selectively enable just-in-time support in
PCRE for supported architectures.
https://mail-index.netbsd.org/pkgsrc-bugs/2015/09/13/msg057792.html

Revision 1.20.2.2 / (download) - annotate - [select for diffs], Wed Feb 10 20:36:47 2016 UTC (7 years, 7 months ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.20.2.1: +5 -5 lines
Diff to previous 1.20.2.1 (colored) to branchpoint 1.20 (colored)

Pullup ticket #4917 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.124
- lang/php56/distinfo                                           1.22

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Feb  6 07:13:02 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.18 (PHP 5.6.18).

   04 Feb 2016, PHP 5.6.18

   - Core:
     . Fixed bug #71039 (exec functions ignore length but look for NULL termination).
       (Anatol)
     . Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
     . Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
     . Added support for new HTTP 451 code. (Julien)
     . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
       (Anatol)
     . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
       input). (Leo Gaspard)
     . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)

   - Apache2handler:
     . Fix >2G Content-Length headers in apache2handler. (Adam Harvey)

   - FTP:
     . Implemented FR #55651 (Option to ignore the returned FTP PASV address).
       (abrender at elitehosts dot com)

   - Opcache:
     . Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
     . Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32
       on the same server). (Anatol)

   - Phar:
     . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
     . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
       (Stas)
     . Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)

   - Session:
     . Fixed bug #69111 (Crash in SessionHandler::read()). (Anatol)

   - SOAP:
     . Fixed bug #70979 (crash with bad soap request). (Anatol)

   - SPL:
     . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
       (Laruence)

   - WDDX:
     . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)

Revision 1.22 / (download) - annotate - [select for diffs], Sat Feb 6 07:13:02 2016 UTC (7 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.21: +5 -5 lines
Diff to previous 1.21 (colored)

Update php56 to 5.6.18 (PHP 5.6.18).

04 Feb 2016, PHP 5.6.18

- Core:
  . Fixed bug #71039 (exec functions ignore length but look for NULL termination).
    (Anatol)
  . Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
  . Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
  . Added support for new HTTP 451 code. (Julien)
  . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
    (Anatol)
  . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
    input). (Leo Gaspard)
  . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)

- Apache2handler:
  . Fix >2G Content-Length headers in apache2handler. (Adam Harvey)

- FTP:
  . Implemented FR #55651 (Option to ignore the returned FTP PASV address).
    (abrender at elitehosts dot com)

- Opcache:
  . Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
  . Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32
    on the same server). (Anatol)

- Phar:
  . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
  . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
    (Stas)
  . Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)

- Session:
  . Fixed bug #69111 (Crash in SessionHandler::read()). (Anatol)

- SOAP:
  . Fixed bug #70979 (crash with bad soap request). (Anatol)

- SPL:
  . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
    (Laruence)

- WDDX:
  . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)

Revision 1.20.2.1 / (download) - annotate - [select for diffs], Sun Jan 17 19:25:16 2016 UTC (7 years, 8 months ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.20: +5 -5 lines
Diff to previous 1.20 (colored)

Pullup ticket #4892 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.121
- lang/php56/distinfo                                           1.21

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Jan  8 03:28:20 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php56: distinfo

   Log Message:
   Update php55 to 5.6.17, including security fix.

   07 Jan 2016, PHP 5.6.17

   - Core:
     . Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
     . Fixed bug #70958 (Invalid opcode while using ::class as trait method
       paramater default value). (Laruence)
     . Fixed bug #70957 (self::class can not be resolved with reflection for
       abstract class). (Laruence)
     . Fixed bug #70944 (try{ } finally{} can create infinite chains of
       exceptions). (Laruence)
     . Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
       php_register_internal_extensions). (Lior Kaplan)

   - FPM:
     . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)

   - GD:
     . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
       Out of Bounds). (emmanuel dot law at gmail dot com).

   - Mysqlnd:
     . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
       (Laruence)

   - SOAP:
     . Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)

   - Standard:
     . Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
       of parameters). (Laruence)

   - PDO_Firebird:
     . Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)

   - WDDX:
     . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
       (taoguangchen at icloud dot com)
     . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
       Vulnerability). (taoguangchen at icloud dot com)

   - XMLRPC:
     . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
       (Julien)

Revision 1.21 / (download) - annotate - [select for diffs], Fri Jan 8 03:28:20 2016 UTC (7 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.20: +5 -5 lines
Diff to previous 1.20 (colored)

Update php55 to 5.6.17, including security fix.

07 Jan 2016, PHP 5.6.17

- Core:
  . Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
  . Fixed bug #70958 (Invalid opcode while using ::class as trait method
    paramater default value). (Laruence)
  . Fixed bug #70957 (self::class can not be resolved with reflection for
    abstract class). (Laruence)
  . Fixed bug #70944 (try{ } finally{} can create infinite chains of
    exceptions). (Laruence)
  . Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
    php_register_internal_extensions). (Lior Kaplan)

- FPM:
  . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)

- GD:
  . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
    Out of Bounds). (emmanuel dot law at gmail dot com).

- Mysqlnd:
  . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
    (Laruence)

- SOAP:
  . Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)

- Standard:
  . Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
    of parameters). (Laruence)

- PDO_Firebird:
  . Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)

- WDDX:
  . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
    (taoguangchen at icloud dot com)
  . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
    Vulnerability). (taoguangchen at icloud dot com)

- XMLRPC:
  . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
    (Julien)

Revision 1.20 / (download) - annotate - [select for diffs], Sat Nov 28 07:09:38 2015 UTC (7 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Changes since 1.19: +5 -5 lines
Diff to previous 1.19 (colored)

Update php56 to 5.6.16 (PHP 5.6.16).

26 Nov 2015, PHP 5.6.16

- Core:
  . Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a
    non-existent constant). (Laruence)
  . Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
    (Laruence)

- Mysqlnd:
  . Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
    validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
        connection flag. (Andrey)

- OCI8:
  . Fixed bug #68298 (OCI int overflow). (Senthil)

- PDO_DBlib:
  . Fixed bug #69757 (Segmentation fault on nextRowset).
    (miracle at rpz dot name)

- SOAP:
  . Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace
    attribute). (Matteo)

- SPL:
  . Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject).
    (Reeze Xia)

Revision 1.19 / (download) - annotate - [select for diffs], Wed Nov 4 17:41:19 2015 UTC (7 years, 10 months ago) by agc
Branch: MAIN
Changes since 1.18: +1 -2 lines
Diff to previous 1.18 (colored)

Remove duplicate SHA512 digests that crept in.

Revision 1.18 / (download) - annotate - [select for diffs], Tue Nov 3 22:50:41 2015 UTC (7 years, 10 months ago) by agc
Branch: MAIN
Changes since 1.17: +2 -1 lines
Diff to previous 1.17 (colored)

Add SHA512 digests for distfiles for lang category

Problems found with existing digests:
	Package nhc98 distfile nhc98src-1.22.tar.gz
	a8adc8f22371998ee0657bc0e01058a57d876abc [recorded]
	81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated]

Problems found locating distfiles:
	Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
	Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
	Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
	Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz
	Package icc11: missing distfile l_cproc_p_11.1.080.tgz
	Package jini: missing distfile jini-1_2_1_001-src.zip
	Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
	Package openjdk7: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
	Package openjdk8: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
	Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz
	Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz
	Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz
	Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz
	Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin
	Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh
	Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz
	Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz
	Package sun-jre6: missing distfile jce_policy-6.zip
	Package sun-jre6: missing distfile jre-6u45-linux-x64.bin
	Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh
	Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz
	Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.17 / (download) - annotate - [select for diffs], Sat Oct 31 01:58:37 2015 UTC (7 years, 10 months ago) by taca
Branch: MAIN
Changes since 1.16: +5 -4 lines
Diff to previous 1.16 (colored)

Update php56 to 5.6.15.

29 Oct 2015, PHP 5.6.15

- Core:
  . Fixed bug #70681 (Segfault when binding $this of internal instance method
    to null). (Nikita)
  . Fixed bug #70685 (Segfault for getClosure() internal method rebind with
    invalid $this). (Nikita)

- Date:
  . Fixed bug #70619 (DateTimeImmutable segfault). (Laruence)

- Mcrypt:
  . Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was
    specified under RC4). (Nikita)

- Mysqlnd:
  . Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
   (Andrey)
  . Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)

- Opcache:
  . Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer).
    (Laruence)
  . Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()). (Laruence)
  . Fixed bug #70601 (Segfault in gc_remove_from_buffer()). (Laruence)
  . Fixed compatibility with Windows 10 (see also bug #70652). (Anatol)

Revision 1.15.2.1 / (download) - annotate - [select for diffs], Sun Oct 4 14:03:38 2015 UTC (7 years, 11 months ago) by bsiegert
Branch: pkgsrc-2015Q3
Changes since 1.15: +5 -7 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)

Pullup ticket #4832 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.114
- lang/php56/distinfo                                           1.16
- lang/php56/patches/patch-aclocal.m4                           deleted
- lang/php56/patches/patch-build_libtool.m4                     deleted
- lang/php56/patches/patch-configure                            1.2

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Oct  2 14:37:40 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo
   	pkgsrc/lang/php56/patches: patch-configure
   Removed Files:
   	pkgsrc/lang/php56/patches: patch-aclocal.m4 patch-build_libtool.m4

   Log Message:
   Update php56 to 5.6.14.

   01 Oct 2015, PHP 5.6.14

   - Core:
     . Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
       building extensions). (Adam)

   - CLI server:
     . Fixed bug #68291 (404 on urls with '+'). (cmb)

   - DOM:
     . Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity
       encoding). (cmb)

   - Mysqlnd:
     . Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
       a server). (Sergei Turchanov)

   - OpenSSL:
     . Fixed bug #55259 (openssl extension does not get the DH parameters from
       DH key resource). (Jakub Zelenka)
     . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
     . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
     . Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)

   - PDO:
     . Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)

   - Phar:
     . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
     . FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
       entry filename is "/"). (Stas)

   - Phpdbg:
     . Fix phpdbg_break_next() sometimes not breaking. (Bob)

   - Standard:
     . Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)

   - Streams:
     . Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
       (Niklas Keller)

   - Zip:
     . Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb)

Revision 1.16 / (download) - annotate - [select for diffs], Fri Oct 2 14:37:39 2015 UTC (7 years, 11 months ago) by taca
Branch: MAIN
Changes since 1.15: +5 -7 lines
Diff to previous 1.15 (colored)

Update php56 to 5.6.14.

01 Oct 2015, PHP 5.6.14

- Core:
  . Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
    building extensions). (Adam)

- CLI server:
  . Fixed bug #68291 (404 on urls with '+'). (cmb)

- DOM:
  . Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity
    encoding). (cmb)

- Mysqlnd:
  . Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
    a server). (Sergei Turchanov)

- OpenSSL:
  . Fixed bug #55259 (openssl extension does not get the DH parameters from
    DH key resource). (Jakub Zelenka)
  . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
  . Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
  . Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)

- PDO:
  . Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)

- Phar:
  . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
  . FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
    entry filename is "/"). (Stas)

- Phpdbg:
  . Fix phpdbg_break_next() sometimes not breaking. (Bob)

- Standard:
  . Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)

- Streams:
  . Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
    (Niklas Keller)

- Zip:
  . Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb)

Revision 1.15 / (download) - annotate - [select for diffs], Sun Sep 6 12:27:43 2015 UTC (8 years ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base
Branch point for: pkgsrc-2015Q3
Changes since 1.14: +4 -4 lines
Diff to previous 1.14 (colored)

Update php55 to 5.6.13 including security fixes.

03 Sep 2015, PHP 5.6.13

- Core:
  . Fixed bug #69900 (Too long timeout on pipes). (Anatol)
  . Fixed bug #69487 (SAPI may truncate POST data). (cmb)
  . Fixed bug #70198 (Checking liveness does not work as expected).
    (Shafreeck Sea, Anatol Belski)
  . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
  . Fixed bug #70219 (Use after free vulnerability in session deserializer).
    (taoguangchen at icloud dot com)

- CLI server:
  . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
    (wusuopu, cmb)
  . Fixed bug #70264 (CLI server directory traversal). (cmb)

- Date:
  . Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to
    be optional). (cmb)
  . Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
    (cmb)

- EXIF:
  . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
    value of 32 bytes). (Stas)

- hash:
  . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
    at naver dot com)

- MCrypt:
  . Fixed bug #69833 (mcrypt fd caching not working). (Anatol)

- Opcache:
  . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
    on CLI enabled). (Dmitry, Laruence)

- PCRE:
  . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
    match). (cmb)
  . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
    (Anatol Belski)

- SOAP:
  . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
    (Stas)

- SPL:
  . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
    ob_start). (hugh at allthethings dot co dot nz)
  . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
  . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
    SplObjectStorage). (taoguangchen at icloud dot com)
  . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
    SplDoublyLinkedList). (taoguangchen at icloud dot com)

- Standard:
  . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
    (cmb)
  . Fixed bug #70157 (parse_ini_string() segmentation fault with
    INI_SCANNER_TYPED). (Tjerk)

- XSLT:
  . Fixed bug #69782 (NULL pointer dereference). (Stas)

- ZIP:
  . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
    creating directories). (neal at fb dot com)

Revision 1.12.2.2 / (download) - annotate - [select for diffs], Wed Aug 12 20:17:12 2015 UTC (8 years, 1 month ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.12.2.1: +3 -3 lines
Diff to previous 1.12.2.1 (colored) to branchpoint 1.12 (colored) next main 1.13 (colored)

Pullup ticket #4792 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.108
- lang/php56/distinfo                                           1.14

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Aug  8 00:13:36 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.12.

   06 Aug 2015, PHP 5.6.12

   - Core:
     . Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
     . Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
     . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
       method calls). (Stas)
     . Fixed bug #69892 (Different arrays compare indentical due to integer key
       truncation). (Nikita)
     . Fixed bug #70121 (unserialize() could lead to unexpected methods execution
       / NULL pointer deref). (Stas)

   - CLI server:
     . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
     . Fixed bug #64878 (304 responses return Content-Type header). (cmb)

   - GD:
     . Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
     . Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
     . Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
     . Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
     . Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
     . Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
     . Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
     . Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
     . Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
     . Fixed bug #68714 (copy 'n paste error). (cmb)
     . Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
     . Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)

   - ODBC:
     . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
       columns). (cmb)

   - OpenSSL:
     . Fixed bug #69882 (OpenSSL error key values mismatch after
       openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
     . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
       secure). (Stas)

   - Phar:
     . Improved fix for bug #69441. (Anatol Belski)
     . Fixed bug #70019 (Files extracted from archive may be placed outside of
       destination directory). (Anatol Belski)

   - SOAP:
     . Fixed bug #70081 (SoapClient info leak / null pointer dereference via
       multiple type confusions). (Stas)

   - SPL:
     . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
       items). (sean.heelan)
     . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
       SPLArrayObject). (taoguangchen at icloud dot com)
     . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
       SplObjectStorage). (taoguangchen at icloud dot com)
     . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
       SplDoublyLinkedList). (taoguangchen at icloud dot com)

   - Standard:
     . Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)

Revision 1.14 / (download) - annotate - [select for diffs], Sat Aug 8 00:13:36 2015 UTC (8 years, 1 month ago) by taca
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)

Update php56 to 5.6.12.

06 Aug 2015, PHP 5.6.12

- Core:
  . Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
  . Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
  . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
    method calls). (Stas)
  . Fixed bug #69892 (Different arrays compare indentical due to integer key
    truncation). (Nikita)
  . Fixed bug #70121 (unserialize() could lead to unexpected methods execution
    / NULL pointer deref). (Stas)

- CLI server:
  . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
  . Fixed bug #64878 (304 responses return Content-Type header). (cmb)

- GD:
  . Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
  . Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
  . Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
  . Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
  . Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
  . Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
  . Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
  . Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
  . Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
  . Fixed bug #68714 (copy 'n paste error). (cmb)
  . Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
  . Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)

- ODBC:
  . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
    columns). (cmb)

- OpenSSL:
  . Fixed bug #69882 (OpenSSL error ey values mismatchafter
    openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
  . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
    secure). (Stas)

- Phar:
  . Improved fix for bug #69441. (Anatol Belski)
  . Fixed bug #70019 (Files extracted from archive may be placed outside of
    destination directory). (Anatol Belski)

- SOAP:
  . Fixed bug #70081 (SoapClient info leak / null pointer dereference via
    multiple type confusions). (Stas)

- SPL:
  . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
    items). (sean.heelan)
  . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
    SPLArrayObject). (taoguangchen at icloud dot com)
  . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
    SplObjectStorage). (taoguangchen at icloud dot com)
  . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
    SplDoublyLinkedList). (taoguangchen at icloud dot com)

- Standard:
  . Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)

Revision 1.12.2.1 / (download) - annotate - [select for diffs], Tue Jul 14 22:14:30 2015 UTC (8 years, 2 months ago) by tron
Branch: pkgsrc-2015Q2
Changes since 1.12: +4 -5 lines
Diff to previous 1.12 (colored)

Pullup ticket #4774 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.105
- lang/php56/Makefile                                           1.7
- lang/php56/distinfo                                           1.13
- lang/php56/patches/patch-ext_spl_spl__heap.c                  deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Jul 11 00:31:01 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: Makefile distinfo
   Removed Files:
   	pkgsrc/lang/php56/patches: patch-ext_spl_spl__heap.c

   Log Message:
   Update php56 to 5.6.11.

   10 Jul 2015, PHP 5.6.11

   - Core:
     . Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
     . Fixed bug #69703 (Use __builtin_clzl on PowerPC).
       (dja at axtens dot net, Kalle)
     . Fixed bug #69732 (can induce segmentation fault with basic php code).
       (Dmitry)
     . Fixed bug #69642 (Windows 10 reported as Windows 8).
       (Christian Wenz, Anatol Belski)
     . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
       fault). (Christoph M. Becker)
     . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
       7/8/8.1/10 as "Business"). (Christian Wenz)
     . Fixed bug #69740 (finally in generator (yield) swallows exception in
       iteration). (Nikita)
     . Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
       (Christian Wenz)
     . Fixed bug #69892 (Different arrays compare indentical due to integer key
       truncation). (Nikita)
     . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
       from fix to bug #68776. (Yasuo)

   - GD:
     . Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)

   - GMP:
     . Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP
       number). (Nikita)

   - PCRE:
     . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
       string). (cmb)
     . Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)

   - PDO_pgsql:
     . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
       Statements when closeCuror() is u). (Philip Hofstetter)
     . Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
       leading single quote). (Matteo)
     . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
       (Matteo)

   - SimpleXML:
     . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
       node name). (Christoph Michael Becker)

   - SPL:
     . Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
       (Stas)
     . Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
     . Fixed bug #69970 (Use-after-free vulnerability in
       spl_recursive_it_move_forward_ex()). (Laruence)

   - Sqlite3:
     . Fixed bug #69972 (Use-after-free vulnerability in
       sqlite3SafetyCheckSickOrOk()). (Laruence)

Revision 1.13 / (download) - annotate - [select for diffs], Sat Jul 11 00:31:01 2015 UTC (8 years, 2 months ago) by taca
Branch: MAIN
Changes since 1.12: +4 -5 lines
Diff to previous 1.12 (colored)

Update php56 to 5.6.11.

10 Jul 2015, PHP 5.6.11

- Core:
  . Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
  . Fixed bug #69703 (Use __builtin_clzl on PowerPC).
    (dja at axtens dot net, Kalle)
  . Fixed bug #69732 (can induce segmentation fault with basic php code).
    (Dmitry)
  . Fixed bug #69642 (Windows 10 reported as Windows 8).
    (Christian Wenz, Anatol Belski)
  . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
    fault). (Christoph M. Becker)
  . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
    7/8/8.1/10 as "Business"). (Christian Wenz)
  . Fixed bug #69740 (finally in generator (yield) swallows exception in
    iteration). (Nikita)
  . Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
    (Christian Wenz)
  . Fixed bug #69892 (Different arrays compare indentical due to integer key
    truncation). (Nikita)
  . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
    from fix to bug #68776. (Yasuo)

- GD:
  . Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)

- GMP:
  . Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP
    number). (Nikita)

- PCRE:
  . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
    string). (cmb)
  . Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)

- PDO_pgsql:
  . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
    Statements when closeCuror() is u). (Philip Hofstetter)
  . Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
    leading single quote). (Matteo)
  . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
    (Matteo)

- SimpleXML:
  . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
    node name). (Christoph Michael Becker)

- SPL:
  . Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
    (Stas)
  . Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
  . Fixed bug #69970 (Use-after-free vulnerability in
    spl_recursive_it_move_forward_ex()). (Laruence)

- Sqlite3:
  . Fixed bug #69972 (Use-after-free vulnerability in
    sqlite3SafetyCheckSickOrOk()). (Laruence)

Revision 1.12 / (download) - annotate - [select for diffs], Sun Jun 28 15:35:33 2015 UTC (8 years, 3 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base
Branch point for: pkgsrc-2015Q2
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)

Add fix to https://bugs.php.net/bug.php?id=69737.

Bump PKGREVISION.

Revision 1.8.2.3 / (download) - annotate - [select for diffs], Sat Jun 13 11:00:12 2015 UTC (8 years, 3 months ago) by tron
Branch: pkgsrc-2015Q1
Changes since 1.8.2.2: +4 -4 lines
Diff to previous 1.8.2.2 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored)

Pullup ticket #4749 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.101
- lang/php56/distinfo                                           1.11
- lang/php56/patches/patch-ext_phar_Makefile.frag               1.3

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jun 12 00:47:03 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo
   	pkgsrc/lang/php56/patches: patch-ext_phar_Makefile.frag

   Log Message:
   Update php56 to 5.6.10.

   11 Jun 2015, PHP 5.6.10

   - Core:
     . Fixed bug #66048 (temp. directory is cached during multiple requests).
       (Julien)
     . Fixed bug #69566 (Conditional jump or move depends on uninitialised value
       in extension trait). (jbboehr at gmail dot com)
     . Fixed bug #69599 (Strange generator+exception+variadic crash). (Nikita)
     . Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
       (Christoph M. Becker)
     . Fixed POST data processing slowdown due to small input buffer size
       on Windows. (Jorge Oliveira, Anatol)
     . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
       (Anatol Belski)
     . Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas)

   - FTP
     . Improved fix for bug #69545 (Integer overflow in ftp_genlist()
       resulting in heap overflow). (Max Spelsberg)

   - GD:
     . Fixed bug #69479 (GD fails to build with newer libvpx). (Remi)

   - Iconv:
     . Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas)

   - Litespeed SAPI:
     . Fixed bug #68812 (Unchecked return value). (George Wang)

   - Mail:
     . Fixed bug #68776 (mail() does not have mail header injection prevention for
       additional headers). (Yasuo)

   - MCrypt:
     . Added file descriptor caching to mcrypt_create_iv() (Leigh)

   - Opcache
     . Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
       (Laruence, Dmitry)

   - Phar:
     . Fixed bug #69680 (phar symlink in binary directory broken).
       (Matteo Bernardini, Remi)

   - Postgres:
     . Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi)

   - Sqlite3:
     . Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
       CVE-2015-3416) (Kaplan)

Revision 1.11 / (download) - annotate - [select for diffs], Fri Jun 12 00:47:03 2015 UTC (8 years, 3 months ago) by taca
Branch: MAIN
Changes since 1.10: +5 -5 lines
Diff to previous 1.10 (colored)

Update php56 to 5.6.10.

11 Jun 2015, PHP 5.6.10

- Core:
  . Fixed bug #66048 (temp. directory is cached during multiple requests).
    (Julien)
  . Fixed bug #69566 (Conditional jump or move depends on uninitialised value
    in extension trait). (jbboehr at gmail dot com)
  . Fixed bug #69599 (Strange generator+exception+variadic crash). (Nikita)
  . Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
    (Christoph M. Becker)
  . Fixed POST data processing slowdown due to small input buffer size
    on Windows. (Jorge Oliveira, Anatol)
  . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
    (Anatol Belski)
  . Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas)

- FTP
  . Improved fix for bug #69545 (Integer overflow in ftp_genlist()
    resulting in heap overflow). (Max Spelsberg)

- GD:
  . Fixed bug #69479 (GD fails to build with newer libvpx). (Remi)

- Iconv:
  . Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas)

- Litespeed SAPI:
  . Fixed bug #68812 (Unchecked return value). (George Wang)

- Mail:
  . Fixed bug #68776 (mail() does not have mail header injection prevention for
    additional headers). (Yasuo)

- MCrypt:
  . Added file descriptor caching to mcrypt_create_iv() (Leigh)

- Opcache
  . Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
    (Laruence, Dmitry)

- Phar:
  . Fixed bug #69680 (phar symlink in binary directory broken).
    (Matteo Bernardini, Remi)

- Postgres:
  . Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi)

- Sqlite3:
  . Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415,
    CVE-2015-3416) (Kaplan)

Revision 1.8.2.2 / (download) - annotate - [select for diffs], Tue May 19 18:01:25 2015 UTC (8 years, 4 months ago) by tron
Branch: pkgsrc-2015Q1
Changes since 1.8.2.1: +3 -3 lines
Diff to previous 1.8.2.1 (colored) to branchpoint 1.8 (colored)

Pullup ticket #4726 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.99
- lang/php56/distinfo                                           1.10

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat May 16 11:18:57 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.9.

   14 May 2015, PHP 5.6.9

   - Core:
     . Fixed bug #69467 (Wrong checked for the interface by using Trait).
       (Laruence)
     . Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
     . Fixed bug #60022 ("use statement [...] has no effect" depends on leading
       backslash). (Nikita)
     . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
       (Dmitry)
     . Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
     . Fixed bug #69419 (Returning compatible sub generator produces a warning).
       (Nikita)
     . Fixed bug #69472 (php_sys_readlink ignores misc errors from
          GetFinalPathNameByHandleA). (Jan Starke)
     . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
     . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
       (Stas)
     . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
     . Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)

   - FTP:
     . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
       overflow). (Stas)

   - ODBC:
     . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
       (Anatol)
     . Fixed bug #69474 (ODBC: Query with same field name from two tables returns
       incorrect result). (Anatol)
     . Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall,
         Anatol Belski)

   - OpenSSL:
     . Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
       (Daniel Lowrey)

   - PCNTL:
     . Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)

   - PCRE
     . Upgraded pcrelib to 8.37.

   - Phar:
     . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
       filename starts with null). (Stas)

Revision 1.10 / (download) - annotate - [select for diffs], Sat May 16 11:18:57 2015 UTC (8 years, 4 months ago) by taca
Branch: MAIN
Changes since 1.9: +4 -4 lines
Diff to previous 1.9 (colored)

Update php56 to 5.6.9.

14 May 2015, PHP 5.6.9

- Core:
  . Fixed bug #69467 (Wrong checked for the interface by using Trait).
    (Laruence)
  . Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
  . Fixed bug #60022 ("use statement [...] has no effect" depends on leading
    backslash). (Nikita)
  . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer).
    (Dmitry)
  . Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
  . Fixed bug #69419 (Returning compatible sub generator produces a warning).
    (Nikita)
  . Fixed bug #69472 (php_sys_readlink ignores misc errors from
       GetFinalPathNameByHandleA). (Jan Starke)
  . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
  . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
    (Stas)
  . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
  . Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)

- FTP:
  . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
    overflow). (Stas)

- ODBC:
  . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0).
    (Anatol)
  . Fixed bug #69474 (ODBC: Query with same field name from two tables returns
    incorrect result). (Anatol)
  . Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall,
      Anatol Belski)

- OpenSSL:
  . Fixed bug #69402 (Reading empty SSL stream hangs until timeout).
    (Daniel Lowrey)

- PCNTL:
  . Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)

- PCRE
  . Upgraded pcrelib to 8.37.

- Phar:
  . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
    filename starts with null). (Stas)

Revision 1.8.2.1 / (download) - annotate - [select for diffs], Wed Apr 22 22:43:54 2015 UTC (8 years, 5 months ago) by tron
Branch: pkgsrc-2015Q1
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)

Pullup ticket #4680 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.96
- lang/php56/distinfo                                           1.9

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Apr 17 16:42:43 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.8.

   16 Apr 2015, PHP 5.6.8

   - Core:
     . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
       (Dmitry, Laruence)
     . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
       characters). (Tjerk)
     . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
     . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
       configuration options). (Anatol Belski)
     . Additional fix for bug #69152 (Type confusion vulnerability in
       exception::getTraceAsString). (Stas)
     . Fixed bug #69210 (serialize function return corrupted data when sleep has
       non-string values). (Juan Basso)
     . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
       __call/... arg passing). (Nikita)
     . Fixed bug #69221 (Segmentation fault when using a generator in combination
       with an Iterator). (Nikita)
     . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
       vulnerability). (Stas)
     . Fixed bug #69353 (Missing null byte checks for paths in various PHP
       extensions). (Stas)

   - Apache2handler:
     . Fixed bug #69218 (potential remote code execution with apache 2.4
       apache2handler). (Gerrit Venema)

   - cURL:
     . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
     . Fixed bug #68739 (Missing break / control flow). (Laruence)
     . Fixed bug #69316 (Use-after-free in php_curl related to
       CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

   - Date:
     . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)

   - Enchant:
     . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
       builds). (Anatol)

   - Ereg:
     . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)

   - Fileinfo:
     . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
       segfault). (Anatol Belski)

   - Filter:
     . Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other
       flags are used). (Jeff Welch)
     . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
       Welch)

   - OPCache:
     . Fixed bug #69297 (function_exists strange behavior with OPCache on
       disabled function). (Laruence)
     . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
     . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)

   - OpenSSL
     . Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
       in stream_select() contexts) (Chris Wright)
     . Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
       (Daniel Lowrey)
     . Fixed bug #69215 (Crypto servers should send client CA list)
       (Daniel Lowrey)
     . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)

   - Phar:
     . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
       (Mike)
     . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
     . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
     . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
       ".tar"). (Mike)
     . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
     . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
       phar_set_inode). (Stas)

   - Postgres:
     . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)

   - SPL:
     . Fixed bug #69227 (Use after free in zval_scan caused by
        spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)

   - SOAP:
     . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
        (bisected, regression)). (Laruence)

   - Sqlite3:
     . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
        (Dan Ackroyd)
     . Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
     . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)

Revision 1.9 / (download) - annotate - [select for diffs], Fri Apr 17 16:42:43 2015 UTC (8 years, 5 months ago) by taca
Branch: MAIN
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)

Update php56 to 5.6.8.

16 Apr 2015, PHP 5.6.8

- Core:
  . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
    (Dmitry, Laruence)
  . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
    characters). (Tjerk)
  . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
  . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
    configuration options). (Anatol Belski)
  . Additional fix for bug #69152 (Type confusion vulnerability in
    exception::getTraceAsString). (Stas)
  . Fixed bug #69210 (serialize function return corrupted data when sleep has
    non-string values). (Juan Basso)
  . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
    __call/... arg passing). (Nikita)
  . Fixed bug #69221 (Segmentation fault when using a generator in combination
    with an Iterator). (Nikita)
  . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
    vulnerability). (Stas)
  . Fixed bug #69353 (Missing null byte checks for paths in various PHP
    extensions). (Stas)

- Apache2handler:
  . Fixed bug #69218 (potential remote code execution with apache 2.4
    apache2handler). (Gerrit Venema)

- cURL:
  . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
  . Fixed bug #68739 (Missing break / control flow). (Laruence)
  . Fixed bug #69316 (Use-after-free in php_curl related to
    CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

- Date:
  . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)

- Enchant:
  . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
    builds). (Anatol)

- Ereg:
  . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)

- Fileinfo:
  . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
    segfault). (Anatol Belski)

- Filter:
  . Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other
    flags are used). (Jeff Welch)
  . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
    Welch)

- OPCache:
  . Fixed bug #69297 (function_exists strange behavior with OPCache on
    disabled function). (Laruence)
  . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
  . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)

- OpenSSL
  . Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
    in stream_select() contexts) (Chris Wright)
  . Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
    (Daniel Lowrey)
  . Fixed bug #69215 (Crypto servers should send client CA list)
    (Daniel Lowrey)
  . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)

- Phar:
  . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
    (Mike)
  . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
  . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
  . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
    ".tar"). (Mike)
  . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
  . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
    phar_set_inode). (Stas)

- Postgres:
  . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)

- SPL:
  . Fixed bug #69227 (Use after free in zval_scan caused by
     spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)

- SOAP:
  . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
     (bisected, regression)). (Laruence)

- Sqlite3:
  . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
     (Dan Ackroyd)
  . Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
  . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)

Revision 1.8 / (download) - annotate - [select for diffs], Fri Mar 20 16:31:47 2015 UTC (8 years, 6 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base
Branch point for: pkgsrc-2015Q1
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)

Update php56 to 5.6.7, including security fix.

19 Mar 2015, PHP 5.6.7

- Core:
  . Fixed bug #69174 (leaks when unused inner class use traits precedence).
    (Laruence)
  . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
    (Laruence)
  . Fixed bug #69121 (Segfault in get_current_user when script owner is not
    in passwd with ZTS build). (dan at syneto dot net)
  . Fixed bug #65593 (Segfault when calling ob_start from output buffering
    callback). (Mike)
  . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
    not validated in memory.c). (nayana at ddproperty dot com)
  . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
  . Fixed bug #69141 (Missing arguments in reflection info for some builtin
    functions). (kostyantyn dot lysyy at oracle dot com)
  . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
  . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
    configuration options). (Anatol Belski)
  . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)

- CGI:
  . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)

- CLI:
  . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)

- cURL:
  . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
    Win32). (Grant Pannell)
  . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
    by libcurl. (Linus Unneback)

- Ereg:
  . Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305).
    (Stas)

- FPM:
  . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)

- ODBC:
  . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)

- Opcache:
  . Fixed bug #69159 (Opcache causes problem when passing a variable variable
    to a function). (Dmitry, Laruence)
  . Fixed bug #69125 (Array numeric string as key). (Laruence)
  . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)

- OpenSSL:
  . Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
  . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
    socket timeouts). (Brad Broerman)
  . Fixed bug #68920 (use strict peer_fingerprint input checks)
    (Daniel Lowrey)
  . Fixed bug #68879 (IP Address fields in subjectAltNames not used)
    (Daniel Lowrey)
  . Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
  . Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
  . Fixed bug (#69195 Inconsistent stream crypto values across versions)
    (Daniel Lowrey)

- pgsql:
  . Fixed bug #68638 (pg_update() fails to store infinite values).
    (william dot welter at 4linux dot com dot br, Laruence)

- Readline:
  . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
    parameters). (Laruence)

- SOAP:
  . Fixed bug #69085 (SoapClient's __call() type confusion through
    unserialize()). (andrea dot palazzo at truel dot it, Laruence)

- SPL:
  . Fixed bug #69108 ("Segmentation fault" when (de)serializing
    SplObjectStorage). (Laruence)
  . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
    calling getChildren()). (Julien)

- ZIP:
  . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
    boundary) (CVE-2015-2331). (Stas)

Revision 1.7 / (download) - annotate - [select for diffs], Thu Mar 19 08:12:27 2015 UTC (8 years, 6 months ago) by he
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)

Treat NetBSD the same as FreeBSD wrt. handling of TCP_INFO.
No revision bump since this is a build fix for systems supporting TCP_INFO.

Revision 1.3.2.3 / (download) - annotate - [select for diffs], Wed Mar 4 18:52:36 2015 UTC (8 years, 6 months ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.3.2.2: +3 -6 lines
Diff to previous 1.3.2.2 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)

Pullup ticket #4633 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.88
- lang/php56/Makefile                                           1.4
- lang/php56/PLIST                                              1.2
- lang/php56/distinfo                                           1.6
- lang/php56/patches/patch-ext_date_php_date.c                  deleted
- lang/php56/patches/patch-ext_date_tests_bug68942.phpt         deleted
- lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt       deleted

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Feb 20 01:17:50 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: Makefile PLIST distinfo
   Removed Files:
   	pkgsrc/lang/php56/patches: patch-ext_date_php_date.c
   	    patch-ext_date_tests_bug68942.phpt
   	    patch-ext_date_tests_bug68942_2.phpt

   Log Message:
   Update php56 to 5.6.6 (PHP 5.6.6).

   19 Feb 2015, PHP 5.6.6

   - Core:
     . Removed support for multi-line headers, as the are deprecated by RFC 7230.
       (Stas)
     . Fixed bug #67068 (getClosure returns somethings that's not a closure).
       (Danack at basereality dot com)
     . Fixed bug #68942 (Use after free vulnerability in unserialize() with
       DateTimeZone). (CVE-2015-0273) (Stas)
     . Fixed bug #68925 (Mitigation for CVE-2015-0235 GHOST: glibc gethostbyname
       buffer overflow). (Stas)
     . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
       specified by ini_set) (Yasuo)
     . Added NULL byte protection to exec, system and passthru. (Yasuo)

   - Dba:
     . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

   - Enchant:
     . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
       (Antony)

   - Fileinfo:
     . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
     . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
       correctly). (Anatol)
     . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
       gifs). (Anatol)

   - FPM:
     . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
     . Fixed bug #68571 (core dump when webserver close the socket).
       (redfoxli069 at gmail dot com, Laruence)

   - JSON:
     . Fixed bug #50224 (json_encode() does not always encode a float as a float)
       by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)

   - LIBXML:
     . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
       between threads). (Martin Jansen)

   - Mysqli:
     . Fixed bug #68114 (linker error on some OS X machines with fixed
       width decimal support) (Keyur Govande)
     . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
       has rounding errors) (Keyur Govande)

   - Opcache:
     . Fixed bug with try blocks being removed when extended_info opcode
       generation is turned on. (Laruence)

   - PDO_mysql:
     . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
       named pipes). (steffenb198 at aol dot com)

   - Phar:
     . Fixed bug #68901 (use after free). (bugreports at internot dot info)

   - Pgsql:
     . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)

   - Session:
     . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
     . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
     . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

   - Sqlite3:
     . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
       required_num_args). (Julien)

   - Standard:
     . Fixed bug #65272 (flock() out parameter not set correctly in windows).
       (Daniel Lowrey)
     . Fixed bug #69033 (Request may get env. variables from previous requests
       if PHP works as FastCGI). (Anatol)

   - Streams:
     . Fixed bug which caused call after final close on streams filter. (Bob)

Revision 1.6 / (download) - annotate - [select for diffs], Fri Feb 20 01:17:49 2015 UTC (8 years, 7 months ago) by taca
Branch: MAIN
Changes since 1.5: +4 -7 lines
Diff to previous 1.5 (colored)

Update php56 to 5.6.6 (PHP 5.6.6).


19 Feb 2015, PHP 5.6.6

- Core:
  . Removed support for multi-line headers, as the are deprecated by RFC 7230.
    (Stas)
  . Fixed bug #67068 (getClosure returns somethings that's not a closure).
    (Danack at basereality dot com)
  . Fixed bug #68942 (Use after free vulnerability in unserialize() with
    DateTimeZone). (CVE-2015-0273) (Stas)
  . Fixed bug #68925 (Mitigation for CVE-2015-0235 GHOST: glibc gethostbyname
    buffer overflow). (Stas)
  . Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
    specified by ini_set) (Yasuo)
  . Added NULL byte protection to exec, system and passthru. (Yasuo)

- Dba:
  . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)

- Enchant:
  . Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
    (Antony)

- Fileinfo:
  . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
  . Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
    correctly). (Anatol)
  . Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
    gifs). (Anatol)

- FPM:
  . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
  . Fixed bug #68571 (core dump when webserver close the socket).
    (redfoxli069 at gmail dot com, Laruence)

- JSON:
  . Fixed bug #50224 (json_encode() does not always encode a float as a float)
    by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)

- LIBXML:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared
    between threads). (Martin Jansen)

- Mysqli:
  . Fixed bug #68114 (linker error on some OS X machines with fixed
    width decimal support) (Keyur Govande)
  . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
    has rounding errors) (Keyur Govande)

- Opcache:
  . Fixed bug with try blocks being removed when extended_info opcode
    generation is turned on. (Laruence)

- PDO_mysql:
  . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
    named pipes). (steffenb198 at aol dot com)

- Phar:
  . Fixed bug #68901 (use after free). (bugreports at internot dot info)

- Pgsql:
  . Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)

- Session:
  . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
  . Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
  . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)

- Sqlite3:
  . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
    required_num_args). (Julien)

- Standard:
  . Fixed bug #65272 (flock() out parameter not set correctly in windows).
    (Daniel Lowrey)
  . Fixed bug #69033 (Request may get env. variables from previous requests
    if PHP works as FastCGI). (Anatol)

- Streams:
  . Fixed bug which caused call after final close on streams filter. (Bob)

Revision 1.3.2.2 / (download) - annotate - [select for diffs], Thu Feb 19 19:18:59 2015 UTC (8 years, 7 months ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.3.2.1: +3 -0 lines
Diff to previous 1.3.2.1 (colored) to branchpoint 1.3 (colored)

Pullup ticket #4618 - requested by sevan
lang/php56: security patch

Revisions pulled up:
- lang/php56/Makefile                                           1.3
- lang/php56/distinfo                                           1.5
- lang/php56/patches/patch-ext_date_php_date.c                  1.1
- lang/php56/patches/patch-ext_date_tests_bug68942.phpt         1.1
- lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt       1.1

---
   Module Name:    pkgsrc
   Committed By:   sevan
   Date:           Thu Feb 19 00:23:20 UTC 2015

   Modified Files:
           pkgsrc/lang/php56: Makefile distinfo
   Added Files:
           pkgsrc/lang/php56/patches: patch-ext_date_php_date.c
               patch-ext_date_tests_bug68942.phpt
               patch-ext_date_tests_bug68942_2.phpt

   Log Message:
   Fix CVE-2015-0273 php: #68942 Use after free vulnerability in
   unserialize() with DateTimeZone

   Reviewed by wiz@

Revision 1.5 / (download) - annotate - [select for diffs], Thu Feb 19 00:23:20 2015 UTC (8 years, 7 months ago) by sevan
Branch: MAIN
Changes since 1.4: +4 -1 lines
Diff to previous 1.4 (colored)


Fix CVE-2015-0273 php: #68942 Use after free vulnerability in
unserialize() with DateTimeZone

Reviewed by wiz@

Revision 1.3.2.1 / (download) - annotate - [select for diffs], Tue Jan 27 19:48:35 2015 UTC (8 years, 8 months ago) by tron
Branch: pkgsrc-2014Q4
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)

Pullup ticket #4599 - requested by taca
lang/php56: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.85
- lang/php56/distinfo                                           1.4

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan 23 16:11:38 UTC 2015

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.5.

   22 Jan 2015, PHP 5.6.5

   - Core:
     . Upgraded crypt_blowfish to version 1.3. (Leigh)
     . Fixed bug #60704 (unlink() bug with some files path).
     . Fixed bug #65419 (Inside trait, self::class !=3D __CLASS__). (Julie=
   n)
     . Fixed bug #68536 (pack for 64bits integer is broken on bigendian). =
   (Remi)
     . Fixed bug #55541 (errors spawn MessageBox, which blocks test automa=
   tion).
       (Anatol)
     . Fixed bug #68297 (Application Popup provides too few information). =
   (Anatol)
     . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
     . Fixed bug #65230 (setting locale randomly broken). (Anatol)
     . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_D=
   ATADIR
       correctly). (Ferenc)
     . Fixed bug #68583 (Crash in timeout thread). (Anatol)
     . Fixed bug #65576 (Constructor from trait conflicts with inherited
       constructor). (dunglas at gmail dot com)
     . Fixed bug #68676 (Explicit Double Free). (Kalle)
     . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize=
   ()).
       (CVE-2015-0231) (Stefan Esser)

   - CGI:
     . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-94=
   27)
       (Stas)

   - CLI server:
     . Fixed bug #68745 (Invalid HTTP requests make web server segfault). =
   (Adam)

   - cURL:
     . Fixed bug #67643 (curl_multi_getcontent returns '' when
       CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

   - Date:
     . Implemented FR #68268 (DatePeriod: Getter for start date, end date =
   and
       interval). (Marc Bennewitz)

   - EXIF:
     . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-023=
   2)
       (Stas)

   - Fileinfo:
     . Fixed bug #68398 (msooxml matches too many archives). (Anatol)
     . Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol=
    Belski)
     . Fixed bug #68671 (incorrect expression in libmagic).
       (Joshua Rogers, Anatol Belski)
     . Removed readelf.c and related code from libmagic sources
       (Remi, Anatol)
     . Fixed bug #68735 (fileinfo out-of-bounds memory access).
       (Anatol)

   - FPM:
     . Fixed request #68526 (Implement POSIX Access Control List for UDS).=
    (Remi)
     . Fixed bug #68751 (listen.allowed_clients is broken). (Remi)

   - GD:
     . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, R=
   emi)
     . Fixed request #68656 (Report gd library version). (Remi)

   - mbstring:
     . Fixed bug #68504 (--with-libmbfl configure option not present on Wi=
   ndows).
       (Ashesh Vashi)

   - Opcache:
     . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=3D2 +=
   UTF-8
       + Opcache). (Laruence)
     . Fixed bug #67111 (Memory leak when using "continue 2" inside two fo=
   reach
       loops). (Nikita)

   - OpenSSL:
     . Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)

   - pcntl:
     . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old ha=
   ndler
       when setting SIG_DFL). (Julien)

   - PCRE:
     . Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
       (Rainer Jung, Anatol Belski)

   - pgsql:
     . Fixed bug #68697 (lo_export return -1 on failure). (Ond=F8ej Sur=FD=
   )

   - PDO:
     . Fixed bug #68371 (PDO#getAttribute() cannot be called with platform=
   -specifi
       attribute names). (Matteo)

   - PDO_mysql:
     . Fixed bug #68424 (Add new PDO mysql connection attr to control mult=
   i
       statements option). (peter dot wolanin at acquia dot com)

   - SPL:
     . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
       breaks the RecursiveIterator). (Paul Garvin)
     . Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv)=
   . (Salathe)

   - SQLite:
     . Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)

   - Streams:
     . Fixed bug #68532 (convert.base64-encode omits padding bytes).
       (blaesius at krumedia dot de)

Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 23 16:11:38 2015 UTC (8 years, 8 months ago) by taca
Branch: MAIN
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)

Update php56 to 5.6.5.

22 Jan 2015, PHP 5.6.5

- Core:
  . Upgraded crypt_blowfish to version 1.3. (Leigh)
  . Fixed bug #60704 (unlink() bug with some files path).
  . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
  . Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)
  . Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).
    (Anatol)
  . Fixed bug #68297 (Application Popup provides too few information). (Anatol)
  . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
  . Fixed bug #65230 (setting locale randomly broken). (Anatol)
  . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR
    correctly). (Ferenc)
  . Fixed bug #68583 (Crash in timeout thread). (Anatol)
  . Fixed bug #65576 (Constructor from trait conflicts with inherited
    constructor). (dunglas at gmail dot com)
  . Fixed bug #68676 (Explicit Double Free). (Kalle)
  . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).
    (CVE-2015-0231) (Stefan Esser)

- CGI:
  . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)
    (Stas)

- CLI server:
  . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)

- cURL:
  . Fixed bug #67643 (curl_multi_getcontent returns '' when
    CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)

- Date:
  . Implemented FR #68268 (DatePeriod: Getter for start date, end date and
    interval). (Marc Bennewitz)

- EXIF:
  . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)
    (Stas)

- Fileinfo:
  . Fixed bug #68398 (msooxml matches too many archives). (Anatol)
  . Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
  . Fixed bug #68671 (incorrect expression in libmagic).
    (Joshua Rogers, Anatol Belski)
  . Removed readelf.c and related code from libmagic sources
    (Remi, Anatol)
  . Fixed bug #68735 (fileinfo out-of-bounds memory access).
    (Anatol)

- FPM:
  . Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)
  . Fixed bug #68751 (listen.allowed_clients is broken). (Remi)

- GD:
  . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)
  . Fixed request #68656 (Report gd library version). (Remi)

- mbstring:
  . Fixed bug #68504 (--with-libmbfl configure option not present on Windows).
    (Ashesh Vashi)

- Opcache:
  . Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8
    + Opcache). (Laruence)
  . Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach
    loops). (Nikita)

- OpenSSL:
  . Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)

- pcntl:
  . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler
    when setting SIG_DFL). (Julien)

- PCRE:
  . Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).
    (Rainer Jung, Anatol Belski)

- pgsql:
  . Fixed bug #68697 (lo_export return -1 on failure). (Ondej Surý)

- PDO:
  . Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifi
    attribute names). (Matteo)

- PDO_mysql:
  . Fixed bug #68424 (Add new PDO mysql connection attr to control multi
    statements option). (peter dot wolanin at acquia dot com)

- SPL:
  . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME
    breaks the RecursiveIterator). (Paul Garvin)
  . Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)

- SQLite:
  . Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)

- Streams:
  . Fixed bug #68532 (convert.base64-encode omits padding bytes).
    (blaesius at krumedia dot de)

Revision 1.3 / (download) - annotate - [select for diffs], Fri Dec 19 16:12:48 2014 UTC (8 years, 9 months ago) by taca
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base
Branch point for: pkgsrc-2014Q4
Changes since 1.2: +5 -5 lines
Diff to previous 1.2 (colored)

Update php56 to 5.6.4, including security fix.

18 Dec 2014, PHP 5.6.4

- Core:
  . Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks).
    (Adam)
  . Fixed bug #68104 (Segfault while pre-evaluating a disabled function).
    (Laruence)
  . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly
    triggered). (Julien)
  . Fixed bug #68355 (Inconsistency in example php.ini comments).
    (Chris McCafferty)
  . Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)
  . Fixed bug #68422 (Incorrect argument reflection info for array_multisort()).
    (Alexander Lisachenko)
  . Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)
  . Fixed bug #68446 (Array constant not accepted for array parameter default).
    (Bob, Dmitry)
  . Fixed bug #68594 (Use after free vulnerability in unserialize()).
    (CVE-2014-8142) (Stefan Esser)

- Date:
  . Fixed day_of_week function as it could sometimes return negative values
    internally. (Derick)

- FPM:
  . Fixed bug #68381 (fpm_unix_init_main ignores log_level).
    (David Zuelke, Remi)
  . Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all
    addresses). (Remi)
  . Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
  . Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
  . Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
  . Fixed bug #68452 (php-fpm man page is oudated). (Remi)
  . Fixed request #68458 (Change pm.start_servers default warning to
    notice). (David Zuelke, Remi)
  . Fixed bug #68463 (listen.allowed_clients can silently result
    in no allowed access). (Remi)
  . Fixed request #68391 (php-fpm conf files loading order).
    (Florian Margaine, Remi)
  . Fixed bug #68478 (access.log don't use prefix). (Remi)

- Mcrypt:
  . Fixed possible read after end of buffer and use after free. (Dmitry)

- GMP:
  . Fixed bug #68419 (build error with gmp 4.1). (Remi)

- PDO_pgsql:
  . Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception
  when not in transaction) (Matteo)
  . Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving)
  (Matteo)

- Session:
  . Fixed bug #68331 (Session custom storage callable functions not being called)
    (Yasuo Ohgaki)

- SOAP:
  . Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes).
    (Laruence)

- zlib:
  . Fixed bug #53829 (Compiling PHP with large file support will replace
    function gzopen by gzopen64) (Sascha Kettler, Matteo)

Revision 1.2 / (download) - annotate - [select for diffs], Tue Dec 9 15:11:36 2014 UTC (8 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

Fix RCS ID.

Revision 1.1 / (download) - annotate - [select for diffs], Mon Nov 24 15:37:08 2014 UTC (8 years, 10 months ago) by taca
Branch: MAIN

Add php56, PHP version 5.6.3.

THe main features of PHP 5.6:

* Constant scalar expressions.
* Variadic functions and argument unpacking using the ... operator.
* Exponentiation using the ** operator.
* Function and constant importing with the use keyword.
* phpdbg as an interactive integrated debugger SAPI.
* php://input is now reusable, and $HTTP_RAW_POST_DATA is deprecated.
* GMP objects now support operator overloading.
* File uploads larger than 2 gigabytes in size are now accepted.

Please refer for difference from oldre release:http://php.net/migration56.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>