Sunday, 9 October 2022
KDE today announces the release of KDE Frameworks 5.99.0.
KDE Frameworks are 83 addon libraries to Qt which provide a wide variety
of commonly needed functionality in mature, peer reviewed and well
tested libraries with friendly licensing terms. For an introduction see
the KDE Frameworks release announcement.
This release is part of a series of planned monthly releases making
improvements available to developers in a quick and predictable manner.
PR: 266950
Exp-run by: antoine
* Core:
- Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
(CVE-2022-31628)
- Fixed bug #81727: Don't mangle HTTP variable names that clash with
ones that have a specific semantic meaning. (CVE-2022-31629)
Relnotes: https://www.php.net/ChangeLog-7.php
Sponsored by: Bounce Experts
* Core:
- Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
(CVE-2022-31628)
- Fixed bug #81727: Don't mangle HTTP variable names that clash with
ones that have a specific semantic meaning. (CVE-2022-31629)
- Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim
Starling)
- Fixed bug GH-9361 (Segmentation fault on script exit #9379).
- Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and
class constants in constant expressions).
* DOM:
- Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double
free).
* FPM:
- Fixed bug GH-8885 (FPM access.log with stderr begins to write logs
to error_log after daemon reload).
- Fixed bug #77780 ("Headers already sent..." when previous connection
was aborted).
* GMP:
- Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is
passed to gmp_init()).
* Intl:
- Fixed bug GH-9421 (Incorrect argument number for ValueError in
NumberFormatter).
* PCRE:
- Fixed pcre.jit on Apple Silicon.
* PDO_PGSQL:
- Fixed bug GH-9411 (PgSQL large object resource is incorrectly
closed).
* Reflection:
- Fixed bug GH-8932 (ReflectionFunction provides no way to get the
called class of a Closure).
* Streams:
- Fixed bug GH-9316 ($http_response_header is wrong for long status
line).
Relnotes: https://www.php.net/ChangeLog-8.php#PHP_8_1
Sponsored by: Bounce Experts
* Core:
- Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
(Tim Starling)
- Fixed bug GH-9361 (Segmentation fault on script exit #9379).
- Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class
for static type).
- Fixed bug #81727: Don't mangle HTTP variable names that clash with
ones that have a specific semantic meaning. (CVE-2022-31629)
* DOM:
- Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double
free).
* FPM:
- Fixed bug GH-8885 (FPM access.log with stderr begins to write logs
to error_log after daemon reload).
- Fixed bug #77780 ("Headers already sent..." when previous connection
was aborted).
* GMP:
- Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is
passed to gmp_init()).
* Intl:
- Fixed bug GH-9421 (Incorrect argument number for ValueError in
NumberFormatter).
* Phar:
- Fixed bug #81726: phar wrapper: DOS when using quine gzip file.
(CVE-2022-31628)
* PDO_PGSQL:
- Fixed bug GH-9411 (PgSQL large object resource is incorrectly
closed).
* Reflection:
- Fixed bug GH-8932 (ReflectionFunction provides no way to get the
called class of a Closure).
- Fixed bug GH-9409 (Private method is incorrectly dumped as
"overwrites").
* Streams:
- Fixed bug GH-9316 ($http_response_header is wrong for long status
line).
Approved by: tz (By private mail)
Relnotes: https://www.php.net/ChangeLog-8.php#8.0.24
Sponsored by: Bounce Experts
2022-09-30 lang/spidermonkey17: Obsolete, released in 2007 and since long unsupported upstream
2022-09-30 lang/p5-JavaScript-SpiderMonkey: Depends on deprecated SpiderMonkey 1.7
