kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update php55 to 5.5.14 which includes several security fixes.

Browse source 
26 Jun 2014, PHP 5.5.14

- Core:
  . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
  . Fixed bug #66622 (Closures do not correctly capture the late bound class
    (static::) in some cases). (Levi Morrison)
  . Fixed bug #67390 (insecure temporary file use in the configure script).
    (CVE-2014-3981) (Remi)
  . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
  . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
    (Stefan Esser)

- CLI server:
  . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)

- Date:
  . Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
    (Adam)
  . Fixed regression in fix for bug #67118 (constructor can't be called twice).
    (Remi)

- Fileinfo:
  . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
    (CVE-2014-0207)
  . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
    string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
    check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
    (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
  . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
    check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)

- Intl:
  . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
  . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
    uloc_getDisplayName (libicu 4.8.1)). (Stas)

- Network:
  . Fixed bug #67432 (Fix potential segfault in dns_get_record()).
    (CVE-2014-4049). (Sara)

- OPCache:
  . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)

- OpenSSL:
  . Fixed bug #65698 (certificates validity parsing does not work past 2050).
    (Paul Oehler)
  . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
    (Paul Oehler)

- PDO-ODBC:
  . Fixed bug #50444 (PDO-ODBC changes for 64-bit).

- SOAP:
  . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)

- SPL:
  . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
  . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
  . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
  . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
    Confusion). (CVE-2014-3515) (Stefan Esser)

  . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

- DOM:
  . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
    not only the subset). (Anatol)

- Fileinfo:
  . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
  . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
    performance degradation) (CVE-2014-0237).

- FPM:
  . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
    (Julio Pintos)

- GD:
  . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)

- PCRE:
  . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
    from the upstream). (Anatol)

- Phar:
  . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
    in its name). (PR #588)
This commit is contained in:
taca 2014-06-27 11:34:19 +00:00
parent ec5c4259ab
commit f94488369d
3 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lang/php/phpversion.mk
View file

@ -1,4 +1,4 @@
# $NetBSD: phpversion.mk,v 1.65 2014/06/27 11:31:20 taca Exp $
# $NetBSD: phpversion.mk,v 1.66 2014/06/27 11:34:19 taca Exp $
#
# This file selects a PHP version, based on the user's preferences and
# the installed packages. It does not add a dependency on the PHP
@ -83,7 +83,7 @@ PHPVERSION_MK= defined
# Define each PHP's version.
PHP53_VERSION= 5.3.28
PHP54_VERSION= 5.4.30
PHP55_VERSION= 5.5.13
PHP55_VERSION= 5.5.14
# Define initial release of major version.
PHP53_RELDATE= 20090630

3
lang/php55/Makefile
View file

@ -1,10 +1,9 @@
# $NetBSD: Makefile,v 1.13 2014/06/13 14:13:20 fhajny Exp $
# $NetBSD: Makefile,v 1.14 2014/06/27 11:34:19 taca Exp $
#
# We can't omit PKGNAME here to handle PKG_OPTIONS.
#
PKGNAME= php-${PHP_BASE_VERS}
PKGREVISION= 1
CATEGORIES= lang
HOMEPAGE= http://www.php.net/

8
lang/php55/distinfo
View file

@ -1,8 +1,8 @@
$NetBSD: distinfo,v 1.24 2014/06/13 14:31:19 fhajny Exp $
$NetBSD: distinfo,v 1.25 2014/06/27 11:34:19 taca Exp $
SHA1 (php-5.5.13.tar.bz2) = b16ff3218d2cc79a5acac577f7560dbb80f205d1
RMD160 (php-5.5.13.tar.bz2) = 806623a7d78ad1c7efcdd953bfea58075e559aae
Size (php-5.5.13.tar.bz2) = 13274145 bytes
SHA1 (php-5.5.14.tar.bz2) = 062d351da165aa0568e4d8cbc53a18d73b99f49a
RMD160 (php-5.5.14.tar.bz2) = d3f87693d3118cfdc64a7b77e9b765ce4eb7ae60
Size (php-5.5.14.tar.bz2) = 13282773 bytes
SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a
SHA1 (patch-aclocal.m4) = 14ae2898e1d68b552e76a7e4ee7006f1aee1f932
SHA1 (patch-build_libtool.m4) = 6ee935c55cc01704c6e9edb4e383b2ddb7c746e7