Commit graph

77 commits

Author SHA1 Message Date
taca
af5cb3124b lang/php: switch to use ".tar.xz" distfiles
Switch to use ".tar.xz" distfiles instead of ".tar.bz2".

No functional change.
2019-11-25 03:12:49 +00:00
taca
3815767ccc lang/php71: update to 7.1.33
Update php71 to 7.1.33.

24 Oct 2019, PHP 7.1.33

- FPM:
  . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
    (CVE-2019-11043) (Jakub Zelenka)
2019-10-25 02:58:33 +00:00
taca
0f58a4f829 lang/php71: update to 7.1.32
29 Aug 2019, PHP 7.1.32

- mbstring:
  . Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) (stas)
2019-09-01 13:04:13 +00:00
taca
759f9cfd9c lang/php71: update to 7.1.31
01 Aug 2019, PHP 7.1.31

- SQLite:
  . Upgraded to SQLite 3.28.0. (cmb)

- EXIF:
  . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
  (CVE-2019-11042) (Stas)
  . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
  (CVE-2019-11041) (Stas)

- Phar:
  . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)
2019-08-01 14:20:58 +00:00
nia
ec016e03a9 Use https for php.net. 2019-07-03 07:30:50 +00:00
taca
af6d20221a lang/php71: update to 7.1.30
Update php71 to 7.1.30.

30 May 2019, PHP 7.1.30

- EXIF:
  . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16).
  (CVE-2019-11040) (Stas)

- GD:
  . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm).
  (CVE-2019-11038) (cmb)

- Iconv:
  . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode()
  due to integer overflow). (CVE-2019-11039). (maris dot adam)

- SQLite:
  . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
2019-06-01 15:28:07 +00:00
rillig
c7ff05f63e all: replace SUBST_SED with the simpler SUBST_VARS
pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
2019-05-23 19:22:54 +00:00
taca
760f914ef9 lang/php71: Update to 7.1.29
Update php71 to 7.1.29.

02 May 2019, PHP 7.1.29

- EXIF
. Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG).
  (CVE-2019-11036) (Stas)

- Mail
. Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb)

04 Apr 2019, PHP 7.1.28

- EXIF:
  . Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
    (Stas)
  . Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
	(CVE-2019-11035) (Stas)

- SQLite3:
  . Added sqlite3.defensive INI directive. (BohwaZ)
2019-05-03 08:31:08 +00:00
taca
78f8f281f4 lang/php71: update to 7.1.28
04 Apr 2019, PHP 7.1.28

- EXIF:
  . Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (Stas)
  . Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value). (Stas)

- SQLite3:
  . Added sqlite3.defensive INI directive. (BohwaZ)
2019-04-07 16:29:41 +00:00
taca
c1efecd7c8 lang/php71: update to 7.1.27
Update php71 to 7.1.27.

07 Mar 2019, PHP 7.1.27

- Core:
  . Fixed bug #77630 (rename() across the device may allow unwanted access during
    processing). (Stas)

- EXIF:
  . Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas)
  . Fixed bug #77540 (Invalid Read on exif_process_SOFn). (Stas)
  . Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)
  . Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)

- PHAR:
  . Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
    (bishop)
  . Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). (bishop)

- SPL:
  . Fixed bug #77431 (openFile() silently truncates after a null byte). (cmb)
2019-03-12 04:12:16 +00:00
taca
58056297d7 lang/php71: update to 7.1.26
10 Jan 2019, PHP 7.1.26

- Core:
  . Fixed bug #77369 (memcpy with negative length via crafted DNS response). (Stas)

- GD:
  . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to
    use-after-free). (cmb)
  . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb)

- IMAP:
  . Fixed bug #77020 (null pointer dereference in imap_mail). (cmb)

- Mbstring:
  . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas)
  . Fixed bug #77371 (heap buffer overflow in mb regex functions
    - compile_string_node). (Stas)
  . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas)
  . Fixed bug #77382 (heap buffer overflow due to incorrect length in
    expand_case_fold_string). (Stas)
  . Fixed bug #77385 (buffer overflow in fetch_token). (Stas)
  . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas)
  . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas)

- Phar:
  . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas)

- Xmlrpc:
  . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb)
  . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)
2019-01-12 14:56:47 +00:00
taca
d033170069 lang/php71: remove unused patch
sqlite3 support moved todatabases/php-sqlite3 and it dose not use in-tree
sqlite3.  So, this patch is not required any more.
2018-12-15 16:57:04 +00:00
taca
6fab5fa867 Bump PKGREVISION for separation of php-sqlite3 package from
lang/php?? base packages.
2018-12-09 12:20:44 +00:00
taca
cd547432c7 lang/php: remove sqlite3 library
Remove sqlite3 library extension and make it separate package to prevent
dependency to databases/sqlite3 pacakge.
2018-12-09 12:14:36 +00:00
taca
977669325a lang/php71: update to 7.1.25
06 Dec 2018, PHP 7.1.25

- Core:
  . Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
    (Valentin V. Bartenev)

- ftp:
  . Fixed bug #77151 (ftp_close(): SSL_read on shutdown). (Remi)

- iconv:
  . Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
    (cmb)

- Core:
  . Fixed bug #77231 (Segfault when using convert.quoted-printable-encode
    filter). (Stas)

- IMAP:
  . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via
    mailbox parameter). (Stas)

- ODBC:
  . Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
    (Jon Allen)

- Opcache:
  . Fixed bug #77058 (Type inference in opcache causes side effects). (Nikita)

- Phar:
  . Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas)
  . Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
    (Stas)

- PGSQL:
  . Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT
    TIMEZONE' data type). (Andy Gajetzki)

- SOAP:
  . Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb)
  . Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb)

- Sockets:
  . Fixed bug #67619 (Validate length on socket_write). (thiagooak)
2018-12-07 17:11:45 +00:00
taca
a94ff2d668 lang/php7?: revert previous commit
Revert previous commit and unbreak lang/php7{0,1,2}.

sqlite3 problem would be another way, after update current PHP versions.
2018-12-07 16:04:50 +00:00
manu
584c654e77 Link PHP with shared libsqlite3 isntead of built-in
We used to build PHP with its built-in, statically linked libsqlite3. When
used in an executable with dynamically looaded modules such as Apache, some
module may load a shared libsqlite3, which has the same symbols as PHP's
built-in libsqlite3. This causes unreliable cross-version calls and is
source of crashes.

The fix is to disable PHP's built-in libslite3 and always use an external,
shared libsqlite3.
2018-12-07 01:54:52 +00:00
markd
bdcc387673 php-gd: use pkg-config rather than freetype-config to test for freetype2 2018-11-14 21:26:53 +00:00
taca
39f1fc47c0 lang/php71: update to 7.1.24
08 Nov 2018, PHP 7.1.24

- Core:
  . Fixed bug #76946 (Cyclic reference in generator not detected). (Nikita)
  . Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
    (Peter Kokot)
  . Fixed bug #77041 (buildconf should output error messages to stderr)
    (Mizunashi Mana)

- Date:
  . Fixed bug #75851 (Year component overflow with date formats "c", "o", "r"
    and "y"). (Adam Saponara)

- FCGI:
  . Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
    (Anatol)
  . Fixed bug #76954 (apache_response_headers removes last character from header
    name). (stodorovic)

- FTP:
  . Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
    (Manuel Mausz)

- intl:
  . Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org)

- Standard:
  . Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
    (Pierrick)

- Tidy:
  . Fixed bug #77027 (tidy::getOptDoc() not available on Windows). (cmb)

- XML:
  . Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb)
  . Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb)
2018-11-08 13:59:11 +00:00
taca
cfff7e7556 lang/php71: update to 7.1.23
11 Oct 2018, PHP 7.1.23

- Core:
  . Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts
    memory). (Nikita)
  . Fixed bug #76846 (Segfault in shutdown function after memory limit error).
    (Nikita)

- CURL:
  . Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
    (Pierrick)

- iconv:
  . Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
    (cmb)

- Opcache:
  . Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
    (Anatol)

- POSIX:
  . Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)

- Reflection:
  . Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
    (cmb)

- Standard:
  . Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open
    data connection). (Ville Hukkamäki)
  . Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with
    stream_socket_client). (Ville Hukkamäki)
  . Fixed bug #75533 (array_reduce is slow when $carry is large array).
    (Manabu Matsui)

- Zlib:
  . Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
    (Martin Burke, cmb)
2018-10-13 06:17:31 +00:00
taca
3d21f989d8 lang/php71: Update to 7.1.22
13 Sep 2018, PHP 7.1.22

- Core:
  . Fixed bug #76754 (parent private constant in extends class memory leak).
    (Laruence)
  . Fixed bug #72443 (Generate enabled extension). (petk)

- Apache2:
  . Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid). (stas)

- Bz2:
  . Fixed arginfo for bzcompress. (Tyson Andre)

- gettext:
  . Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)

- iconv:
  . Fixed bug #68180 (iconv_mime_decode can return extra characters in a
    header). (cmb)
  . Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
    (cmb)
  . Fixed bug #60494 (iconv_mime_decode does ignore special characters). (cmb)
  . Fixed bug #55146 (iconv_mime_decode_headers() skips some headers). (cmb)

- intl:
  . Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with
    11+ named placeholders). (Anatol)

- libxml:
  . Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader
    callback undefined). (Ville Hukkamäki)

- mbstring:
  . Fixed bug #76704 (mb_detect_order return value varies based on argument
    type). (cmb)

- Opcache:
  . Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar
    file). (Laruence)

- OpenSSL:
  . Fixed bug #76705 (unusable ssl => peer_fingerprint in
    stream_context_create()). (Jakub Zelenka)

- phpdbg:
  . Fixed bug #76595 (phpdbg man page contains outdated information).
    (Kevin Abel)

- SPL:
  . Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()). (cmb)
  . Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0). (Tim
    Siebels)

- Standard:
  . Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
    (cmb)

- zlib:
  . Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir
    is passed to the --with-zlib configure option). (Jay Bonci)
  . Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)

16 Aug 2018, PHP 7.1.21

- Calendar:
  . Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset).
    (cmb)

- Filter:
  . Fixed bug #76366 (References in sub-array for filtering breaks the filter).
    (ZiHang Gao)

- PDO_Firebird:
  . Fixed bug #76488 (Memory leak when fetching a BLOB field). (Simonov Denis)

- PDO_PgSQL:
  . Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option).
    (Anatol)

- SQLite3:
  . Fixed #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
    (cmb)

- Standard:
  . Fixed bug #68553 (array_column: null values in $index_key become incrementing
    keys in result). (Laruence)
  . Fixed bug #73817 (Incorrect entries in get_html_translation_table). (cmb)
  . Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`).
    (cmb)

- Zip:
  . Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)).
    (Timur Ibragimov)

07 Jul 2018, PHP 7.1.20

- Core:
  . Fixed bug #76534 (PHP hangs on 'illegal string offset on string references
    with an error handler). (Laruence)
  . Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize
    properly). (Nikita)

- Date:
  . Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)

- FPM:
  . Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to
    non-blocking). (Nikita)

- GMP:
  . Fixed bug #74670 (Integer Underflow when unserializing GMP and possible
    other classes). (Nikita)

- intl:
  . Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong
    type). (cmb)

- mbstring:
  . Fixed bug #76532 (Integer overflow and excessive memory usage
    in mb_strimwidth). (MarcusSchwarz)

- PGSQL:
  . Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)

- phpdbg:
  . Fix arginfo wrt. optional/required parameters. (cmb)

- Reflection:
  . Fixed bug #76536 (PHP crashes with core dump when throwing exception in
    error handler). (Laruence)
  . Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with
    inherited classes). (Nikita)

- Standard:
  . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
    (Laruence)
  . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)

22 Jun 2018, PHP 7.1.19

- CLI Server:
  . Fixed bug #76333 (PHP built-in server does not find files if root path
    contains special characters). (Anatol)

- OpenSSL:
  . Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
    (Erik Lax, Jakub Zelenka)
  . Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
    (Jakub Zelenka)

- SPL:
  . Fixed bug #76367 (NoRewindIterator segfault 11). (Laruence)

- Standard:
  . Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
    (Anatol)
  . Fixed bug #76383 (array_map on $GLOBALS returns IS_INDIRECT). (Bob)

24 May 2018, PHP 7.1.18

- FPM:
  . Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
    (mgorny)

- intl:
  . Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
    (Anatol)

- Opcache:
  . Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp). (Dmitry)
  . Fixed bug #76275 (Assertion failure in file cache when unserializing empty
    try_catch_array). (Nikita)
  . Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
    (Nikita)

- Reflection:
  . Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).
    (carusogabriel)


26 Apr 2018, PHP 7.1.17

- Date:
  . Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)

- FPM:
  . Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list
    too long). (Jacob Hipps)
  . Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)

- GD:
  . Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
    (cmb)

- intl:
  . Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)

- mbstring:
  . Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
  . Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
    (chrullrich, cmb)

- phpdbg:
  . Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)

- SPL:
  . Fixed bug #76131 (mismatch arginfo for splarray constructor).
    (carusogabriel)

- standard:
  . Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)

29 Mar 2018, PHP 7.1.16

- Core:
  . Fixed bug #76025 (Segfault while throwing exception in error_handler).
    (Dmitry, Laruence)
  . Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
    (Anatol)

- FPM:
  . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
    access controls). (Jakub Zelenka)

- GD:
  . Fixed bug #73957 (signed integer conversion in imagescale()). (cmb)

- ODBC:
  . Fixed bug #76088 (ODBC functions are not available by default on Windows).
    (cmb)

- Opcache:
  . Fixed bug #76074 (opcache corrupts variable in for-loop). (Bob)

- Phar:
  . Fixed bug #76085 (Segmentation fault in buildFromIterator when directory
    name contains a \n). (Laruence)

- Standard:
  . Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb)
  . Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with
    segfault). (Anatol)

01 Mar 2018, PHP 7.1.15

- Apache2Handler:
  . Fixed bug #75882 (a simple way for segfaults in threadsafe php just with
    configuration). (Anatol)

- Date:
  . Fixed bug #75857 (Timezone gets truncated when formatted). (carusogabriel)
  . Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should
    accept `null`). (Pedro Lacerda)
  . Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
    (jhdxr)

- FTP:
  . Fixed ftp_pasv arginfo. (carusogabriel)

-GD:
  . Fixed imagesetinterpolation arginfo. (Gabriel Caruso)

- iconv:
  . Fixed bug #75867 (Freeing uninitialized pointer). (Philip Prindeville)

- LDAP:
  . Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke)

- libxml2:
  . Fixed bug #75871 (use pkg-config where available). (pmmaga)

- mysqlnd
  . Fixed negotiation of MySQL authenticaton plugin. (Johannes)
  . Fixed a memleak with SSL connections. (Johannes)

- ODBC:
  . Fixed bug #73725 (Unable to retrieve value of varchar(max) type). (Anatol)

- Opcache:
  . Fixed bug #75969 (Assertion failure in live range DCE due to block pass
    misoptimization). (Nikita)

- OpenSSL:
  . Fixed openssl_* arginfos. (carusogabriel)

- PCNTL:
  . Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform
    (s390x)). (Sam Ding)

- PGSQL:
  . Fixed #75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru)

- Phar:
  . Fixed bug #65414 (deal with leading slash when adding files correctly).
    (bishopb)

- SPL:
  . Fixed bug #74519 (strange behavior of AppendIterator). (jhdxr)

- Standard:
  . Fixed bug #75961 (Strange references behavior). (Laruence)
  . Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike,
    Philip Sharp)
  . Fixed some arginfos. (carusogabriel)
  . Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)

01 Feb 2018, PHP 7.1.14

- Core:
  . Fixed bug #75679 (Path 260 character problem). (Anatol)
  . Fixed bug #75786 (segfault when using spread operator on generator passed
    by reference). (Nikita)
  . Fixed bug #75799 (arg of get_defined_functions is optional). (carusogabriel)
  . Fixed bug #75396 (Exit inside generator finally results in fatal error).
    (Nikita)
  . Fixed bug #75079 (self keyword leads to incorrectly generated TypeError when
    in closure in trait). (Nikita)

- FCGI:
  . Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is
    false). (Anatol)

- IMAP:
  . Fixed bug #75774 (imap_append HeapCorruction). (Anatol)

- Mbstring:
  . Fixed bug #62545 (wrong unicode mapping in some charsets). (cmb)

- Opcache:
  . Fixed bug #75720 (File cache not populated after SHM runs full). (Dmitry)
  . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
    (Dmitry)

- PGSQL:
  . Fixed bug #75671 (pg_version() crashes when called on a connection to
    cockroach). (magicaltux at gmail dot com)

- Readline:
  . Fixed bug #75775 (readline_read_history segfaults with empty file).
    (Anatol)

- SAPI:
  . Fixed bug #75735 ([embed SAPI] Segmentation fault in
    sapi_register_post_entry). (Laruence)

- SOAP:
  . Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is
    used). (Anton Artamonov)
  . Fixed bug #75502 (Segmentation fault in zend_string_release). (Nikita)

- SPL:
  . Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by
    reference). (Nikita)
  . Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent
    class). (Nikita)
  . Fixed bug #73209 (RecursiveArrayIterator does not iterate object
    properties). (Nikita)

- Standard:
   . Fixed bug #75781 (substr_count incorrect result). (Laruence)

04 Jan 2018, PHP 7.1.13

- Core:
  . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
  . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
    (Anatol)
  . Fixed bug #74862 (Unable to clone instance when private __clone defined).
    (Daniel Ciochiu)
  . Fixed bug #75074 (php-process crash when is_file() is used with strings
    longer 260 chars). (Anatol)
  . Fixed bug #69727 (Remove timestamps from build to make it reproducible).
    (jelle van der Waa)

- CLI Server:
  . Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router
    script). (SammyK)
  . Fixed bug #73830 (Directory does not exist). (Anatol)

- FPM:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
    requests). (Remi)

- GD:
  . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
    (Christoph)

- Opcache:
  . Fixed bug #75608 ("Narrowing occurred during type inference" error).
    (Laruence, Dmitry)
  . Fixed bug #75570 ("Narrowing occurred during type inference" error).
    (Dmitry)
  . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
    (Dmitry)

- PCRE:
  . Fixed bug #74183 (preg_last_error not returning error code after error).
    (Andrew Nester)

- Phar:
  . Fixed bug #74782 (remove file name from output to avoid XSS). (stas)

- Standard:
  . Fixed bug #75511 (fread not free unused buffer). (Laruence)
  . Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
    (Remi)
  . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
    segment fault). (Nikita)
  . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
    that getrandom() is missing). (sarciszewski)
  . Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
    (John Stevenson)
  . Fixed bug #75574 (putenv does not work properly if parameter contains
    non-ASCII unicode character). (Anatol)

- Zip:
  . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)

23 Nov 2017, PHP 7.1.12

- Core:
  . Fixed bug #75420 (Crash when modifing property name in __isset for
    BP_VAR_IS). (Laruence)
  . Fixed bug #75368 (mmap/munmap trashing on unlucky allocations). (Nikita,
    Dmitry)

- CLI:
  . Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown
    function). (Laruence)

- Enchant:
  . Fixed bug #53070 (enchant_broker_get_path crashes if no path is set). (jelle
    van der Waa, cmb)
  . Fixed bug #75365 (Enchant still reports version 1.1.0). (cmb)

- Exif:
  . Fixed bug #75301 (Exif extension has built in revision version). (Peter
    Kokot)

- GD:
  . Fixed bug #65148 (imagerotate may alter image dimensions). (cmb)
  . Fixed bug #75437 (Wrong reflection on imagewebp). (Fabien Villepinte)

- intl:
  . Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead
    of destination). (andrewnester)

- interbase:
  . Fixed bug #75453 (Incorrect reflection for ibase_[p]connect). (villfa)

- Mysqli:
  . Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function). (Fabien
    Villepinte)

- OCI8:
  . Fixed valgrind issue. (Tianfang Yang)

- OpenSSL:
  . Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob, Jakub Zelenka)
  . Fixed bug #75307 (Wrong reflection for openssl_open function). (villfa)

- Opcache:
  . Fixed bug #75373 (Warning Internal error: wrong size calculation). (Laruence, Dmitry)

- PGSQL:
  . Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()). (Sara)

- SOAP:
  . Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders). (villfa)

- Zlib:
  . Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien
    Villepinte)
2018-09-13 15:44:05 +00:00
taca
c78f19a6b3 lang/php71: Update to 7.1.21
PHP                                                                        NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
16 Aug 2018, PHP 7.1.21

- Calendar:
  . Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset).
    (cmb)

- Filter:
  . Fixed bug #76366 (References in sub-array for filtering breaks the filter).
    (ZiHang Gao)

- PDO_Firebird:
  . Fixed bug #76488 (Memory leak when fetching a BLOB field). (Simonov Denis)

- PDO_PgSQL:
  . Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option).
    (Anatol)

- SQLite3:
  . Fixed #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
    (cmb)

- Standard:
  . Fixed bug #68553 (array_column: null values in $index_key become incrementing
    keys in result). (Laruence)
  . Fixed bug #73817 (Incorrect entries in get_html_translation_table). (cmb)
  . Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`).
    (cmb)

- Zip:
  . Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)).
    (Timur Ibragimov)
2018-08-19 13:55:24 +00:00
maya
26462285c0 move --disable-gcc-global-regs to Makefile.php.
Seems to make a previously segfaulting netbsd-8/i386's build not segfault.
ap-php runs PHP's configure and builds some of its code, so it needs the
same flag.

Now we can stop requiring an arbitrary GCC version. The test case in the
GCC bugzilla fails on all GCC versions I tested, but magically some
versions of GCC manage to build a working PHP.
2018-07-31 01:17:56 +00:00
manu
8342efde17 Fix PHP buidl on i386
The --disable-gcc-global-regs fix is not enough, we really need
GCC 6 to avoid php crashing during www/ap-ph build.
2018-07-30 07:17:15 +00:00
taca
f8a924d51f lang/php71: update to 7.1.20
19 Jul 2018, PHP 7.1.20

- Core:
  . Fixed bug #76534 (PHP hangs on 'illegal string offset on string references
    with an error handler). (Laruence)
  . Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize
    properly). (Nikita)

- Date:
  . Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)

- exif:
  . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
    exif_thumbnail_extract of exif.c). (Stas)
 . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
    data). (Stas)

- FPM:
  . Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to
    non-blocking). (Nikita)

- GMP:
  . Fixed bug #74670 (Integer Underflow when unserializing GMP and possible
    other classes). (Nikita)

- intl:
  . Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong
    type). (cmb)

- mbstring:
  . Fixed bug #76532 (Integer overflow and excessive memory usage
    in mb_strimwidth). (MarcusSchwarz)

- PGSQL:
  . Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)

- phpdbg:
  . Fix arginfo wrt. optional/required parameters. (cmb)

- Reflection:
  . Fixed bug #76536 (PHP crashes with core dump when throwing exception in
    error handler). (Laruence)
  . Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with
    inherited classes). (Nikita)

- Standard:
  . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
    (Laruence)
  . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)

- Win32:
  . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
2018-07-20 13:23:46 +00:00
manu
3b488481fa Add pkgsrc build option disable-filter-url to disable php://filter URL
php://filter URL is a feature documented here:
http://php.net/manual/en/wrappers.php.php

Unfortunately, it allows remote control of include() behavior
beyond what many developpers expected, enabling easy dump of
PHP source files. The administrator may want to disable the
feature for security sake, and this option makes that possible.
2018-07-18 07:33:12 +00:00
maya
11bf42218d php*: disable global regs on i386.
Fixes PR pkg/53222 that resurfaced

Remove the previous workaround to add GCC_REQD, which isn't sufficient
any more, possibly due to enabling ssp/fortify?

XXX bumping PKGREVISION might not be sufficient, for the same reason the
GCC_REQD had to be moved to Makefile.php, it affects modules too.
2018-07-16 10:58:50 +00:00
taca
bc7d646f11 lang/php71: update to 7.1.19
22 Jun 2018, PHP 7.1.19

- CLI Server:
  . Fixed bug #76333 (PHP built-in server does not find files if root path
    contains special characters). (Anatol)

- OpenSSL:
  . Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
    (Erik Lax, Jakub Zelenka)
  . Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
    (Jakub Zelenka)

- SPL:
  . Fixed bug #76367 (NoRewindIterator segfault 11). (Laruence)

- Standard:
  . Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
    (Anatol)
  . Fixed bug #76383 (array_map on $GLOBALS returns IS_INDIRECT). (Bob)
2018-06-25 15:19:22 +00:00
taca
e23de0dcd7 lang/php71: update to 7.1.18
24 May 2018, PHP 7.1.18

- FPM:
  . Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
    (mgorny)

- intl:
  . Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
    (Anatol)

- Opcache:
  . Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp). (Dmitry)
  . Fixed bug #76275 (Assertion failure in file cache when unserializing empty
    try_catch_array). (Nikita)
  . Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
    (Nikita)

- Reflection:
  . Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).
    (carusogabriel)
2018-05-26 15:52:07 +00:00
taca
274052a024 lang/php71: update to 7.1.17
26 Apr 2018, PHP 7.1.17

- Date:
  . Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)

- Exif:
  . Fixed bug#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
    (Stas)

- FPM:
  . Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list
    too long). (Jacob Hipps)
  . Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)

- GD:
  . Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
    (cmb)

- iconv:
  . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
    invalid sequence). (Stas)

- intl:
  . Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)

- ldap:
  . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

- mbstring:
  . Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
  . Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
    (chrullrich, cmb)

- Phar:
  . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)

- phpdbg:
  . Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)

- SPL:
  . Fixed bug #76131 (mismatch arginfo for splarray constructor).
    (carusogabriel)

- standard:
  . Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)
2018-04-26 15:41:03 +00:00
taca
d54029fb4e lang/php71: update to 7.1.16
29 Mar 2018, PHP 7.1.16

- Core:
  . Fixed bug #76025 (Segfault while throwing exception in error_handler).
    (Dmitry, Laruence)
  . Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
    (Anatol)

- FPM:
  . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
    access controls). (Jakub Zelenka)

- GD:
  . Fixed bug #73957 (signed integer conversion in imagescale()). (cmb)

- ODBC:
  . Fixed bug #76088 (ODBC functions are not available by default on Windows).
    (cmb)

- Opcache:
  . Fixed bug #76074 (opcache corrupts variable in for-loop). (Bob)

- Phar:
  . Fixed bug #76085 (Segmentation fault in buildFromIterator when directory
    name contains a \n). (Laruence)

- Standard:
  . Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb)
  . Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with
    segfault). (Anatol)
2018-03-29 16:19:38 +00:00
taca
265fe9fbc3 lang/php71: update to 7.1.15
01 Mar 2018, PHP 7.1.15

- Apache2Handler:
  . Fixed bug #75882 (a simple way for segfaults in threadsafe php just with
    configuration). (Anatol)

- Date:
  . Fixed bug #75857 (Timezone gets truncated when formatted). (carusogabriel)
  . Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should
    accept `null`). (Pedro Lacerda)
  . Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
    (jhdxr)

- PGSQL:
  . Fixed #75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru)

- ODBC:
  . Fixed bug #73725 (Unable to retrieve value of varchar(max) type). (Anatol)

- LDAP:
  . Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke)

- libxml2:
  . Fixed bug #75871 (use pkg-config where available). (pmmaga)

- Phar:
  . Fixed bug #65414 (deal with leading slash when adding files correctly).
    (bishopb)

- SPL:
  . Fixed bug #74519 (strange behavior of AppendIterator). (jhdxr)

- Standard:
  . Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike,
    Philip Sharp)
  . Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)
2018-03-02 02:09:48 +00:00
jperkin
592403252e php7*: Standardise on major.minor.99 usage in buildlink3.mk
With the introduction of beta and rc releases of php7* into pkgsrc the pattern
matching is often incorrect (for example the current version of php-7.1.0rc6
breaks both <7.1.0 and >=7.1.0).  Using .99 is not ideal but does at least
avoid the confusion developers seem to be having with the pmatch ordering.
2018-02-05 11:21:56 +00:00
jdolecek
58766f2a48 Update lang/php71 to php 7.1.14
Changes since 7.1.13:

Core:
Fixed bug #75679 (Path 260 character problem).
Fixed bug #75786 (segfault when using spread operator on generator passed by reference).
Fixed bug #75799 (arg of get_defined_functions is optional).
Fixed bug #75396 (Exit inside generator finally results in fatal error).
Fixed bug #75079 (self keyword leads to incorrectly generated TypeError when in closure in trait).

FCGI:
Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).

IMAP:
Fixed bug #75774 (imap_append HeapCorruction).

Opcache:
Fixed bug #75720 (File cache not populated after SHM runs full).
Fixed bug #75579 (Interned strings buffer overflow may cause crash).

PGSQL:
Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).
Readline:
Fixed bug #75775 (readline_read_history segfaults with empty file).

SAPI:
Fixed bug #75735 ([embed SAPI] Segmentation fault in sapi_register_post_entry).

SOAP:
Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
Fixed bug #75502 (Segmentation fault in zend_string_release).

SPL:
Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by reference).
Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent class).
Fixed bug #73209 (RecursiveArrayIterator does not iterate object properties).

Standard:
Fixed bug #75781 (substr_count incorrect result).
2018-02-02 12:53:39 +00:00
jperkin
9c1e4416db php71: Don't automatically add libgcc on SunOS. 2018-01-16 11:04:54 +00:00
taca
1d35752d26 lang/php71: update to 7.1.13
04 Jan 2018, PHP 7.1.13


- Core:
  . Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
  . Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
    (Anatol)
  . Fixed bug #74862 (Unable to clone instance when private __clone defined).
    (Daniel Ciochiu)
  . Fixed bug #75074 (php-process crash when is_file() is used with strings
    longer 260 chars). (Anatol)

- CLI Server:
  . Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router
    script). (SammyK)
  . Fixed bug #73830 (Directory does not exist). (Anatol)

- FPM:
  . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
    requests). (Remi)

- GD:
  . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
    (Christoph)

- Opcache:
  . Fixed bug #75608 ("Narrowing occurred during type inference" error).
    (Laruence, Dmitry)
  . Fixed bug #75579 (Interned strings buffer overflow may cause crash).
    (Dmitry)
  . Fixed bug #75570 ("Narrowing occurred during type inference" error).
    (Dmitry)

- PCRE:
  . Fixed bug #74183 (preg_last_error not returning error code after error).
    (Andrew Nester)

- Phar:
  . Fixed bug #74782 (remove file name from output to avoid XSS). (stas)

- Standard:
  . Fixed bug #75511 (fread not free unused buffer). (Laruence)
  . Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit)
    (Remi)
  . Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
    segment fault). (Nikita)
  . Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
    that getrandom() is missing). (sarciszewski)
  . Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
    (John Stevenson)
  . Fixed bug #75574 (putenv does not work properly if parameter contains
    non-ASCII unicode character). (Anatol)

- Zip:
  . Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)
2018-01-05 03:11:13 +00:00
wiz
9f59a5dd58 php71: improve pattern
Since we have php72 release candidates in pkgsrc, "<7.2" is not sufficient
since this will pull in "7.2rc6". Change pattern to <7.1.99 to stop this.
2017-11-26 19:14:34 +00:00
taca
7848ae22b3 lang/php71: Update to 7.1.12
23 Nov 2017, PHP 7.1.12

- Core:
  . Fixed bug #75420 (Crash when modifing property name in __isset for
    BP_VAR_IS). (Laruence)
  . Fixed bug #75368 (mmap/munmap trashing on unlucky allocations). (Nikita,
    Dmitry)

- CLI:
  . Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown
    function). (Laruence)

- Enchant:
  . Fixed bug #53070 (enchant_broker_get_path crashes if no path is set). (jelle
    van der Waa, cmb)
  . Fixed bug #75365 (Enchant still reports version 1.1.0). (cmb)

- Exif:
  . Fixed bug #75301 (Exif extension has built in revision version). (Peter
    Kokot)

- GD:
  . Fixed bug #65148 (imagerotate may alter image dimensions). (cmb)
  . Fixed bug #75437 (Wrong reflection on imagewebp). (Fabien Villepinte)

- intl:
  . Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead
    of destination). (andrewnester)

- interbase:
  . Fixed bug #75453 (Incorrect reflection for ibase_[p]connect). (villfa)

- Mysqli:
  . Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function). (Fabien
    Villepinte)

- OCI8:
  . Fixed valgrind issue. (Tianfang Yang)

- OpenSSL:
  . Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob, Jakub Zelenka)
  . Fixed bug #75307 (Wrong reflection for openssl_open function). (villfa)

- Opcache:
  . Fixed bug #75373 (Warning Internal error: wrong size calculation). (Laruence, Dmitry)

- PGSQL:
  . Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()). (Sara)

- SOAP:
  . Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders). (villfa)

- Zlib:
  . Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien
    Villepinte)
2017-11-25 13:16:08 +00:00
taca
ec9deb2630 lang/php71: Update to 7.1.11
* pkgsrc change: remove post-extract which is not required any more.
* including securiy fixes.

26 Oct 2017, PHP 7.1.11

- Core:
  . Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()).
    (Laruence)
  . Fixed bug #75236 (infinite loop when printing an error-message). (Andrea)
  . Fixed bug #75252 (Incorrect token formatting on two parse errors in one
    request). (Nikita)
  . Fixed bug #75220 (Segfault when calling is_callable on parent).
    (andrewnester)
  . Fixed bug #75290 (debug info of Closures of internal functions contain
    garbage argument names). (Andrea)

- Date:
  . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

- Apache2Handler:
  . Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in
    apache2handler). (mcarbonneaux)

- Hash:
  . Fixed bug #75303 (sha3 hangs on bigendian). (Remi)

- Intl:
  . Fixed bug #75318 (The parameter of UConverter::getAliases() is not
    optional). (cmb)

- litespeed:
  . Fixed bug #75248 (Binary directory doesn't get created when building
    only litespeed SAPI). (petk)
  . Fixed bug #75251 (Missing program prefix and suffix). (petk)

- mcrypt:
  . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)

- MySQLi:
  . Fixed bug #75018 (Data corruption when reading fields of bit type). (Anatol)

- OCI8:
  . Fixed incorrect reference counting. (Dmitry, Tianfang Yang)

- Opcache
  . Fixed bug #75255 (Request hangs and not finish). (Dmitry)

- PCRE:
  . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)

- PDO_mysql:
  . Fixed bug #75177 (Type 'bit' is fetched as unexpected string). (Anatol)

- SPL:
  . Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
    (J. Jeising, cmb)
2017-10-27 08:47:49 +00:00
jdolecek
84b4815b16 seems we actually don't need the EXTRACT_USING=gtar, apparently
it's been carried over from php 5.x times
2017-10-09 21:43:30 +00:00
taca
3e7564d847 lang/php71: update to 7.1.10
28 Sep 2017, PHP 7.1.10

- Core:
  . Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)

- BCMath:
  . Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
  . Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
  . Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
  . Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)

- CLI server:
  . Fixed bug #70470 (Built-in server truncates headers spanning over TCP
    packets). (bouk)

- CURL:
  . Fixed bug #75093 (OpenSSL support not detected). (Remi)

- GD:
  . Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
  . Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)

- Gettext:
  . Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)

- Intl:
  . Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent
    class). (tpunt)
  . Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)

- PDO_OCI:
  . Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized
    before PHP-FPM sets it up). (Ingmar Runge)

- SPL:
  . Fixed bug #75155 (AppendIterator::append() is broken when appending another
    AppendIterator). (Nikita)
  . Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
    (jhdxr)

- Standard:
  . Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
  . Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
2017-10-01 15:50:06 +00:00
roy
920fd3fc7a Remove beta from dependency check as it causes issues. 2017-09-26 14:02:32 +00:00
taca
badc025b13 Update php71 to 7.1.9 (PHP 7.1.9).
31 Aug 2017, PHP 7.1.9

- Core:
  . Fixed bug #74947 (Segfault in scanner on INF number). (Laruence)
  . Fixed bug #74954 (null deref and segfault in zend_generator_resume()). (Bob)
  . Fixed bug #74725 (html_errors=1 breaks unhandled exceptions). (Andrea)
  . Fixed bug #75063 (Main CWD initialized with wrong codepage). (Anatol)

- cURL:
  . Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
    (cebe)

- Date:
  . Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone). (Derick)

- Intl:
  . Fixed bug #74993 (Wrong reflection on some locale_* functions). (Sara)

- Mbstring:
  . Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
    (cmb)
  . Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
    (Nikita)
  . Fixed bug #75001 (Wrong reflection on mb_eregi_replace). (Fabien
    Villepinte)

- MySQLi:
  . Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with
    an abstract class). (Anatol)

- OCI8:
  . Expose oci_unregister_taf_callback() (Tianfang Yang)

- Opcache:
  . Fixed bug #74980 (Narrowing occurred during type inference). (Laruence)

- phar:
  . Fixed bug #74991 (include_path has a 4096 char limit in some cases).
    (bwbroersma)

- Reflection:
  . Fixed bug #74949 (null pointer dereference in _function_string). (Laruence)

- Session:
  . Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start
    with "#"). (Andrew Nester)
  . Fixed bug #74833 (SID constant created with wrong module number). (Anatol)

- SimpleXML:
  . Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
    (Laruence)

- SPL:
  . Fixed bug #75049 (spl_autoload_unregister can't handle
    spl_autoload_functions results). (Laruence)
  . Fixed bug #74669 (Unserialize ArrayIterator broken). (Andrew Nester)
  . Fixed bug #74977 (Appending AppendIterator leads to segfault).
    (Andrew Nester)
  . Fixed bug #75015 (Crash in recursive iterator destructors). (Julien)

- Standard:
  . Fixed bug #75075 (unpack with X* causes infinity loop). (Laruence)
  . Fixed bug #74103 (heap-use-after-free when unserializing invalid array
    size). (Nikita)
  . Fixed bug #75054 (A Denial of Service Vulnerability was found when
    performing deserialization). (Nikita)

- WDDX:
  . Fixed bug #73793 (WDDX uses wrong decimal seperator). (cmb)

- XMLRPC:
  . Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared
    properties). (blar)
2017-09-01 10:50:38 +00:00
taca
e3c5fb2a25 Update php71 to 7.1.8.
* pkgsrc change: enable readline PKG_OPTIONS default.


03 Aug 2017, PHP 7.1.8

- Core:
  . Fixed bug #74832 (Loading PHP extension with already registered function
    name leads to a crash). (jpauli)
  . Fixed bug #74780 (parse_url() broken when query string contains colon).
    (jhdxr)
  . Fixed bug #74761 (Unary operator expected error on some systems). (petk)
  . Fixed bug #73900 (Use After Free in unserialize() SplFixedArray). (nikic)
  . Fixed bug #74923 (Crash when crawling through network share). (Anatol)
  . Fixed bug #74913 (fixed incorrect poll.h include). (petk)
  . Fixed bug #74906 (fixed incorrect errno.h include). (petk)

- Date:
  . Fixed bug #74852 (property_exists returns true on unknown DateInterval
    property). (jhdxr)

- OCI8:
  . Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge)

- Opcache:
  . Fixed bug #74623 (Infinite loop in type inference when using HTMLPurifier).
    (nikic)

- OpenSSL:
 . Fixed bug #74798 (pkcs7_en/decrypt does not work if \x0a is used in content).
   (Anatol)
 . Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug
   #71917 (openssl_open() returns junk on envelope < 16 bytes) and bug #72362
   (OpenSSL Blowfish encryption is incorrect for short keys). (Jakub Zelenka)

- PDO:
  . Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query). (Adam
    Baratz)

- SPL:
  . Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr)

- SQLite3:
  . Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception
    with invalid flags). (Anatol)

- Wddx:
  . Fixed bug #73173 (huge memleak when wddx_unserialize).
    (tloi at fortinet dot com)

- zlib:
  . Fixed bug #73944 (dictionary option of inflate_init() does not work).
    (wapmorgan)
2017-08-04 23:08:47 +00:00
manu
2dddf70ee5 Updated uniqid() performance fix patch to make it thread-safe 2017-07-19 02:44:45 +00:00
manu
51a13ea245 Performance fix for uniqid()
PHP uniqid() relies on microsecond-precise system clock to produce an
unique identifier. In order to avoid  using the same value, it first
calls usleep(1) to wait for the next microsecond.

Unfortunately, usleep() specification says "The suspension time may be
longer than requested due to the scheduling of other activity by the
system." Indeed, the pause may as as long as an entire execution slice,
causing a uniqid() call to last more than 10 ms.

This is fixed by replacing the usleep() call by time polling using
gettimeofday() until the microscecond change. Since the getttimeoday()
system call lasts around a microsecond, only a small time is wasted
calling  multiple gettimeofday. On the benefit side, uniqid() performance
in increased 10000 fold without changing its behavior.

Submitted upstream as https://bugs.php.net/bug.php?id=74851
2017-07-17 14:10:08 +00:00
manu
f926479f35 Back out the calendar option for PHP
The functionnality is already avaialable from pkgsrc/time/php-calendar
moduke. Thnaks to Takahiro Kambe for pointing it out.
2017-07-12 09:11:35 +00:00
manu
e172ab8fa1 Add calendar package option to build PHP with calendar support 2017-07-11 03:28:08 +00:00
taca
48da35b779 Update php71 to 7.1.7.
06 Jul 2017, PHP 7.1.7

- Core:
  . Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly
    parsed). (Manuel Mausz)
  . Fixed bug #74658 (Undefined constants in array properties result in broken
    properties). (Laruence)
  . Fixed misparsing of abstract unix domain socket names. (Sara)
  . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
    (Stas)
  . Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in
    zval_get_type). (Nikita)
  . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
    unserialize). (Nikita)
  . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
    php_parse_date()). (Derick)

- Date:
  . Fixed bug #74639 (implement clone for DatePeriod and DateInterval).
    (andrewnester)

- DOM:
  . Fixed bug #69373 (References to deleted XPath query results). (ttoohey)

- GD:
  . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

- Intl:
  . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
  . Fixed bug #74705 (Wrong reflection on Collator::getSortKey and
    collator_get_sort_key). (Tyson Andre, Remi)

- Mbstring:
  . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
    CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

- OCI8:
 . Add TAF callback (PR #2459). (KoenigsKind)

- Opcache:
  . Fixed bug #74663 (Segfault with opcache.memory_protect and
    validate_timestamp). (Laruence)
  . Revert opcache.enable_cli to default disabled. (Nikita)

- OpenSSL:
  . Fixed bug #74720 (pkcs7_en/decrypt does not work if \x1a is used in
    content). (Anatol)
  . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
    (Stas)

- PDO_OCI:
  . Support Instant Client 12.2 in --with-pdo-oci configure option.
    (Tianfang Yang)

- Reflection:
  . Fixed bug #74673 (Segfault when cast Reflection object to string with
    undefined constant). (Laruence)

- SPL:
  . Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
    (jhdxr)

- FTP:
  . Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)

- PHAR:
  . Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)

- SOAP
  . Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
    (Dmitry)

- Streams:
  . Fixed bug #74556 (stream_socket_get_name() returns '\0'). (Sara)
2017-07-07 03:12:22 +00:00
manu
6783900031 Fix crash on i386 in www/ap-php build with PHP 7.x
PHP 7.x on i386 crashes unless built with GCC >= 4.9. There
was the necessary tweak for the lang/php70 and lang/php71
packages, but not for dependencies such www/ap-php. As a
result, www/ap-php crashed during the build. We fix this by
moving the GCC_REQD to Makefile.php which is included
by dependent packages
2017-06-20 07:24:08 +00:00