taca
b6ea5769c9
lang/php70: Update to 7.0.32
...
13 Sep 2018 PHP 7.0.32
- Apache2
. Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (Stas)
2018-09-13 15:46:38 +00:00
maya
26462285c0
move --disable-gcc-global-regs to Makefile.php.
...
Seems to make a previously segfaulting netbsd-8/i386's build not segfault.
ap-php runs PHP's configure and builds some of its code, so it needs the
same flag.
Now we can stop requiring an arbitrary GCC version. The test case in the
GCC bugzilla fails on all GCC versions I tested, but magically some
versions of GCC manage to build a working PHP.
2018-07-31 01:17:56 +00:00
manu
8342efde17
Fix PHP buidl on i386
...
The --disable-gcc-global-regs fix is not enough, we really need
GCC 6 to avoid php crashing during www/ap-ph build.
2018-07-30 07:17:15 +00:00
taca
fbbe9cfe3e
lang/php70: update to 7.0.31
...
19 Jul 2018 PHP 7.0.31
- Exif:
. Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
exif_thumbnail_extract of exif.c). (Stas)
. Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
data). (Stas)
- Win32:
. Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
2018-07-20 13:27:28 +00:00
manu
3b488481fa
Add pkgsrc build option disable-filter-url to disable php://filter URL
...
php://filter URL is a feature documented here:
http://php.net/manual/en/wrappers.php.php
Unfortunately, it allows remote control of include() behavior
beyond what many developpers expected, enabling easy dump of
PHP source files. The administrator may want to disable the
feature for security sake, and this option makes that possible.
2018-07-18 07:33:12 +00:00
maya
11bf42218d
php*: disable global regs on i386.
...
Fixes PR pkg/53222 that resurfaced
Remove the previous workaround to add GCC_REQD, which isn't sufficient
any more, possibly due to enabling ssp/fortify?
XXX bumping PKGREVISION might not be sufficient, for the same reason the
GCC_REQD had to be moved to Makefile.php, it affects modules too.
2018-07-16 10:58:50 +00:00
taca
160089fd59
lang/php70: update to 7.0.30
...
26 Apr 2018 PHP 7.0.30
- Exif:
. Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
(Stas)
- iconv:
. Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
invalid sequence). (Stas)
- LDAP:
. Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)
- Phar:
. Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)
29 Mar 2018 PHP 7.0.29
- FPM:
. Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
access controls). (Jakub Zelenka)
2018-04-26 15:46:57 +00:00
taca
fe5bffcc64
lang/php70: update to 7.0.29
...
29 Mar 2018 PHP 7.0.29
- FPM:
. Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
access controls). (Jakub Zelenka)
01 Mar 2018 PHP 7.0.28
- Standard:
. Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)
2018-03-29 16:22:24 +00:00
taca
5d99ef1ebd
lang/php70: update to 7.0.28
...
01 Mar 2018 PHP 7.0.28
- Standard:
. Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)
2018-03-02 02:12:26 +00:00
jperkin
592403252e
php7*: Standardise on major.minor.99 usage in buildlink3.mk
...
With the introduction of beta and rc releases of php7* into pkgsrc the pattern
matching is often incorrect (for example the current version of php-7.1.0rc6
breaks both <7.1.0 and >=7.1.0). Using .99 is not ideal but does at least
avoid the confusion developers seem to be having with the pmatch ordering.
2018-02-05 11:21:56 +00:00
jdolecek
e735e6c56f
adjust wording - php70 is actually on regular security fixes only support
2018-02-04 11:37:53 +00:00
jdolecek
33cbfa4283
note a planned End of Life for support of PHP 5.6.x and PHP 7.0.x
...
Those releases will stop getting official support on Dec 31 2018 and
Dec 3 2018 respectively, and they should be removed from pkgsrc by then.
2018-02-04 11:35:39 +00:00
jperkin
89a54ea50d
php70: Don't automatically add libgcc on SunOS.
2018-01-16 11:26:18 +00:00
taca
ae38cc7c2b
lang/php70: update to 7.0.27
...
04 Jan 2018 PHP 7.0.27
- CLI Server:
. Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router
script). (SammyK)
- Core:
. Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
(Anatol)
. Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
- FPM:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared between
requests). (Remi)
- GD:
. Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb)
- Opcache:
. Fixed bug #75579 (Interned strings buffer overflow may cause crash).
(Dmitry)
- PCRE:
. Fixed bug #74183 (preg_last_error not returning error code after error).
(Andrew Nester)
- Phar:
. Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas)
- Standard:
. Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP
segment fault). (Nikita)
. Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator
that getrandom() is missing). (sarciszewski)
- Zip:
. Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)
2018-01-05 03:09:59 +00:00
taca
1ebb9e6f68
Update php70 to 7.0.26.
...
23 Nov 2017 PHP 7.0.26
- Core:
. Fixed bug #75420 (Crash when modifing property name in __isset for
BP_VAR_IS). (Laruence)
. Fixed bug #75368 (mmap/munmap trashing on unlucky allocations). (Nikita,
Dmitry)
- CLI:
. Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown
function). (Laruence)
- Enchant:
. Fixed bug #53070 (enchant_broker_get_path crashes if no path is set). (jelle
van der Waa, cmb)
. Fixed bug #75365 (Enchant still reports version 1.1.0). (cmb)
- Exif:
. Fixed bug #75301 (Exif extension has built in revision version). (Peter
Kokot)
- GD:
. Fixed bug #65148 (imagerotate may alter image dimensions). (cmb)
. Fixed bug #75437 (Wrong reflection on imagewebp). (Fabien Villepinte)
- intl:
. Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead
of destination). (andrewnester)
- interbase:
. Fixed bug #75453 (Incorrect reflection for ibase_[p]connect). (villfa)
- Mysqli:
. Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function). (Fabien
Villepinte)
- OCI8:
. Fixed valgrind issue. (Tianfang Yang)
- Opcache:
. Fixed bug #75373 (Warning Internal error: wrong size calculation). (Laruence, Dmitry)
- OpenSSL:
. Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob, Jakub Zelenka)
. Fixed bug #75307 (Wrong reflection for openssl_open function). (villfa)
- PGSQL:
. Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()). (Sara)
- SOAP:
. Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders). (villfa)
- Zlib:
. Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien
Villepinte)
2017-11-25 13:07:40 +00:00
taca
58337ecf3e
lang/php70: Update to 7.0.25
...
* pkgsrc change: remove post-extract which is not required any more.
* including securiy fixes.
26 Oct 2017 PHP 7.0.25
- Core:
. Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()).
(Laruence)
. Fixed bug #75236 (infinite loop when printing an error-message). (Andrea)
. Fixed bug #75252 (Incorrect token formatting on two parse errors in one
request). (Nikita)
. Fixed bug #75220 (Segfault when calling is_callable on parent).
(andrewnester)
. Fixed bug #75290 (debug info of Closures of internal functions contain
garbage argument names). (Andrea)
- Apache2Handler:
. Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in
apache2handler). (mcarbonneaux)
- Date:
. Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)
- Intl:
. Fixed bug #75318 (The parameter of UConverter::getAliases() is not
optional). (cmb)
- mcrypt:
. Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)
- OCI8:
. Fixed incorrect reference counting. (Dmitry, Tianfang Yang)
- PCRE:
. Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)
- litespeed:
. Fixed bug #75248 (Binary directory doesn't get created when building
only litespeed SAPI). (petk)
. Fixed bug #75251 (Missing program prefix and suffix). (petk)
- SPL:
. Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
(J. Jeising, cmb)
2017-10-27 08:46:49 +00:00
taca
d2a2fefff7
lang/php70: update to 7.0.24.
...
28 Sep 2017 PHP 7.0.24
- Core:
. Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)
- BCMath:
. Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
. Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
. Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
. Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
- CLI server:
. Fixed bug #70470 (Built-in server truncates headers spanning over TCP
packets). (bouk)
- CURL:
. Fixed bug #75093 (OpenSSL support not detected). (Remi)
- GD:
. Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
. Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
- Gettext:
. Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
- Intl:
. Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent
class). (tpunt)
. Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
- PDO_OCI:
. Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized
before PHP-FPM sets it up). (Ingmar Runge)
- SPL:
. Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
(jhdxr)
- Standard:
. Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
2017-10-01 15:48:17 +00:00
roy
920fd3fc7a
Remove beta from dependency check as it causes issues.
2017-09-26 14:02:32 +00:00
taca
4aa11a4522
Update php70 to 7.0.23 (PHP 7.0.23).
...
31 Aug 2017 PHP 7.0.23
- Core:
. Fixed bug #74947 (Segfault in scanner on INF number). (Laruence)
. Fixed bug #74954 (null deref and segfault in zend_generator_resume()). (Bob)
. Fixed bug #74725 (html_errors=1 breaks unhandled exceptions). (Andrea)
- cURL:
. Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
(cebe)
- Date:
. Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone). (Derick)
- Intl:
. Fixed bug #74993 (Wrong reflection on some locale_* functions). (Sara)
- Mbstring:
. Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
(cmb)
. Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
(Nikita)
. Fixed bug #75001 (Wrong reflection on mb_eregi_replace). (Fabien
Villepinte)
- MySQLi:
. Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with
an abstract class). (Anatol)
- OCI8:
. Expose oci_unregister_taf_callback() (Tianfang Yang)
- phar:
. Fixed bug #74991 (include_path has a 4096 char limit in some cases).
(bwbroersma)
- Reflection:
. Fixed bug #74949 (null pointer dereference in _function_string). (Laruence)
- Session:
. Fixed bug #74833 (SID constant created with wrong module number). (Anatol)
- SimpleXML:
. Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
(Laruence)
- SPL:
. Fixed bug #75049 (spl_autoload_unregister can't handle
spl_autoload_functions results). (Laruence)
. Fixed bug #74669 (Unserialize ArrayIterator broken). (Andrew Nester)
. Fixed bug #75015 (Crash in recursive iterator destructors). (Julien)
- Standard:
. Fixed bug #75075 (unpack with X* causes infinity loop). (Laruence)
. Fixed bug #74103 (heap-use-after-free when unserializing invalid array
size). (Nikita)
. Fixed bug #75054 (A Denial of Service Vulnerability was found when
performing deserialization). (Nikita)
- WDDX:
. Fixed bug #73793 (WDDX uses wrong decimal seperator). (cmb)
- XMLRPC:
. Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared
properties). (blar)
2017-09-01 10:49:14 +00:00
taca
b322bdf023
Update php70 to 7.0.22.
...
* pkgsrc change: enable readline PKG_OPTIONS default.
03 Aug 2017 PHP 7.0.22
- Core:
. Fixed bug #74832 (Loading PHP extension with already registered function
name leads to a crash). (jpauli)
. Fixed bug #74780 (parse_url() borken when query string contains colon).
(jhdxr)
. Fixed bug #74761 (Unary operator expected error on some systems). (petk)
. Fixed bug #73900 (Use After Free in unserialize() SplFixedArray). (nikic)
. Fixed bug #74913 (fixed incorrect poll.h include). (petk)
. Fixed bug #74906 (fixed incorrect errno.h include). (petk)
- Date:
. Fixed bug #74852 (property_exists returns true on unknown DateInterval
property). (jhdxr)
- OCI8:
. Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge)
- Opcache:
. Fixed bug #74840 (Opcache overwrites argument of GENERATOR_RETURN within
finally). (Bob)
- PDO:
. Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query). (Adam
Baratz)
- SPL:
. Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr)
- SQLite3:
. Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception
with invalid flags). (Anatol)
- Wddx:
. Fixed bug #73173 (huge memleak when wddx_unserialize).
(tloi at fortinet dot com)
- zlib:
. Fixed bug #73944 (dictionary option of inflate_init() does not work).
(wapmorgan)
2017-08-04 23:07:28 +00:00
manu
f926479f35
Back out the calendar option for PHP
...
The functionnality is already avaialable from pkgsrc/time/php-calendar
moduke. Thnaks to Takahiro Kambe for pointing it out.
2017-07-12 09:11:35 +00:00
manu
e172ab8fa1
Add calendar package option to build PHP with calendar support
2017-07-11 03:28:08 +00:00
taca
5bb8deac04
Update php70 to 7.0.21.
...
06 Jul 2017 PHP 7.0.21
- Core:
. Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly
parsed). (Manuel Mausz)
. Fixed bug #74658 (Undefined constants in array properties result in broken
properties). (Laruence)
. Fixed misparsing of abstract unix domain socket names. (Sara)
. Fixed bug #74101 , bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in
zval_get_type). (Nikita)
. Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
unserialize). (Nikita)
. Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
(Stas)
. Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
php_parse_date()). (Derick)
- DOM:
. Fixed bug #69373 (References to deleted XPath query results). (ttoohey)
- GD:
. Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
- Intl:
. Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
. Fixed bug #74705 (Wrong reflection on Collator::getSortKey and
collator_get_sort_key). (Tyson Andre, Remi)
. Fixed bug #73634 (grapheme_strpos illegal memory access). (Stas)
- Mbstring:
. Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
- OCI8:
. Add TAF callback (PR #2459 ). (KoenigsKind)
- Opcache:
. Fixed bug #74663 (Segfault with opcache.memory_protect and
validate_timestamp). (Laruence)
- OpenSSL:
. Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
(Stas)
- PCRE:
. Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
(Stas)
- PDO_OCI:
. Support Instant Client 12.2 in --with-pdo-oci configure option.
(Tianfang Yang)
- Reflection:
. Fixed bug #74673 (Segfault when cast Reflection object to string with
undefined constant). (Laruence)
- SPL:
. Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
(jhdxr)
- Standard:
. Fixed bug #74708 (Invalid Reflection signatures for random_bytes and
random_int). (Tyson Andre, Remi)
. Fixed bug #73648 (Heap buffer overflow in substr). (Stas)
- FTP:
. Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)
- PHAR:
. Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)
- SOAP
. Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
(Dmitry)
- Streams:
. Fixed bug #74556 (stream_socket_get_name() returns '\0'). (Sara)
2017-07-06 13:32:02 +00:00
manu
6783900031
Fix crash on i386 in www/ap-php build with PHP 7.x
...
PHP 7.x on i386 crashes unless built with GCC >= 4.9. There
was the necessary tweak for the lang/php70 and lang/php71
packages, but not for dependencies such www/ap-php. As a
result, www/ap-php crashed during the build. We fix this by
moving the GCC_REQD to Makefile.php which is included
by dependent packages
2017-06-20 07:24:08 +00:00
taca
6d2efa4b68
Update php70 to 7.0.20.
...
8 Jun 2017 PHP 7.0.20
- Core:
. Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i).
(Laruence)
. Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).
(Laruence)
- intl:
. Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys). (villfa)
- MySQLi:
. Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database
argument w/strict_types). (Anatol)
- Opcache:
. Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled). (Laruence)
- phar:
. Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT
and DELETE method). (Christian Weiske)
- Standard:
. Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).
(Damian Wadley, Anatol)
- xmlreader:
. Fixed bug #74457 (Wrong reflection on XMLReader::expand). (villfa)
2017-06-08 14:52:59 +00:00
taca
1f40935097
Update php70 to 7.0.19.
...
11 May 2017 PHP 7.0.19
- Core:
. Fixed bug #74188 (Null coalescing operator fails for undeclared static
class properties). (tpunt)
. Fixed bug #74408 (Endless loop bypassing execution time limit). (Laruence)
. Fixed bug #74410 (stream_select() is broken on Windows Nanoserver).
(Matt Ficken)
. Fixed bug #74337 (php-cgi.exe crash on facebook callback).
(Anton Serbulov)
. Patch for bug #74216 was reverted. (Anatol)
- Date:
. Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions).
(krakjoe)
. Fixed bug #74080 (add constant for RFC7231 format datetime). (duncan3dc)
- DOM:
. Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode).
(Remi, Fabien Villepinte)
- Fileinfo:
. Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c).
(Laruence)
- GD:
. Fixed bug #74343 (compile fails on solaris 11 with system gd2 library).
(krakjoe)
- intl:
. Fixed bug #74433 (wrong reflection for Normalizer methods). (villfa)
. Fixed bug #74439 (wrong reflection for Locale methods). (villfa)
- MySQLi:
. Fixed bug #74432 (mysqli_connect adding ":3306" to $host if $port parameter
not given). (Anatol)
- MySQLnd:
. Added support for MySQL 8.0 types. (Johannes)
. Fixed bug #74376 (Invalid free of persistent results on error/connection
loss). (Yussuf Khalil)
- OpenSSL:
. Fixed bug #73833 (null character not allowed in openssl_pkey_get_private).
(Jakub Zelenka)
. Fixed bug #73711 (Segfault in openssl_pkey_new when generating DSA or DH
key). (Jakub Zelenka)
. Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without
seconds). (Moritz Fain)
. Added OpenSSL 1.1.0 support. (Jakub Zelenka)
- phar:
. Fixed bug #74383 (phar method parameters reflection correction).
(mhagstrand)
- Standard:
. Fixed bug #74409 (Reflection information for ini_get_all() is incomplete).
(Sebastian Bergmann)
. Fixed bug #72071 (setcookie allows max-age to be negative). (Craig Duncan)
- Streams:
. Fixed bug #74429 (Remote socket URI with unique persistence identifier
broken). (Sara)
- SQLite3:
. Fixed bug #74413 (incorrect reflection for SQLite3::enableExceptions).
(krakjoe)
2017-05-12 14:45:36 +00:00
maya
69277ee5c4
php70: require a GCC version newer than the one in PHP bug #74527
...
on i386. It doesn't appear with any pkgsrc compiler I've tried
(GCC 6, 5, 4.9). Fixes i386 build.
2017-05-03 11:41:36 +00:00
taca
e42cd0cd47
Update php70 to 7.0.18.
...
13 Apr 2017 PHP 7.0.18
- Core:
. Fixed bug #73370 (falsely exits with "Out of Memory" when using
USE_ZEND_ALLOC=0). (Nikita)
. Fixed bug #73960 (Leak with instance method calling static method with
referenced return). (Nikita)
. Fixed bug #74265 (Build problems after 7.0.17 release: undefined reference
to `isfinite'). (Nikita)
. Fixed bug #74302 (yield fromLABEL is over-greedy). (Sara)
- Apache:
. Reverted patch for bug #61471 , fixes bug #74318 . (Anatol)
- Date:
. Fixed bug #72096 (Swatch time value incorrect for dates before 1970). (mcq8)
- DOM:
. Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*).
(somedaysummer)
- iconv:
. Fixed bug #74230 (iconv fails to fail on surrogates). (Anatol)
- OpenSSL:
. Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work).
(Jakub Zelenka)
- PDO MySQL:
. Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO
interface). (Thomas Orozco)
- Streams:
. Fixed bug #74216 (Correctly fail on invalid IP address ports). (Sara)
- Zlib:
. Fixed bug #74240 (deflate_add can allocate too much memory). (Matt Bonneau)
2017-04-13 14:19:19 +00:00
fhajny
bc2e501ed4
Build the dom extension embedded. This enables full functionality in xmlreader and fixes joyent/pkgsrc/issues/477. Bump PKREVISION.
2017-04-05 12:28:59 +00:00
jperkin
b37c7ea675
Fix the macro tests for fpclassify(3) functions.
2017-03-23 09:50:36 +00:00
taca
53aff89e02
Update php70 to 7.0.17.
...
16 Mar 2017 PHP 7.0.17
- Core:
. Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite).
(Dmitry, Laruence)
. Fixed bug #74084 (Out of bound read - zend_mm_alloc_small). (Laruence)
. Fixed bug #73807 (Performance problem with processing large post request).
(Nikita)
. Fixed bug #73998 (array_key_exists fails on arrays created by
get_object_vars). (mhagstrand)
. Fixed bug #73954 (NAN check fails on Alpine Linux with musl). (Andrea)
. Fixed bug #74039 (is_infinite(-INF) returns false). (Christian Schmidt)
. Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled
build). (ondrej)
- Apache:
. Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).
(Zheng Shao)
- Date:
. Fixed bug #72719 (Relative datetime format ignores weekday on sundays
only). (Derick)
. Fixed bug #73294 (DateTime wrong when date string is negative). (Derick)
. Fixed bug #73489 (wrong timestamp when call setTimeZone multi times with
UTC offset). (xiami, Derick)
. Fixed bug #73858 (first/last day of' flag is not being reset). (Derick)
. Fixed bug #73942 ($date->modify('Friday this week') doesn't return a Friday
if $date is a Sunday). (Derick)
. Fixed bug #74057 (wrong day when using "this week" in strtotime). (Derick)
- FPM:
. Fixed bug #69860 (php-fpm process accounting is broken with keepalive).
(Denis Yeldandi)
- Hash:
. Fixed bug #73127 (gost-crypto hash incorrect if input data contains long
0xFF sequence). (Grundik)
- GD:
. Fixed bug #74031 (ReflectionFunction for imagepng is missing last two
parameters). (finwe)
- Mysqlnd:
. Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).
(Andrew Nester, Nikita)
- Opcache:
. Fixed bug #74152 (if statement says true to a null variable). (Laruence)
. Fixed bug #74019 (Segfault with list). (Laruence)
- OpenSSL:
. Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
(Anatol)
- Standard:
. Fixed bug #74148 (ReflectionFunction incorrectly reports the number of
arguments). (Laruence)
. Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed).
(Anatol)
. Fixed bug #73118 (is_callable callable name reports misleading value for
anonymous classes). (Adam Saponara)
. Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is
not available). (Benjamin Robin)
- Streams:
. Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).
(Laruence)
. Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).
(Anatol)
2017-03-17 15:34:15 +00:00
wiz
4e8a4877f6
Fix build with tidy-5.x.
2017-02-20 09:35:16 +00:00
taca
c40c53d793
Add work around for build problem of php-intl.
2017-02-20 03:22:55 +00:00
taca
31f1132cd3
Update php70 to 7.0.16.
...
16 Feb 2017 PHP 7.0.16
- Core:
. Fixed bug #73916 (zend_print_flat_zval_r doesn't consider reference).
(Laruence)
. Fixed bug #73876 (Crash when exporting **= in expansion of assign op).
(Sara)
. Fixed bug #73969 (segfault in debug_print_backtrace). (andrewnester)
. Fixed bug #73973 (assertion error in debug_zval_dump). (andrewnester)
- DOM:
. Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).
(aboks)
- DTrace:
. Fixed bug #73965 (DTrace reported as enabled when disabled). (Remi)
- FPM:
. Fixed bug #67583 (double fastcgi_end_request on max_children limit).
(Dmitry Saprykin)
. Fixed bug #69865 (php-fpm does not close stderr when using syslog).
(m6w6)
- GD:
. Fixed bug #73968 (Premature failing of XBM reading). (cmb)
- GMP:
. Fixed bug #69993 (test for gmp.h needs to test machine includes).
(Jordan Gigov)
- Intl:
. Fix bug #73956 (Link use CC instead of CXX). (Remi)
- LDAP:
. Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).
(Laruence)
- MySQLi:
. Fixed bug #73949 (leak in mysqli_fetch_object). (krakjoe)
- Mysqlnd:
. Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).
(Richard Fussenegger)
- Opcache:
. Fixed bug #73983 (crash on finish work with phar in cli + opcache).
(Anatol)
- OpenSSL:
. Fixed bug #71519 (add serial hex to return value array). (xrobau)
- PDO_Firebird:
. Implemented FR #72583 (All data are fetched as strings). (Dorin Marcoci)
- PDO_PgSQL:
. Fixed bug #73959 (lastInsertId fails to throw an exception for wrong
sequence name). (andrewnester)
- Phar:
. Fixed bug #70417 (PharData::compress() doesn't close temp file). (cmb)
- posix:
. Fixed bug #71219 (configure script incorrectly checks for ttyname_r). (atoth)
- Session:
. Fixed bug #69582 (session not readable by root in CLI). (EvgeniySpinov)
- SPL:
. Fixed bug #73896 (spl_autoload() crashes when calls magic _call()). (Dmitry)
- Standard:
. Fixed bug #69442 (closing of fd incorrect when PTS enabled). (jaytaph)
. Fixed bug #47021 (SoapClient stumbles over WSDL delivered with
"Transfer-Encoding: chunked"). (Rowan Collins)
. Fixed bug #72974 (imap is undefined service on AIX). (matthieu.sarter)
. Fixed bug #72979 (money_format stores wrong length AIX). (matthieu.sarter)
- ZIP:
. Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option). (cmb,
Mitch Hagstrand)
2017-02-18 13:09:19 +00:00
maya
b285e168f0
php70: add workaround requested in PR pkg/51787, pcre-jit segfaults on
...
non-amd64 (i386, SPARC - at least). disable it until PHP, add note that
it's mostly relevant for PCRE1 8.38, so if PHP updates to PCRE2 as they
plan, it will be irrelevant.
From Joern Clausen / cmb@php
2017-01-22 11:37:29 +00:00
taca
f2645ebdff
Update php70 to 7.0.15.
...
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017 PHP 7.0.15
- Core:
. Fixed bug #73792 (invalid foreach loop hangs script). (Dmitry)
. Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created
with list()). (Laruence)
. Fixed bug #73585 (Logging of "Internal Zend error - Missing class
information" missing class name). (Laruence)
. Fixed bug #73753 (unserialized array pointer not advancing). (David Walker)
. Fixed bug #73825 (Heap out of bounds read on unserialize in
finish_nested_data()). (Stas)
. Fixed bug #73831 (NULL Pointer Dereference while unserialize php object).
(Stas)
. Fixed bug #73832 (Use of uninitialized memory in unserialize()). (Stas)
. Fixed bug #73092 (Unserialize use-after-free when resizing object's
properties hash table). (Nikita)
. Fixed bug #69425 (Use After Free in unserialize()). (Nikita)
. Fixed bug #72731 (Type Confusion in Object Deserialization). (Nikita)
- COM:
. Fixed bug #73679 (DOTNET read access violation using invalid codepage).
(Anatol)
- DOM:
. Fixed bug #67474 (getElementsByTagNameNS filter on default ns). (aboks)
- EXIF:
. Bug bug #73737 (FPE when parsing a tag format). (Stas)
- GD:
. Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)
. Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
- GMP:
. Fixed bug #70513 (GMP Deserialization Type Confusion Vulnerability).
(Nikita)
- Mysqli:
. Fixed bug #73462 (Persistent connections don't set $connect_errno).
(darkain)
- Mysqlnd:
. Fixed issue with decoding BIT columns when having more than one rows in the
result set. 7.0+ problem. (Andrey)
. Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
(vanviegen)
- PCRE:
. Fixed bug #73612 (preg_*() may leak memory). (cmb)
- PDO_Firebird:
. Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning
statement). (Dorin Marcoci)
- Phar:
. Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)
. Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
. Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
- Phpdbg:
. Fixed bug #73615 (phpdbg without option never load .phpdbginit at startup).
(Bob)
. Fixed issue getting executable lines from custom wrappers. (Bob)
. Fixed bug #73704 (phpdbg shows the wrong line in files with shebang). (Bob)
- Reflection:
. Fixed bug #46103 (ReflectionObject memory leak). (Nikita)
- Streams:
. Fixed bug #73586 (php_user_filter::$stream is not set to the stream the
filter is working on). (Dmitry)
- SQLite3:
. Reverted fix for bug #73530 (Unsetting result set may reset other result
set). (cmb)
- Standard:
. Fixed bug #73594 (dns_get_record does not populate $additional out
parameter). (Bruce Weirdan)
. Fixed bug #70213 (Unserialize context shared on double class lookup).
(Taoguang Chen)
. Fixed bug #73154 (serialize object with __sleep function crash). (Nikita)
. Fixed bug #70490 (get_browser function is very slow). (Nikita)
. Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage).
(Nikita)
. Fixed bug #31875 (get_defined_functions additional param to exclude
disabled functions). (willianveiga)
- Zlib:
. Fixed bug #73373 (deflate_add does not verify that output was not truncated).
(Matt Bonneau)
2017-01-19 14:48:49 +00:00
maya
4f7434b233
php70: pass the parameter to _php_dns_free_res the same way as the original
...
code does, for glibc case.
should fix/help failing ubuntu builds
2016-12-20 07:22:19 +00:00
taca
56abcd2aff
Update php70 to 7.0.14 (PHP 7.0.14).
...
08 Dec 2016 PHP 7.0.14
- Core:
. Fixed memory leak(null coalescing operator with Spl hash). (Tyson Andre)
. Fixded bug #72736 (Slow performance when fetching large dataset with mysqli
/ PDO). (Dmitry)
- Calendar:
. Fix integer overflows (Joshua Rogers)
- Date:
. Fixed bug #69587 (DateInterval properties and isset). (jhdxr)
- DTrace:
. Disabled PHP call tracing by default (it makes significant overhead).
This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
(Dmitry)
- JSON:
. Fixed bug #73526 (php_json_encode depth issue). (Jakub Zelenka)
- Mysqlnd:
. Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb)
- ODBC:
. Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).
(Anatol)
- Opcache:
. Fixed bug #69090 (check cached files permissions). (dmitry)
. Fixed bug #73546 (Logging for opcache has an empty file name). (mhagstrand)
- PCRE:
. Fixed bug #73483 (Segmentation fault on pcre_replace_callback). (Laruence)
. Fixed bug #73392 (A use-after-free in zend allocator management).
(Laruence)
- PDO_Firebird:
. Fixed bug #73087 , #61183 , #71494 (Memory corruption in bindParam).
(Dorin Marcoci)
- Phar:
. Fixed bug #73580 (Phar::isValidPharFilename illegal memory access). (Stas)
- Postgres:
. Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()). (Craig Duncan)
- Soap:
. Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP
headers). (duncan3dc)
. Fixed bug #73452 (Segfault (Regression for #69152 )). (Dmitry)
- SPL:
. Fixed bug #73423 (Reproducible crash with GDB backtrace). (Laruence)
- SQLite3:
. Fixed bug #73530 (Unsetting result set may reset other result set). (cmb)
- Standard:
. Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
(rowan dot collins at gmail dot com)
. Fixed bug #73645 (version_compare illegal write access). (Stas)
- Wddx:
. Fixed bug #73631 (Invalid read when wddx decodes empty boolean element).
(Stas)
- XML:
. Fixed bug #72135 (malformed XML causes fault) (edgarsandi)
2016-12-10 07:09:30 +00:00
adam
bbd5fcc0f2
On Darwin, allow native iconv when Command Line Tools are not installed.
2016-12-06 08:53:48 +00:00
taca
126b184d14
Update php70 to 7.0.13 (PHP 7.0.13), including security fix (as usual).
...
10 Nov 2016 PHP 7.0.13
- Core:
. Fixed bug #73350 (Exception::__toString() cause circular references).
(Laruence)
. Fixed bug #73181 (parse_str() without a second argument leads to crash).
(Nikita)
. Fixed bug #66773 (Autoload with Opcache allows importing conflicting class
name to namespace). (Nikita)
. Fixed bug #66862 ((Sub-)Namespaces unexpected behaviour). (Nikita)
. Fix pthreads detection when cross-compiling (ffontaine)
. Fixed bug #73337 (try/catch not working with two exceptions inside a same
operation). (Dmitry)
. Fixed bug #73338 (Exception thrown from error handler causes valgrind
warnings (and crashes)). (Bob, Dmitry)
. Fixed bug #73329 ((Float)"Nano" == NAN). (Anatol)
- GD:
. Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
. Fixed bug #73272 (imagescale() is not affected by, but affects
imagesetinterpolation()). (cmb)
. Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
. Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
. Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine
overflow). (cmb)
. Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images).
(cmb)
- IMAP:
. Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).
(Anatol)
- OCI8
. Fixed bug #71148 (Bind reference overwritten on PHP 7). (Oracle Corp.)
- phpdbg:
. Properly allow for stdin input from a file. (Bob)
. Add -s command line option / stdin command for reading script from stdin.
(Bob)
. Ignore non-executable opcodes in line mode of phpdbg_end_oplog(). (Bob)
. Fixed bug #70776 (Simple SIGINT does not have any effect with -rr). (Bob)
. Fixed bug #71234 (INI files are loaded even invoked as -n --version). (Bob)
- Session:
. Fixed bug #73273 (session_unset() empties values from all variables in which
is $_session stored). (Nikita)
- SOAP:
. Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)
. Fixed bug #73237 (Nested object in "any" element overwrites other fields).
(Keith Smiley)
. Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient)
(Keith Smiley)
- SQLite3:
. Fixed bug #73333 (2147483647 is fetched as string). (cmb)
- Standard:
. Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
. Fixed bug #71241 (array_replace_recursive sometimes mutates its parameters).
(adsr)
- Wddx:
. Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
with PDORow). (Stas)
2016-11-12 15:38:29 +00:00
jdolecek
116204ee22
Update php70 to 7.0.12
...
Changes:
Core:
Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
Fixed bug #73058 (crypt broken when salt is 'too' long).
Fixed bug #69579 (Invalid free in extension trait).
Fixed bug #73156 (segfault on undefined function).
Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value).
Fixed bug #73172 (parse error: Invalid numeric literal).
Fixed for #73240 (Write out of bounds at number_format).
Fixed bug #73147 (Use After Free in PHP7 unserialize()).
Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
BCmath:
Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
COM:
Fixed bug #73126 (Cannot pass parameter 1 by reference).
Date:
Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation).
DOM:
Fixed bug #73150 (missing NULL check in dom_document_save_html).
Filter:
Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
Fixed bug #73054 (default option ignored when object passed to int filter).
GD:
Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
Fixed bug #73161 (imagecreatefromgd2() may leak memory).
Intl:
Fixed bug #73218 (add mitigation for ICU int overflow).
Mbstring:
Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
Fixed bug #66964 (mb_convert_variables() cannot detect recursion).
Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
Mysqlnd:
Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data).
Opcache:
Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
OpenSSL:
Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
Fixed bug #73275 (crash in openssl_encrypt function).
PCRE:
Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).
Fixed bug #73174 (heap overflow in php_pcre_replace_impl).
PDO_DBlib:
Fixed bug #72414 (Never quote values as raw binary data).
Allow \PDO::setAttribute() to set query timeouts.
Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
Add common PDO test suite.
Free error and message strings when cleaning up PDO instances.
Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).
Ignore potentially misleading dberr values.
phpdbg:
Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD).
Fixed next command not stopping when leaving function.
Session:
Fixed bug #68015 (Session does not report invalid uid for files save handler).
Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
SimpleXML:
Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
SOAP:
Fixed bug #71711 (Soap Server Member variables reference bug).
Fixed bug #71996 (Using references in arrays doesn't work like expected).
SPL:
Fixed bug #73257 , Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key).
SQLite3:
Updated bundled SQLite3 to 3.14.2.
Zip:
Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
2016-10-14 15:06:21 +00:00
taca
7902b45438
Update php70 to 7.0.11 (PHP 7.0.11).
...
15 Sep 2016 PHP 7.0.11
- Core:
. Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
. Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
. Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper). (Laruence)
. Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
. Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
(Nikita)
. Fixed bug #72854 (PHP Crashes on duplicate destructor call). (Nikita)
. Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
- COM:
. Fixed bug #72922 (COM called from PHP does not return out parameters).
(Anatol)
- Dba:
. Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
(cmb)
- FTP:
. Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
require_ssl_reuse). (Benedict Singer)
- GD:
. Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
. Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
images). (cmb)
. Fixed bug #72913 (imagecopy() loses single-color transparency on palette
images). (cmb)
. Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
- iconv:
. Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb)
- IMAP:
. Fixed bug #72852 (imap_mail null dereference). (Anatol)
- Intl:
. Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF
sequence). (cmb)
. Fixed bug #73007 (add locale length check). (Stas)
- Mysqlnd:
. Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)
- OCI8
. Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
. Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)
- Opcache:
. Fixed bug #72949 (Typo in opcache error message). (cmb)
- PDO:
. Fixed bug #72788 (Invalid memory access when using persistent PDO
connection). (Keyur)
. Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur)
. Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
returns false). (cmb)
- PDO_DBlib:
. Implemented stringify 'uniqueidentifier' fields.
(Alexander Zhuravlev, Adam Baratz)
- PDO_pgsql:
. Implemented FR #72633 (Postgres PDO lastInsertId() should work without
specifying a sequence). (Pablo Santiago Sánchez, Matteo)
. Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)
- Phar:
. Fixed bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile). (Stas)
. Fixed bug #73035 (Out of bound when verify signature of tar phar in
phar_parse_tarfile). (Stas)
- Reflection:
. Fixed bug #72846 (getConstant for a array constant with constant values
returns NULL/NFC/UKNOWN). (Laruence)
- Session:
. Fixed bug #72724 (PHP7: session-uploadprogress kills httpd). (Nikita)
. Fixed bug #72940 (SID always return "name=ID", even if session
cookie exist). (Yasuo)
- SimpleXML:
. Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita)
. Fixed bug #72957 (Null coalescing operator doesn't behave as expected with
SimpleXMLElement). (Nikita)
- SPL:
. Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)
- Standard:
. Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri
Kenttä)
. Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
. Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
(cmb)
- Streams:
. Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
. Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
with IIS FTP 7.5, 8.5). (vhuk)
. Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
(cmb)
- SQLite3:
. Downgraded bundled SQLite to 3.8.10.2. (Anatol);
- Sysvshm:
. Fixed bug #72858 (shm_attach null dereference). (Anatol)
- XML:
. Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
. Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)
- Wddx:
. Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
. Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)
- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
2016-09-16 16:10:28 +00:00
taca
2027c43fee
Update php70 to 7.0.10 (PHP 7.0.10).
...
18 Aug 2016 PHP 7.0.10
- Core:
. Fixed bug #72629 (Caught exception assignment to variables ignores
references). (Laruence)
. Fixed bug #72594 (Calling an earlier instance of an included anonymous
class fatals). (Laruence)
. Fixed bug #72581 (previous property undefined in Exception after
deserialization). (Laruence)
. Fixed bug #72496 (Cannot declare public method with signature incompatible
with parent private method). (Pedro Magalhães)
. Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
. Fixed bug #71911 (Unable to set --enable-debug on building extensions by
phpize on Windows). (Yuji Uchiyama)
. Fixed bug causing ClosedGeneratorException being thrown into the calling
code instead of the Generator yielding from. (Bob)
. Implemented FR #72614 (Support "nmake test" on building extensions by
phpize). (Yuji Uchiyama)
. Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
(Yuji Uchiyama)
. Fixed potential segfault in object storage freeing in shutdown sequence.
(Bob)
. Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization). (Stas)
. Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
. Fixed bug #72683 (getmxrr broken). (Anatol)
. Fixed bug #72742 (memory allocator fails to realloc small block to large
one). (Stas)
- Bz2:
. Fixed bug #72837 (integer overflow in bzdecompress caused heap
corruption). (Stas)
- Calendar:
. Fixed bug #67976 (cal_days_month() fails for final month of the French
calendar). (cmb)
. Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
zif_cal_from_jd). (cmb)
- COM:
. Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)
- CURL:
. Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
(Pierrick)
. Fixed bug #71929 (CURLINFO_CERTINFO data parsing error). (Pierrick)
. Fixed bug #72674 (Heap overflow in curl_escape). (Stas)
- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
- EXIF:
. Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
. Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
range). (bugs dot php dot net at majkl578 dot cz)
- FPM:
. Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
(gooh)
- GD:
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #43828 (broken transparency of imagearc for truecolor in
blendingmode). (cmb)
. Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
. Fixed bug #68712 (suspicious if-else statements). (cmb)
. Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
. Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)
- Intl:
. Fixed bug #72639 (Segfault when instantiating class that extends
IntlCalendar and adds a property). (Laruence)
. Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
names). (cmb)
- mbstring:
. Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
(cmb)
. Fixed bug #72693 (mb_ereg_search increments search position when a match
zero-width). (cmb)
. Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
position). (cmb)
. Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
(ju1ius)
- Mcrypt:
. Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas)
- Opcache:
. Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
(Keyur)
- PCRE:
. Fixed bug #72688 (preg_match missing group names in matches). (cmb)
- PDO_pgsql:
. Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)
- Reflection:
. Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov)
- SimpleXML:
. Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML
element). (Laruence)
- SNMP:
. Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
allocation). (djodjo at gmail dot com)
- SPL:
. Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
. Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
character). (cmb)
. Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
- SQLite3:
. Fixed bug #72668 (Spurious warning when exception is thrown in user defined
function). (Laruence)
. Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence)
. Implemented FR #72653 (SQLite should allow opening with empty filename).
(cmb)
. Updated to SQLite3 3.13.0. (cmb)
- Standard:
. Fixed bug #72622 (array_walk + array_replace_recursive create references
from nothing). (Laruence)
. Fixed bug #72152 (base64_decode $strict fails to detect null byte).
(Lauri Kenttä)
. Fixed bug #72263 (base64_decode skips a character after padding in strict
mode). (Lauri Kenttä)
. Fixed bug #72264 (base64_decode $strict fails with whitespace between
padding). (Lauri Kenttä)
. Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
UTF chars). (cmb)
- Streams:
. Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
. Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
. Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
non-existent directories). (vhuk)
. Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
attack). (Stas)
- XMLRPC:
. Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing
array elements). (Laruence)
- Wddx:
. Fixed bug #72564 (boolean always deserialized as "true") (Remi)
. Fixed bug #72142 (WDDX Packet Injection Vulnerability in
wddx_serialize_value()). (Taoguang Chen)
. Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
. Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
. Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
(Stas)
. Fixed bug #72799 (wddx_deserialize null dereference in
php_wddx_pop_element). (Stas)
- Zip:
. Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
(Laruence)
2016-08-19 03:29:52 +00:00
taca
2c82dc088f
* Switch to use external gd (graphics/gd package).
...
* Use the same PKG_OPTIONS as graphics/gd.
Bump PKGREVISION of php-gd.
2016-08-13 17:34:41 +00:00
wiz
e77d61d527
7.1.0beta1 is also smaller than 7.1 -- fix pattern.
2016-08-05 08:29:01 +00:00
jdolecek
f73a55be7f
add patch for ext/recode/recode.c so that the variable 'program_name' required by recode library is provided unconditionally; it should not depend on whether or not program without this symbol happens to compile
2016-07-24 13:27:23 +00:00
taca
ba89f6c14c
Update php70 to 7.0.9 (PHP 7.0.9).
...
21 Jul 2016 PHP 7.0.9
- Core:
. Fixed bug #72508 (strange references after recursive function call and
"switch" statement). (Laruence)
. Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (Stas)
. Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries
and applications). (Stas)
- bz2:
. Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
- CLI:
. Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify
router.php). (Laruence)
- COM:
. Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol)
- Curl:
. Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas)
- Exif:
. Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
(Stas)
. Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
(Stas)
- GD:
. Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
. Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
. Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
. Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
access). (Pierre)
. Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
. Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
(Pierre)
. Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine
overflow). (Pierre)
. Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre)
- Intl:
. Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
- Mbstring:
. Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) -
oob read access). (Laruence)
. Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
- mcrypt:
. Fixed bug #72551 , bug #72552 (In correct casting from size_t to int lead to
heap overflow in mdecrypt_generic). (Stas)
- PDO_pgsql:
. Fixed bug #72570 (Segmentation fault when binding parameters on a query
without placeholders). (Matteo)
- PCRE:
. Fixed bug #72476 (Memleak in jit_stack). (Laruence)
. Fixed bug #72463 (mail fails with invalid argument). (Anatol)
- Readline:
. Fixed bug #72538 (readline_redisplay crashes php). (Laruence)
- Standard:
. Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid)
. Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
(Laruence)
- Session:
. Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence)
. Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
Deserialization). (Stas)
- SNMP:
. Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (Stas)
- Streams:
. Fixed bug #72439 (Stream socket with remote address leads to a segmentation
fault). (Laruence)
- XMLRPC:
. Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn
simplestring.c). (Stas)
- Zip:
. Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (Stas)
2016-07-24 02:20:16 +00:00
taca
f5d6dd0430
Update php70 to 7.0.8 (PHP 7.0.8), including security fixes.
...
pkgsrc change:
* remove confiugre from SUBST_FILES.path.
* Remove --with-regex=system and --without-mysql from CONFIGURE_ARGS.
* Add --without-mysqli to CONFIGURE_ARGS.
23 Jun 2016 PHP 7.0.8
- Core:
. Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes).
(Esminis at esminis dot lt)
. Fixed bug #72221 (segfault, past-the-end access). (Lauri Kenttä)
. Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- FPM:
. Fixed bug #72308 (fastcgi_finish_request and logging environment
variables). (Laruence)
- GD:
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
- Intl:
. Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- PCRE:
. Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe)
- PDO_pgsql:
. Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
(Laruence)
. Fixed bug #72294 (Segmentation fault/invalid pointer in connection
with pgsql_stmt_dtor). (Anatol)
- Phpdbg:
. Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob)
- Postgres:
. Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence)
. Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- Standard:
. Fixed bug #72017 (range() with float step produces unexpected result).
(Thomas Punt)
. Fixed bug #72193 (dns_get_record returns array containing elements of
type 'unknown'). (Laruence)
. Fixed bug #72229 (Wrong reference when serialize/unserialize an object).
(Laruence)
. Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence)
- XML:
. Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)
- XMLRPC:
. Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
(Joe, Laruence)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- Zip:
. Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form).
(Anatol)
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
2016-06-24 15:27:57 +00:00
joerg
2865a2d616
Unbreak unprivileged build. Actually test for executable.
2016-06-07 19:23:50 +00:00
wiz
ffcfc88420
Add upstream bug report URL.
2016-05-28 08:13:15 +00:00
