kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
353121 commits 166 branches 0 tags 1.5 GiB
Commit graph

86 commits

Author SHA1 Message Date
tnn
029d061d2a php56-intl: fix icu>=70 fallout. Backport from php74-intl. 2021-12-09 00:13:07 +00:00
adam
b6d9bd86bc revbump for icu and libffi 2021-12-08 16:01:42 +00:00
nia
2176cc7249 lang: Replace RMD160 checksums with BLAKE2s checksums 
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles could not be fetched (possibly fetched
conditionally?):

./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-linux-musl.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-aarch64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-armv7-unknown-netbsd-eabihf.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-i686-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-sparc64-unknown-netbsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-apple-darwin.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-freebsd.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust-bin/distinfo rust-bin-1.54.0/rust-1.54.0-x86_64-unknown-linux-musl.tar.gz
./lang/smlnj/distinfo smlnj-110.73/boot.ppc-unix.tgz
./lang/smlnj/distinfo smlnj-110.73/boot.sparc-unix.tgz
./lang/oracle-jre8/distinfo jce_policy-8.zip
./lang/oracle-jre8/distinfo jre-8u202-linux-i586.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-linux-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-macosx-x64.tar.gz
./lang/oracle-jre8/distinfo jre-8u202-solaris-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-i586.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-linux-x64.tar.gz
./lang/oracle-jdk8/distinfo jdk-8u202-solaris-x64.tar.gz
./lang/ghc80/distinfo ghc-7.10.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-i386-unknown-freebsd.tar.xz
./lang/ghc80/distinfo ghc-8.0.2-boot-x86_64-unknown-freebsd.tar.xz
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc5-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/rust/distinfo rust-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-illumos.tar.gz
./lang/rust/distinfo rust-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-aarch64_be-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-arm-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-armv7-unknown-linux-gnueabihf.tar.gz
./lang/rust/distinfo rust-std-1.53.0-i686-unknown-linux-gnu.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-powerpc-unknown-netbsd90.tar.gz
./lang/rust/distinfo rust-std-1.53.0-sparc64-unknown-netbsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-apple-darwin.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-freebsd.tar.gz
./lang/rust/distinfo rust-std-1.53.0-x86_64-unknown-linux-gnu.tar.gz
./lang/smlnj11072/distinfo smlnj-110.72/boot.ppc-unix.tgz
./lang/smlnj11072/distinfo smlnj-110.72/boot.sparc-unix.tgz
./lang/ghc84/distinfo ghc-8.0.2-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc84/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.10.3-boot-i386-unknown-freebsd.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-i386-unknown-solaris2.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-powerpc-apple-darwin.tar.xz
./lang/ghc7/distinfo ghc-7.6.3-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-8.10.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-aarch64-unknown-netbsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-i386-unknown-freebsd.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-apple-darwin.tar.xz
./lang/ghc90/distinfo ghc-9.0.1-boot-x86_64-unknown-freebsd.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk-1.8.181-netbsd-8-aarch64-20180917.tar.xz
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.6-amd64-20140719.tar.bz2
./lang/openjdk8/distinfo openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
./lang/go-bin/distinfo go1.14.2.darwin-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-386.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-amd64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-arm64.tar.gz
./lang/go-bin/distinfo go1.14.2.linux-armv6l.tar.gz
./lang/go-bin/distinfo go1.14.2.netbsd-arm64.tar.gz
./lang/go-bin/distinfo go1.16beta1.darwin-arm64.tar.gz
./lang/gcc6-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.dragonfly.41.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc6-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/ghc810/distinfo ghc-8.8.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/sun-jre7/distinfo UnlimitedJCEPolicyJDK7.zip
./lang/sun-jre7/distinfo jre-7u80-linux-x64.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-i586.tar.gz
./lang/sun-jre7/distinfo jre-7u80-solaris-x64.tar.gz
./lang/ghc88/distinfo ghc-8.4.4-boot-i386-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-apple-darwin.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-freebsd.tar.xz
./lang/ghc88/distinfo ghc-8.4.4-boot-x86_64-unknown-solaris2.tar.xz
./lang/gcc-aux/distinfo ada-bootstrap.i386.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.i386.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.100B.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.freebsd.84.tar.bz2
./lang/gcc-aux/distinfo ada-bootstrap.x86_64.solaris.511.tar.bz2
./lang/gcc6/distinfo ecj-4.5.jar
./lang/openjdk11/distinfo bootstrap-jdk-1.11.0.7.10-netbsd-9-aarch64-20200509.tar.xz
./lang/sun-jdk7/distinfo jdk-7u80-linux-x64.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-i586.tar.gz
./lang/sun-jdk7/distinfo jdk-7u80-solaris-x64.tar.gz
 2021-10-26 10:51:29 +00:00
nia
1361343c24 lang: Remove SHA1 hashes for distfiles 2021-10-07 14:20:45 +00:00
jperkin
13cebf7c73 php56: Support OpenSSL 3. 2021-09-28 14:39:49 +00:00
gutteridge
c90247f0f4 php56: note this package is EOL and update recommendation 2021-09-03 03:37:24 +00:00
adam
9d0e79c401 revbump for textproc/icu 2021-04-21 11:40:12 +00:00
taca
b7d201df2c lang/php56: properly define PKG_BUILD_OPTIONS 
Include "../../mk/pkg-build-options.mk" in order to define
PKG_BUILD_OPTIONS properly.
 2021-03-07 08:08:38 +00:00
ryoon
751da1a922 php56: Fix php-intl module build with textproc/icu-68.1 2020-11-16 12:10:05 +00:00
ryoon
4675ccbc79 *: Recursive revbump from textproc/icu-68.1 2020-11-05 09:06:42 +00:00
wiz
527a221706 php56: add default-off php-embed option to install embed SAPI 
Requested by Sergey Osokin in PR 55508.

While here, split off option handling into options.mk.
 2020-08-01 09:52:51 +00:00
adam
6bd0c30da6 Revbump for icu 2020-06-02 08:22:31 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
taca
af5cb3124b lang/php: switch to use ".tar.xz" distfiles 
Switch to use ".tar.xz" distfiles instead of ".tar.bz2".

No functional change.
 2019-11-25 03:12:49 +00:00
nia
ec016e03a9 Use https for php.net. 2019-07-03 07:30:50 +00:00
rillig
c7ff05f63e all: replace SUBST_SED with the simpler SUBST_VARS 
pkglint -Wall -r --only "substitution command" -F

With manual review and indentation fixes since pkglint doesn't get that
part correct in every case.
 2019-05-23 19:22:54 +00:00
wiz
91b8b952ae php56: bump PKGREVISION for openssl 1.1 patch 2019-03-31 20:48:40 +00:00
wiz
85a9bc4469 php56: add the zettasystems patch to support openssl 1.1 2019-03-31 20:48:18 +00:00
taca
ad2535f3ef lang/php56: udate to 5.6.40 
10 Jan 2019, PHP 5.6.40

- GD:
  . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to
    use-after-free). (cmb)
  . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb)

- Mbstring:
  . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas)
  . Fixed bug #77371 (heap buffer overflow in mb regex functions
    - compile_string_node). (Stas)
  . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas)
  . Fixed bug #77382 (heap buffer overflow due to incorrect length in
    expand_case_fold_string). (Stas)
  . Fixed bug #77385 (buffer overflow in fetch_token). (Stas)
  . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas)
  . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas)

- Phar:
  . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas)

- Xmlrpc:
  . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb)
  . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)
 2019-01-12 15:01:34 +00:00
taca
9008b59fe5 lang/php56: remove unused patch file really 
Remove unused patch file.
 2018-12-15 17:08:40 +00:00
taca
47a41ddf31 lang/php56: remove unused patch 
sqlite3 support moved todatabases/php-sqlite3 and it dose not use in-tree
sqlite3.  So, this patch is not required any more.
 2018-12-15 16:58:57 +00:00
taca
6fab5fa867 Bump PKGREVISION for separation of php-sqlite3 package from 
lang/php?? base packages.
 2018-12-09 12:20:44 +00:00
taca
cd547432c7 lang/php: remove sqlite3 library 
Remove sqlite3 library extension and make it separate package to prevent
dependency to databases/sqlite3 pacakge.
 2018-12-09 12:14:36 +00:00
taca
86f1b06b09 lang/php56: update to 5.6.39 
06 Dec 2018, PHP 5.6.39

- Core:
  . Fixed bug #77231 (Segfault when using convert.quoted-printable-encode
    filter). (Stas)

- IMAP:
  . Fixed bug #77020 (null pointer dereference in imap_mail). (cmb)
  . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via
    mailbox parameter). (Stas)

- Phar:
  . Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas)
  . Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
    (Stas)
 2018-12-07 17:14:58 +00:00
taca
cfa36bbac9 lang/php56: Update to 5.6.38 
13 Sep 2018, PHP 5.6.38

- Apache2
  . Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (Stas)
 2018-09-13 15:47:46 +00:00
taca
12c71c75d8 lang/php56: update to 5.6.37 
19 Jul 2018, PHP 5.6.37

- Exif:
  . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
    exif_thumbnail_extract of exif.c). (Stas)
  . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
    data). (Stas)

- Win32:
  . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
 2018-07-20 13:28:48 +00:00
manu
3b488481fa Add pkgsrc build option disable-filter-url to disable php://filter URL 
php://filter URL is a feature documented here:
http://php.net/manual/en/wrappers.php.php

Unfortunately, it allows remote control of include() behavior
beyond what many developpers expected, enabling easy dump of
PHP source files. The administrator may want to disable the
feature for security sake, and this option makes that possible.
 2018-07-18 07:33:12 +00:00
taca
7227522052 lang/php56: update to 5.6.36 
26 Apr 2018 PHP 5.6.36

- Exif:
  . Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
  (Stas)

- iconv:
  . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
    invalid sequence). (Stas)

- LDAP:
  . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)

- Phar:
  . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)
 2018-04-29 16:26:40 +00:00
taca
c05e6c0c92 lang/php56: update to 5.6.35 
29 Mar 2018, PHP 5.6.35

- FPM:
  . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
    access controls). (Jakub Zelenka)
 2018-03-30 00:37:16 +00:00
taca
039f5bf887 lang/php56: update to 5.6.34 
01 Mar 2018, PHP 5.6.34

- Standard:
  . Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)
 2018-03-02 02:13:44 +00:00
wiz
f0711fb72d lang/*: remove BROKEN markers for known openssl-1.1 breakage 
Requested by joerg.
 2018-02-23 15:26:14 +00:00
wiz
140c937b88 php56: mark as broken on NetBSD-current due to openssl-1.1 2018-02-20 06:42:20 +00:00
jdolecek
33cbfa4283 note a planned End of Life for support of PHP 5.6.x and PHP 7.0.x 
Those releases will stop getting official support on Dec 31 2018 and
Dec 3 2018 respectively, and they should be removed from pkgsrc by then.
 2018-02-04 11:35:39 +00:00
jperkin
d143b93d95 php56: Convert libgcc fix to a patch to mirror php7*. 2018-01-16 11:28:09 +00:00
taca
ff57933b5b lang/php56: update to 5.6.33 
04 Jan 2017, PHP 5.6.33

- GD:
  . Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb)

- Phar:
  . Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas)
 2018-01-05 03:08:36 +00:00
taca
13bb6ff47d lang/php56: Update to 5.6.32 
* pkgsrc change: remove post-extract which is not required any more.
* including securiy fixes.

26 Sep 2017, PHP 5.6.32

- Date:
  . Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)

- mcrypt:
  . Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)

- PCRE:
  . Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)
 2017-10-27 08:45:06 +00:00
manu
f926479f35 Back out the calendar option for PHP 
The functionnality is already avaialable from pkgsrc/time/php-calendar
moduke. Thnaks to Takahiro Kambe for pointing it out.
 2017-07-12 09:11:35 +00:00
manu
e172ab8fa1 Add calendar package option to build PHP with calendar support 2017-07-11 03:28:08 +00:00
taca
da2176045b Update php56 to 5.6.31. 
06 Jul 2017, PHP 5.6.31

- Core:
  . Fixed bug #73807 (Performance problem with processing post request over
    2000000 chars). (Nikita)
  . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
    unserialize). (Nikita)
  . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
    (Stas)
  . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
    php_parse_date()). (Derick)

- GD:
  . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

- mbstring:
  . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
    CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

- OpenSSL:
  . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
    (Stas)

- PCRE:
  . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
    (Stas)

- WDDX:
   . Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas)
 2017-07-07 03:13:48 +00:00
fhajny
bc2e501ed4 Build the dom extension embedded. This enables full functionality in xmlreader and fixes joyent/pkgsrc/issues/477. Bump PKREVISION. 2017-04-05 12:28:59 +00:00
wiz
4e8a4877f6 Fix build with tidy-5.x. 2017-02-20 09:35:16 +00:00
taca
7c712307eb Update php56 to 5.6.30. 
PHP                                                                        NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017, PHP 5.6.30

- EXIF:
  . Fixed bug #73737 (FPE when parsing a tag format). (Stas)

- GD:
  . Fixed bug #73549 (Use after free when stream is passed to imagepng). (cmb)
  . Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
  . Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)

- Intl:
  . Fixed bug #68447 (grapheme_extract take an extra trailing character).
    (SATŌ Kentarō)

- Phar:
  . Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
  . Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
  . Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)

- SQLite3:
  . Reverted fix for bug #73530	(Unsetting result set may reset other result
    set). (cmb)

- Standard:
  . Fixed bug #70213 (Unserialize context shared on double class lookup).
    (Taoguang Chen)
  . Fixed bug #73825 (Heap out of bounds read on unserialize in
    finish_nested_data()). (Stas)
 2017-01-20 00:44:00 +00:00
taca
770652bc8e Update php56 to 5.6.29 (PHP 5.6.29). 
08 Dec 2016, PHP 5.6.29

- Mysqlnd:
  . Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb)

- Opcache:
  . Fixed bug #73402 (Opcache segfault when using class constant to call a
    method). (Laruence)
  . Fixed bug #69090 (check cached files permissions)

- OpenSSL
  . Fixed bug #72776 (Invalid parameter in memcpy function trough
    openssl_pbkdf2). (Jakub Zelenka)

- Postgres:
  . Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()). (Craig Duncan)

- SOAP:
  . Fixed bug #73452 (Segfault (Regression for #69152)). (Dmitry)

- SQLite3:
  . Fixed bug #73530 (Unsetting result set may reset other result set). (cmb)

- Standard:
  . Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
    (rowan dot collins at gmail dot com)

- WDDX:
  . Fixed bug #73631 (Memory leak due to invalid wddx stack processing).
    (bughunter at fosec dot vn).
 2016-12-10 07:08:39 +00:00
adam
f49c15c0ca On Darwin, allow native iconv when Command Line Tools are not installed. 2016-12-05 18:17:11 +00:00
taca
8104ad62c2 Update php56 to 5.6.28 (PHP 5.6.28), including security fix (as usual). 
10 Nov 2016, PHP 5.6.28

- Core:
  . Fixed bug #73337 (try/catch not working with two exceptions inside a same
    operation). (Dmitry)

- Bz2:
  . Fixed bug #73356 (crash in bzcompress function). (Stas)

-GD:
  . Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
  . Fixed bug #73272 (imagescale() is not affected by, but affects
    imagesetinterpolation()). (cmb)
  . Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
  . Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
  . Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
    (cmb)
  . Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)

- Imap:
  . Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads Heap Overflow).
    (Anatol)

- SPL:
  . Fixed bug #73144 (Use-after-free in ArrayObject Deserialization). (Stas)

- SOAP:
  . Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)

- SQLite3:
  . Fixed bug #73333 (2147483647 is fetched as string). (cmb)

- Standard:
  . Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
  . Fixed bug #73188 (use after free in userspace streams). (Sara)

- Wddx:
  . Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
    with PDORow). (Stas)
 2016-11-12 15:34:00 +00:00
taca
6e03cf7677 Update php56 to 5.6.27. 
13 Oct 2016, PHP 5.6.27

- Core:
  . Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of
    zend_virtual_cwd.c). (cmb)
  . Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
  . Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
    password_verify). (Anatol)
  . Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
  . Fixed bug #73147 (Use After Free in unserialize()). (Stas)

- BCmath:
  . Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)

- DOM:
  . Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)

- Ereg:
  . Fixed bug #73284 (heap overflow in php_ereg_replace function). (Stas)

- Filter:
  . Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
    FILTER_FLAG_NO_PRIV_RANGE). (julien)
  . Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN,
    FILTER_NULL_ON_FAILURE). (levim, cmb)
  . Fixed bug #73054 (default option ignored when object passed to int filter).
    (cmb)

- GD:
  . Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
    (cmb)
  . Fixed bug #50194 (imagettftext broken on transparent background w/o
    alphablending). (cmb)
  . Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab,
    cmb)
  . Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
    (Mark Plomer, cmb)
  . Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
  . Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
  . Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted
    files). (cmb)
  . Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)

- Intl:
  . Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)

- Imap:
  . Fixed bug #73208 (integer overflow in imap_8bit caused heap corruption).
    (Stas)

- Mbstring:
  . Fixed bug #72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
  . Fixed bug #66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
  . Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
    (Yasuo)
  . Fixed bug #73082 (string length overflow in mb_encode_* function). (Stas)

- PCRE:
  . Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas)

- Opcache:
  . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
    (Keyur) (julien backport)

- OpenSSL:
  . Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
    (Jakub Zelenka)
  . Fixed bug #73275 (crash in openssl_encrypt function). (Stas)
  . Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)

- Session:
  . Fixed bug #68015 (Session does not report invalid uid for files save handler).
    (Yasuo)
  . Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
    (cmb)

- SimpleXML:
  . Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
    (Stas)

- SPL:
  . Fixed bug #73073 (CachingIterator null dereference when convert to string).
    (Stas)

- Standard:
  . Fixed bug #73240 (Write out of bounds at number_format). (Stas)
  . Fixed bug #73017 (memory corruption in wordwrap function). (Stas)

- Stream:
  . Fixed bug #73069 (readfile() mangles files larger than 2G). (Laruence)

- Zip:
  . Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
    (cmb)
 2016-10-16 11:58:42 +00:00
taca
0a6d207f60 Update php56 to 5.6.26 (PHP 5.6.26). 
15 Sep 2016, PHP 5.6.26

- Core:
  . Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer
    (zend_gc.c:260)). (Laruence)

- Dba:
  . Fixed bug #71514 (Bad dba_replace condition because of wrong API usage).
    (cmb)
  . Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
    (cmb)

- EXIF:
  . Fixed bug #72926 (Uninitialized Thumbail Data Leads To Memory Leakage in
    exif_process_IFD_in_TIFF). (Stas)

- FTP:
  . Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
    require_ssl_reuse). (Benedict Singer)

- GD:
  . Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
    images). (cmb)
  . Fixed bug #72913 (imagecopy() loses single-color transparency on palette
    images). (cmb)
  . Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)

- Intl:
  . Fixed bug #73007 (add locale length check). (Stas)

- JSON:
  . Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka)

- mbstring:
  . Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
  . Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by
    mb_ereg_match()). (Stas)

- MSSQL:
  . Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)

- Mysqlnd:
  . Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)

- Phar:
  . Fixed bug #72928 (Out of bound when verify signature of zip phar in
    phar_parse_zipfile). (Stas)
  . Fixed bug #73035 (Out of bound when verify signature of tar phar in
    phar_parse_tarfile). (Stas)

- PDO:
  . Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
    returns false). (cmb)

- PDO_pgsql:
  . Implemented FR #72633 (Postgres PDO lastInsertId() should work without
    specifying a sequence). (Pablo Santiago Sánchez, Matteo)
  . Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)

- SPL:
  . Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)

- Standard:
  . Fixed bug #72823 (strtr out-of-bound access). (cmb)
  . Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
  . Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
    (cmb)
  . Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
    (cmb)
  . Fixed bug #73011 (integer overflow in fgets cause heap corruption). (Stas)
  . Fixed bug #73017 (memory corruption in wordwrap function). (Stas)
  . Fixed bug #73045 (integer overflow in fgetcsv caused heap corruption). (Stas)
  . Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)
    (Stas)

- Streams:
  . Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)

- Wddx:
  . Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
  . Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)

- XML:
  . Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
  . Fixed bug #72927 (integer overflow in xml_utf8_encode). (Stas)

- ZIP:
  . Fixed bug #68302 (impossible to compile php with zip support). (cmb)
 2016-09-16 16:09:24 +00:00
taca
0d175f2255 Update php56 to 5.6.25 (PHP 5.6.25). 
18 Aug 2016, PHP 5.6.25

- Bz2:
  . Fixed bug #72837 (integer overflow in bzdecompress caused heap
    corruption). (Stas)

- Core:
  . Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
    (Taoguang Chen)
  . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
  . Fixed bug #72581 (previous property undefined in Exception after
    deserialization). (Laruence)
  . Implemented FR #72614 (Support "nmake test" on building extensions by
    phpize). (Yuji Uchiyama)
  . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
    (Yuji Uchiyama)
  . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
    __wakeup() in Deserialization). (Stas)
  . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)

- Calendar:
  . Fixed bug #67976 (cal_days_month() fails for final month of the French
    calendar). (cmb)
  . Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
    zif_cal_from_jd). (cmb)

- Curl:
  . Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
    (maroszek at gmx dot net)
  . Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
    (Pierrick)
  . Fixed bug #72807 (integer overflow in curl_escape caused heap
    corruption). (Stas)

- DOM:
  . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)

- Ereg:
  . Fixed bug #72838 (Integer overflow lead to heap corruption in
    sql_regcase). (Stas)

- EXIF:
  . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
  . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)

- Filter:
  . Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
    range). (bugs dot php dot net at majkl578 dot cz)

- FPM:
  . Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
    (gooh)

- GD:
  . Fixed bug #43828 (broken transparency of imagearc for truecolor in
    blendingmode). (cmb)
  . Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
  . Fixed bug #68712 (suspicious if-else statements). (cmb)
  . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
  . Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
  . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
  . Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
  . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
  . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)

- Intl:
  . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
    names). (cmb)

- mbstring:
  . Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
    (cmb)
  . Fixed bug #72693 (mb_ereg_search increments search position when a match
    zero-width). (cmb)
  . Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
    position). (cmb)
  . Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
    (ju1ius)

- PCRE:
  . Fixed bug #72688 (preg_match missing group names in matches). (cmb)

- PDO_pgsql:
  . Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)

- Reflection:
  . Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
    (Nikita Nefedov)

- SNMP:
  . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
    allocation). (djodjo at gmail dot com)

- Standard:
  . Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
    UTF chars). (cmb)
  . Fixed bug #72836 (integer overflow in base64_decode). (Stas)
  . Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas)
  . Fixed bug #72849 (integer overflow in urlencode). (Stas)
  . Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
  . Fixed bug #72716 (initialize buffer before read). (Stas)

- Streams:
  . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
  . Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
  . Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
    non-existent directories). (vhuk)
  . Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
    with IIS FTP 7.5, 8.5). (vhuk)
  . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
    attack). (Stas)

- SPL:
  . Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer)
  . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
    character). (cmb)
  . Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)

- SQLite3:
  . Implemented FR #72653 (SQLite should allow opening with empty filename).
    (cmb)

- Wddx:
  . Fixed bug #72142 (WDDX Packet Injection Vulnerability in
    wddx_serialize_value()). (Taoguang Chen)
  . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
  . Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
  . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
    (Stas)
  . Fixed bug #72799 (wddx_deserialize null dereference in
    php_wddx_pop_element). (Stas)
 2016-08-19 03:29:00 +00:00
taca
2c82dc088f * Switch to use external gd (graphics/gd package). 
* Use the same PKG_OPTIONS as graphics/gd.

Bump PKGREVISION of php-gd.
 2016-08-13 17:34:41 +00:00
jdolecek
fcdade1f98 fixup checksum for patches/patch-ext_recode_recode.c after adding the comment there 2016-07-24 13:29:56 +00:00