taca
86f1b06b09
lang/php56: update to 5.6.39
...
06 Dec 2018, PHP 5.6.39
- Core:
. Fixed bug #77231 (Segfault when using convert.quoted-printable-encode
filter). (Stas)
- IMAP:
. Fixed bug #77020 (null pointer dereference in imap_mail). (cmb)
. Fixed bug #77153 (imap_open allows to run arbitrary shell commands via
mailbox parameter). (Stas)
- Phar:
. Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas)
. Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
(Stas)
2018-12-07 17:14:58 +00:00
taca
cfa36bbac9
lang/php56: Update to 5.6.38
...
13 Sep 2018, PHP 5.6.38
- Apache2
. Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (Stas)
2018-09-13 15:47:46 +00:00
taca
12c71c75d8
lang/php56: update to 5.6.37
...
19 Jul 2018, PHP 5.6.37
- Exif:
. Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
exif_thumbnail_extract of exif.c). (Stas)
. Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
data). (Stas)
- Win32:
. Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
2018-07-20 13:28:48 +00:00
manu
3b488481fa
Add pkgsrc build option disable-filter-url to disable php://filter URL
...
php://filter URL is a feature documented here:
http://php.net/manual/en/wrappers.php.php
Unfortunately, it allows remote control of include() behavior
beyond what many developpers expected, enabling easy dump of
PHP source files. The administrator may want to disable the
feature for security sake, and this option makes that possible.
2018-07-18 07:33:12 +00:00
taca
7227522052
lang/php56: update to 5.6.36
...
26 Apr 2018 PHP 5.6.36
- Exif:
. Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
(Stas)
- iconv:
. Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on
invalid sequence). (Stas)
- LDAP:
. Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)
- Phar:
. Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)
2018-04-29 16:26:40 +00:00
taca
c05e6c0c92
lang/php56: update to 5.6.35
...
29 Mar 2018, PHP 5.6.35
- FPM:
. Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache
access controls). (Jakub Zelenka)
2018-03-30 00:37:16 +00:00
taca
039f5bf887
lang/php56: update to 5.6.34
...
01 Mar 2018, PHP 5.6.34
- Standard:
. Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (Stas)
2018-03-02 02:13:44 +00:00
wiz
f0711fb72d
lang/*: remove BROKEN markers for known openssl-1.1 breakage
...
Requested by joerg.
2018-02-23 15:26:14 +00:00
wiz
140c937b88
php56: mark as broken on NetBSD-current due to openssl-1.1
2018-02-20 06:42:20 +00:00
jdolecek
33cbfa4283
note a planned End of Life for support of PHP 5.6.x and PHP 7.0.x
...
Those releases will stop getting official support on Dec 31 2018 and
Dec 3 2018 respectively, and they should be removed from pkgsrc by then.
2018-02-04 11:35:39 +00:00
jperkin
d143b93d95
php56: Convert libgcc fix to a patch to mirror php7*.
2018-01-16 11:28:09 +00:00
taca
ff57933b5b
lang/php56: update to 5.6.33
...
04 Jan 2017, PHP 5.6.33
- GD:
. Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (cmb)
- Phar:
. Fixed bug #74782 (Reflected XSS in .phar 404 page). (Stas)
2018-01-05 03:08:36 +00:00
taca
13bb6ff47d
lang/php56: Update to 5.6.32
...
* pkgsrc change: remove post-extract which is not required any more.
* including securiy fixes.
26 Sep 2017, PHP 5.6.32
- Date:
. Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)
- mcrypt:
. Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)
- PCRE:
. Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)
2017-10-27 08:45:06 +00:00
manu
f926479f35
Back out the calendar option for PHP
...
The functionnality is already avaialable from pkgsrc/time/php-calendar
moduke. Thnaks to Takahiro Kambe for pointing it out.
2017-07-12 09:11:35 +00:00
manu
e172ab8fa1
Add calendar package option to build PHP with calendar support
2017-07-11 03:28:08 +00:00
taca
da2176045b
Update php56 to 5.6.31.
...
06 Jul 2017, PHP 5.6.31
- Core:
. Fixed bug #73807 (Performance problem with processing post request over
2000000 chars). (Nikita)
. Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
unserialize). (Nikita)
. Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
(Stas)
. Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
php_parse_date()). (Derick)
- GD:
. Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)
- mbstring:
. Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
- OpenSSL:
. Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
(Stas)
- PCRE:
. Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
(Stas)
- WDDX:
. Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (Stas)
2017-07-07 03:13:48 +00:00
fhajny
bc2e501ed4
Build the dom extension embedded. This enables full functionality in xmlreader and fixes joyent/pkgsrc/issues/477. Bump PKREVISION.
2017-04-05 12:28:59 +00:00
wiz
4e8a4877f6
Fix build with tidy-5.x.
2017-02-20 09:35:16 +00:00
taca
7c712307eb
Update php56 to 5.6.30.
...
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017, PHP 5.6.30
- EXIF:
. Fixed bug #73737 (FPE when parsing a tag format). (Stas)
- GD:
. Fixed bug #73549 (Use after free when stream is passed to imagepng). (cmb)
. Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
. Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)
- Intl:
. Fixed bug #68447 (grapheme_extract take an extra trailing character).
(SATŌ Kentarō)
- Phar:
. Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
. Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
. Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)
- SQLite3:
. Reverted fix for bug #73530 (Unsetting result set may reset other result
set). (cmb)
- Standard:
. Fixed bug #70213 (Unserialize context shared on double class lookup).
(Taoguang Chen)
. Fixed bug #73825 (Heap out of bounds read on unserialize in
finish_nested_data()). (Stas)
2017-01-20 00:44:00 +00:00
taca
770652bc8e
Update php56 to 5.6.29 (PHP 5.6.29).
...
08 Dec 2016, PHP 5.6.29
- Mysqlnd:
. Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb)
- Opcache:
. Fixed bug #73402 (Opcache segfault when using class constant to call a
method). (Laruence)
. Fixed bug #69090 (check cached files permissions)
- OpenSSL
. Fixed bug #72776 (Invalid parameter in memcpy function trough
openssl_pbkdf2). (Jakub Zelenka)
- Postgres:
. Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()). (Craig Duncan)
- SOAP:
. Fixed bug #73452 (Segfault (Regression for #69152 )). (Dmitry)
- SQLite3:
. Fixed bug #73530 (Unsetting result set may reset other result set). (cmb)
- Standard:
. Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
(rowan dot collins at gmail dot com)
- WDDX:
. Fixed bug #73631 (Memory leak due to invalid wddx stack processing).
(bughunter at fosec dot vn).
2016-12-10 07:08:39 +00:00
adam
f49c15c0ca
On Darwin, allow native iconv when Command Line Tools are not installed.
2016-12-05 18:17:11 +00:00
taca
8104ad62c2
Update php56 to 5.6.28 (PHP 5.6.28), including security fix (as usual).
...
10 Nov 2016, PHP 5.6.28
- Core:
. Fixed bug #73337 (try/catch not working with two exceptions inside a same
operation). (Dmitry)
- Bz2:
. Fixed bug #73356 (crash in bzcompress function). (Stas)
-GD:
. Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
. Fixed bug #73272 (imagescale() is not affected by, but affects
imagesetinterpolation()). (cmb)
. Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
. Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
. Fixed bug #72482 (Illegal write/read access caused by gdImageAALine overflow).
(cmb)
. Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)
- Imap:
. Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads Heap Overflow).
(Anatol)
- SPL:
. Fixed bug #73144 (Use-after-free in ArrayObject Deserialization). (Stas)
- SOAP:
. Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)
- SQLite3:
. Fixed bug #73333 (2147483647 is fetched as string). (cmb)
- Standard:
. Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
. Fixed bug #73188 (use after free in userspace streams). (Sara)
- Wddx:
. Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization
with PDORow). (Stas)
2016-11-12 15:34:00 +00:00
taca
6e03cf7677
Update php56 to 5.6.27.
...
13 Oct 2016, PHP 5.6.27
- Core:
. Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of
zend_virtual_cwd.c). (cmb)
. Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
. Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by
password_verify). (Anatol)
. Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
. Fixed bug #73147 (Use After Free in unserialize()). (Stas)
- BCmath:
. Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)
- DOM:
. Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)
- Ereg:
. Fixed bug #73284 (heap overflow in php_ereg_replace function). (Stas)
- Filter:
. Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and
FILTER_FLAG_NO_PRIV_RANGE). (julien)
. Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN,
FILTER_NULL_ON_FAILURE). (levim, cmb)
. Fixed bug #73054 (default option ignored when object passed to int filter).
(cmb)
- GD:
. Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
(cmb)
. Fixed bug #50194 (imagettftext broken on transparent background w/o
alphablending). (cmb)
. Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab,
cmb)
. Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
(Mark Plomer, cmb)
. Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
. Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
. Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted
files). (cmb)
. Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)
- Intl:
. Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)
- Imap:
. Fixed bug #73208 (integer overflow in imap_8bit caused heap corruption).
(Stas)
- Mbstring:
. Fixed bug #72994 (mbc_to_code() out of bounds read). (Laruence, cmb)
. Fixed bug #66964 (mb_convert_variables() cannot detect recursion). (Yasuo)
. Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
(Yasuo)
. Fixed bug #73082 (string length overflow in mb_encode_* function). (Stas)
- PCRE:
. Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas)
- Opcache:
. Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
(Keyur) (julien backport)
- OpenSSL:
. Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
(Jakub Zelenka)
. Fixed bug #73275 (crash in openssl_encrypt function). (Stas)
. Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)
- Session:
. Fixed bug #68015 (Session does not report invalid uid for files save handler).
(Yasuo)
. Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
(cmb)
- SimpleXML:
. Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
(Stas)
- SPL:
. Fixed bug #73073 (CachingIterator null dereference when convert to string).
(Stas)
- Standard:
. Fixed bug #73240 (Write out of bounds at number_format). (Stas)
. Fixed bug #73017 (memory corruption in wordwrap function). (Stas)
- Stream:
. Fixed bug #73069 (readfile() mangles files larger than 2G). (Laruence)
- Zip:
. Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
(cmb)
2016-10-16 11:58:42 +00:00
taca
0a6d207f60
Update php56 to 5.6.26 (PHP 5.6.26).
...
15 Sep 2016, PHP 5.6.26
- Core:
. Fixed bug #72907 (null pointer deref, segfault in gc_remove_zval_from_buffer
(zend_gc.c:260)). (Laruence)
- Dba:
. Fixed bug #71514 (Bad dba_replace condition because of wrong API usage).
(cmb)
. Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
(cmb)
- EXIF:
. Fixed bug #72926 (Uninitialized Thumbail Data Leads To Memory Leakage in
exif_process_IFD_in_TIFF). (Stas)
- FTP:
. Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
require_ssl_reuse). (Benedict Singer)
- GD:
. Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
images). (cmb)
. Fixed bug #72913 (imagecopy() loses single-color transparency on palette
images). (cmb)
. Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
- Intl:
. Fixed bug #73007 (add locale length check). (Stas)
- JSON:
. Fixed bug #72787 (json_decode reads out of bounds). (Jakub Zelenka)
- mbstring:
. Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
. Fixed bug #72910 (Out of bounds heap read in mbc_to_code() / triggered by
mb_ereg_match()). (Stas)
- MSSQL:
. Fixed bug #72039 (Use of uninitialised value on mssql_guid_string). (Kalle)
- Mysqlnd:
. Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)
- Phar:
. Fixed bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile). (Stas)
. Fixed bug #73035 (Out of bound when verify signature of tar phar in
phar_parse_tarfile). (Stas)
- PDO:
. Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
returns false). (cmb)
- PDO_pgsql:
. Implemented FR #72633 (Postgres PDO lastInsertId() should work without
specifying a sequence). (Pablo Santiago Sánchez, Matteo)
. Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)
- SPL:
. Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)
- Standard:
. Fixed bug #72823 (strtr out-of-bound access). (cmb)
. Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
. Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
(cmb)
. Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
(cmb)
. Fixed bug #73011 (integer overflow in fgets cause heap corruption). (Stas)
. Fixed bug #73017 (memory corruption in wordwrap function). (Stas)
. Fixed bug #73045 (integer overflow in fgetcsv caused heap corruption). (Stas)
. Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)
(Stas)
- Streams:
. Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
- Wddx:
. Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
. Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)
- XML:
. Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
. Fixed bug #72927 (integer overflow in xml_utf8_encode). (Stas)
- ZIP:
. Fixed bug #68302 (impossible to compile php with zip support). (cmb)
2016-09-16 16:09:24 +00:00
taca
0d175f2255
Update php56 to 5.6.25 (PHP 5.6.25).
...
18 Aug 2016, PHP 5.6.25
- Bz2:
. Fixed bug #72837 (integer overflow in bzdecompress caused heap
corruption). (Stas)
- Core:
. Fixed bug #70436 (Use After Free Vulnerability in unserialize()).
(Taoguang Chen)
. Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
. Fixed bug #72581 (previous property undefined in Exception after
deserialization). (Laruence)
. Implemented FR #72614 (Support "nmake test" on building extensions by
phpize). (Yuji Uchiyama)
. Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
(Yuji Uchiyama)
. Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
__wakeup() in Deserialization). (Stas)
. Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
- Calendar:
. Fixed bug #67976 (cal_days_month() fails for final month of the French
calendar). (cmb)
. Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
zif_cal_from_jd). (cmb)
- Curl:
. Fixed bug #71144 (Segmentation fault when using cURL with ZTS).
(maroszek at gmx dot net)
. Fixed bug #71929 (Certification information (CERTINFO) data parsing error).
(Pierrick)
. Fixed bug #72807 (integer overflow in curl_escape caused heap
corruption). (Stas)
- DOM:
. Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
- Ereg:
. Fixed bug #72838 (Integer overflow lead to heap corruption in
sql_regcase). (Stas)
- EXIF:
. Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
. Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
- Filter:
. Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
range). (bugs dot php dot net at majkl578 dot cz)
- FPM:
. Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
(gooh)
- GD:
. Fixed bug #43828 (broken transparency of imagearc for truecolor in
blendingmode). (cmb)
. Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
. Fixed bug #68712 (suspicious if-else statements). (cmb)
. Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
. Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
. Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
. Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
. Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
. Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)
- Intl:
. Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
names). (cmb)
- mbstring:
. Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
(cmb)
. Fixed bug #72693 (mb_ereg_search increments search position when a match
zero-width). (cmb)
. Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
position). (cmb)
. Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
(ju1ius)
- PCRE:
. Fixed bug #72688 (preg_match missing group names in matches). (cmb)
- PDO_pgsql:
. Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)
- Reflection:
. Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
(Nikita Nefedov)
- SNMP:
. Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
allocation). (djodjo at gmail dot com)
- Standard:
. Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
UTF chars). (cmb)
. Fixed bug #72836 (integer overflow in base64_decode). (Stas)
. Fixed bug #72848 (integer overflow in quoted_printable_encode). (Stas)
. Fixed bug #72849 (integer overflow in urlencode). (Stas)
. Fixed bug #72850 (integer overflow in php_uuencode). (Stas)
. Fixed bug #72716 (initialize buffer before read). (Stas)
- Streams:
. Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
. Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
. Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
non-existent directories). (vhuk)
. Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
with IIS FTP 7.5, 8.5). (vhuk)
. Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
attack). (Stas)
- SPL:
. Fixed bug #72122 (IteratorIterator breaks '@' error suppression). (kinglozzer)
. Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
character). (cmb)
. Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
- SQLite3:
. Implemented FR #72653 (SQLite should allow opening with empty filename).
(cmb)
- Wddx:
. Fixed bug #72142 (WDDX Packet Injection Vulnerability in
wddx_serialize_value()). (Taoguang Chen)
. Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
. Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
. Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
(Stas)
. Fixed bug #72799 (wddx_deserialize null dereference in
php_wddx_pop_element). (Stas)
2016-08-19 03:29:00 +00:00
taca
2c82dc088f
* Switch to use external gd (graphics/gd package).
...
* Use the same PKG_OPTIONS as graphics/gd.
Bump PKGREVISION of php-gd.
2016-08-13 17:34:41 +00:00
jdolecek
fcdade1f98
fixup checksum for patches/patch-ext_recode_recode.c after adding the comment there
2016-07-24 13:29:56 +00:00
jdolecek
f73a55be7f
add patch for ext/recode/recode.c so that the variable 'program_name' required by recode library is provided unconditionally; it should not depend on whether or not program without this symbol happens to compile
2016-07-24 13:27:23 +00:00
taca
8a42760bb3
Update php56 to 5.6.24 (PHP 5.6.24).
...
21 Jul 2016, PHP 5.6.24
- Core:
. Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
(mike dot laspina at gmail dot com, Remi)
. Fixed bug #72496 (Cannot declare public method with signature incompatible
with parent private method). (Pedro Magalhães)
. Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
. Fixed bug #72513 (Stack-based buffer overflow vulnerability in
virtual_file_ex). (loianhtuan at gmail dot com)
. Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
Deserialization). (taoguangchen at icloud dot com)
. Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
applications). (CVE-2016-5385) (Stas)
- bz2:
. Fixed bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at
stealien dot com).
. Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
- EXIF:
. Fixed bug #50845 (exif_read_data() returns corrupted exif headers).
(Bartosz Dziewoński)
- EXIF:
. Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
(Stas)
. Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
(Stas)
- GD:
. Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
. Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
. Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
. Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
access). (Pierre)
. Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
. Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
(CVE-2016-6207) (Pierre)
- Intl:
. Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)
- OpenSSL:
. Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe).
(Jakub Zelenka)
. Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params).
(Jakub Zelenka)
- SNMP:
. Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
unserialize()). (taoguangchen at icloud dot com)
- SPL:
. Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
- SQLite3:
. Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
(cmb)
- Streams:
. Fixed bug #72439 (Stream socket with remote address leads to a segmentation
fault). (Laruence)
- Xmlrpc:
. Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
(Stas)
- Zip:
. Fixed bug #72520 (Stack-based buffer overflow vulnerability in
php_stream_zip_opener). (loianhtuan at gmail dot com)
2016-07-24 02:18:02 +00:00
taca
b091c8e8bb
Update php56 to 5.6.23 (PHP 5.6.23), including security fixes.
...
pkgsrc change: remove confiugre from SUBST_FILES.path.
23 Jun 2016, PHP 5.6.23
- Core:
. Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
json_utf8_to_utf16()). (Stas)
. Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
. Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
- GD:
. Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
. Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
. Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
heap overflow). (Pierre)
. Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
. Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
in heap overflow). (Pierre)
- Intl:
. Fixed bug #70484 (selectordinal doesn't work with named parameters).
(Anatol)
- mbstring:
. Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)
- mcrypt:
. Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
- Phar:
. Fixed bug #72321 (invalid free in phar_extract_file()).
(hji at dyntopia dot com)
- SPL:
. Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
. Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
unserialize). (Dmitry)
- OpenSSL:
. Fixed bug #72140 (segfault after calling ERR_free_strings()).
(Jakub Zelenka)
- WDDX:
. Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
- zip:
. Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
algorithm and unserialize). (Dmitry)
2016-06-24 15:25:20 +00:00
taca
cf8934936f
Update php56 to 5.6.22 (PHP 5.6.22), including security fix.
...
26 May 2016, PHP 5.6.22
- Core:
. Fixed bug #72172 (zend_hex_strtod should not use strlen).
(bwitz at hotmail dot com )
. Fixed bug #72114 (Integer underflow / arbitrary null write in
fread/gzread). (Stas)
. Fixed bug #72135 (Integer Overflow in php_html_entities). (Stas)
- GD:
. Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
- Intl
. Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
. Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (Stas)
- Postgres:
. Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
2016-05-27 13:28:07 +00:00
taca
bc99ae92a7
This package is not for PHP 5.5.x but 5.6.x. Noted by Edgar Fuß via
...
privaet E-mail.
2016-05-16 04:13:59 +00:00
taca
bfb053cbff
Update php56 to 5.6.21.
...
pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on
pkgsrc-users@.
28 Apr 2016, PHP 5.6.21
- Core:
. Fixed bug #69537 (__debugInfo with empty string for key gives error).
(krakjoe)
. Fixed bug #71841 (EG(error_zval) is not handled well). (Laruence)
- BCmath:
. Fixed bug #72093 (bcpowmod accepts negative scale and corrupts
_one_ definition). (Stas)
- Curl:
. Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
(Michael Sierks)
- Date:
. Fixed bug #71889 (DateInterval::format Segmentation fault). (Thomas Punt)
- EXIF:
. Fixed bug #72094 (Out of bounds heap read access in exif header processing). (Stas)
- GD:
. Fixed bug #71952 (Corruption inside imageaffinematrixget). (Stas)
. Fixed bug #71912 (libgd: signedness vulnerability). (Stas)
- Intl:
. Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative
offset). (Stas)
- OCI8:
. Fixed bug #71422 (Fix ORA-01438: value larger than specified precision
allowed for this column). (Chris Jones)
- ODBC:
. Fixed bug #63171 (Script hangs after max_execution_time). (Remi)
- Opcache:
. Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
(Laruence)
- PDO:
. Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
(Daniel Kalaspuffar, Julien)
. Fixed bug #71447 (Quotes inside comments not properly handled). (Matteo)
- Postgres:
. Fixed bug #71820 (pg_fetch_object binds parameters before call
constructor). (Anatol)
- SPL:
. Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails
offsetExists()). (Nikita)
- Standard:
. Fixed bug #71840 (Unserialize accepts wrongly data). (Ryat, Laruence)
. Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or
_REENTRANT is not defined). (Nikita)
- XML:
. Fixed bug #72099 (xml_parse_into_struct segmentation fault). (Stas)
2016-05-02 13:08:00 +00:00
taca
915b9c1643
Update php56 to 5.6.20, including security fix.
...
Add add an patch to fix memory leak noted from Zafer Aydo«»an via
private mail.
31 Mar 2016, PHP 5.6.20
- CLI Server:
. Fixed bug #69953 (Support MKCALENDAR request method). (Christoph)
- Core:
. Fixed bug #71596 (Segmentation fault on ZTS with date function
(setlocale)). (Anatol)
- Curl:
. Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw)
- Date:
. Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt)
- Fileinfo:
. Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic
file). (Anatol)
- Mbstring:
. Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in
mbfl_strcut). (Stas)
- ODBC:
. Fixed bug #47803 , #69526 (Executing prepared statements is succesfull only
for the first two statements). (einavitamar at gmail dot com, Anatol)
. Fixed bug #71860 (Invalid memory write in phar on filename with \0 in
name). (Stas)
- PDO_DBlib:
. Bug #54648 (PDO::MSSQL forces format of datetime fields).
(steven dot lambeth at gmx dot de, Anatol)
- Phar:
. Fixed bug #71625 (Crash in php7.dll with bad phar filename).
(Anatol)
. Fixed bug #71504 (Parsing of tar file with duplicate filenames causes
memory leak). (Jos Elstgeest)
- SNMP:
. Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
(andrew at jmpesp dot org)
- Standard
. Fixed bug #71798 (Integer Overflow in php_raw_url_encode).
(taoguangchen at icloud dot com, Stas)
2016-04-02 09:00:25 +00:00
jperkin
17661ff9a5
Bump PKGREVISION for security/openssl ABI bump.
2016-03-05 11:27:40 +00:00
taca
4ef129bc0e
Update php56 to 5.6.19 (PHP 5.6.19), including security fixes.
...
03 Mar 2016, PHP 5.6.19
- CLI server:
. Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
(Johannes, Anatol)
- CURL:
. Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes
while curl_multi_exec). (Laruence)
- Date:
. Fixed bug #68078 (Datetime comparisons ignore microseconds). (Willem-Jan
Zijderveld)
. Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time,
causing date_date_set issues). (Sean DuBois)
- Fileinfo:
. Fixed bug #71434 (finfo throws notice for specific python file). (Laruence)
- FPM:
. Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi
setup). (Matt Haught, Remi)
- Opcache:
. Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
(Yussuf Khalil)
- PDO MySQL:
. Fixed bug #71569 (#70389 fix causes segmentation fault). (Nikita)
- Phar:
. Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()). (Stas)
- Standard:
. Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
- WDDX:
. Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize). (Stas)
- XSL:
. Fixed bug #71540 (NULL pointer dereference in xsl_ext_function_php()).
(Stas)
- Zip:
. Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence)
2016-03-05 05:18:51 +00:00
jklos
1dac4e77a8
Same as other php versions - selectively enable just-in-time support in
...
PCRE for supported architectures.
https://mail-index.netbsd.org/pkgsrc-bugs/2015/09/13/msg057792.html
2016-02-17 01:17:16 +00:00
taca
be4cd69fa5
Update php56 to 5.6.18 (PHP 5.6.18).
...
04 Feb 2016, PHP 5.6.18
- Core:
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
. Added support for new HTTP 451 code. (Julien)
. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
(Anatol)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- Apache2handler:
. Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV address).
(abrender at elitehosts dot com)
- Opcache:
. Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
. Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32
on the same server). (Anatol)
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- Session:
. Fixed bug #69111 (Crash in SessionHandler::read()). (Anatol)
- SOAP:
. Fixed bug #70979 (crash with bad soap request). (Anatol)
- SPL:
. Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
(Laruence)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
2016-02-06 07:13:02 +00:00
taca
e91bd284dd
Update php55 to 5.6.17, including security fix.
...
07 Jan 2016, PHP 5.6.17
- Core:
. Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
. Fixed bug #70958 (Invalid opcode while using ::class as trait method
paramater default value). (Laruence)
. Fixed bug #70957 (self::class can not be resolved with reflection for
abstract class). (Laruence)
. Fixed bug #70944 (try{ } finally{} can create infinite chains of
exceptions). (Laruence)
. Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
php_register_internal_extensions). (Lior Kaplan)
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
(Laruence)
- SOAP:
. Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
- Standard:
. Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
of parameters). (Laruence)
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
(Julien)
2016-01-08 03:28:20 +00:00
taca
5f3463070d
Update php56 to 5.6.16 (PHP 5.6.16).
...
26 Nov 2015, PHP 5.6.16
- Core:
. Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a
non-existent constant). (Laruence)
. Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
(Laruence)
- Mysqlnd:
. Fixed bug #68344 (MySQLi does not provide way to disable peer certificate
validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
connection flag. (Andrey)
- OCI8:
. Fixed bug #68298 (OCI int overflow). (Senthil)
- PDO_DBlib:
. Fixed bug #69757 (Segmentation fault on nextRowset).
(miracle at rpz dot name)
- SOAP:
. Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace
attribute). (Matteo)
- SPL:
. Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject).
(Reeze Xia)
2015-11-28 07:09:38 +00:00
agc
efd9ad4549
Remove duplicate SHA512 digests that crept in.
2015-11-04 17:41:15 +00:00
agc
54622f28e2
Add SHA512 digests for distfiles for lang category
...
Problems found with existing digests:
Package nhc98 distfile nhc98src-1.22.tar.gz
a8adc8f22371998ee0657bc0e01058a57d876abc [recorded]
81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated]
Problems found locating distfiles:
Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2
Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2
Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz
Package icc11: missing distfile l_cproc_p_11.1.080.tgz
Package jini: missing distfile jini-1_2_1_001-src.zip
Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk7: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz
Package openjdk8: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2
Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz
Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz
Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz
Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz
Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin
Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh
Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz
Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz
Package sun-jre6: missing distfile jce_policy-6.zip
Package sun-jre6: missing distfile jre-6u45-linux-x64.bin
Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh
Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz
Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 22:50:31 +00:00
taca
8c4d241fa6
Update php56 to 5.6.15.
...
29 Oct 2015, PHP 5.6.15
- Core:
. Fixed bug #70681 (Segfault when binding $this of internal instance method
to null). (Nikita)
. Fixed bug #70685 (Segfault for getClosure() internal method rebind with
invalid $this). (Nikita)
- Date:
. Fixed bug #70619 (DateTimeImmutable segfault). (Laruence)
- Mcrypt:
. Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was
specified under RC4). (Nikita)
- Mysqlnd:
. Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
(Andrey)
. Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
- Opcache:
. Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer).
(Laruence)
. Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()). (Laruence)
. Fixed bug #70601 (Segfault in gc_remove_from_buffer()). (Laruence)
. Fixed compatibility with Windows 10 (see also bug #70652 ). (Anatol)
2015-10-31 01:58:37 +00:00
jperkin
4ad05f0995
Pass --disable-libgcc when using SunOS/clang, clang doesn't support the
...
test and will handle libgcc itself as appropriate.
2015-10-27 09:08:20 +00:00
taca
360ea761dc
Update php56 to 5.6.14.
...
01 Oct 2015, PHP 5.6.14
- Core:
. Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when
building extensions). (Adam)
- CLI server:
. Fixed bug #68291 (404 on urls with '+'). (cmb)
- DOM:
. Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity
encoding). (cmb)
- Mysqlnd:
. Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to
a server). (Sergei Turchanov)
- OpenSSL:
. Fixed bug #55259 (openssl extension does not get the DH parameters from
DH key resource). (Jakub Zelenka)
. Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). (cmb)
. Fixed bug #60632 (openssl_seal fails with AES). (Jakub Zelenka)
. Fixed bug #68312 (Lookup for openssl.cnf causes a message box). (Anatol)
- PDO:
. Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
- Phar:
. Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas)
. FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip
entry filename is "/"). (Stas)
- Phpdbg:
. Fix phpdbg_break_next() sometimes not breaking. (Bob)
- Standard:
. Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)
- Streams:
. Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
(Niklas Keller)
- Zip:
. Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). (cmb)
2015-10-02 14:37:39 +00:00
jperkin
8091aee373
Now that _STRIPFLAG_INSTALL is disabled by default on Darwin, remove manual
...
settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.
2015-09-07 12:02:05 +00:00
taca
5bce200245
Update php55 to 5.6.13 including security fixes.
...
03 Sep 2015, PHP 5.6.13
- Core:
. Fixed bug #69900 (Too long timeout on pipes). (Anatol)
. Fixed bug #69487 (SAPI may truncate POST data). (cmb)
. Fixed bug #70198 (Checking liveness does not work as expected).
(Shafreeck Sea, Anatol Belski)
. Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #70219 (Use after free vulnerability in session deserializer).
(taoguangchen at icloud dot com)
- CLI server:
. Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
(wusuopu, cmb)
. Fixed bug #70264 (CLI server directory traversal). (cmb)
- Date:
. Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to
be optional). (cmb)
. Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
(cmb)
- EXIF:
. Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
value of 32 bytes). (Stas)
- hash:
. Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
at naver dot com)
- MCrypt:
. Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
- Opcache:
. Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
on CLI enabled). (Dmitry, Laruence)
- PCRE:
. Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
match). (cmb)
. Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
(Anatol Belski)
- SOAP:
. Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
(Stas)
- SPL:
. Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
. Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
(cmb)
. Fixed bug #70157 (parse_ini_string() segmentation fault with
INI_SCANNER_TYPED). (Tjerk)
- XSLT:
. Fixed bug #69782 (NULL pointer dereference). (Stas)
- ZIP:
. Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
creating directories). (neal at fb dot com)
2015-09-06 12:27:43 +00:00
taca
e61e5a8549
Update php56 to 5.6.12.
...
06 Aug 2015, PHP 5.6.12
- Core:
. Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
. Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- CLI server:
. Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
. Fixed bug #64878 (304 responses return Content-Type header). (cmb)
- GD:
. Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
. Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
. Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
. Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
. Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
. Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
. Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
. Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
. Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
. Fixed bug #68714 (copy 'n paste error). (cmb)
. Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
. Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
columns). (cmb)
- OpenSSL:
. Fixed bug #69882 (OpenSSL error “key values mismatch” after
openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441 . (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)
2015-08-08 00:13:36 +00:00
taca
b4a8fda3a6
Update php56 to 5.6.11.
...
10 Jul 2015, PHP 5.6.11
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69740 (finally in generator (yield) swallows exception in
iteration). (Nikita)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776 . (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- GMP:
. Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP
number). (Nikita)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
. Fixed bug #69970 (Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()). (Laruence)
- Sqlite3:
. Fixed bug #69972 (Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()). (Laruence)
2015-07-11 00:31:01 +00:00
taca
ba064f36c8
Add fix to https://bugs.php.net/bug.php?id=69737 .
...
Bump PKGREVISION.
2015-06-28 15:34:16 +00:00