[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc-2014Q2 2014-08-25T16:14:59Z 2014-08-25T16:14:59Z tron tron@pkgsrc.org 2014-08-25T16:14:59Z urn:sha1:99328f254bb4a3774bf28fb9cc7269f752ffb635 lang/php55: security update Revisions pulled up: - lang/php/phpversion.mk patch - lang/php55/Makefile 1.16 - lang/php55/distinfo 1.27-1.28 - lang/php55/patches/patch-aclocal.m4 1.2 - lang/php55/patches/patch-build_libtool.m4 1.2 - lang/php55/patches/patch-configure 1.8 - lang/php55/patches/patch-ext_gd_libgd_gdxpm.c deleted - lang/php55/patches/patch-ext_spl_spl__array.c deleted - lang/php55/patches/patch-ext_spl_spl__dllist.c deleted --- Module Name: pkgsrc Committed By: taca Date: Sat Jul 26 00:11:55 UTC 2014 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: Makefile distinfo pkgsrc/lang/php55/patches: patch-aclocal.m4 patch-build_libtool.m4 patch-configure Removed Files: pkgsrc/lang/php55/patches: patch-ext_spl_spl__array.c patch-ext_spl_spl__dllist.c Log Message: Update php55 to 5.5.15. 24 Jul 2014, PHP 5.5.15 - Core: . Fixed bug #67428 (header('Location: foo') will override a 308-399 response code). (Adam) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). (Ferenc) . Fixed bug #67497 (eval with parse error causes segmentation fault in generator). (Nikita) . Fixed bug #67151 (strtr with empty array crashes). (Nikita) . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012). (Christian Wenz) - CLI server: . Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam) . Fixed bug #66830 (Empty header causes PHP built-in web server to hang). (Adam) - FPM: . Fixed bug #67530 (error_log=syslog ignored). (Remi) . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi) - Intl: . Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone). (Stas) . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas) - OPCache: . Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence) - pgsql: . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3. (Adam) - Phar: . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) - SPL: . Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (research at insighti dot org, Laruence) . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence) - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam) --- Module Name: pkgsrc Committed By: taca Date: Sat Aug 23 16:09:21 UTC 2014 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: distinfo Removed Files: pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c Log Message: Update php55 to 5.5.16 (PHP 5.5.16). 21 Aug 2014, PHP 5.5.16 - COM: . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). - Fileinfo: . Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi) . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) - FPM: . Fixed bug #67635 (php links to systemd libraries without using pkg-config). (pacho@gentoo.org, Remi) - GD: . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497) (Remi) . Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120) (Ryan Mauger) - Milter: . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) - OpenSSL: . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). - readline: . Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes) . Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes) - Sessions: . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). - Core: . Fixed bug #67693 (incorrect push to the empty array) (Tjerk) . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) - ODBC: . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields). (Keyur) 2014-08-25T15:59:27Z tron tron@pkgsrc.org 2014-08-25T15:59:27Z urn:sha1:722adff0153620fcddf5a2027ea2795ec9700f0a lang/php54: security update Revisions pulled up: - lang/php/phpversion.mk patch - lang/php54/Makefile 1.25 - lang/php54/distinfo 1.45-1.46 - lang/php54/patches/patch-aclocal.m4 1.2 - lang/php54/patches/patch-build_libtool.m4 1.2 - lang/php54/patches/patch-configure 1.9 - lang/php54/patches/patch-ext_gd_libgd_gdxpm.c deleted - lang/php54/patches/patch-ext_spl_spl__array.c deleted - lang/php54/patches/patch-ext_spl_spl__dllist.c deleted --- Module Name: pkgsrc Committed By: taca Date: Sat Jul 26 00:12:54 UTC 2014 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: Makefile distinfo pkgsrc/lang/php54/patches: patch-aclocal.m4 patch-build_libtool.m4 patch-configure Log Message: Update php54 to 5.4.31. 24 Jul 2014, PHP 5.4.31 - Core: . Fixed bug #67428 (header('Location: foo') will override a 308-399 response code). (Adam) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). (Ferenc) . Fixed bug #67151 (strtr with empty array crashes). (Nikita) . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012). (Christian Wenz) - CLI server: . Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam) . Fixed bug #66830 (Empty header causes PHP built-in web server to hang). (Adam) - FPM: . Fixed bug #67530 (error_log=syslog ignored). (Remi) . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi) - Intl: . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas) - pgsql: . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3. (Adam) - Phar: . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam) --- Module Name: pkgsrc Committed By: taca Date: Sat Aug 23 16:07:24 UTC 2014 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php54: distinfo Removed Files: pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c patch-ext_spl_spl__array.c patch-ext_spl_spl__dllist.c Log Message: Update php54 to 5.4.32 (PHP 5.4.32). 07 Aug 2014, PHP 5.4.32 - Core: . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) - COM: . Fixed missing type checks in com_event_sink. (Yussuf Khalil, Stas) - Fileinfo: . Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi) . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) - GD: . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497) (Remi) . Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120) (Ryan Mauger) - Milter: . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) - OpenSSL: . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). - Readline: . Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes) . Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes) - Sessions: . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). - SPL: . Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (research at insighti dot org, Laruence) . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence) - Core: . Fixed bug #67693 (incorrect push to the empty array) (Tjerk) - ODBC: . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields). (Keyur) - Zlib: . Fixed bug #67724 (chained zlib filters silently fail with large amounts of data). (Mike) 2014-08-18T12:48:05Z tron tron@pkgsrc.org 2014-08-18T12:48:05Z urn:sha1:caf4835f19047f6c8be048c916911843a17649d3 lang/php53: security update Revisions pulled up: - lang/php/phpversion.mk 1.69 via patch - lang/php53/Makefile 1.49 - lang/php53/Makefile.php 1.41 - lang/php53/distinfo 1.75-1.76 - lang/php53/patches/patch-Zend_zend_language_parser.h deleted - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c deleted - lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re deleted --- Module Name: pkgsrc Committed By: prlw1 Date: Mon Jul 28 16:12:57 UTC 2014 Modified Files: pkgsrc/lang/php53: distinfo Added Files: pkgsrc/lang/php53/patches: patch-Zend_zend_language_parser.h Log Message: Fix build of www/ap-php with PHP 5.3. --- Module Name: pkgsrc Committed By: taca Date: Fri Aug 15 16:09:16 UTC 2014 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php53: Makefile Makefile.php distinfo Removed Files: pkgsrc/lang/php53/patches: patch-Zend_zend_language_parser.h patch-ext_date_lib_parse__iso__intervals.c patch-ext_date_lib_parse__iso__intervals.re Log Message: Update php53 to 5.3.29, final PHP 5.3 release. 14 Aug 2014, PHP 5.3.29 - Core: . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67390 (insecure temporary file use in the configure script). (Remi) (CVE-2014-3981) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515). (Stefan Esser) . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) - COM: . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). - Date: . Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712) (Remi) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - Exif: . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238) . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (Francisco Alonso, Jan Kaluza, Remi) - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) . Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_check_record()). (CVE-2014-4049). (Sara) - OpenSSL: . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). - Session: . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). 2014-06-27T11:34:19Z taca taca@pkgsrc.org 2014-06-27T11:34:19Z urn:sha1:4b63706cae6666c21bc1aa270d28924f2a2d14b2 26 Jun 2014, PHP 5.5.14 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) . Fixed regression in fix for bug #67118 (constructor can't be called twice). (Remi) - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) . Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) - OPCache: . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence) - OpenSSL: . Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler) . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler) - PDO-ODBC: . Fixed bug #50444 (PDO-ODBC changes for 64-bit). - SOAP: . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) - SPL: . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515) (Stefan Esser) . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - GD: . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) - PCRE: . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588) 2014-06-27T11:31:20Z taca taca@pkgsrc.org 2014-06-27T11:31:20Z urn:sha1:b2f2745711ad6df4f56d8216111b95f52b0acfee 26 Jun 2014, PHP 5.4.30 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) . Fixed regression in fix for bug #67118 (constructor can't be called twice). (Remi) - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) . Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) - OpenSSL: . Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler) . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler) - SOAP: . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) - SPL: . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515). (Stefan Esser) 2014-06-13T02:58:19Z obache obache@pkgsrc.org 2014-06-13T02:58:19Z urn:sha1:4b36cf6529bbcc5c322f130dcec5a4ba9869082b 2014-05-31T04:28:56Z taca taca@pkgsrc.org 2014-05-31T04:28:56Z urn:sha1:16f1b7a51079faca3ae32f3705c5bbf568078da7 29 May 2014, PHP 5.4.29 - COM: . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) - Core: . Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) - Date: . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238) . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237) - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588) 2014-05-31T04:26:39Z taca taca@pkgsrc.org 2014-05-31T04:26:39Z urn:sha1:a25138c2435d0ccc1ee10a8a6952e24a66a9ccc9 29 May 2014, PHP 5.5.13 - CLI server: . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol) - COM: . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) - Core: . Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) - Curl: . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike) - Date: . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - GD: . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) - PCRE: . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588) 2014-05-02T13:04:12Z taca taca@pkgsrc.org 2014-05-02T13:04:12Z urn:sha1:edc89abcf1e81e3d63b9a7499ebe1513aabb6dfe 01 May 2014, PHP 5.4.28 - Core: . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike) . Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass). (Jann Horn, Stas) . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) . Fixed bug #66736 (fpassthru broken). (Mike) . Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella) - cURL: . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten) - Date: . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski) - Embed: . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol) - Fileinfo: . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi) - FPM: . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185). (Stas) - JSON: . Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set). (Kevin Israel) - LDAP: . Fixed issue with null bytes in LDAP bindings. (Matthew Daley) - OpenSSL: . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) - SimpleXML: . Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol) - XSL: . Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol) - Apache2 Handler SAPI: . Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick) 2014-05-01T15:52:33Z taca taca@pkgsrc.org 2014-05-01T15:52:33Z urn:sha1:5ec4670d5e7942a691081f4609d4865ab48f865b 01 May 2014, PHP 5.5.12 - Core: . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike) . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) . Fixed bug #66736 (fpassthru broken). (Mike) . Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella) . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk) - cURL: . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten) - Date: . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski) - Embed: . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol). - Fileinfo: . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi) - FPM: . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). . Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info) - JSON: . Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set). (Kevin Israel) - LDAP: . Fixed issue with null bytes in LDAP bindings. (Matthew Daley) - mysqli: . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey) - OpenSSL: . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) - SimpleXML: . Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol) - SQLite: . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol) - XSL: . Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol) - Apache2 Handler SAPI: . Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)