diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2016-02-10 20:45:48 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2016-02-10 20:45:48 +0000 |
| commit | c57637d020908aed2e93a0c0d670b65539b72517 (patch) | |
| tree | 792c16ac1b90741a3dd1ba52b84b78d4440a6e7d | |
| parent | c995039e5cfd175d467fef0fe3a806ad11c6f6e8 (diff) | |
| download | pkgsrc-c57637d020908aed2e93a0c0d670b65539b72517.tar.gz | |
Pullup ticket #4918 - requested by taca
lang/php70: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.125
- lang/php70/distinfo 1.4-1.5
- lang/php70/patches/patch-ext_pcre_pcrelib_config.h 1.1-1.2
---
Module Name: pkgsrc
Committed By: jklos
Date: Thu Jan 21 21:47:24 UTC 2016
Modified Files:
pkgsrc/lang/php70: distinfo
Added Files:
pkgsrc/lang/php70/patches: patch-ext_pcre_pcrelib_config.h
Log Message:
Selectively enable just-in-time support in PCRE for supported architectures.
Same issue as seen in older php:
https://mail-index.netbsd.org/pkgsrc-bugs/2015/09/13/msg057792.html
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Feb 6 07:14:44 UTC 2016
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php70: distinfo
pkgsrc/lang/php70/patches: patch-ext_pcre_pcrelib_config.h
Log Message:
Update php70 to 7.0.3 (PHP 7.0.3).
04 Feb 2016 PHP 7.0.3
- Core:
. Added support for new HTTP 451 code. (Julien)
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
. Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
(Anatol)
. Fixed Bug #71275 (Bad method called on cloning an object having a trait).
(Bob)
. Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
. Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
. Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71336 (Wrong is_ref on properties as exposed via
get_object_vars()). (Laruence)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- Apache2handler:
. Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
- CURL:
. Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
. Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
reference to CURLFile). (Laruence)
- Interbase:
. Fixed Bug #71305 (Crash when optional resource is omitted).
(Laruence, Anatol)
- LDAP:
. Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string
"Array"). (Laruence)
- mbstring:
. Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)
- OpenSSL:
. Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- SOAP:
. Fixed bug #70979 (crash with bad soap request). (Anatol)
- SPL:
. Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
(Laruence)
. Fixed bug #71202 (Autoload function registered by another not activated
immediately). (Laruence)
. Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
unserialize)). (Sean Heelan)
. Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage,
unserialize)). (Sean Heelan)
- Standard:
. Fixed bug #71287 (Error message contains hexadecimal instead of decimal
number). (Laruence)
. Fixed bug #71264 (file_put_contents() returns unexpected value when
filesystem runs full). (Laruence)
. Fixed bug #71245 (file_get_contents() ignores "header" context option if
it's a reference). (Laruence)
. Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start).
(hugh at allthethings dot co dot nz)
. Fixed bug #71190 (substr_replace converts integers in original $search
array to strings). (Laruence)
. Fixed bug #71188 (str_replace converts integers in original $search array
to strings). (Laruence)
. Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
| -rw-r--r-- | lang/php/phpversion.mk | 4 | ||||
| -rw-r--r-- | lang/php70/distinfo | 11 | ||||
| -rw-r--r-- | lang/php70/patches/patch-ext_pcre_pcrelib_config.h | 26 |
3 files changed, 34 insertions, 7 deletions
diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index 8e40f210c28..a17eb22d59d 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.119.2.5 2016/02/10 20:36:47 bsiegert Exp $ +# $NetBSD: phpversion.mk,v 1.119.2.6 2016/02/10 20:45:48 bsiegert Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -83,7 +83,7 @@ PHPVERSION_MK= defined # Define each PHP's version. PHP55_VERSION= 5.5.32 PHP56_VERSION= 5.6.18 -PHP70_VERSION= 7.0.2 +PHP70_VERSION= 7.0.3 # Define initial release of major version. PHP55_RELDATE= 20130620 diff --git a/lang/php70/distinfo b/lang/php70/distinfo index dfb9b580c5c..cfe40c9ba57 100644 --- a/lang/php70/distinfo +++ b/lang/php70/distinfo @@ -1,14 +1,15 @@ -$NetBSD: distinfo,v 1.2.2.1 2016/01/18 20:14:19 bsiegert Exp $ +$NetBSD: distinfo,v 1.2.2.2 2016/02/10 20:45:48 bsiegert Exp $ -SHA1 (php-7.0.2.tar.bz2) = 24f6a1f926f5eda8bd8c0a343d3b175378d706bf -RMD160 (php-7.0.2.tar.bz2) = 8a8acf7b0c4fa8b2c095645203d6a1e5dada27ca -SHA512 (php-7.0.2.tar.bz2) = 05575617c6b9fb25de1d3963ff6fdb2033c66064d65657598228551119859125d33e91fafb9526d6799e92566d51bbd7c29956f774af6e0a64d7f0098d01cc40 -Size (php-7.0.2.tar.bz2) = 13988573 bytes +SHA1 (php-7.0.3.tar.bz2) = 60127213896626ba218eb3425271918080f25054 +RMD160 (php-7.0.3.tar.bz2) = 5faa785d77bee469cdbbb313e63c991b7c162c46 +SHA512 (php-7.0.3.tar.bz2) = 3a7aa542f53a38499eb126c3d489bed057a5a9b8e4a8fb45a55b1080fc573646615699bd94b03c882e58554b23ac5d6e3aaf54d0b502b9d110e91e69339bd7a0 +Size (php-7.0.3.tar.bz2) = 14011153 bytes SHA1 (patch-acinclude.m4) = b682280fd89950c082c2226bdb7364b0dc475bad SHA1 (patch-configure) = 2ef84d463f4eeb35ecc3df82c1aaca8e74f3a276 SHA1 (patch-ext_gd_config.m4) = a7ec1bd0d876657d4b5e597b9aa1e97c2d2801e3 SHA1 (patch-ext_imap_config.m4) = f4e10ab81697b72019313f63bc630627a08efd92 SHA1 (patch-ext_opcache_config.m4) = d0dc7dbf2e5fe498cbf03c4514e4efdb6c6d2c4a +SHA1 (patch-ext_pcre_pcrelib_config.h) = 0cb05c3b3bfafd8119cf43162c0f4db7f5b37ba8 SHA1 (patch-ext_pdo__mysql_config.m4) = b1ef91be5a729040197e9af50da0f5fd1f6c90a8 SHA1 (patch-ext_pdo_config.m4) = 522281775cc0e70a135b1f813158988ef1f3e244 SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426 diff --git a/lang/php70/patches/patch-ext_pcre_pcrelib_config.h b/lang/php70/patches/patch-ext_pcre_pcrelib_config.h new file mode 100644 index 00000000000..f1131f92822 --- /dev/null +++ b/lang/php70/patches/patch-ext_pcre_pcrelib_config.h @@ -0,0 +1,26 @@ +$NetBSD$ + +--- ext/pcre/pcrelib/config.h.orig 2016-02-02 16:32:32.000000000 +0000 ++++ ext/pcre/pcrelib/config.h +@@ -397,7 +397,20 @@ them both to 0; an emulation function wi + #undef SUPPORT_GCOV + + /* Define to any value to enable support for Just-In-Time compiling. */ +-#define SUPPORT_JIT ++#if defined(__i386__) || defined(__i386) \ ++|| defined(__x86_64__) \ ++|| defined(__arm__) || defined(__ARM__) \ ++|| defined (__aarch64__) \ ++|| defined(__ppc64__) || defined(__powerpc64__) || defined(_ARCH_PPC64) \ ++|| (defined(_POWER) && defined(__64BIT__)) \ ++|| defined(__ppc__) || defined(__powerpc__) || defined(_ARCH_PPC) \ ++|| defined(_ARCH_PWR) || defined(_ARCH_PWR2) || defined(_POWER) \ ++|| (defined(__mips__) && !defined(_LP64)) \ ++|| defined(__mips64) \ ++|| defined(__sparc__) || defined(__sparc) \ ++|| defined(__tilegx__) ++ #define SUPPORT_JIT ++#endif + + /* Define to any value to allow pcregrep to be linked with libbz2, so that it + is able to handle .bz2 files. */ |