diff options
author | tron <tron@pkgsrc.org> | 2015-03-04 18:52:36 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2015-03-04 18:52:36 +0000 |
commit | 9875769fad922fc4405df0ac59d37d249a153fb5 (patch) | |
tree | 7324e22dea2849d96c8f8d64b30b4700d71edb83 /lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt | |
parent | 707fc78fcb3da00ea3f449ef6b31b6f071fa0a79 (diff) | |
download | pkgsrc-9875769fad922fc4405df0ac59d37d249a153fb5.tar.gz |
Pullup ticket #4633 - requested by taca
lang/php56: security update
Revisions pulled up:
- lang/php/phpversion.mk 1.88
- lang/php56/Makefile 1.4
- lang/php56/PLIST 1.2
- lang/php56/distinfo 1.6
- lang/php56/patches/patch-ext_date_php_date.c deleted
- lang/php56/patches/patch-ext_date_tests_bug68942.phpt deleted
- lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt deleted
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 20 01:17:50 UTC 2015
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php56: Makefile PLIST distinfo
Removed Files:
pkgsrc/lang/php56/patches: patch-ext_date_php_date.c
patch-ext_date_tests_bug68942.phpt
patch-ext_date_tests_bug68942_2.phpt
Log Message:
Update php56 to 5.6.6 (PHP 5.6.6).
19 Feb 2015, PHP 5.6.6
- Core:
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed Bug #67988 (htmlspecialchars() does not respect default_charset
specified by ini_set) (Yasuo)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
. Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files
correctly). (Anatol)
. Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some
gifs). (Anatol)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- JSON:
. Fixed bug #50224 (json_encode() does not always encode a float as a float)
by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
- LIBXML:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Opcache:
. Fixed bug with try blocks being removed when extended_info opcode
generation is turned on. (Laruence)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198 at aol dot com)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI). (Anatol)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
Diffstat (limited to 'lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt')
-rw-r--r-- | lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt deleted file mode 100644 index 1b33e6eed6e..00000000000 --- a/lang/php56/patches/patch-ext_date_tests_bug68942_2.phpt +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1.2.2 2015/02/19 19:18:59 tron Exp $ - -Test CVE-2015-0273 / bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone) - ---- ext/date/tests/bug68942_2.phpt.orig 2015-02-18 23:37:44.000000000 +0000 -+++ ext/date/tests/bug68942_2.phpt -@@ -0,0 +1,9 @@ -+--TEST-- -+Bug #68942 (Use after free vulnerability in unserialize() with DateTime). -+--FILE-- -+<?php -+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}'); -+var_dump($data); -+?> -+--EXPECTF-- -+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d |