summaryrefslogtreecommitdiff
path: root/lang/php55
AgeCommit message (Collapse)AuthorFilesLines
2016-05-02Update php55 to 5.5.35.taca2-9/+17
pkgsrc change: Fix build problem on Linux noted by Matthias Ferdinand on pkgsrc-users@. 28 Apr 2016, PHP 5.5.35 - BCMath: . Fix bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (Stas) - Exif: . Fix bug #72094 (Out of bounds heap read access in exif header processing). (Stas) - GD: . Fix bug #71912 (libgd: signedness vulnerability). (Stas) - Intl: . Fix bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (Stas) - XML: . Fix bug #72099 (xml_parse_into_struct segmentation fault). (Stas)
2016-04-02Update php55 to 5.5.34, including security fix.taca3-7/+22
Add add an patch to fix memory leak noted from Zafer Aydo«»an via private mail. 31 Mar 2016, PHP 5.5.34 - Fileinfo: . Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (Anatol) - Mbstring: . Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (Stas) - OBBC . Fixed bug #71860 (Invalid memory write in phar on filename with \0 in name). (Stas) - SNMP: . Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (andrew at jmpesp dot org) - Standard . Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (taoguangchen at icloud dot com, Stas)
2016-03-05Bump PKGREVISION for security/openssl ABI bump.jperkin1-1/+2
2016-03-05Update php55 to 5.5.33, security fixes.taca1-5/+5
03 Mar 2016, PHP 5.5.33 - Phar: . Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()). (Stas) - WDDX: . Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize). (Stas)
2016-02-06Update php55 to 5.5.32 (PHP 5.5.32).taca1-5/+5
04 Feb 2016, PHP 5.5.32 - Core: . Fixed bug #71039 (exec functions ignore length but look for NULL termination). (Anatol) . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input). (Leo Gaspard) . Fixed bug #71459 (Integer overflow in iptcembed()). (Stas) - GD: . Improved the fix for bug #70976. (Remi) - PCRE: . Upgraded pcrelib to 8.38. - Phar: . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas) . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). (Stas) . Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas) - WDDX: . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
2016-01-08Update php55 to 5.5.31, security fix.taca1-5/+5
07 Jan 2015, PHP 5.5.31 - FPM: . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas) - GD: . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (emmanuel dot law at gmail dot com). - WDDX: . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization). (taoguangchen at icloud dot com) . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability). (taoguangchen at icloud dot com) - XMLRPC: . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()). (Julien)
2015-11-03Add SHA512 digests for distfiles for lang categoryagc1-1/+2
Problems found with existing digests: Package nhc98 distfile nhc98src-1.22.tar.gz a8adc8f22371998ee0657bc0e01058a57d876abc [recorded] 81975fcb5f1dda5efeaabc30ce8c6dceae55e591 [calculated] Problems found locating distfiles: Package gcc-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2 Package gcc-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2 Package gcc-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2 Package gcc-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2 Package gcc-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2 Package gcc5-aux: missing distfile ada-bootstrap.i386.dragonfly.36A.tar.bz2 Package gcc5-aux: missing distfile ada-bootstrap.i386.freebsd.84.tar.bz2 Package gcc5-aux: missing distfile ada-bootstrap.x86_64.dragonfly.36A.tar.bz2 Package gcc5-aux: missing distfile ada-bootstrap.x86_64.freebsd.84.tar.bz2 Package gcc5-aux: missing distfile ada-bootstrap.x86_64.solaris.511.tar.bz2 Package ghc7: missing distfile ghc-7.6.3-boot-i386-unknown-freebsd.tar.xz Package icc11: missing distfile l_cproc_p_11.1.080.tgz Package jini: missing distfile jini-1_2_1_001-src.zip Package oo2c: missing distfile oo2c_32-2.0.11.tar.bz2 Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz Package openjdk7: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz Package openjdk7: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2 Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-5-i386-20150301.tar.xz Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-6-i386-20150301.tar.xz Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-earmv6hf-20150306.tar.xz Package openjdk8: missing distfile openjdk7/bootstrap-jdk-1.7.76-netbsd-7-sparc64-20150301.tar.xz Package openjdk8: missing distfile openjdk7/bootstrap-jdk7u60-bin-dragonfly-3.8-amd64-20140719.tar.bz2 Package oracle-jdk8: missing distfile jdk-8u60-linux-i586.tar.gz Package oracle-jdk8: missing distfile jdk-8u60-solaris-x64.tar.gz Package oracle-jre8: missing distfile jre-8u60-linux-i586.tar.gz Package oracle-jre8: missing distfile jre-8u60-solaris-x64.tar.gz Package sun-jdk6: missing distfile jdk-6u45-linux-i586.bin Package sun-jdk6: missing distfile jdk-6u45-solaris-i586.sh Package sun-jdk7: missing distfile jdk-7u72-linux-i586.tar.gz Package sun-jdk7: missing distfile jdk-7u72-solaris-i586.tar.gz Package sun-jre6: missing distfile jce_policy-6.zip Package sun-jre6: missing distfile jre-6u45-linux-x64.bin Package sun-jre6: missing distfile jre-6u45-solaris-x64.sh Package sun-jre7: missing distfile jre-7u72-linux-i586.tar.gz Package sun-jre7: missing distfile jre-7u72-solaris-i586.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
2015-10-27Pass --disable-libgcc when using SunOS/clang, clang doesn't support thejperkin1-1/+7
test and will handle libgcc itself as appropriate.
2015-10-02Update php55 to 5.5.30.taca1-4/+4
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ** PHP 5.5 is in security-only mode , please do not commit to this branch ** 01 Oct 2015, PHP 5.5.30 - Phar: . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). (Stas) . FIxed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). (Stas)
2015-09-07Now that _STRIPFLAG_INSTALL is disabled by default on Darwin, remove manualjperkin1-7/+1
settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.
2015-09-06Update php55 to 5.5.29 including security fixes.taca1-4/+4
03 Sep 2015, PHP 5.5.29 - Core: . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) . Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) - EXIF: . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) - hash: . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) - PCRE: . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) - SOAP: . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) - SPL: . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) - XSLT: . Fixed bug #69782 (NULL pointer dereference). (Stas) - ZIP: . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com)
2015-08-08Update php55 to 5.5.28.taca1-4/+4
06 Aug 2015, PHP 5.5.28 - Core: . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). (Stas) . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita) . Fixed bug #70002 (TS issues with temporary dir handling). (Anatol) . Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). (Stas) - OpenSSL: . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (Stas) - Phar: . Improved fix for bug #69441. (Anatol Belski) . Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). (Anatol Belski) - SOAP: . Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). (Stas) - SPL: . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). (sean.heelan) . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). (taoguangchen at icloud dot com) . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)
2015-07-11Update php55 to 5.5.27.taca3-25/+5
09 Jul 2015, PHP 5.5.27 - Core: . Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb) . Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle) . Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry) . Fixed bug #69642 (Windows 10 reported as Windows 8). (Christian Wenz, Anatol Belski) . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker) . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). (Christian Wenz) . Fixed bug #69835 (phpinfo() does not report many Windows SKUs). (Christian Wenz) . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita) . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo) - GD: . Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb) - Mysqlnd: . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152). (Andrey) - PCRE: . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb) . Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab) - PDO_pgsql: . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). (Philip Hofstetter) . Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). (Matteo) . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). (Matteo) - Phar: . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (Stas) . Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (Stas) - SimpleXML: . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). (Christoph Michael Becker) - SPL: . Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). (Stas) . Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
2015-06-28Add fix to https://bugs.php.net/bug.php?id=69737.taca3-2/+22
Bump PKGREVISION.
2015-06-12Update php55 to 5.5.26.taca2-16/+7
11 Jun 2015, PHP 5.5.26 - Core: . Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait). (jbboehr at gmail dot com) . Fixed bug #66048 (temp. directory is cached during multiple requests). (Julien) . Fixed bug #69628 (complex GLOB_BRACE fails on Windows). (Christoph M. Becker) . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). (Anatol Belski) . Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas) - FTP: . Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Max Spelsberg) - GD: . Fixed bug #69479 (GD fails to build with newer libvpx). (Remi) - Iconv: . Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas) - Litespeed SAPI: . Fixed bug #68812 (Unchecked return value). (George Wang) - Mail: . Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers). (Yasuo) - MCrypt: . Added file descriptor caching to mcrypt_create_iv() (Leigh) - Opcache . Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF). (Laruence, Dmitry) - PCRE: . Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326) - Phar: . Fixed bug #69680 (phar symlink in binary directory broken). (Matteo Bernardini, Remi) - Postgres: . Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi) - Sqlite3: . Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416) (Kaplan)
2015-05-16Update php55 to 5.5.25.taca1-4/+4
14 May 2015, PHP 5.5.25 - Core: . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas) . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas) . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas) . Fixed bug #69522 (heap buffer overflow in unpack()). (Stas) . Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence) . Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence) . Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita) . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry) . Fixed bug #68652 (segmentation fault in destructor). (Dmitry) . Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita) . Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke) - FTP: . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas) - ODBC: . Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol) . Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski) - OpenSSL: . Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey) - PCNTL: . Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas) - Phar: . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)
2015-04-17Update php55 to 5.5.24.taca1-4/+4
16 Apr 2015, PHP 5.5.24 - Apache2handler: . Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema) - Core: . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence) . Fixed bug #67626 (User exceptions not properly handled in streams). (Julian) . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk) . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai) . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) . Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas) . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita) . Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita) . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas) . Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas) - Curl: . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya) . Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence) - Date: . Export date_get_immutable_ce so that it can be used by extensions. (Derick Rethans) . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans) - Enchant: . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol) - Fileinfo: . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski) - Filter: . Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch) . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch) - Mbstring: . Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E). (Masaki Kagaya) - OPCache . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence) . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack) - OpenSSL: . Fixed bug #67403 (Add signatureType to openssl_x509_parse). . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh) - Phar: . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike) . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike) . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike) . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike) . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas) - Postgres: . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence) - SPL: . Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com) - SOAP: . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (thomas at shadowweb dot org, Laruence) - SQLITE: . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd) . Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)
2015-03-20Update php55 to 5.5.23, including security fix.taca1-4/+4
19 Mar 2015, PHP 5.5.23 - Core: . Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence) . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence) . Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net) . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike) . Fixed bug #69017 (Fail to push to the empty array with the constant value defined in class scope). (Laruence) . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com) . Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus) . Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com) . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas) . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas) - CGI: . Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence) - CLI: . Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia) - cURL: . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell) . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback) - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas) - FPM: . Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com) - ODBC: . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol) - Opcache: . Fixed bug #69125 (Array numeric string as key). (Laruence) . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence) - OpenSSL: . Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman) - pgsql: . Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence) - Readline: . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence) - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence) - SPL: . Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence) . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien) - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Stas)
2015-03-19Add a comment to the patch.he2-3/+5
2015-03-16Fix problem by PHP_BASE_VERS related changes.taca2-4/+3
2015-03-05Well, the fpm_sockets.c patch doesn't belong in php-fpm, buthe2-1/+15
rather in the PHP package proper, and there's three of them. Copy and adapt as necessary. No revision bump here: only build fix for NetBSD with TCP_INFO.
2015-02-19Update php55 to 5.5.22 (PHP 5.5.22).taca6-105/+7
19 Feb 2015, PHP 5.5.22 - Core: . Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) (Stas) . Added NULL byte protection to exec, system and passthru. (Yasuo) . Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) - Date: . Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick) - Dba: . Fixed bug #68711 (useless comparisons). (bugreports at internot dot info) - Enchant: . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). (Antony) - Fileinfo: . Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers) - FPM: . Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle) . Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence) - Libxml: . Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen) - OpenSSL: . Fixed bug #55618 (use case-insensitive cert name matching). (Daniel Lowrey) - PDO_mysql: . Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). (steffenb198@aol.com) - Phar: . Fixed bug #68901 (use after free). (bugreports at internot dot info) - Pgsql: . Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo) - Sqlite3: . Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien) - Mysqli: . Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) . Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande) - Session: . Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo) . Fixed Bug #66623 (no EINTR check on flock) (Yasuo) . Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo) - Standard: . Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey) . Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI) - Streams: . Fixed bug which caused call after final close on streams filter. (Bob)
2015-02-18Fix CVE-2015-0273 php: #68942 Use after free vulnerability insevan5-2/+101
unserialize() with DateTimeZone Reviewed by wiz@
2015-01-23Update php55 to 5.5.21.taca1-4/+4
22 Jan 2014, PHP 5.5.21 - Core: . Upgraded crypt_blowfish to version 1.3. (Leigh) . Fixed bug #60704 (unlink() bug with some files path). . Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien) . Fixed bug #65576 (Constructor from trait conflicts with inherited constructor). (dunglas at gmail dot com) . Fixed bug #55541 (errors spawn MessageBox, which blocks test automation). (Anatol) . Fixed bug #68297 (Application Popup provides too few information). (Anatol) . Fixed bug #65769 (localeconv() broken in TS builds). (Anatol) . Fixed bug #65230 (setting locale randomly broken). (Anatol) . Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly). (Ferenc) . Fixed bug #68583 (Crash in timeout thread). (Anatol) . Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser) . Fixed bug #68676 (Explicit Double Free). (Kalle) . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231) (Stefan Esser) - CGI: . Fixed bug #68618 (out of bounds read crashes php-cgi).(CVE-2014-9427) (Stas) - CLI server: . Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam) - cURL: . Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans) - EXIF: . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) (Stas) - Fileinfo: . Fixed bug #68671 (incorrect expression in libmagic). (Joshua Rogers, Anatol Belski) . Removed readelf.c and related code from libmagic sources (Remi, Anatol) . Fixed bug #68735 (fileinfo out-of-bounds memory access). (Anatol) - FPM: . Fixed bug #68751 (listen.allowed_clients is broken). (Remi) - GD: . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi) - Mbstring: . Fixed bug #68504 (--with-libmbfl configure option not present on Windows). (Ashesh Vashi) - Mcrypt: . Fixed possible read after end of buffer and use after free. (Dmitry) - Opcache: . Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach loops). (Nikita) - OpenSSL: . Fixed bug #55618 (use case-insensitive cert name matching). (Daniel Lowrey) - Pcntl: . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien) - PCRE: . Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream). (Rainer Jung, Anatol Belski) - pgsql: . Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý) - PDO: . Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specific attribute names). (Matteo) - PDO_mysql: . Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option). (peter dot wolanin at acquia dot com) - SPL: . Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator). (Paul Garvin) . Fixed bug #65213 (cannot cast SplFileInfo to boolean) (Tjerk) . Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe) - SQLite: . Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol) - Streams: . Fixed bug #68532 (convert.base64-encode omits padding bytes). (blaesius at krumedia dot de)
2015-01-17Apply the necessary flags to sqlite so that php55 builds correctly on Darwinbsiegert1-1/+8
prior to v9. From Sevan Janiyan in PR pkg/49527.
2014-12-19Update php55 to 5.5.20, including security fix.taca2-9/+12
17 Dec 2014, PHP 5.5.20 - Core: . Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks). (Adam) . Fixed bug #68185 ("Inconsistent insteadof definition."- incorrectly triggered). (Julien) . Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence) . Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol) . Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser) - Date: . Fixed day_of_week function as it could sometimes return negative values internally. (Derick) - FPM: . Fixed bug #68381 (fpm_unix_init_main ignores log_level). (David Zuelke, Remi) . Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi) . Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi) . Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi) . Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi) . Fixed bug #68452 (php-fpm man page is oudated). (Remi) . Fixed request #68458 (Change pm.start_servers default warning to notice). (David Zuelke, Remi) . Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access). (Remi) . Fixed request #68391 (php-fpm conf files loading order). (Florian Margaine, Remi) . Fixed bug #68478 (access.log don't use prefix). (Remi) - Mcrypt: . Fixed possible read after end of buffer and use after free. (Dmitry) - PDO_pgsql: . Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo) . Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction) (Matteo) . Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving) (Matteo) - zlib: . Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64) (Sascha Kettler, Matteo)
2014-11-15Update php55 to 5.5.19.taca2-6/+6
13 Nov 2014, PHP 5.5.19 - Core: . Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()). (Stas) . Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined). (Nikita) . Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk) Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry) - Fileinfo: . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) . Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) (Remi) - FPM: . Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses). (Robin Gloster) - GD: . Fixed bug #65171 (imagescale() fails without height param). (Remi) - GMP: . Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). (Remi) - Mysqli: . Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande) - ODBC: . Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande) - SPL: . Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk) - CURL: . Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
2014-10-18Update php55 to 5.5.18.taca1-4/+4
16 Oct 2014, PHP 5.5.18 - Core: . Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) . Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)). (Christian Wenz) . Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write). (Nikita) . Fixed bug #51800 (proc_open on Windows hangs forever). (Anatol) . Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) - cURL: . Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) - EXIF: . Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) - FPM: . Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass). (Remi) - OpenSSL: . Revert regression introduced by fix of bug #41631 - Reflection: . Fixed bug #68103 (Duplicate entry in Reflection for class alias). (Remi) - Session: . Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam) - XMLRPC: . Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas)
2014-09-30Update php55 to 5.5.17, approved by wiz@.taca1-4/+4
18 Sep 2014, PHP 5.5.17 - Core: . Fixed bug #47358 (glob returns error, should be empty array()). (Pierre) . Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande) . Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande) . Fixed bug #67878 (program_prefix not honoured in man pages). (Remi) - COM: . Fixed bug #41577 (DOTNET is successful once per server run) (Aidas Kasparas) - FPM: . Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke) - OpenSSL: . Fixed bug #41631 (socket timeouts not honored in blocking SSL reads). (Daniel Lowrey) . Fixed bug #67850 (extension won't build if openssl compiled without SSLv3) (Daniel Lowrey) - SPL: . Fixed bug #67813 (CachingIterator::__construct InvalidArgumentException wrong message). (tim_siebels_aurich at yahoo dot de) - Date: . Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk) . Fixed bug #66985 (Some timezones are no longer valid in PHP 5.5.10). (Derick) . Fixed bug #67109 (First uppercase letter breaks date string parsing). (Derick) - GD . Made fontFetch's path parser thread-safe. (Sara). - MySQLi: . Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur) - Zlib: . Fixed bug #67724 (chained zlib filters silently fail with large amounts of data). (Mike) . Fixed bug #67865 (internal corruption phar error). Mike
2014-08-23Update php55 to 5.5.16 (PHP 5.5.16).taca2-36/+4
21 Aug 2014, PHP 5.5.16 - COM: . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). - Fileinfo: . Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi) . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) - FPM: . Fixed bug #67635 (php links to systemd libraries without using pkg-config). (pacho@gentoo.org, Remi) - GD: . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497) (Remi) . Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120) (Ryan Mauger) - Milter: . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) - OpenSSL: . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). - readline: . Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes) . Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes) - Sessions: . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). - Core: . Fixed bug #67693 (incorrect push to the empty array) (Tjerk) . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) - ODBC: . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields). (Keyur)
2014-07-26Update php55 to 5.5.15.taca7-132/+21
24 Jul 2014, PHP 5.5.15 - Core: . Fixed bug #67428 (header('Location: foo') will override a 308-399 response code). (Adam) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). (Ferenc) . Fixed bug #67497 (eval with parse error causes segmentation fault in generator). (Nikita) . Fixed bug #67151 (strtr with empty array crashes). (Nikita) . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012). (Christian Wenz) - CLI server: . Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam) . Fixed bug #66830 (Empty header causes PHP built-in web server to hang). (Adam) - FPM: . Fixed bug #67530 (error_log=syslog ignored). (Remi) . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi) - Intl: . Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone). (Stas) . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas) - OPCache: . Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence) - pgsql: . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3. (Adam) - Phar: . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) - SPL: . Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (research at insighti dot org, Laruence) . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence) - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
2014-07-13Add fix for CVE-2014-4698 and CVE-2014-4670.taca4-2/+50
Bump PKGREVISION.
2014-06-27Update php55 to 5.5.14 which includes several security fixes.taca2-6/+5
26 Jun 2014, PHP 5.5.14 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) . Fixed regression in fix for bug #67118 (constructor can't be called twice). (Remi) - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) . Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) - OPCache: . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence) - OpenSSL: . Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler) . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler) - PDO-ODBC: . Fixed bug #50444 (PDO-ODBC changes for 64-bit). - SOAP: . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) - SPL: . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515) (Stefan Esser) . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - GD: . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) - PCRE: . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)
2014-06-13Remove detection of a threaded Apache MPM at configure time.fhajny2-16/+72
Fixes the problem where thread safety was not consistent in the php, ap-php and php-* extension packages, and makes ap-php adhere to the maintainer-zts option. Bump PKGREVISION.
2014-06-13Add the mysqlnd (MySQL Native Driver) include files.fhajny3-3/+25
Bump PKGREVISION for this and the previous commit.
2014-06-13Fix problems on SunOS with the combination of FPM, event ports and ↵fhajny2-1/+49
catch_workers_output=yes. See https://bugs.php.net/bug.php?id=65800.
2014-05-31Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238.taca2-8/+6
29 May 2014, PHP 5.5.13 - CLI server: . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol) - COM: . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) - Core: . Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) - Curl: . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike) - Date: . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238). . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation) (CVE-2014-0237). - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - GD: . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas) - PCRE: . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)
2014-05-11Apply a patch to fix CVE-2014-2497, taken fromhe2-1/+33
https://bugs.php.net/patch-display.php?bug_id=66901 Bump PKGREVISION for php-gd correspondingly.
2014-05-01Update php55 to 5.5.12.taca3-19/+19
01 May 2014, PHP 5.5.12 - Core: . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike) . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) . Fixed bug #66736 (fpassthru broken). (Mike) . Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella) . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk) - cURL: . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten) - Date: . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski) - Embed: . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol). - Fileinfo: . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi) - FPM: . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). . Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info) - JSON: . Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set). (Kevin Israel) - LDAP: . Fixed issue with null bytes in LDAP bindings. (Matthew Daley) - mysqli: . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey) - OpenSSL: . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) - SimpleXML: . Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol) - SQLite: . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol) - XSL: . Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol) - Apache2 Handler SAPI: . Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)
2014-04-14Don't define _XOPEN_SOURCE on SunOS, it conflicts with the environmentjperkin2-1/+17
from the PHP build.
2014-04-04Update php55 to 5.5.11.taca5-32748/+17
CVE-2013-7345 is already fixed in 5.5.10nb2. 03 Apr 2014, PHP 5.5.11 - Core: . Allow zero length comparison in substr_compare() (Tjerk) . Fixed bug #60602 (proc_open() changes environment array) (Tjerk) - SPL: . Added feature #65545 (SplFileObject::fread()) (Tjerk) - cURL: . Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk) . Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive. (Adam) - FPM: . Added clear_env configuration directive to disable clearenv() call. (Github PR# 598, Paul Annesley) - Fileinfo: . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345) (Remi) - GD: . Fixed bug #66714 (imageconvolution breakage). (Brad Daily) . Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre) . Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi) . Fixed bug #66890 (imagescale segfault). (Remi) . Fixed bug #66893 (imagescale ignore method argument). (Remi) - Hash: . hash_pbkdf2() now works correctly if the $length argument is not specified. (Nikita) - Intl: . Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas) - Mail: . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) - MySQLi: . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi) - OPCache . Added function opcache_is_script_cached(). (Danack) . Added information about interned strings usage. (Terry, Julien, Dmitry) - Openssl: . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi) - GMP . Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre) - SQLite: . Updated bundled libsqlite to 3.8.3.1 (Anatol)
2014-03-29Apply patch to fix CVE-2013-7345. Bump PKGREVISION.he3-3/+32733
OK'ed by wiz.
2014-03-19Stop treating FreeBSD 10 as FreeBSD 1.asau5-5/+142
This lets a number of PHP extensions build. Bump package revision.
2014-03-09Update php55 to 5.5.10 (PHP 5.5.10).taca2-6/+5
Version 5.5.10 6-Mar-2014 * Core: - Fixed bug #66574 (Allow multiple paths in php_ini_scanned_path). * Date: - Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones per offset too). * Fileinfo: - Fixed bug #66731 (file: infinite recursion (CVE-2014-1943)). - Fixed bug #66820 (out-of-bounds memory access in fileinfo (CVE-2014-2270)). * GD: - Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer (CVE-2013-7327)). * JSON: - Fixed bug #65753 (JsonSerializeable couldn't implement on module extension). * LDAP: - Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch). * Openssl: - Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). * PCRE: - Upgraded to PCRE 8.34. * Pgsql: - Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().
2014-02-12Recursive PKGREVISION bump for OpenSSL API version bump.tron1-1/+2
2014-02-07Update php55 to 5.5.9 (PHP 5.5.9).taca2-9/+9
06 Feb 2014, PHP 5.5.9 - Core: . Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch) - GD: . Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (Laruence, Remi) - OPCache: . Fixed bug #66474 (Optimizer bug in constant string to boolean conversion). (Dmitry) . Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0). (Dmitry) . Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend). (Laruence) - PDO_pgsql: . Fixed bug #62479 (PDO-psql cannot connect if password contains spaces) (willfitch, iliaa) - Readline . Fixed Bug #66412 (readline_clear_history() with libedit causes segfault after #65714). (Remi) - Session . Fixed bug #66469 (Session module is sending multiple set-cookie headers when session.use_strict_mode=1) (Yasuo) . Fixed bug #66481 (Segfaults on session_name()). (cmcdermottroe at engineyard dot com, Yasuo) - Standard . Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol) - Sockets: . Fixed bug #66381 (__ss_family was changed on AIX 5.3). (Felipe) - Zend Engine . Fixed bug #66009 (Failed compilation of PHP extension with C++ std library using VS 2012). (Anatol)
2014-01-11Update php55 to 5.5.8.taca7-72/+22
9 Jan 2014, PHP 5.5.8 - Core: . Disallowed JMP into a finally block. (Laruence) . Added validation of class names in the autoload process. (Dmitry) . Fixed invalid C code in zend_strtod.c. (Lior Kaplan) . Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object). (Nikita) . Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO). (Nikita) . Fixed bug #61645 (fopen and O_NONBLOCK). (Mike) . Fixed bug #66218 (zend_register_functions breaks reflection). (Remi) - Date: . Fixed bug #66060 (Heap buffer over-read in DateInterval). (Remi) . Fixed bug #65768 (DateTimeImmutable::diff does not work). (Nikita Nefedov) - DOM: . Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup). (Mike) - Exif: . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas) - Filter: . Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam) - GD: . Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). (Adam) - PDO_odbc: . Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries). (michael at orlitzky dot com) - MySQLi: . Fixed bug #65486 (mysqli_poll() is broken on win x64). (Anatol) - OPCache: . Fixed reavlidate_path=1 behavior to avoid caching of symlinks values. (Dmitry) . Fixed Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq". (Dmitry). - SNMP: . Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin) - SOAP . Fixed bug #66112 (Use after free condition in SOAP extension). (martin dot koegler at brz dot gv dot at) - Sockets: . Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined). (Felipe) - XSL . Fixed bug #49634 (Segfault throwing an exception in a XSL registered function). (Mike) - ZIP: . Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)
2013-12-13Update php55 to 5.5.7 (PHP 5.5.7).taca2-6/+5
12 Dec 2013, PHP 5.5.7 - CLI server: . Added some MIME types to the CLI web server (Chris Jones) . Implemented FR #65917 (getallheaders() is not supported by the built-in web server) - also implements apache_response_headers() (Andrea Faulds) - Core: . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) - OPCache . Fixed bug #66176 (Invalid constant substitution). (Dmitry) . Fixed bug #65915 (Inconsistent results with require return value). (Dmitry) . Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry) - OpenSSL: . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). - readline . Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)
2013-12-05Add fix for CVE-2013-6712, ext/date DoS vulnerability.taca4-2/+35
Bump PKGREVISION.
2013-11-15Update php55 package to 5.5.6.taca2-5/+6
14 Nov 2013, PHP 5.5.6 - Core: . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) . Improved performance of array_merge() and func_get_args() by eliminating useless copying. (Dmitry) . Fixed bug #65939 (Space before ";" breaks php.ini parsing). (brainstorm at nopcode dot org) . Fixed bug #65911 (scope resolution operator - strange behavior with $this). (Bob Weinand) . Fixed bug #65936 (dangling context pointer causes crash). (Tony) - FPM: . Changed default listen() backlog to 65535. (Tony) - MySQLi: . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) - OPcache . Increased limit for opcache.max_accelerated_files to 1,000,000. (Chris) . Fixed issue #115 (path issue when using phar). (Dmitry) . Fixed issue #149 (Phar mount points not working with OPcache enabled). (Dmitry) - ODBC . Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). (patch submitted by: michael dot y at zend dot com, Yasuo) - PDO: . Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception). (Laruence) . Fixed bug 65946 (sql_parser permanently converts values bound to strings) - Standard: . Fixed bug #64760 (var_export() does not use full precision for floating-point numbers) (Yasuo)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-22 05:55:42 +0000