summaryrefslogtreecommitdiff
path: root/lang/php72
AgeCommit message (Collapse)AuthorFilesLines
2020-03-08Pullup ticket #6143 - requested by tacabsiegert1-5/+5
lang/php72: security fix Revisions pulled up: - lang/php/phpversion.mk 1.289 - lang/php72/distinfo 1.52 --- Module Name: pkgsrc Committed By: taca Date: Thu Feb 20 14:47:55 UTC 2020 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php72: distinfo Log Message: lang/php72: update to 7.2.28 Update php72 to 7.2.28 (PHP 7.2.28). 20 Feb 2020, PHP 7.2.28 - DOM: . Fixed bug #77569: (Write Access Violation in DomImplementation). (Nikita, cmb) - Phar: . Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063) (stas) - Session: . Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062) (stas)
2020-01-29Pullup ticket #6129 - requested by tacabsiegert2-6/+6
lang/php72: security fix Revisions pulled up: - lang/php/phpversion.mk 1.286 - lang/php72/Makefile 1.23-1.24 - lang/php72/distinfo 1.51 --- Module Name: pkgsrc Committed By: jperkin Date: Sat Jan 18 21:51:16 UTC 2020 Modified Files: pkgsrc/lang/php72: Makefile Log Message: *: Recursive revision bump for openssl 1.1.1. --- Module Name: pkgsrc Committed By: taca Date: Sat Jan 25 17:24:03 UTC 2020 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php72: Makefile distinfo Log Message: lang/php72: update to 7.2.27 Update php72 to 7.2.27 (PHP 7.2.27). 23 Jan 2020, PHP 7.2.27 - Mbstring: . Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060) (Nikita) - Session: . Fixed bug #79091 (heap use-after-free in session_create_id()). (cmb, Nikita) - Standard: . Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). (cmb)
2019-12-21lang/php72: update to 7.2.26taca1-5/+5
Update php73 to 7.2.26, including security fixes. 19 Dec 2019, PHP 7.2.26 - Bcmath: . Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046). (cmb) - Core: . Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044). (cmb) . Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045). (cmb) - EXIF: . Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050). (Nikita) . Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047). (Nikita) - GD: . Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW). (cmb) - Intl: . Fixed bug #78804 (Segmentation fault in Locale::filterMatches). (Stas) - OPcache: . Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice). (Tyson Andre) - Standard: . Fixed bug #78759 (array_search in $GLOBALS). (Nikita) . Fixed bug #78833 (Integer overflow in pack causes out-of-bound access). (cmb) . Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass). (cmb)
2019-12-16lang/php*: clean up php langaugestaca10-40/+31
Clean up php languages. * Clean up php/phpversions.mk a little. * Add php/replace.mk to provide common shebang line replace for PHP. * Define USE_TOOLS before including <bsd.prefs.mk>. * Fix most warnings of pkglint. No functional change should be done.
2019-11-25lang/php: switch to use ".tar.xz" distfilestaca1-5/+5
Switch to use ".tar.xz" distfiles instead of ".tar.bz2". No functional change.
2019-11-22lang/php72: update to 7.2.25taca1-5/+5
Update php72 package to 7.2.25. 21 Nov 2019, PHP 7.2.25 - Core: . Fixed bug #78656 (Parse errors classified as highest log-level). (Erik Lundin) . Fixed bug #78752 (Segfault if GC triggered while generator stack frame is being destroyed). (Nikita) . Fixed bug #78689 (Closure::fromCallable() doesn't handle [Closure, '__invoke']). (Nikita) - COM: . Fixed bug #78694 (Appending to a variant array causes segfault). (cmb) - Date: . Fixed bug #70153 (\DateInterval incorrectly unserialized). (Maksim Iakunin) . Fixed bug #78751 (Serialising DatePeriod converts DateTimeImmutable). (cmb) - Iconv: . Fixed bug #78642 (Wrong libiconv version displayed). (gedas at martynas, cmb). - OpCache: . Fixed bug #78654 (Incorrectly computed opcache checksum on files with non-ascii characters). (mhagstrand) . Fixed bug #78747 (OpCache corrupts custom extension result). (Nikita) - OpenSSL: . Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted connections). (Nikita) - Reflection: . Fixed bug #78697 (ReflectionClass::ImplementsInterface - inaccurate error message with traits). (villfa) - Sockets: . Fixed bug #78665 (Multicasting may leak memory). (cmb)
2019-10-25lang/php72: update to 7.2.24taca1-5/+5
Update php72 to 7.2.24. 24 Oct 2019, PHP 7.2.24 - Core: . Fixed bug #78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) . Fixed bug #78620 (Out of memory error). (cmb, Nikita) - Exif: . Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) - FPM: . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043) (Jakub Zelenka) - MBString: . Fixed bug #78579 (mb_decode_numericentity: args number inconsistency). (cmb) . Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects). (cmb) - MySQLi: . Fixed bug #76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto) - PDO_MySQL: . Fixed bug #78623 (Regression caused by "SP call yields additional empty result set"). (cmb) - Session: . Fixed bug #78624 (session_gc return value for user defined session handlers). (bshaffer) - Standard: . Fixed bug #76342 (file_get_contents waits twice specified timeout). (Thomas Calvet) . Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita) . Fixed bug #76859 (stream_get_line skips data if used with data-generating filter). (kkopachev) - Zip: . Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
2019-10-02lang/php72: update to 7.2.23taca3-9/+7
Update lang/php72 to 7.2.23. pkgsrc changes * Clean two pkglint's warnings. 26 Sep 2019, PHP 7.2.23 - Core: . Fixed bug #78220 (Can't access OneDrive folder). (cmb, ab) . Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC child). (Nikita) - FastCGI: . Fixed bug #78469 (FastCGI on_accept hook is not called when using named pipes on Windows). (Sergei Turchanov) - MySQLnd: . Fixed connect_attr issues and added the _server_host connection attribute. (Qianqian Bu) - ODBC: . Fixed bug #78473 (odbc_close() closes arbitrary resources). (cmb) - PDO_MySQL: . Fixed bug #41997 (SP call yields additional empty result set). (cmb) - sodium: . Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()). (Frank Denis, cmb) - SPL: . Fixed bug #72884 (SplObject isCloneable() returns true but errs on clone). (Chu Zhaowei)
2019-09-01lang/php72: update to 7.2.22taca1-5/+5
29 Aug 2019, PHP 7.2.22 - Core: . Fixed bug #78363 (Buffer overflow in zendparse). (Nikita) . Fixed bug #78379 (Cast to object confuses GC, causes crash). (Dmitry) - Curl: . Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()). (Abyr Valg) - Exif: . Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and invalid cast). (Nikita) - Iconv: . Fixed bug #78342 (Bus error in configure test for iconv //IGNORE). (Rainer Jung) - LiteSpeed: . Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown). (George Wang) - MySQLnd: . Fixed bug #78179 (MariaDB server version incorrectly detected). (cmb) - Opcache: . Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is used). (Nikita) - Standard: . Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length). (Nikita) . Fixed bug #78282 (atime and mtime mismatch). (cmb) . Fixed bug #78326 (improper memory deallocation on stream_get_contents() with fixed length buffer). (Albert Casademont)
2019-08-01lang/php72: update to 7.2.21taca1-5/+5
01 Aug 2019, PHP 7.2.21 - Date: . Fixed bug #69044 (discrepency between time and microtime). (krakjoe) - EXIF: . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042) (Stas) . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041) (Stas) - Fileinfo: . Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file). (Joshua Westerheide) - FTP: . Fixed bug #77124 (FTP with SSL memory leak). (Nikita) - Libxml: . Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)). (Nikita) - LiteSpeed: . Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode). (George Wang) . Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files). (George Wang) - Openssl: . Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream). (Nikita) - OPcache: . Fixed bug #78189 (file cache strips last character of uname hash). (cmb) . Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM). (cmb) . Fixed bug #78291 (opcache_get_configuration doesn't list all directives). (Andrew Collington) - Phar: . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb) - Phpdbg: . Fixed bug #78297 (Include unexistent file memory leak). (Nikita) - PDO_Sqlite: . Fixed bug #78192 (SegFault when reuse statement after schema has changed). (Vincent Quatrevieux) - SQLite: . Upgraded to SQLite 3.28.0. (cmb) - Standard: . Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb) . Fixed bug #78269 (password_hash uses weak options for argon2). (Remi) - XMLRPC: . Fixed bug #78173 (XML-RPC mutates immutable objects during encoding). (Asher Baker)
2019-07-08lang/php72: update to 7.2.20taca1-5/+5
Update php72 to 7.2.20. 04 Jul 2019, PHP 7.2.20 - Core: . Fixed bug #76980 (Interface gets skipped if autoloader throws an exception). (Nikita) - DOM: . Fixed bug #78025 (segfault when accessing properties of DOMDocumentType). (cmb) - MySQLi: . Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful error message). (Sjon Hortensius) . Fixed bug #38546 (bindParam incorrect processing of bool types). (camporter) - Opcache: . Fixed bug #78106 (Path resolution fails if opcache disabled during request). (Nikita) . Fixed bug #78185 (File cache no longer works). (Dmitry) - OpenSSL: . Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c). (Jakub Zelenka) - Sockets: . Fixed bug #78038 (Socket_select fails when resource array contains references). (Nikita) - Standard: . Fixed bug #77135 (Extract with EXTR_SKIP should skip $this). (Craig Duncan, Dmitry) . Fixed bug ##77937 (preg_match failed). (cmb, Anatol) - Zip: . Fixed bug #76345 (zip.h not found). (Michael Maroszek)
2019-07-03Use https for php.net.nia1-2/+2
2019-06-01lang/php72: update to 7.2.19taca1-5/+5
Update php72 to 7.2.19. 30 May 2019, PHP 7.2.19 - EXIF: . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16). (CVE-2019-11040) (Stas) - FPM: . Fixed bug #77934 (php-fpm kill -USR2 not working). (Jakub Zelenka) . Fixed bug #77921 (static.php.net doesn't work anymore). (Peter Kokot) - GD: . Fixed bug #77943 (imageantialias($image, false); does not work). (cmb) . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm). (CVE-2019-11038) (cmb) - Iconv: . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow). (CVE-2019-11039). (maris dot adam) - JSON: . Fixed bug #77843 (Use after free with json serializer). (Nikita) - Opcache: . Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset. (Alexey Kalinin, Dmitry) - PDO_MySQL: . Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64). (cmb) - Reflection: . Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()). (Nikita) - Session: . Fixed bug #77911 (Wrong warning for session.sid_bits_per_character). (cmb) - SPL: . Fixed bug #77024 (SplFileObject::__toString() may return array). (Craig Duncan) - SQLite: . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). (Stas)
2019-05-23all: replace SUBST_SED with the simpler SUBST_VARSrillig1-3/+3
pkglint -Wall -r --only "substitution command" -F With manual review and indentation fixes since pkglint doesn't get that part correct in every case.
2019-05-02lang/php72: update to 7.2.18taca1-5/+5
Update php72 to update to 7.2.18. 02 May 2019, PHP 7.2.18 - CLI: . Fixed bug #77794 (Incorrect Date header format in built-in server). (kelunik) - EXIF . Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG). (CVE-2019-11036) (Stas) - Interbase: . Fixed bug #72175 (Impossibility of creating multiple connections to Interbase with php 7.x). (Nikita) - Intl: . Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale = null). (Nikita) - litespeed: . LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request(). (George Wang) - Mail . Fixed bug #77821 (Potential heap corruption in TSendMail()). (cmb) - PCRE: . Fixed bug #77827 (preg_match does not ignore \r in regex flags). (requinix, cmb) - PDO: . Fixed bug #77849 (Disable cloning of PDO handle/connection objects). (camporter) - phpdbg: . Fixed bug #76801 (too many open files). (alekitto) . Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints). (krakjoe) . Fixed bug #77805 (phpdbg build fails when readline is shared). (krakjoe) - Reflection: . Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work). (Nikita) . Fixed bug #77882 (Different behavior: always calls destructor). (Nikita) - Standard: . Fixed bug #77680 (recursive mkdir on ftp stream wrapper is incorrect). (Vlad Temian) . Fixed bug #77844 (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED). (Nikita) . Fixed bug #77853 (Inconsistent substr_compare behaviour with empty haystack). (Nikita)
2019-04-07lang/php72: update to 7.2.17taca1-5/+5
04 Apr 2019, PHP 7.2.17 - Core: . Fixed bug #77738 (Nullptr deref in zend_compile_expr). (Laruence) . Fixed bug #77660 (Segmentation fault on break 2147483648). (Laruence) . Fixed bug #77652 (Anonymous classes can lose their interface information). (Nikita) . Fixed bug #77676 (Unable to run tests when building shared extension on AIX). (Kevin Adler) - Bcmath: . Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization). (Nikita) - COM: . Fixed bug #77578 (Crash when php unload). (cmb) - Date: . Fixed bug #50020 (DateInterval:createDateFromString() silently fails). (Derick) . Fixed bug #75113 (Added DatePeriod::getRecurrences() method). (Ignace Nyamagana Butera) - EXIF: . Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (Stas) . Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value). (Stas) - FPM: . Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP). (Kevin Adler) - GD: . Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag). (cmb) - MySQLi: . Fixed bug #77597 (mysqli_fetch_field hangs scripts). (Nikita) - Opcache: . Fixed bug #77691 (Opcache passes wrong value for inline array push assignments). (Nikita) . Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors). (Nikita) - phpdbg: . Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases). (Miriam Lauter) - sodium: . Fixed bug #77646 (sign_detached() strings not terminated). (Frank) - SQLite3: . Added sqlite3.defensive INI directive. (BohwaZ) - Standard: . Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper). (Laruence) . Fixed bug #77669 (Crash in extract() when overwriting extracted array). (Nikita) . Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN). (Nikita) . Fixed bug #77765 (FTP stream wrapper should set the directory as executable). (Vlad Temian)
2019-03-12lang/php72: update to 7.2.16taca2-7/+6
Update php72 to 7.2.16. 07 Mar 2019, PHP 7.2.16 - Core: . Fixed bug #77589 (Core dump using parse_ini_string with numeric sections). (Laruence) . Fixed bug #77630 (rename() across the device may allow unwanted access during processing). (Stas) - COM: . Fixed bug #77621 (Already defined constants are not properly reported). (cmb) - EXIF: . Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas) . Fixed bug #77540 (Invalid Read on exif_process_SOFn). (Stas) . Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas) . Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas) - PDO_OCI: . Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER. (Cameron Porter) - PHAR: . Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename). (bishop) - SPL: . Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries). (Ahmed Abdou) . Fixed bug #77431 (openFile() silently truncates after a null byte). (cmb) - Standard: . Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions). (John Stevenson) - MySQL . Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql. (Darek Slusarczyk)
2019-03-11php72: Do not autodetect (and get wrong) maintainer-zts.jperkin3-8/+37
This resulted in a mod_php that cannot be loaded, as reported in joyent/pkgsrc#152. Patch copied from php71. Bump PKGREVISION.
2019-02-07lang/php72: update to 7.2.15taca1-5/+5
07 Feb 2019, PHP 7.2.15 - Core: . Fixed bug #77339 (__callStatic may get incorrect arguments). (Dmitry) . Fixed bug #77494 (Disabling class causes segfault on member access). (Dmitry) . Fixed bug #77530 (PHP crashes when parsing `(2)::class`). (Ekin) - Curl: . Fixed bug #76675 (Segfault with H2 server push). (Pedro Magalhães) - GD: . Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border). (cmb) . Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies). (cmb) . Fixed bug #77272 (imagescale() may return image resource on failure). (cmb) . Fixed bug #77391 (1bpp BMPs may fail to be loaded). (Romain Déoux, cmb) . Fixed bug #77479 (imagewbmp() segfaults with very large images). (cmb) - ldap: . Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll). (Anatol) - Mbstring: . Fixed bug #77454 (mb_scrub() silently truncates after a null byte). (64796c6e69 at gmail dot com) - MySQLnd: . Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility). (Anatol) - Opcache: . Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled). (Kevin Adler) - OpenSSL: . Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records). (Abyl Valg, Jakub Zelenka) - PDO: . Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure). (Nikita) - Sockets: . Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS). (Michael Meyer) - Standard: . Fixed bug #77395 (segfault about array_multisort). (Laruence) . Fixed bug #77439 (parse_str segfaults when inserting item into existing array). (Nikita)
2019-01-12lang/php72: update to 7.2.14taca2-7/+6
10 Jan 2019, PHP 7.2.14 - Core: . Fixed bug #77369 (memcpy with negative length via crafted DNS response). (Stas) . Fixed bug #71041 (zend_signal_startup() needs ZEND_API). (Valentin V. Bartenev) . Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line). (Nikita) - COM: . Fixed bug #77177 (Serializing or unserializing COM objects crashes). (cmb) - Date: . Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second). (Derick) - Exif: . Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals). (Colin Basnett) - GD: . Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). (cmb) . Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (cmb) . Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()). (cmb) . Fixed bug #77198 (auto cropping has insufficient precision). (cmb) . Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right). (cmb) - IMAP: . Fixed bug #77020 (null pointer dereference in imap_mail). (cmb) - Mbstring: . Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (Stas) . Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). (Stas) . Fixed bug #77381 (heap buffer overflow in multibyte match_at). (Stas) . Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). (Stas) . Fixed bug #77385 (buffer overflow in fetch_token). (Stas) . Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (Stas) . Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (Stas) - OCI8: . Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working). (KoenigsKind) . Added oci_set_call_timeout() for call timeouts. . Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute. - Opcache: . Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block). (Nikita) - PDO: . Handle invalid index passed to PDOStatement::fetchColumn() as error. (Sergei Morozov) - Phar: . Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (Stas) - Sockets: . Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS). (Mizunashi Mana) - SQLite3: . Fixed bug #77051 (Issue with re-binding on SQLite3). (BohwaZ) - Xmlrpc: . Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (cmb) . Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (Stas)
2018-12-12lang/php72: drop sqlite3 PKG_OPTIONStaca1-10/+3
Drop sqlite3 PKG_OPTIONS since sqlite3 is supported by databases/php-sqlite3 package.
2018-12-09revbump after updating textproc/icuadam1-2/+2
2018-12-09Bump PKGREVISION for separation of php-sqlite3 package fromtaca1-1/+2
lang/php?? base packages.
2018-12-09lang/php: remove sqlite3 librarytaca1-1/+2
Remove sqlite3 library extension and make it separate package to prevent dependency to databases/sqlite3 pacakge.
2018-12-07lang/php72: update to 7.2.13taca1-5/+5
06 Dec 2018, PHP 7.2.13 - ftp: . Fixed bug #77151 (ftp_close(): SSL_read on shutdown). (Remi) - CLI: . Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters). (Anatol) - Fileinfo: . Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)). (Anatol) - iconv: . Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR). (cmb) - Core: . Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter). (Stas) - IMAP: . Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (Stas) - ODBC: . Fixed bug #77079 (odbc_fetch_object has incorrect type signature). (Jon Allen) - Opcache: . Fixed bug #77058 (Type inference in opcache causes side effects). (Nikita) . Fixed bug #77092 (array_diff_key() - segmentation fault). (Nikita) - Phar: . Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas) . Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (Stas) - PGSQL: . Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type). (Andy Gajetzki) - SOAP: . Fixed bug #50675 (SoapClient can't handle object references correctly). (Cameron Porter) . Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb) . Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb) - Sockets: . Fixed bug #67619 (Validate length on socket_write). (thiagooak)
2018-12-07lang/php7?: revert previous committaca1-4/+1
Revert previous commit and unbreak lang/php7{0,1,2}. sqlite3 problem would be another way, after update current PHP versions.
2018-12-07Link PHP with shared libsqlite3 isntead of built-inmanu1-1/+4
We used to build PHP with its built-in, statically linked libsqlite3. When used in an executable with dynamically looaded modules such as Apache, some module may load a shared libsqlite3, which has the same symbols as PHP's built-in libsqlite3. This causes unreliable cross-version calls and is source of crashes. The fix is to disable PHP's built-in libslite3 and always use an external, shared libsqlite3.
2018-11-14php-gd: use pkg-config rather than freetype-config to test for freetype2markd2-5/+42
2018-11-08lang/php72: update to 7.2.12taca1-5/+5
08 Nov 2018, PHP 7.2.12 - Core: . Fixed bug #76846 (Segfault in shutdown function after memory limit error). (Nikita) . Fixed bug #76946 (Cyclic reference in generator not detected). (Nikita) . Fixed bug #77035 (The phpize and ./configure create redundant .deps file). (Peter Kokot) . Fixed bug #77041 (buildconf should output error messages to stderr) (Mizunashi Mana) - Date: . Upgraded timelib to 2017.08. (Derick) . Fixed bug #75851 (Year component overflow with date formats "c", "o", "r" and "y"). (Adam Saponara) . Fixed bug #77007 (fractions in `diff()` are not correctly normalized). (Derick) - FCGI: . Fixed #76948 (Failed shutdown/reboot or end session in Windows). (Anatol) . Fixed bug #76954 (apache_response_headers removes last character from header name). (stodorovic) - FTP: . Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown). (Manuel Mausz) - intl: . Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org) - Reflection: . Fixed bug #76936 (Objects cannot access their private attributes while handling reflection errors). (Nikita) . Fixed bug #66430 (ReflectionFunction::invoke does not invoke closure with object scope). (Nikita) - Sodium: . Some base64 outputs were truncated; this is not the case any more. (jedisct1) . block sizes >= 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed. (jedisct1) . Fixed bug #77008 (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input). (jedisct1) - Standard: . Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace). (Pierrick) - Tidy: . Fixed bug #77027 (tidy::getOptDoc() not available on Windows). (cmb) - XML: . Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb) . Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb) - XMLRPC: . Fixed bug #75282 (xmlrpc_encode_request() crashes). (cmb)
2018-10-13lang/php72: update to 7.2.11taca1-5/+5
11 Oct 2018, PHP 7.2.11 - Core: . Fixed bug #76800 (foreach inconsistent if array modified during loop). (Dmitry) . Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory). (Nikita) - CURL: . Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected). (Pierrick) - iconv: . Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be). (cmb) - Opcache: . Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS). (Anatol) . Fixed bug #76796 (Compile-time evaluation of disabled function in opcache causes segfault). (Nikita) - POSIX: . Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb) - Reflection: . Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod). (cmb) - Standard: . Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection). (Ville Hukkamäki) . Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client). (Ville Hukkamäki) . Fixed bug #75533 (array_reduce is slow when $carry is large array). (Manabu Matsui) - XMLRPC: . Fixed bug #76886 (Can't build xmlrpc with expat). (Thomas Petazzoni, cmb) - Zlib: . Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed). (Martin Burke, cmb)
2018-09-13lang/php72: Update to 7.2.10taca1-5/+5
13 Sep 2018, PHP 7.2.10 - Core: . Fixed bug #76754 (parent private constant in extends class memory leak). (Laruence) . Fixed bug #72443 (Generate enabled extension). (petk) . Fixed bug #75797 (Memory leak when using class_alias() in non-debug mode). (Massimiliano Braglia) - Apache2: . Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid). (stas) - Bz2: . Fixed arginfo for bzcompress. (Tyson Andre) - gettext: . Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji) - iconv: . Fixed bug #68180 (iconv_mime_decode can return extra characters in a header). (cmb) . Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers). (cmb) . Fixed bug #60494 (iconv_mime_decode does ignore special characters). (cmb) . Fixed bug #55146 (iconv_mime_decode_headers() skips some headers). (cmb) - intl: . Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders). (Anatol) - libxml: . Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined). (Ville Hukkamäki) - mbstring: . Fixed bug #76704 (mb_detect_order return value varies based on argument type). (cmb) - Opcache: . Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file). (Laruence) - OpenSSL: . Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()). (Jakub Zelenka) - phpdbg: . Fixed bug #76595 (phpdbg man page contains outdated information). (Kevin Abel) - SPL: . Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()). (cmb) . Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0). (Tim Siebels) - Standard: . Fixed bug #76778 (array_reduce leaks memory if callback throws exception). (cmb) - zlib: . Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option). (Jay Bonci) . Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)
2018-08-19lang/php72: update to 7.2.9taca1-5/+5
16 Aug 2018, PHP 7.2.9 - Calendar: . Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset). (cmb) - Filter: . Fixed bug #76366 (References in sub-array for filtering breaks the filter). (ZiHang Gao) - PDO_Firebird: . Fixed bug #76488 (Memory leak when fetching a BLOB field). (Simonov Denis) - PDO_PgSQL: . Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option). (Anatol) - SQLite3: . Fixed #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle). (cmb) - Standard: . Fixed bug #73817 (Incorrect entries in get_html_translation_table). (cmb) . Fixed bug #68553 (array_column: null values in $index_key become incrementing keys in result). (Laruence) . Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`). (cmb) - Zip: . Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)). (Timur Ibragimov)
2018-07-31move --disable-gcc-global-regs to Makefile.php.maya2-10/+5
Seems to make a previously segfaulting netbsd-8/i386's build not segfault. ap-php runs PHP's configure and builds some of its code, so it needs the same flag. Now we can stop requiring an arbitrary GCC version. The test case in the GCC bugzilla fails on all GCC versions I tested, but magically some versions of GCC manage to build a working PHP.
2018-07-30Fix PHP buidl on i386manu1-1/+7
The --disable-gcc-global-regs fix is not enough, we really need GCC 6 to avoid php crashing during www/ap-ph build.
2018-07-20lang/php72: reset PKGREVISIONtaca1-2/+1
Reset PKGREVISION along with update to 7.2.8.
2018-07-20lang/php72: update to 7.2.8taca2-7/+6
19 Jul 2018, PHP 7.2.8 - Core: . Fixed bug #76534 (PHP hangs on 'illegal string offset on string references with an error handler). (Laruence) . Fixed bug #76520 (Object creation leaks memory when executed over HTTP). (Nikita) . Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize properly). (Nikita) - Date: . Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol) - EXIF: . Fixed bug #76409 (heap use after free in _php_stream_free). (cmb) . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (Stas) . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (Stas) - FPM: . Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to non-blocking). (Nikita) - GMP: . Fixed bug #74670 (Integer Underflow when unserializing GMP and possible other classes). (Nikita) - intl: . Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong type). (cmb) - mbstring: . Fixed bug #76532 (Integer overflow and excessive memory usage in mb_strimwidth). (MarcusSchwarz) - Opcache: . Fixed bug #76477 (Opcache causes empty return value). (Nikita, Laruence) - PGSQL: . Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol) - phpdbg: . Fix arginfo wrt. optional/required parameters. (cmb) - Reflection: . Fixed bug #76536 (PHP crashes with core dump when throwing exception in error handler). (Laruence) . Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with inherited classes). (Nikita) - Standard: . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys). (Laruence) . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb) - Win32: . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol) - ZIP: . Fixed bug #76461 (OPSYS_Z_CPM defined instead of OPSYS_CPM). (Dennis Birkholz, Remi)
2018-07-20Recursive revbump from textproc/icu-62.1ryoon1-2/+2
2018-07-18Add pkgsrc build option disable-filter-url to disable php://filter URLmanu3-2/+42
php://filter URL is a feature documented here: http://php.net/manual/en/wrappers.php.php Unfortunately, it allows remote control of include() behavior beyond what many developpers expected, enabling easy dump of PHP source files. The administrator may want to disable the feature for security sake, and this option makes that possible.
2018-07-16php*: disable global regs on i386.maya2-7/+9
Fixes PR pkg/53222 that resurfaced Remove the previous workaround to add GCC_REQD, which isn't sufficient any more, possibly due to enabling ssp/fortify? XXX bumping PKGREVISION might not be sufficient, for the same reason the GCC_REQD had to be moved to Makefile.php, it affects modules too.
2018-06-24lang/php72: update to 7.2.7taca1-5/+5
21 Jun 2018, PHP 7.2.7 - Core: . Fixed bug #76337 (segfault when opcache enabled + extension use zend_register_class_alias). (xKhorasan) - CLI Server: . Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters). (Anatol) - OpenSSL: . Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir). (Erik Lax, Jakub Zelenka) . Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7). (Jakub Zelenka) - SPL: . Fixed bug #76367 (NoRewindIterator segfault 11). (Laruence) - Standard: . Fixed bug #76410 (SIGV in zend_mm_alloc_small). (Laruence) . Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path). (Anatol)
2018-05-26lang/php72: update to 7.2.6taca1-5/+5
24 May 2018, PHP 7.2.6 - EXIF: . Fixed bug #76164 (exif_read_data zend_mm_heap corrupted). (cmb) - FPM: . Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD. (mgorny) - intl: . Fixed bug #74385 (Locale::parseLocale() broken with some arguments). (Anatol) - Opcache: . Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp). (Dmitry) . Fixed bug #76275 (Assertion failure in file cache when unserializing empty try_catch_array). (Nikita) . Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors). (Nikita) - Reflection: . Fixed arginfo of array_replace(_recursive) and array_merge(_recursive). (carusogabriel) - Session: . Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#"). (Andrew Nester)
2018-04-26lang/php72: Reset PKGREVISIONtaca1-2/+1
2018-04-26lang/php72: update to 7.2.5taca1-5/+5
26 Apr 2018, PHP 7.2.5 - Core: . Fixed bug #75722 (Convert valgrind detection to configure option). (Michael Heimpold) - Date: . Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel) - Exif: . Fixed bug#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas) - FPM: . Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long). (Jacob Hipps) . Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka) - GD: . Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible). (cmb) - intl: . Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol) - iconv: . Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (Stas) - ldap: . Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas) - mbstring: . Fixed bug #75944 (Wrong cp1251 detection). (dmk001) . Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1). (chrullrich, cmb) - ODBC: . Fixed bug #76088 (ODBC functions are not available by default on Windows). (cmb) - Opcache: . Fixed bug #76094 (Access violation when using opcache). (Laruence) - Phar: . Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas) - phpdbg: . Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence) - SPL: . Fixed bug #76131 (mismatch arginfo for splarray constructor). (carusogabriel) - standard: . Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb) . Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)
2018-04-14revbump after icu updateadam1-1/+2
2018-03-29lang/php72: update to 7.2.4taca1-5/+5
29 Mar 2018, PHP 7.2.4 - Core: . Fixed bug #76025 (Segfault while throwing exception in error_handler). (Dmitry, Laruence) . Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD). (Anatol) - FPM: . Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (Jakub Zelenka) - FTP: . Fixed ftp_pasv arginfo. (carusogabriel) - GD: . Fixed bug #73957 (signed integer conversion in imagescale()). (cmb) . Fixed bug #76041 (null pointer access crashed php). (cmb) . Fixed imagesetinterpolation arginfo. (Gabriel Caruso) - iconv: . Fixed bug #75867 (Freeing uninitialized pointer). (Philip Prindeville) - Mbstring: . Fixed bug #62545 (wrong unicode mapping in some charsets). (cmb) - Opcache: . Fixed bug #75969 (Assertion failure in live range DCE due to block pass misoptimization). (Nikita) - OpenSSL: . Fixed openssl_* arginfos. (carusogabriel) - PCNTL: . Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)). (Sam Ding) - Phar: . Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n). (Laruence) - Standard: . Fixed bug #75961 (Strange references behavior). (Laruence) . Fixed some arginfos. (carusogabriel) . Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault). (Anatol)
2018-03-02lang/php72: update to 7.2.3taca2-7/+6
01 Mar 2018, PHP 7.2.3 - Core: . Fixed bug #75864 ("stream_isatty" returns wrong value on s390x). (Sam Ding) - Apache2Handler: . Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration). (Anatol) - Date: . Fixed bug #75857 (Timezone gets truncated when formatted). (carusogabriel) . Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda) . Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr) - LDAP: . Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke) - libxml2: . Fixed bug #75871 (use pkg-config where available). (pmmaga) - PGSQL: . Fixed bug #75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru) - Phar: . Fixed bug #54289 (Phar::extractTo() does not accept specific directories to be extracted). (bishop) . Fixed bug #65414 (deal with leading slash while adding files correctly). (bishopb) . Fixed bug #65414 (deal with leading slash when adding files correctly). (bishopb) - ODBC: . Fixed bug #73725 (Unable to retrieve value of varchar(max) type). (Anatol) - Opcache: . Fixed bug #75729 (opcache segfault when installing Bitrix). (Nikita) . Fixed bug #75893 (file_get_contents $http_response_header variable bugged with opcache). (Nikita) . Fixed bug #75938 (Modulus value not stored in variable). (Nikita) - SPL: . Fixed bug #74519 (strange behavior of AppendIterator). (jhdxr) - Standard: . Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike, Philip Sharp) . Fixed bug #75981 (Prevent reading beyond buffer start in http wrapper). (Stas)
2018-02-16remove patches/patch-ext_imap_config.m4, it's not needed any morejdolecek2-32/+1
mail/php-imap was changed to not use the option this patch adds; it was also entirely ineffective in what it was supposed to do
2018-02-09Add upstream bug report number for the libgcc part of patch toojdolecek2-4/+4
Thanks Jonathan for elaboration of why it's necessary.
2018-02-08note configure meta_ccld was reported upstream as #75940jdolecek2-3/+5
2018-02-08drop patch removing pthread checks for apache <2.4.1 module buildjdolecek2-32/+4
the patch predates php56, doesn't seem to be necessary when building with apache22, and we want to reduce diffs against upstream; maybe that part was needed with distant past with apache 1.3 or whatnot, but that is not in pkgsrc any more
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-08 05:31:27 +0000