Age | Commit message (Collapse) | Author | Files | Lines |
|
19 Feb 2015, PHP 5.5.22
- Core:
. Fixed bug #67068 (getClosure returns somethings that's not a closure).
(Danack at basereality dot com)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (CVE-2015-0273) (Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
- Date:
. Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)
- Dba:
. Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- Fileinfo:
. Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
- FPM:
. Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
. Fixed bug #68571 (core dump when webserver close the socket).
(redfoxli069 at gmail dot com, Laruence)
- Libxml:
. Fixed bug #64938 (libxml_disable_entity_loader setting is shared
between threads). (Martin Jansen)
- OpenSSL:
. Fixed bug #55618 (use case-insensitive cert name matching).
(Daniel Lowrey)
- PDO_mysql:
. Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of
named pipes). (steffenb198@aol.com)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
- Pgsql:
. Fixed Bug #65199 'pg_copy_from() modifies input array variable). (Yasuo)
- Sqlite3:
. Fixed bug #68260 (SQLite3Result::fetchArray declares wrong
required_num_args). (Julien)
- Mysqli:
. Fixed bug #68114 (linker error on some OS X machines with fixed
width decimal support) (Keyur Govande)
. Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient
has rounding errors) (Keyur Govande)
- Session:
. Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
. Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
. Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
- Standard:
. Fixed bug #65272 (flock() out parameter not set correctly in windows).
(Daniel Lowrey)
. Fixed bug #69033 (Request may get env. variables from previous requests
if PHP works as FastCGI)
- Streams:
. Fixed bug which caused call after final close on streams filter. (Bob)
|
|
|
|
with no probes enabled.
Bump PKGREVISION.
|
|
19 Feb 2015 PHP 5.4.38
- Core:
. Removed support for multi-line headers, as the are deprecated by RFC 7230.
(Stas)
. Added NULL byte protection to exec, system and passthru. (Yasuo)
. Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
buffer overflow). (Stas)
. Fixed bug #67827 (broken detection of system crypt sha256/sha512 support).
(ncopa at alpinelinux dot org)
. Fixed bug #68942 (Use after free vulnerability in unserialize() with
DateTimeZone). (Stas)
- Enchant:
. Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
(Antony)
- SOAP:
. Fixed bug #67427 (SoapServer cannot handle large messages)
(brandt at docoloc dot de)
|
|
unserialize() with DateTimeZone
Reviewed by wiz@
|
|
unserialize() with DateTimeZone
Reviewed by wiz@
|
|
unserialize() with DateTimeZone
Reviewed by wiz@
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
|
|
taca has already implemented different handling for zend_extension.
|
|
|
|
|
|
instead of "extension".
|
|
"capi" instead of "ccall"
In Haskell FFI, "ccall" is actually an interface to C ABI rather than
C API. That is, GHC generates direct references to the symbol even if
it's actually defined as a cpp macro or something like that, because
GHC knows nothing about those macros in foreign headers.
I will later send these patches to the upstream.
|
|
See bootstrap.mk for details.
|
|
built in 7.0_BETA chroot with libkver.
|
|
|
|
- add basic support for NetBSD/sparc64
- can use either cups-1.5 or cups-2.0 headers for build
- rerun configure after the 1st build pass, since boot jdk major changes
|
|
- drop obsolete patch; libgcc_s linking is handled by the package
- can use either cups-1.5 or cups-2.0 headers for build
|
|
|
|
merely broken on unlisted platforms, not inappropriate
|
|
They derived from safe bootkits in wip/ghc. See my previous commit for
details.
|
|
|
|
Refactored bootstrap.mk with no semantic changes in this commit. I
will soon upload some of bootkits derived from wip/ghc to LOCAL_PORTS
but only for safe ones. Here's a note about safety:
* NetBSD/amd64, FreeBSD/i386, Darwin/ppc [SAFE]: These kits were built
on my secured private machines under my exclusive control. I'm
planning to upload them.
* Linux/amd64 [UNSAFE]: I built my kit for this one on a machine
shared with my co-workers with root access. I won't upload it.
* NetBSD/i386 [UNSAFE]: I built my kit for this one on an Amazon EC2
instance (although it's private). I won't upload it either.
For other developers, please do not upload any bootkits derived from
unsafe ones mentioned above, because they have some degree of
possibility of being compromised. And please keep in mind that
machines shared with someone or on a cloud hosting service should be
avoided for building bootkits.
|
|
|
|
Note: PLIST.SunOS should list only files unique to SunOS, not duplicates.
XXX why does it bundle libfreetype.so.6? looks wrong.
|
|
Bump PKGREVISION.
|
|
|
|
|
|
|
|
(has anyone analyzed the concurrent GC memory allocation problem?)
Bump PKGREVISION for this and previous changes.
|
|
|
|
|
|
|
|
|
|
|
|
Open-source implementation of the Java Platform, Standard Edition.
|
|
Changes are not available, it looks various fixes.
|
|
|
|
|
|
handled in a patch already.
|
|
|
|
|
|
avoid warnings in the rest of the while.
|
|
|
|
We don't want our bootkits to have a run-time dependency on libgcc. In
fact GHC's implementation of Haskell exception handling does not
depend on libgcc's facilities so it is attractive to do the same for
"normal" build... but we can't. This is because Haskell programs may
call C functions via FFI, and those C functions may call C++ functions
in turn, possibly in a different shared library.
But on some platforms, gcc automagically inserts a dependency on a
shared libgcc when -lpthread is given, which is seemingly unavoidable.
|
|
The problem only occurs when $(WhatGccIsCalled) is an absolute path to
the "real" gcc (e.g. "/usr/bin/gcc"), which happens if we run
${WRKSRC}/configure with an option something like
"--with-gcc=/usr/bin/gcc". As long as we use "--with-gcc" with a
command name (i.e. ${CC}, not ${CCPATH}), everything works fine
without any problems.
This is because dtrace(1) executes cpp in a rather weird way: it calls
execvp("/usr/bin/gcc", argv) with argv set to {"gcc", "-E", "-xc",
...}, not {"/usr/bin/gcc", "-E", "-xc", ...}.
When GCC is called that way, it needs to find platform-specific
subprograms by walking through ${PATH}. And if it sees an executable
named "gcc" which in fact isn't actually gcc, it gets confused and
dies with an error:
% cat dtrace-emu.c
#include <unistd.h>
#include <stdio.h>
int main() {
char *argv[] = {"gcc", "-E", NULL};
execvp("/usr/bin/gcc", argv);
return 0;
}
% gcc dtrace-emu.c -o /tmp/gcc
% /tmp/gcc
powerpc-apple-darwin9-gcc-4.0.1: no input files
% PATH=/tmp/gcc /tmp/gcc
gcc: installation problem, cannot exec '/tmp/powerpc-apple-darwin9-gcc-4.0.1':
No such file or directory
And even if the problem should really be addressed, it should be done
in the wrapper framework because dtrace(1) is actually a part of
compiler toolchain.
|