Age | Commit message (Collapse) | Author | Files | Lines |
|
from bugfixes):
- Coq compilation made possible with forthcoming ocaml 4.03.
- command for locating exists notation in refman changed.
- Various improvements of the Reference Manual (especially its html version)
- implicit arguments of local definitions fixed (possible
source of incompatibilities).
- New command "Print Debug GC".
- Function cannot define graph.
- Optimizing compilation of pattern matching.
- Better inference of impossible cases in pattern-matching.
- Evar leak in pattern-matching compilation
- ill-typed replacement in "change ... with ...".
- unbound evars in "change ... with ...".
- wrong return clause of a match pattern in Ltac.
- cleared local hints for autounfold.
- cleared local hints for autounfold.
- lost evars in "change ... with ...".
- supporting let-ins in constructors for vm_compute
- unfortunate typo in compare_height.
- unfortunate typos in absorption lemmas over bool.
- Full support of utf8 Greek letters (block U0370) in coqdoc
|
|
Let me know if I broke something.
|
|
This directory contains the GNU Compiler Collection (GCC) version 2.95.
It includes all of the support for compiling C, C++, Objective C, Fortran,
Java, and Chill.
The GNU Compiler Collection is free software. See the file COPYING for copying
permission.
See the file gcc.texi (together with other files that it includes) for
installation and porting information. The file INSTALL contains a
copy of the installation information, as plain ASCII.
See the Bugs chapter of the GCC Manual for how to report bugs
usefully. An online readable version of the manual is in the files
gcc.info*.
|
|
"unixodbc" option is selected.
This change prevent configure from picking up system installed
iodbc on Mac OS X 10.10.
|
|
https://hg.python.org/cpython/rev/6f23bc5d480e and defuzz patches.
|
|
with LibreSSL and stop our OpenBSD bulk builds from being murdered. Defuzz
patches.
|
|
Reviewed by wiz@
|
|
I've run into local problems with COMPAT_32 so this only gets a short
distance in before I can't run it any further, but I'm going to commit
anyway as "broken package" > "no package", and with luck I'll get it
sorted out fully before much longer.
Also allow amd64 Linux as the necessary hacks for that seem to already
be in place.
|
|
From release announce:
We are pleased to announce the release of Ruby 2.2.2. This is a TEENY version
release of the stable 2.2 series.
This release includes the security fix for a OpenSSL extension¡Çs hostname
verification vulnerability.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
There are also some bugfixes. See ChangeLog for details.
|
|
|
|
From release announce:
Ruby 2.1.6 has been released.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
And, many bug fixes are also included. See tickets and ChangeLog for details.
|
|
From release announce:
We are pleased to announce the release of Ruby 2.0.0-p645.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as 2.1
or 2.2.
This release includes the security fix mentioned above along with small
changes required for test environment (that shouldn¡Çt affect normal users).
See ChangeLog for full details.
|
|
|
|
16 Apr 2015, PHP 5.6.8
- Core:
. Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
(Dmitry, Laruence)
. Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
characters). (Tjerk)
. Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString). (Stas)
. Fixed bug #69210 (serialize function return corrupted data when sleep has
non-string values). (Juan Basso)
. Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
__call/... arg passing). (Nikita)
. Fixed bug #69221 (Segmentation fault when using a generator in combination
with an Iterator). (Nikita)
. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
vulnerability). (Stas)
. Fixed bug #69353 (Missing null byte checks for paths in various PHP
extensions). (Stas)
- Apache2handler:
. Fixed bug #69218 (potential remote code execution with apache 2.4
apache2handler). (Gerrit Venema)
- cURL:
. Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
. Fixed bug #68739 (Missing break / control flow). (Laruence)
. Fixed bug #69316 (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
- Date:
. Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)
- Enchant:
. Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
builds). (Anatol)
- Ereg:
. Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
- Fileinfo:
. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
segfault). (Anatol Belski)
- Filter:
. Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other
flags are used). (Jeff Welch)
. Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
Welch)
- OPCache:
. Fixed bug #69297 (function_exists strange behavior with OPCache on
disabled function). (Laruence)
. Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
. Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
- OpenSSL
. Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling
in stream_select() contexts) (Chris Wright)
. Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)
(Daniel Lowrey)
. Fixed bug #69215 (Crypto servers should send client CA list)
(Daniel Lowrey)
. Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
- Phar:
. Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
(Mike)
. Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
. Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
".tar"). (Mike)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode). (Stas)
- Postgres:
. Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
- SPL:
. Fixed bug #69227 (Use after free in zval_scan caused by
spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
- SOAP:
. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
(bisected, regression)). (Laruence)
- Sqlite3:
. Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
(Dan Ackroyd)
. Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)
. Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
|
|
16 Apr 2015, PHP 5.5.24
- Apache2handler:
. Fixed bug #69218 (potential remote code execution with apache 2.4
apache2handler). (Gerrit Venema)
- Core:
. Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
(Dmitry, Laruence)
. Fixed bug #67626 (User exceptions not properly handled in streams).
(Julian)
. Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8
characters). (Tjerk)
. Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString). (Stas)
. Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in
__call/... arg passing). (Nikita)
. Fixed bug #69221 (Segmentation fault when using a generator in combination
with an Iterator). (Nikita)
. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
vulnerability). (Stas)
. Fixed bug #69353 (Missing null byte checks for paths in various PHP
extensions). (Stas)
- Curl:
. Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
. Fixed bug #69316 (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
- Date:
. Export date_get_immutable_ce so that it can be used by extensions. (Derick
Rethans)
. Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans)
- Enchant:
. Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows
builds). (Anatol)
- Fileinfo:
. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
segfault). (Anatol Belski)
- Filter:
. Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other
flags are used). (Jeff Welch)
. Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff
Welch)
- Mbstring:
. Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E).
(Masaki Kagaya)
- OPCache
. Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
. Fixed bug #69281 (opcache_is_script_cached no longer works). (danack)
- OpenSSL:
. Fixed bug #67403 (Add signatureType to openssl_x509_parse).
. Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
- Phar:
. Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
(Mike)
. Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
. Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
. Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing
".tar"). (Mike)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode). (Stas)
- Postgres:
. Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
- SPL:
. Fixed bug #69227 (Use after free in zval_scan caused by
spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
- SOAP:
. Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader
(bisected, regression)). (thomas at shadowweb dot org, Laruence)
- SQLITE:
. Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
(Dan Ackroyd)
. Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol)
|
|
16 Apr 2015 PHP 5.4.40
- Apache2handler:
. Fixed bug #69218 (potential remote code execution with apache 2.4
apache2handler). (Gerrit Venema)
- Core:
. Additional fix for bug #69152 (Type confusion vulnerability in
exception::getTraceAsString). (Stas)
. Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
vulnerability). (Stas)
. Fixed bug #69353 (Missing null byte checks for paths in various PHP
extensions). (Stas)
- cURL:
. Fixed bug #69316 (Use-after-free in php_curl related to
CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)
- Ereg:
. Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
- Fileinfo:
. Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
segfault). (Anatol Belski)
- GD:
. Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi)
- Phar:
. Fixed bug #68901 (use after free). (bugreports at internot dot info)
. Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
. Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
phar_set_inode). (Stas)
- Postgres:
. Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)
- SOAP:
. Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
with SoapFault). (Dmitry)
- Sqlite3:
. Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)
|
|
affect anything that isn't NetBSD/amd64.
|
|
Thank you, wiz@.
|
|
|
|
|
|
tech-pkg@ and pkgsrc-users@.
|
|
CHangelog:
* Changes in opensource COBOL 1.4.0J
** New features
*** Supports for Microsoft Windows ( Visual Studio and CL compiler )
Added win32 directory in opensource COBOL package, and prepared Solution Files for Visual Studio.
*** Enhanced CUI features
(1) Add a new function "CBL_OC_KEISEN".
This displays a KEISEN ( vertical or horizontal ruled lines ) on the screen.
(2) Supports SJIS multi-byte character input and output on the screen.
** Changes
*** Added VBISAM to the opensource COBOL package
*** Fixed not to abandon REPLACE after following COPY REPLACING has done
*** Though old style STOP statement maybe skipped, it should be still at least recognized as non-nil statement on empty check
*** Stop editing initial value of national-edited item
*** Changed NATIONAL comparison to be independent on COLLATING SEQUENCE setting
*** Fixed memory leaks in decoding national words
*** Fixed behavior of COPY REPLACING LEADING/TRAILING according to the standard
*** Fixed undecoded national item names appear in runtime messages
*** Fixed undecoded national item names appear in compilation messages
*** Prefixing/Suffixing should have no effect on FILLER item
*** Fixed compilation error on some SOURCE FORMAT FREE usage
*** Fixed bug in field subscript boundary check in cond expression
*** Preserve system time when date is modified by COB_DATE
*** Avoid reporting wrong section/paragraph name in error message
*** Fixed bug in reference modification boundary check in MOVE statement
*** Fixed initialization bug of ZonedDecimal variable defined as SIGN SEPARATE
*** Fixed initialization bug of ZonedDecimal variable when using -fsign-ebcdic option
** Other Updates
*** added and enhanced some tests
*** updated message catalog for 'ja'
*** bug fix some problem
|
|
omp_lock_t.
|
|
omp_lock_t and gcc-4.2 doesn't provide that.
|
|
omp_lock_t.
|
|
Background:
LLVM 3.6 upstream added support for being a native toolchain on NetBSD.
This changed the default C++ runtime library from libstdc++ to libc++.
Patch this in pkgsrc's clang so we continue to use libstdc++ (for now)
Proper support for libc++ should be added later (perhaps w/ PKG_OPTIONs).
Thanks to Joerg for explaining the problem.
|
|
http://www.scala-lang.org/news/2.11.6
Scala 2.11.6 is a bugfix release that is binary compatible with
previous releases in the Scala 2.11 series. We would like to highlight
the following changes:
* We fixed a cross-site scripting vulnerability in Scaladoc's
JavaScript. Many thanks to @todesking for discovering this,
suggesting a fix, and for delaying disclosure until this release!
This bug could be used to access sensitive information on sites
hosted on the same domain as Scaladoc-generated documentation. All
previous versions of Scaladoc are affected (Scala 2.10.5 includes
the fix as well). We do recommend, as a general precaution, to host
Scaladoc documentation on its own domain.
* SI-9089 repl is now much less crash-and-burny when calling a
function (which turns out to be a common thing people do in a
REPL). Also, apologies to the author of SI-9022, who reported this
before the bug was discovered and you had to wait in line for like
three hours on a Tuesday afternoon. Or, maybe, that honor should go
to the enigmatic dk14.
* SI-8759 no need to enter almost half the konami code to enter a
right square bracket in the REPL (via jline 2.12.1). Thank you for
implementing the jline fix, @michael72, and kudos to @jdillon and
@trptcolin for cutting a new jline release just for us!
http://www.scala-lang.org/news/2.11.5
Scala 2.11.5 is a bugfix release that is binary compatible with
previous releases in the Scala 2.11 series. We would like to highlight
the following changes:
* heathermiller's SI-6502 Reenables loading jars into the running REPL
* mpociecha's The alternative, flat representation of classpath elements
* gbasler's Avoid the ¡CNF budget exceeded¢ exception via smarter
translation into CNF
* adriaanm's SAMmy: eta-expansion, overloading, existentials
* A great number of documentation improvements - thank you (and, to
those appearing for the first time in our release notes, welcome!):
@kanielc, @lymia, @stevegury, @vigdorchik, @gourlaysama, @ichoran,
@retronym, @xuwei-k, @dickwall, @phaller.
http://www.scala-lang.org/news/2.11.4
Scala 2.11.4 is a bugfix release that is binary compatible with
previous releases in the Scala 2.11 series. The changes include:
* Scala shell (REPL) is more friendly to Ctrl+D. It leaves your
terminal in a clean state and suggests using :quit the next time
(see #3902). Kudos to @gourlaysama!
* REPL uses different colors when printing references to vals and
types. Pass -Dscala.color to enable that behavior (see
#3993). Thanks to @puffnfresh!
* The Scala specification received a fair amount of love and became
much more beautiful. It has got syntax highlighting (#3984),
linkable headers, and a side bar with TOC (#3996). A few final
touches has been merged that fix typos and mistakes stemming from
automatic Latex to Markdown conversion we've done a while
ago. Thanks for attention to details @gourlaysama, @som-snytt and
roberthoedicke!
* Non-deterministic pattern matching warnings has been fixed
(SI-7746). Many thanks to @gbasler for diving deep (#3954) into
logical formulas constructed by our pattern matcher implementation!
https://groups.google.com/forum/#!msg/scala-internals/SSD9BNJaFbU/rACBkHrs2JEJ
> I've got an important information to share. I'd like to announce the
> Scala 2.11.3 artifacts as being dead on arrival. The 2.11.3
> artifacts that got released to Maven Central have a critical bug
> related to binary compatibility. Please stick to using Scala 2.11.2
> until 2.11.4 is released which is planned to happen as soon as we
> fix all critical bugs found in Scala 2.11.3. The rest of my email
> will discuss the events that led to a broken Scala release, next
> steps we're planning to take.
http://www.scala-lang.org/news/2.11.2
Scala 2.11.2 is a bugfix release that is binary compatible with
previous releases in the Scala 2.11 series. The changes include:
* Several issues in the collections library were resolved, most
notably equality on ranges (SI-8738).
* The optimizer no longer eliminates division instructions that may
throw an ArithmeticException (SI-7607).
* The -Xlint compiler flag is now parameterized by individual
warnings. This is intended to replace the -Ywarn-... options, for
instance, -Xlint:nullary-unit is equivalent to
-Ywarn-nullary-unit. Run scalac -Xlint:help to see all available
options. Kudos to @som-snytt!x
* TypeTags and Exprs are now serializable (SI-5919).
|
|
shlib with whole-archive like on other platforms. Bump revision and bl3.
|
|
|
|
|
|
Jim is an opensource small-footprint implementation of the Tcl programming
language. It implements a large subset of Tcl and adds new features like
references with garbage collection, closures, built-in Object Oriented
Programming system, Functional Programming commands, first-class arrays and UTF-
8 support. All this with a binary size of about 100-200kB (depending upon
selected options).
The Jim core is very stable. Jim passes over 3000 unit tests and many Tcl
programs run unmodified. Jim is highly modular with the possiblity to configure
many components as loadable modules, or omitted entirely. A number of extensions
are included with Jim which may be built as loadable modules.
|
|
|
|
with pkgsrc MACHINE_ARCH (i386). Fixes 32-bit build, no change for 64-bit.
|
|
Vala 0.28.0
===========
* Binding updates.
Vala 0.27.2
===========
* Bug fixes and binding updates.
Vala 0.27.1
===========
* Print compiler messages in color.
* Add clutter-gdk-1.0 bindings.
* Add clutter-gst-3.0 bindings.
* Add clutter-x11-1.0 bindings.
* Add rest-extras-0.7 bindings.
* Bug fix and binding updates.
|
|
Instead treat ocaml like we do with lang/perl5 and install the man pages in
the "3" section in /usr/pkg/lib/ocaml/man/man3.
|
|
|
|
|
|
|
|
time is good enough anyway.
|
|
Build shared library with -fPIC on all platforms. Bump revision for
that.
|
|
optimisation potential.
|
|
|
|
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
19 Mar 2015, PHP 5.6.7
- Core:
. Fixed bug #69174 (leaks when unused inner class use traits precedence).
(Laruence)
. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
(Laruence)
. Fixed bug #69121 (Segfault in get_current_user when script owner is not
in passwd with ZTS build). (dan at syneto dot net)
. Fixed bug #65593 (Segfault when calling ob_start from output buffering
callback). (Mike)
. Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
not validated in memory.c). (nayana at ddproperty dot com)
. Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
. Fixed bug #69141 (Missing arguments in reflection info for some builtin
functions). (kostyantyn dot lysyy at oracle dot com)
. Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)
- CGI:
. Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
- CLI:
. Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
- cURL:
. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
Win32). (Grant Pannell)
. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
by libcurl. (Linus Unneback)
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305).
(Stas)
- FPM:
. Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
- ODBC:
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
- Opcache:
. Fixed bug #69159 (Opcache causes problem when passing a variable variable
to a function). (Dmitry, Laruence)
. Fixed bug #69125 (Array numeric string as key). (Laruence)
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
- OpenSSL:
. Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
. Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe
socket timeouts). (Brad Broerman)
. Fixed bug #68920 (use strict peer_fingerprint input checks)
(Daniel Lowrey)
. Fixed bug #68879 (IP Address fields in subjectAltNames not used)
(Daniel Lowrey)
. Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
. Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
. Fixed bug (#69195 Inconsistent stream crypto values across versions)
(Daniel Lowrey)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
(william dot welter at 4linux dot com dot br, Laruence)
- Readline:
. Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
parameters). (Laruence)
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()). (andrea dot palazzo at truel dot it, Laruence)
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage). (Laruence)
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()). (Julien)
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary) (CVE-2015-2331). (Stas)
|
|
19 Mar 2015, PHP 5.5.23
- Core:
. Fixed bug #69174 (leaks when unused inner class use traits precedence).
(Laruence)
. Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
(Laruence)
. Fixed bug #69121 (Segfault in get_current_user when script owner is not
in passwd with ZTS build). (dan at syneto dot net)
. Fixed bug #65593 (Segfault when calling ob_start from output buffering
callback). (Mike)
. Fixed bug #69017 (Fail to push to the empty array with the constant value
defined in class scope). (Laruence)
. Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file
not validated in memory.c). (nayana at ddproperty dot com)
. Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
. Fixed bug #69141 (Missing arguments in reflection info for some builtin
functions). (kostyantyn dot lysyy at oracle dot com)
. Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)
- CGI:
. Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
- CLI:
. Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
- cURL:
. Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on
Win32). (Grant Pannell)
. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported
by libcurl. (Linus Unneback)
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas)
- FPM:
. Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
- ODBC:
. Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
- Opcache:
. Fixed bug #69125 (Array numeric string as key). (Laruence)
. Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
- OpenSSL:
. Fixed bugs #61285, #68329, #68046, #41631 (encrypted streams don't observe
socket timeouts). (Brad Broerman)
- pgsql:
. Fixed bug #68638 (pg_update() fails to store infinite values).
(william dot welter at 4linux dot com dot br, Laruence)
- Readline:
. Fixed bug #69054 (Null dereference in readline_(read|write)_history() without
parameters). (Laruence)
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()). (andrea dot palazzo at truel dot it, Laruence)
- SPL:
. Fixed bug #69108 ("Segmentation fault" when (de)serializing
SplObjectStorage). (Laruence)
. Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
calling getChildren()). (Julien)
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary) (CVE-2015-2331). (Stas)
|
|
19 Mar 2015 PHP 5.4.39
- Core:
. Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options). (Anatol Belski)
. Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas)
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()). (Dmitry)
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary). (Stas)
|