From 9b693880a6b4709338b58bfbff4560cf0754fad0 Mon Sep 17 00:00:00 2001 From: bsiegert Date: Tue, 28 Jun 2016 19:38:32 +0000 Subject: Pullup ticket #5052 - requested by taca lang/php70: security fix Revisions pulled up: - lang/php/phpversion.mk 1.141 - lang/php70/Makefile 1.4 - lang/php70/Makefile.php 1.2 - lang/php70/distinfo 1.14 --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 24 15:27:57 UTC 2016 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php70: Makefile Makefile.php distinfo Log Message: Update php70 to 7.0.8 (PHP 7.0.8), including security fixes. pkgsrc change: * remove confiugre from SUBST_FILES.path. * Remove --with-regex=3Dsystem and --without-mysql from CONFIGURE_ARGS.= * Add --without-mysqli to CONFIGURE_ARGS. 23 Jun 2016 PHP 7.0.8 - Core: . Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashe= s). (Esminis at esminis dot lt) . Fixed bug #72221 (segfault, past-the-end access). (Lauri Kentt=E4) . Fixed bug #72268 (Integer Overflow in nl2br()). (Stas) . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()). (Stas) . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Sta= s) . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL).= (Stas) - FPM: . Fixed bug #72308 (fastcgi_finish_request and logging environment variables). (Laruence) - GD: . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas) . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre) . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)= - Intl: . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol) - mbstring: . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (= Stas) - mcrypt: . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas) - PCRE: . Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe) - PDO_pgsql: . Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound). (Laruence) . Fixed bug #72294 (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor). (Anatol) - Phpdbg: . Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob) - Postgres: . Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (La= ruence) . Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol) - SPL: . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (S= tas) . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorith= m and unserialize). (Dmitry) - Standard: . Fixed bug #72017 (range() with float step produces unexpected resul= t). (Thomas Punt) . Fixed bug #72193 (dns_get_record returns array containing elements = of type 'unknown'). (Laruence) . Fixed bug #72229 (Wrong reference when serialize/unserialize an obj= ect). (Laruence) . Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruenc= e) - XML: . Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Jo= e) - XMLRPC: . Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe, Laruence) - WDDX: . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (St= as) - Zip: . Fixed ug #72258 (ZipArchive converts filenames to unrecoverable for= m). (Anatol) . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in = PHP's GC algorithm and unserialize). (Dmitry) --- lang/php/phpversion.mk | 4 ++-- lang/php70/Makefile | 4 ++-- lang/php70/Makefile.php | 6 ++---- lang/php70/distinfo | 10 +++++----- 4 files changed, 11 insertions(+), 13 deletions(-) diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk index 0ed34887778..33c52f0f555 100644 --- a/lang/php/phpversion.mk +++ b/lang/php/phpversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.131.2.8 2016/06/28 19:37:34 bsiegert Exp $ +# $NetBSD: phpversion.mk,v 1.131.2.9 2016/06/28 19:38:32 bsiegert Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP @@ -83,7 +83,7 @@ PHPVERSION_MK= defined # Define each PHP's version. PHP55_VERSION= 5.5.37 PHP56_VERSION= 5.6.23 -PHP70_VERSION= 7.0.7 +PHP70_VERSION= 7.0.8 # Define initial release of major version. PHP55_RELDATE= 20130620 diff --git a/lang/php70/Makefile b/lang/php70/Makefile index e5761f8459b..158704359ea 100644 --- a/lang/php70/Makefile +++ b/lang/php70/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.3 2016/04/02 09:02:11 taca Exp $ +# $NetBSD: Makefile,v 1.3.2.1 2016/06/28 19:38:32 bsiegert Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. @@ -33,7 +33,7 @@ PLIST_SUBST+= PHPEXTDIR="${PHP_EXTENSION_DIR}" SUBST_CLASSES+= path SUBST_MESSAGE.path= Fixing common paths. SUBST_STAGE.path= pre-configure -SUBST_FILES.path= configure ext/phar/phar/phar.php +SUBST_FILES.path= ext/phar/phar/phar.php SUBST_FILES.path+= php.ini-development php.ini-production run-tests.php SUBST_FILES.path+= sapi/cgi/Makefile.frag SUBST_SED.path= -e 's,@CGIDIR@,${CGIDIR},g' diff --git a/lang/php70/Makefile.php b/lang/php70/Makefile.php index 31aee07bf95..be1b540d93e 100644 --- a/lang/php70/Makefile.php +++ b/lang/php70/Makefile.php @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.php,v 1.1 2015/12/06 15:17:31 taca Exp $ +# $NetBSD: Makefile.php,v 1.1.4.1 2016/06/28 19:38:32 bsiegert Exp $ # used by lang/php70/Makefile # used by www/ap-php/Makefile # used by www/php-fpm/Makefile @@ -23,9 +23,7 @@ CONFIGURE_ARGS+= --with-config-file-scan-dir=${PKG_SYSCONFDIR}/php.d CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} CONFIGURE_ARGS+= --localstatedir=${VARBASE} -CONFIGURE_ARGS+= --with-regex=system - -CONFIGURE_ARGS+= --without-mysql +CONFIGURE_ARGS+= --without-mysqli CONFIGURE_ARGS+= --without-iconv CONFIGURE_ARGS+= --without-pear #CONFIGURE_ARGS+= --without-intl diff --git a/lang/php70/distinfo b/lang/php70/distinfo index 09a84f7221f..32a6d3bc598 100644 --- a/lang/php70/distinfo +++ b/lang/php70/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.8.2.3 2016/06/28 18:59:07 bsiegert Exp $ +$NetBSD: distinfo,v 1.8.2.4 2016/06/28 19:38:32 bsiegert Exp $ -SHA1 (php-7.0.7.tar.bz2) = 7d1d718288e34edce686bd834de5313d199cebd3 -RMD160 (php-7.0.7.tar.bz2) = d894c6897095736b5a278ee5a91b9a4cd80b6bac -SHA512 (php-7.0.7.tar.bz2) = e6d5ce0eb665aa9beb13f5a3e6fa074ff92ccdd5112c4f2a7dfb1220f55624f2284a0bcfec45b92572762905ab2ac7890e98803860378fdb06752e22f363dbcf -Size (php-7.0.7.tar.bz2) = 14106181 bytes +SHA1 (php-7.0.8.tar.bz2) = c21f1d28ca20d69887bd2c020f8c0219f28d8890 +RMD160 (php-7.0.8.tar.bz2) = abf20356587ee6a11a84b64ca46f36257df0c4b1 +SHA512 (php-7.0.8.tar.bz2) = a1a119ff95ad3902264dbc267753af0cf82b5dddbfcf09a8fc2bc519e16021cbf4bc7f2b33c4fec46d7be7bed8db315371ee11390a6055adf908a3b28a6a6921 +Size (php-7.0.8.tar.bz2) = 14105805 bytes SHA1 (patch-acinclude.m4) = b682280fd89950c082c2226bdb7364b0dc475bad SHA1 (patch-configure) = a129e19ef87338f6e53ccc967c40ddcde7c7357c SHA1 (patch-ext_gd_config.m4) = a7ec1bd0d876657d4b5e597b9aa1e97c2d2801e3 -- cgit v1.2.3