pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/53222 CVS commit: [pkgsrc-2018Q2] pkgsrc/lang



The following reply was made to PR pkg/53222; it has been noted by GNATS.

From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/53222 CVS commit: [pkgsrc-2018Q2] pkgsrc/lang
Date: Fri, 17 Aug 2018 16:04:01 +0000

 Module Name:	pkgsrc
 Committed By:	bsiegert
 Date:		Fri Aug 17 16:04:01 UTC 2018
 
 Modified Files:
 	pkgsrc/lang/php [pkgsrc-2018Q2]: phpversion.mk
 	pkgsrc/lang/php71 [pkgsrc-2018Q2]: Makefile Makefile.php distinfo
 Added Files:
 	pkgsrc/lang/php71/patches [pkgsrc-2018Q2]: patch-disable-filter-url
 
 Log Message:
 Pullup ticket #5797 - requested by taca
 lang/php71: security fix
 
 Revisions pulled up:
 - lang/php/phpversion.mk                                        1.222
 - lang/php71/Makefile                                           1.14-1.15
 - lang/php71/Makefile.php                                       1.7-1.8
 - lang/php71/distinfo                                           1.39-1.40
 - lang/php71/patches/patch-disable-filter-url                   1.1
 
 ---
    Module Name:	pkgsrc
    Committed By:	maya
    Date:		Mon Jul 16 10:58:50 UTC 2018
 
    Modified Files:
    	pkgsrc/lang/php70: Makefile Makefile.php
    	pkgsrc/lang/php71: Makefile Makefile.php
    	pkgsrc/lang/php72: Makefile Makefile.php
 
    Log Message:
    php*: disable global regs on i386.
    Fixes PR pkg/53222 that resurfaced
 
    Remove the previous workaround to add GCC_REQD, which isn't sufficient
    any more, possibly due to enabling ssp/fortify?
 
    XXX bumping PKGREVISION might not be sufficient, for the same reason the
    GCC_REQD had to be moved to Makefile.php, it affects modules too.
 
 ---
    Module Name:	pkgsrc
    Committed By:	manu
    Date:		Wed Jul 18 07:33:12 UTC 2018
 
    Modified Files:
    	pkgsrc/lang/php56: Makefile.php distinfo
    	pkgsrc/lang/php70: Makefile.php distinfo
    	pkgsrc/lang/php71: Makefile.php distinfo
    	pkgsrc/lang/php72: Makefile.php distinfo
    Added Files:
    	pkgsrc/lang/php56/patches: patch-disable-filter-url
    	pkgsrc/lang/php70/patches: patch-disable-filter-url
    	pkgsrc/lang/php71/patches: patch-disable-filter-url
    	pkgsrc/lang/php72/patches: patch-disable-filter-url
 
    Log Message:
    Add pkgsrc build option disable-filter-url to disable php://filter URL
 
    php://filter URL is a feature documented here:
    http://php.net/manual/en/wrappers.php.php
 
    Unfortunately, it allows remote control of include() behavior
    beyond what many developpers expected, enabling easy dump of
    PHP source files. The administrator may want to disable the
    feature for security sake, and this option makes that possible.
 
 ---
    Module Name:	pkgsrc
    Committed By:	taca
    Date:		Fri Jul 20 13:23:47 UTC 2018
 
    Modified Files:
    	pkgsrc/lang/php: phpversion.mk
    	pkgsrc/lang/php71: Makefile distinfo
 
    Log Message:
    lang/php71: update to 7.1.20
 
    19 Jul 2018, PHP 7.1.20
 
    - Core:
      . Fixed bug #76534 (PHP hangs on 'illegal string offset on string references
        with an error handler). (Laruence)
      . Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize
        properly). (Nikita)
 
    - Date:
      . Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)
 
    - exif:
      . Fixed bug #76423 (Int Overflow lead to Heap OverFlow in
        exif_thumbnail_extract of exif.c). (Stas)
     . Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif
        data). (Stas)
 
    - FPM:
      . Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to
        non-blocking). (Nikita)
 
    - GMP:
      . Fixed bug #74670 (Integer Underflow when unserializing GMP and possible
        other classes). (Nikita)
 
    - intl:
      . Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong
        type). (cmb)
 
    - mbstring:
      . Fixed bug #76532 (Integer overflow and excessive memory usage
        in mb_strimwidth). (MarcusSchwarz)
 
    - PGSQL:
      . Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)
 
    - phpdbg:
      . Fix arginfo wrt. optional/required parameters. (cmb)
 
    - Reflection:
      . Fixed bug #76536 (PHP crashes with core dump when throwing exception in
        error handler). (Laruence)
      . Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with
        inherited classes). (Nikita)
 
    - Standard:
      . Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
        (Laruence)
      . Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
 
    - Win32:
      . Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.221 -r1.221.2.1 pkgsrc/lang/php/phpversion.mk
 cvs rdiff -u -r1.13 -r1.13.6.1 pkgsrc/lang/php71/Makefile
 cvs rdiff -u -r1.6 -r1.6.10.1 pkgsrc/lang/php71/Makefile.php
 cvs rdiff -u -r1.38 -r1.38.2.1 pkgsrc/lang/php71/distinfo
 cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/lang/php71/patches/patch-disable-filter-url
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index