CVS commit: [pkgsrc-2014Q2] pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2014Q2] pkgsrc/lang
From: "Matthias Scheler" <tron%netbsd.org@localhost>
Date: Mon, 18 Aug 2014 12:48:05 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Aug 18 12:48:05 UTC 2014

Modified Files:
        pkgsrc/lang/php [pkgsrc-2014Q2]: phpversion.mk
        pkgsrc/lang/php53 [pkgsrc-2014Q2]: Makefile Makefile.php distinfo
Added Files:
        pkgsrc/lang/php53/patches [pkgsrc-2014Q2]:
            patch-Zend_zend_language_parser.h
Removed Files:
        pkgsrc/lang/php53/patches [pkgsrc-2014Q2]:
            patch-ext_date_lib_parse__iso__intervals.c
            patch-ext_date_lib_parse__iso__intervals.re

Log Message:
Pullup ticket #4475 - requested by prlw1
lang/php53: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.69 via patch
- lang/php53/Makefile                                           1.49
- lang/php53/Makefile.php                                       1.41
- lang/php53/distinfo                                           1.75-1.76
- lang/php53/patches/patch-Zend_zend_language_parser.h          deleted
- lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c deleted
- lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re deleted

---
   Module Name: pkgsrc
   Committed By:        prlw1
   Date:                Mon Jul 28 16:12:57 UTC 2014

   Modified Files:
        pkgsrc/lang/php53: distinfo
   Added Files:
        pkgsrc/lang/php53/patches: patch-Zend_zend_language_parser.h

   Log Message:
   Fix build of www/ap-php with PHP 5.3.

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri Aug 15 16:09:16 UTC 2014

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php53: Makefile Makefile.php distinfo
   Removed Files:
        pkgsrc/lang/php53/patches: patch-Zend_zend_language_parser.h
            patch-ext_date_lib_parse__iso__intervals.c
            patch-ext_date_lib_parse__iso__intervals.re

   Log Message:
   Update php53 to 5.3.29, final PHP 5.3 release.

   14 Aug 2014, PHP 5.3.29

   - Core:
     . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
     . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
     . Fixed bug #67249 (printf out-of-bounds read). (Stas)
     . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
     . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
     . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
     . Fixed bug #67390 (insecure temporary file use in the configure script).
       (Remi) (CVE-2014-3981)
     . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
     . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
       Confusion) (CVE-2014-3515). (Stefan Esser)
     . Fixed bug #67498 (phpinfo() Type Confusion Information Leak 
Vulnerability).
       (Stefan Esser)

   - COM:
     . Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).

   - Date:
     . Fixed bug #66060 (Heap buffer over-read in DateInterval). (CVE-2013-6712)
       (Remi)
     . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
     . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

   - Exif:
     . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)

   - Fileinfo:
     . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
     . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary
       check). (CVE-2014-0207)
     . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
       (CVE-2014-0238)
     . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls 
resulting
       in performance degradation). (CVE-2014-0237)
     . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated 
pascal
       string size). (Francisco Alonso, Jan Kaluza, Remi)
     . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
       check). (Francisco Alonso, Jan Kaluza, Remi)
     . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
       (Francisco Alonso, Jan Kaluza, Remi)
     . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
       check). (Francisco Alonso, Jan Kaluza, Remi)

   - Intl:
     . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
     . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
       uloc_getDisplayName (libicu 4.8.1)). (Stas)

   - Network:
     . Fixed bug #67432 (Fix potential segfault in dns_check_record()).
       (CVE-2014-4049). (Sara)

   - OpenSSL:
     . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).

   - Session:
     . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).


To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.66.2.1 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.48 -r1.48.2.1 pkgsrc/lang/php53/Makefile
cvs rdiff -u -r1.40 -r1.40.2.1 pkgsrc/lang/php53/Makefile.php
cvs rdiff -u -r1.74 -r1.74.2.1 pkgsrc/lang/php53/distinfo
cvs rdiff -u -r0 -r1.2.2.2 \
    pkgsrc/lang/php53/patches/patch-Zend_zend_language_parser.h
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.c \
    pkgsrc/lang/php53/patches/patch-ext_date_lib_parse__iso__intervals.re

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/time/py-vdirsyncer
Next by Date: CVS commit: [pkgsrc-2014Q2] pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/time/py-vdirsyncer
Next by Thread: CVS commit: [pkgsrc-2014Q2] pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index