pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2026Q1] pkgsrc/lang
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat May 9 17:25:26 UTC 2026
Modified Files:
pkgsrc/lang/php [pkgsrc-2026Q1]: phpversion.mk
pkgsrc/lang/php85 [pkgsrc-2026Q1]: distinfo
Log Message:
Pullup ticket #7106 - requested by taca
lang/php85: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.495,1.500
- lang/php85/distinfo 1.5-1.6
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Apr 9 15:26:52 UTC 2026
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php85: distinfo
Log Message:
lang/php85: update to 8.5.5
PHP 8.5.5 (2026-04-09)
- Core:
. Fixed bug GH-20672 (Incorrect property_info sizing for locally shadowed
trait properties). (ilutov)
. Fixed bugs GH-20875, GH-20873, GH-20854 (Propagate IN_GET guard in
get_property_ptr_ptr for lazy proxies). (iliaal)
- Bz2:
. Fix truncation of total output size causing erroneous errors. (ndossche)
- DOM:
. Fixed bug GH-21486 (Dom\HTMLDocument parser mangles xml:space and
xml:lang attributes). (ndossche)
- FFI:
. Fixed resource leak in FFI::cdef() onsymbol resolution failure.
(David Carlier)
- GD:
. Fixed bug GH-21431 (phpinfo() to display libJPEG 10.0 support).
(David Carlier)
- Opcache:
. Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached
script). (ilutov)
. Fixed bug GH-20838 (JIT compiler produces wrong arithmetic results).
(Dmitry, iliaal)
. Fixed bug GH-21267 (JIT tracing: infinite loop on FETCH_OBJ_R with
IS_UNDEF property in polymorphic context). (Dmitry, iliaal)
. Fixed bug GH-21395 (uaf in jit). (ndossche)
- OpenSSL:
. Fixed bug GH-21083 (Skip private_key_bits validation for EC/curve-based
keys). (iliaal)
. Fix missing error propagation for BIO_printf() calls. (ndossche)
- PCNTL:
. Fixed signal handler installation on AIX by bumping the storage size of the
num_signals global. (Calvin Buckley)
- PCRE:
. Fixed re-entrancy issue on php_pcre_match_impl, php_pcre_replace_impl,
php_pcre_split_impl, and php_pcre_grep_impl. (David Carlier)
- Phar:
. Fixed bug GH-21333 (use after free when unlinking entries during iteration
of a compressed phar). (David Carlier)
- SNMP:
. Fixed bug GH-21336 (SNMP::setSecurity() undefined behavior with
NULL arguments). (David Carlier)
- SOAP:
. Fixed Set-Cookie parsing bug wrong offset while scanning attributes.
(David Carlier)
- SPL:
. Fixed bug GH-21454 (missing write lock validation in SplHeap).
(ndossche)
- Standard:
. Fixed bug GH-20906 (Assertion failure when messing up output buffers).
(ndossche)
. Fixed bug GH-20627 (Cannot identify some avif images with getimagesize).
(y-guyon)
- Sysvshm:
. Fix memory leak in shm_get_var() when variable is corrupted. (ndossche)
- XSL:
. Fix GH-21357 (XSLTProcessor works with DOMDocument, but fails with
Dom\XMLDocument). (ndossche)
. Fixed bug GH-21496 (UAF in dom_objects_free_storage).
(David Carlier/ndossche)
---
Module Name: pkgsrc
Committed By: taca
Date: Fri May 8 02:10:51 UTC 2026
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php85: distinfo
Log Message:
lang/php85: update to 8.5.6
PHP 8.5.6 (2026-05-07)
- Core:
. Fixed bug GH-19983 (GC assertion failure with fibers, generators and
destructors). (iliaal)
. Fixed ZEND_API mismatch on zend_ce_closure forward decl for Windows+Clang.
(henderkes)
. Fixed bug GH-21504 (Incorrect RC-handling for ZEND_EXT_STMT op1). (ilutov)
. Fixed bug GH-21478 (Forward property operations to real instance for
initialized lazy proxies). (iliaal)
. Fixed bug GH-21605 (Missing addref for Countable::count()). (ilutov)
. Fixed bug GH-21699 (Assertion failure in shutdown_executor when resolving
self::/parent::/static:: callables if the error handler throws). (macoaure)
. Fixed bug GH-21603 (Missing addref for __unset). (ilutov)
. Fixed bug GH-21760 (Trait with class constant name conflict against
enum case causes SEGV). (Pratik Bhujel)
- CLI:
. Fixed bug GH-21754 (`--rf` command line option with a method triggers
ext/reflection deprecation warnings). (DanielEScherzer)
- Curl:
. Add support for brotli and zstd on Windows. (Shivam Mathur)
- DOM:
. Fixed GHSA-4jhr-8w89-j733 and GH-21566 (Dom\XMLDocument::C14N() emits
duplicate xmlns declarations after setAttributeNS()). (CVE-2026-7263)
(David Carlier)
- FPM:
. Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735)
(Jakub Zelenka)
- Iconv:
. Fixed bug GH-17399 (iconv memory leak on bailout). (iliaal)
- Lexbor:
. Upgrade to lexbor v2.7.0. (CVE-2026-29078, CVE-2026-29079)
(ndossche, ilutov)
- MBString:
. Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in
php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259)
(vi3tL0u1s)
. Fixed GHSA-74r9-qxhc-fx53 (Out-of-bounds access in mbfl_name2encoding_ex()).
(CVE-2026-6104) (ilutov)
- Opcache:
. Fixed bug GH-21158 (JIT: Assertion jit->ra[var].flags & (1<<0) failed in
zend_jit_use_reg). (Arnaud)
. Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch). (ilutov)
. Fixed bug GH-21460 (COND optimization regression). (Dmitry, Arnaud)
. Fixed faulty returns out of zend_try block in zend_jit_trace(). (ilutov)
- OpenSSL:
. Fix memory leak regression in openssl_pbkdf2(). (ndossche)
. Fix a bunch of memory leaks and crashes on edge cases. (ndossche)
- PDO_Firebird:
. Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings).
(CVE-2025-14179) (SakiTakamachi)
- PDO_PGSQL:
. Fixed bug GH-21683 (pdo_pgsql throws with ATTR_PREFETCH=0
on empty result set). (thomasschiet)
- Phar:
. Restore is_link handler in phar_intercept_functions_shutdown. (iliaal)
. Fixed bug GH-21797 (phar: NULL dereference in Phar::webPhar() when
SCRIPT_NAME is absent from SAPI environment). (iliaal)
. Fix memory leak in Phar::offsetGet(). (iliaal)
. Fix memory leak in phar_add_file(). (iliaal)
. Fixed bug GH-21799 (phar: propagate phar_stream_flush return value from
phar_stream_close). (iliaal)
. Fix memory leak in phar_verify_signature() when md_ctx is invalid.
(JarneClauw)
- Random:
. Fixed bug GH-21731 (Random\Engine\Xoshiro256StarStar::__unserialize()
accepts all-zero state). (iliaal)
- Session:
. Fixed memory leak when session GC callback return a refcounted value.
(jorgsowa)
- SOAP:
. Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache
Map). (CVE-2026-6722) (ilutov)
. Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with
SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) (ilutov)
. Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check).
(CVE-2026-7262) (ilutov)
- SPL:
. Fixed bug GH-21499 (RecursiveArrayIterator getChildren UAF after parent
free). (Girgias)
. Fix concurrent iteration and deletion issues in SplObjectStorage.
(ndossche)
- Sqlite3:
. Fixed wrong free list comparator pointer type. (David Carlier)
- Standard:
. Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset).
(CVE-2026-7568) (TimWolla)
. Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h
functions). (CVE-2026-7258) (ilutov)
- Streams:
. Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL
and a proxy set). (ndossche)
- URI:
. Fixed CVE-2026-42371 (uriparser before 1.0.1 has numeric truncation in
text range comparison). (CVE-2026-42371) (Joshua W. Windle)
To generate a diff of this commit:
cvs rdiff -u -r1.494 -r1.494.2.1 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.4 -r1.4.2.1 pkgsrc/lang/php85/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.494 pkgsrc/lang/php/phpversion.mk:1.494.2.1
--- pkgsrc/lang/php/phpversion.mk:1.494 Sun Mar 15 15:30:49 2026
+++ pkgsrc/lang/php/phpversion.mk Sat May 9 17:25:26 2026
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.494 2026/03/15 15:30:49 taca Exp $
+# $NetBSD: phpversion.mk,v 1.494.2.1 2026/05/09 17:25:26 bsiegert Exp $
#
# This file selects a PHP version, based on the user's preferences and
# the installed packages. It does not add a dependency on the PHP
@@ -113,7 +113,7 @@ PHP74_VERSION= 7.4.33
PHP82_VERSION= 8.2.30
PHP83_VERSION= 8.3.30
PHP84_VERSION= 8.4.19
-PHP85_VERSION= 8.5.4
+PHP85_VERSION= 8.5.6
_VARGROUPS+= php
_USER_VARS.php= PHP_VERSION_DEFAULT
Index: pkgsrc/lang/php85/distinfo
diff -u pkgsrc/lang/php85/distinfo:1.4 pkgsrc/lang/php85/distinfo:1.4.2.1
--- pkgsrc/lang/php85/distinfo:1.4 Sun Mar 15 15:30:49 2026
+++ pkgsrc/lang/php85/distinfo Sat May 9 17:25:26 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.4 2026/03/15 15:30:49 taca Exp $
+$NetBSD: distinfo,v 1.4.2.1 2026/05/09 17:25:26 bsiegert Exp $
-BLAKE2s (php-8.5.4.tar.xz) = 37a88c3b413c5acd47d4e7ef68aeb586dac7fd06b25e273e5577d27f2c1d0109
-SHA512 (php-8.5.4.tar.xz) = e21723dc511b3bece1562f4b7a672b8db1775460515e345904a3a8283dd6bd398a8248507aae5ab2f89b4d5d8515875da7e34593fba471a675d8931a30bf49df
-Size (php-8.5.4.tar.xz) = 14348800 bytes
+BLAKE2s (php-8.5.6.tar.xz) = 9ddd69e000b551d0534bcf0fecf68bfb270d20fc772e901054e715caba9c7682
+SHA512 (php-8.5.6.tar.xz) = e0ce5430809d5347ffdaba827e2c62fefb570b112014add16be545fd444ec374ebc76c373d5a254930538994a639ddd15508cd1083c4ead8ea0b76e7cead0c7c
+Size (php-8.5.6.tar.xz) = 14392820 bytes
SHA1 (patch-build_Makefile.global) = 570d813a05626f633e2ce380ab6668fdc7e8f030
SHA1 (patch-build_php.m4) = bb72e38ab391ad587962940ba85e8d4de8633dca
SHA1 (patch-configure.ac) = 20c95915d5e4aa622d04ee923c626789c44fef11
Home |
Main Index |
Thread Index |
Old Index