PR/588 CVS commit: pkgsrc/lang

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,wolfgang%netbsd.wsrcc.com@localhost
Subject: PR/588 CVS commit: pkgsrc/lang
From: "Takahiro Kambe" <taca%netbsd.org@localhost>
Date: Fri, 27 Jun 2014 11:35:01 +0000 (UTC)

The following reply was made to PR bin/588; it has been noted by GNATS.

From: "Takahiro Kambe" <taca%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/588 CVS commit: pkgsrc/lang
Date: Fri, 27 Jun 2014 11:34:19 +0000

 Module Name:   pkgsrc
 Committed By:  taca
 Date:          Fri Jun 27 11:34:19 UTC 2014
 
 Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php55: Makefile distinfo
 
 Log Message:
 Update php55 to 5.5.14 which includes several security fixes.
 
 26 Jun 2014, PHP 5.5.14
 
 - Core:
   . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
   . Fixed bug #66622 (Closures do not correctly capture the late bound class
     (static::) in some cases). (Levi Morrison)
   . Fixed bug #67390 (insecure temporary file use in the configure script).
     (CVE-2014-3981) (Remi)
   . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
   . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
     (Stefan Esser)
 
 - CLI server:
   . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
 
 - Date:
   . Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
     (Adam)
   . Fixed regression in fix for bug #67118 (constructor can't be called twice).
     (Remi)
 
 - Fileinfo:
   . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary 
check).
     (CVE-2014-0207)
   . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
     string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
   . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
     check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
   . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
     (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
   . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
     check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)
 
 - Intl:
   . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
   . Fixed bug #67397 (Buffer overflow in locale_get_display_name and
     uloc_getDisplayName (libicu 4.8.1)). (Stas)
 
 - Network:
   . Fixed bug #67432 (Fix potential segfault in dns_get_record()).
     (CVE-2014-4049). (Sara)
 
 - OPCache:
   . Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)
 
 - OpenSSL:
   . Fixed bug #65698 (certificates validity parsing does not work past 2050).
     (Paul Oehler)
   . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
     (Paul Oehler)
 
 - PDO-ODBC:
   . Fixed bug #50444 (PDO-ODBC changes for 64-bit).
 
 - SOAP:
   . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
 
 - SPL:
   . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
   . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
   . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
   . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
     Confusion). (CVE-2014-3515) (Stefan Esser)
 
   . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
   . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
   . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
 
 - DOM:
   . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE 
tag,
     not only the subset). (Anatol)
 
 - Fileinfo:
   . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
   . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) 
(CVE-2014-0238).
   . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting 
in
     performance degradation) (CVE-2014-0237).
 
 - FPM:
   . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
     (Julio Pintos)
 
 - GD:
   . Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
 
 - PCRE:
   . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
     from the upstream). (Anatol)
 
 - Phar:
   . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an 
accent
     in its name). (PR #588)
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.65 -r1.66 pkgsrc/lang/php/phpversion.mk
 cvs rdiff -u -r1.13 -r1.14 pkgsrc/lang/php55/Makefile
 cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php55/distinfo
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: re: kern/48954: USB diagconstic message: actlen (-15996) > len (4)
Next by Date: Re: kern/48954: USB diagconstic message: actlen (-15996) > len (4)
Previous by Thread: PR/588 CVS commit: pkgsrc/lang
Next by Thread: PR/48843 CVS commit: src/tests/bin/sh
Indexes:

Home | Main Index | Thread Index | Old Index