pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2016Q3]: pkgsrc/lang Pullup ticket #5139 - requested by taca



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6907aa2467de
branches:  pkgsrc-2016Q3
changeset: 408793:6907aa2467de
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Fri Oct 21 18:44:42 2016 +0000

description:
Pullup ticket #5139 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.160
- lang/php70/distinfo                                           1.20
- lang/php70/patches/patch-ext_pcre_pcrelib_config.h            1.3

---
   Module Name: pkgsrc
   Committed By:        jdolecek
   Date:                Fri Oct 14 15:06:21 UTC 2016

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php70: distinfo
        pkgsrc/lang/php70/patches: patch-ext_pcre_pcrelib_config.h

   Log Message:
   Update php70 to 7.0.12

   Changes:

   Core:
     Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
     Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
     Fixed bug #73058 (crypt broken when salt is 'too' long).
     Fixed bug #69579 (Invalid free in extension trait).
     Fixed bug #73156 (segfault on undefined function).
     Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value).
     Fixed bug #73172 (parse error: Invalid numeric literal).
     Fixed for #73240 (Write out of bounds at number_format).
     Fixed bug #73147 (Use After Free in PHP7 unserialize()).
     Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
   BCmath:
     Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
   COM:
     Fixed bug #73126 (Cannot pass parameter 1 by reference).
   Date:
     Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation).
   DOM:
     Fixed bug #73150 (missing NULL check in dom_document_save_html).
   Filter:
     Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
     Fixed bug #73054 (default option ignored when object passed to int filter).
   GD:
     Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
     Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
     Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
     Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
     Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
     Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
     Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
     Fixed bug #73161 (imagecreatefromgd2() may leak memory).
   Intl:
     Fixed bug #73218 (add mitigation for ICU int overflow).
   Mbstring:
     Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
     Fixed bug #66964 (mb_convert_variables() cannot detect recursion).
     Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
   Mysqlnd:
     Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data).
   Opcache:
     Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
   OpenSSL:
     Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
     Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
     Fixed bug #73275 (crash in openssl_encrypt function).
   PCRE:
     Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).
     Fixed bug #73174 (heap overflow in php_pcre_replace_impl).
   PDO_DBlib:
     Fixed bug #72414 (Never quote values as raw binary data).
     Allow \PDO::setAttribute() to set query timeouts.
     Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
     Add common PDO test suite.
     Free error and message strings when cleaning up PDO instances.
     Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).
     Ignore potentially misleading dberr values.
   phpdbg:
     Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD).
     Fixed next command not stopping when leaving function.
   Session:
     Fixed bug #68015 (Session does not report invalid uid for files save handler).
     Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
   SimpleXML:
     Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
   SOAP:
     Fixed bug #71711 (Soap Server Member variables reference bug).
     Fixed bug #71996 (Using references in arrays doesn't work like expected).
   SPL:
     Fixed bug #73257, Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key).
   SQLite3:
     Updated bundled SQLite3 to 3.14.2.
   Zip:
     Fixed bug #70752 (Depacking with wrong password leaves 0 length files).

diffstat:

 lang/php/phpversion.mk                             |   4 ++--
 lang/php70/distinfo                                |  12 ++++++------
 lang/php70/patches/patch-ext_pcre_pcrelib_config.h |  11 ++++++-----
 3 files changed, 14 insertions(+), 13 deletions(-)

diffs (72 lines):

diff -r edd0f9df7415 -r 6907aa2467de lang/php/phpversion.mk
--- a/lang/php/phpversion.mk    Fri Oct 21 18:40:41 2016 +0000
+++ b/lang/php/phpversion.mk    Fri Oct 21 18:44:42 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.158.2.1 2016/10/21 18:40:41 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.158.2.2 2016/10/21 18:44:42 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -88,7 +88,7 @@
 
 # Define each PHP's version.
 PHP56_VERSION= 5.6.26
-PHP70_VERSION= 7.0.11
+PHP70_VERSION= 7.0.12
 PHP71_VERSION= 7.1.0RC3
 
 # Define initial release of major version.
diff -r edd0f9df7415 -r 6907aa2467de lang/php70/distinfo
--- a/lang/php70/distinfo       Fri Oct 21 18:40:41 2016 +0000
+++ b/lang/php70/distinfo       Fri Oct 21 18:44:42 2016 +0000
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.19 2016/09/16 16:10:29 taca Exp $
+$NetBSD: distinfo,v 1.19.2.1 2016/10/21 18:44:42 bsiegert Exp $
 
-SHA1 (php-7.0.11.tar.bz2) = ece2cad60ff621e38e39f9a8fa998716274c7a45
-RMD160 (php-7.0.11.tar.bz2) = 2ea9bf6e83c31730cbe2a6b2c4ce5b6ac1717969
-SHA512 (php-7.0.11.tar.bz2) = ea3a7b49ffe1e6be25d7388045fe80d776b02ad5c0b332980a0b994fe6e650a08ced1e403ca927ea9a186c19f83e73c17cc451801e40e9a018f289dc2945d66b
-Size (php-7.0.11.tar.bz2) = 14834943 bytes
+SHA1 (php-7.0.12.tar.bz2) = 0c83f578344c329df9778dc040175631a43ded79
+RMD160 (php-7.0.12.tar.bz2) = 27bcfc09296eb5e2e76f31952afa43e2ff20ae7c
+SHA512 (php-7.0.12.tar.bz2) = 87ced1c0fe1dc7668a2e72de499182724110a7a24818650a08e622f4a24c711247d99478ac073db296cb98548680b27d384475bb3d53517c8e253148e1803a4f
+Size (php-7.0.12.tar.bz2) = 15227851 bytes
 SHA1 (patch-acinclude.m4) = b682280fd89950c082c2226bdb7364b0dc475bad
 SHA1 (patch-configure) = a129e19ef87338f6e53ccc967c40ddcde7c7357c
 SHA1 (patch-ext_gd_config.m4) = bde93678626592cdcee619189bfc6532d0913a76
 SHA1 (patch-ext_imap_config.m4) = f4e10ab81697b72019313f63bc630627a08efd92
-SHA1 (patch-ext_pcre_pcrelib_config.h) = 0cb05c3b3bfafd8119cf43162c0f4db7f5b37ba8
+SHA1 (patch-ext_pcre_pcrelib_config.h) = c5fba95856628f68639fe63feeef04a5f83d3916
 SHA1 (patch-ext_pdo__mysql_config.m4) = b1ef91be5a729040197e9af50da0f5fd1f6c90a8
 SHA1 (patch-ext_pdo_config.m4) = 522281775cc0e70a135b1f813158988ef1f3e244
 SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426
diff -r edd0f9df7415 -r 6907aa2467de lang/php70/patches/patch-ext_pcre_pcrelib_config.h
--- a/lang/php70/patches/patch-ext_pcre_pcrelib_config.h        Fri Oct 21 18:40:41 2016 +0000
+++ b/lang/php70/patches/patch-ext_pcre_pcrelib_config.h        Fri Oct 21 18:44:42 2016 +0000
@@ -1,11 +1,11 @@
 $NetBSD$
 
---- ext/pcre/pcrelib/config.h.orig     2016-02-02 16:32:32.000000000 +0000
+--- ext/pcre/pcrelib/config.h.orig     2016-09-29 02:15:39.000000000 +0000
 +++ ext/pcre/pcrelib/config.h
-@@ -397,7 +397,20 @@ them both to 0; an emulation function wi
- #undef SUPPORT_GCOV
+@@ -400,8 +400,21 @@ them both to 0; an emulation function wi
  
  /* Define to any value to enable support for Just-In-Time compiling. */
+ #if HAVE_PCRE_JIT_SUPPORT
 -#define SUPPORT_JIT
 +#if defined(__i386__) || defined(__i386) \
 +|| defined(__x86_64__) \
@@ -19,8 +19,9 @@
 +|| defined(__mips64) \
 +|| defined(__sparc__) || defined(__sparc) \
 +|| defined(__tilegx__)
-+ #define SUPPORT_JIT
-+#endif
++  #define SUPPORT_JIT
+ #endif
++#endif /* HAVE_PCRE_JIT_SUPPORT */
  
  /* Define to any value to allow pcregrep to be linked with libbz2, so that it
     is able to handle .bz2 files. */



Home | Main Index | Thread Index | Old Index