pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang Update php70 to 7.0.8 (PHP 7.0.8), including secu...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7f88b12df535
branches:  trunk
changeset: 349031:7f88b12df535
user:      taca <taca%pkgsrc.org@localhost>
date:      Fri Jun 24 15:27:57 2016 +0000

description:
Update php70 to 7.0.8 (PHP 7.0.8), including security fixes.

pkgsrc change:
* remove confiugre from SUBST_FILES.path.
* Remove --with-regex=system and --without-mysql from CONFIGURE_ARGS.
* Add --without-mysqli to CONFIGURE_ARGS.

23 Jun 2016 PHP 7.0.8

- Core:
  . Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes).
    (Esminis at esminis dot lt)
  . Fixed bug #72221 (segfault, past-the-end access). (Lauri Kentt?)
  . Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
  . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
    json_utf8_to_utf16()). (Stas)
  . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
  . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)

- FPM:
  . Fixed bug #72308 (fastcgi_finish_request and logging environment
    variables). (Laruence)

- GD:
  . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
  . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
  . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
    heap overflow). (Pierre)
  . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)

- Intl:
  . Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)

- mbstring:
  . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)

- mcrypt:
   . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)

- PCRE:
  . Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe)

- PDO_pgsql:
  . Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
    (Laruence)
  . Fixed bug #72294 (Segmentation fault/invalid pointer in connection
    with pgsql_stmt_dtor). (Anatol)

- Phpdbg:
  . Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob)

- Postgres:
  . Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence)
  . Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol)

- SPL:
  . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
  . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
    unserialize). (Dmitry)

- Standard:
  . Fixed bug #72017 (range() with float step produces unexpected result).
    (Thomas Punt)
  . Fixed bug #72193 (dns_get_record returns array containing elements of
    type 'unknown'). (Laruence)
  . Fixed bug #72229 (Wrong reference when serialize/unserialize an object).
    (Laruence)
  . Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence)

- XML:
  . Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)

- XMLRPC:
  . Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
    (Joe, Laruence)

- WDDX:
  . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)

- Zip:
  . Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form).
    (Anatol)
  . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
    algorithm and unserialize). (Dmitry)

diffstat:

 lang/php/phpversion.mk  |   4 ++--
 lang/php70/Makefile     |   4 ++--
 lang/php70/Makefile.php |   6 ++----
 lang/php70/distinfo     |  10 +++++-----
 4 files changed, 11 insertions(+), 13 deletions(-)

diffs (74 lines):

diff -r 8c045a0277af -r 7f88b12df535 lang/php/phpversion.mk
--- a/lang/php/phpversion.mk    Fri Jun 24 15:25:20 2016 +0000
+++ b/lang/php/phpversion.mk    Fri Jun 24 15:27:57 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.140 2016/06/24 15:25:20 taca Exp $
+# $NetBSD: phpversion.mk,v 1.141 2016/06/24 15:27:57 taca Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -83,7 +83,7 @@
 # Define each PHP's version.
 PHP55_VERSION= 5.5.37
 PHP56_VERSION= 5.6.23
-PHP70_VERSION= 7.0.7
+PHP70_VERSION= 7.0.8
 
 # Define initial release of major version.
 PHP55_RELDATE= 20130620
diff -r 8c045a0277af -r 7f88b12df535 lang/php70/Makefile
--- a/lang/php70/Makefile       Fri Jun 24 15:25:20 2016 +0000
+++ b/lang/php70/Makefile       Fri Jun 24 15:27:57 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.3 2016/04/02 09:02:11 taca Exp $
+# $NetBSD: Makefile,v 1.4 2016/06/24 15:27:57 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
@@ -33,7 +33,7 @@
 SUBST_CLASSES+=                path
 SUBST_MESSAGE.path=    Fixing common paths.
 SUBST_STAGE.path=      pre-configure
-SUBST_FILES.path=      configure ext/phar/phar/phar.php
+SUBST_FILES.path=      ext/phar/phar/phar.php
 SUBST_FILES.path+=     php.ini-development php.ini-production run-tests.php
 SUBST_FILES.path+=     sapi/cgi/Makefile.frag
 SUBST_SED.path=                -e 's,@CGIDIR@,${CGIDIR},g'
diff -r 8c045a0277af -r 7f88b12df535 lang/php70/Makefile.php
--- a/lang/php70/Makefile.php   Fri Jun 24 15:25:20 2016 +0000
+++ b/lang/php70/Makefile.php   Fri Jun 24 15:27:57 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.1 2015/12/06 15:17:31 taca Exp $
+# $NetBSD: Makefile.php,v 1.2 2016/06/24 15:27:57 taca Exp $
 # used by lang/php70/Makefile
 # used by www/ap-php/Makefile
 # used by www/php-fpm/Makefile
@@ -23,9 +23,7 @@
 CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=       --localstatedir=${VARBASE}
 
-CONFIGURE_ARGS+=       --with-regex=system
-
-CONFIGURE_ARGS+=       --without-mysql
+CONFIGURE_ARGS+=       --without-mysqli
 CONFIGURE_ARGS+=       --without-iconv
 CONFIGURE_ARGS+=       --without-pear
 #CONFIGURE_ARGS+=      --without-intl
diff -r 8c045a0277af -r 7f88b12df535 lang/php70/distinfo
--- a/lang/php70/distinfo       Fri Jun 24 15:25:20 2016 +0000
+++ b/lang/php70/distinfo       Fri Jun 24 15:27:57 2016 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.13 2016/06/07 19:23:50 joerg Exp $
+$NetBSD: distinfo,v 1.14 2016/06/24 15:27:57 taca Exp $
 
-SHA1 (php-7.0.7.tar.bz2) = 7d1d718288e34edce686bd834de5313d199cebd3
-RMD160 (php-7.0.7.tar.bz2) = d894c6897095736b5a278ee5a91b9a4cd80b6bac
-SHA512 (php-7.0.7.tar.bz2) = e6d5ce0eb665aa9beb13f5a3e6fa074ff92ccdd5112c4f2a7dfb1220f55624f2284a0bcfec45b92572762905ab2ac7890e98803860378fdb06752e22f363dbcf
-Size (php-7.0.7.tar.bz2) = 14106181 bytes
+SHA1 (php-7.0.8.tar.bz2) = c21f1d28ca20d69887bd2c020f8c0219f28d8890
+RMD160 (php-7.0.8.tar.bz2) = abf20356587ee6a11a84b64ca46f36257df0c4b1
+SHA512 (php-7.0.8.tar.bz2) = a1a119ff95ad3902264dbc267753af0cf82b5dddbfcf09a8fc2bc519e16021cbf4bc7f2b33c4fec46d7be7bed8db315371ee11390a6055adf908a3b28a6a6921
+Size (php-7.0.8.tar.bz2) = 14105805 bytes
 SHA1 (patch-acinclude.m4) = b682280fd89950c082c2226bdb7364b0dc475bad
 SHA1 (patch-configure) = a129e19ef87338f6e53ccc967c40ddcde7c7357c
 SHA1 (patch-ext_gd_config.m4) = a7ec1bd0d876657d4b5e597b9aa1e97c2d2801e3
Home | Main Index | Thread Index | Old Index