CVS commit: [pkgsrc-2025Q2] pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2025Q2] pkgsrc/lang
From: "Maya Rashish" <maya%netbsd.org@localhost>
Date: Fri, 4 Jul 2025 15:25:33 +0000

Module Name:    pkgsrc
Committed By:   maya
Date:           Fri Jul  4 15:25:33 UTC 2025

Modified Files:
        pkgsrc/lang/php [pkgsrc-2025Q2]: phpversion.mk
        pkgsrc/lang/php84 [pkgsrc-2025Q2]: Makefile distinfo

Log Message:
Pullup ticket #6979 - requested by taca
lang/php84: Security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.467
- lang/php84/Makefile                                           1.7
- lang/php84/distinfo                                           1.9

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri Jul  4 01:21:45 UTC 2025

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php84: Makefile distinfo

   Log Message:
   lang/php84: update to 8.4.10

   PHP 8.4.9 was skipped since it tagged without including security patches.

   PHP 8.4.10 (2025-07-03)

   - BcMath:
     . Fixed bug GH-18641 (Accessing a BcMath\Number property by ref crashes).
       (nielsdos)

   - Core:
     . Fixed bugs GH-17711 and GH-18022 (Infinite recursion on deprecated attribute
       evaluation) and GH-18464 (Recursion protection for deprecation constants not
       released on bailout). (DanielEScherzer and ilutov)
     . Fixed GH-18695 (zend_ast_export() - float number is not preserved).
       (Oleg Efimov)
     . Fix handling of references in zval_try_get_long(). (nielsdos)
     . Do not delete main chunk in zend_gc. (danog, Arnaud)
     . Fix compile issues with zend_alloc and some non-default options. (nielsdos)

   - Curl:
     . Fix memory leak when setting a list via curl_setopt fails. (nielsdos)

   - Date:
     . Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos)

   - DOM:
     . Fixed bug GH-18744 (classList works not correctly if copy HTMLElement by
       clone keyword). (nielsdos)

   - FPM:
     . Fixed GH-18662 (fpm_get_status segfault). (txuna)

   - Hash:
     . Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos)

   - Intl:
     . Fix memory leak in intl_datetime_decompose() on failure. (nielsdos)
     . Fix memory leak in locale lookup on failure. (nielsdos)

   - Opcache:
     . Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22).
       (nielsdos, Arnaud)

   - ODBC:
     . Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos)

   - OpenSSL:
     . Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure.
       (nielsdos)
     . Fixed bug #74796 (Requests through http proxy set peer name).
       (Jakub Zelenka)

   - PGSQL:
     . Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during
       escaping). (CVE-2025-1735) (Jakub Zelenka)

   - PDO ODBC:
     . Fix memory leak if WideCharToMultiByte() fails. (nielsdos)

   - PDO Sqlite:
     . Fixed memory leak with Pdo_Sqlite::createCollation when the callback
       has an incorrect return type. (David Carlier)

   - Phar:
     . Add missing filter cleanups on phar failure. (nielsdos)
     . Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos)

   - PHPDBG:
     . Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos)

   - PGSQL:
     . Fix warning not being emitted when failure to cancel a query with
       pg_cancel_query(). (Girgias)

   - Random:
     . Fix reference type confusion and leak in user random engine.
       (nielsdos, timwolla)

   - Readline:
     . Fix memory leak when calloc() fails in php_readline_completion_cb().
       (nielsdos)

   - SimpleXML:
     . Fixed bug GH-18597 (Heap-buffer-overflow in zend_alloc.c when assigning
       string with UTF-8 bytes). (nielsdos)

   - SOAP:
     . Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos)
     . Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension
       via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos)

   - Standard:
     . Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames).
       (CVE-2025-1220) (Jakub Zelenka)

   - Tidy:
     . Fix memory leak in tidy output handler on error. (nielsdos)
     . Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier)


To generate a diff of this commit:
cvs rdiff -u -r1.466.2.3 -r1.466.2.4 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/lang/php84/Makefile
cvs rdiff -u -r1.8 -r1.8.2.1 pkgsrc/lang/php84/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.466.2.3 pkgsrc/lang/php/phpversion.mk:1.466.2.4
--- pkgsrc/lang/php/phpversion.mk:1.466.2.3     Fri Jul  4 14:43:38 2025
+++ pkgsrc/lang/php/phpversion.mk       Fri Jul  4 15:25:33 2025
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.466.2.3 2025/07/04 14:43:38 maya Exp $
+# $NetBSD: phpversion.mk,v 1.466.2.4 2025/07/04 15:25:33 maya Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -113,7 +113,7 @@ PHP74_VERSION=      7.4.33
 PHP81_VERSION= 8.1.33
 PHP82_VERSION= 8.2.29
 PHP83_VERSION= 8.3.23
-PHP84_VERSION= 8.4.8
+PHP84_VERSION= 8.4.10
 
 _VARGROUPS+=   php
 _USER_VARS.php=        PHP_VERSION_DEFAULT

Index: pkgsrc/lang/php84/Makefile
diff -u pkgsrc/lang/php84/Makefile:1.6 pkgsrc/lang/php84/Makefile:1.6.2.1
--- pkgsrc/lang/php84/Makefile:1.6      Wed Jun 11 14:58:27 2025
+++ pkgsrc/lang/php84/Makefile  Fri Jul  4 15:25:33 2025
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.6 2025/06/11 14:58:27 taca Exp $
+# $NetBSD: Makefile,v 1.6.2.1 2025/07/04 15:25:33 maya Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=               ${PHP_PKG_PREFIX}-${PHP_VERSION}
-PKGREVISION=           1
 CATEGORIES=            lang
 
 COMMENT=               PHP Hypertext Preprocessor version 8.4

Index: pkgsrc/lang/php84/distinfo
diff -u pkgsrc/lang/php84/distinfo:1.8 pkgsrc/lang/php84/distinfo:1.8.2.1
--- pkgsrc/lang/php84/distinfo:1.8      Wed Jun 11 14:58:27 2025
+++ pkgsrc/lang/php84/distinfo  Fri Jul  4 15:25:33 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.8 2025/06/11 14:58:27 taca Exp $
+$NetBSD: distinfo,v 1.8.2.1 2025/07/04 15:25:33 maya Exp $
 
-BLAKE2s (php-8.4.8.tar.xz) = 8365674fd7b8e54b9fa46b4dbf6e22a8424e3cb0ed77ce006b510bcd692d824d
-SHA512 (php-8.4.8.tar.xz) = 1a762f51c4679ffec5565458359bf41eaba6e94edb8af4e74ef30b7cf1c4d641cd36a1d91f6538c0e2be8e955326b60e5a5ecd0d85e66842fbc3c2c2ee999b73
-Size (php-8.4.8.tar.xz) = 13619152 bytes
+BLAKE2s (php-8.4.10.tar.xz) = 4e153f9087e61aa35f10329a16f9b9d044e697f1b3745ddec8dfcea129c8b17c
+SHA512 (php-8.4.10.tar.xz) = 05d2d50ac6ab6bc93c4f460c53e7920395d95c077c3a72c40cb3a0fbb5185b294d9b22acc26f44e99c74dfbe3582be21a2a8a1af25408c4d9fa81ce984177fe2
+Size (php-8.4.10.tar.xz) = 13625264 bytes
 SHA1 (patch-build_Makefile.global) = da9577733497d026315b4702cb19d673053148ed
 SHA1 (patch-build_php.m4) = bb72e38ab391ad587962940ba85e8d4de8633dca
 SHA1 (patch-configure.ac) = 2bdd1d2b1def552032dba5fbeb6140922b72c880

Prev by Date: CVS commit: pkgsrc/databases/sqlite3-diff
Next by Date: CVS commit: pkgsrc/math
Previous by Thread: CVS commit: pkgsrc/databases/sqlite3-diff
Next by Thread: CVS commit: pkgsrc/math
Indexes:

Home | Main Index | Thread Index | Old Index