Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=UPOD5Cn7; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=RacCWjL7 Received: by mail.netbsd.org (Postfix, from userid 605) id 0A3CB84D7C; Mon, 22 Apr 2024 12:49:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1713790151; bh=XSruKP7EBYjePwpSI+90nryOwwZ/7zpngx/dVgJiHIU=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=UPOD5Cn72MZFGIMFO8cgWYgR6DjWqH1ShPN9A8Zffkj0N1UL72JjNyH63FeFAHcN6 l6nTsgqrcEu8dq6d8Ussp3xpQTw4eQDhBapASvbibTLE++Af2rkA8Dkf75dT4Y5qi6 dCMKRs2Mq/D3jdlFS600nK92T4MrstuLcLJ8yGM4= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id EBD4084D7A for ; Mon, 22 Apr 2024 12:49:09 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id hyDU2ZLl7r-v for ; Mon, 22 Apr 2024 12:49:09 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id F260784D69 for ; Mon, 22 Apr 2024 12:49:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1713790149; bh=XSruKP7EBYjePwpSI+90nryOwwZ/7zpngx/dVgJiHIU=; h=Date:From:Subject:To:Reply-To; b=RacCWjL7tEC0v+iP8Yugy9+nKo+WZEMt4tZc27OvpzGx5To03CR4IW5eA5qSqSN35 TPSjMF3fEpKaznb/9ka8jlWOOr1VNTRZCUTEqo+oys9t165s4C80FWvZwgHtMZmgna fKGab5hXG3rlwRu1xdEh6WjEfFK8hLD+ZJ9996lU= Received: by cvs.NetBSD.org (Postfix, from userid 500) id DE30AFA2C; Mon, 22 Apr 2024 12:49:08 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_171379014820120" MIME-Version: 1.0 Date: Mon, 22 Apr 2024 12:49:08 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2024Q1] pkgsrc/lang To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20240422124908.DE30AFA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_171379014820120 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Mon Apr 22 12:49:08 UTC 2024 Modified Files: pkgsrc/lang/php [pkgsrc-2024Q1]: phpversion.mk pkgsrc/lang/php83 [pkgsrc-2024Q1]: distinfo pkgsrc/lang/php83/patches [pkgsrc-2024Q1]: patch-configure Log Message: Pullup ticket #6848 - requested by taca lang/php83: security fix Revisions pulled up: - lang/php/phpversion.mk 1.428 - lang/php83/distinfo 1.6 - lang/php83/patches/patch-configure 1.4 --- Module Name: pkgsrc Committed By: taca Date: Sat Apr 13 02:51:54 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php83: distinfo pkgsrc/lang/php83/patches: patch-configure Log Message: lang/php83: update to 8.3.5 This release includes security fixes. 11 Apr 2024, PHP 8.3.5 - Core: . Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud) . Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) . Fixed bug GH-13446 (Restore exception handler after it finishes). (ilutov) . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud) - DOM: . Add some missing ZPP checks. (nielsdos) . Fix potential memory leak in XPath evaluation results. (nielsdos) - FPM: . Fixed GH-11086 (FPM: config test runs twice in daemonised mode). (Jakub Zelenka) . Fix incorrect check in fpm_shm_free(). (nielsdos) - GD: . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) - Gettext: . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) - MySQLnd: . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi) . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) - Opcache: . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry) . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob) - Random: . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla) . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla) - Session: . Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos) - SPL: . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos) - Standard: . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos) . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()). (SakiTakamachi) . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76) . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) Fixed bug GHSA-fjp9-9hwx-59fq (mb_encode_mimeheader runs endlessly for some inputs). (CVE-2024-2757) (Alex Dowad) To generate a diff of this commit: cvs rdiff -u -r1.426.2.1 -r1.426.2.2 pkgsrc/lang/php/phpversion.mk cvs rdiff -u -r1.5 -r1.5.2.1 pkgsrc/lang/php83/distinfo cvs rdiff -u -r1.3 -r1.3.2.1 pkgsrc/lang/php83/patches/patch-configure Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_171379014820120 Content-Disposition: inline Content-Length: 3869 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/lang/php/phpversion.mk diff -u pkgsrc/lang/php/phpversion.mk:1.426.2.1 pkgsrc/lang/php/phpversion.mk:1.426.2.2 --- pkgsrc/lang/php/phpversion.mk:1.426.2.1 Mon Apr 22 12:36:39 2024 +++ pkgsrc/lang/php/phpversion.mk Mon Apr 22 12:49:08 2024 @@ -1,4 +1,4 @@ -# $NetBSD: phpversion.mk,v 1.426.2.1 2024/04/22 12:36:39 bsiegert Exp $ +# $NetBSD: phpversion.mk,v 1.426.2.2 2024/04/22 12:49:08 bsiegert Exp $ # # This file selects a PHP version, based on the user's preferences and # the installed packages. It does not add a dependency on the PHP Index: pkgsrc/lang/php83/distinfo diff -u pkgsrc/lang/php83/distinfo:1.5 pkgsrc/lang/php83/distinfo:1.5.2.1 --- pkgsrc/lang/php83/distinfo:1.5 Sun Mar 17 16:48:19 2024 +++ pkgsrc/lang/php83/distinfo Mon Apr 22 12:49:08 2024 @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.5 2024/03/17 16:48:19 taca Exp $ +$NetBSD: distinfo,v 1.5.2.1 2024/04/22 12:49:08 bsiegert Exp $ -BLAKE2s (php-8.3.4.tar.xz) = 4502a9122864f77bc8f05f46717796f637fee78b002c5c10b179a01a332bc9ea -SHA512 (php-8.3.4.tar.xz) = 7254421c57de6c8f9f84079212ead38b397e053ad2dc202bd4e0c9d63aa5d9884a6a856fb93fcdbc9e671051436814188439bc5de480979e53fdcb5488cdc321 -Size (php-8.3.4.tar.xz) = 12443980 bytes -SHA1 (patch-configure) = c6c1657a10caeca4f9c2abf5e66f8fa16e5feca1 +BLAKE2s (php-8.3.5.tar.xz) = cf85b04006f4ac04268c3cf86f57e0be5800813accf93e10ae36842b642bb49f +SHA512 (php-8.3.5.tar.xz) = 6ae60efe2e4df60bf217808cbd710fb3b71a4494de8ded8e0ae7ed9ad5f737fcb49acd004abcb2f7dfcc216108b39143e8094dc40096aefcce72a59b55d4c4bd +Size (php-8.3.5.tar.xz) = 12461308 bytes +SHA1 (patch-configure) = fdeb39ffcd2abd085c4cda6ced05de748b1a0a68 SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640 Index: pkgsrc/lang/php83/patches/patch-configure diff -u pkgsrc/lang/php83/patches/patch-configure:1.3 pkgsrc/lang/php83/patches/patch-configure:1.3.2.1 --- pkgsrc/lang/php83/patches/patch-configure:1.3 Sun Mar 17 16:48:19 2024 +++ pkgsrc/lang/php83/patches/patch-configure Mon Apr 22 12:49:08 2024 @@ -1,12 +1,12 @@ -$NetBSD: patch-configure,v 1.3 2024/03/17 16:48:19 taca Exp $ +$NetBSD: patch-configure,v 1.3.2.1 2024/04/22 12:49:08 bsiegert Exp $ * Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS. * Don't autodetect maintainer-zts. * Shell portability. ---- configure.orig 2024-03-12 23:42:26.000000000 +0000 +--- configure.orig 2024-04-09 21:35:09.000000000 +0000 +++ configure -@@ -3735,6 +3735,10 @@ EOF +@@ -4326,6 +4326,10 @@ EOF else break fi @@ -14,10 +14,10 @@ $NetBSD: patch-configure,v 1.3 2024/03/1 + \'PKG_CONFIG\=*) CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";; + \'PKG_CONFIG_LIBDIR\=*) CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";; + esac - $as_echo "$CURRENT_ARG \\" >>config.nice + printf "%s\n" "$CURRENT_ARG \\" >>config.nice CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG" done -@@ -7016,30 +7020,6 @@ EOF +@@ -7548,30 +7552,6 @@ EOF ;; esac @@ -42,18 +42,18 @@ $NetBSD: patch-configure,v 1.3 2024/03/1 - - fi - fi -- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 --$as_echo "yes" >&6; } +- { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-printf "%s\n" "yes" >&6; } - PHP_VAR_SUBST="$PHP_VAR_SUBST APXS" else -@@ -77760,7 +77740,7 @@ $as_echo "#define HAVE_TIDYBUFFIO_H 1" > +@@ -80460,7 +80440,7 @@ printf "%s\n" "#define HAVE_TIDYBUFFIO_H fi TIDY_LIBDIR=$TIDY_DIR/$PHP_LIBDIR - if test "$TIDY_LIB_NAME" == 'tidyp'; then + if test "$TIDY_LIB_NAME" = 'tidyp'; then - $as_echo "#define HAVE_TIDYP_H 1" >>confdefs.h + printf "%s\n" "#define HAVE_TIDYP_H 1" >>confdefs.h --_----------=_171379014820120--