Pullup ticket #5068 - requested by taca lang/php70: security update lang/php: subsequent adjustment Revisions pulled up: - lang/php/phpversion.mk 1.144 - lang/php70/distinfo 1.15 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Sun Jul 24 02:20:16 UTC 2016 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php70: distinfo Log Message: Update php70 to 7.0.9 (PHP 7.0.9). 21 Jul 2016 PHP 7.0.9 - Core: . Fixed bug #72508 (strange references after recursive function call and "switch" statement). (Laruence) . Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (Stas) . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (Stas) - bz2: . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas) - CLI: . Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify router.php). (Laruence) - COM: . Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol) - Curl: . Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas) - Exif: . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas) . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (Stas) - GD: . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb) . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb) . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb) . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access). (Pierre) . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre) . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()). (Pierre) . Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow). (Pierre) . Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre) - Intl: . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas) - Mbstring: . Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access). (Laruence) . Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence) - mcrypt: . Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to heap overflow in mdecrypt_generic). (Stas) - PDO_pgsql: . Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders). (Matteo) - PCRE: . Fixed bug #72476 (Memleak in jit_stack). (Laruence) . Fixed bug #72463 (mail fails with invalid argument). (Anatol) - Readline: . Fixed bug #72538 (readline_redisplay crashes php). (Laruence) - Standard: . Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid) . Fixed bug #72306 (Heap overflow through proc_open and $env parameter). (Laruence) - Session: . Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence) . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (Stas) - SNMP: . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (Stas) - Streams: . Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault). (Laruence) - XMLRPC: . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (Stas) - Zip: . Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (Stas) To generate a diff of this commit: cvs rdiff -u -r1.143 -r1.144 pkgsrc/lang/php/phpversion.mk cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/php70/distinfodiff -r1.141.2.1 -r1.141.2.2 pkgsrc/lang/php/phpversion.mk
(spz)
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: phpversion.mk,v 1.141.2.1 2016/07/28 14:49:19 spz Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.141.2.2 2016/07/28 15:29:47 spz Exp $ | |
2 | # | 2 | # | |
3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
5 | # package. | 5 | # package. | |
6 | # | 6 | # | |
7 | # === User-settable variables === | 7 | # === User-settable variables === | |
8 | # | 8 | # | |
9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
11 | # the package. | 11 | # the package. | |
12 | # | 12 | # | |
13 | # Possible: 55 56 70 | 13 | # Possible: 55 56 70 | |
14 | # Default: 55 | 14 | # Default: 55 | |
@@ -73,27 +73,27 @@ | @@ -73,27 +73,27 @@ | |||
73 | # initial release of major version. | 73 | # initial release of major version. | |
74 | # | 74 | # | |
75 | # Example: lib/php/20090630 | 75 | # Example: lib/php/20090630 | |
76 | # | 76 | # | |
77 | # Keywords: php | 77 | # Keywords: php | |
78 | # | 78 | # | |
79 | 79 | |||
80 | .if !defined(PHPVERSION_MK) | 80 | .if !defined(PHPVERSION_MK) | |
81 | PHPVERSION_MK= defined | 81 | PHPVERSION_MK= defined | |
82 | 82 | |||
83 | # Define each PHP's version. | 83 | # Define each PHP's version. | |
84 | PHP55_VERSION= 5.5.38 | 84 | PHP55_VERSION= 5.5.38 | |
85 | PHP56_VERSION= 5.6.24 | 85 | PHP56_VERSION= 5.6.24 | |
86 | PHP70_VERSION= 7.0.8 | 86 | PHP70_VERSION= 7.0.9 | |
87 | 87 | |||
88 | # Define initial release of major version. | 88 | # Define initial release of major version. | |
89 | PHP55_RELDATE= 20130620 | 89 | PHP55_RELDATE= 20130620 | |
90 | PHP56_RELDATE= 20140828 | 90 | PHP56_RELDATE= 20140828 | |
91 | PHP70_RELDATE= 20151203 | 91 | PHP70_RELDATE= 20151203 | |
92 | 92 | |||
93 | _VARGROUPS+= php | 93 | _VARGROUPS+= php | |
94 | _USER_VARS.php= PHP_VERSION_DEFAULT | 94 | _USER_VARS.php= PHP_VERSION_DEFAULT | |
95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | 95 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | |
96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | 96 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | |
97 | PKG_PHP_MAJOR_VERS | 97 | PKG_PHP_MAJOR_VERS | |
98 | 98 | |||
99 | .include "../../mk/bsd.prefs.mk" | 99 | .include "../../mk/bsd.prefs.mk" |
@@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.14 2016/06/24 15:27:57 taca Exp $ | 1 | $NetBSD: distinfo,v 1.14.2.1 2016/07/28 15:29:47 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (php-7.0.8.tar.bz2) = c21f1d28ca20d69887bd2c020f8c0219f28d8890 | 3 | SHA1 (php-7.0.9.tar.bz2) = bc94c0c0d548ab4b89840994f9f3b468a3d89c4b | |
4 | RMD160 (php-7.0.8.tar.bz2) = abf20356587ee6a11a84b64ca46f36257df0c4b1 | 4 | RMD160 (php-7.0.9.tar.bz2) = d6771507506336da29f88ae59e5d93da4207bfdd | |
5 | SHA512 (php-7.0.8.tar.bz2) = a1a119ff95ad3902264dbc267753af0cf82b5dddbfcf09a8fc2bc519e16021cbf4bc7f2b33c4fec46d7be7bed8db315371ee11390a6055adf908a3b28a6a6921 | 5 | SHA512 (php-7.0.9.tar.bz2) = 730a59a2564a5564165d8f2ddb357658137e86915dcf05b1186de36763860ddb1b0b95297d3a45e50ae77a0a591ae918bad71331e5a5de8309b88e521115c8db | |
6 | Size (php-7.0.8.tar.bz2) = 14105805 bytes | 6 | Size (php-7.0.9.tar.bz2) = 14870061 bytes | |
7 | SHA1 (patch-acinclude.m4) = b682280fd89950c082c2226bdb7364b0dc475bad | 7 | SHA1 (patch-acinclude.m4) = b682280fd89950c082c2226bdb7364b0dc475bad | |
8 | SHA1 (patch-configure) = a129e19ef87338f6e53ccc967c40ddcde7c7357c | 8 | SHA1 (patch-configure) = a129e19ef87338f6e53ccc967c40ddcde7c7357c | |
9 | SHA1 (patch-ext_gd_config.m4) = a7ec1bd0d876657d4b5e597b9aa1e97c2d2801e3 | 9 | SHA1 (patch-ext_gd_config.m4) = a7ec1bd0d876657d4b5e597b9aa1e97c2d2801e3 | |
10 | SHA1 (patch-ext_imap_config.m4) = f4e10ab81697b72019313f63bc630627a08efd92 | 10 | SHA1 (patch-ext_imap_config.m4) = f4e10ab81697b72019313f63bc630627a08efd92 | |
11 | SHA1 (patch-ext_pcre_pcrelib_config.h) = 0cb05c3b3bfafd8119cf43162c0f4db7f5b37ba8 | 11 | SHA1 (patch-ext_pcre_pcrelib_config.h) = 0cb05c3b3bfafd8119cf43162c0f4db7f5b37ba8 | |
12 | SHA1 (patch-ext_pdo__mysql_config.m4) = b1ef91be5a729040197e9af50da0f5fd1f6c90a8 | 12 | SHA1 (patch-ext_pdo__mysql_config.m4) = b1ef91be5a729040197e9af50da0f5fd1f6c90a8 | |
13 | SHA1 (patch-ext_pdo_config.m4) = 522281775cc0e70a135b1f813158988ef1f3e244 | 13 | SHA1 (patch-ext_pdo_config.m4) = 522281775cc0e70a135b1f813158988ef1f3e244 | |
14 | SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426 | 14 | SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426 | |
15 | SHA1 (patch-ext_phar_phar_phar.php) = f630e3946b21b76d4fe857a43e00e25c9445f2c8 | 15 | SHA1 (patch-ext_phar_phar_phar.php) = f630e3946b21b76d4fe857a43e00e25c9445f2c8 | |
16 | SHA1 (patch-ext_sqlite3_libsqlite_sqlite3.c) = 8a529a1b3f7c97731f2e719d006f67c3a7259bb5 | 16 | SHA1 (patch-ext_sqlite3_libsqlite_sqlite3.c) = 8a529a1b3f7c97731f2e719d006f67c3a7259bb5 | |
17 | SHA1 (patch-ext_standard_basic__functions.c) = f97a2748c7b15fbd9a2d3c21e56079088cc05d56 | 17 | SHA1 (patch-ext_standard_basic__functions.c) = f97a2748c7b15fbd9a2d3c21e56079088cc05d56 | |
18 | SHA1 (patch-ext_standard_php__dns.h) = 3687ceac4dff4605263b53acb761b071f7446ccb | 18 | SHA1 (patch-ext_standard_php__dns.h) = 3687ceac4dff4605263b53acb761b071f7446ccb | |
19 | SHA1 (patch-makedist) = 2ac0e0391c031c4fcf4993e2269cde4c6bfddfd5 | 19 | SHA1 (patch-makedist) = 2ac0e0391c031c4fcf4993e2269cde4c6bfddfd5 |