Pullup ticket #6076 - requested by taca
lang/php73: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.270,1.272
- lang/php73/Makefile 1.6
- lang/php73/Makefile.php 1.2
- lang/php73/distinfo 1.12-1.13
---
Module Name: pkgsrc
Committed By: taca
Date: Wed Oct 2 14:08:05 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: Makefile Makefile.php distinfo
Log Message:
lang/php73: update to 7.3.10
Update lang/php73 to 7.3.10.
pkgsrc changes
* Clean two pkglint's warnings.
26 Sep 2019, PHP 7.3.10
- Core:
. Fixed bug #78220 (Can't access OneDrive folder). (cmb, ab)
. Fixed bug #77922 (Double release of doc comment on inherited shadow
property). (Nikita)
. Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
(cmb)
. Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc).
(cmb, Nikita)
- FastCGI:
. Fixed bug #78469 (FastCGI on_accept hook is not called when using named
pipes on Windows). (Sergei Turchanov)
- FPM:
. Fixed bug #78334 (fpm log prefix message includes wrong stdout/stderr
notation). (Tsuyoshi Sadakata)
- Intl:
. Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8()
when requested. (Sara)
- MBString:
. Fixed bug #78559 (Heap buffer overflow in mb_eregi). (cmb)
- MySQLnd:
. Fixed connect_attr issues and added the _server_host connection attribute.
(Qianqian Bu)
- ODBC:
. Fixed bug #78473 (odbc_close() closes arbitrary resources). (cmb)
- PDO_MySQL:
. Fixed bug #41997 (SP call yields additional empty result set). (cmb)
- sodium:
. Fixed bug #78510 (Partially uninitialized buffer returned by
sodium_crypto_generichash_init()). (Frank Denis, cmb)
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Oct 25 02:57:04 UTC 2019
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php73: distinfo
Log Message:
lang/php73: update to 7.3.11
Update php73 to 7.3.11.
24 Oct 2019, PHP 7.3.11
- Core:
. Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
(bugreportuser)
. Fixed bug #78620 (Out of memory error). (cmb, Nikita)
- Exif :
. Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7)
(Kalle)
- FPM:
. Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE).
(CVE-2019-11043) (Jakub Zelenka)
. Fixed bug #78413 (request_terminate_timeout does not take effect after
fastcgi_finish_request). (Sergei Turchanov)
- MBString:
. Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi). (cmb)
. Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
(cmb)
. Fixed bug #78609 (mb_check_encoding() no longer supports stringable
objects). (cmb)
- MySQLi:
. Fixed bug #76809 (SSL settings aren't respected when persistent connections
are used). (fabiomsouto)
- Mysqlnd:
. Fixed bug #78525 (Memory leak in pdo when reusing native prepared
statements). (Nikita)
- PCRE:
. Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze
child process). (Nikita)
- PDO_MySQL:
. Fixed bug #78623 (Regression caused by "SP call yields additional empty
result set"). (cmb)
- Session:
. Fixed bug #78624 (session_gc return value for user defined session
handlers). (bshaffer)
- Standard:
. Fixed bug #76342 (file_get_contents waits twice specified timeout).
(Thomas Calvet)
. Fixed bug #78612 (strtr leaks memory when integer keys are used and the
subject string shorter). (Nikita)
. Fixed bug #76859 (stream_get_line skips data if used with data-generating
filter). (kkopachev)
- Zip:
. Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)
(bsiegert)
diff -r1.268.2.1 -r1.268.2.2 pkgsrc/lang/php/phpversion.mk| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: phpversion.mk,v 1.268.2.1 2019/10/25 11:10:20 bsiegert Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.268.2.2 2019/10/25 11:59:44 bsiegert Exp $ | |
| 2 | # | 2 | # | |
| 3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
| 4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
| 5 | # package. | 5 | # package. | |
| 6 | # | 6 | # | |
| 7 | # === User-settable variables === | 7 | # === User-settable variables === | |
| 8 | # | 8 | # | |
| 9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
| 10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
| 11 | # the package. | 11 | # the package. | |
| 12 | # | 12 | # | |
| 13 | # Possible: 56 71 72 73 | 13 | # Possible: 56 71 72 73 | |
| 14 | # Default: 71 | 14 | # Default: 71 | |
| @@ -80,27 +80,27 @@ | @@ -80,27 +80,27 @@ | |||
| 80 | # | 80 | # | |
| 81 | # Example: lib/php/20140828 | 81 | # Example: lib/php/20140828 | |
| 82 | # | 82 | # | |
| 83 | # Keywords: php | 83 | # Keywords: php | |
| 84 | # | 84 | # | |
| 85 | 85 | |||
| 86 | .if !defined(PHPVERSION_MK) | 86 | .if !defined(PHPVERSION_MK) | |
| 87 | PHPVERSION_MK= defined | 87 | PHPVERSION_MK= defined | |
| 88 | 88 | |||
| 89 | # Define each PHP's version. | 89 | # Define each PHP's version. | |
| 90 | PHP56_VERSION= 5.6.40 | 90 | PHP56_VERSION= 5.6.40 | |
| 91 | PHP71_VERSION= 7.1.32 | 91 | PHP71_VERSION= 7.1.32 | |
| 92 | PHP72_VERSION= 7.2.24 | 92 | PHP72_VERSION= 7.2.24 | |
| 93 | PHP73_VERSION= 7.3.9 | 93 | PHP73_VERSION= 7.3.11 | |
| 94 | 94 | |||
| 95 | # Define initial release of major version. | 95 | # Define initial release of major version. | |
| 96 | PHP56_RELDATE= 20140828 | 96 | PHP56_RELDATE= 20140828 | |
| 97 | PHP71_RELDATE= 20160303 | 97 | PHP71_RELDATE= 20160303 | |
| 98 | PHP72_RELDATE= 20170718 | 98 | PHP72_RELDATE= 20170718 | |
| 99 | PHP73_RELDATE= 20181200 | 99 | PHP73_RELDATE= 20181200 | |
| 100 | 100 | |||
| 101 | _VARGROUPS+= php | 101 | _VARGROUPS+= php | |
| 102 | _USER_VARS.php= PHP_VERSION_DEFAULT | 102 | _USER_VARS.php= PHP_VERSION_DEFAULT | |
| 103 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | 103 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | |
| 104 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | 104 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | |
| 105 | PKG_PHP_MAJOR_VERS | 105 | PKG_PHP_MAJOR_VERS | |
| 106 | 106 |
| @@ -1,21 +1,20 @@ | @@ -1,21 +1,20 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.5 2019/07/03 07:30:50 nia Exp $ | 1 | # $NetBSD: Makefile,v 1.5.2.1 2019/10/25 11:59:44 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | # | 3 | # | |
| 4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | 4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | |
| 5 | # | 5 | # | |
| 6 | PKGNAME= php-${PHP_VERSION:S/RC/rc/} | 6 | PKGNAME= php-${PHP_VERSION:S/RC/rc/} | |
| 7 | 7 | |||
| 8 | HOMEPAGE= https://www.php.net/ | |||
| 9 | COMMENT= PHP Hypertext Preprocessor version 7.3 | 8 | COMMENT= PHP Hypertext Preprocessor version 7.3 | |
| 10 | LICENSE= php | 9 | LICENSE= php | |
| 11 | 10 | |||
| 12 | TEST_TARGET= test | 11 | TEST_TARGET= test | |
| 13 | 12 | |||
| 14 | USE_TOOLS+= gmake lex pkg-config | 13 | USE_TOOLS+= gmake lex pkg-config | |
| 15 | LIBTOOL_OVERRIDE= # empty | 14 | LIBTOOL_OVERRIDE= # empty | |
| 16 | PHP_CHECK_INSTALLED= No | 15 | PHP_CHECK_INSTALLED= No | |
| 17 | 16 | |||
| 18 | PHP_VERSIONS_ACCEPTED= 73 | 17 | PHP_VERSIONS_ACCEPTED= 73 | |
| 19 | 18 | |||
| 20 | .include "Makefile.php" | 19 | .include "Makefile.php" | |
| 21 | 20 |
| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: Makefile.php,v 1.1 2018/12/15 17:12:44 taca Exp $ | 1 | # $NetBSD: Makefile.php,v 1.1.8.1 2019/10/25 11:59:44 bsiegert Exp $ | |
| 2 | # used by lang/php73/Makefile | 2 | # used by lang/php73/Makefile | |
| 3 | # used by www/ap-php/Makefile | 3 | # used by www/ap-php/Makefile | |
| 4 | # used by www/php-fpm/Makefile | 4 | # used by www/php-fpm/Makefile | |
| 5 | 5 | |||
| 6 | # segfaults when buidling with many compilers | 6 | # segfaults when buidling with many compilers | |
| 7 | # https://bugs.php.net/bug.php?id=74527 | 7 | # https://bugs.php.net/bug.php?id=74527 | |
| 8 | # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86236 | 8 | # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86236 | |
| 9 | .if ${MACHINE_ARCH} == "i386" | 9 | .if ${MACHINE_ARCH} == "i386" | |
| 10 | CONFIGURE_ARGS+= --disable-gcc-global-regs | 10 | CONFIGURE_ARGS+= --disable-gcc-global-regs | |
| 11 | .endif | 11 | .endif | |
| 12 | 12 | |||
| 13 | # the binary actually needs full dep on PCRE | 13 | # the binary actually needs full dep on PCRE | |
| 14 | BUILDLINK_DEPMETHOD.pcre2= full | 14 | BUILDLINK_DEPMETHOD.pcre2= full | |
| @@ -76,27 +76,26 @@ CONFIGURE_ARGS+= --with-openssl=yes | @@ -76,27 +76,26 @@ CONFIGURE_ARGS+= --with-openssl=yes | |||
| 76 | LIBS.SunOS+= -lcrypto | 76 | LIBS.SunOS+= -lcrypto | |
| 77 | . else | 77 | . else | |
| 78 | CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl} | 78 | CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl} | |
| 79 | . endif | 79 | . endif | |
| 80 | .else | 80 | .else | |
| 81 | CONFIGURE_ARGS+= --without-openssl | 81 | CONFIGURE_ARGS+= --without-openssl | |
| 82 | .endif | 82 | .endif | |
| 83 | 83 | |||
| 84 | .if !empty(PKG_OPTIONS:Mmaintainer-zts) | 84 | .if !empty(PKG_OPTIONS:Mmaintainer-zts) | |
| 85 | CONFIGURE_ARGS+= --enable-maintainer-zts | 85 | CONFIGURE_ARGS+= --enable-maintainer-zts | |
| 86 | .endif | 86 | .endif | |
| 87 | 87 | |||
| 88 | .if !empty(PKG_OPTIONS:Mreadline) | 88 | .if !empty(PKG_OPTIONS:Mreadline) | |
| 89 | USE_GNU_READLINE= yes | |||
| 90 | .include "../../devel/readline/buildlink3.mk" | 89 | .include "../../devel/readline/buildlink3.mk" | |
| 91 | CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} | 90 | CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} | |
| 92 | .else | 91 | .else | |
| 93 | CONFIGURE_ARGS+= --without-readline | 92 | CONFIGURE_ARGS+= --without-readline | |
| 94 | .endif | 93 | .endif | |
| 95 | 94 | |||
| 96 | .if !empty(PKG_OPTIONS:Mdtrace) | 95 | .if !empty(PKG_OPTIONS:Mdtrace) | |
| 97 | PLIST.dtrace= yes | 96 | PLIST.dtrace= yes | |
| 98 | CONFIGURE_ARGS+= --enable-dtrace | 97 | CONFIGURE_ARGS+= --enable-dtrace | |
| 99 | 98 | |||
| 100 | # See https://bugs.php.net/bug.php?id=61268 | 99 | # See https://bugs.php.net/bug.php?id=61268 | |
| 101 | INSTALL_MAKE_FLAGS+= -r | 100 | INSTALL_MAKE_FLAGS+= -r | |
| 102 | .endif | 101 | .endif |
| @@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
| 1 | $NetBSD: distinfo,v 1.11 2019/09/01 13:03:17 taca Exp $ | 1 | $NetBSD: distinfo,v 1.11.2.1 2019/10/25 11:59:44 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (php-7.3.9.tar.bz2) = d8d75fee3bed961f26e1beb8144ebb064fdc2ca4 | 3 | SHA1 (php-7.3.11.tar.bz2) = 01f6747706b6c33983e558acb733c87d3a39b557 | |
| 4 | RMD160 (php-7.3.9.tar.bz2) = 1dff6e84af9cad3d505aee87e562416f57b26d55 | 4 | RMD160 (php-7.3.11.tar.bz2) = a48e8604393b96b98b3bcb673768d2bf21d7b0ec | |
| 5 | SHA512 (php-7.3.9.tar.bz2) = a46beb28a91f7ee99f37215ddf5f65ab1743373ba98a703ed45615625ee6b4cbda1be8495901da54089f7cb285a6ac21773a29d32871e0a9540c43b57ea41b97 | 5 | SHA512 (php-7.3.11.tar.bz2) = 287d79953148fef5194502f0895faf7482202200e79366e65e0569dfb38efd9bb180555b9f31f180e5c0c679254396d00bb924f895cd5641868838319956b679 | |
| 6 | Size (php-7.3.9.tar.bz2) = 14947152 bytes | 6 | Size (php-7.3.11.tar.bz2) = 14988439 bytes | |
| 7 | SHA1 (patch-configure) = 08b80528ba90c705398e8841c232382663479a3b | 7 | SHA1 (patch-configure) = 08b80528ba90c705398e8841c232382663479a3b | |
| 8 | SHA1 (patch-disable-filter-url) = d7e450380b584e01e2f01e9c91c864d01991cdbf | 8 | SHA1 (patch-disable-filter-url) = d7e450380b584e01e2f01e9c91c864d01991cdbf | |
| 9 | SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335 | 9 | SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335 | |
| 10 | SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426 | 10 | SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426 | |
| 11 | SHA1 (patch-ext_phar_phar_phar.php) = f630e3946b21b76d4fe857a43e00e25c9445f2c8 | 11 | SHA1 (patch-ext_phar_phar_phar.php) = f630e3946b21b76d4fe857a43e00e25c9445f2c8 | |
| 12 | SHA1 (patch-ext_recode_recode.c) = 639bf762302c7a30c88d3f3fa862494e0f847bdb | 12 | SHA1 (patch-ext_recode_recode.c) = 639bf762302c7a30c88d3f3fa862494e0f847bdb | |
| 13 | SHA1 (patch-ext_tidy_config.m4) = 4d6b4bf71c606fdb244937dc8a92b49e268060e6 | 13 | SHA1 (patch-ext_tidy_config.m4) = 4d6b4bf71c606fdb244937dc8a92b49e268060e6 | |
| 14 | SHA1 (patch-ext_xsl_php__xsl.h) = a9877bff7bacc77926a4541a0ac171c00ad1a627 | 14 | SHA1 (patch-ext_xsl_php__xsl.h) = a9877bff7bacc77926a4541a0ac171c00ad1a627 | |
| 15 | SHA1 (patch-php.ini-development) = 0150deec620db99272d10bc01585a503b2fc4b86 | 15 | SHA1 (patch-php.ini-development) = 0150deec620db99272d10bc01585a503b2fc4b86 | |
| 16 | SHA1 (patch-php.ini-production) = 8c3451ff6253c9cd0dbf342761231c8fe54fdc52 | 16 | SHA1 (patch-php.ini-production) = 8c3451ff6253c9cd0dbf342761231c8fe54fdc52 | |
| 17 | SHA1 (patch-run-tests.php) = 278cd99b3c5f3d2131eef564e18eb2ee9924db5a | 17 | SHA1 (patch-run-tests.php) = 278cd99b3c5f3d2131eef564e18eb2ee9924db5a | |
| 18 | SHA1 (patch-sapi_cgi_Makefile.frag) = 18769900f588ff81cc34474542afa1d65c070e65 | 18 | SHA1 (patch-sapi_cgi_Makefile.frag) = 18769900f588ff81cc34474542afa1d65c070e65 | |
| 19 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 | 19 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 |