Pullup ticket #6787 - requested by taca
lang/php82: security fix
Revisions pulled up:
- lang/php/phpversion.mk 1.402,1.405
- lang/php82/distinfo 1.9-1.11
- lang/php82/patches/patch-build_libtool.m4 deleted
- lang/php82/patches/patch-configure 1.9
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jul 7 12:49:17 UTC 2023
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php82: distinfo
pkgsrc/lang/php82/patches: patch-configure
Log Message:
lang/php82: update to 8.2.8
PHP 8.2.8 (2023-07-06)
- CLI:
. Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
(James Lucas)
- Core:
. Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili)
- Curl:
. Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
(nielsdos)
- Date:
. Fixed bug GH-11455 (Segmentation fault with custom object date properties).
(nielsdos)
- DOM:
. Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions
and segfaults with replaceWith). (nielsdos)
. Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty
attribute value). (nielsdos)
. Fix return value in stub file for DOMNodeList::item. (divinity76)
. Fix spec compliance error with '*' namespace for
DOMDocument::getElementsByTagNameNS. (nielsdos)
. Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
(nielsdos)
. Fixed bug GH-11347 (Memory leak when calling a static method inside an
xpath query). (nielsdos)
. Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile
namespaces). (nielsdos)
. Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node
with itself). (nielsdos)
. Fixed bug #77686 (Removed elements are still returned by getElementById).
(nielsdos)
. Fixed bug #70359 (print_r() on DOMAttr causes Segfault in
php_libxml_node_free_list()). (nielsdos)
. Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos)
. Fix lifetime issue with getAttributeNodeNS(). (nielsdos)
. Fix "invalid state error" with cloned namespace declarations. (nielsdos)
. Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation
issues). (nielsdos)
. Fixed bug #80332 (Completely broken array access functionality with
DOMNamedNodeMap). (nielsdos)
- Opcache:
. Fix allocation loop in zend_shared_alloc_startup(). (nielsdos)
. Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB)
. Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem
with opcache.file_cache_only=1 but it was never locked). (nielsdos)
- OpenSSL:
. Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in
subjectAltNames (James Lucas, Jakub Zelenka).
- PCRE:
. Fix preg_replace_callback_array() pattern validation. (ilutov)
- PGSQL:
. Fixed intermittent segfault with pg_trace. (David Carlier)
- Phar:
. Fix cross-compilation check in phar generation for FreeBSD. (peter279k)
- SPL:
. Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one
slash). (nielsdos)
- Standard:
. Fix access on NULL pointer in array_merge_recursive(). (ilutov)
. Fix exception handling in array_multisort(). (ilutov)
- SQLite3:
. Fixed bug GH-11451 (Invalid associative array containing duplicate
keys). (nielsdos)
---
Module Name: pkgsrc
Committed By: taca
Date: Sat Aug 5 08:45:39 UTC 2023
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php82: distinfo
Removed Files:
pkgsrc/lang/php82/patches: patch-build_libtool.m4
Log Message:
lang/php82: update to 8.2.9
03 Aug 2023, PHP 8.2.9
- Build:
. Fixed bug GH-11522 (PHP version check fails with '-' separator).
(SVGAnimate)
- CLI:
. Fix interrupted CLI output causing the process to exit. (nielsdos)
- Core:
. Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
(ilutov)
. Fixed line number of JMP instruction over else block. (ilutov)
. Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
. Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions). (ilutov)
. Fixed build for FreeBSD before the 11.0 releases. (David Carlier)
- Curl:
. Fix crash when an invalid callback function is passed to
CURLMOPT_PUSHFUNCTION. (nielsdos)
- Date:
. Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
. Fixed bug GH-11600 (Can't parse time strings which include (narrow)
non-breaking space characters). (Derick)
- DOM:
. Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with
DOMDocumentFragment but just deletes node or causes wrapping <></>
depending on libxml2 version). (nielsdos)
- Fileinfo:
. Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)
- FTP:
. Fix context option check for "overwrite". (JonasQuinten)
. Fixed bug GH-10562 (Memory leak and invalid state with consecutive
ftp_nb_fget). (nielsdos)
- GD:
. Fix most of the external libgd test failures. (Michael Orlitzky)
- Intl:
. Fix memory leak in MessageFormatter::format() on failure. (Girgias)
- Libxml:
. Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)
- MBString:
. Fix GH-11300 (license issue: restricted unicode license headers).
(nielsdos)
- Opcache:
. Fixed bug GH-10914 (OPCache with Enum and Callback functions results in
segmentation fault). (nielsdos)
. Prevent potential deadlock if accelerated globals cannot be allocated.
(nielsdos)
- PCNTL:
. Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
(nielsdos)
- PDO:
. Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true
and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer
filled). (SakiTakamachi)
- PDO SQLite:
. Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
(KapitanOczywisty, CViniciusSDias)
- Phar:
. Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
. Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
(CVE-2023-3824) (nielsdos)
- PHPDBG:
. Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr)
- Session:
. Removed broken url support for transferring session ID. (ilutov)
- Standard:
. Fix serialization of RC1 objects appearing in object graph twice. (ilutov)
- Streams:
. Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper
from itself). (ilutov)
- SQLite3:
. Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)
- XMLReader:
. Fix GH-11548 (Argument corruption when calling XMLReader::open or
XMLReader::XML non-statically with observer active). (Bob)
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Aug 6 04:05:06 UTC 2023
Modified Files:
pkgsrc/lang/php82: distinfo
Log Message:
lang/php82: fix distinfo
Fix distinfo. Maybe, I fetched pre-install version.
No DIST_SUBDIR update with expecting no one fetched pre-official distinfo
file.
(bsiegert)
diff -r1.401.2.2 -r1.401.2.3 pkgsrc/lang/php/phpversion.mk| @@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
| 1 | # $NetBSD: phpversion.mk,v 1.401.2.2 2023/08/15 18:42:53 bsiegert Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.401.2.3 2023/08/15 18:52:58 bsiegert Exp $ | |
| 2 | # | 2 | # | |
| 3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
| 4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
| 5 | # package. | 5 | # package. | |
| 6 | # | 6 | # | |
| 7 | # === User-settable variables === | 7 | # === User-settable variables === | |
| 8 | # | 8 | # | |
| 9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
| 10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
| 11 | # the package. | 11 | # the package. | |
| 12 | # | 12 | # | |
| 13 | # Possible: 56 74 80 81 82 | 13 | # Possible: 56 74 80 81 82 | |
| 14 | # Default: 74 | 14 | # Default: 74 | |
| @@ -81,27 +81,27 @@ | @@ -81,27 +81,27 @@ | |||
| 81 | # Example: lib/php/20181200 | 81 | # Example: lib/php/20181200 | |
| 82 | # | 82 | # | |
| 83 | # Keywords: php | 83 | # Keywords: php | |
| 84 | # | 84 | # | |
| 85 | 85 | |||
| 86 | .if !defined(PHPVERSION_MK) | 86 | .if !defined(PHPVERSION_MK) | |
| 87 | PHPVERSION_MK= defined | 87 | PHPVERSION_MK= defined | |
| 88 | 88 | |||
| 89 | # Define each PHP's version. | 89 | # Define each PHP's version. | |
| 90 | PHP56_VERSION= 5.6.40 | 90 | PHP56_VERSION= 5.6.40 | |
| 91 | PHP74_VERSION= 7.4.33 | 91 | PHP74_VERSION= 7.4.33 | |
| 92 | PHP80_VERSION= 8.0.30 | 92 | PHP80_VERSION= 8.0.30 | |
| 93 | PHP81_VERSION= 8.1.22 | 93 | PHP81_VERSION= 8.1.22 | |
| 94 | PHP82_VERSION= 8.2.7 | 94 | PHP82_VERSION= 8.2.9 | |
| 95 | 95 | |||
| 96 | # Define API version or initial release of major version. | 96 | # Define API version or initial release of major version. | |
| 97 | PHP56_RELDATE= 20140828 | 97 | PHP56_RELDATE= 20140828 | |
| 98 | PHP74_RELDATE= 20191128 | 98 | PHP74_RELDATE= 20191128 | |
| 99 | PHP80_RELDATE= 20201124 | 99 | PHP80_RELDATE= 20201124 | |
| 100 | PHP81_RELDATE= 20211125 | 100 | PHP81_RELDATE= 20211125 | |
| 101 | PHP82_RELDATE= 20220829 | 101 | PHP82_RELDATE= 20220829 | |
| 102 | 102 | |||
| 103 | _VARGROUPS+= php | 103 | _VARGROUPS+= php | |
| 104 | _USER_VARS.php= PHP_VERSION_DEFAULT | 104 | _USER_VARS.php= PHP_VERSION_DEFAULT | |
| 105 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | 105 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | |
| 106 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | 106 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | |
| 107 | PKG_PHP_MAJOR_VERS | 107 | PKG_PHP_MAJOR_VERS |
| @@ -1,18 +1,17 @@ | @@ -1,18 +1,17 @@ | |||
| 1 | $NetBSD: distinfo,v 1.8 2023/06/09 13:16:03 taca Exp $ | 1 | $NetBSD: distinfo,v 1.8.2.1 2023/08/15 18:52:58 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (php-8.2.7.tar.xz) = e31531a7856586707df35d8d997b8cca8179b54fd42d8bfad71e35f06e52ac6f | 3 | BLAKE2s (php-8.2.9.tar.xz) = 7156a5143373e5fc257676e8494c2a6da346b0189360831acffcd268a19471da | |
| 4 | SHA512 (php-8.2.7.tar.xz) = 8533c0d7b6b0cbca8d01238342edebe1f123b093ab8f3cf5efab40b133989c3288214176b9e2a213b260b07b6bf140711f9b9580c2515a093f586bedc81d8a44 | 4 | SHA512 (php-8.2.9.tar.xz) = 26c53dc737d6144cc0a3ce9134f92f59eb29f62c44b7d6159b92a25bdb0fa80239d7f6b6b663adfe444e57e98b202381df9b35532f40168ea093ac56d4bced19 | |
| 5 | Size (php-8.2.7.tar.xz) = 12016940 bytes | 5 | Size (php-8.2.9.tar.xz) = 12035468 bytes | |
| 6 | SHA1 (patch-build_libtool.m4) = e58a2bcebe9e9d7dc7255354fd9fe57878e3f8a6 | 6 | SHA1 (patch-configure) = 614c907a17adb6d8145e2d6c8ab25d2e4ff8bace | |
| 7 | SHA1 (patch-configure) = 9e41843c0ba0420eba8974c6a5a78de314e5c988 | |||
| 8 | SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b | 7 | SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b | |
| 9 | SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd | 8 | SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd | |
| 10 | SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640 | 9 | SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640 | |
| 11 | SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7 | 10 | SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7 | |
| 12 | SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd | 11 | SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd | |
| 13 | SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483 | 12 | SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483 | |
| 14 | SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72 | 13 | SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72 | |
| 15 | SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6 | 14 | SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6 | |
| 16 | SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8 | 15 | SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8 | |
| 17 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 | 16 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 | |
| 18 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0 | 17 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0 |
| @@ -1,59 +1,59 @@ | @@ -1,59 +1,59 @@ | |||
| 1 | $NetBSD: patch-configure,v 1.8 2023/06/09 13:16:03 taca Exp $ | 1 | $NetBSD: patch-configure,v 1.8.2.1 2023/08/15 18:52:58 bsiegert Exp $ | |
| 2 | 2 | |||
| 3 | * Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS. | 3 | * Do not include "PKG_CONFIG*" in CONFIGURE_OPTIONS. | |
| 4 | * Don't autodetect maintainer-zts. | 4 | * Don't autodetect maintainer-zts. | |
| 5 | * Shell portability. | 5 | * Shell portability. | |
| 6 | 6 | |||
| 7 | --- configure.orig 2023-06-06 21:28:56.000000000 +0000 | 7 | --- configure.orig 2023-05-09 06:25:31.000000000 +0000 | |
| 8 | +++ configure | 8 | +++ configure | |
| 9 | @@ -3732,6 +3732,10 @@ EOF | 9 | @@ -4323,6 +4323,10 @@ EOF | |
| 10 | else | 10 | else | |
| 11 | break | 11 | break | |
| 12 | fi | 12 | fi | |
| 13 | + case "$CURRENT_ARG" in | 13 | + case "$CURRENT_ARG" in | |
| 14 | + \'PKG_CONFIG\=*) CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";; | 14 | + \'PKG_CONFIG\=*) CURRENT_ARG="'PKG_CONFIG=@TOOLS_PATH.pkg-config@'";; | |
| 15 | + \'PKG_CONFIG_LIBDIR\=*) CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";; | 15 | + \'PKG_CONFIG_LIBDIR\=*) CURRENT_ARG="'PKG_CONFIG_LIBDIR=@PHP_PKGCONFIG_PATH@'";; | |
| 16 | + esac | 16 | + esac | |
| 17 | $as_echo "$CURRENT_ARG \\" >>config.nice | 17 | printf "%s\n" "$CURRENT_ARG \\" >>config.nice | |
| 18 | CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG" | 18 | CONFIGURE_OPTIONS="$CONFIGURE_OPTIONS $CURRENT_ARG" | |
| 19 | done | 19 | done | |
| 20 | @@ -7022,30 +7026,6 @@ EOF | 20 | @@ -7553,30 +7557,6 @@ EOF | |
| 21 | ;; | 21 | ;; | |
| 22 | esac | 22 | esac | |
| 23 | 23 | |||
| 24 | - if test "$APACHE_VERSION" -lt 2004001; then | 24 | - if test "$APACHE_VERSION" -lt 2004001; then | |
| 25 | - APXS_MPM=`$APXS -q MPM_NAME` | 25 | - APXS_MPM=`$APXS -q MPM_NAME` | |
| 26 | - if test "$APXS_MPM" != "prefork" && test "$APXS_MPM" != "peruser" && test "$APXS_MPM" != "itk"; then | 26 | - if test "$APXS_MPM" != "prefork" && test "$APXS_MPM" != "peruser" && test "$APXS_MPM" != "itk"; then | |
| 27 | - | 27 | - | |
| 28 | - enable_zts=yes | 28 | - enable_zts=yes | |
| 29 | - if test "$pthreads_working" != "yes"; then | 29 | - if test "$pthreads_working" != "yes"; then | |
| 30 | - as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5 | 30 | - as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5 | |
| 31 | - fi | 31 | - fi | |
| 32 | - | 32 | - | |
| 33 | - fi | 33 | - fi | |
| 34 | - else | 34 | - else | |
| 35 | - APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'` | 35 | - APACHE_THREADED_MPM=`$APXS_HTTPD -V 2>/dev/null | grep 'threaded:.*yes'` | |
| 36 | - if test -n "$APACHE_THREADED_MPM"; then | 36 | - if test -n "$APACHE_THREADED_MPM"; then | |
| 37 | - | 37 | - | |
| 38 | - enable_zts=yes | 38 | - enable_zts=yes | |
| 39 | - if test "$pthreads_working" != "yes"; then | 39 | - if test "$pthreads_working" != "yes"; then | |
| 40 | - as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5 | 40 | - as_fn_error $? "ZTS currently requires working POSIX threads. We were unable to verify that your system supports Pthreads." "$LINENO" 5 | |
| 41 | - fi | 41 | - fi | |
| 42 | - | 42 | - | |
| 43 | - fi | 43 | - fi | |
| 44 | - fi | 44 | - fi | |
| 45 | - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 45 | - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | |
| 46 | -$as_echo "yes" >&6; } | 46 | -printf "%s\n" "yes" >&6; } | |
| 47 | - | 47 | - | |
| 48 | PHP_VAR_SUBST="$PHP_VAR_SUBST APXS" | 48 | PHP_VAR_SUBST="$PHP_VAR_SUBST APXS" | |
| 49 | 49 | |||
| 50 | else | 50 | else | |
| 51 | @@ -78373,7 +78353,7 @@ $as_echo "#define HAVE_TIDYBUFFIO_H 1" > | 51 | @@ -81017,7 +80997,7 @@ printf "%s\n" "#define HAVE_TIDYBUFFIO_H | |
| 52 | fi | 52 | fi | |
| 53 | 53 | |||
| 54 | TIDY_LIBDIR=$TIDY_DIR/$PHP_LIBDIR | 54 | TIDY_LIBDIR=$TIDY_DIR/$PHP_LIBDIR | |
| 55 | - if test "$TIDY_LIB_NAME" == 'tidyp'; then | 55 | - if test "$TIDY_LIB_NAME" == 'tidyp'; then | |
| 56 | + if test "$TIDY_LIB_NAME" = 'tidyp'; then | 56 | + if test "$TIDY_LIB_NAME" = 'tidyp'; then | |
| 57 | 57 | |||
| 58 | $as_echo "#define HAVE_TIDYP_H 1" >>confdefs.h | 58 | printf "%s\n" "#define HAVE_TIDYP_H 1" >>confdefs.h | |
| 59 | 59 |