Pullup ticket #6849 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.429 - lang/php81/distinfo 1.32 --- Module Name: pkgsrc Committed By: taca Date: Sat Apr 13 02:53:35 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Log Message: lang/php81: update to 8.1.27 This release includes security fixes. 11 Apr 2024, PHP 8.1.28 - Standard: . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)diff -r1.426.2.2 -r1.426.2.3 pkgsrc/lang/php/phpversion.mk
(bsiegert)
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: phpversion.mk,v 1.426.2.2 2024/04/22 12:49:08 bsiegert Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.426.2.3 2024/04/22 12:56:30 bsiegert Exp $ | |
2 | # | 2 | # | |
3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
5 | # package. | 5 | # package. | |
6 | # | 6 | # | |
7 | # === User-settable variables === | 7 | # === User-settable variables === | |
8 | # | 8 | # | |
9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
11 | # the package. | 11 | # the package. | |
12 | # | 12 | # | |
13 | # Possible: 56 74 80 81 82 83 | 13 | # Possible: 56 74 80 81 82 83 | |
14 | # Default: 82 | 14 | # Default: 82 | |
@@ -81,27 +81,27 @@ | @@ -81,27 +81,27 @@ | |||
81 | # | 81 | # | |
82 | # Example: lib/php/20181200 | 82 | # Example: lib/php/20181200 | |
83 | # | 83 | # | |
84 | # Keywords: php | 84 | # Keywords: php | |
85 | # | 85 | # | |
86 | 86 | |||
87 | .if !defined(PHPVERSION_MK) | 87 | .if !defined(PHPVERSION_MK) | |
88 | PHPVERSION_MK= defined | 88 | PHPVERSION_MK= defined | |
89 | 89 | |||
90 | # Define each PHP's version. | 90 | # Define each PHP's version. | |
91 | PHP56_VERSION= 5.6.40 | 91 | PHP56_VERSION= 5.6.40 | |
92 | PHP74_VERSION= 7.4.33 | 92 | PHP74_VERSION= 7.4.33 | |
93 | PHP80_VERSION= 8.0.30 | 93 | PHP80_VERSION= 8.0.30 | |
94 | PHP81_VERSION= 8.1.27 | 94 | PHP81_VERSION= 8.1.28 | |
95 | PHP82_VERSION= 8.2.18 | 95 | PHP82_VERSION= 8.2.18 | |
96 | PHP83_VERSION= 8.3.4 | 96 | PHP83_VERSION= 8.3.4 | |
97 | 97 | |||
98 | # Define API version or initial release of major version. | 98 | # Define API version or initial release of major version. | |
99 | PHP56_RELDATE= 20140828 | 99 | PHP56_RELDATE= 20140828 | |
100 | PHP74_RELDATE= 20191128 | 100 | PHP74_RELDATE= 20191128 | |
101 | PHP80_RELDATE= 20201124 | 101 | PHP80_RELDATE= 20201124 | |
102 | PHP81_RELDATE= 20211125 | 102 | PHP81_RELDATE= 20211125 | |
103 | PHP82_RELDATE= 20220829 | 103 | PHP82_RELDATE= 20220829 | |
104 | PHP83_RELDATE= 20231123 | 104 | PHP83_RELDATE= 20231123 | |
105 | 105 | |||
106 | _VARGROUPS+= php | 106 | _VARGROUPS+= php | |
107 | _USER_VARS.php= PHP_VERSION_DEFAULT | 107 | _USER_VARS.php= PHP_VERSION_DEFAULT |
@@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
1 | $NetBSD: distinfo,v 1.31 2024/01/05 02:10:34 taca Exp $ | 1 | $NetBSD: distinfo,v 1.31.2.1 2024/04/22 12:56:30 bsiegert Exp $ | |
2 | 2 | |||
3 | BLAKE2s (php-8.1.27.tar.xz) = adeaa2ba18ec7bf532947556261be717e6be2a6c8dc191a839eadcb6b682dc62 | 3 | BLAKE2s (php-8.1.28.tar.xz) = 3c9676ad6d04d5006f3135f377f22fab86b3f1f6804977b290e4bf9685d214c0 | |
4 | SHA512 (php-8.1.27.tar.xz) = 07fb2b8e10e2487635e26bfd8a27949a26b85f76bc3984ad8599224bb7a7f9498d84299335ae5a0bba16599275e9747ab141f73f4f2076ddf49ebec8e76fd0ed | 4 | SHA512 (php-8.1.28.tar.xz) = d56ecac164e00e9514cd3c6c8c453598b323118dc7d7ae7cc14ba0847d50a2e455b2391f52e0d81af325b02d8f73a7d2ed66bf66d068dac4a496d777c83a398f | |
5 | Size (php-8.1.27.tar.xz) = 11915228 bytes | 5 | Size (php-8.1.28.tar.xz) = 11848504 bytes | |
6 | SHA1 (patch-configure) = bf9d652aa5b5509b08ce7cdb6168936ca7b80584 | 6 | SHA1 (patch-configure) = bf9d652aa5b5509b08ce7cdb6168936ca7b80584 | |
7 | SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640 | 7 | SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640 | |
8 | SHA1 (patch-ext_enchant_enchant.c) = 7924acc5fdadea89b3a385cf744ef982795bf89d | 8 | SHA1 (patch-ext_enchant_enchant.c) = 7924acc5fdadea89b3a385cf744ef982795bf89d | |
9 | SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd | 9 | SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd | |
10 | SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7 | 10 | SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7 | |
11 | SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd | 11 | SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd | |
12 | SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483 | 12 | SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483 | |
13 | SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72 | 13 | SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72 | |
14 | SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6 | 14 | SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6 | |
15 | SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8 | 15 | SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8 | |
16 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 | 16 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 | |
17 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0 | 17 | SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0 |