pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/lang
Module Name: pkgsrc
Committed By: taca
Date: Sat Sep 28 15:08:01 UTC 2024
Modified Files:
pkgsrc/lang/php: phpversion.mk
pkgsrc/lang/php81: distinfo
Log Message:
lang/php81: update to 8.1.30
PHP 8.1.30 (2024-09-26)
- CGI:
. Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection
Vulnerability). (CVE-2024-8926) (nielsdos)
. Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
bypassable due to the environment variable collision). (CVE-2024-8927)
(nielsdos)
- FPM:
. Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).
(CVE-2024-9026) (Jakub Zelenka)
- SAPI:
. Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).
(CVE-2024-8925) (Arnaud)
06 Jun 2024, PHP 8.1.29
- CGI:
. Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
in PHP-CGI). (CVE-2024-4577) (nielsdos)
- Filter:
. Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
(CVE-2024-5458) (nielsdos)
- OpenSSL:
. The openssl_private_decrypt function in PHP, when using PKCS1 padding
(OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
unless it is used with an OpenSSL version that includes the changes from this pull
request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection).
These changes are part of OpenSSL 3.2 and have also been backported to stable
versions of various Linux distributions, as well as to the PHP builds provided for
Windows since the previous release. All distributors and builders should ensure that
this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)
- Standard:
. Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
(CVE-2024-5585) (nielsdos)
To generate a diff of this commit:
cvs rdiff -u -r1.443 -r1.444 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.33 -r1.34 pkgsrc/lang/php81/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.443 pkgsrc/lang/php/phpversion.mk:1.444
--- pkgsrc/lang/php/phpversion.mk:1.443 Sat Sep 28 15:05:35 2024
+++ pkgsrc/lang/php/phpversion.mk Sat Sep 28 15:08:01 2024
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.443 2024/09/28 15:05:35 taca Exp $
+# $NetBSD: phpversion.mk,v 1.444 2024/09/28 15:08:01 taca Exp $
#
# This file selects a PHP version, based on the user's preferences and
# the installed packages. It does not add a dependency on the PHP
@@ -89,7 +89,7 @@ PHPVERSION_MK= defined
# Define each PHP's version.
PHP56_VERSION= 5.6.40
PHP74_VERSION= 7.4.33
-PHP81_VERSION= 8.1.29
+PHP81_VERSION= 8.1.30
PHP82_VERSION= 8.2.24
PHP83_VERSION= 8.3.12
Index: pkgsrc/lang/php81/distinfo
diff -u pkgsrc/lang/php81/distinfo:1.33 pkgsrc/lang/php81/distinfo:1.34
--- pkgsrc/lang/php81/distinfo:1.33 Fri Jun 7 13:54:25 2024
+++ pkgsrc/lang/php81/distinfo Sat Sep 28 15:08:01 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.33 2024/06/07 13:54:25 taca Exp $
+$NetBSD: distinfo,v 1.34 2024/09/28 15:08:01 taca Exp $
-BLAKE2s (php-8.1.29.tar.xz) = ba21a632f93e60e0a7111abba136333a5430f04e5ba64336838a24137934f0df
-SHA512 (php-8.1.29.tar.xz) = fd4f75224f71111a4cc40b3015ae70ac57a623326a3299da9ab8bd9dfad4ea27ff345d0eb75f1407d183207e763d372d738bbd8d217d01ec1414d29a547e8ba7
-Size (php-8.1.29.tar.xz) = 11826292 bytes
+BLAKE2s (php-8.1.30.tar.xz) = b55caf976f318d2d8db48322f54af260feb9aeaa2c9cf50928c6ec1a09436722
+SHA512 (php-8.1.30.tar.xz) = cdca1c1671362272bf6c2abf45d097b42ca06c0abf962ee814bf478f8b346f274f42a1b1aa6603cdd59a1978a8b9d1971b589706f2909b6ea34594de0edaee1e
+Size (php-8.1.30.tar.xz) = 11850340 bytes
SHA1 (patch-build_php.m4) = 5b86e63ccdce4e654acc9361f4d275f23b5afd46
SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640
SHA1 (patch-ext_enchant_enchant.c) = 7924acc5fdadea89b3a385cf744ef982795bf89d
Home |
Main Index |
Thread Index |
Old Index