NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/598 CVS commit: [pkgsrc-2014Q1] pkgsrc



The following reply was made to PR lib/598; it has been noted by GNATS.

From: "S.P.Zeidler" <spz%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/598 CVS commit: [pkgsrc-2014Q1] pkgsrc
Date: Sun, 1 Jun 2014 13:20:22 +0000

 Module Name:   pkgsrc
 Committed By:  spz
 Date:          Sun Jun  1 13:20:22 UTC 2014
 
 Modified Files:
        pkgsrc/graphics/php-gd [pkgsrc-2014Q1]: Makefile
        pkgsrc/lang/php [pkgsrc-2014Q1]: phpversion.mk
        pkgsrc/lang/php53 [pkgsrc-2014Q1]: distinfo
        pkgsrc/lang/php54 [pkgsrc-2014Q1]: Makefile Makefile.php distinfo
        pkgsrc/lang/php54/patches [pkgsrc-2014Q1]: patch-configure
            patch-php.ini-development patch-php.ini-production
        pkgsrc/lang/php55 [pkgsrc-2014Q1]: Makefile distinfo
        pkgsrc/lang/php55/patches [pkgsrc-2014Q1]: patch-configure
            patch-php.ini-development patch-php.ini-production
 Added Files:
        pkgsrc/lang/php53/patches [pkgsrc-2014Q1]: patch-ext_gd_libgd_gdxpm.c
        pkgsrc/lang/php54/patches [pkgsrc-2014Q1]: patch-ext_gd_libgd_gdxpm.c
        pkgsrc/lang/php55/patches [pkgsrc-2014Q1]: patch-ext_gd_libgd_gdxpm.c
            patch-ext_sqlite3_libsqlite_sqlite3.c
 Removed Files:
        pkgsrc/lang/php54/patches [pkgsrc-2014Q1]:
            patch-ext_fileinfo_data__file.c
        pkgsrc/lang/php55/patches [pkgsrc-2014Q1]:
            patch-ext_fileinfo_data__file.c
 
 Log Message:
 Pullup ticket #4422 - requested by taca
 graphics/php-gd: version bump
 lang/php: version bump
 lang/php53: security update
 lang/php54: security update
 lang/php55: security update
 
 Revisions pulled up:
 - graphics/php-gd/Makefile                                      1.36
 - lang/php/phpversion.mk                                        1.59-1.62
 - lang/php53/distinfo                                           1.73
 - lang/php53/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
 - lang/php54/Makefile                                           1.21
 - lang/php54/Makefile.php                                       1.7
 - lang/php54/distinfo                                           1.37-1.39
 - lang/php54/patches/patch-configure                            1.7
 - lang/php54/patches/patch-ext_fileinfo_data__file.c            deleted
 - lang/php54/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
 - lang/php54/patches/patch-php.ini-development                  1.3
 - lang/php54/patches/patch-php.ini-production                   1.3
 - lang/php55/Makefile                                           1.12
 - lang/php55/distinfo                                           1.18-1.21
 - lang/php55/patches/patch-configure                            1.6
 - lang/php55/patches/patch-ext_fileinfo_data__file.c            deleted
 - lang/php55/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
 - lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c      1.2
 - lang/php55/patches/patch-php.ini-development                  1.4
 - lang/php55/patches/patch-php.ini-production                   1.4
 
 -------------------------------------------------------------------
    Module Name:        pkgsrc
    Committed By:       taca
    Date:               Fri Apr  4 03:05:00 UTC 2014
 
    Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php55: Makefile distinfo
        pkgsrc/lang/php55/patches: patch-php.ini-development
            patch-php.ini-production
    Removed Files:
        pkgsrc/lang/php55/patches: patch-ext_fileinfo_data__file.c
 
    Log Message:
    Update php55 to 5.5.11.
    CVE-2013-7345 is already fixed in 5.5.10nb2.
 
    03 Apr 2014, PHP 5.5.11
 
    - Core:
      . Allow zero length comparison in substr_compare() (Tjerk)
      . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
 
    - SPL:
      . Added feature #65545 (SplFileObject::fread()) (Tjerk)
 
    - cURL:
      . Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default 
behaviour) (Tjerk)
      . Fix compilation on libcurl versions between 7.10.5 and 7.12.2, 
inclusive.
        (Adam)
 
    - FPM:
      . Added clear_env configuration directive to disable clearenv() call.
      (Github PR# 598, Paul Annesley)
 
    - Fileinfo:
      . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
        expression). (CVE-2013-7345) (Remi)
 
    - GD:
      . Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
      . Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) 
(Pierre)
      . Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
      . Fixed bug #66890 (imagescale segfault). (Remi)
      . Fixed bug #66893 (imagescale ignore method argument). (Remi)
 
    - Hash:
      . hash_pbkdf2() now works correctly if the $length argument is not 
specified.
        (Nikita)
 
    - Intl:
      . Fixed bug #66873 (A reproductible crash in UConverter when given invalid
        encoding) (Stas)
 
    - Mail:
      . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) 
(Tjerk)
 
    - MySQLi:
      . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link 
closed)
      (Remi)
 
    - OPCache
      . Added function opcache_is_script_cached(). (Danack)
      . Added information about interned strings usage. (Terry, Julien, Dmitry)
 
    - Openssl:
      . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). 
(Remi)
 
    - GMP
      . Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
 
    - SQLite:
      . Updated bundled libsqlite to 3.8.3.1 (Anatol)
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/php/phpversion.mk
    cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/php55/Makefile
    cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/php55/distinfo
    cvs rdiff -u -r1.1 -r0 \
        pkgsrc/lang/php55/patches/patch-ext_fileinfo_data__file.c
    cvs rdiff -u -r1.3 -r1.4 
pkgsrc/lang/php55/patches/patch-php.ini-development \
        pkgsrc/lang/php55/patches/patch-php.ini-production
 
 -------------------------------------------------------------------
    Module Name:        pkgsrc
    Committed By:       taca
    Date:               Sat Apr  5 03:43:40 UTC 2014
 
    Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php54: Makefile Makefile.php distinfo
        pkgsrc/lang/php54/patches: patch-php.ini-development
            patch-php.ini-production
    Removed Files:
        pkgsrc/lang/php54/patches: patch-ext_fileinfo_data__file.c
 
    Log Message:
    Update php54 to 5.4.27.  CVE-2013-7345 is already fixed in 5.4.26nb2.
 
    03 Apr 2014, PHP 5.4.27
 
    - Core:
      . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
 
    - Fileinfo:
      . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
        expression). (CVE-2013-7345) (Remi)
 
    - FPM:
      . Added clear_env configuration directive to disable clearenv() call.
      (Github PR# 598, Paul Annesley)
 
    - GMP
      . fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre)
 
    - Mail:
      . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) 
(Tjerk)
 
    - MySQLi:
      . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link 
closed)
      (Remi)
 
    - Openssl:
      . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). 
(Remi)
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/php/phpversion.mk
    cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php54/Makefile
    cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/Makefile.php
    cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/php54/distinfo
    cvs rdiff -u -r1.1 -r0 \
        pkgsrc/lang/php54/patches/patch-ext_fileinfo_data__file.c
    cvs rdiff -u -r1.2 -r1.3 
pkgsrc/lang/php54/patches/patch-php.ini-development \
        pkgsrc/lang/php54/patches/patch-php.ini-production
 
 -------------------------------------------------------------------
    Module Name:        pkgsrc
    Committed By:       jperkin
    Date:               Mon Apr 14 10:17:19 UTC 2014
 
    Modified Files:
        pkgsrc/lang/php55: distinfo
    Added Files:
        pkgsrc/lang/php55/patches: patch-ext_sqlite3_libsqlite_sqlite3.c
 
    Log Message:
    Don't define _XOPEN_SOURCE on SunOS, it conflicts with the environment
    from the PHP build.
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.18 -r1.19 pkgsrc/lang/php55/distinfo
    cvs rdiff -u -r0 -r1.1 
pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
 
 -------------------------------------------------------------------
    Module Name:        pkgsrc
    Committed By:       taca
    Date:               Thu May  1 15:52:33 UTC 2014
 
    Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php55: distinfo
        pkgsrc/lang/php55/patches: patch-configure
            patch-ext_sqlite3_libsqlite_sqlite3.c
 
    Log Message:
    Update php55 to 5.5.12.
 
    01 May 2014, PHP 5.5.12
    - Core:
      . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
      . Fixed bug #64330 (stream_socket_server() creates wrong Abstract 
Namespace
        UNIX sockets). (Mike)
      . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
      . Fixed bug #66736 (fpassthru broken). (Mike)
      . Fixed bug #67024 (getimagesize should recognize BMP files with negative
        height). (Gabor Buella)
      . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
 
    - cURL:
      . Fixed bug #66562 (curl_exec returns differently than 
curl_multi_getcontent).
        (Freek Lijten)
 
    - Date:
      . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object 
data is
        supplied). (Boro Sitnikovski)
 
    - Embed:
      . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
 
    - Fileinfo:
      . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
        (Remi)
 
    - FPM:
      . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
      . Fixed bug #67060 (possible privilege escalation due to insecure default 
configuration). (CVE-2014-0185) (christian at hoffie dot info)
 
    - JSON:
      . Fixed bug #66021 (Blank line inside empty array/object when
        JSON_PRETTY_PRINT is set). (Kevin Israel)
 
    - LDAP:
      . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
 
    - mysqli:
      . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
        (extra comma) and third parameters (lack of escaping). (Andrey)
 
    - OpenSSL:
      . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
      . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
 
    - SimpleXML:
      . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
        (Anatol)
 
    - SQLite:
      . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
 
    - XSL:
      . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
        when loaded with "file://"). (Anatol)
 
    - Apache2 Handler SAPI:
      . Fixed Apache log issue caused by APR's lack of support for %zu
        (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
        (Jeff Trawick)
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.60 -r1.61 pkgsrc/lang/php/phpversion.mk
    cvs rdiff -u -r1.19 -r1.20 pkgsrc/lang/php55/distinfo
    cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/php55/patches/patch-configure
    cvs rdiff -u -r1.1 -r1.2 
pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
 
 -------------------------------------------------------------------
    Module Name:        pkgsrc
    Committed By:       taca
    Date:               Fri May  2 13:04:12 UTC 2014
 
    Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php54: distinfo
        pkgsrc/lang/php54/patches: patch-configure
 
    Log Message:
    Update php54 to 5.4.28.
 
    01 May 2014, PHP 5.4.28
 
    - Core:
      . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
      . Fixed bug #64330 (stream_socket_server() creates wrong Abstract 
Namespace
        UNIX sockets). (Mike)
      . Fixed bug #66171 (Symlinks and session handler allow open_basedir 
bypass).
        (Jann Horn, Stas)
      . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
      . Fixed bug #66736 (fpassthru broken). (Mike)
      . Fixed bug #67024 (getimagesize should recognize BMP files with negative
        height). (Gabor Buella)
 
    - cURL:
      . Fixed bug #66562 (curl_exec returns differently than 
curl_multi_getcontent).
        (Freek Lijten)
 
    - Date:
      . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object 
data is
        supplied). (Boro Sitnikovski)
 
    - Embed:
      . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)
 
    - Fileinfo:
      . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
        (Remi)
 
    - FPM:
      . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
      . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to 
insecure
        default configuration) (CVE-2014-0185). (Stas)
 
    - JSON:
      . Fixed bug #66021 (Blank line inside empty array/object when
        JSON_PRETTY_PRINT is set). (Kevin Israel)
 
    - LDAP:
      . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
 
    - OpenSSL:
      . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
      . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
 
    - SimpleXML:
      . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
        (Anatol)
 
    - XSL:
      . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
        when loaded with "file://"). (Anatol)
 
    - Apache2 Handler SAPI:
      . Fixed Apache log issue caused by APR's lack of support for %zu
        (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
        (Jeff Trawick)
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.61 -r1.62 pkgsrc/lang/php/phpversion.mk
    cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php54/distinfo
    cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/patches/patch-configure
 
 -------------------------------------------------------------------
    Module Name:        pkgsrc
    Committed By:       he
    Date:               Sun May 11 11:20:48 UTC 2014
 
    Modified Files:
        pkgsrc/graphics/php-gd: Makefile
        pkgsrc/lang/php53: distinfo
        pkgsrc/lang/php54: distinfo
        pkgsrc/lang/php55: distinfo
    Added Files:
        pkgsrc/lang/php53/patches: patch-ext_gd_libgd_gdxpm.c
        pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c
        pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c
 
    Log Message:
    Apply a patch to fix CVE-2014-2497, taken from
    https://bugs.php.net/patch-display.php?bug_id=66901
    Bump PKGREVISION for php-gd correspondingly.
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.35 -r1.36 pkgsrc/graphics/php-gd/Makefile
    cvs rdiff -u -r1.72 -r1.73 pkgsrc/lang/php53/distinfo
    cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
    cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php54/distinfo
    cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
    cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php55/distinfo
    cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_gd_libgd_gdxpm.c
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.35 -r1.35.8.1 pkgsrc/graphics/php-gd/Makefile
 cvs rdiff -u -r1.58 -r1.58.2.1 pkgsrc/lang/php/phpversion.mk
 cvs rdiff -u -r1.72 -r1.72.2.1 pkgsrc/lang/php53/distinfo
 cvs rdiff -u -r0 -r1.1.2.2 \
     pkgsrc/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
 cvs rdiff -u -r1.20 -r1.20.2.1 pkgsrc/lang/php54/Makefile
 cvs rdiff -u -r1.6 -r1.6.6.1 pkgsrc/lang/php54/Makefile.php
 cvs rdiff -u -r1.36 -r1.36.2.1 pkgsrc/lang/php54/distinfo
 cvs rdiff -u -r1.6 -r1.6.2.1 pkgsrc/lang/php54/patches/patch-configure
 cvs rdiff -u -r1.1 -r0 \
     pkgsrc/lang/php54/patches/patch-ext_fileinfo_data__file.c
 cvs rdiff -u -r0 -r1.1.2.2 \
     pkgsrc/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
 cvs rdiff -u -r1.2 -r1.2.2.1 \
     pkgsrc/lang/php54/patches/patch-php.ini-development \
     pkgsrc/lang/php54/patches/patch-php.ini-production
 cvs rdiff -u -r1.11 -r1.11.2.1 pkgsrc/lang/php55/Makefile
 cvs rdiff -u -r1.17 -r1.17.2.1 pkgsrc/lang/php55/distinfo
 cvs rdiff -u -r1.5 -r1.5.2.1 pkgsrc/lang/php55/patches/patch-configure
 cvs rdiff -u -r1.1 -r0 \
     pkgsrc/lang/php55/patches/patch-ext_fileinfo_data__file.c
 cvs rdiff -u -r0 -r1.1.2.2 \
     pkgsrc/lang/php55/patches/patch-ext_gd_libgd_gdxpm.c
 cvs rdiff -u -r0 -r1.2.2.2 \
     pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
 cvs rdiff -u -r1.3 -r1.3.2.1 \
     pkgsrc/lang/php55/patches/patch-php.ini-development \
     pkgsrc/lang/php55/patches/patch-php.ini-production
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
 


Home | Main Index | Thread Index | Old Index