CVS commit: pkgsrc/lang

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Mon Nov 25 14:36:20 UTC 2024

Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php83: Makefile distinfo

Log Message:
lang/php82: update to 8.2.26

PHP 8.3.14 (2024-11-21)

- CLI:
  . Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server
    started through shebang). (ilutov)
  . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
    Processing in CLI SAPI Interface). (nielsdos)

- COM:
  . Fixed out of bound writes to SafeArray data. (cmb)

- Core:
  . Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled
    with Xcode 16 clang on macOS 15). (nielsdos)
  . Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud)
  . Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for
    call trampoline). (ilutov)
  . Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
    (ilutov)
  . Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed
    early bound classes). (ilutov)
  . Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov)

- Curl:
  . Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if
    curl_multi_add_handle fails). (timwolla)

- Date:
  . Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset).
    (cmb)
  . Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb)

- DBA:
  . Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb)

- DOM:
  . Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
    (nielsdos)
  . Add missing hierarchy checks to replaceChild. (nielsdos)
  . Fixed bug GH-16336 (Attribute intern document mismanagement). (nielsdos)
  . Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). (nielsdos)
  . Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos)
  . Fixed bug GH-16533 (Segfault when adding attribute to parent that is not
    an element). (nielsdos)
  . Fixed bug GH-16535 (UAF when using document as a child). (nielsdos)
  . Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos)
  . Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos)

- EXIF:
  . Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a
    real file). (nielsdos, cmb)

- FFI:
  . Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
    (nielsdos)

- Filter:
  . Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb)

- FPM:
  . Fixed bug GH-16628 (FPM logs are getting corrupted with this log
    statement). (nielsdos)

- GD:
  . Fixed bug GH-16334 (imageaffine overflow on matrix elements).
    (David Carlier)
  . Fixed bug GH-16427 (Unchecked libavif return values). (cmb)
  . Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
    (nielsdos)

- GMP:
  . Fixed floating point exception bug with gmp_pow when using
    large exposant values. (David Carlier).
  . Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb)
  . Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
    (David Carlier)
  . Fixed gmp_pow() overflow bug with large base/exponents.
    (David Carlier)
  . Fixed segfaults and other issues related to operator overloading with
    GMP objects. (Girgias)

- LDAP:
  . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
    (nielsdos)

- MBstring:
  . Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
    (David Carlier)

- MySQLnd:
  . Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through
    heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka)

- Opcache:
  . Fixed bug GH-16408 (Array to string conversion warning emitted in
    optimizer). (ilutov)

- OpenSSL:
  . Fixed bug GH-16357 (openssl may modify member types of certificate arrays).
    (cmb)
  . Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow).
    (cmb)
  . Fix various memory leaks on error conditions in openssl_x509_parse().
    (nielsdos)

- PDO DBLIB:
  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
    OOB writes). (CVE-2024-11236) (nielsdos)

- PDO Firebird:
  . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
    causing OOB writes). (CVE-2024-11236) (nielsdos)

- PDO ODBC:
  . Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb)

- Phar:
  . Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos)

- PHPDBG:
  . Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb)

- Reflection:
  . Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos)

- Session:
  . Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params).
    (nielsdos)
  . Fixed bug GH-16290 (overflow on cookie_lifetime ini value).
    (David Carlier)

- SOAP:
  . Fixed bug GH-16318 (Recursive array segfaults soap encoding). (nielsdos)
  . Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
    (nielsdos)

- Sockets:
  . Fixed bug with overflow socket_recvfrom $length argument. (David Carlier)

- SPL:
  . Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos)
  . Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
    (ilutov)
  . Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov)
  . Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov)
  . Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos)
  . Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed
    SplFileObject::__constructor). (Girgias)
  . Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos)
  . Fixed bug GH-14687 (segfault on SplObjectIterator instance).
    (David Carlier)
  . Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos)
  . Fixed bug GH-16646 (UAF in ArrayObject::unset() and
    ArrayObject::exchangeArray()). (ilutov)

- Standard:
  . Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with
    bail enabled). (ilutov)

- Streams:
  . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
    might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
  . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
    convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)

- SysVMsg:
  . Fixed bug GH-16592 (msg_send() crashes when a type does not properly
    serialized). (David Carlier / cmb)

- SysVShm:
  . Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb)

- XMLReader:
  . Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
    (nielsdos)

- Zlib:
  . Fixed bug GH-16326 (Memory management is broken for bad dictionaries.)
    (cmb)


To generate a diff of this commit:
cvs rdiff -u -r1.447 -r1.448 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.9 -r1.10 pkgsrc/lang/php83/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/php83/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.447 pkgsrc/lang/php/phpversion.mk:1.448
--- pkgsrc/lang/php/phpversion.mk:1.447 Mon Nov 25 14:32:19 2024
+++ pkgsrc/lang/php/phpversion.mk       Mon Nov 25 14:36:20 2024
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.447 2024/11/25 14:32:19 taca Exp $
+# $NetBSD: phpversion.mk,v 1.448 2024/11/25 14:36:20 taca Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -91,7 +91,7 @@ PHP56_VERSION=        5.6.40
 PHP74_VERSION= 7.4.33
 PHP81_VERSION= 8.1.30
 PHP82_VERSION= 8.2.26
-PHP83_VERSION= 8.3.13
+PHP83_VERSION= 8.3.14
 
 # Define API version or initial release of major version.
 PHP56_RELDATE= 20140828

Index: pkgsrc/lang/php83/Makefile
diff -u pkgsrc/lang/php83/Makefile:1.9 pkgsrc/lang/php83/Makefile:1.10
--- pkgsrc/lang/php83/Makefile:1.9      Thu Nov 14 22:20:30 2024
+++ pkgsrc/lang/php83/Makefile  Mon Nov 25 14:36:20 2024
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.9 2024/11/14 22:20:30 wiz Exp $
+# $NetBSD: Makefile,v 1.10 2024/11/25 14:36:20 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=               php-${PHP_VERSION:S/RC/rc/}
-PKGREVISION=           4
 
 COMMENT=               PHP Hypertext Preprocessor version 8.3
 LICENSE=               php

Index: pkgsrc/lang/php83/distinfo
diff -u pkgsrc/lang/php83/distinfo:1.14 pkgsrc/lang/php83/distinfo:1.15
--- pkgsrc/lang/php83/distinfo:1.14     Sun Nov 10 22:09:50 2024
+++ pkgsrc/lang/php83/distinfo  Mon Nov 25 14:36:20 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.14 2024/11/10 22:09:50 prlw1 Exp $
+$NetBSD: distinfo,v 1.15 2024/11/25 14:36:20 taca Exp $
 
-BLAKE2s (php-8.3.13.tar.xz) = bd76f27687418dc834d2c31f92b2592c190689e78896ec556cfaec76cfa3a934
-SHA512 (php-8.3.13.tar.xz) = e910671375e18dcd90822b4d16bda9b878271b78dc83ef4b7834c0ddf042c82d72cd501c12aaa4550ee530ff3a315d0f468dcf3858db0814d5366048dfdbca65
-Size (php-8.3.13.tar.xz) = 12484032 bytes
+BLAKE2s (php-8.3.14.tar.xz) = 1ff4d97ae5d0fa3a1019cb986df86a92833c2fe4a46307b1759fb4695cb33c4a
+SHA512 (php-8.3.14.tar.xz) = 48a995a5095626dc1b8bb40641e86f01e6806ce10a8c159a402f3b081f8464429ef2d33c3a288cb0f7c643c9236601220dfc604d36b3c2a572cd9f30e5359752
+Size (php-8.3.14.tar.xz) = 12519488 bytes
 SHA1 (patch-TSRM_TSRM.c) = 278007810b74fa7a9cd971dac051d6a2ea0ad90d
 SHA1 (patch-TSRM_TSRM.h) = 70ebc03a611124d76d6813f619ff18b3a8fbf1e8
 SHA1 (patch-build_php.m4) = c85864ae22556c0a5f14b323d2cf031523625e9b