head 1.43; access; symbols pkgsrc-2025Q4:1.42.0.2 pkgsrc-2025Q4-base:1.42 pkgsrc-2025Q3:1.41.0.2 pkgsrc-2025Q3-base:1.41 pkgsrc-2025Q2:1.40.0.2 pkgsrc-2025Q2-base:1.40 pkgsrc-2025Q1:1.37.0.2 pkgsrc-2025Q1-base:1.37 pkgsrc-2024Q4:1.35.0.2 pkgsrc-2024Q4-base:1.35 pkgsrc-2024Q3:1.34.0.2 pkgsrc-2024Q3-base:1.34 pkgsrc-2024Q2:1.33.0.2 pkgsrc-2024Q2-base:1.33 pkgsrc-2024Q1:1.31.0.2 pkgsrc-2024Q1-base:1.31 pkgsrc-2023Q4:1.30.0.2 pkgsrc-2023Q4-base:1.30 pkgsrc-2023Q3:1.27.0.2 pkgsrc-2023Q3-base:1.27 pkgsrc-2023Q2:1.24.0.2 pkgsrc-2023Q2-base:1.24 pkgsrc-2023Q1:1.21.0.2 pkgsrc-2023Q1-base:1.21 pkgsrc-2022Q4:1.15.0.2 pkgsrc-2022Q4-base:1.15 pkgsrc-2022Q3:1.12.0.2 pkgsrc-2022Q3-base:1.12 pkgsrc-2022Q2:1.9.0.2 pkgsrc-2022Q2-base:1.9 pkgsrc-2022Q1:1.5.0.2 pkgsrc-2022Q1-base:1.5 pkgsrc-2021Q4:1.2.0.2 pkgsrc-2021Q4-base:1.2; locks; strict; comment @# @; 1.43 date 2026.01.08.14.30.36; author taca; state dead; branches; next 1.42; commitid zIog8nCzAnPU7BpG; 1.42 date 2025.12.19.14.28.15; author taca; state Exp; branches; next 1.41; commitid 6zqGI1m8AgPXK1nG; 1.41 date 2025.07.04.01.24.52; author taca; state Exp; branches; next 1.40; commitid 5mbxl61ilr40Pm1G; 1.40 date 2025.06.14.14.00.12; author taca; state Exp; branches 1.40.2.1; next 1.39; commitid LSiL5PoDLfa1ERYF; 1.39 date 2025.06.11.14.58.26; author taca; state Exp; branches; next 1.38; commitid kK3M1Ujj4BWR3uYF; 1.38 date 2025.04.07.17.33.36; author taca; state Exp; branches; next 1.37; commitid hVRav9XFpLuJ09QF; 1.37 date 2025.03.14.15.25.31; author taca; state Exp; branches; next 1.36; commitid zcC7PDDgeXtB43NF; 1.36 date 2025.02.08.02.59.29; author taca; state Exp; branches; next 1.35; commitid NL30i5K5NP0s2CIF; 1.35 date 2024.11.25.14.39.25; author taca; state Exp; branches; next 1.34; commitid c4SeG0G8znq1k2zF; 1.34 date 2024.09.28.15.08.01; author taca; state Exp; branches; next 1.33; commitid jKF20W6wrmPrlArF; 1.33 date 2024.06.07.13.54.25; author taca; state Exp; branches; next 1.32; commitid gN2IS7NtewCmz3dF; 1.32 date 2024.04.13.02.53.35; author taca; state Exp; branches; next 1.31; commitid 4lcS02aSmTDbGV5F; 1.31 date 2024.01.05.02.10.34; author taca; state Exp; branches 1.31.2.1; next 1.30; commitid X2mCRB7USUAPCcTE; 1.30 date 2023.11.24.06.03.45; author taca; state Exp; branches; next 1.29; commitid wY7Z7neCl7TggPNE; 1.29 date 2023.10.27.15.04.30; author taca; state Exp; branches; next 1.28; commitid tWThl0P6m4QP9hKE; 1.28 date 2023.09.29.15.11.00; author taca; state Exp; branches; next 1.27; commitid outcDbBfYDKM5GGE; 1.27 date 2023.09.02.14.49.39; author taca; state Exp; branches; next 1.26; commitid VaztBSXqtqHlQcDE; 1.26 date 2023.08.05.08.43.16; author taca; state Exp; branches; next 1.25; commitid sUTfdgDiECyrIzzE; 1.25 date 2023.07.07.12.51.19; author taca; state Exp; branches; next 1.24; commitid EOMNcehqBKyl1SvE; 1.24 date 2023.06.09.13.18.55; author taca; state Exp; branches 1.24.2.1; next 1.23; commitid qACmUgt99GcC4hsE; 1.23 date 2023.05.14.14.52.45; author taca; state Exp; branches; next 1.22; commitid Bfu23nPyxtKCqWoE; 1.22 date 2023.04.15.02.19.13; author taca; state Exp; branches; next 1.21; commitid yYLcUIXhu83Ub9lE; 1.21 date 2023.03.16.13.52.01; author taca; state Exp; branches; next 1.20; commitid vI3KMl9BlGNlZlhE; 1.20 date 2023.02.19.12.54.23; author taca; state Exp; branches; next 1.19; commitid fP1LhNeu7Wwit8eE; 1.19 date 2023.02.17.14.40.26; author nikita; state Exp; branches; next 1.18; commitid TKJYV1YaHCOz7TdE; 1.18 date 2023.02.15.14.16.44; author taca; state Exp; branches; next 1.17; commitid 6vmp4wyMQZrE3DdE; 1.17 date 2023.02.03.14.43.23; author taca; state Exp; branches; next 1.16; commitid g15Zr9Bl3lrGA5cE; 1.16 date 2023.01.07.07.40.47; author taca; state Exp; branches; next 1.15; commitid 4YoOLrGbEh2w7A8E; 1.15 date 2022.11.25.16.53.13; author taca; state Exp; branches 1.15.2.1; next 1.14; commitid B7wNDipwyrnEy63E; 1.14 date 2022.10.30.10.16.24; author taca; state Exp; branches; next 1.13; commitid 82IXBbMoKlfqcJZD; 1.13 date 2022.10.01.00.27.05; author taca; state Exp; branches; next 1.12; commitid fiERVJmL4pCYRWVD; 1.12 date 2022.09.01.16.32.35; author taca; state Exp; branches 1.12.2.1; next 1.11; commitid igZFCZwmOtd3bbSD; 1.11 date 2022.08.04.15.22.08; author taca; state Exp; branches; next 1.10; commitid H1tBqktQRhipGzOD; 1.10 date 2022.07.08.13.51.56; author taca; state Exp; branches; next 1.9; commitid R31rPlUeS7zt36LD; 1.9 date 2022.06.09.15.10.50; author taca; state Exp; branches; next 1.8; commitid kLdurZ6nn4xpqnHD; 1.8 date 2022.05.21.16.01.06; author taca; state Exp; branches; next 1.7; commitid vp7j4IBMRcovjWED; 1.7 date 2022.05.13.15.02.36; author taca; state Exp; branches; next 1.6; commitid 7SMxK8zaG3FjfUDD; 1.6 date 2022.04.16.00.55.47; author taca; state Exp; branches; next 1.5; commitid CL7bBs2BHbRHqmAD; 1.5 date 2022.03.18.14.42.47; author taca; state Exp; branches; next 1.4; commitid XHDM7YYyJQfcWHwD; 1.4 date 2022.02.20.13.10.37; author taca; state Exp; branches; next 1.3; commitid zpld7wWV9xHogmtD; 1.3 date 2022.01.24.14.13.36; author taca; state Exp; branches; next 1.2; commitid GVEAVVEOckOHtTpD; 1.2 date 2021.12.19.05.04.48; author taca; state Exp; branches 1.2.2.1; next 1.1; commitid Kjyadaa8hBZgBdlD; 1.1 date 2021.11.27.07.24.43; author taca; state Exp; branches; next ; commitid 0YNztyIvvbL65piD; 1.40.2.1 date 2025.07.04.14.22.47; author maya; state Exp; branches; next ; commitid 5Yr67vUR5sLV7r1G; 1.31.2.1 date 2024.04.22.12.56.30; author bsiegert; state Exp; branches; next 1.31.2.2; commitid ezh7FHrE6fMdJ87F; 1.31.2.2 date 2024.06.24.18.04.51; author bsiegert; state Exp; branches; next ; commitid US340EPVOZ7spgfF; 1.24.2.1 date 2023.08.15.18.42.53; author bsiegert; state Exp; branches; next ; commitid v9PVW6H4knjgIUAE; 1.15.2.1 date 2023.01.08.16.15.56; author bsiegert; state Exp; branches; next ; commitid Wm2SdfN1iwniWK8E; 1.12.2.1 date 2022.10.03.14.29.14; author bsiegert; state Exp; branches; next 1.12.2.2; commitid sVrharqKGXi0thWD; 1.12.2.2 date 2022.11.05.19.15.10; author bsiegert; state Exp; branches; next ; commitid S0AaVW8a7DnkZx0E; 1.2.2.1 date 2022.03.03.19.23.19; author bsiegert; state Exp; branches; next ; commitid 3A1SZjA1wjGnYNuD; desc @@ 1.43 log @lang/php81: remove package EOL last year. @ text @$NetBSD: distinfo,v 1.42 2025/12/19 14:28:15 taca Exp $ BLAKE2s (php-8.1.34.tar.xz) = 09fa22f93e49747ec55d2bea7e17e6776de31b9982c8d68ec1367419ac2e937e SHA512 (php-8.1.34.tar.xz) = 7d24948b22e63268e728d9719e4b3f83496313ec5b47130a3eab109ce7b67447b581792d7384018aaccd5188a0614000ade444ef6adc853f49d2aa043bde4b12 Size (php-8.1.34.tar.xz) = 11903896 bytes SHA1 (patch-build_Makefile.global) = a5540dc209ea9b2b696ded4c1a3967eec9727800 SHA1 (patch-build_php.m4) = 0d1bb2ded23a86b339a453655b7381de129e9274 SHA1 (patch-configure.ac) = efa879e8304838d3c8cf3851310ce3d9e54c1a1e SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640 SHA1 (patch-ext_enchant_enchant.c) = 7924acc5fdadea89b3a385cf744ef982795bf89d SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7 SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483 SHA1 (patch-php.ini-development) = c19d1f756707ead8b73e038ef82b15c24fed5800 SHA1 (patch-php.ini-production) = 20240004d2c344a2d3c00730f3f1944551a7fd60 SHA1 (patch-sapi_apache2handler_config.m4) = ecfb1ec8d58743e96ac9799f8e4be9d3ec2912eb SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8 SHA1 (patch-sapi_cgi_config9.m4) = 1958863945bec4b3baa1018fb2b56167b9e90a4f SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 SHA1 (patch-sapi_fpm_fpm_fpm__conf.c) = 2114efaa452b84db4bd7dabde860f06c3a0dcf69 SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 9188988293bd1e7eca511a27e35c4686170e3ad0 SHA1 (patch-sapi_fpm_www.conf.in) = 4c36e1f1adbe518494fccb3313370200326e8119 SHA1 (patch-scripts_Makefile.frag) = 904ce6d96e5bead5046decefe3a70c193c3ce2ad SHA1 (patch-scripts_php-config.in) = 93235651b206162632cef94be462d29072ee4276 SHA1 (patch-scripts_phpize.in) = 14c159887834583032213845c97060c76be1b6fa @ 1.42 log @lang/php81: update to 8.1.34 PHP 8.1.34 (2025-12-18) - Curl: . Fix curl build and test failures with version 8.16. (nielsdos, ilutov, Jakub Zelenka) - Opcache: . Reset global pointers to prevent use-after-free in zend_jit_status(). (Florian Engelhardt) - PDO: . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka) - Standard: . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). (ndossche) . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) (ndossche) . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) (ndossche) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.41 2025/07/04 01:24:52 taca Exp $ @ 1.41 log @lang/php81: update to 8.1.33 PHP 8.1.33 (2025-07-03) - PGSQL: . Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka) - SOAP: . Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos) - Standard: . Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.40 2025/06/14 14:00:12 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.33.tar.xz) = 478daa8c3289445314abf3fa1511ed56ab1204bf21272d89e6db2b901cdbc061 SHA512 (php-8.1.33.tar.xz) = 657b5e3689edcb83d55c1e3c4403e714dd3f29824a678da622678fff3bfc9d333b5de07e136d856a4e6bc981f104c999797500046df7fefdf3880e76574d8880 Size (php-8.1.33.tar.xz) = 11898724 bytes a12 1 SHA1 (patch-ext_xml_compat.c) = 6c1772a5a0bc59e6118746608c1858c50ffa3f88 @ 1.40 log @lang/php81: fix compatibiltiy with libxml2>=2.13 Fix compatibiltiy with libxml2>=2.13. This compatibiltiy problem cause lang/pear break with php. Found on . Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.39 2025/06/11 14:58:26 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.32.tar.xz) = b0555666ee77e5fc629cde2879d0336b1d39324032be82d68ab259cd8150444a SHA512 (php-8.1.32.tar.xz) = d8084415ead65d685c68c4264e793abb1322b01e120c2ac09c2e33889a13513fb42401621fcb702e36bc1a3239b317a4c10e20c676bb19eb05749a6d6e646318 Size (php-8.1.32.tar.xz) = 11893516 bytes @ 1.40.2.1 log @Pullup ticket #6977 - requested by taca lang/php81: Security fix Revisions pulled up: - lang/php/phpversion.mk 1.469 - lang/php81/Makefile 1.35 - lang/php81/distinfo 1.41 --- Module Name: pkgsrc Committed By: taca Date: Fri Jul 4 01:24:52 UTC 2025 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: Makefile distinfo Log Message: lang/php81: update to 8.1.33 PHP 8.1.33 (2025-07-03) - PGSQL: . Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka) - SOAP: . Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos) - Standard: . Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (php-8.1.33.tar.xz) = 478daa8c3289445314abf3fa1511ed56ab1204bf21272d89e6db2b901cdbc061 SHA512 (php-8.1.33.tar.xz) = 657b5e3689edcb83d55c1e3c4403e714dd3f29824a678da622678fff3bfc9d333b5de07e136d856a4e6bc981f104c999797500046df7fefdf3880e76574d8880 Size (php-8.1.33.tar.xz) = 11898724 bytes @ 1.39 log @lang/php{74,81,82,83,84}: correct include_path Correct default include_path in configuration files. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.38 2025/04/07 17:33:36 taca Exp $ d13 1 @ 1.38 log @Correct pear path in configure.ac for consistency. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.37 2025/03/14 15:25:31 taca Exp $ d15 2 a16 2 SHA1 (patch-php.ini-development) = 09747cf58c7a29167bd01c48a373e0d75286fdba SHA1 (patch-php.ini-production) = f90ae8ea49a0f83964e45354d36df2d7b33f3e1b @ 1.37 log @lang/php81: update to 8.1.32 This is security release. PHP 8.1.32 (2025-03-13) - LibXML: . Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos) . Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219) (timwolla) - Streams: . Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) (Jakub Zelenka) . Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka) . Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) (Jakub Zelenka) . Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217) (Jakub Zelenka) - Windows: . Fixed phpize for Windows 11 (24H2). (bwoebi) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.36 2025/02/08 02:59:29 taca Exp $ d8 1 a8 1 SHA1 (patch-configure.ac) = 18bb37f904beac1ff1cba8c186cd8f589bd66af3 @ 1.36 log @lang/php81: multiple PHP support @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.35 2024/11/25 14:39:25 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.31.tar.xz) = 8e5ede33e93839cec05a78963fe4093341ee1ca3531ff1f19a6cec931b6b74fe SHA512 (php-8.1.31.tar.xz) = a9bf632ab365db4fce2fc96744e7da7042e8d556fb5bd8d17d161a931ba93eb2eb7bb4e6d884f644ae2a6f3147e558b9e36862f531340e3a6fa7618cc6ad1dc2 Size (php-8.1.31.tar.xz) = 11916684 bytes @ 1.35 log @lang/php81: update to 8.1.31 PHP 8.1.31 (2024-11-21) - CLI: . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos) - LDAP: . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932) (nielsdos) - MySQLnd: . Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka) - PDO DBLIB: . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) (nielsdos) - PDO Firebird: . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) (nielsdos) - Streams: . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka) . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.34 2024/09/28 15:08:01 taca Exp $ d6 3 a8 1 SHA1 (patch-build_php.m4) = 5b86e63ccdce4e654acc9361f4d275f23b5afd46 d15 3 a17 3 SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72 SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6 SHA1 (patch-sapi_apache2handler_config.m4) = 0cc7e66a81797b4a00fba38f547c4862870de417 d19 1 d21 6 a26 1 SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0 @ 1.34 log @lang/php81: update to 8.1.30 PHP 8.1.30 (2024-09-26) - CGI: . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) (nielsdos) - FPM: . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) (Jakub Zelenka) - SAPI: . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) (Arnaud) 06 Jun 2024, PHP 8.1.29 - CGI: . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.33 2024/06/07 13:54:25 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.30.tar.xz) = b55caf976f318d2d8db48322f54af260feb9aeaa2c9cf50928c6ec1a09436722 SHA512 (php-8.1.30.tar.xz) = cdca1c1671362272bf6c2abf45d097b42ca06c0abf962ee814bf478f8b346f274f42a1b1aa6603cdd59a1978a8b9d1971b589706f2909b6ea34594de0edaee1e Size (php-8.1.30.tar.xz) = 11850340 bytes @ 1.33 log @lang/php81: update to 8.1.29 pkgsrc change: Instead of patch configure, patch m4 files and use autoconf to generate configure. PHP 8.1.29 (2024-06-06) - CGI: . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2024/04/13 02:53:35 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.29.tar.xz) = ba21a632f93e60e0a7111abba136333a5430f04e5ba64336838a24137934f0df SHA512 (php-8.1.29.tar.xz) = fd4f75224f71111a4cc40b3015ae70ac57a623326a3299da9ab8bd9dfad4ea27ff345d0eb75f1407d183207e763d372d738bbd8d217d01ec1414d29a547e8ba7 Size (php-8.1.29.tar.xz) = 11826292 bytes @ 1.32 log @lang/php81: update to 8.1.27 This release includes security fixes. 11 Apr 2024, PHP 8.1.28 - Standard: . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2024/01/05 02:10:34 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.1.28.tar.xz) = 3c9676ad6d04d5006f3135f377f22fab86b3f1f6804977b290e4bf9685d214c0 SHA512 (php-8.1.28.tar.xz) = d56ecac164e00e9514cd3c6c8c453598b323118dc7d7ae7cc14ba0847d50a2e455b2391f52e0d81af325b02d8f73a7d2ed66bf66d068dac4a496d777c83a398f Size (php-8.1.28.tar.xz) = 11848504 bytes SHA1 (patch-configure) = bf9d652aa5b5509b08ce7cdb6168936ca7b80584 d15 1 @ 1.31 log @lang/php81: update to 8.1.27 PHP 8.1.27 (2023-12-21) - Core: . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler). (ilutov) . Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend). (ilutov) . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt) - DOM: . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix). (nielsdos) - FPM: . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval). (Patrick Prasse) - Intl: . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos) - LibXML: . Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303) - MySQLnd: . Avoid using uninitialised struct. (mikhainin) - OpenSSL: . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs). (Jakub Zelenka) - PCRE: . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos) - PGSQL: . Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov) - PHPDBG: . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos) - SQLite3: . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0). (SakiTakamachi) - Standard: . Fix memory leak in syslog device handling. (danog) . Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost). (nielsdos) . Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array). (nielsdos) - Streams: . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault). (Jakub Zelenka) - Zip: . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior). (Remi) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.30 2023/11/24 06:03:45 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.27.tar.xz) = adeaa2ba18ec7bf532947556261be717e6be2a6c8dc191a839eadcb6b682dc62 SHA512 (php-8.1.27.tar.xz) = 07fb2b8e10e2487635e26bfd8a27949a26b85f76bc3984ad8599224bb7a7f9498d84299335ae5a0bba16599275e9747ab141f73f4f2076ddf49ebec8e76fd0ed Size (php-8.1.27.tar.xz) = 11915228 bytes @ 1.31.2.1 log @Pullup ticket #6849 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.429 - lang/php81/distinfo 1.32 --- Module Name: pkgsrc Committed By: taca Date: Sat Apr 13 02:53:35 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Log Message: lang/php81: update to 8.1.27 This release includes security fixes. 11 Apr 2024, PHP 8.1.28 - Standard: . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2024/01/05 02:10:34 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.28.tar.xz) = 3c9676ad6d04d5006f3135f377f22fab86b3f1f6804977b290e4bf9685d214c0 SHA512 (php-8.1.28.tar.xz) = d56ecac164e00e9514cd3c6c8c453598b323118dc7d7ae7cc14ba0847d50a2e455b2391f52e0d81af325b02d8f73a7d2ed66bf66d068dac4a496d777c83a398f Size (php-8.1.28.tar.xz) = 11848504 bytes @ 1.31.2.2 log @Pullup ticket #6865 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.433 - lang/php81/Makefile 1.22-1.23 - lang/php81/Makefile.php 1.2 - lang/php81/distinfo 1.33 - lang/php81/patches/patch-build_php.m4 1.1 - lang/php81/patches/patch-configure deleted - lang/php81/patches/patch-sapi_apache2handler_config.m4 1.1 --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 13:54:25 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: Makefile distinfo Added Files: pkgsrc/lang/php81/patches: patch-build_php.m4 patch-sapi_apache2handler_config.m4 Removed Files: pkgsrc/lang/php81/patches: patch-configure Log Message: lang/php81: update to 8.1.29 pkgsrc change: Instead of patch configure, patch m4 files and use autoconf to generate configure. PHP 8.1.29 (2024-06-06) - CGI: . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 23:11:41 UTC 2024 Modified Files: pkgsrc/lang/php81: Makefile Makefile.php pkgsrc/lang/php82: Makefile Makefile.php pkgsrc/lang/php83: Makefile Makefile.php pkgsrc/www/ap-php: Makefile pkgsrc/www/php-fpm: Makefile Log Message: Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31.2.1 2024/04/22 12:56:30 bsiegert Exp $ d3 4 a6 4 BLAKE2s (php-8.1.29.tar.xz) = ba21a632f93e60e0a7111abba136333a5430f04e5ba64336838a24137934f0df SHA512 (php-8.1.29.tar.xz) = fd4f75224f71111a4cc40b3015ae70ac57a623326a3299da9ab8bd9dfad4ea27ff345d0eb75f1407d183207e763d372d738bbd8d217d01ec1414d29a547e8ba7 Size (php-8.1.29.tar.xz) = 11826292 bytes SHA1 (patch-build_php.m4) = 5b86e63ccdce4e654acc9361f4d275f23b5afd46 a14 1 SHA1 (patch-sapi_apache2handler_config.m4) = 0cc7e66a81797b4a00fba38f547c4862870de417 @ 1.30 log @lang/php81: update to 8.1.26 PHP 8.1.26 (2023-11-23) - Core: . Fixed bug GH-12468 (Double-free of doc_comment when overriding static property via trait). (ilutov) . Fixed segfault caused by weak references to FFI objects. (sj-i) . Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas) - DOM: . Fix registerNodeClass with abstract class crashing. (nielsdos) . Add missing NULL pointer error check. (icy17) . Fix validation logic of php:function() callbacks. (nielsdos) - Fiber: . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi) - FPM: . Fixed bug GH-9921 (Loading ext in FPM config does not register module handlers). (Jakub Zelenka) . Fixed bug GH-12232 (FPM: segfault dynamically loading extension without opcache). (Jakub Zelenka) - Intl: . Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale. (David Carlier) - Opcache: . Added warning when JIT cannot be enabled. (danog) . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov) - OpenSSL: . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify). (Jakub Zelenka) - PCRE: . Fixed bug GH-11374 (Backport upstream fix, Different preg_match result with -d pcre.jit=0). (mvorisek) - SOAP: . Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes). (nielsdos) . Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation Fault). (nielsdos) . Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos) . Fix incorrect uri check in SOAP caching. (nielsdos) . Fix segfault and assertion failure with refcounted props and arrays. (nielsdos) . Fix potential crash with an edge case of persistent encoders. (nielsdos) . Fixed bug #75306 (Memleak in SoapClient). (nielsdos) - Streams: . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers). (Jakub Zelenka) - XMLReader: . Add missing NULL pointer error check. (icy17) - XMLWriter: . Add missing NULL pointer error check. (icy17) - XSL: . Add missing module dependency. (nielsdos) . Fix validation logic of php:function() callbacks. (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.29 2023/10/27 15:04:30 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.26.tar.xz) = e1c38d5d43d772c40bdc201924fb64ee975dca58a67bb167c5d876bae5bab6fc SHA512 (php-8.1.26.tar.xz) = 5bc40077e57c0fccdf17810d688baea416f22ac248bb01b73d2e2590fc4cfabc7001c1c3833281a60870c74178f7b06cbc85474eba695aabf969ad0081a98417 Size (php-8.1.26.tar.xz) = 11809448 bytes @ 1.29 log @lang/php81: update to 8.1.25 26 Oct 2023, PHP 8.1.25 - Core: . Fixed bug GH-12207 (memory leak when class using trait with doc block). (rioderelfte) . Fixed bug GH-12215 (Module entry being overwritten causes type errors in ext/dom). (nielsdos) . Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky) . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos) - CLI: . Ensure a single Date header is present. (coppolafab) - CType: . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater). (nielsdos) - DOM: . Restore old namespace reconciliation behaviour. (nielsdos) . Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos) - Fileinfo: . Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise) - Filter: . Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov) - Hash: . Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext). (MaxSem) - Intl: . Fixed bug GH-12243 (segfault on IntlDateFormatter::construct). (David Carlier) . Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception on an invalid locale). (David Carlier) - MySQLnd: . Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line). (nielsdos) - Opcache: . Fixed opcache_invalidate() on deleted file. (mikhainin) . Fixed bug GH-12380 (JIT+private array property access inside closure accesses private property in child class). (nielsdos) - PCRE: . Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result). (nielsdos) - SimpleXML: . Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos) . Fixed bug GH-12223 (Entity reference produces infinite loop in var_dump/print_r). (nielsdos) . Fixed bug GH-12167 (Unable to get processing instruction contents in SimpleXML). (nielsdos) . Fixed bug GH-12169 (Unable to get comment contents in SimpleXML). (nielsdos) - Streams: . Fixed bug GH-12190 (binding ipv4 address with both address and port at 0). (David Carlier) - XML: . Fix return type of stub of xml_parse_into_struct(). (nielsdos) . Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos) - XSL: . Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML. (nielsdos) - Sockets: . Fix socket_export_stream() with wrong protocol (twosee) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2023/09/29 15:11:00 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.25.tar.xz) = b26a1030c2ae637b4017dd3db1f6d2ceaae04de4a7ec7bd0c86e1fbf37e1c917 SHA512 (php-8.1.25.tar.xz) = c03f97d87f9e09121e00772d40cf21497870a8613106595c177b1bb8d1f6f2318b0d760959b2b3ecce2a5653788b2df232e32f34c43d0779240a86dc21feffde Size (php-8.1.25.tar.xz) = 11888112 bytes @ 1.28 log @lang/php81: update to 8.1.24 28 Sep 2023, PHP 8.1.24 - Core: . Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov) . Fixed bug GH-11790 (On riscv64 require libatomic if actually needed). (Jeremie Courreges-Anglas) . Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures). (ilutov) . Fixed bug GH-12060 (Internal iterator rewind handler is called twice). (ju1ius) . Fixed bug GH-12102 (Incorrect compile error when using array access on TMP value in function call). (ilutov) - DOM: . Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos) - Iconv: . Fixed build for NetBSD which still uses the old iconv signature. (David Carlier) - Intl: . Fixed bug GH-12020 (intl_get_error_message() broken after MessageFormatter::formatMessage() fails). (Girgias) - MySQLnd: . Fixed bug GH-10270 (Invalid error message when connection via SSL fails: "trying to connect via (null)"). (Kamil Tekiela) - ODBC: . Fixed memory leak with failed SQLPrepare. (NattyNarwhal) . Fixed persistent procedural ODBC connections not getting closed. (NattyNarwhal) - SimpleXML: . Fixed bug #52751 (XPath processing-instruction() function is not supported). (nielsdos) - SPL: . Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18). (nielsdos) - SQLite3: . Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with a callable array). (nielsdos, arnaud-lb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.27 2023/09/02 14:49:39 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.24.tar.xz) = 0b21fdd8460a54a784e37af5a3071d00d3f005f4db559c90762c64a91d49fe1a SHA512 (php-8.1.24.tar.xz) = 4a77498ddfdb171de9fa4d7c6e0155c4a5126fcd813c0370d0c7a23b3daec18e95f4b45df6a3473fc665687a3fe51ae1479f42f57658391d170ea9a8849f8fc8 Size (php-8.1.24.tar.xz) = 11793756 bytes @ 1.27 log @lang/php81: update to 8.1.23 31 Aug 2023, PHP 8.1.23 - CLI: . Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1). (nielsdos) . Fixed bug GH-10964 (Improve man page about the built-in server). (Alexandre Daubois) - Core: . Fixed strerror_r detection at configuration time. (Kévin Dunglas) - Date: . Fixed bug GH-11416: Crash with DatePeriod when uninitialised objects are passed in. (Derick) - DOM: . Fix DOMEntity field getter bugs. (nielsdos) . Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS. (nielsdos) . Fix DOMCharacterData::replaceWith() with itself. (nielsdos) . Fix empty argument cases for DOMParentNode methods. (nielsdos) . Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone). (nielsdos) . Fix json_encode result on DOMDocument. (nielsdos) . Fix manually calling __construct() on DOM classes. (nielsdos) . Fixed bug GH-11830 (ParentNode methods should perform their checks upfront). (nielsdos) . Fix segfault when DOMParentNode::prepend() is called when the child disappears. (nielsdos) - FFI: . Fix leaking definitions when using FFI::cdef()->new(...). (ilutov) - MySQLnd: . Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL). (nielsdos) . Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters). (nielsdos, Kamil Tekiela) . Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault). (Yurunsoft) . Fixed invalid error message "Malformed packet" when connection is dropped. (Kamil Tekiela) - Opcache: . Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong). (nielsdos) . Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress. (mikhainin) - PCNTL: . Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22. (nielsdos) - SPL: . Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free). (nielsdos) - Standard: . Prevent int overflow on $decimals in number_format. (Marc Bennewitz) . Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2023/08/05 08:43:16 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.23.tar.xz) = 8bb60a7f336ad50bf5156a353a71be4d1d8691cb5d35d7231d178ce68c3e1482 SHA512 (php-8.1.23.tar.xz) = deb1c205c289d5457e6341680d1a3344f21ff8abf904b45b78391fdae6e0c172c5d760f0b639669722f9a8600286515d63bdea46043e5d7b4db4666bc2dde7ea Size (php-8.1.23.tar.xz) = 11871960 bytes @ 1.26 log @lang/php81: update to 8.1.22 03 Aug 2023, PHP 8.1.22 - Build: . Fixed bug GH-11522 (PHP version check fails with '-' separator). (SVGAnimate) - CLI: . Fix interrupted CLI output causing the process to exit. (nielsdos) - Core: . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). (ilutov) . Fixed use-of-uninitialized-value with ??= on assert. (ilutov) . Fixed build for FreeBSD before the 11.0 releases. (David Carlier) - Curl: . Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos) - Date: . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick) - DOM: . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos) - Fileinfo: . Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol) - FTP: . Fix context option check for "overwrite". (JonasQuinten) . Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos) - GD: . Fix most of the external libgd test failures. (Michael Orlitzky) - Hash: . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature. (ilutov) - Intl: . Fix memory leak in MessageFormatter::format() on failure. (Girgias) - Libxml: . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) - MBString: . Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos) - Opcache: . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos) . Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos) - PCNTL: . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos) - PCRE: . Mangle PCRE regex cache key with JIT option. (mvorisek) - PDO: . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi) - PDO SQLite: . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias) - Phar: . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos) . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos) - PHPDBG: . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr) - Session: . Removed broken url support for transferring session ID. (ilutov) - Standard: . Fix serialization of RC1 objects appearing in object graph twice. (ilutov) - SQLite3: . Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2023/07/07 12:51:19 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.22.tar.xz) = bedc63f43971576a55baaffa7faaafd720c4cee88913201f90d45fb93fa21a25 SHA512 (php-8.1.22.tar.xz) = d5848f4174f47499207451ae7a8d7c254c1f06a9b500c907f9bff3c790e4a6a417d49cabb23b6e5f370d4f515c1ca9920ef2b3584be8979413dd4085549d9a8a Size (php-8.1.22.tar.xz) = 11809048 bytes @ 1.25 log @lang/php81: update to 8.1.21 PHP 8.1.21 (2023-07-06) - CLI: . Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS). (James Lucas) - Core: . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili) - Curl: . Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL). (nielsdos) - DOM: . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith). (nielsdos) . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value). (nielsdos) . Fix return value in stub file for DOMNodeList::item. (divinity76) . Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS. (nielsdos) . Fix DOMElement::append() and DOMElement::prepend() hierarchy checks. (nielsdos) . Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query). (nielsdos) . Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces). (nielsdos) . Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself). (nielsdos) . Fixed bug #77686 (Removed elements are still returned by getElementById). (nielsdos) . Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()). (nielsdos) . Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos) . Fix lifetime issue with getAttributeNodeNS(). (nielsdos) . Fix "invalid state error" with cloned namespace declarations. (nielsdos) . Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues). (nielsdos) . Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap). (nielsdos) - Opcache: . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos) . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB) . Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked). (nielsdos) - OpenSSL: . Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka). - PGSQL: . Fixed intermittent segfault with pg_trace. (David Carlier) - Phar: . Fix cross-compilation check in phar generation for FreeBSD. (peter279k) - SPL: . Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash). (nielsdos) - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) . Fix exception handling in array_multisort(). (ilutov) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2023/06/09 13:18:55 taca Exp $ d3 4 a6 5 BLAKE2s (php-8.1.21.tar.xz) = 602ab8065692c49bc5b94935cf36f3397b61b52ffd6ef4bef941563618722697 SHA512 (php-8.1.21.tar.xz) = aeb62947e12646a530b6f61efe9350e4a3632d421ee0bec6a1d26dc2fd680c782e12cbad06496f2d4ffcddf5182aa3438c19a59b0d593fc43789271241ec0383 Size (php-8.1.21.tar.xz) = 11862320 bytes SHA1 (patch-build_libtool.m4) = e58a2bcebe9e9d7dc7255354fd9fe57878e3f8a6 SHA1 (patch-configure) = e91e22267a9b7ebcc16a586ba6f325c772adb13c @ 1.24 log @lang/php81: update to 8.1.20 8.1.20 (2023-06-08) Core: * Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). * Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). * Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). Date: * Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). Exif: * Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). FPM: * Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). * Fixed bug #64539 (FPM status page: query_string not properly JSON encoded). * Fixed memory leak for invalid primary script file handle. Hash: * Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). LibXML: * Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). Opcache: * Fixed bug GH-11134 (Incorrect match default branch optimization). * Fixed too wide OR and AND range inference. * Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). PGSQL: * Fixed parameter parsing of pg_lo_export(). Phar: * Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done). Soap: * Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). * Fixed bug GH-8426 (make test fail while soap extension build). SPL: * Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). Standard: * Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). * Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). Streams: * Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). * Fixed bug GH-11175 (Stream Socket Timeout). * Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2023/05/14 14:52:45 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.20.tar.xz) = fff1e7a2784caad39e2ceadf63d792014db24dc0533555646422733e407da9b5 SHA512 (php-8.1.20.tar.xz) = d93767c6ff4d305c209e1a0fcb17f19b1d417fa872b002413ebe7883e93900c210e8f122410ac54da373b9d10dd2f522ea2bafc9b66214fb466314d64907a558 Size (php-8.1.20.tar.xz) = 11793228 bytes @ 1.24.2.1 log @Pullup ticket #6786 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.403-1.404 - lang/php81/distinfo 1.25-1.26 - lang/php81/patches/patch-build_libtool.m4 deleted - lang/php81/patches/patch-configure 1.2 --- Module Name: pkgsrc Committed By: taca Date: Fri Jul 7 12:51:19 UTC 2023 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Log Message: lang/php81: update to 8.1.21 PHP 8.1.21 (2023-07-06) - CLI: . Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS). (James Lucas) - Core: . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili) - Curl: . Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL). (nielsdos) - DOM: . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith). (nielsdos) . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value). (nielsdos) . Fix return value in stub file for DOMNodeList::item. (divinity76) . Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS. (nielsdos) . Fix DOMElement::append() and DOMElement::prepend() hierarchy checks. (nielsdos) . Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query). (nielsdos) . Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces). (nielsdos) . Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself). (nielsdos) . Fixed bug #77686 (Removed elements are still returned by getElementById). (nielsdos) . Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()). (nielsdos) . Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos) . Fix lifetime issue with getAttributeNodeNS(). (nielsdos) . Fix "invalid state error" with cloned namespace declarations. (nielsdos) . Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues). (nielsdos) . Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap). (nielsdos) - Opcache: . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos) . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB) . Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked). (nielsdos) - OpenSSL: . Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka). - PGSQL: . Fixed intermittent segfault with pg_trace. (David Carlier) - Phar: . Fix cross-compilation check in phar generation for FreeBSD. (peter279k) - SPL: . Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash). (nielsdos) - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) . Fix exception handling in array_multisort(). (ilutov) --- Module Name: pkgsrc Committed By: taca Date: Sat Aug 5 08:43:16 UTC 2023 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo pkgsrc/lang/php81/patches: patch-configure Removed Files: pkgsrc/lang/php81/patches: patch-build_libtool.m4 Log Message: lang/php81: update to 8.1.22 03 Aug 2023, PHP 8.1.22 - Build: . Fixed bug GH-11522 (PHP version check fails with '-' separator). (SVGAnimate) - CLI: . Fix interrupted CLI output causing the process to exit. (nielsdos) - Core: . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). (ilutov) . Fixed use-of-uninitialized-value with ??= on assert. (ilutov) . Fixed build for FreeBSD before the 11.0 releases. (David Carlier) - Curl: . Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos) - Date: . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick) - DOM: . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos) - Fileinfo: . Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol) - FTP: . Fix context option check for "overwrite". (JonasQuinten) . Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos) - GD: . Fix most of the external libgd test failures. (Michael Orlitzky) - Hash: . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature. (ilutov) - Intl: . Fix memory leak in MessageFormatter::format() on failure. (Girgias) - Libxml: . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) - MBString: . Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos) - Opcache: . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos) . Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos) - PCNTL: . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos) - PCRE: . Mangle PCRE regex cache key with JIT option. (mvorisek) - PDO: . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi) - PDO SQLite: . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias) - Phar: . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos) . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos) - PHPDBG: . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr) - Session: . Removed broken url support for transferring session ID. (ilutov) - Standard: . Fix serialization of RC1 objects appearing in object graph twice. (ilutov) - SQLite3: . Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2023/06/09 13:18:55 taca Exp $ d3 5 a7 4 BLAKE2s (php-8.1.22.tar.xz) = bedc63f43971576a55baaffa7faaafd720c4cee88913201f90d45fb93fa21a25 SHA512 (php-8.1.22.tar.xz) = d5848f4174f47499207451ae7a8d7c254c1f06a9b500c907f9bff3c790e4a6a417d49cabb23b6e5f370d4f515c1ca9920ef2b3584be8979413dd4085549d9a8a Size (php-8.1.22.tar.xz) = 11809048 bytes SHA1 (patch-configure) = bf9d652aa5b5509b08ce7cdb6168936ca7b80584 @ 1.23 log @lang/php81: update to 8.1.19 11 May 2023, PHP 8.1.19 - Core: . Fix inconsistent float negation in constant expressions. (ilutov) . Fixed bug GH-8841 (php-cli core dump calling a badly formed function). (nielsdos) . Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB) . Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos) . Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=). (ilutov) - DOM: . Fixed bug #80602 (Segfault when using DOMChildNode::before()). (Nathan Freeman) . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos) - Exif: . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index). (nielsdos) - Intl: . Fixed bug GH-11071 (TZData version not displayed anymore). (Remi) - PCRE: . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov) - Standard: . Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference). (nielsdos) . Fixed bug GH-9775 (Duplicates returned by array_unique when using enums). (ilutov) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2023/04/15 02:19:13 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.19.tar.xz) = 0ba8e59d522e678b3812e751b7c07fe15cdf7aa8a08cf81196d5db7204679770 SHA512 (php-8.1.19.tar.xz) = 37c27cc627f59b4fdb1242287b58e1b7a2c266696a5a3baa0047445c9b122721187fbc233799c7f57cfc1732b27e67761fd3fd43b89a7ad216ea154a90913999 Size (php-8.1.19.tar.xz) = 11847576 bytes @ 1.22 log @lang/php81: update to 8.1.18 13 Apr 2023, PHP 8.1.18 - Core: . Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas) . Fixed use-after-free in recursive AST evaluation. (ilutov) . Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos) . Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault). (nielsdos) . Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache). (nielsdos) . Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown). (nielsdos) . Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()). (ilutov) . Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov) - Date: . Fixed bug GH-10583 (DateTime modify with tz pattern should not update linked timezone). (Derick) - FPM: . Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos) . Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos) . Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path). (Jakub Zelenka) - FTP: . Propagate success status of ftp_close(). (nielsdos) . Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB). (nielsdos) - IMAP: . Fix build failure with Clang 16. (orlitzky) - MySQLnd: . Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections). (nielsdos) - Opcache: . Fixed build for macOS to cater with pkg-config settings. (David Carlier) . Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context). (nielsdos) - OpenSSL: . Add missing error checks on file writing functions. (nielsdos) - PDO Firebird: . Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland). (nielsdos) - PDO ODBC: . Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos) - Phar: . Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)). (nielsdos) . Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit(). (nielsdos) - PGSQL: . Fixed typo in the array returned from pg_meta_data (extended mode). (David Carlier) - SPL: . Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman) . Fixed bug GH-10844 (ArrayIterator allows modification of readonly props). (ilutov) - Standard: . Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov) . Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)). (nielsdos) . Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure). (ilutov) . Fixed undefined behaviour in unpack(). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2023/03/16 13:52:01 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.18.tar.xz) = bd083314dbd93c65225951fc0c24da991aa44b459f2c23c1535e7aed78d146d5 SHA512 (php-8.1.18.tar.xz) = e30dba23ab8711a04c21ad040d69807f479760a20f363fe3f91a297e9e6463d9558299b15231e00e2b1c95d03309e03bde8cbbe4043fce3e1b965236ece1d0f3 Size (php-8.1.18.tar.xz) = 11782240 bytes @ 1.21 log @lang/php81: update to 8.1.17 16 Mar 2023, PHP 8.1.17 - Core: . Fixed incorrect check condition in ZEND_YIELD. (nielsdos) . Fixed incorrect check condition in type inference. (nielsdos) . Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos) . Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes). (Arnaud) . Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout). (trowski) . Fixed SSA object type update for compound assignment opcodes. (nielsdos) . Fixed language scanner generation build. (Daniel Black) . Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type. (nielsdos) . Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name). (nielsdos) . Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized. (nielsdos) - Curl: . Fixed deprecation warning at compile time. (Max Kellermann) . Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback). (Pierrick Charron) - Date: . Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick) - FFI: . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos) - Fiber: . Fixed assembly on alpine x86. (nielsdos) . Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber). (Bob, Arnaud) - FPM: . Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka) . Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos) - Intl: . Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0. (Nathan Freeman) - JSON: . Fixed JSON scanner and parser generation build. (Daniel Black, Jakub Zelenka) - MBString: . ext/mbstring: fix new_value length check. (Max Kellermann) . Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos) - Opcache: . Fix incorrect page_size check. (nielsdos) - OpenSSL: . Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos) - PDO OCI: . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars). (Michael Voříšek) - PHPDBG: . Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos) - PGSQL: . Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias) - Phar: . Fix incorrect check in phar tar parsing. (nielsdos) - Reflection: . Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments). (nielsdos) . Fix Segfault when using ReflectionFiber suspended by an internal function. (danog) - Session: . Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos). - Standard: . Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) . Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos) . Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes . Fix incorrect error check in browsecap for pcre2_match(). (nielsdos) - Tidy: . Fix memory leaks when attempting to open a non-existing file or a file over 4GB. (Girgias) . Add missing error check on tidyLoadConfig. (nielsdos) - Zlib: . Fixed output_handler directive value's length which counted the string terminator. (nieldos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2023/02/19 12:54:23 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.17.tar.xz) = e93509ec942b8d13d06a40ccca2e1df13b1323fa18e840461ad2083cd44bd7c4 SHA512 (php-8.1.17.tar.xz) = c139f805a6373d8a849954ed6df04e459fca01ae3dc576ba9327d0a988fb5a79dd99ed40754a5aba91eaccb80e75dfaa6b6f31f5802d8f8576df2f625cfdd3f6 Size (php-8.1.17.tar.xz) = 11818552 bytes @ 1.20 log @lang/php81: set DIST_SUBDIR for safety @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (php81-20230214/php-8.1.16.tar.xz) = f87094e12870371bcdd17e09fdc01fd092cd16e899468ae9b14c02cd9c3f729e SHA512 (php81-20230214/php-8.1.16.tar.xz) = 4515da38803272abfafb069d1684c66dbb5086987b148c48dd7d8acf8f5316d255cf321ec57d6fbffe914a35551a533446ac13c34bb7c984e0d109247e8e64da Size (php81-20230214/php-8.1.16.tar.xz) = 11760948 bytes @ 1.19 log @php81: revbump, upstream re-released the tarball. https://news-web.php.net/php.announce/349 https://github.com/php/php-src/issues/10595 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2023/02/15 14:16:44 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.16.tar.xz) = f87094e12870371bcdd17e09fdc01fd092cd16e899468ae9b14c02cd9c3f729e SHA512 (php-8.1.16.tar.xz) = 4515da38803272abfafb069d1684c66dbb5086987b148c48dd7d8acf8f5316d255cf321ec57d6fbffe914a35551a533446ac13c34bb7c984e0d109247e8e64da Size (php-8.1.16.tar.xz) = 11760948 bytes @ 1.18 log @lang/php81: update to 8.1.16 14 Feb 2023, PHP 8.1.16 - Core: . Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567). (Tim Düsterhus) . Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568). (Niels Dossche) - SAPI: . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2023/02/03 14:43:23 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.16.tar.xz) = 91915b87301069cd1947f0136c8cceb21eb87fa3d9739a3d696c5a7d79fa2bd3 SHA512 (php-8.1.16.tar.xz) = c80811d4faa5e1b98d77157f1465f1c3b40a5dcd9e2ad527ee9e352988a755594626f63257406e022188679dec863943708d7fd97d70c1b1a54d68909c027a8f Size (php-8.1.16.tar.xz) = 12198108 bytes @ 1.17 log @lang/php81: update to 8.1.15 02 Feb 2023, PHP 8.1.15 - Apache: . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb) - Core: . Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code). (Derick) . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos) . Fix wrong comparison in block optimisation pass after opcode update. (nieldsdos) - Date: . Fixed bug GH-9891 (DateTime modify with unixtimestamp (@@) must work like setTimestamp). (Derick) . Fixed bug GH-10218 (DateTimeZone fails to parse time zones that contain the "+" character). (Derick) - Fiber: . Fix assertion on stack allocation size. (nielsdos) - FPM: . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header). (Jakub Zelenka) . Fixed bug #67244 (Wrong owner:group for listening unix socket). (Jakub Zelenka) - Hash: . Handle exceptions from __toString in XXH3's initialization (nielsdos) - LDAP: . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()). (cmb) - MBString: . Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character. (Alex Dowad) - Opcache: . Fix inverted bailout value in zend_runtime_jit() (Max Kellermann). . Fix access to uninitialized variable in accel_preload(). (nielsdos) . Fix zend_jit_find_trace() crashes. (Max Kellermann) . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann) - Phar: . Fix wrong flags check for compression method in phar_object.c (nielsdos) - PHPDBG: . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos) . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos) . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos) . Fix phpdbg segmentation fault in case of malformed input (nielsdos) - Posix: . Fix memory leak in posix_ttyname() (girgias) - Standard: . Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos) . Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos) - TSRM: . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre) - XMLWriter . Fix missing check for xmlTextWriterEndElement (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2023/01/07 07:40:47 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.15.tar.xz) = 97dc76fb186a949cadba89ec035bdec916ca2c8f6bc99cc29b7f40994e67ddf7 SHA512 (php-8.1.15.tar.xz) = 3a96530c91590d94165f1c65c8ea222ca3dd6579158ba33ce11477cc979bfbca3f07fdbe5910fd2157bc763ca096784c88e41b6647069b4ae41a42a3ee57e0b7 Size (php-8.1.15.tar.xz) = 11814272 bytes @ 1.16 log @lang/php81: update to 8.1.14 PHP 8.1.14 (2023-01-05) - Core: . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined). (cmb) . Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file). (Akama Hitoshi) . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek) . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb) - Date: . Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards - timezone related). (Derick) . Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy). (Derick) . Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()). (Derick) . Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone). (Derick) - FPM: . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694). (Petr Sumbera) . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING). (Jakub Zelenka) . Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said). (Jakub Zelenka) - MBString: . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1). (Nathan Freeman) - Opcache: . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload). (Arnaud, michdingpayc) - OpenSSL: . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec). (Jakub Zelenka) . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa). (Jakub Zelenka) - Pcntl: . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash). (Erki Aring) - PDO_Firebird: . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird). (cmb) - PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) (cmb) - Session: . Fixed GH-9932 (session name silently fails with . and [). (David Carlier) - SPL: . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias) . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered). (Girgias) - SQLite3: . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/11/25 16:53:13 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.14.tar.xz) = 64f8740713f8b43f3ddabdfa9e34278fc88182f99bad08dc924cfec60c34208c SHA512 (php-8.1.14.tar.xz) = 75a5dc3b0490cd8105d4f6c5446522b38953d78fe7b568798db749740f365c818b251d86aba72f5e555c5fe4e4a28e352a9510803bf3cdfe37d125824ae84d61 Size (php-8.1.14.tar.xz) = 11752004 bytes @ 1.15 log @lang/php81: update to 8.1.13 8.1.13 (2022-11-24) - CLI: . Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara) - Core: . Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params). (Arnaud) . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization). (Arnaud) . Fixed potential NULL pointer dereference Windows shm*() functions. (cmb) . Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation. (Arnaud) - Date: . Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes). (Derick) - FPM: . Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11). (Jakub Zelenka) - mysqli: . Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode). (Kamil Tekiela) - MySQLnd: . Fixed potential heap corruption due to alignment mismatch. (cmb) - OpenSSL: . Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build). (Jakub Zelenka, fsbruva) - SOAP: . Fixed GH-9720 (Null pointer dereference while serializing the response). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2022/10/30 10:16:24 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.13.tar.xz) = 1c9669c505645ba60827a2610469fde932d55f71ef42510af5a6f003c3b16bef SHA512 (php-8.1.13.tar.xz) = a8966798ed8e723a362952f9d381a59cbfd63d921466d68a5bc4527960f4fe1b48a1f188284c74b0723e93524787e4cf1c1322ecd6ec1c9be199fd67df0a0542 Size (php-8.1.13.tar.xz) = 11802424 bytes a17 1 SHA1 (patch-sapi_fpm_fpm_events_port.c) = 30ecee10f6d34b7422972e1e275b4f73c7fd964d @ 1.15.2.1 log @Pullup ticket #6717 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.384 - lang/php81/distinfo 1.16 - lang/php81/patches/patch-sapi_fpm_fpm_events_port.c deleted --- Module Name: pkgsrc Committed By: taca Date: Sat Jan 7 07:40:47 UTC 2023 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Removed Files: pkgsrc/lang/php81/patches: patch-sapi_fpm_fpm_events_port.c Log Message: lang/php81: update to 8.1.14 PHP 8.1.14 (2023-01-05) - Core: . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined). (cmb) . Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file). (Akama Hitoshi) . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Vo=F8=ED=B9ek) . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb) - Date: . Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards - timezone related). (Derick) . Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy). (Derick) . Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()). (Derick) . Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone). (Derick) - FPM: . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694). (Petr Sumbera) . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING). (Jakub Zelenka) . Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said). (Jakub Zelenka) - MBString: . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1). (Nathan Freeman) - Opcache: . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload). (Arnaud, michdingpayc) - OpenSSL: . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec). (Jakub Zelenka) . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa). (Jakub Zelenka) - Pcntl: . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash). (Erki Aring) - PDO_Firebird: . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird). (cmb) - PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) (cmb) - Session: . Fixed GH-9932 (session name silently fails with . and [). (David Carlier) - SPL: . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias) . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered). (Girgias) - SQLite3: . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2022/11/25 16:53:13 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.14.tar.xz) = 64f8740713f8b43f3ddabdfa9e34278fc88182f99bad08dc924cfec60c34208c SHA512 (php-8.1.14.tar.xz) = 75a5dc3b0490cd8105d4f6c5446522b38953d78fe7b568798db749740f365c818b251d86aba72f5e555c5fe4e4a28e352a9510803bf3cdfe37d125824ae84d61 Size (php-8.1.14.tar.xz) = 11752004 bytes d18 1 @ 1.14 log @lang/php81: update to 8.1.12 8.1.12 (2022-10-27) - Core: . Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier) - Fileinfo: . Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files). (Anatol) - GD: . Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb) - Hash: . Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be) - MBString: - Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader). (Alex Dowad) - Opcache: . Added indirect call reduction for jit on x86 architectures. (wxue1) - Session: . Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). (Girgias) - Streams: . Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2022/10/01 00:27:05 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.12.tar.xz) = 02b83ec30079831a2aff20d87b264bc73808feffed9acadb03ef9252fc37b3dc SHA512 (php-8.1.12.tar.xz) = 437b6a8146b58479f4d1acb7b35d68954f1f7bc13a8f3dddc66e1677d7e9b6a11154861f9e894cbd59b9c28d4df3fd5422f9b5553004e9fc8d0320ab59b9f907 Size (php-8.1.12.tar.xz) = 11747176 bytes @ 1.13 log @lang/php81: update to 8.1.11 29 Sep 2022, PHP 8.1.11 - Core: . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb) . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick) . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling) . Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb, Christian Schneider) . Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions). (ilutov) - DOM: . Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman) - FPM: . Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov) . Fixed bug #77780 ("Headers already sent..." when previous connection was aborted). (Jakub Zelenka) - GMP . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias) - Intl . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias) - PCRE: . Fixed pcre.jit on Apple Silicon. (Niklas Keller) - PDO_PGSQL: . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft) - Reflection: . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas) - Streams: . Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2022/09/01 16:32:35 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.11.tar.xz) = 17f8e0837c611eb6a8f342f34b6ac167ae70cf79f11f156f8237fac76130cf65 SHA512 (php-8.1.11.tar.xz) = 2a9eb4642b4077077f6551ca9a40fd2c48272cc1ee443117362331259efbec88bad0141b09f7a9ff710cde044f9463e1e668f7066b2429ea4274dec7291725cc Size (php-8.1.11.tar.xz) = 11797016 bytes @ 1.12 log @lang/php81: update to 8.1.10 01 Sep 2022, PHP 8.1.10 - Core: . Fixed --CGI-- support of run-tests.php. (cmb) . Fixed incorrect double to long casting in latest clang. (zeriyoshi) . Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present). (Michael Olšavský) - Date: . Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type). (Derick) . Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second). (Derick) . Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0). (Derick) . Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick) - DBA: . Fixed LMDB driver memory leak on DB creation failure (Girgias) . Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults) (cmb) - IMAP: . Fixed bug GH-9309 (Segfault when connection is used after imap_close()). (cmb) - Intl: . Fixed IntlDateFormatter::formatObject() parameter type. (Gert de Pagter) - MBString: . Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings). (cmb) - OPcache: . Fixed bug GH-9033 (Loading blacklist file can fail due to negative length). (cmb) . Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy). (Arnaud, Sergei Turchanov) - PDO_SQLite: . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb) - SQLite3: . Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values). (cmb) - Streams: . Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata). (Jakub Zelenka) . Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging). (Jakub Zelenka, Twosee) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2022/08/04 15:22:08 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.10.tar.xz) = 323e51e24ca6a1ebb7424056f4e86606fbeae88116452f9ffe863f5c6447bfb1 SHA512 (php-8.1.10.tar.xz) = d41595365a5a032a593dfaa13106ae66e78db59d3539a2d37cb5a536c38934b8a6ed90cf4e91fc4539cb2f018517ee4c6e696a4d2b6541bfa3c6fa5f1f9ca378 Size (php-8.1.10.tar.xz) = 11736192 bytes @ 1.12.2.1 log @Pullup ticket #6676 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.376 - lang/php81/distinfo 1.13 --- Module Name: pkgsrc Committed By: taca Date: Sat Oct 1 00:27:05 UTC 2022 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Log Message: lang/php81: update to 8.1.11 29 Sep 2022, PHP 8.1.11 - Core: . Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb) . Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick) . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling) . Fixed bug GH-9361 (Segmentation fault on script exit #9379). (cmb, Christian Schneider) . Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions). (ilutov) - DOM: . Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman) - FPM: . Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov) . Fixed bug #77780 ("Headers already sent..." when previous connection was aborted). (Jakub Zelenka) - GMP . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias) - Intl . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias) - PCRE: . Fixed pcre.jit on Apple Silicon. (Niklas Keller) - PDO_PGSQL: . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft) - Reflection: . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas) - Streams: . Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2022/09/01 16:32:35 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.11.tar.xz) = 17f8e0837c611eb6a8f342f34b6ac167ae70cf79f11f156f8237fac76130cf65 SHA512 (php-8.1.11.tar.xz) = 2a9eb4642b4077077f6551ca9a40fd2c48272cc1ee443117362331259efbec88bad0141b09f7a9ff710cde044f9463e1e668f7066b2429ea4274dec7291725cc Size (php-8.1.11.tar.xz) = 11797016 bytes @ 1.12.2.2 log @Pullup ticket #6699 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.378 - lang/php81/distinfo 1.14 --- Module Name: pkgsrc Committed By: taca Date: Sun Oct 30 10:16:24 UTC 2022 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Log Message: lang/php81: update to 8.1.12 8.1.12 (2022-10-27) - Core: . Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier) - Fileinfo: . Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files). (Anatol) - GD: . Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb) - Hash: . Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be) - MBString: - Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader). (Alex Dowad) - Opcache: . Added indirect call reduction for jit on x86 architectures. (wxue1) - Session: . Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). (Girgias) - Streams: . Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12.2.1 2022/10/03 14:29:14 bsiegert Exp $ d3 3 a5 3 BLAKE2s (php-8.1.12.tar.xz) = 02b83ec30079831a2aff20d87b264bc73808feffed9acadb03ef9252fc37b3dc SHA512 (php-8.1.12.tar.xz) = 437b6a8146b58479f4d1acb7b35d68954f1f7bc13a8f3dddc66e1677d7e9b6a11154861f9e894cbd59b9c28d4df3fd5422f9b5553004e9fc8d0320ab59b9f907 Size (php-8.1.12.tar.xz) = 11747176 bytes @ 1.11 log @lang/php81: update to 8.1.9 04 Aug 2022, PHP 8.1.9 - CLI: . Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable. (yiyuaner) . Fixed GH-8952 (Intentionally closing std handles no longer possible). (Arnaud, cmb) - Core: . Fixed bug GH-8923 (error_log on Windows can hold the file write lock). (cmb) . Fixed bug GH-8995 (WeakMap object reference offset causing TypeError). (Tobias Bachert) - Date: . Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable). (Derick) - FPM: . Fixed zlog message prepend, free on incorrect address. (Heiko Weber) . Fixed possible double free on configuration loading failure. (Heiko Weber). - GD: . Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument). (cmb) - Intl: . Fixed build for ICU 69.x and onwards. (David Carlier) - OPcache: . Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file). (Dmitry) . Fixed bug GH-8030 (Segfault with JIT and large match/switch statements). (Arnaud) - Reflection: . Fixed bug GH-8943 (Fixed Reflection::getModifiersNames() with readonly modifier). (Pierrick) - Standard: . Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier) . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier). . Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL). (Heiko Weber) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2022/07/08 13:51:56 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.9.tar.xz) = 772aab8b109acdb76a731840a5b4a5072433c29df820d5d7d43eea33cb01d94f SHA512 (php-8.1.9.tar.xz) = a75731edbfa6e8841d4c836336b07fd7aec4668b3d38487e630015cfc9d76fdfd04bae946d4fe783679df05adee7e2617b42ca4d3c2415c0f88ed5bffad87d7d Size (php-8.1.9.tar.xz) = 11787892 bytes @ 1.10 log @lang/php81: update to 8.1.8 07 Jul 2022, PHP 8.1.8 - Core: . Fixed bug GH-8338 (Intel CET is disabled unintentionally). (Chen, Hu) . Fixed leak in Enum::from/tryFrom for internal enums when using JIT (ilutov) . Fixed calling internal methods with a static return type from extension code. (Sara) . Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references). (Nicolas Grekas) . Fixed potential use after free in php_binary_init(). (Heiko Weber) - CLI: . Fixed GH-8827 (Intentionally closing std handles no longer possible). (cmb) - COM: . Fixed bug GH-8778 (Integer arithmethic with large number variants fails). (cmb) - Curl: . Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option. (Pierrick) - Date: . Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions). (Derick) . Fixed bug #74671 (DST timezone abbreviation has incorrect offset). (Derick) . Fixed bug #77243 (Weekdays are calculated incorrectly for negative years). (Derick) . Fixed bug #78139 (timezone_open accepts invalid timezone string argument). (Derick) - Fileinfo: . Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627) (cmb) - FPM: . Fixed bug #67764 (fpm: syslog.ident don't work). (Jakub Zelenka) - GD: . Fixed imagecreatefromavif() memory leak. (cmb) - MBString: . mb_detect_encoding recognizes all letters in Czech alphabet (alexdowad) . mb_detect_encoding recognizes all letters in Hungarian alphabet (alexdowad) . Fixed bug GH-8685 (pcre not ready at mbstring startup). (Remi) . Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0. (Alex Dowad) - ODBC: . Fixed handling of single-key connection strings. (Calvin Buckley) - OPcache: . Fixed bug GH-8591 (tracing JIT crash after private instance method change). (Arnaud, Dmitry, Oleg Stepanischev) - OpenSSL: . Fixed bug #50293 (Several openssl functions ignore the VCWD). (Jakub Zelenka, cmb) . Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates). (Jakub Zelenka) - PDO_ODBC: . Fixed handling of single-key connection strings. (Calvin Buckley) - SPL: . Fixed bug GH-8563 (Different results for seek() on SplFileObject and SplTempFileObject). (Girgias) - Zip: . Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat cache). (Remi) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2022/06/09 15:10:50 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.8.tar.xz) = 6ce34da24defdbe1ed0cee35741640e01dd48dad875e8106a25ecf75125b4c83 SHA512 (php-8.1.8.tar.xz) = 4ef03b4c412bdbcdf6c3dc4784b3218a0519e6b91a0682e796270d4426c05c62309b4835ea31271857a5f2535d00f20a9f9b4a79703a49c3e40f16fafa948dd4 Size (php-8.1.8.tar.xz) = 11722100 bytes @ 1.9 log @lang/php81: update to 8.1.7 09 Jun 2022, PHP 8.1.7 - CLI: . Fixed bug GH-8575 (CLI closes standard streams too early). (Levi Morrison) - Date: . Fixed bug #51934 (strtotime plurals / incorrect time). (Derick) . Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)). (Derick) . Fixed bug #66019 (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH) (cmb, Derick) . Fixed bug #68549 (Timezones and offsets are not properly used when working with dates) (Derick, Roel Harbers) . Fixed bug #81565 (date parsing fails when provided with timezones including seconds). (Derick) . Fixed bug GH-7758 (Problems with negative timestamps and fractions). (Derick, Ilija) - FPM: . Fixed ACL build check on MacOS. (David Carlier) . Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502. (Jakub Zelenka, loveharmful) - mysqlnd: . Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) (c dot fol at ambionics dot io) - OPcache: . Fixed bug GH-8461 (tracing JIT crash after function/method change). (Arnaud, Dmitry) - OpenSSL: . Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading). (Jakub Zelenka) - Pcntl: . Fixed Haiku build. (David Carlier) - pgsql . Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625) (cmb) - Soap: . Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor). (robertnisipeanu) . Fixed bug GH-8538 (SoapClient may strip parts of nmtokens). (cmb) - SPL: . Fixed bug GH-8235 (iterator_count() may run indefinitely). (cmb) - Standard: . Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS). (Arnaud) - Zip: . Fixed type for index in ZipArchive::replaceFile. (Martin Rehberger) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2022/05/21 16:01:06 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.7.tar.xz) = c90e278fa7644ef0aed8c168d772c213dae59ea2ba84f65e7922b38bf0e65ae9 SHA512 (php-8.1.7.tar.xz) = 1d72db220f3485310e02b67c41dd6434c26b7118f673ba7f425ff6b79cc96c86fc45bfe9c90b302d719eb9b7a5334f363a92ac309c367aacc93ab31a72a63c45 Size (php-8.1.7.tar.xz) = 11718520 bytes @ 1.8 log @php81: allow copying files with size zero Allow copying files with size zero. This behavior differ from PHP 7.4 and break a pear package which contains files with size zero. Bump PKGREVISION. XXX: pullup-2022Q1 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2022/05/13 15:02:36 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.6.tar.xz) = 6e46606147f0169d44c89d1ac0084f94a78125bc66402e3847ff4c6bf5051610 SHA512 (php-8.1.6.tar.xz) = df5ab8e90aced1cc904c6abd25f42b0c59a327fe4f7b518591c23820e711952f3b1e70b31a1c2e90282621891400b492fb099cbadafcd0ef7991ccc2962156de Size (php-8.1.6.tar.xz) = 11708824 bytes @ 1.7 log @lang/php81: update to 8.1.6 12 May 2022, PHP 8.1.6 - Core: . Fixed bug GH-8310 (Registry settings are no longer recognized). (cmb) . Fixed potential race condition during resource ID allocation. (ryancaicse) . Fixed bug GH-8133 (Preloading of constants containing arrays with enums segfaults). (ilutov) . Fixed Haiku ZTS builds. (David Carlier) - Date: . Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient data). (Derick) . Fixed bug GH-8108 (Timezone doesn't work as intended). (Derick) . Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data). (Derick) . Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator). (Bob) - FFI: . Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks). (Bob) - FPM: . Fixed bug #76003 (FPM /status reports wrong number of active processe). (Jakub Zelenka) . Fixed bug #77023 (FPM cannot shutdown processes). (Jakub Zelenka) . Fixed comment in kqueue remove callback log message. (David Carlier) - Hash: . Fixed bug #81714 (segfault when serializing finalized HashContext). (cmb) - Iconv: . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header). (cmb) - Intl: . Fixed bug GH-8364 (msgfmt_format $values may not support references). (cmb) - MBString: . Number of error markers emitted for invalid UTF-8 text matches WHATWG specification. This is a return to the behavior of PHP 8.0 and earlier. (alexdowad) - MySQLi: . Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows). (cmb) - SPL: . Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()). (cmb) . Fixed bug GH-8273 (SplFileObject: key() returns wrong value). (Girgias) - Streams: . Fixed php://temp does not preserve file-position when switched to temporary file. (Bernd Holzmüller) - zlib: . Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2022/04/16 00:55:47 taca Exp $ d13 1 @ 1.6 log @lang/php81: update to 8.1.5 14 Apr 2022, PHP 8.1.5 - Core: . Fixed bug GH-8176 (Enum values in property initializers leak). (Bob) . Fixed freeing of internal attribute arguments. (Bob) . Fixed bug GH-8070 (memory leak of internal function attribute hash). (Tim Düsterhus) . Fixed bug GH-8160 (ZTS support on Alpine is broken). (Michael Voříšek) - Filter: . Fixed signedness confusion in php_filter_validate_domain(). (cmb) - Intl: . Fixed bug GH-8115 (Can't catch arg type deprecation when instantiating Intl classes). (ilutov) . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier) . Fixed bug GH-7734 (Fix IntlPartsIterator key off-by-one error and first key). (ilutov) - MBString: . Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken). (cmb) - MySQLi: . Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties). (cmb) - Pcntl: . Fixed bug GH-8142 (Compilation error on cygwin). (David Carlier) - PgSQL: . Fixed result_type related stack corruption on LLP64 architectures. (cmb) . Fixed bug GH-8253 (pg_insert() fails for references). (cmb) - Sockets: . Fixed Solaris builds. (David Carlier) - SPL: . Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent). (cmb) . Fixed bug GH-8192 (Cannot override DirectoryIterator::current() without return typehint in 8.1). (Nikita) - Standard: . Fixed bug GH-8048 (Force macOS to use statfs). (risner) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2022/03/18 14:42:47 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.5.tar.xz) = c89a4c76551164e976a1cb19945591e39228b3ea1b1f2c94f732b0b9eb797b8a SHA512 (php-8.1.5.tar.xz) = 184d3738dbd8207a84cfb11dcc1edf352c57da49f484fe791d8c786ab8921189fdaf459b98e3bd6a5f73ae968510e8a8566f41a69640c74adb35363d6c07c439 Size (php-8.1.5.tar.xz) = 11752684 bytes @ 1.5 log @lang/php81: update to 8.1.4 17 Mar 2022, PHP 8.1.4 - Core: . Fixed Haiku ZTS build. (David Carlier) . Fixed bug GH-8059 arginfo not regenerated for extension. (Remi) . Fixed bug GH-8083 Segfault when dumping uncalled fake closure with static variables. (ilutov) . Fixed bug GH-7958 (Nested CallbackFilterIterator is leaking memory). (cmb) . Fixed bug GH-8074 (Wrong type inference of range() result). (cmb) . Fixed bug GH-8140 (Wrong first class callable by name optimization). (cmb) . Fixed bug GH-8082 (op_arrays with temporary run_time_cache leak memory when observed). (Bob) - GD: . Fixed libpng warning when loading interlaced images. (Brett) - FPM: . Fixed bug #76109 (Unsafe access to fpm scoreboard). (Till Backhaus, Jakub Zelenka) - Iconv: . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb) . Fixed bug GH-7980 (Unexpected result for iconv_mime_decode). (cmb) - MBString: . Fixed bug GH-8128 (mb_check_encoding wrong result for 7bit). (alexdowad) - MySQLnd: . Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package). (Kamil Tekiela) - Reflection: . Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order). (cmb) - Zlib: . Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2022/02/20 13:10:37 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.4.tar.xz) = 742d83ed2b19e5f1670eb02ff7a47df509a3ae0b865f04688197ac3267b981fc SHA512 (php-8.1.4.tar.xz) = 63eb05c20ebeee9377f7b72aa5ae6ff4c5f04b8612b9f192f4a849a4f2db74691343e2279b9dfc7c79d0b42a7dc17ab4ed11ed66c018c96224cf1663eaab728b Size (php-8.1.4.tar.xz) = 11700448 bytes @ 1.4 log @lang/php81: update to 8.1.3 17 Feb 2022, PHP 8.1.3 - Core: . Fixed bug #81430 (Attribute instantiation leaves dangling pointer). (beberlei) . Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb) . Fixed bug GH-7883 (Segfault when INI file is not readable). (Remi) - Filter: . Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708) (cmb) - FFI: . Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb, dmitry) - FPM: . Fixed memory leak on invalid port. (David Carlier) . Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM status page. (Stefano Arlandini) - MBString: . Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb) - MySQLnd: . Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela) - pcntl: . Fixed pcntl_rfork build for DragonFlyBSD. (David Carlier) - Sockets: . Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier) - Standard: . Fixed bug GH-7899 (Regression in unpack for negative int value). (Remi) . Fixed bug GH-7875 (mails are sent even if failure to log throws exception). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2022/01/24 14:13:36 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.3.tar.xz) = dc563f27a7a5ab9d8b7b7f4fde05800f1923b7116a6fd953e8cddc9d48026400 SHA512 (php-8.1.3.tar.xz) = 230f70c4f23ac69b52063b91de5ea866e30a84b5ac8d0021e35baebf210fe432fb6c46264a9a2808bf0f0d2003f4c3db974c2c480718a5607c5e4d52379e9d9d Size (php-8.1.3.tar.xz) = 11751576 bytes @ 1.3 log @lang/php81: update to 8.1.2 20 Jan 2022, PHP 8.1.2 - Core: . Fixed bug #81216 (Nullsafe operator leaks dynamic property name). (Dmitry) . Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces opcode error). (ilutov) . Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner) . Fixed bug #81683 (Misleading "access type ... must be public" error message on final or abstract interface methods). (ilutov) . Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown). (cmb) . Fixed bug GH-7757 (Multi-inherited final constant causes fatal error). (cmb) . Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT. (Petr Sumbera) . Added riscv64 support for fibers. (Jeremie Courreges-Anglas) - Filter: . Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong) - Hash: . Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()). (cmb) . Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and hash_file). (cmb) - MBString: . Fixed bug #81693 (mb_check_encoding(7bit) segfaults). (cmb) - MySQLi: . Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB). (devnexen) . Introduced MYSQLI_IS_MARIADB. (devnexen) . Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()). (Kamil Tekiela) - MySQLnd: . Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb) - OCI8: . Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second call). (cmb) - OPcache: . Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb) - Readline: . Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive shell). (Nikita) - Reflection: . Fixed bug #81681 (ReflectionEnum throwing exceptions). (cmb) - PDO_PGSQL: . Fixed error message allocation of PDO PgSQL. (SATO Kentaro) - Sockets: . Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier) . Fixed ext/sockets build on Haiku. (David Carlier) - Spl: . Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr Bystry) . Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault). (cmb) - Standard: . Fixed bug GH-7748 (gethostbyaddr outputs binary string). (cmb) . Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions). (David Warner) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2021/12/19 05:04:48 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.2.tar.xz) = 54bbd5bcd9c9e7cb32c3cec8fd4c7daa2cf6979b62489a7265a8abb8bb4f4a97 SHA512 (php-8.1.2.tar.xz) = ec68587fc14d4e5aaa19d4a189c74b85e67b8ab4d5a15ef36115b564fc9e2f2b63bd608ea8c0e4a99615a24f38711b233f4e65b3672c3bfb69e1ab9d554a88cd Size (php-8.1.2.tar.xz) = 11681132 bytes @ 1.2 log @lang/php81: update to 8.1.1 16 Dec 2021, PHP 8.1.1 - IMAP: . Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers). (cmb) - PCRE: . Update bundled PCRE2 to 10.39. (cmb) . Fixed bug #74604 (Out of bounds in php_pcre_replace_impl). (cmb, Dmitry) - Standard: . Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2021/11/27 07:24:43 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.1.1.tar.xz) = fded6f10e670abb6c6d286e4ad8e8152ae61363c02f26c356a56272fa530ef39 SHA512 (php-8.1.1.tar.xz) = ab1cca08eb49fc2316f19d9e136a2d6462fe5b33967ecb671564dd9def2a765cc1b864a764c9cfbb8e7853936fb2d4939e7ed4f97220ca30eaf08c3badeb44da Size (php-8.1.1.tar.xz) = 11728680 bytes @ 1.2.2.1 log @Pullup ticket #6592 - requested by taca lang/php81: security fix Revisions pulled up: - lang/php/phpversion.mk 1.355,1.358 - lang/php81/distinfo 1.3-1.4 --- Module Name: pkgsrc Committed By: taca Date: Mon Jan 24 14:13:36 UTC 2022 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Log Message: lang/php81: update to 8.1.2 20 Jan 2022, PHP 8.1.2 - Core: . Fixed bug #81216 (Nullsafe operator leaks dynamic property name). (Dmitry) . Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces opcode error). (ilutov) . Fixed bug #81656 (GCC-11 silently ignores -R). (Michael Wallner) . Fixed bug #81683 (Misleading "access type ... must be public" error message on final or abstract interface methods). (ilutov) . Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown). (cmb) . Fixed bug GH-7757 (Multi-inherited final constant causes fatal error). (cmb) . Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT. (Petr Sumbera) . Added riscv64 support for fibers. (Jeremie Courreges-Anglas) - Filter: . Fixed FILTER_FLAG_NO_RES_RANGE flag. (Yifan Tong) - Hash: . Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()). (cmb) . Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and hash_file). (cmb) - MBString: . Fixed bug #81693 (mb_check_encoding(7bit) segfaults). (cmb) - MySQLi: . Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB). (devnexen) . Introduced MYSQLI_IS_MARIADB. (devnexen) . Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()). (Kamil Tekiela) - MySQLnd: . Fixed bug where large bigints may be truncated. (Nathan Freeman, cmb) - OCI8: . Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second call). (cmb) - OPcache: . Fixed bug #81679 (Tracing JIT crashes on reattaching). (cmb) - Readline: . Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive shell). (Nikita) - Reflection: . Fixed bug #81681 (ReflectionEnum throwing exceptions). (cmb) - PDO_PGSQL: . Fixed error message allocation of PDO PgSQL. (SATO Kentaro) - Sockets: . Avoid void* arithmetic in sockets/multicast.c on NetBSD. (David Carlier) . Fixed ext/sockets build on Haiku. (David Carlier) - Spl: . Fixed bug #75917 (SplFileObject::seek broken with CSV flags). (Aliaksandr Bystry) . Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault). (cmb) - Standard: . Fixed bug GH-7748 (gethostbyaddr outputs binary string). (cmb) . Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions). (David Warner) --- Module Name: pkgsrc Committed By: taca Date: Sun Feb 20 13:10:37 UTC 2022 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php81: distinfo Log Message: lang/php81: update to 8.1.3 17 Feb 2022, PHP 8.1.3 - Core: . Fixed bug #81430 (Attribute instantiation leaves dangling pointer). (beberlei) . Fixed bug GH-7896 (Environment vars may be mangled on Windows). (cmb) . Fixed bug GH-7883 (Segfault when INI file is not readable). (Remi) - Filter: . Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708) (cmb) - FFI: . Fixed bug GH-7867 (FFI::cast() from pointer to array is broken). (cmb, dmitry) - FPM: . Fixed memory leak on invalid port. (David Carlier) . Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM status page. (Stefano Arlandini) - MBString: . Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only). (cmb) - MySQLnd: . Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped). (Kamil Tekiela) - pcntl: . Fixed pcntl_rfork build for DragonFlyBSD. (David Carlier) - Sockets: . Fixed bug GH-7978 (sockets extension compilation errors). (David Carlier) - Standard: . Fixed bug GH-7899 (Regression in unpack for negative int value). (Remi) . Fixed bug GH-7875 (mails are sent even if failure to log throws exception). (cmb) @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (php-8.1.2.tar.xz) = 54bbd5bcd9c9e7cb32c3cec8fd4c7daa2cf6979b62489a7265a8abb8bb4f4a97 SHA512 (php-8.1.2.tar.xz) = ec68587fc14d4e5aaa19d4a189c74b85e67b8ab4d5a15ef36115b564fc9e2f2b63bd608ea8c0e4a99615a24f38711b233f4e65b3672c3bfb69e1ab9d554a88cd Size (php-8.1.2.tar.xz) = 11681132 bytes @ 1.1 log @lang/php81: add PHP 8.1.0 release PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. It is modular, and object-oriented. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The language is designed to allow web developers to write dynamically generated pages quickly. PHP 8.1 comes with numerous improvements and new features such as * Enumerations * Readonly properties * Fibers * Pure Intersection Types * never return type * First-class Callable Syntax * "final" modifier for class constants * New fsync and fdatasync functions * New array_is_list function * Explicit Octal numeral notation * And much much more... @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2021/10/26 10:51:48 nia Exp $ d3 3 a5 3 BLAKE2s (php-8.1.0.tar.xz) = 5a4995bb75594d57ee39ebd690cb673cb07826bfb95d92dc3225f34ecaae9651 SHA512 (php-8.1.0.tar.xz) = 0f8667ec888dff2f1b7354ff3bd3def4130b1b7145258deb65e4529982383a90c1a7412f298d566f889b4f2c19a72d145ad150501881f8483a07fc9610c9ae49 Size (php-8.1.0.tar.xz) = 11737524 bytes @