head 1.36; access; symbols pkgsrc-2026Q2:1.36.0.2 pkgsrc-2026Q2-base:1.36 pkgsrc-2026Q1:1.35.0.4 pkgsrc-2026Q1-base:1.35 pkgsrc-2025Q4:1.35.0.2 pkgsrc-2025Q4-base:1.35 pkgsrc-2025Q3:1.34.0.2 pkgsrc-2025Q3-base:1.34 pkgsrc-2025Q2:1.33.0.2 pkgsrc-2025Q2-base:1.33 pkgsrc-2025Q1:1.31.0.2 pkgsrc-2025Q1-base:1.31 pkgsrc-2024Q4:1.28.0.2 pkgsrc-2024Q4-base:1.28 pkgsrc-2024Q3:1.26.0.2 pkgsrc-2024Q3-base:1.26 pkgsrc-2024Q2:1.22.0.2 pkgsrc-2024Q2-base:1.22 pkgsrc-2024Q1:1.19.0.2 pkgsrc-2024Q1-base:1.19 pkgsrc-2023Q4:1.15.0.2 pkgsrc-2023Q4-base:1.15 pkgsrc-2023Q3:1.12.0.2 pkgsrc-2023Q3-base:1.12 pkgsrc-2023Q2:1.8.0.2 pkgsrc-2023Q2-base:1.8 pkgsrc-2023Q1:1.5.0.2 pkgsrc-2023Q1-base:1.5 pkgsrc-2022Q4:1.1.0.2 pkgsrc-2022Q4-base:1.1; locks; strict; comment @# @; 1.36 date 2026.05.08.02.09.04; author taca; state Exp; branches; next 1.35; commitid KCotOPaJ0KylaXEG; 1.35 date 2025.12.19.14.29.57; author taca; state Exp; branches 1.35.4.1; next 1.34; commitid CKeswF8k86AyL1nG; 1.34 date 2025.07.04.01.23.50; author taca; state Exp; branches; next 1.33; commitid TuqCfkTEx6xCOm1G; 1.33 date 2025.06.11.14.58.27; author taca; state Exp; branches 1.33.2.1; next 1.32; commitid kK3M1Ujj4BWR3uYF; 1.32 date 2025.04.07.17.33.36; author taca; state Exp; branches; next 1.31; commitid hVRav9XFpLuJ09QF; 1.31 date 2025.03.14.15.27.16; author taca; state Exp; branches; next 1.30; commitid N5NWNkRgVFoe53NF; 1.30 date 2025.02.08.02.59.45; author taca; state Exp; branches; next 1.29; commitid 9KY5s1xDeB0y2CIF; 1.29 date 2024.12.24.14.31.37; author taca; state Exp; branches; next 1.28; commitid ZOlBx850IyFylLCF; 1.28 date 2024.11.25.14.32.19; author taca; state Exp; branches; next 1.27; commitid VO30Ez5EfkMAh2zF; 1.27 date 2024.10.26.15.17.19; author taca; state Exp; branches; next 1.26; commitid AYD1MbwMqV2DubvF; 1.26 date 2024.09.28.15.05.35; author taca; state Exp; branches; next 1.25; commitid Y79RMf1qNJMAkArF; 1.25 date 2024.08.31.04.35.00; author taca; state Exp; branches; next 1.24; commitid s9DTC6cOVCl4KVnF; 1.24 date 2024.08.02.15.33.10; author taca; state Exp; branches; next 1.23; commitid FA7ZsX7QNcAEjgkF; 1.23 date 2024.07.04.22.19.03; author taca; state Exp; branches; next 1.22; commitid nwvgPla5irhGuzgF; 1.22 date 2024.06.07.13.58.44; author taca; state Exp; branches; next 1.21; commitid OFUTlWOy0QoRA3dF; 1.21 date 2024.05.10.15.07.21; author taca; state Exp; branches; next 1.20; commitid aWmk8kDtf8laSs9F; 1.20 date 2024.04.13.02.49.41; author taca; state Exp; branches; next 1.19; commitid 5cTjBjCwlw3NEV5F; 1.19 date 2024.03.17.16.46.05; author taca; state Exp; branches 1.19.2.1; next 1.18; commitid xQ9eWS3jd4SG9x2F; 1.18 date 2024.02.16.13.16.59; author taca; state Exp; branches; next 1.17; commitid je8Z0M6BXOEJXEYE; 1.17 date 2024.01.21.07.56.15; author taca; state Exp; branches; next 1.16; commitid 2k8j1XBhrH6x1iVE; 1.16 date 2024.01.05.02.13.17; author taca; state Exp; branches; next 1.15; commitid mLM7rg2yvj0KDcTE; 1.15 date 2023.11.24.06.01.26; author taca; state Exp; branches; next 1.14; commitid jMF5Sytg2MjEfPNE; 1.14 date 2023.10.27.15.02.43; author taca; state Exp; branches; next 1.13; commitid UzPpsjE9nHWc9hKE; 1.13 date 2023.09.29.15.08.06; author taca; state Exp; branches; next 1.12; commitid KhvdReRPKuwM4GGE; 1.12 date 2023.09.02.14.47.35; author taca; state Exp; branches; next 1.11; commitid GY4IfjWL65dBPcDE; 1.11 date 2023.08.06.04.05.06; author taca; state Exp; branches; next 1.10; commitid MHED3lPBlD9m8GzE; 1.10 date 2023.08.05.08.45.39; author taca; state Exp; branches; next 1.9; commitid e4GdP9KGXDPfJzzE; 1.9 date 2023.07.07.12.49.17; author taca; state Exp; branches; next 1.8; commitid ILQlzBZvWOuD0SvE; 1.8 date 2023.06.09.13.16.03; author taca; state Exp; branches 1.8.2.1; next 1.7; commitid kX7aGNiIafWD3hsE; 1.7 date 2023.05.14.14.46.15; author taca; state Exp; branches; next 1.6; commitid vr0RjFhJDLuooWoE; 1.6 date 2023.04.15.02.17.13; author taca; state Exp; branches; next 1.5; commitid rnyfGCedE0scb9lE; 1.5 date 2023.03.17.13.53.02; author taca; state Exp; branches; next 1.4; commitid 4mQ556QWzyQIXthE; 1.4 date 2023.02.15.14.15.12; author taca; state Exp; branches; next 1.3; commitid HX1wvd6jDql73DdE; 1.3 date 2023.02.03.14.41.48; author taca; state Exp; branches; next 1.2; commitid 4wBnlg8LTZr8A5cE; 1.2 date 2023.01.07.07.42.15; author taca; state Exp; branches; next 1.1; commitid GBAp0l4yekL28A8E; 1.1 date 2022.12.11.14.12.29; author taca; state Exp; branches 1.1.2.1; next ; commitid 8c0Gsp538gjq995E; 1.35.4.1 date 2026.05.09.19.13.11; author bsiegert; state Exp; branches; next ; commitid JWkYn8aWOqnKNaFG; 1.33.2.1 date 2025.07.04.14.13.22; author maya; state Exp; branches; next ; commitid MajYVSXgnckH4r1G; 1.19.2.1 date 2024.04.22.12.36.39; author bsiegert; state Exp; branches; next 1.19.2.2; commitid M8jok9FXagopC87F; 1.19.2.2 date 2024.06.24.18.12.30; author bsiegert; state Exp; branches; next ; commitid oDMP08y206D4sgfF; 1.8.2.1 date 2023.08.15.18.52.58; author bsiegert; state Exp; branches; next ; commitid 0OrdahFe2aZILUAE; 1.1.2.1 date 2023.01.08.17.57.22; author bsiegert; state Exp; branches; next ; commitid NW2l3Q8WjSR5vL8E; desc @@ 1.36 log @lang/php82: update to 8.2.31 PHP 8.2.31 (2026-05-07) - Curl: . Add support for brotli and zstd on Windows. (Shivam Mathur) - FPM: . Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735) (Jakub Zelenka) - MBString: . Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259) (vi3tL0u1s) - OpenSSL: . Fix compatibility issues with OpenSSL 4.0. (jordikroon, Remi) - PDO_Firebird: . Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179) (SakiTakamachi) - SOAP: . Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722) (ilutov) . Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) (ilutov) . Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262) (ilutov) - Standard: . Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568) (TimWolla) . Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258) (ilutov) @ text @$NetBSD: distinfo,v 1.35 2025/12/19 14:29:57 taca Exp $ BLAKE2s (php-8.2.31.tar.xz) = 3f26eecd6d30c9c40a26db7a02e23fd299f052191b32f72443e5f7f7e82b2fba SHA512 (php-8.2.31.tar.xz) = 814ea663bf638133e940639e0be00acae8d1e6a2c5058980cbf72c71a81224be0ac6c6cb37ad141c3ab81f1064ab81523c775b38c61511c0d0be9b05dd173ecc Size (php-8.2.31.tar.xz) = 12160520 bytes SHA1 (patch-build_Makefile.global) = 87c533087a536649b5f51108ef4f4b72c8efc5b2 SHA1 (patch-build_php.m4) = 465d2896c8c4d88c325414caf221e1f2aec27fc3 SHA1 (patch-configure.ac) = 97d6378ca03682aca635af45df3e7d777fd1d787 SHA1 (patch-ext_enchant_enchant.c) = 7d999de1b2fde2ea11e4a6e16e7b59c085924b9b SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd SHA1 (patch-ext_standard_php__fopen__wrapper.c) = 0a2c19c18f089448a8d842e99738b292ab9e5640 SHA1 (patch-ext_tidy_config.m4) = 380f4e8927582b2781faf58b17ad81b6dc967ba7 SHA1 (patch-ext_xsl_php__xsl.h) = cf930c5d6d9dab29b12558d265c67d3534a006fd SHA1 (patch-main_streams_streams.c) = d699ce7d3a300ffb39494b3f1fa5e0958f714483 SHA1 (patch-php.ini-development) = aa91d6637dcebddc1338bf34a024005b33318130 SHA1 (patch-php.ini-production) = 79aa3311976c9f4db2d01de66aacc7bd89772510 SHA1 (patch-sapi_apache2handler_config.m4) = c669235e4890a3a56c02760c451b40d97c651c34 SHA1 (patch-sapi_cgi_Makefile.frag) = f4cd64d334884c49787d8854115c8cd69cc79bb8 SHA1 (patch-sapi_cgi_config9.m4) = 080a809291984540aa426d14eb9b9c34225828a4 SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 SHA1 (patch-sapi_fpm_fpm_fpm__conf.c) = 32f391847009dd00e3ab304e40e172ca46c3613c SHA1 (patch-sapi_fpm_php-fpm.conf.in) = 67ac024688ece4c771f0aefbd999923f73b06eef SHA1 (patch-sapi_fpm_www.conf.in) = 0a1587e67c6e141a169f23692420de67368172c3 SHA1 (patch-scripts_Makefile.frag) = a2519d5329bd7860cea58f4999c2a24769cc5416 SHA1 (patch-scripts_php-config.in) = ce621fc3086fd8f2249cfe3b680256bd08a143ad SHA1 (patch-scripts_phpize.in) = 7c2f49aebbabb5a1510d856243dc8f159695c9f2 @ 1.35 log @lang/php82: update to 8.2.30 PHP 8.2.30 (2025-12-18) - Curl: . Fix curl build and test failures with version 8.16. (nielsdos, ilutov, Jakub Zelenka) - Opcache: . Reset global pointers to prevent use-after-free in zend_jit_status(). (Florian Engelhardt) - PDO: . Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka) - Standard: . Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). (ndossche) . Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) (ndossche) . Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) (ndossche) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.34 2025/07/04 01:23:50 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.30.tar.xz) = 2e7b46d8de52b9e124eac8fdcacaaa0b13d7b10aeba44a888c4e98f128b9a86b SHA512 (php-8.2.30.tar.xz) = 4026e39231551c45e0923d44d91a8a9b2614ab1cb432cf73fbb475b7d047f9fbdaa183289d7f149546b254ee1a6374ac65396272b46700d453e53bfe8af42a93 Size (php-8.2.30.tar.xz) = 12153868 bytes @ 1.35.4.1 log @Pullup ticket #7109 - requested by taca lang/php82: security fix Revisions pulled up: - lang/php/phpversion.mk 1.499 - lang/php82/Makefile 1.25 - lang/php82/distinfo 1.36 --- Module Name: pkgsrc Committed By: taca Date: Fri May 8 02:09:05 UTC 2026 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: Makefile distinfo Log Message: lang/php82: update to 8.2.31 PHP 8.2.31 (2026-05-07) - Curl: . Add support for brotli and zstd on Windows. (Shivam Mathur) - FPM: . Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735) (Jakub Zelenka) - MBString: . Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259) (vi3tL0u1s) - OpenSSL: . Fix compatibility issues with OpenSSL 4.0. (jordikroon, Remi) - PDO_Firebird: . Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179) (SakiTakamachi) - SOAP: . Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722) (ilutov) . Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) (ilutov) . Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262) (ilutov) - Standard: . Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568) (TimWolla) . Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258) (ilutov) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.35 2025/12/19 14:29:57 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.31.tar.xz) = 3f26eecd6d30c9c40a26db7a02e23fd299f052191b32f72443e5f7f7e82b2fba SHA512 (php-8.2.31.tar.xz) = 814ea663bf638133e940639e0be00acae8d1e6a2c5058980cbf72c71a81224be0ac6c6cb37ad141c3ab81f1064ab81523c775b38c61511c0d0be9b05dd173ecc Size (php-8.2.31.tar.xz) = 12160520 bytes @ 1.34 log @lang/php82: update to 8.2.29 PHP 8.2.29 (2025-07-03) - PGSQL: . Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka) - SOAP: . Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos) - Standard: . Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.33 2025/06/11 14:58:27 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.29.tar.xz) = 36602c9e5e59adcc6f94156a3c5dff25622189ee3eb1736a7230c49253705f7c SHA512 (php-8.2.29.tar.xz) = 36d389e43a9d6bdc558f5e949f54e126c6fd4bf00da572e061e4e4c2f62ffeb292a34371486d3a64b85ab4a18678f7d84b2e3628e0ddc723a7757e90fecdbf92 Size (php-8.2.29.tar.xz) = 12162364 bytes @ 1.33 log @lang/php{74,81,82,83,84}: correct include_path Correct default include_path in configuration files. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2025/04/07 17:33:36 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.28.tar.xz) = 8fb6d1b81c1a42a39dbe7cfc3bf6982bd54766c6cc1ac714273f55a001635064 SHA512 (php-8.2.28.tar.xz) = af2a4f43da756a78f762dbd2b9e589e52864c7069fd55a6a2b900e32a08728a7d69b80577dc79b5d4a86993846a2232b809b75ae415344935610a3934b10c6ba Size (php-8.2.28.tar.xz) = 12147756 bytes @ 1.33.2.1 log @Pullup ticket #6976 - requested by taca lang/php82: Security fix Revisions pulled up: - lang/php/phpversion.mk 1.468 - lang/php82/Makefile 1.21 - lang/php82/distinfo 1.34 --- Module Name: pkgsrc Committed By: taca Date: Fri Jul 4 01:23:50 UTC 2025 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: Makefile distinfo Log Message: lang/php82: update to 8.2.29 PHP 8.2.29 (2025-07-03) - PGSQL: . Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka) - SOAP: . Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos) - Standard: . Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (php-8.2.29.tar.xz) = 36602c9e5e59adcc6f94156a3c5dff25622189ee3eb1736a7230c49253705f7c SHA512 (php-8.2.29.tar.xz) = 36d389e43a9d6bdc558f5e949f54e126c6fd4bf00da572e061e4e4c2f62ffeb292a34371486d3a64b85ab4a18678f7d84b2e3628e0ddc723a7757e90fecdbf92 Size (php-8.2.29.tar.xz) = 12162364 bytes @ 1.32 log @Correct pear path in configure.ac for consistency. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2025/03/14 15:27:16 taca Exp $ d15 2 a16 2 SHA1 (patch-php.ini-development) = 039c0b316ac1a65b66c9e36f6aff17e9c9cd2a90 SHA1 (patch-php.ini-production) = cd127bcbd4c0f16e2136e84dfcf1c0c3d6107705 @ 1.31 log @lang/php82: update to 8.2.28 This is security release. PHP 8.2.28 (2025-03-13) - Core: . Fixed bug GH-17211 (observer segfault on function loaded with dl()). (Arnaud) - LibXML: . Fixed GHSA-wg4p-4hqh-c3g9 (Reocurrence of #72714). (nielsdos) . Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219) (timwolla) - Streams: . Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736) (Jakub Zelenka) . Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861) (Jakub Zelenka) . Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734) (Jakub Zelenka) . Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217) (Jakub Zelenka) - Windows: . Fixed phpize for Windows 11 (24H2). (bwoebi) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.30 2025/02/08 02:59:45 taca Exp $ d8 1 a8 1 SHA1 (patch-configure.ac) = d3bb35c423250d1124e2ada0974fc93448634abb @ 1.30 log @lang/php82: multiple PHP support @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.29 2024/12/24 14:31:37 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.27.tar.xz) = 199cc4f96c54f9598e74e7e29c3e66969a18c6f980973eab7bd3edd6959cfe14 SHA512 (php-8.2.27.tar.xz) = c368d90d833e25d2b2e3a667010f1c5b37df772e2200855d38e4bcb3344585e0783ae53fadae499fe98abab95372adf787ba2413e9b6bc818628bc29a11ed453 Size (php-8.2.27.tar.xz) = 12150992 bytes @ 1.29 log @lang/php82: update to 8.2.27 8.2.27 (2024-12-19) Calendar: * Fixed jdtogregorian overflow. * Fixed cal_to_jd julian_days argument overflow. COM: * Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: * Fail early in *nix configuration build script. * Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). * Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). * Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). * Fix is_zend_ptr() huge block comparison. * Fixed potential OOB read in zend_dirname() on Windows. Curl: * Fix various memory leaks in curl mime handling. FPM: * Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). GD: * Fixed GH-16776 (imagecreatefromstring overflow). GMP: * Revert gmp_pow() overly restrictive overflow checks. Hash: * Fixed GH-16711: Segfault in mhash(). Opcache: * Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF). * Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). * Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL: * Prevent unexpected array entry conversion when reading key. * Fix various memory leaks related to openssl exports. * Fix memory leak in php_openssl_pkey_from_zval(). PDO: * Fixed memory leak of `setFetchMode()`. Phar: * Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: * Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: * Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: * Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). SNMP: * Fixed bug GH-16959 (snmget modifies the object_id array). Standard: * Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties). Streams: * Fixed network connect poll interuption handling. Windows: * Fixed bug GH-16849 (Error dialog causes process to hang). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2024/11/25 14:32:19 taca Exp $ d6 3 a8 1 SHA1 (patch-build_php.m4) = 4743b23e479c4ac904f18def41d5577f3a965af0 d15 3 a17 3 SHA1 (patch-php.ini-development) = 373d76cc7a022b578f1d5e296d1f0ac88bc26b72 SHA1 (patch-php.ini-production) = 5ab7fa6bf8403907160b0a62b56c1ee527f8eda6 SHA1 (patch-sapi_apache2handler_config.m4) = 5f98557568cc2abc34fab5d3f123803c9a81c0af d19 1 d21 6 a26 1 SHA1 (patch-sapi_fpm_php-fpm.conf.in) = acf9b4e70d4c5ea2b96e37e7bbf9005379ecc4d0 @ 1.28 log @lang/php82: update to 8.2.26 PHP 8.2.26 (2024-11-21) - CLI: . Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang). (ilutov) . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos) - COM: . Fixed out of bound writes to SafeArray data. (cmb) - Core: . Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15). (nielsdos) . Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud) . Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline). (ilutov) . Fixed bug GH-16509 (Incorrect line number in function redeclaration error). (ilutov) . Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes). (ilutov) . Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov) - Curl: . Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails). (timwolla) - Date: . Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset). (cmb) . Fixed bug GH-16037 (Assertion failure in ext/date/php_date.c). (Derick) . Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb) - DBA: . Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb) - DOM: . Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). (nielsdos) . Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos) . Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element). (nielsdos) . Fixed bug GH-16535 (UAF when using document as a child). (nielsdos) . Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos) . Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos) - EXIF: . Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file). (nielsdos, cmb) - FFI: . Fixed bug GH-16397 (Segmentation fault when comparing FFI object). (nielsdos) - Filter: . Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb) - FPM: . Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement). (nielsdos) - GD: . Fixed bug GH-16334 (imageaffine overflow on matrix elements). (David Carlier) . Fixed bug GH-16427 (Unchecked libavif return values). (cmb) . Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007). (nielsdos) - GMP: . Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier). . Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb) . Fixed bug GH-16501 (gmp_random_bits() can cause overflow). (David Carlier) . Fixed gmp_pow() overflow bug with large base/exponents. (David Carlier) . Fixed segfaults and other issues related to operator overloading with GMP objects. (Girgias) - LDAP: . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932) (nielsdos) - MBstring: . Fixed bug GH-16361 (mb_substr overflow on start/length arguments). (David Carlier) - MySQLnd: . Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka) - OpenSSL: . Fixed bug GH-16357 (openssl may modify member types of certificate arrays). (cmb) . Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow). (cmb) . Fix various memory leaks on error conditions in openssl_x509_parse(). (nielsdos) - PDO DBLIB: . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) (nielsdos) - PDO Firebird: . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) (nielsdos) - PDO ODBC: . Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb) - Phar: . Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos) - PHPDBG: . Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb) - Reflection: . Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos) - Session: . Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params). (nielsdos) . Fixed bug GH-16290 (overflow on cookie_lifetime ini value). (David Carlier) - SOAP: . Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient). (nielsdos) - Sockets: . Fixed bug with overflow socket_recvfrom $length argument. (David Carlier) - SPL: . Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos) . Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()). (ilutov) . Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov) . Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov) . Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos) . Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor). (Girgias) . Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos) . Fixed bug GH-14687 (segfault on SplObjectIterator instance). (David Carlier) . Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos) . Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()). (ilutov) - Standard: . Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled). (ilutov) - Streams: . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka) . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos) - SysVMsg: . Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized). (David Carlier / cmb) - SysVShm: . Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb) - XMLReader: . Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c). (nielsdos) - Zlib: . Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.27 2024/10/26 15:17:19 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.26.tar.xz) = fbc5c40f24934689cd6383212ef25739101f18ad512417558085ff09c341f1cc SHA512 (php-8.2.26.tar.xz) = b15d66034c7924834980bf860895f52157096a1a9c740409ea31104c94648d699039a4066e53905827f4132f3428e0330312ef1cc77e9ea28b7427a8106e4ce1 Size (php-8.2.26.tar.xz) = 12138868 bytes @ 1.27 log @lang/php82: update to 8.2.25 PHP 8.2.25 (2024-10-24) - Calendar: . Fixed GH-16240: jdtounix overflow on argument value. (David Carlier) . Fixed GH-16241: easter_days/easter_date overflow on year argument. (David Carlier) . Fixed GH-16263: jddayofweek overflow. (cmb) . Fixed GH-16234: jewishtojd overflow. (nielsdos) - CLI: . Fixed bug GH-16137: duplicate http headers when set several times by the client. (David Carlier) - Core: . Fixed bug GH-15712: zend_strtod overflow with precision INI set on large value. (David Carlier) . Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). (cmb) . Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to exception). (ilutov) . Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of nested generator frame). (ilutov) . Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). (Arnaud) . Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). (Arnaud) . Fixed bug GH-16233 (Observer segfault when calling user function in internal function via trampoline). (nielsdos) - Date: . Fixed bug GH-15582: Crash when not calling parent constructor of DateTimeZone. (Derick) . Fixed regression where signs after the first one were ignored while parsing a signed integer, with the DateTimeInterface::modify() function. (Derick) - DOM: . Fixed bug GH-16039 (Segmentation fault (access null pointer) in ext/dom/parentnode/tree.c). (nielsdos) . Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c). (nielsdos) - GD: . Fixed bug GH-16232 (bitshift overflow on wbmp file content reading / fix backport from upstream). (David Carlier) . Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value) (David Carlier) . Fixed bug GH-16274 (imagescale underflow on RBG channels / fix backport from upstream). (David Carlier) - LDAP: . Fixed bug GH-16032 (Various NULL pointer dereferencements in ldap_modify_batch()). (Girgias) . Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search() when LDAPs array is not a list). (Girgias) . Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated by ZMM.). (Girgias) . Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a proper dictionary). (Girgias) - MBString: . Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()). (nielsdos) - OpenSSL: . Fixed stub for openssl_csr_new. (Jakub Zelenka) - PCRE: . Fixed bug GH-16189 (underflow on offset argument). (David Carlier) . Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c). (nielsdos) - PHPDBG: . Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb) . Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error). (cmb) - Reflection: . Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c). (DanielEScherzer) - SAPI: . Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request). (Jakub Zelenka, David Carlier) - SimpleXML: . Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c). (nielsdos) - Sockets: . Fixed bug GH-16267 (socket_strerror overflow on errno argument). (David Carlier) - SOAP: . Fixed bug #62900 (Wrong namespace on xsd import error message). (nielsdos) . Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). (nielsdos) . Fix Soap leaking http_msg on error. (nielsdos) . Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460). (nielsdos) . Fixed bug GH-16259 (Soap segfault when classmap instantiation fails). (nielsdos) - Standard: . Fixed bug GH-15613 (overflow on unpack call hex string repeater). (David Carlier) . Fixed bug GH-15937 (overflow on stream timeout option value). (David Carlier) . Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). (Arnaud) - Streams: . Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c). (nielsdos) . Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c). (cmb) - TSRM: . Prevent closing of unrelated handles. (cmb) - XML: . Fixed bug GH-15868 (Assertion failure in xml_parse_into_struct after exception). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2024/09/28 15:05:35 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.25.tar.xz) = 2866080035e16fecdafd47487b0e596bf84b406ff5512b1b3490fa323b0d2312 SHA512 (php-8.2.25.tar.xz) = 47a4a6ea8e77c4e5965c385a016755e8b6700acc8e3fa728b0596efcf72dc9bb39a1c68a10733c4106fdad1f037d1582fd42856778a3d3224a9b15b9665bc360 Size (php-8.2.25.tar.xz) = 12125896 bytes @ 1.26 log @lang/php82: update to 8.2.24 PHP 8.2.24 (2024-09-26) - CGI: . Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) . Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) (nielsdos) - Core: . Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi) . Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot) . Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot) . Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). (nielsdos) . Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, Thomas Petazzoni) . Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud) . Fixed uninitialized lineno in constant AST of internal enums. (ilutov) - Curl: . FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (David Carlier) - DOM: . Fixed bug GH-15551 (Segmentation fault (access null pointer) in ext/dom/xml_common.h). (nielsdos) - Fileinfo: . Fixed bug GH-15752 (Incorrect error message for finfo_file with an empty filename argument). (DanielEScherzer) - FPM: . Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026) (Jakub Zelenka) - MySQLnd: . Fixed bug GH-15432 (Heap corruption when querying a vector). (cmb, Kamil Tekiela) - Opcache: . Fixed bug GH-15661 (Access null pointer in Zend/Optimizer/zend_inference.c). (nielsdos) . Fixed bug GH-15658 (Segmentation fault in Zend/zend_vm_execute.h). (nielsdos) - SAPI: . Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925) (Arnaud) - SOAP: . Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP headers in array form). (nielsdos) - Standard: . Fixed bug GH-15552 (Signed integer overflow in ext/standard/scanf.c). (cmb) - Streams: . Fixed bug GH-15628 (php_stream_memory_get_buffer() not zero-terminated). (cmb) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2024/08/31 04:35:00 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.24.tar.xz) = 077222d8f90a47bdbf128f9bdfc094b999aeeb2968345d0fc4b93564fbc8846b SHA512 (php-8.2.24.tar.xz) = 19016bfb955892a9999f01a619ab26035afe1cfb6488c7d1774d6745b703afb99e59032728ab811024413757e50163cdc32b0e95fda7e1d4243deb96568c7e79 Size (php-8.2.24.tar.xz) = 12110000 bytes @ 1.25 log @lang/php82: update to 8.2.23 PHP 8.2.23 (2024-08-29) - Core: . Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c). (nielsdos) . Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). (nielsdos) . Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally). (Peter Kokot) . Fix uninitialized memory in network.c. (nielsdos) . Fixed bug GH-15108 (Segfault when destroying generator during shutdown). (Arnaud) . Fixed bug GH-15275 (Crash during GC of suspended generator delegate). (Arnaud) - Curl: . Fixed case when curl_error returns an empty string. (David Carlier) - DOM: . Fix UAF when removing doctype and using foreach iteration. (nielsdos) - FFI: . Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory leak). (nielsdos, dstogov) - Hash: . Fix crash when converting array data for array in shm in xxh3. (nielsdos) - Intl: . Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). (cmb) - Opcache: . Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4). (Bob) . Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement). (Arnaud, nielsdos) - Output: . Fixed bug GH-15179 (Segmentation fault (null pointer dereference) in ext/standard/url_scanner_ex.re). (nielsdos) - PDO_Firebird: . Fix bogus fallthrough path in firebird_handle_get_attribute(). (nielsdos) - PHPDBG: . Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode with libedit/readline). (Peter Kokot) . Fixed bug GH-15268 (heap buffer overflow in phpdbg (zend_hash_num_elements() Zend/zend_hash.h)). (nielsdos) . Fixed bug GH-15210 use-after-free on watchpoint allocations. (nielsdos) - Soap: . Fixed bug #55639 (Digest autentication dont work). (nielsdos) . Fix SoapFault property destruction. (nielsdos) . Fixed bug GH-15252 (SOAP XML broken since PHP 8.3.9 when using classmap constructor option). (nielsdos) - Standard: . Fix passing non-finite timeout values in stream functions. (nielsdos) . Fixed GH-14780 p(f)sockopen timeout overflow. (David Carlier) - Streams: . Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). (nielsdos) . Fixed bug GH-15034 (Integer overflow on stream_notification_callback byte_max parameter with files bigger than 2GB). (nielsdos) - Tidy: . Fix memory leaks in ext/tidy basedir restriction code. (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2024/08/02 15:33:10 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.23.tar.xz) = 3a70b2bcabf6822cee5bd249f11eb7c54d457e887dbb67d493fc81c366a1f383 SHA512 (php-8.2.23.tar.xz) = ed1b26042ee9f059bd90140b5ce3f5f524441b22f2c5f96997e08455121acbf71072fd1f905fa1d477e9608c7827641b6e81f94e04701966e7ecd912ff99f99f Size (php-8.2.23.tar.xz) = 12118028 bytes @ 1.24 log @lang/php82: update to 8.2.22 8.2.22 (2024-08-01) - Core: . Fixed bug GH-13922 (Fixed support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1). (Arnaud) . Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). (Arnaud) . Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt. (nielsdos) . Fixed OSS-Fuzz #69765. (nielsdos) . Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). (nielsdos) . Fixed bug GH-14969 (Use-after-free in property coercion with __toString()). (ilutov) - Dom: . Fixed bug GH-14702 (DOMDocument::xinclude() crash). (nielsdos) - Gd: . ext/gd/tests/gh10614.phpt: skip if no PNG support. (orlitzky) . restored warning instead of fata error. (dryabov) - LibXML: . Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). (nielsdos) - Opcache: . Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that opcache.jit is implictly disabled). (nielsdos) - Output: . Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with empty output buffer). (nielsdos) - PDO: . Fixed bug GH-14712 (Crash with PDORow access to null property). (David Carlier) - Phar: . Fixed bug GH-14603 (null string from zip entry). (David Carlier) - PHPDBG: . Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1). (David Carlier) . Fixed bug GH-14553 (echo output trimmed at NULL byte). (nielsdos) - Shmop: . Fixed bug GH-14537 (shmop Windows 11 crashes the process). (nielsdos) - SimpleXML: . Fixed bug GH-14638 (null dereference after XML parsing failure). (David Carlier) - SPL: . Fixed bug GH-14639 (Member access within null pointer in ext/spl/spl_observer.c). (nielsdos) - Standard: . Fix 32-bit wordwrap test failures. (orlitzky) . Fixed bug GH-14774 (time_sleep_until overflow). (David Carlier) - Tidy: . Fix memory leak in tidy_repair_file(). (nielsdos) - Treewide: . Fix compatibility with libxml2 2.13.2. (nielsdos) - XML: . Move away from to-be-deprecated libxml fields. (nielsdos) . Fixed bug GH-14834 (Error installing PHP when --with-pear is used). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2024/07/04 22:19:03 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.22.tar.xz) = bf76a0ad03fabf6ab1dddad85eaf5287c2b0779985ca99c20d566bcc0abe9945 SHA512 (php-8.2.22.tar.xz) = b72df5bf8bde09571a965f512b970e2403f1c9b26fbf9efc4d1aeb5940def10e4088e5c7dbb06087b2f5206d711e34849b0726af6a81b0c3b6d9bcbd14f5172d Size (php-8.2.22.tar.xz) = 12099476 bytes @ 1.23 log @lang/php82: update to 8.2.21 PHP 8.2.21 (2024-07-04) - Core: . Fixed bug GH-14315 (Incompatible pointer type warnings). (Peter Kokot) . Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14 when running on Apple Silicon). (Manuel Kress) . Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from values during Generator->throw()). (Bob) . Fixed bug GH-14456 (Attempting to initialize class with private constructor calls destructor). (Girgias) . Fixed bug GH-14549 (Incompatible function pointer type for fclose). (Ryan Carsten Schmidt) - BCMatch: . Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). (Girgias) - Curl: . Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). (nielsdos) - DOM: . Fixed bug GH-14343 (Memory leak in xml and dom). (nielsdos) - FPM: . Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are ignored in status pool). (Wilhansen Li, Pierrick Charron) - GD: . Fix parameter numbers for imagecolorset(). (Giovanni Giacobbi) - Intl: . Fix reference handling in SpoofChecker. (nielsdos) - MySQLnd: . Partially fix bug GH-10599 (Apache crash on Windows when using a self-referencing anonymous function inside a class with an active mysqli connection). (nielsdos) - Opcache: . Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime). (ilutov) . Fixed TLS access in JIT on FreeBSD/amd64. (Arnaud) . Fixed bug GH-11188 (Error when building TSRM in ARM64). (nielsdos) - PDO ODBC: . Fixed bug GH-14367 (incompatible SDWORD type with iODBC). (Calvin Buckley) - PHPDBG: . Fixed bug GH-13681 (segfault on watchpoint addition failure). (David Carlier) - Soap: . Fixed bug #47925 (PHPClient can't decompress response). (nielsdos) . Fix missing error restore code. (nielsdos) . Fix memory leak if calling SoapServer::setObject() twice. (nielsdos) . Fix memory leak if calling SoapServer::setClass() twice. (nielsdos) . Fix reading zlib ini settings in ext-soap. (nielsdos) . Fix memory leaks with string function name lookups. (nielsdos) . Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class name). (nielsdos) . Fixed bug #76232 (SoapClient Cookie Header Semicolon). (nielsdos) . Fixed memory leaks when calling SoapFault::__construct() twice. (Girgias) - Sodium: . Fix memory leaks in ext/sodium on failure of some functions. (nielsdos) - SPL: . Fixed bug GH-14290 (Member access within null pointer in extension spl). (nielsdos) - Standard: . Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract namespace Unix sockets). (Derick) - Streams: . Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not allocated and malloc: double free for ptr errors). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2024/06/07 13:58:44 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.21.tar.xz) = 3d04023c49de8519b771e8103fba006f240a09dd7fb22112d95cf673bfb8f330 SHA512 (php-8.2.21.tar.xz) = 1b7fb408d8994483c65595479a7d3d1d7a635c09da7a8754c2e6dc1563cd16fd119e5f4a63a219405c15e4d1aacfc6cbfb6826db7eb0737411f2a814f425e514 Size (php-8.2.21.tar.xz) = 12106792 bytes @ 1.22 log @lang/php82: update to 8.2.20 pkgsrc change: Instead of patch configure, patch m4 files and use autoconf to generate configure. PHP 8.2.20 (2024-06-06) - CGI: . Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - CLI: . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). (nielsdos) - Core: . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). (ilutov) . Fixed bug GH-14140 (Floating point bug in range operation on Apple Silicon hardware). (Derick, Saki) - DOM: . Fix crashes when entity declaration is removed while still having entity references. (nielsdos) . Fix references not handled correctly in C14N. (nielsdos) . Fix crash when calling childNodes next() when iterator is exhausted. (nielsdos) . Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. (nielsdos) - FFI: . Fixed bug GH-14215 (Cannot use FFI::load on CRLF header file with apache2handler). (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - FPM: . Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). (Benjamin Cremer) - Hash: . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) - Intl: . Fixed build regression on systems without C++17 compilers. (Calvin Buckley, Peter Kokot) - Ini: . Fixed bug GH-14100 (Corrected spelling mistake in php.ini files). (Marcus Xavier) - MySQLnd: . Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). (Kamil Tekiela) - Opcache: . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). (ilutov) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) - XML: . Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). (nielsdos) - XMLReader: . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2024/05/10 15:07:21 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.20.tar.xz) = a8407aabb71ce0540f0545c0048ce5ef3744033b2b1517c51fe4c98333d4f02b SHA512 (php-8.2.20.tar.xz) = c659ed4809b6507aa428b483c85c7322815ac9d7d8e4bfe575513a5e69c5a680b8d089fd98a19f83d3a00df3de61468809f21408455913aa24d519776e44abc5 Size (php-8.2.20.tar.xz) = 12097568 bytes @ 1.21 log @lang/php82: update to PHP 8.2.19 (2024-05-09) - Core: . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall handlers when JIT is enabled). (Bob) . Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c). (nielsdos) . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with other timeout implementations). (Kévin Dunglas) . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert parameters). (ilutov) . Fixed bug GH-14013 (Erroneous dnl appended in configure). (Peter Kokot) . Fixed bug GH-10232 (If autoloading occurs during constant resolution filename and lineno are identified incorrectly). (ranvis) . Fixed bug GH-13727 (Missing void keyword). (Peter Kokot) - Fibers: . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()). (nielsdos) - FPM: . Fixed bug GH-13563 (Setting bool values via env in FPM config fails). (Jakub Zelenka) - Intl: . Fixed build for icu 74 and onwards. (dunglas) - MySQLnd: . Fix shift out of bounds on 32-bit non-fast-path platforms. (nielsdos) - Opcache: . Fixed incorrect assumptions across compilation units for static calls. (ilutov) - OpenSSL: . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely). (Jakub Zelenka) - PDO SQLite: . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi) . Fix GH-13998 (Manage refcount of agg_context->val correctly). (Saki Takamachi) - Phar: . Fixed bug GH-13836 (Renaming a file in a Phar to an already existing filename causes a NULL pointer dereference). (nielsdos) . Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c). (nielsdos) . Fix potential NULL pointer dereference before calling EVP_SignInit. (icy17) - PHPDBG: . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame). (nielsdos) - Posix: . Fix usage of reentrant functions in ext/posix. (Arnaud) - Session: . Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in ext/session/mod_files.c). (nielsdos) . Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts). (nielsdos, kamil-tekiela) . Fixed buffer _read/_write size limit on windows for the file mode. (David Carlier) - Streams: . Fixed file_get_contents() on Windows fails with "errno=22 Invalid argument". (Damian Wójcik) . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure). (Jakub Zelenka) . Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in ext/openssl/xp_ssl.c - causing use of dead socket). (nielsdos) . Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). (Arnaud) - Treewide: . Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodríguez) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2024/04/13 02:49:41 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.19.tar.xz) = e5311c04070b2cb656ab95bfa8c7a136e8f729de7955515ff9d316582bf43196 SHA512 (php-8.2.19.tar.xz) = 5ba7ab4317f7880a6cea93bf6d3a48d62db6bfcb5682be7e13a6a6f7bd1fef96ca813c2cf95f6b5020756f03b298995d1722367adb2580c1db221a2f9e311038 Size (php-8.2.19.tar.xz) = 12094184 bytes SHA1 (patch-configure) = cdda115b3e160568cc418dce5cd95cc52b5abf6b d15 1 @ 1.20 log @lang/php82: update to 8.2.18 This release includes security fixes. 11 Apr 2024, PHP 8.2.18 - Core: . Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud) - DOM: . Add some missing ZPP checks. (nielsdos) . Fix potential memory leak in XPath evaluation results. (nielsdos) . Fix phpdoc for DOMDocument load methods. (VincentLanglet) - FPM . Fix incorrect check in fpm_shm_free(). (nielsdos) - GD: . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) - Gettext: . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) - MySQLnd: . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi) . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) - Opcache: . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry) . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob) - PDO: . Fix various PDORow bugs. (Girgias) - Random: . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla) . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla) - Session: . Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos) - Sockets: . Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier) - SPL: . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos) . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos) - Standard: . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos) . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()). (SakiTakamachi) . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76) . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) - XML: . Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2024/03/17 16:46:05 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.18.tar.xz) = 6571715c96a8064a61bd868f483f27a85ce0594cb540cd7c28a226abe1eb29c0 SHA512 (php-8.2.18.tar.xz) = 8bdd6e5aa19dac80745d258a43f7330a3096d47dc66cbef0054b8f9eb9ace5e87d841a4001185a783241a416975753c922425e977f50b2716ce643b6a7bf351f Size (php-8.2.18.tar.xz) = 12089400 bytes SHA1 (patch-configure) = 80256ba9788c66d960954516394620c9f789d744 @ 1.19 log @lang/php82: update to 8.2.17 PHP 8.2.17 (2024-03-14) - Core: . Fix ZTS persistent resource crashes on shutdown. (nielsdos) - Curl: . Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh) - DOM: . Fix reference access in dimensions for DOMNodeList and DOMNodeMap. (nielsdos) - Fileinfo: . Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null), backport). (nielsdos) - FPM: . Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER). (Jakub Zelenka) - GD: . Fixed bug GH-12019 (detection of image formats in system gd library). (Michael Orlitzky) - MySQLnd: . Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi) - PGSQL: . Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute with null value passed by reference). (George Barbarosie) - Standard: . Fixed array key as hash to string (case insensitive) comparison typo for the second operand buffer size (albeit unused for now). (A. Slepykh) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2024/02/16 13:16:59 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.17.tar.xz) = 8aa7f3dd3e671ce1aadf71668e71a5edc3ab95fab0a1d6cdb19744f5d30d30da SHA512 (php-8.2.17.tar.xz) = 113cd8c6a481770aba7e21f1bc22500c93dfa41ff85a7b54e1abbfd5b5a32f51501c91eb45c29a5e2d8ec5f61861060c193a96e27224c97f8cad7979f378bde8 Size (php-8.2.17.tar.xz) = 12092404 bytes SHA1 (patch-configure) = c80956e91c562a1035ba8ae93403f762e149ae47 @ 1.19.2.1 log @Pullup ticket #6847 - requested by taca lang/php82: security fix Revisions pulled up: - lang/php/phpversion.mk 1.427 - lang/php82/distinfo 1.20 - lang/php82/patches/patch-configure 1.18 --- Module Name: pkgsrc Committed By: taca Date: Sat Apr 13 02:49:41 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: distinfo pkgsrc/lang/php82/patches: patch-configure Log Message: lang/php82: update to 8.2.18 This release includes security fixes. 11 Apr 2024, PHP 8.2.18 - Core: . Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos) . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi) . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud) - DOM: . Add some missing ZPP checks. (nielsdos) . Fix potential memory leak in XPath evaluation results. (nielsdos) . Fix phpdoc for DOMDocument load methods. (VincentLanglet) - FPM . Fix incorrect check in fpm_shm_free(). (nielsdos) - GD: . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky) - Gettext: . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier) - MySQLnd: . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi) . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos) - Opcache: . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry) . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob) - PDO: . Fix various PDORow bugs. (Girgias) - Random: . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla) . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla) - Session: . Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos) - Sockets: . Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier) - SPL: . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos) . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos) - Standard: . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos) . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()). (SakiTakamachi) . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76) . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka) . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) - XML: . Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2024/03/17 16:46:05 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.18.tar.xz) = 6571715c96a8064a61bd868f483f27a85ce0594cb540cd7c28a226abe1eb29c0 SHA512 (php-8.2.18.tar.xz) = 8bdd6e5aa19dac80745d258a43f7330a3096d47dc66cbef0054b8f9eb9ace5e87d841a4001185a783241a416975753c922425e977f50b2716ce643b6a7bf351f Size (php-8.2.18.tar.xz) = 12089400 bytes SHA1 (patch-configure) = 80256ba9788c66d960954516394620c9f789d744 @ 1.19.2.2 log @Pullup ticket #6867 - requested by taca lang/php82: security fix Revisions pulled up: - lang/php/phpversion.mk 1.430,1.435 - lang/php82/Makefile 1.9 - lang/php82/distinfo 1.21-1.22 - lang/php82/patches/patch-build_php.m4 1.1 - lang/php82/patches/patch-configure deleted - lang/php82/patches/patch-sapi_apache2handler_config.m4 1.1 --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 13:58:44 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: Makefile distinfo Added Files: pkgsrc/lang/php82/patches: patch-build_php.m4 patch-sapi_apache2handler_config.m4 Removed Files: pkgsrc/lang/php82/patches: patch-configure Log Message: lang/php82: update to 8.2.20 pkgsrc change: Instead of patch configure, patch m4 files and use autoconf to generate configure. PHP 8.2.20 (2024-06-06) - CGI: . Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - CLI: . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). (nielsdos) - Core: . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). (ilutov) . Fixed bug GH-14140 (Floating point bug in range operation on Apple Silicon hardware). (Derick, Saki) - DOM: . Fix crashes when entity declaration is removed while still having entity references. (nielsdos) . Fix references not handled correctly in C14N. (nielsdos) . Fix crash when calling childNodes next() when iterator is exhausted. (nielsdos) . Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. (nielsdos) - FFI: . Fixed bug GH-14215 (Cannot use FFI::load on CRLF header file with apache2handler). (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - FPM: . Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). (Benjamin Cremer) - Hash: . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) - Intl: . Fixed build regression on systems without C++17 compilers. (Calvin Buckley, Peter Kokot) - Ini: . Fixed bug GH-14100 (Corrected spelling mistake in php.ini files). (Marcus Xavier) - MySQLnd: . Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). (Kamil Tekiela) - Opcache: . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). (ilutov) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) - XML: . Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). (nielsdos) - XMLReader: . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos) --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 23:11:41 UTC 2024 Modified Files: pkgsrc/lang/php81: Makefile Makefile.php pkgsrc/lang/php82: Makefile Makefile.php pkgsrc/lang/php83: Makefile Makefile.php pkgsrc/www/ap-php: Makefile pkgsrc/www/php-fpm: Makefile Log Message: Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too. --- Module Name: pkgsrc Committed By: taca Date: Fri May 10 15:07:21 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: distinfo pkgsrc/lang/php82/patches: patch-configure Log Message: lang/php82: update to PHP 8.2.19 (2024-05-09) - Core: . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observ= er fcall handlers when JIT is enabled). (Bob) . Fixed bug GH-13931 (Applying zero offset to null pointer in Zend/zend_opcode.c). (nielsdos) . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers= with other timeout implementations). (K=E9vin Dunglas) . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callabl= e convert parameters). (ilutov) . Fixed bug GH-14013 (Erroneous dnl appended in configure). (Peter Ko= kot) . Fixed bug GH-10232 (If autoloading occurs during constant resolutio= n filename and lineno are identified incorrectly). (ranvis) . Fixed bug GH-13727 (Missing void keyword). (Peter Kokot) - Fibers: . Fixed bug GH-13903 (ASAN false positive underflow when executing co= py()). (nielsdos) - FPM: . Fixed bug GH-13563 (Setting bool values via env in FPM config fails= ). (Jakub Zelenka) - Intl: . Fixed build for icu 74 and onwards. (dunglas) - MySQLnd: . Fix shift out of bounds on 32-bit non-fast-path platforms. (nielsdo= s) - Opcache: . Fixed incorrect assumptions across compilation units for static cal= ls. (ilutov) - OpenSSL: . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely). (Jakub Zelenka) - PDO SQLite: . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Taka= machi) . Fix GH-13998 (Manage refcount of agg_context->val correctly). (Saki Takamachi) - Phar: . Fixed bug GH-13836 (Renaming a file in a Phar to an already existin= g filename causes a NULL pointer dereference). (nielsdos) . Fixed bug GH-13833 (Applying zero offset to null pointer in zend_ha= sh.c). (nielsdos) . Fix potential NULL pointer dereference before calling EVP_SignInit.= (icy17) - PHPDBG: . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_fr= ame). (nielsdos) - Posix: . Fix usage of reentrant functions in ext/posix. (Arnaud) - Session: . Fixed bug GH-13856 (Member access within null pointer of type 'ps_f= iles' in ext/session/mod_files.c). (nielsdos) . Fixed bug GH-13891 (memleak and segfault when using ini_set with session.trans_sid_hosts). (nielsdos, kamil-tekiela) . Fixed buffer _read/_write size limit on windows for the file mode. = (David Carlier) - Streams: . Fixed file_get_contents() on Windows fails with "errno=3D22 Invalid= argument". (Damian W=F3jcik) . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).= (Jakub Zelenka) . Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case= in ext/openssl/xp_ssl.c - causing use of dead socket). (nielsdos) . Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). (Arnaud) - Treewide: . Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodr=EDguez)= --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 23:11:41 UTC 2024 Modified Files: pkgsrc/lang/php81: Makefile Makefile.php pkgsrc/lang/php82: Makefile Makefile.php pkgsrc/lang/php83: Makefile Makefile.php pkgsrc/www/ap-php: Makefile pkgsrc/www/php-fpm: Makefile Log Message: Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19.2.1 2024/04/22 12:36:39 bsiegert Exp $ d3 4 a6 4 BLAKE2s (php-8.2.20.tar.xz) = a8407aabb71ce0540f0545c0048ce5ef3744033b2b1517c51fe4c98333d4f02b SHA512 (php-8.2.20.tar.xz) = c659ed4809b6507aa428b483c85c7322815ac9d7d8e4bfe575513a5e69c5a680b8d089fd98a19f83d3a00df3de61468809f21408455913aa24d519776e44abc5 Size (php-8.2.20.tar.xz) = 12097568 bytes SHA1 (patch-build_php.m4) = 4743b23e479c4ac904f18def41d5577f3a965af0 a14 1 SHA1 (patch-sapi_apache2handler_config.m4) = 5f98557568cc2abc34fab5d3f123803c9a81c0af @ 1.18 log @lang/php82: update to 8.2.16 15 Feb 2024, PHP 8.2.16 - Core: . Fixed timer leak in zend-max-execution-timers builds. (withinboredom) . Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus) . Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown Exception). (nielsdos) . Fixed bug GH-13215 (GCC 14 build failure). (Remi) - Curl: . Fix missing error check in curl_multi_init(). (divinity76) - FPM: . Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when plus in path). (Jakub Zelenka) - GD: . Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path). (nielsdos) . Fixed bug GH-10614 (imagerotate will turn the picture all black, when rotated 90). (nielsdos) - MySQLnd: . Fixed bug GH-12107 (When running a stored procedure (that returns a result set) twice, PHP crashes). (nielsdos) - Opcache: . Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but JIT_debug is still on). (nielsdos) - OpenSSL: . Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set. (David Carlier). - PDO_Firebird: . Fix GH-13119 (Changed to convert float and double values ​​into strings using `H` format). (SakiTakamachi) - Phar: . Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos) . Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos) - Random: . Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken engines). (timwolla) - Session: . Fixed bug GH-12504 (Corrupted session written when there's a fatal error in autoloader). (nielsdos) - Streams: . Fixed bug GH-13071 (Copying large files using mmap-able source streams may exhaust available memory and fail). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2024/01/21 07:56:15 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.16.tar.xz) = 614dd7361b8d9e4e11d9cfe47aa132304c2bca536a35d59ff3953ba7163b68d7 SHA512 (php-8.2.16.tar.xz) = 99e5c9eee4c5a35b3e1939c748ded87c8bff4a340d677516ed24dcf4207c51403d38524c46d6e79de5efe90d7368ba82052ec8a29dd5955f549e8198c1e917f6 Size (php-8.2.16.tar.xz) = 12085228 bytes SHA1 (patch-configure) = be06e1a0450240beafad7de98f8b6309954989d8 @ 1.17 log @lang/php82: update to 8.2.15 8.2.15 (2024-01-18) - Core: . Fixed bug GH-12953 (false positive SSA integrity verification failed when loading composer classmaps with more than 11k elements). (nielsdos) . Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't emit warnings). (Peter Kokot) - Cli: . Fix incorrect timeout in built-in web server when using router script and max_input_time. (ilutov) - FFI: . Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData). (Jakub Zelenka) . Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos) - Intl: . Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale). (David Carlier) - Hash: . Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on strings >= 4GiB). (nielsdos) - ODBC: . Fix crash on Apache shutdown with persistent connections. (nielsdos) - Opcache: . Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM with NULL when DIM is the same var as result). (ilutov) . Added workaround for SELinux mprotect execheap issue. See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov) - OpenSSL: . Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error). (Jakub Zelenka) - PDO: . Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES). (SakiTakamachi) - PDO_ODBC: . Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()). (SakiTakamachi) - PGSQL: . Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier) . Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()). (nielsdos) - Phar: . Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos) - PHPDBG: . Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos) - SimpleXML: . Fix getting the address of an uninitialized property of a SimpleXMLElement resulting in a crash. (nielsdos) - Tidy: . Fixed bug GH-12980 (tidynode.props.attribute is missing "Boolean Attributes" and empty attributes). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2024/01/05 02:13:17 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.15.tar.xz) = 90387e484fff82a8edcae18163887683e954433ab402f95d876d2aa6fb35a49e SHA512 (php-8.2.15.tar.xz) = 56c94bcafe07cf4bf5eb5fc6c67fcf16654c44a262ffb18188fc3ffac5e9bb11d39093bfb26c26bc8d2dec7e530d1a175180909262c9b5c30130cf5a4a293166 Size (php-8.2.15.tar.xz) = 12075384 bytes SHA1 (patch-configure) = 0bb05c49092342e4ea9a13bf237273fd48f3fd99 @ 1.16 log @lang/php82: update to 8.2.14 PHP 8.2.14 (2023-12-21) - Core: . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious error handler). (ilutov) . Fixed oss-fuzz #64209 (In-place modification of filename in php_message_handler_for_zend). (ilutov) . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt) . Fix various missing NULL checks. (nielsdos, dstogov) . Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call). (ilutov) - Date: . Fixed improbably integer overflow while parsing really large (or small) Unix timestamps. (Derick) - DOM: . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid default: prefix). (nielsdos) - FPM: . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval). (Patrick Prasse) - FTP: . Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos) - Intl: . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos) - LibXML: . Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303) . Fixed test failures for libxml2 2.12.0. (nielsdos) - MySQLnd: . Avoid using uninitialised struct. (mikhainin) . Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code). (nielsdos) - Opcache: . Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning at the same time as invalid offset Error). (Girgias) . Fixed JIT bug (JIT emits "Attempt to assign property of non-object" warning at the same time as Error is being thrown). (Girgias) - OpenSSL: . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs). (Jakub Zelenka) - PCRE: . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos) - PDO PGSQL: . Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate) - PGSQL: . Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov) - PHPDBG: . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos) - SOAP: . Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted). (nielsdos) - SPL: . Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination with GlobIterator and no directory separator). (nielsdos) - SQLite3: . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0). (SakiTakamachi) - Standard: . Fix memory leak in syslog device handling. (danog) . Fixed bug GH-12621 (browscap segmentation fault when configured in the vhost). (nielsdos) . Fixed bug GH-12655 (proc_open() does not take into account references in the descriptor array). (nielsdos) - Streams: . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault). (Jakub Zelenka) - Zip: . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option Behavior). (Remi) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2023/11/24 06:01:26 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.14.tar.xz) = 0eb092e7658e2e8e7e6026008980b4fd460eb4542a739d75c0f185f2f34972cb SHA512 (php-8.2.14.tar.xz) = a140fc452ad86281e48a072f97b083232a6bef2d4d7335ad67a7e71c24d274ccba97322b168952df4348fe05266762798169c2c3b37f05bad2cdbc76c06fa64f Size (php-8.2.14.tar.xz) = 12080468 bytes SHA1 (patch-configure) = 8b8c611884e96e9a634ae619149fc38afcabd2ff @ 1.15 log @PHP 8.2.13 (2023-11-23) - Core: . Fixed double-free of non-interned enum case name. (ilutov) . Fixed bug GH-12457 (Incorrect result of stripos with single character needle). (SakiTakamachi) . Fixed bug GH-12468 (Double-free of doc_comment when overriding static property via trait). (ilutov) . Fixed segfault caused by weak references to FFI objects. (sj-i) . Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas) . Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type if the class name starts with N). (kocsismate) - DOM: . Fix registerNodeClass with abstract class crashing. (nielsdos) . Add missing NULL pointer error check. (icy17) . Fix validation logic of php:function() callbacks. (nielsdos) - Fiber: . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi) - FPM: . Fixed bug GH-9921 (Loading ext in FPM config does not register module handlers). (Jakub Zelenka) . Fixed bug GH-12232 (FPM: segfault dynamically loading extension without opcache). (Jakub Zelenka) . Fixed bug #76922 (FastCGI terminates conn after FCGI_GET_VALUES). (Jakub Zelenka) - Intl: . Removed the BC break on IntlDateFormatter::construct which threw an exception with an invalid locale. (David Carlier) - Opcache: . Added warning when JIT cannot be enabled. (danog) . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov) - OpenSSL: . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify). (Jakub Zelenka) - PCRE: . Fixed bug GH-11374 (Backport upstream fix, Different preg_match result with -d pcre.jit=0). (mvorisek) - SOAP: . Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes). (nielsdos) . Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation Fault). (nielsdos) . Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos) . Fix incorrect uri check in SOAP caching. (nielsdos) . Fix segfault and assertion failure with refcounted props and arrays. (nielsdos) . Fix potential crash with an edge case of persistent encoders. (nielsdos) . Fixed bug #75306 (Memleak in SoapClient). (nielsdos) - Streams: . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers). (Jakub Zelenka) - XMLReader: . Add missing NULL pointer error check. (icy17) - XMLWriter: . Add missing NULL pointer error check. (icy17) - XSL: . Add missing module dependency. (nielsdos) . Fix validation logic of php:function() callbacks. (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2023/10/27 15:02:43 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.13.tar.xz) = 166a7dad259a21763ccace43350e136db5829bb003c39ca33bbd9317d71cddb4 SHA512 (php-8.2.13.tar.xz) = 8031e33d148c5acbfbb3ed00d7a266813c8919db86ba260ba65e1837d6db8d0bd66d8ddef66884466dd3fe51ece7882b03f8d8db6ff4383f80a68b7beafc03af Size (php-8.2.13.tar.xz) = 12069092 bytes SHA1 (patch-configure) = e9fd05416c4780cb9ce74cda32b0166186eb1d48 @ 1.14 log @lang/php82: update to 8.2.12 26 Oct 2023, PHP 8.2.12 - Core: . Fixed bug GH-12207 (memory leak when class using trait with doc block). (rioderelfte) . Fixed bug GH-12215 (Module entry being overwritten causes type errors in ext/dom). (nielsdos) . Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky) . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos) - CLI: . Ensure a single Date header is present. (coppolafab) - CType: . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater). (nielsdos) - DOM: . Restore old namespace reconciliation behaviour. (nielsdos) . Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos) - Fileinfo: . Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise) - Filter: . Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov) - Hash: . Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext). (MaxSem) - Intl: . Fixed bug GH-12243 (segfault on IntlDateFormatter::construct). (David Carlier) . Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception on an invalid locale). (David Carlier) - MySQLnd: . Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library) 'mysqlnd.so' in Unknown on line). (nielsdos) - Opcache: . Fixed opcache_invalidate() on deleted file. (mikhainin) . Fixed bug GH-12380 (JIT+private array property access inside closure accesses private property in child class). (nielsdos) - PCRE: . Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with JIT enabled gives different result). (nielsdos) - SimpleXML: . Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos) . Fixed bug GH-12223 (Entity reference produces infinite loop in var_dump/print_r). (nielsdos) . Fixed bug GH-12167 (Unable to get processing instruction contents in SimpleXML). (nielsdos) . Fixed bug GH-12169 (Unable to get comment contents in SimpleXML). (nielsdos) - Streams: . Fixed bug GH-12190 (binding ipv4 address with both address and port at 0). (David Carlier) - XML: . Fix return type of stub of xml_parse_into_struct(). (nielsdos) . Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos) - XSL: . Fix type error on XSLTProcessor::transformToDoc return value with SimpleXML. (nielsdos) @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 4 BLAKE2s (php-8.2.12.tar.xz) = 9aa2c22e92bfdf90f289d2272a1ad7796c1b1e8aa3010ae33b58fd76c1cfe694 SHA512 (php-8.2.12.tar.xz) = d3fa01ade4094cb2a1b36f1d0bbfdf7c590997e13566ffcfdbd5a307b30ad9456099116f44fe2d612158a0017d9f05346932ce47768c760c7cfacfa56acf294e Size (php-8.2.12.tar.xz) = 12048788 bytes SHA1 (patch-configure) = c8578bf4893665cb8dee242bbdc866d100912436 @ 1.13 log @lang/php82: update to 8.2.11 28 Sep 2023, PHP 8.2.11 - Core: . Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov) . Fixed bug GH-11790 (On riscv64 require libatomic if actually needed). (Jeremie Courreges-Anglas) . Fixed bug GH-11876: ini_parse_quantity() accepts invalid quantities. (Girgias) . Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures). (ilutov) . Fixed bug GH-12060 (Internal iterator rewind handler is called twice). (ju1ius) . Fixed bug GH-12102 (Incorrect compile error when using array access on TMP value in function call). (ilutov) - DOM: . Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos) - Iconv: . Fixed build for NetBSD which still uses the old iconv signature. (David Carlier) - Intl: . Fixed bug GH-12020 (intl_get_error_message() broken after MessageFormatter::formatMessage() fails). (Girgias) - MySQLnd: . Fixed bug GH-10270 (Invalid error message when connection via SSL fails: "trying to connect via (null)"). (Kamil Tekiela) - ODBC: . Fixed memory leak with failed SQLPrepare. (NattyNarwhal) . Fixed persistent procedural ODBC connections not getting closed. (NattyNarwhal) - SimpleXML: . Fixed bug #52751 (XPath processing-instruction() function is not supported). (nielsdos) - SPL: . Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18). (nielsdos) - SQLite3: . Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with a callable array). (nielsdos, arnaud-lb) @ text @d3 4 a6 4 BLAKE2s (php-8.2.11.tar.xz) = ee63ca3cecf20547ac0bda9d7280660c0e0ca7c41d4ca3ed2679ca768f16628d SHA512 (php-8.2.11.tar.xz) = 3c8db245854c0221a952e0f11fc8fbf8944caf73ae0049a710db0db5ce9c018207444dc8a60e2b3c63a6d025c5d09cd17b0542e1b7df8ad2e49635ef5faf7f45 Size (php-8.2.11.tar.xz) = 12046180 bytes SHA1 (patch-configure) = be51847b1641413b97d1dd998c8188160fce7a4c @ 1.12 log @lang/php82: update to 8.2.10 31 Aug 2023, PHP 8.2.10 - CLI: . Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with ZEND_RC_DEBUG=1). (nielsdos) . Fixed bug GH-10964 (Improve man page about the built-in server). (Alexandre Daubois) - Date: . Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are passed in). (Derick) - Core: . Fixed strerror_r detection at configuration time. (Kévin Dunglas) . Fixed trait typed properties using a DNF type not being correctly bound. (Girgias) . Fixed trait property types not being arena allocated if copied from an internal trait. (Girgias) . Fixed deep copy of property DNF type during lazy class load. (Girgias, ilutov) . Fixed memory freeing of DNF types for non arena allocated types. (Girgias, ju1ius) - DOM: . Fix DOMEntity field getter bugs. (nielsdos) . Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS. (nielsdos) . Fix DOMCharacterData::replaceWith() with itself. (nielsdos) . Fix empty argument cases for DOMParentNode methods. (nielsdos) . Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone). (nielsdos) . Fix json_encode result on DOMDocument. (nielsdos) . Fix manually calling __construct() on DOM classes. (nielsdos) . Fixed bug GH-11830 (ParentNode methods should perform their checks upfront). (nielsdos) . Fix viable next sibling search for replaceWith. (nielsdos) . Fix segfault when DOMParentNode::prepend() is called when the child disappears. (nielsdos) - FFI: . Fix leaking definitions when using FFI::cdef()->new(...). (ilutov) - Hash: . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options parameter in signature. (ilutov) - MySQLnd: . Fixed bug GH-11440 (authentication to a sha256_password account fails over SSL). (nielsdos) . Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password accounts using passwords longer than 19 characters). (nielsdos, Kamil Tekiela) . Fixed bug GH-11550 (MySQL Statement has a empty query result when the response field has changed, also Segmentation fault). (Yurunsoft) . Fixed invalid error message "Malformed packet" when connection is dropped. (Kamil Tekiela) - Opcache: . Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or opcache_get_status() / phpinfo() is wrong). (nielsdos) . Avoid adding an unnecessary read-lock when loading script from shm if restart is in progress. (mikhainin) - PCNTL: . Revert behaviour of receiving SIGCHLD signals back to the behaviour before 8.1.22. (nielsdos) - SPL: . Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free). (nielsdos) - Standard: . Prevent int overflow on $decimals in number_format. (Marc Bennewitz) . Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix) (athos-ribeiro) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2023/08/06 04:05:06 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.10.tar.xz) = 6d8b2a687ed3acad58ac6cd174dc43acce92ff112bca095cbca8e39cb3232ed9 SHA512 (php-8.2.10.tar.xz) = b9123f63afc99fdce34182f49a022611d584bd4a26f624d0010785599e9b10af7924f8307bbca920d75cb7b0cc23fa57efd5d6ef1d2dd89d5a508578bd36b146 Size (php-8.2.10.tar.xz) = 12041348 bytes SHA1 (patch-configure) = b2445d8b39c1e6c4a8d7abdd45f9cb217e7cd71b @ 1.11 log @lang/php82: fix distinfo Fix distinfo. Maybe, I fetched pre-install version. No DIST_SUBDIR update with expecting no one fetched pre-official distinfo file. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2023/08/05 08:45:39 taca Exp $ d3 4 a6 4 BLAKE2s (php-8.2.9.tar.xz) = 7156a5143373e5fc257676e8494c2a6da346b0189360831acffcd268a19471da SHA512 (php-8.2.9.tar.xz) = 26c53dc737d6144cc0a3ce9134f92f59eb29f62c44b7d6159b92a25bdb0fa80239d7f6b6b663adfe444e57e98b202381df9b35532f40168ea093ac56d4bced19 Size (php-8.2.9.tar.xz) = 12035468 bytes SHA1 (patch-configure) = 614c907a17adb6d8145e2d6c8ab25d2e4ff8bace @ 1.10 log @lang/php82: update to 8.2.9 03 Aug 2023, PHP 8.2.9 - Build: . Fixed bug GH-11522 (PHP version check fails with '-' separator). (SVGAnimate) - CLI: . Fix interrupted CLI output causing the process to exit. (nielsdos) - Core: . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). (ilutov) . Fixed line number of JMP instruction over else block. (ilutov) . Fixed use-of-uninitialized-value with ??= on assert. (ilutov) . Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions). (ilutov) . Fixed build for FreeBSD before the 11.0 releases. (David Carlier) - Curl: . Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos) - Date: . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick) . Fixed bug GH-11600 (Can't parse time strings which include (narrow) non-breaking space characters). (Derick) - DOM: . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos) - Fileinfo: . Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol) - FTP: . Fix context option check for "overwrite". (JonasQuinten) . Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos) - GD: . Fix most of the external libgd test failures. (Michael Orlitzky) - Intl: . Fix memory leak in MessageFormatter::format() on failure. (Girgias) - Libxml: . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) - MBString: . Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos) - Opcache: . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos) . Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos) - PCNTL: . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos) - PDO: . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi) - PDO SQLite: . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias) - Phar: . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos) . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos) - PHPDBG: . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr) - Session: . Removed broken url support for transferring session ID. (ilutov) - Standard: . Fix serialization of RC1 objects appearing in object graph twice. (ilutov) - Streams: . Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself). (ilutov) - SQLite3: . Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos) - XMLReader: . Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active). (Bob) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2023/07/07 12:49:17 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.9.tar.xz) = adc0800e5c642a46c91e1acd872544ab038aae6aec988e66b7f282f03107cf97 SHA512 (php-8.2.9.tar.xz) = 4c1ced33cf44fd2241be6963ef621832efbe011ae1437ce3bd8dbb40321f05485054c208bcbb3779ab4f7ce40c0d92ed422053a5cd523d47e93d808833c8f014 Size (php-8.2.9.tar.xz) = 12039672 bytes @ 1.9 log @lang/php82: update to 8.2.8 PHP 8.2.8 (2023-07-06) - CLI: . Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS). (James Lucas) - Core: . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili) - Curl: . Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL). (nielsdos) - Date: . Fixed bug GH-11455 (Segmentation fault with custom object date properties). (nielsdos) - DOM: . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith). (nielsdos) . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value). (nielsdos) . Fix return value in stub file for DOMNodeList::item. (divinity76) . Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS. (nielsdos) . Fix DOMElement::append() and DOMElement::prepend() hierarchy checks. (nielsdos) . Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query). (nielsdos) . Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces). (nielsdos) . Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself). (nielsdos) . Fixed bug #77686 (Removed elements are still returned by getElementById). (nielsdos) . Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()). (nielsdos) . Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos) . Fix lifetime issue with getAttributeNodeNS(). (nielsdos) . Fix "invalid state error" with cloned namespace declarations. (nielsdos) . Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues). (nielsdos) . Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap). (nielsdos) - Opcache: . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos) . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB) . Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked). (nielsdos) - OpenSSL: . Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka). - PCRE: . Fix preg_replace_callback_array() pattern validation. (ilutov) - PGSQL: . Fixed intermittent segfault with pg_trace. (David Carlier) - Phar: . Fix cross-compilation check in phar generation for FreeBSD. (peter279k) - SPL: . Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash). (nielsdos) - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) . Fix exception handling in array_multisort(). (ilutov) - SQLite3: . Fixed bug GH-11451 (Invalid associative array containing duplicate keys). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2023/06/09 13:16:03 taca Exp $ d3 3 a5 4 BLAKE2s (php-8.2.8.tar.xz) = b70e7785e1a483896b5cef52ca3bd361a3fc92e9838a63c0fff5e3c989f1cde6 SHA512 (php-8.2.8.tar.xz) = d1539010761aaa525e286cf012953a097556c61608505a2b1a83f78b40b7a1c3338f494c4cf34abda764c762c4b0bacb09ce9286236d2a356ee61121236b6bcf Size (php-8.2.8.tar.xz) = 12034856 bytes SHA1 (patch-build_libtool.m4) = e58a2bcebe9e9d7dc7255354fd9fe57878e3f8a6 @ 1.8 log @lang/php82: update to 8.2.7 8.2.7 (2023-06-08) Core: * Fixed bug GH-11152 (Unable to alias namespaces containing reserved class names). * Fixed bug GH-9068 (Conditional jump or move depends on uninitialised value(s)). * Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves the array in an invalid state). * Fixed bug GH-11063 (Compilation error on old GCC versions). * Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash). Date: * Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in offset). Exif: * Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper chunk sizes). FPM: * Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of child->ev_std(out|err)). * Fixed bug #64539 (FPM status page: query_string not properly JSON encoded). * Fixed memory leak for invalid primary script file handle. Hash: * Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments). LibXML: * Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0). MBString: * Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative offset and ASCII encoding). Opcache: * Fixed bug GH-11134 (Incorrect match default branch optimization). * Fixed too wide OR and AND range inference. * Fixed missing class redeclaration error with OPcache enabled. * Fixed bug GH-11245 (In some specific cases SWITCH with one default statement will cause segfault). PCNTL: * Fixed maximum argument count of pcntl_forkx(). PGSQL: * Fixed parameter parsing of pg_lo_export(). Phar: * Fixed bug GH-11099 (Generating phar.php during cross-compile can't be done). Soap: * Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). * Fixed bug GH-8426 (make test fail while soap extension build). SPL: * Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data (PHP 8.1.18)). Standard: * Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for source file). * Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308 redirect). Streams: * Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted irregularly for last chunk of data). * Fixed bug GH-11175 (Stream Socket Timeout). * Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1 passed to stream_socket_accept/stream_socket_client). @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2023/05/14 14:46:15 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.7.tar.xz) = e31531a7856586707df35d8d997b8cca8179b54fd42d8bfad71e35f06e52ac6f SHA512 (php-8.2.7.tar.xz) = 8533c0d7b6b0cbca8d01238342edebe1f123b093ab8f3cf5efab40b133989c3288214176b9e2a213b260b07b6bf140711f9b9580c2515a093f586bedc81d8a44 Size (php-8.2.7.tar.xz) = 12016940 bytes d7 1 a7 1 SHA1 (patch-configure) = 9e41843c0ba0420eba8974c6a5a78de314e5c988 @ 1.8.2.1 log @Pullup ticket #6787 - requested by taca lang/php82: security fix Revisions pulled up: - lang/php/phpversion.mk 1.402,1.405 - lang/php82/distinfo 1.9-1.11 - lang/php82/patches/patch-build_libtool.m4 deleted - lang/php82/patches/patch-configure 1.9 --- Module Name: pkgsrc Committed By: taca Date: Fri Jul 7 12:49:17 UTC 2023 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: distinfo pkgsrc/lang/php82/patches: patch-configure Log Message: lang/php82: update to 8.2.8 PHP 8.2.8 (2023-07-06) - CLI: . Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS). (James Lucas) - Core: . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili) - Curl: . Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL). (nielsdos) - Date: . Fixed bug GH-11455 (Segmentation fault with custom object date properties). (nielsdos) - DOM: . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions and segfaults with replaceWith). (nielsdos) . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty attribute value). (nielsdos) . Fix return value in stub file for DOMNodeList::item. (divinity76) . Fix spec compliance error with '*' namespace for DOMDocument::getElementsByTagNameNS. (nielsdos) . Fix DOMElement::append() and DOMElement::prepend() hierarchy checks. (nielsdos) . Fixed bug GH-11347 (Memory leak when calling a static method inside an xpath query). (nielsdos) . Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile namespaces). (nielsdos) . Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node with itself). (nielsdos) . Fixed bug #77686 (Removed elements are still returned by getElementById). (nielsdos) . Fixed bug #70359 (print_r() on DOMAttr causes Segfault in php_libxml_node_free_list()). (nielsdos) . Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos) . Fix lifetime issue with getAttributeNodeNS(). (nielsdos) . Fix "invalid state error" with cloned namespace declarations. (nielsdos) . Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation issues). (nielsdos) . Fixed bug #80332 (Completely broken array access functionality with DOMNamedNodeMap). (nielsdos) - Opcache: . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos) . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB) . Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem with opcache.file_cache_only=1 but it was never locked). (nielsdos) - OpenSSL: . Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in subjectAltNames (James Lucas, Jakub Zelenka). - PCRE: . Fix preg_replace_callback_array() pattern validation. (ilutov) - PGSQL: . Fixed intermittent segfault with pg_trace. (David Carlier) - Phar: . Fix cross-compilation check in phar generation for FreeBSD. (peter279k) - SPL: . Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one slash). (nielsdos) - Standard: . Fix access on NULL pointer in array_merge_recursive(). (ilutov) . Fix exception handling in array_multisort(). (ilutov) - SQLite3: . Fixed bug GH-11451 (Invalid associative array containing duplicate keys). (nielsdos) --- Module Name: pkgsrc Committed By: taca Date: Sat Aug 5 08:45:39 UTC 2023 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: distinfo Removed Files: pkgsrc/lang/php82/patches: patch-build_libtool.m4 Log Message: lang/php82: update to 8.2.9 03 Aug 2023, PHP 8.2.9 - Build: . Fixed bug GH-11522 (PHP version check fails with '-' separator). (SVGAnimate) - CLI: . Fix interrupted CLI output causing the process to exit. (nielsdos) - Core: . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator). (ilutov) . Fixed line number of JMP instruction over else block. (ilutov) . Fixed use-of-uninitialized-value with ??= on assert. (ilutov) . Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions). (ilutov) . Fixed build for FreeBSD before the 11.0 releases. (David Carlier) - Curl: . Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos) - Date: . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick) . Fixed bug GH-11600 (Can't parse time strings which include (narrow) non-breaking space characters). (Derick) - DOM: . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos) - Fileinfo: . Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol) - FTP: . Fix context option check for "overwrite". (JonasQuinten) . Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos) - GD: . Fix most of the external libgd test failures. (Michael Orlitzky) - Intl: . Fix memory leak in MessageFormatter::format() on failure. (Girgias) - Libxml: . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov) - MBString: . Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos) - Opcache: . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos) . Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos) - PCNTL: . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos) - PDO: . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi) - PDO SQLite: . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias) - Phar: . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos) . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos) - PHPDBG: . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr) - Session: . Removed broken url support for transferring session ID. (ilutov) - Standard: . Fix serialization of RC1 objects appearing in object graph twice. (ilutov) - Streams: . Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself). (ilutov) - SQLite3: . Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos) - XMLReader: . Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active). (Bob) --- Module Name: pkgsrc Committed By: taca Date: Sun Aug 6 04:05:06 UTC 2023 Modified Files: pkgsrc/lang/php82: distinfo Log Message: lang/php82: fix distinfo Fix distinfo. Maybe, I fetched pre-install version. No DIST_SUBDIR update with expecting no one fetched pre-official distinfo file. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2023/06/09 13:16:03 taca Exp $ d3 5 a7 4 BLAKE2s (php-8.2.9.tar.xz) = 7156a5143373e5fc257676e8494c2a6da346b0189360831acffcd268a19471da SHA512 (php-8.2.9.tar.xz) = 26c53dc737d6144cc0a3ce9134f92f59eb29f62c44b7d6159b92a25bdb0fa80239d7f6b6b663adfe444e57e98b202381df9b35532f40168ea093ac56d4bced19 Size (php-8.2.9.tar.xz) = 12035468 bytes SHA1 (patch-configure) = 614c907a17adb6d8145e2d6c8ab25d2e4ff8bace @ 1.7 log @lang/php82: update to 8.2.6 11 May 2023, PHP 8.2.6 - Core: . Fix inconsistent float negation in constant expressions. (ilutov) . Fixed bug GH-8841 (php-cli core dump calling a badly formed function). (nielsdos) . Fixed bug GH-10085 (Assertion when adding two arrays with += where the first array is contained in the second). (ilutov) . Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB) . Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos) . Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=). (ilutov) - Date: . Fixed bug where the diff() method would not return the right result around DST changeover for date/times associated with a timezone identifier. (Derick) . Fixed out-of-range bug when converting to/from around the LONG_MIN unix timestamp. (Derick) - DOM: . Fixed bug #80602 (Segfault when using DOMChildNode::before()). (Nathan Freeman) . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos) - Exif: . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid endianess, Illegal IFD size and Undefined index). (nielsdos) - Intl: . Fixed bug GH-11071 (TZData version not displayed anymore). (Remi) - PCRE: . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov) - Reflection: . Fixed bug GH-10983 (State-dependant segfault in ReflectionObject::getProperties). (nielsdos) - SPL: . Handle indirect zvals and use up-to-date properties in SplFixedArray::__serialize. (nielsdos) - Standard: . Fixed bug GH-10990 (mail() throws TypeError after iterating over $additional_headers array by reference). (nielsdos) . Fixed bug GH-9775 (Duplicates returned by array_unique when using enums). (ilutov) - Streams: . Fixed bug GH-10406 (feof() behavior change for UNIX based socket resources). (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2023/04/15 02:17:13 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.6.tar.xz) = f750b6ab278a6ea6985c36584be4ca2e572acc8dba0c61c62c0c8c16312c088d SHA512 (php-8.2.6.tar.xz) = a935aa6edf4a79a68f6976427c1bd9af4677304b9005045fe2a12d0677dce9c4370fd747da4e6bdd15c52f4714daea66a3e16160c09573bd3bae4e0e5b974392 Size (php-8.2.6.tar.xz) = 12014972 bytes d7 1 a7 1 SHA1 (patch-configure) = 614c907a17adb6d8145e2d6c8ab25d2e4ff8bace @ 1.6 log @lang/php82: update to 8.2.5 13 Apr 2023, PHP 8.2.5 - Core: . Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas) . Fixed use-after-free in recursive AST evaluation. (ilutov) . Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos) . Re-add some CTE functions that were removed from being CTE by a mistake. (mvorisek) . Remove CTE flag from array_diff_ukey(), which was added by mistake. (mvorisek) . Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault). (nielsdos) . Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache). (nielsdos) . Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown). (nielsdos) . Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()). (ilutov) . Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov) - Date: . Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw). (Derick) - FPM: . Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos) . Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos) . Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path). (Jakub Zelenka) - FTP: . Propagate success status of ftp_close(). (nielsdos) . Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB). (nielsdos) - IMAP: . Fix build failure with Clang 16. (orlitzky) - MySQLnd: . Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections). (nielsdos) - Opcache: . Fixed build for macOS to cater with pkg-config settings. (David Carlier) . Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context). (nielsdos) - OpenSSL: . Add missing error checks on file writing functions. (nielsdos) - PDO Firebird: . Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland). (nielsdos) - Phar: . Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)). (nielsdos) . Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit(). (nielsdos) - PDO ODBC: . Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos) - PGSQL: . Fixed typo in the array returned from pg_meta_data (extended mode). (David Carlier) - SPL: . Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman) . Fixed bug GH-10907 (Unable to serialize processed SplFixedArrays in PHP 8.2.4). (nielsdos) . Fixed bug GH-10844 (ArrayIterator allows modification of readonly props). (ilutov) - Standard: . Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov) . Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)). (nielsdos) . Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure). (ilutov) . Fixed undefined behaviour in unpack(). (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2023/03/17 13:53:02 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.5.tar.xz) = 4abf40ccb832df20563def83998ac5f018f91cdc0eb27d2e2c492164c08c7d2a SHA512 (php-8.2.5.tar.xz) = ae8aac35a58b342fbfb725044eecdb1065690c461b26e4225445bda3a1719e43eacc4ad5536ccce326cf56a18c20d424b85b1a53277100c7186fc4d54b2d77f0 Size (php-8.2.5.tar.xz) = 12001192 bytes d7 1 a7 1 SHA1 (patch-configure) = 8cb200f069318bd552b4eab1ddbdfd6d4ba31ac9 @ 1.5 log @lang/php82: update to 8.2.4 16 Mar 2023, PHP 8.2.4 - Core: . Fixed incorrect check condition in ZEND_YIELD. (nielsdos) . Fixed incorrect check condition in type inference. (nielsdos) . Fix incorrect check in zend_internal_call_should_throw(). (nielsdos) . Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos) . Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes). (Arnaud) . Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout). (trowski) . Fixed SSA object type update for compound assignment opcodes. (nielsdos) . Fixed language scanner generation build. (Daniel Black) . Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type. (nielsdos) . Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name). (nielsdos) . Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized. (nielsdos) - Curl: . Fixed deprecation warning at compile time. (Max Kellermann) . Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback). (Pierrick Charron) - Date: . Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick) . Fix GH-10152 (Custom properties of Date's child classes are not serialised). (Derick) . Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw). (Derick) - FFI: . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos) - Fiber: . Fixed assembly on alpine x86. (nielsdos) . Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber). (Bob, Arnaud) - FPM: . Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka) . Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos) - GMP: . Properly implement GMP::__construct(). (nielsdos) - Intl: . Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0. (Nathan Freeman) - JSON: . Fixed JSON scanner and parser generation build. (Daniel Black, Jakub Zelenka) - MBString: . ext/mbstring: fix new_value length check. (Max Kellermann) . Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos) - Opcache: . Fix incorrect page_size check. (nielsdos) - OpenSSL: . Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos) - PDO OCI: . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars). (Michael Voříšek) - PHPDBG: . Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos) - PGSQL: . Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias) - Phar: . Fix incorrect check in phar tar parsing. (nielsdos) - Random: . Fix GH-10390 (Do not trust arc4random_buf() on glibc). (timwolla) . Fix GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) - Reflection: . Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments). (nielsdos) . Fix Segfault when using ReflectionFiber suspended by an internal function. (danog) - Session: . Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos). - Standard: . Fixed bug GH-8086 (Introduce mail.mixed_lf_and_crlf INI). (Jakub Zelenka) . Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown). (kocsismate) . Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos) . Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes . Fix incorrect error check in browsecap for pcre2_match(). (nielsdos) - Streams: . Fixed bug GH-10370 (File corruption in _php_stream_copy_to_stream_ex when using copy_file_range). (nielsdos) . Fixed bug GH-10548 (copy() fails on cifs mounts because of incorrect copy_file_range() len). (nielsdos) - Tidy: . Fix memory leaks when attempting to open a non-existing file or a file over 4GB. (Girgias) . Add missing error check on tidyLoadConfig. (nielsdos) - Zlib: . Fixed output_handler directive value's length which counted the string terminator. (nieldos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2023/02/15 14:15:12 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.4.tar.xz) = d468026ea58d4608bb27da49640971d430d344f3504d71be376f2e161a758e5e SHA512 (php-8.2.4.tar.xz) = 997435f3f921f305147a520497c68031aad6d1212365ddf04674d919fd2787d169d2898536a59709b5530857c5746a25cf43e726a2c3a30bcf3372107b2cd388 Size (php-8.2.4.tar.xz) = 11991796 bytes d7 1 a7 1 SHA1 (patch-configure) = 2173fb80501f65860cbdd502c6b3b50ad176c33f @ 1.4 log @lang/php82: update to 8.2.3 14 Feb 2023, PHP 8.2.3 - Core: . Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567) (Tim Düsterhus) . Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568) (Niels Dossche) - FPM: . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662) (Jakub Zelenka) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2023/02/03 14:41:48 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.3.tar.xz) = 6ea5268a71eaeea230191303e01aea9348e672079cdb54b2931a08a6f080b0e4 SHA512 (php-8.2.3.tar.xz) = 4e3ae840ac486868d5bedc2ae771e3ff5d4939ba4c2f7c769b7052322a5eccc8fba253df311a77f3ea852bf42f9dec34653baf828f68c9c191d3a425a8968d4c Size (php-8.2.3.tar.xz) = 12038240 bytes d7 1 a7 1 SHA1 (patch-configure) = ca37cc8663caeb91c6f3a2a156319be8cbd92860 @ 1.3 log @lang/php82: update to 8.2.2 02 Feb 2023, PHP 8.2.2 - Core: . Fixed bug GH-10200 (zif_get_object_vars: Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed). (nielsdos) . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos) . Fix GH-10240 (Assertion failure when adding more than 2**30 elements to an unpacked array). (Arnaud) . Fix GH-9735 (Fiber stack variables do not participate in cycle collector). (Arnaud) . Fix GH-9675 (Broken run_time_cache init for internal enum methods). (Petar Obradović, Bob) - FPM: . Fixed bug #77106 (Missing separator in FPM FastCGI errors). (Jakub Zelenka) . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header). (Jakub Zelenka) . Fixed bug #68591 (Configuration test does not perform UID lookups). (Jakub Zelenka) . Fixed memory leak when running FPM config test. (Jakub Zelenka) . Fixed bug #67244 (Wrong owner:group for listening unix socket). (Jakub Zelenka) - Hash: . Handle exceptions from __toString in XXH3's initialization (nielsdos) - LDAP: . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()). (cmb) - Opcache: . Fix inverted bailout value in zend_runtime_jit() (Max Kellermann). . Fix access to uninitialized variable in accel_preload(). (nielsdos) . Fix zend_jit_find_trace() crashes. (Max Kellermann) . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann) - Phar: . Fix wrong flags check for compression method in phar_object.c (nielsdos) - PHPDBG: . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos) . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos) . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos) . Fix phpdbg segmentation fault in case of malformed input (nielsdos) - Posix: . Fix memory leak in posix_ttyname() (girgias) - Random: . Fixed bug GH-10247 (Theoretical file descriptor leak for /dev/urandom). (timwolla) - Standard: . Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos) . Fixed bug GH-10214 (Incomplete validation of object syntax during unserialize()). (timwolla) . Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos) - XMLWriter . Fix missing check for xmlTextWriterEndElement (nielsdos) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2023/01/07 07:42:15 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.2.tar.xz) = 489eca5f3c160a744128e0f3240d1313180c495828225326b0650cfc09e3fff4 SHA512 (php-8.2.2.tar.xz) = 8250e0706d61d0f77aab4d37dabfca3356b3de6508797a1d4851cddba52935170103388508d6d30d3638a10311c2f16d850616005d89341ac707eaefb14b9184 Size (php-8.2.2.tar.xz) = 11937140 bytes d7 1 a7 1 SHA1 (patch-configure) = 2a306398706e2de47ad8bd2c190c6b715190e727 @ 1.2 log @lang/php82: update to 8.2.1 PHP 8.2.1 (2023-01-05) - Core: . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined). (cmb) . Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file). (Akama Hitoshi) . Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows). (cmb) . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek) . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb) . Fixed GH-9769 (Misleading error message for unpacking of objects). (jhdxr) - Apache: . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb) - FPM: . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694). (Petr Sumbera) . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING). (Jakub Zelenka) . Fixed bug #80669 (FPM numeric user fails to set groups). (Jakub Zelenka) . Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said). (Jakub Zelenka) - Imap: . Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is still open). (Girgias) - MBString: . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1). (Nathan Freeman) - Opcache: . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload). (Arnaud, michdingpayc) - OpenSSL: . Fixed bug GH-9997 (OpenSSL engine clean up segfault). (Jakub Zelenka) . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec). (Jakub Zelenka) . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa). (Jakub Zelenka) - Pcntl: . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash). (Erki Aring) - PDO_Firebird: . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird). (cmb) - PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) (cmb) - Session: . Fixed GH-9932 (session name silently fails with . and [). (David Carlier) - SPL: . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias) . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered). (Girgias) - SQLite3: . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb) - TSRM: . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.1 2022/12/11 14:12:29 taca Exp $ d3 3 a5 3 BLAKE2s (php-8.2.1.tar.xz) = 64f5f921168105d995cfcd0d18e449a809948792e75b0df82025cb89753573ae SHA512 (php-8.2.1.tar.xz) = 9927ccb9e5581c24d0ef3e408a7a1b32bc99f43ce88e83e4430dbd4faa3a2498b299ad6b3a70696facded139100c85bb7ae66223a72b2c043ccab0d80a2c2826 Size (php-8.2.1.tar.xz) = 12031632 bytes d7 1 a7 1 SHA1 (patch-configure) = c2b7f1abdc0609091409b5a5d3e3e9fb1e801773 @ 1.1 log @lang/php82: add package version 8.2.0 Add php82, PHP 8.2.0 package with current framework of lang/php. PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. It is modular, and object-oriented. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The language is designed to allow web developers to write dynamically generated pages quickly. PHP 8.2 comes with numerous improvements and new features such as * Readonly classes * Disjunctive Normal Form (DNF) Types * New stand-alone types: null, false, and true * New "Random" extension * Constants in traits * Deprecate dynamic properties * And much much more... @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 BLAKE2s (php-8.2.0.tar.xz) = 9d41cdf07c6523e1b3f5971f7428a9e76023dc57170b4e3012c3b1786fcfd134 SHA512 (php-8.2.0.tar.xz) = 0b201ca1de5210c2b44a6223556720c3409e21db3d8f976894f29ad43eebb8b60334b971aa90bc115ef113e3f06624c80175d04530466b5a02743f2fcd4c9806 Size (php-8.2.0.tar.xz) = 11920436 bytes d7 1 a7 1 SHA1 (patch-configure) = 65091563fe52dfe6c128698564d3aedc49d0bb52 a17 1 SHA1 (patch-sapi_fpm_fpm_events_port.c) = 30ecee10f6d34b7422972e1e275b4f73c7fd964d @ 1.1.2.1 log @Pullup ticket #6718 - requested by taca lang/php82: security fix Revisions pulled up: - lang/php/phpversion.mk 1.385 - lang/php82/distinfo 1.2 - lang/php82/patches/patch-configure 1.2 - lang/php82/patches/patch-sapi_fpm_fpm_events_port.c deleted --- Module Name: pkgsrc Committed By: taca Date: Sat Jan 7 07:42:15 UTC 2023 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php82: distinfo pkgsrc/lang/php82/patches: patch-configure Removed Files: pkgsrc/lang/php82/patches: patch-sapi_fpm_fpm_events_port.c Log Message: lang/php82: update to 8.2.1 PHP 8.2.1 (2023-01-05) - Core: . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined). (cmb) . Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file). (Akama Hitoshi) . Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows). (cmb) . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Vo=F8=ED=B9ek) . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb) . Fixed GH-9769 (Misleading error message for unpacking of objects). (jhdxr) - Apache: . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb) - FPM: . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694). (Petr Sumbera) . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING). (Jakub Zelenka) . Fixed bug #80669 (FPM numeric user fails to set groups). (Jakub Zelenka) . Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said). (Jakub Zelenka) - Imap: . Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is still open). (Girgias) - MBString: . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1). (Nathan Freeman) - Opcache: . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload). (Arnaud, michdingpayc) - OpenSSL: . Fixed bug GH-9997 (OpenSSL engine clean up segfault). (Jakub Zelenka) . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec). (Jakub Zelenka) . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa). (Jakub Zelenka) - Pcntl: . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash). (Erki Aring) - PDO_Firebird: . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird). (cmb) - PDO/SQLite: . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631) (cmb) - Session: . Fixed GH-9932 (session name silently fails with . and [). (David Carlier) - SPL: . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias) . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered). (Girgias) - SQLite3: . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb) - TSRM: . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre) @ text @d3 3 a5 3 BLAKE2s (php-8.2.1.tar.xz) = 64f5f921168105d995cfcd0d18e449a809948792e75b0df82025cb89753573ae SHA512 (php-8.2.1.tar.xz) = 9927ccb9e5581c24d0ef3e408a7a1b32bc99f43ce88e83e4430dbd4faa3a2498b299ad6b3a70696facded139100c85bb7ae66223a72b2c043ccab0d80a2c2826 Size (php-8.2.1.tar.xz) = 12031632 bytes d7 1 a7 1 SHA1 (patch-configure) = c2b7f1abdc0609091409b5a5d3e3e9fb1e801773 d18 1 @