head 1.21; access; symbols pkgsrc-2026Q1:1.21.0.2 pkgsrc-2026Q1-base:1.21 pkgsrc-2025Q4:1.19.0.2 pkgsrc-2025Q4-base:1.19 pkgsrc-2025Q3:1.17.0.2 pkgsrc-2025Q3-base:1.17 pkgsrc-2025Q2:1.16.0.2 pkgsrc-2025Q2-base:1.16 pkgsrc-2025Q1:1.11.0.2 pkgsrc-2025Q1-base:1.11 pkgsrc-2024Q4:1.10.0.2 pkgsrc-2024Q4-base:1.10 pkgsrc-2024Q3:1.5.0.4 pkgsrc-2024Q3-base:1.5 pkgsrc-2024Q2:1.5.0.2 pkgsrc-2024Q2-base:1.5 pkgsrc-2024Q1:1.1.0.4 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.2 pkgsrc-2023Q4-base:1.1; locks; strict; comment @# @; 1.21 date 2026.01.19.15.34.18; author taca; state Exp; branches; next 1.20; commitid gfYgppPAZpIQ71rG; 1.20 date 2026.01.07.08.47.40; author wiz; state Exp; branches; next 1.19; commitid 1wQ3ICD8eebefrpG; 1.19 date 2025.11.23.12.38.01; author taca; state Exp; branches; next 1.18; commitid x3japG2i5KpXYFjG; 1.18 date 2025.10.23.20.38.05; author wiz; state Exp; branches; next 1.17; commitid 1V2hBZn9ypXaCJfG; 1.17 date 2025.07.04.01.25.48; author taca; state Exp; branches; next 1.16; commitid CDRWYu5jgiwiPm1G; 1.16 date 2025.06.11.14.58.27; author taca; state Exp; branches 1.16.2.1; next 1.15; commitid kK3M1Ujj4BWR3uYF; 1.15 date 2025.05.19.15.00.56; author taca; state Exp; branches; next 1.14; commitid HmwHT9omu70FOwVF; 1.14 date 2025.05.17.05.37.25; author taca; state Exp; branches; next 1.13; commitid Rcsevkfr51qkLdVF; 1.13 date 2025.05.14.15.54.26; author jperkin; state Exp; branches; next 1.12; commitid LlyCFvBHXA9ufTUF; 1.12 date 2025.04.17.21.51.22; author wiz; state Exp; branches; next 1.11; commitid xcIXAVA292fk6sRF; 1.11 date 2025.02.08.02.59.57; author taca; state Exp; branches; next 1.10; commitid vaOX9SFIWw9C2CIF; 1.10 date 2024.11.25.14.36.20; author taca; state Exp; branches; next 1.9; commitid JLG9VAGy3h2Zi2zF; 1.9 date 2024.11.14.22.20.30; author wiz; state Exp; branches; next 1.8; commitid JmuDYqwL4erbdFxF; 1.8 date 2024.11.10.22.09.50; author prlw1; state Exp; branches; next 1.7; commitid inKInzK1sZOci9xF; 1.7 date 2024.11.01.12.53.15; author wiz; state Exp; branches; next 1.6; commitid QB4Wk02mZPuBuWvF; 1.6 date 2024.11.01.00.52.29; author wiz; state Exp; branches; next 1.5; commitid QT27BdVP362gvSvF; 1.5 date 2024.06.11.13.14.01; author jperkin; state Exp; branches; next 1.4; commitid NQg4ClIih0ujczdF; 1.4 date 2024.06.07.23.11.41; author taca; state Exp; branches; next 1.3; commitid 12UZ2LJBFF7kE6dF; 1.3 date 2024.06.07.13.57.24; author taca; state Exp; branches; next 1.2; commitid 4KypLSC2AH9oA3dF; 1.2 date 2024.05.29.16.33.16; author adam; state Exp; branches; next 1.1; commitid n8aFyEjEVZA0JUbF; 1.1 date 2023.11.30.16.14.50; author taca; state Exp; branches 1.1.4.1; next ; commitid FkhWCZvld5a3sEOE; 1.16.2.1 date 2025.07.04.14.43.38; author maya; state Exp; branches; next ; commitid xqfx5Lh4zUt5fr1G; 1.1.4.1 date 2024.06.13.14.34.05; author bsiegert; state Exp; branches; next 1.1.4.2; commitid uN3gby1sA4T3BPdF; 1.1.4.2 date 2024.06.24.18.13.13; author bsiegert; state Exp; branches; next ; commitid ApZuYMDFC4dksgfF; desc @@ 1.21 log @lang/php83: update to 8.3.30 8.3.30 (2026-01-15) - Core: . Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument). (ilutov) . Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()). (ndossche) . Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov) . Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation). (ndossche) - Bz2: . Fixed bug GH-20620 (bzcompress overflow on large source size). (David Carlier) - DOM: . Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects). (ndossche) - GD: . Fixed bug GH-20622 (imagestring/imagestringup overflow). (David Carlier) - Intl: . Fix leak in umsg_format_helper(). (ndossche) - LDAP: . Fix memory leak in ldap_set_options(). (ndossche) - Mbstring: . Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator). (Yuya Hamada) - Phar: . Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails). (ndossche) . Fix SplFileInfo::openFile() in write mode. (ndossche) . Fix build on legacy OpenSSL 1.1.0 systems. (Giovanni Giacobbi) - POSIX: . Fixed crash on posix groups to php array creation on macos. (David Carlier) - SPL: . Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()). (David Carlier) - Sqlite3: . Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned). (ndossche, plusminmax) - Standard: . Fix error check for proc_open() command. (ndossche) . Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed). (ndossche) - Zlib: . Fix OOB gzseek() causing assertion failure. (ndossche) @ text @# $NetBSD: Makefile,v 1.20 2026/01/07 08:47:40 wiz Exp $ # # We can't omit PKGNAME here to handle PKG_OPTIONS. # PKGNAME= ${PHP_PKG_PREFIX}-${PHP_VERSION} CATEGORIES= lang COMMENT= PHP Hypertext Preprocessor version 8.3 LICENSE= php TEST_TARGET= test USE_TOOLS+= autoconf gmake lex LIBTOOL_OVERRIDE= # empty PHP_VERSIONS_ACCEPTED= 83 CONFLICTS+= php-[0-9]* SUPERSEDES+= php>=8.3<8.4 .include "Makefile.php" CGIDIR= ${PREFIX}/libexec/cgi-bin MESSAGE_SUBST+= CGIDIR=${CGIDIR} PHP_VER=${PHP_VER} CONFIGURE_ENV+= lt_cv_path_SED=${SED:Q} MAKE_ENV+= INSTALL_ROOT=${DESTDIR} CONF_FILES= ${PHP_EGDIR}/php.ini-production ${PKG_SYSCONFDIR}/php.ini PLIST_SUBST+= PHPEXTDIR="${PHP_EXTENSION_DIR}" # taken from devel/pkgconf/Makefile PKGCONFIG_PATHS= ${PREFIX}/lib/pkgconfig PKGCONFIG_PATHS+= ${PREFIX}/share/pkgconfig PKGCONFIG_PATHS+= /usr/lib/pkgconfig # At this point, PREFIX is not set yet. .if ${LOCALBASE} != ${X11BASE} PKGCONFIG_PATHS+= ${X11BASE}/lib/pkgconfig .endif PHP_PKGCONFIG_PATH= ${PKGCONFIG_PATHS:ts:} REPLACE_PHP= ext/phar/phar/phar.php run-tests.php INSTALLATION_DIRS+= ${CGIDIR} ${PHP_EXTENSION_DIR} ${PHP_EGDIR} \ ${PHP_SHAREDIR} # Make sure modules can link correctly .if ${OPSYS} == "Darwin" INSTALL_UNSTRIPPED= yes .endif # Darwin < 9 (Mac OS X < 10.5 "Leopard") doesn't have gethostuuid(2) # and lacks the zone memory allocator .if !empty(MACHINE_PLATFORM:MDarwin-[0-8].*-*) CFLAGS+= -DSQLITE_ENABLE_LOCKING_STYLE=0 -DSQLITE_WITHOUT_ZONEMALLOC .endif pre-configure: cd ${WRKSRC} && ${PKGSRC_SETENV} ${CONFIGURE_ENV} autoconf -f post-install: cd ${WRKSRC}; ${INSTALL_DATA} php.ini-development php.ini-production \ ${DESTDIR}${PREFIX}/${PHP_EGDIR} .include "../../lang/php/phpversion.mk" .include "../../mk/bsd.pkg.mk" @ 1.20 log @*: recursive bump for icu 78.1 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.19 2025/11/23 12:38:01 taca Exp $ a6 1 PKGREVISION= 1 @ 1.19 log @PHP 8.3.28 (2025-11-20) - Core: . Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes uouv). (ilutov) . Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on reference). (nielsdos) . Fixed bug GH-19844 (Don't bail when closing resources on shutdown). (ilutov) . Fixed bug GH-20177 (Accessing overridden private property in get_object_vars() triggers assertion error). (ilutov) . Fixed bug GH-20183 (Stale EG(opline_before_exception) pointer through eval). (ilutov) - DOM: . Partially fixed bug GH-16317 (DOM classes do not allow __debugInfo() overrides to work). (nielsdos) - Exif: . Fix possible memory leak when tag is empty. (nielsdos) - FPM: . Fixed bug GH-19974 (fpm_status_export_to_zval segfault for parallel execution). (Jakub Zelenka, txuna) - FTP: . Fixed bug GH-20240 (FTP with SSL: ftp_fput(): Connection timed out on successful writes). (nielsdos) - GD: . Fixed bug GH-20070 (Return type violation in imagefilter when an invalid filter is provided). (Girgias) - Intl: . Fix memory leak on error in locale_filter_matches(). (nielsdos) - LibXML: . Fix not thread safe schema/relaxng calls. (SpencerMalone, nielsdos) - MySQLnd: . Fixed bug GH-8978 (SSL certificate verification fails (port doubled)). (nielsdos) . Fixed bug GH-20122 (getColumnMeta() for JSON-column in MySQL). (nielsdos) - Opcache: . Fixed bug GH-20081 (access to uninitialized vars in preload_load()). (Arnaud) . Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15). (Arnaud, Shivam Mathur) - PgSql: . Fix memory leak when first string conversion fails. (nielsdos) . Fix segfaults when attempting to fetch row into a non-instantiable class name. (Girgias, nielsdos) - Phar: . Fix memory leak of argument in webPhar. (nielsdos) . Fix memory leak when setAlias() fails. (nielsdos) . Fix a bunch of memory leaks in phar_parse_zipfile() error handling. (nielsdos) . Fix file descriptor/memory leak when opening central fp fails. (nielsdos) . Fix memleak+UAF when opening temp stream in buildFromDirectory() fails. (nielsdos) . Fix potential buffer length truncation due to usage of type int instead of type size_t. (Girgias) . Fix memory leak when openssl polyfill returns garbage. (nielsdos) . Fix file descriptor leak in phar_zip_flush() on failure. (nielsdos) . Fix memory leak when opening temp file fails while trying to open gzip-compressed archive. (nielsdos) . Fixed bug GH-20302 (Freeing a phar alias may invalidate PharFileInfo objects). (nielsdos) - Random: . Fix Randomizer::__serialize() w.r.t. INDIRECTs. (nielsdos) - SimpleXML: . Partially fixed bug GH-16317 (SimpleXML does not allow __debugInfo() overrides to work). (nielsdos) - Standard: . Fix shm corruption with coercion in options of unserialize(). (nielsdos) - Streams: . Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream modules): Incorrect condition for Win32/Win64. (Jakub Zelenka) - Tidy: . Fixed GH-19021 (improved tidyOptGetCategory detection). (arjendekorte, David Carlier, Peter Kokot) . Fix UAF in tidy when tidySetErrorBuffer() fails. (nielsdos) - XMLReader: . Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not available. (nielsdos) - Windows: . Fix GH-19722 (_get_osfhandle asserts in debug mode when given a socket). (dktapps) - Zip: . Fix memory leak when passing enc_method/enc_password is passed as option for ZipArchive::addGlob()/addPattern() and with consecutive calls. (David Carlier) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2025/10/23 20:38:05 wiz Exp $ d7 1 @ 1.18 log @*: recursive bump for pcre2 Running an old binary against the new pcre doesn't work: /usr/pkg/lib/libpcre2-8.so.0: version PCRE2_10.47 required by /usr/pkg/lib/libglib-2.0.so.0 not defined @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2025/07/04 01:25:48 taca Exp $ a6 1 PKGREVISION= 1 @ 1.17 log @lang/php83: update to 8.3.23 PHP 8.3.23 (2025-07-03) - Core: . Fixed GH-18695 (zend_ast_export() - float number is not preserved). (Oleg Efimov) . Do not delete main chunk in zend_gc. (danog, Arnaud) . Fix compile issues with zend_alloc and some non-default options. (nielsdos) - Curl: . Fix memory leak when setting a list via curl_setopt fails. (nielsdos) . Fix incorrect OpenSSL version detection. (Peter Kokot) - Date: . Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos) - FPM: . Fixed GH-18662 (fpm_get_status segfault). (txuna) - Hash: . Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos) - Intl: . Fix memory leak in intl_datetime_decompose() on failure. (nielsdos) . Fix memory leak in locale lookup on failure. (nielsdos) - ODBC: . Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos) - Opcache: . Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22). (nielsdos, Arnaud) - OpenSSL: . Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. (nielsdos) . Fixed bug #74796 (Requests through http proxy set peer name). (Jakub Zelenka) - PGSQL: . Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka) - Phar: . Add missing filter cleanups on phar failure. (nielsdos) . Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos) - PHPDBG: . Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos) - PDO ODBC: . Fix memory leak if WideCharToMultiByte() fails. (nielsdos) - PGSQL: . Fix warning not being emitted when failure to cancel a query with pg_cancel_query(). (Girgias) - Random: . Fix reference type confusion and leak in user random engine. (nielsdos, timwolla) - Readline: . Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos) - SOAP: . Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos) . Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos) - Standard: . Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka) - Tidy: . Fix memory leak in tidy output handler on error. (nielsdos) . Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2025/06/11 14:58:27 taca Exp $ d7 1 @ 1.16 log @lang/php{74,81,82,83,84}: correct include_path Correct default include_path in configuration files. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2025/05/19 15:00:56 taca Exp $ a6 1 PKGREVISION= 1 @ 1.16.2.1 log @Pullup ticket #6978 - requested by taca lang/php83: Security fix Revisions pulled up: - lang/php/phpversion.mk 1.470 - lang/php83/Makefile 1.17 - lang/php83/distinfo 1.26 --- Module Name: pkgsrc Committed By: taca Date: Fri Jul 4 01:25:48 UTC 2025 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php83: Makefile distinfo Log Message: lang/php83: update to 8.3.23 PHP 8.3.23 (2025-07-03) - Core: . Fixed GH-18695 (zend_ast_export() - float number is not preserved). (Oleg Efimov) . Do not delete main chunk in zend_gc. (danog, Arnaud) . Fix compile issues with zend_alloc and some non-default options. (nielsdos) - Curl: . Fix memory leak when setting a list via curl_setopt fails. (nielsdos) . Fix incorrect OpenSSL version detection. (Peter Kokot) - Date: . Fix leaks with multiple calls to DatePeriod iterator current(). (nielsdos) - FPM: . Fixed GH-18662 (fpm_get_status segfault). (txuna) - Hash: . Fixed bug GH-14551 (PGO build fails with xxhash). (nielsdos) - Intl: . Fix memory leak in intl_datetime_decompose() on failure. (nielsdos) . Fix memory leak in locale lookup on failure. (nielsdos) - ODBC: . Fix memory leak on php_odbc_fetch_hash() failure. (nielsdos) - Opcache: . Fixed bug GH-18743 (Incompatibility in Inline TLS Assembly on Alpine 3.22). (nielsdos, Arnaud) - OpenSSL: . Fix memory leak of X509_STORE in php_openssl_setup_verify() on failure. (nielsdos) . Fixed bug #74796 (Requests through http proxy set peer name). (Jakub Zelenka) - PGSQL: . Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735) (Jakub Zelenka) - Phar: . Add missing filter cleanups on phar failure. (nielsdos) . Fixed bug GH-18642 (Signed integer overflow in ext/phar fseek). (nielsdos) - PHPDBG: . Fix 'phpdbg --help' segfault on shutdown with USE_ZEND_ALLOC=0. (nielsdos) - PDO ODBC: . Fix memory leak if WideCharToMultiByte() fails. (nielsdos) - PGSQL: . Fix warning not being emitted when failure to cancel a query with pg_cancel_query(). (Girgias) - Random: . Fix reference type confusion and leak in user random engine. (nielsdos, timwolla) - Readline: . Fix memory leak when calloc() fails in php_readline_completion_cb(). (nielsdos) - SOAP: . Fix memory leaks in php_http.c when call_user_function() fails. (nielsdos) . Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491) (Lekssays, nielsdos) - Standard: . Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220) (Jakub Zelenka) - Tidy: . Fix memory leak in tidy output handler on error. (nielsdos) . Fix tidyOptIsReadonly deprecation, using tidyOptGetCategory. (David Carlier) @ text @d1 1 a1 1 # $NetBSD$ d7 1 @ 1.15 log @lang/php83: update to 8.3.21 PHP 8.3.21 (2025-05-08) Core: * Fixed bug GH-18304 (Changing the properties of a DateInterval through dynamic properties triggers a SegFault). * Fix some leaks in php_scandir. Filter: * Fixed bug GH-18309 (ipv6 filter integer overflow). GD: * Fixed imagecrop() overflow with rect argument with x/width y/heigh usage in gdImageCrop(). * Fixed GH-18243 imagettftext() overflow/underflow on font size value. Intl: * Fix reference support for intltz_get_offset(). LDAP: * Fixed bug GH-17776 (LDAP_OPT_X_TLS_* options can't be overridden). * Fix NULL deref on high modification key. libxml: * Fixed custom external entity loader returning an invalid resource leading to a confusing TypeError message. OpenSSL: * Fix memory leak in openssl_sign() when passing invalid algorithm. * Fix potential leaks when writing to BIO fails. PDO Firebird: * Fixed GH-18276 - persistent connection - "zend_mm_heap corrupted" with setAttribute() (SakiTakamachi). SPL: * Fixed bug GH-18322 (SplObjectStorage debug handler mismanages memory). Standard: * Fixed bug GH-18145 (php8ts crashes in php_clear_stat_cache()). * Fixed bug GH-18209 (Use-after-free in extract() with EXTR_REFS). * Fixed bug GH-18212 (fseek with SEEK_CUR whence value and negative offset leads to negative stream position). * Fix resource leak in iptcembed() on error. Zip: * Fix uouv when handling empty options in ZipArchive::addGlob(). * Fix memory leak when handling a too long path in ZipArchive::addGlob(). @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2025/05/17 05:37:25 taca Exp $ d7 1 @ 1.14 log @lang/php{56,74,81,82,83}: explictly specify libdir and datadir Explictly specify libdir and datadir to set PHP_LIBDIR and PHP_DATADIR correctly. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2025/05/14 15:54:26 jperkin Exp $ a6 1 PKGREVISION= 3 @ 1.13 log @php*: Improve SUPERSEDES matches. By using a generic catch-all of php-[0-9]* it was impossible for tools to correctly determine what package should be the successor when there are multiple to choose from. Matching against exact versions will mean that improved SUPERSEDES handling in the next version of pkgin should hopefully be able to support upgrades Past the php renovation. At least with a hand-modified pkgin.db and a test pkgin binary it correctly detects the php-8.2.26 => php82-8.2.28nb1 rename. Bump PKGREVISION for each. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2025/04/17 21:51:22 wiz Exp $ d7 1 a7 1 PKGREVISION= 2 @ 1.12 log @*: recursive bump for icu 77 and libxml2 2.14 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2025/02/08 02:59:57 taca Exp $ d7 1 a7 1 PKGREVISION= 1 d21 1 a21 1 SUPERSEDES+= php-[0-9]* @ 1.11 log @lang/php83: multiple PHP support @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2024/11/25 14:36:20 taca Exp $ d7 1 @ 1.10 log @lang/php82: update to 8.2.26 PHP 8.3.14 (2024-11-21) - CLI: . Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang). (ilutov) . Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos) - COM: . Fixed out of bound writes to SafeArray data. (cmb) - Core: . Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15). (nielsdos) . Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud) . Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline). (ilutov) . Fixed bug GH-16509 (Incorrect line number in function redeclaration error). (ilutov) . Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes). (ilutov) . Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov) - Curl: . Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails). (timwolla) - Date: . Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset). (cmb) . Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb) - DBA: . Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb) - DOM: . Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). (nielsdos) . Add missing hierarchy checks to replaceChild. (nielsdos) . Fixed bug GH-16336 (Attribute intern document mismanagement). (nielsdos) . Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). (nielsdos) . Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos) . Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element). (nielsdos) . Fixed bug GH-16535 (UAF when using document as a child). (nielsdos) . Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos) . Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos) - EXIF: . Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file). (nielsdos, cmb) - FFI: . Fixed bug GH-16397 (Segmentation fault when comparing FFI object). (nielsdos) - Filter: . Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb) - FPM: . Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement). (nielsdos) - GD: . Fixed bug GH-16334 (imageaffine overflow on matrix elements). (David Carlier) . Fixed bug GH-16427 (Unchecked libavif return values). (cmb) . Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007). (nielsdos) - GMP: . Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier). . Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb) . Fixed bug GH-16501 (gmp_random_bits() can cause overflow). (David Carlier) . Fixed gmp_pow() overflow bug with large base/exponents. (David Carlier) . Fixed segfaults and other issues related to operator overloading with GMP objects. (Girgias) - LDAP: . Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932) (nielsdos) - MBstring: . Fixed bug GH-16361 (mb_substr overflow on start/length arguments). (David Carlier) - MySQLnd: . Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka) - Opcache: . Fixed bug GH-16408 (Array to string conversion warning emitted in optimizer). (ilutov) - OpenSSL: . Fixed bug GH-16357 (openssl may modify member types of certificate arrays). (cmb) . Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow). (cmb) . Fix various memory leaks on error conditions in openssl_x509_parse(). (nielsdos) - PDO DBLIB: . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) (nielsdos) - PDO Firebird: . Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) (nielsdos) - PDO ODBC: . Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb) - Phar: . Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos) - PHPDBG: . Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb) - Reflection: . Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos) - Session: . Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params). (nielsdos) . Fixed bug GH-16290 (overflow on cookie_lifetime ini value). (David Carlier) - SOAP: . Fixed bug GH-16318 (Recursive array segfaults soap encoding). (nielsdos) . Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient). (nielsdos) - Sockets: . Fixed bug with overflow socket_recvfrom $length argument. (David Carlier) - SPL: . Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos) . Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()). (ilutov) . Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov) . Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov) . Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos) . Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor). (Girgias) . Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos) . Fixed bug GH-14687 (segfault on SplObjectIterator instance). (David Carlier) . Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos) . Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()). (ilutov) - Standard: . Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled). (ilutov) - Streams: . Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka) . Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos) - SysVMsg: . Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized). (David Carlier / cmb) - SysVShm: . Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb) - XMLReader: . Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c). (nielsdos) - Zlib: . Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2024/11/14 22:20:30 wiz Exp $ d6 2 a7 1 PKGNAME= php-${PHP_VERSION:S/RC/rc/} a15 1 PHP_CHECK_INSTALLED= No d17 4 a20 1 PHP_VERSIONS_ACCEPTED= 83 d25 1 a25 2 EGDIR= ${PREFIX}/share/examples/php MESSAGE_SUBST+= CGIDIR=${CGIDIR} d30 1 a30 1 CONF_FILES= ${EGDIR}/php.ini-production ${PKG_SYSCONFDIR}/php.ini d47 2 a48 1 INSTALLATION_DIRS+= ${CGIDIR} ${PHP_EXTENSION_DIR} ${EGDIR} share/php d66 1 a66 1 ${DESTDIR}${EGDIR} d68 1 a68 1 .include "../../lang/php/replace.mk" @ 1.9 log @*: recursive bump for icu 76 shlib major version bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2024/11/10 22:09:50 prlw1 Exp $ a6 1 PKGREVISION= 4 @ 1.8 log @php83 Backport of https://github.com/php/php-src/commit/2d6bd1644d104fe934a5117d232d3f50ffe9ff28 to fix Cannot load lib/httpd/mod_php8.so into server: /usr/pkg/lib/httpd/mod_php8.so: No space available for static Thread Local Storage PR pkg/56717 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2024/11/01 12:53:15 wiz Exp $ d7 1 a7 1 PKGREVISION= 3 @ 1.7 log @*: revbump for icu downgrade @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2024/11/01 00:52:29 wiz Exp $ d7 1 a7 1 PKGREVISION= 2 @ 1.6 log @*: recursive bump for icu 76.1 shlib bump @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2024/06/11 13:14:01 jperkin Exp $ d7 1 a7 1 PKGREVISION= 1 @ 1.5 log @php8*: Run autoconf under CONFIGURE_ENV. Without this, depending on the user's LANG, the configure stage can break due to the --disable-pdo option being parsed after the checks for individual PDO modules, which then fail. Something in the maze of m4 includes is dependent on the locale for correct ordering when generating configure. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2024/06/07 23:11:41 taca Exp $ d7 1 @ 1.4 log @Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2024/06/07 13:57:24 taca Exp $ d59 1 a59 1 cd ${WRKSRC} && autoconf -f @ 1.3 log @lang/php83: update to 8.3.8 pkgsrc change: Instead of patch configure, patch m4 files and use autoconf to generate configure. PHP 8.3.8 (2024-06-06) - CGI: . Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - CLI: . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). (nielsdos) - Core: . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). (ilutov) - DOM: . Fix crashes when entity declaration is removed while still having entity references. (nielsdos) . Fix references not handled correctly in C14N. (nielsdos) . Fix crash when calling childNodes next() when iterator is exhausted. (nielsdos) . Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - FPM: . Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). (Benjamin Cremer) - Hash: . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) - Intl: . Fixed build regression on systems without C++17 compilers. (Calvin Buckley, Peter Kokot) - MySQLnd: . Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). (Kamil Tekiela) - Opcache: . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). (ilutov) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) - XML: . Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). (nielsdos) - XMLReader: . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos) @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2024/05/29 16:33:16 adam Exp $ a44 10 SUBST_CLASSES+= path SUBST_MESSAGE.path= Fixing common paths. SUBST_STAGE.path= pre-configure SUBST_FILES.path= build/php.m4 SUBST_FILES.path+= php.ini-development php.ini-production SUBST_FILES.path+= sapi/cgi/Makefile.frag SUBST_VARS.path= CGIDIR SUBST_VARS.path+= PREFIX SUBST_VARS.path+= TOOLS_PATH.pkg-config PHP_PKGCONFIG_PATH @ 1.2 log @revbump after icu and protobuf updates @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2023/11/30 16:14:50 taca Exp $ a6 1 PKGREVISION= 1 d13 1 a13 1 USE_TOOLS+= gmake lex d48 1 a48 1 SUBST_FILES.path= configure d68 3 @ 1.1 log @lang/php83: add version 8.3.0 PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. It is modular, and object-oriented. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The language is designed to allow web developers to write dynamically generated pages quickly. PHP 8.3 comes with numerous improvements and new features such as * Typed Class Constants * Fetch class constant dynamically syntax * Readonly Amendments * Override Attribute * New Randomizer method Random\Randomizer::getBytesFromString * New function json_validate * And much much more... @ text @d1 1 a1 1 # $NetBSD$ d7 1 @ 1.1.4.1 log @Pullup ticket #6866 - requested by taca lang/php83: security fix Revisions pulled up: - lang/php/phpversion.mk 1.434 - lang/php83/Makefile 1.3 - lang/php83/distinfo 1.8 - lang/php83/patches/patch-build_php.m4 1.1 - lang/php83/patches/patch-configure deleted - lang/php83/patches/patch-sapi_apache2handler_config.m4 1.1 --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 13:57:24 UTC 2024 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php83: Makefile distinfo Added Files: pkgsrc/lang/php83/patches: patch-build_php.m4 patch-sapi_apache2handler_config.m4 Removed Files: pkgsrc/lang/php83/patches: patch-configure Log Message: lang/php83: update to 8.3.8 pkgsrc change: Instead of patch configure, patch m4 files and use autoconf to generate configure. PHP 8.3.8 (2024-06-06) - CGI: . Fixed buffer limit on Windows, replacing read call usage by _read. (David Carlier) . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) (nielsdos) - CLI: . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles quoted heredoc literals.). (nielsdos) - Core: . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for non-compile-time expressions). (ilutov) - DOM: . Fix crashes when entity declaration is removed while still having entity references. (nielsdos) . Fix references not handled correctly in C14N. (nielsdos) . Fix crash when calling childNodes next() when iterator is exhausted. (nielsdos) . Fix crash in ParentNode::append() when dealing with a fragment containing text nodes. (nielsdos) - Filter: . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) (nielsdos) - FPM: . Fix bug GH-14175 (Show decimal number instead of scientific notation in systemd status). (Benjamin Cremer) - Hash: . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__` (Saki Takamachi) - Intl: . Fixed build regression on systems without C++17 compilers. (Calvin Buckley, Peter Kokot) - MySQLnd: . Fix bug GH-14255 (mysqli_fetch_assoc reports error from nested query). (Kamil Tekiela) - Opcache: . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in shm). (ilutov) - OpenSSL: . The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. (CVE-2024-2408) - Standard: . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) (nielsdos) - XML: . Fixed bug GH-14124 (Segmentation fault with XML extension under certain memory limit). (nielsdos) - XMLReader: . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos) --- Module Name: pkgsrc Committed By: taca Date: Fri Jun 7 23:11:41 UTC 2024 Modified Files: pkgsrc/lang/php81: Makefile Makefile.php pkgsrc/lang/php82: Makefile Makefile.php pkgsrc/lang/php83: Makefile Makefile.php pkgsrc/www/ap-php: Makefile pkgsrc/www/php-fpm: Makefile Log Message: Fix build problem of www/ap-php and www/php-fpm. Switch these packages to use autoconf, too. @ text @d13 1 a13 1 USE_TOOLS+= autoconf gmake lex d48 1 a48 1 SUBST_FILES.path= build/php.m4 a67 3 pre-configure: cd ${WRKSRC} && autoconf -f @ 1.1.4.2 log @Pullup ticket #6868 - requested by taca lang/php81, lang/php82, lang/php83: bugfix Revisions pulled up: - lang/php81/Makefile 1.24 - lang/php82/Makefile 1.11 - lang/php83/Makefile 1.5 --- Module Name: pkgsrc Committed By: jperkin Date: Tue Jun 11 13:14:01 UTC 2024 Modified Files: pkgsrc/lang/php81: Makefile pkgsrc/lang/php82: Makefile pkgsrc/lang/php83: Makefile Log Message: php8*: Run autoconf under CONFIGURE_ENV. Without this, depending on the user's LANG, the configure stage can break due to the --disable-pdo option being parsed after the checks for individual PDO modules, which then fail. Something in the maze of m4 includes is dependent on the locale for correct ordering when generating configure. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.4.1 2024/06/13 14:34:05 bsiegert Exp $ d69 1 a69 1 cd ${WRKSRC} && ${PKGSRC_SETENV} ${CONFIGURE_ENV} autoconf -f @