Bernd Kuhls
81addfcabe
package/php: security bump to 7.1.13
...
Removed 0008-fix-asm-constraints-in-aarch64-multiply-macro.patch, patch
was applied upstream:
d6d4f2a9b3bernd.kuhls@t-online.de >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
(cherry picked from commit 2c59323b84peter@korsgaard.com >
2018-01-29 22:33:50 +01:00
Bernd Kuhls
5356c7df69
package/php: bump version to 7.1.12
...
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
(cherry picked from commit ab01a1279cpeter@korsgaard.com >
2018-01-29 22:33:41 +01:00
Bernd Kuhls
de159eb44c
package/php: bump version to 7.1.11
...
Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
(cherry picked from commit 8c4a432185peter@korsgaard.com >
2018-01-29 22:33:32 +01:00
Bernd Kuhls
24f088b0d6
package/php: bump version to 7.1.10
...
Changelog: http://www.php.net/ChangeLog-7.php#7.1.10
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
(cherry picked from commit 6429f1a4bcpeter@korsgaard.com >
2018-01-29 22:33:22 +01:00
Bernd Kuhls
231f5e9a4d
package/php: bump version to 7.1.9
...
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
(cherry picked from commit cee153b838peter@korsgaard.com >
2018-01-29 22:33:18 +01:00
Peter Korsgaard
5519f5dcd5
php: security bump to version 7.1.7
...
Fixes the following security issues:
CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.
CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.
CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.
CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.
CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.
While we're at it, add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
(cherry picked from commit 91f4c9d412peter@korsgaard.com >
2017-07-20 00:11:01 +02:00
Bernd Kuhls
2ee8d1f7d7
package/php: bump version to 7.1.6
...
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
(cherry picked from commit 0b5d531e6dpeter@korsgaard.com >
2017-07-20 00:10:56 +02:00
Vicente Olivert Riera
fa1e277b51
php: bump version to 7.1.5
...
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
(cherry picked from commit f9aee682f9peter@korsgaard.com >
2017-07-20 00:10:50 +02:00
Vicente Olivert Riera
4d041d8e4d
php: bump version to 7.1.4
...
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
(cherry picked from commit 9f6357117bpeter@korsgaard.com >
2017-07-20 00:10:36 +02:00
Vicente Olivert Riera
697945878d
php: bump version to 7.1.3
...
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
(cherry picked from commit fca8df85c1peter@korsgaard.com >
2017-07-20 00:09:57 +02:00
Peter Korsgaard
466ab1420a
php: bump to version 7.1.2
...
7.1.2 is a bugfix release, fixing a number of issues:
http://www.php.net/ChangeLog-7.php#7.1.2
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
(cherry picked from commit 34d19a23adpeter@korsgaard.com >
2017-07-20 00:09:26 +02:00
Vicente Olivert Riera
34be501214
php: bump version to 7.1.1
...
0006-Fix-php-fpm.service.in.patch already included:
bb19125781Vincent.Riera@imgtec.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2017-01-23 20:43:56 +01:00
Vicente Olivert Riera
e470b3fde7
php: bump version to 7.1.0 (security)
...
Fixed CVEs:
- CVE-2016-9933 (imagefilltoborder stackoverflow on truecolor images)
http://bugs.php.net/72696
- CVE-2016-9934 (NULL Pointer Dereference in WDDX Packet
Deserialization with PDORow)
http://bugs.php.net/73331
Full ChangeLog:
http://php.net/ChangeLog-7.php#7.1.0
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2017-01-10 21:02:52 +01:00
Gustavo Zacarias
2483170d32
php: security bump to version 7.0.14
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2016-12-09 18:12:37 +01:00
Vicente Olivert Riera
cd59cb6b38
php: bump version to 7.0.13
...
Release notes: http://php.net/ChangeLog-7.php#7.0.13
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-11-11 21:29:21 +01:00
Gustavo Zacarias
384e00515b
php: security bump to version 7.0.12
...
See http://www.php.net/ChangeLog-7.php#7.0.12 since there are no CVEs
out yet.
And drop upstream patch.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-10-14 09:26:35 +02:00
Tatsuyuki Ishi
82cc7ecf9f
php: bump to 7.0.11
...
Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-09-17 14:05:41 +02:00
Vicente Olivert Riera
ac43e455fe
php: bump version to 7.0.9
...
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-07-21 13:55:57 +02:00
Bernd Kuhls
a342452641
package/php: security bump version to 7.0.8
...
Changelog is available here: http://php.net/ChangeLog-7.php#7.0.8
Fixes CVE-2015-8874 http://bugs.php.net/66387
Fixes CVE-2016-5766 http://bugs.php.net/72339
Fixes CVE-2016-5767 http://bugs.php.net/72446
Fixes CVE-2016-5768 http://bugs.php.net/72402
Fixes CVE-2016-5769 http://bugs.php.net/72455
Fixes CVE-2016-5772 http://bugs.php.net/72340
Fixes CVE-2016-5773 http://bugs.php.net/72434
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-06-26 14:58:07 +02:00
Vicente Olivert Riera
b9a0903cfe
php: security bump version to 7.0.7
...
Fixes CVE-2013-7456 https://bugs.php.net/bug.php?id=72227
Fixes CVE-2016-5093 https://bugs.php.net/bug.php?id=72241
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-06-01 17:08:48 +02:00
Vicente Olivert Riera
6f6b4dc16b
php: bump version to 7.0.6
...
Remove MySQL legacy extension.
Remove incompatible external modules:
- php-gnupg
- php-memcached
- php-ssh2
- php-yaml
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-05-31 21:31:34 +02:00
Gustavo Zacarias
915576a01c
php: security bump to version 5.6.21
...
Fixes (CVEs not assigned yet):
bug #72094 - Out of bounds heap read access in exif header processing
bug #71912 - libgd: signedness vulnerability
bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
bug #71843 - null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER
bug #71952 - Corruption inside imageaffinematrixget
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2016-04-29 08:49:22 +02:00
Gustavo Zacarias
039db88c6b
php: security bump to version 5.6.20
...
Fixes (no CVEs yet):
Buffer over-write in finfo_open with malformed magic file.
Invalid memory write in phar on filename with \0 in name.
Parsing of tar file with duplicate filenames causes memory leak.
php_snmp_error() Format String Vulnerability.
Integer Overflow in php_raw_url_encode.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-04-02 16:51:22 +02:00
Gustavo Zacarias
e6d744e307
php: bump to version 5.6.19
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2016-03-04 17:07:47 +01:00
Bernd Kuhls
b420e0b559
package/php: security bump version to 5.6.18
...
Changelog: http://www.php.net/ChangeLog-5.php#5.6.18
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2016-02-05 23:23:07 +01:00
Gustavo Zacarias
2f52641294
php: security bump to version 5.6.17
...
Bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of
Bounds).
Bug #70755 (fpm_log.c memory leak and buffer overflow).
Bug #70661 (Use After Free Vulnerability in WDDX Packet
Deserialization).
Bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability).
Bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
No CVEs assigned yet.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2016-01-08 18:51:46 +01:00
Bernd Kuhls
f67ffb4375
package/php: bump version to 5.6.16
...
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-11-28 14:32:10 +01:00
Gustavo Zacarias
567a7c3dfa
php: bump to version 5.6.15
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2015-10-31 09:39:01 +01:00
Gustavo Zacarias
48518f428b
php: bump to version 5.6.14
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2015-10-02 21:00:50 +02:00
Bernd Kuhls
59dda508e5
package/php: security bump to version 5.6.13
...
Link to release announcement:
http://php.net/archive/2015.php#id2015-09-04-2
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2015-09-06 10:48:22 +02:00
Bernd Kuhls
5ccc4c9cf5
package/php: security bump to version 5.6.12
...
http://www.php.net/ChangeLog-5.php#5.6.12
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-08-10 15:43:17 +02:00
Gustavo Zacarias
3ddda416ac
php: security bump to version 5.6.11
...
Fixes:
CVE-2015-3152 - mysqlnd is vulnerable to BACKRONYM
And other security bugs with no CVE assigned yet:
Bug #69972 - Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()
Bug # 69970 - Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-07-11 01:00:26 +02:00
Gustavo Zacarias
039bc77719
php: security bump to version 5.6.10
...
Fixes:
CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 (via bundled sqlite
upgrade).
CVE-2015-2325, CVE-2015-2326 (via bundled pcre upgrade).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-06-12 21:28:33 +02:00
Floris Bos
50a34eeb1b
php: bump version to 5.6.9
...
Signed-off-by: Floris Bos <bos@je-eigen-domein.nl >
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2015-05-20 13:13:50 +02:00
Gustavo Zacarias
4e1f7ce9f9
php: security bump to version 5.6.8
...
Fixes:
CVE-2015-1351 - OPCache: Use After Free
CVE-2015-1352 - Postgres: Null pointer dereference
And others with no CVE assigned yet.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-04-17 18:29:33 +02:00
Gustavo Zacarias
a48bc40e2d
php: bump to version 5.6.7
...
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-04-08 21:23:03 +02:00
Gustavo Zacarias
2c88be8ef7
php: security bump to version 5.5.23
...
Fixes:
CVE-2015-0231 - Use After Free Vulnerability in unserialize()
CVE-2015-2305 - heap overflow vulnerability in regcomp.c
CVE-2015-2331 - ZIP Integer Overflow leads to writing past heap boundary
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-03-20 14:02:40 +01:00
Gustavo Zacarias
f08a9db47e
php: security bump to version 5.5.22
...
Fixes:
CVE-2015-0273 - Use after free vulnerability in unserialize() with
DateTimeZone.
CVE-2015-0235 - Mitigation for GHOST: glibc gethostbyname buffer
overflow.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2015-02-19 21:27:31 +01:00
Gustavo Zacarias
626030fb1b
php: security bump to version 5.5.21
...
Fixes:
CVE-2015-0231 - Use After Free Vulnerability in PHP's unserialize()
CVE-2014-9427 - Out of bounds read crashes php-cgi
CVE-2015-0232 - Free called on unitialized pointer
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2015-01-23 16:44:27 +01:00
Gustavo Zacarias
d64599ccb7
php: security bump to version 5.5.20
...
Fixes:
CVE-2014-8142 - Use after free vulnerability in unserialize()
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2014-12-18 22:54:04 +01:00
Gustavo Zacarias
9a5261544f
php: security bump to version 5.5.19
...
Fixes:
CVE-2014-3710 - fileinfo: out-of-bounds read in elf note headers.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2014-11-14 13:17:45 +01:00
Gustavo Zacarias
f8abb0b3d9
php: security bump to version 5.5.18
...
Fixes:
CVE-2014-3669 - Integer overflow in unserialize() (32-bits only)
CVE-2014-3670 - Heap corruption in exif_thumbnail()
CVE-2014-3668 - Global buffer overflow in mkgmtime() function
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Acked-by: Bernd Kuhls <bernd.kuhls@t-online.de >
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com >
2014-10-17 11:23:24 +02:00
Gustavo Zacarias
3b423f3b02
php: bump to version 5.5.17
...
Add hash and switch to xz download for space savings.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar >
Signed-off-by: Peter Korsgaard <peter@korsgaard.com >
2014-09-19 16:18:56 +02:00
