godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-16 16:51:26 +03:00
Code Issues Packages Projects Releases Wiki Activity
47,014 Commits 28 Branches 277 Tags
2019.08
Commit Graph

63 Commits

Author SHA1 Message Date
Bernd Kuhls
0c5acbbcb6 package/php: security bump version to 7.3.9 
Release notes: https://www.php.net/archive/2019.php#2019-08-29-1
Changelog: https://www.php.net/ChangeLog-7.php#7.3.9

Fixes CVE-2019-13224 & CVE-2019-13225:
https://bugs.mageia.org/show_bug.cgi?id=25380

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-08-30 19:42:57 +02:00
Bernd Kuhls
b9833c6f52 package/php: security bump version to 7.3.8 
Release notes: https://www.php.net/ChangeLog-7.php#7.3.8

Fixes CVE-2019-11042 & CVE-2019-11041

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-08-01 22:53:13 +02:00
Bernd Kuhls
7accdcb3a9 package/php: bump version to 7.3.7 
Changelog: https://www.php.net/ChangeLog-7.php#7.3.7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-07-05 08:24:11 +02:00
Bernd Kuhls
8d27812ac1 package/php: security bump version to 7.3.6 
Release notes: https://www.php.net/archive/2019.php#id2019-05-30-1

Fixes
CVE 2019-11038: https://bugs.php.net/bug.php?id=77973
CVE 2019-11039: https://bugs.php.net/bug.php?id=78069
CVE 2019-11040: https://bugs.php.net/bug.php?id=77988

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-05-30 15:01:47 +02:00
Bernd Kuhls
934239eafb package/php: security bump version to 7.3.5 
Release notes: https://www.php.net/archive/2019.php#id2019-05-02-1

Fixes 2019-11036:
* Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-05-05 12:09:32 +02:00
Bernd Kuhls
614c1e2edd package/php: security bump to version 7.3.4 
Changelog: https://www.php.net/ChangeLog-7.php#7.3.4

Fixes these bugs, CVE-ID were not assigned yet:

    Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
    Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-04-07 15:14:06 +02:00
Peter Korsgaard
b821ae3d63 package/php: security bump to version 7.3.3 
php-7.3.3 fixes a number of security issues (no CVE known, bugtracker issues
not yet public): https://secure.php.net/ChangeLog-7.php#7.3.3

Drop 0004-OPcache-flock-mechanism-is-obviously-linux-so-force-.patch as the
flock detection has been removed since commit 9222702633 (Avoid dependency
on "struct flock" fields order.)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2019-03-12 21:33:18 +01:00
Bernd Kuhls
e5e40c94b3 package/php: security bump to version 7.3.2 
Rebased patch 0004.

This bump fixes https://bugs.php.net/bug.php?id=77369,
status of CVE-ID: needed

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-02-10 10:48:51 +01:00
Adam Duskett
6e6b257d54 php: security bump to 7.3.1 
Fixes the following security issue:

- CVE-2018-19935: Allows remote attackers to cause a denial of service
  (NULL pointer dereference and application crash) via an empty string in the
  message argument to the imap_mail function.
https://www.cvedetails.com/cve/CVE-2018-19935/

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-01-19 22:34:19 +01:00
Adam Duskett
cd6c2f41ef package/php: bump version to 7.3.0 
Other changes:

 - Update patches so they cleanly apply.

 - Remove patch 5, as it no longer applies.

 - Remove conf env option ac_cv_func_strcasestr=yes because of the
   above.

 - libzip is no longer bundled with php, because of this, libzip must
   now be selected and depended on if the zip extension is selected.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-12-28 14:04:00 +01:00
Peter Korsgaard
1af5232138 php: security bump to version 7.2.13 
Fixes CVE-2018-19518: University of Washington IMAP Toolkit 2007f on UNIX,
as used in imap_open() in PHP and other products, launches an rsh command
(by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen
function in osdep/unix/tcp_unix.c) without preventing argument injection,
which might allow remote attackers to execute arbitrary OS commands if the
IMAP server name is untrusted input (e.g., entered by a user of a web
application) and if rsh has been replaced by a program with different
argument semantics.  For example, if rsh is a link to ssh (as seen on Debian
and Ubuntu systems), then the attack can use an IMAP server name containing
a "-oProxyCommand" argument.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-12-08 10:55:53 +01:00
Bernd Kuhls
d383a73a8e package/php: bump version to 7.2.12 
Changelog: http://www.php.net/ChangeLog-7.php#7.2.12

Rebased patch 0004 and updated license hash after white space removal:
902d39a3a7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-11-08 22:18:07 +01:00
Bernd Kuhls
8dc3d02bac package/php: bump version to 7.2.11 
Changelog: http://www.php.net/ChangeLog-7.php#7.2.11

Removed patch 0007, applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-10-20 14:17:23 +02:00
Bernd Kuhls
7f3e2d2580 package/php: security bump to version 7.2.10 
Changelog: http://de2.php.net/ChangeLog-7.php#7.2.10

Fixes https://bugs.php.net/bug.php?id=76582, CVE ID pending.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-09-13 20:54:36 +02:00
Bernd Kuhls
addd279d73 package/php: security bump to version 7.2.9 
Version 7.2.8 fixed CVE-2018-12882, CVE-2018-14883 & CVE-2018-14851:
http://www.php.net/ChangeLog-7.php#7.2.8

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-08-18 11:21:48 +02:00
Bernd Kuhls
e14dc96df9 package/php: security bump to version 7.2.5 
Changelog: http://www.php.net/ChangeLog-7.php#7.2.5

This release fixes several security-related bugs for which no CVE id's
are assigned at the time of writing:

https://bugs.php.net/bug.php?id=76129
https://bugs.php.net/bug.php?id=76130
https://bugs.php.net/bug.php?id=76248
https://bugs.php.net/bug.php?id=76249

Removed patch 0007, applied upstream:
2842aa2a07

Re-numbered patch 0009 -> 0007.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-04-28 12:33:19 +02:00
Bernd Kuhls
19e983a954 package/php: security bump to version 7.2.4 
Fixes https://bugs.php.net/bug.php?id=75605, no CVE-ID yet.

Removed patch 0008, applied upstream. Re-numbered patch 0009.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-03-29 18:09:48 +02:00
Bernd Kuhls
ee25f5c998 package/php: security bump to version 7.2.3 
Fixes CVE 2018-7584: https://bugs.php.net/bug.php?id=75981

For details see release notes:
http://www.php.net/archive/2018.php#id2018-03-01-2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-03-02 07:58:29 +01:00
Adam Duskett
9a7eca9baa php: bump version to 7.2.2 
Additional changes:
  - Fix ordering of patches.
  - Update patches to apply cleanly against 7.2.2
  - Updates License sha256sum

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-02-02 21:36:38 +01:00
Adam Duskett
3595613c14 php: bump to 7.2.1 
Also update 0003-configure-disable-the-phar-tool.patch as configure.in is no
longer provided in the tarballs. Instead, configure.ac is patched.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2018-01-30 22:57:29 +01:00
Bernd Kuhls
2c59323b84 package/php: security bump to 7.1.13 
Removed 0008-fix-asm-constraints-in-aarch64-multiply-macro.patch, patch
was applied upstream:
d6d4f2a9b3

Renumbered patch 0009.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2018-01-07 15:05:45 +01:00
Bernd Kuhls
ab01a1279c package/php: bump version to 7.1.12 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-11-25 13:21:30 +01:00
Bernd Kuhls
8c4a432185 package/php: bump version to 7.1.11 
Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-10-28 14:19:32 +02:00
Bernd Kuhls
6429f1a4bc package/php: bump version to 7.1.10 
Changelog: http://www.php.net/ChangeLog-7.php#7.1.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-10-03 14:18:37 +02:00
Bernd Kuhls
cee153b838 package/php: bump version to 7.1.9 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-09-07 21:41:59 +02:00
Peter Korsgaard
91f4c9d412 php: security bump to version 7.1.7 
Fixes the following security issues:

CVE-2017-7890 - Buffer over-read into uninitialized memory.  The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.

CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.

CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.

CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.

CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function.  NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-07-11 21:30:52 +02:00
Bernd Kuhls
0b5d531e6d package/php: bump version to 7.1.6 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-10 23:02:47 +02:00
Vicente Olivert Riera
f9aee682f9 php: bump version to 7.1.5 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-05-15 23:07:48 +02:00
Vicente Olivert Riera
9f6357117b php: bump version to 7.1.4 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-04-18 17:39:20 +02:00
Vicente Olivert Riera
fca8df85c1 php: bump version to 7.1.3 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-03-16 22:11:44 +01:00
Peter Korsgaard
34d19a23ad php: bump to version 7.1.2 
7.1.2 is a bugfix release, fixing a number of issues:

http://www.php.net/ChangeLog-7.php#7.1.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-03-10 17:19:02 +01:00
Vicente Olivert Riera
34be501214 php: bump version to 7.1.1 
0006-Fix-php-fpm.service.in.patch already included:
  bb19125781

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-23 20:43:56 +01:00
Vicente Olivert Riera
e470b3fde7 php: bump version to 7.1.0 (security) 
Fixed CVEs:
 - CVE-2016-9933 (imagefilltoborder stackoverflow on truecolor images)
   http://bugs.php.net/72696
 - CVE-2016-9934 (NULL Pointer Dereference in WDDX Packet
   Deserialization with PDORow)
   http://bugs.php.net/73331

Full ChangeLog:
  http://php.net/ChangeLog-7.php#7.1.0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-10 21:02:52 +01:00
Gustavo Zacarias
2483170d32 php: security bump to version 7.0.14 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-12-09 18:12:37 +01:00
Vicente Olivert Riera
cd59cb6b38 php: bump version to 7.0.13 
Release notes: http://php.net/ChangeLog-7.php#7.0.13

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-11-11 21:29:21 +01:00
Gustavo Zacarias
384e00515b php: security bump to version 7.0.12 
See http://www.php.net/ChangeLog-7.php#7.0.12 since there are no CVEs
out yet.

And drop upstream patch.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-10-14 09:26:35 +02:00
Tatsuyuki Ishi
82cc7ecf9f php: bump to 7.0.11 
Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-09-17 14:05:41 +02:00
Vicente Olivert Riera
ac43e455fe php: bump version to 7.0.9 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-07-21 13:55:57 +02:00
Bernd Kuhls
a342452641 package/php: security bump version to 7.0.8 
Changelog is available here: http://php.net/ChangeLog-7.php#7.0.8

Fixes CVE-2015-8874 http://bugs.php.net/66387
Fixes CVE-2016-5766 http://bugs.php.net/72339
Fixes CVE-2016-5767 http://bugs.php.net/72446
Fixes CVE-2016-5768 http://bugs.php.net/72402
Fixes CVE-2016-5769 http://bugs.php.net/72455
Fixes CVE-2016-5772 http://bugs.php.net/72340
Fixes CVE-2016-5773 http://bugs.php.net/72434

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-26 14:58:07 +02:00
Vicente Olivert Riera
b9a0903cfe php: security bump version to 7.0.7 
Fixes CVE-2013-7456 https://bugs.php.net/bug.php?id=72227
Fixes CVE-2016-5093 https://bugs.php.net/bug.php?id=72241

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-06-01 17:08:48 +02:00
Vicente Olivert Riera
6f6b4dc16b php: bump version to 7.0.6 
Remove MySQL legacy extension.

Remove incompatible external modules:
 - php-gnupg
 - php-memcached
 - php-ssh2
 - php-yaml

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-05-31 21:31:34 +02:00
Gustavo Zacarias
915576a01c php: security bump to version 5.6.21 
Fixes (CVEs not assigned yet):
bug #72094 - Out of bounds heap read access in exif header processing
bug #71912 - libgd: signedness vulnerability
bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset
bug #71843 - null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER
bug #71952 - Corruption inside imageaffinematrixget

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-04-29 08:49:22 +02:00
Gustavo Zacarias
039db88c6b php: security bump to version 5.6.20 
Fixes (no CVEs yet):
Buffer over-write in finfo_open with malformed magic file.
Invalid memory write in phar on filename with \0 in name.
Parsing of tar file with duplicate filenames causes memory leak.
php_snmp_error() Format String Vulnerability.
Integer Overflow in php_raw_url_encode.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-04-02 16:51:22 +02:00
Gustavo Zacarias
e6d744e307 php: bump to version 5.6.19 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-03-04 17:07:47 +01:00
Bernd Kuhls
b420e0b559 package/php: security bump version to 5.6.18 
Changelog: http://www.php.net/ChangeLog-5.php#5.6.18
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-02-05 23:23:07 +01:00
Gustavo Zacarias
2f52641294 php: security bump to version 5.6.17 
Bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of
Bounds).
Bug #70755 (fpm_log.c memory leak and buffer overflow).
Bug #70661 (Use After Free Vulnerability in WDDX Packet
Deserialization).
Bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability).
Bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).

No CVEs assigned yet.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-01-08 18:51:46 +01:00
Bernd Kuhls
f67ffb4375 package/php: bump version to 5.6.16 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2015-11-28 14:32:10 +01:00
Gustavo Zacarias
567a7c3dfa php: bump to version 5.6.15 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-10-31 09:39:01 +01:00
Gustavo Zacarias
48518f428b php: bump to version 5.6.14 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-10-02 21:00:50 +02:00
Bernd Kuhls
59dda508e5 package/php: security bump to version 5.6.13 
Link to release announcement:
http://php.net/archive/2015.php#id2015-09-04-2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2015-09-06 10:48:22 +02:00