godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-15 06:10:19 +03:00
Code Issues Packages Projects Releases Wiki Activity
53,072 Commits 28 Branches 277 Tags
2020.08
Commit Graph

76 Commits

Author SHA1 Message Date
Bernd Kuhls
46ed4ac847 package/php: bump version to 7.4.9 
Changelog of this bugfix release:
https://www.php.net/ChangeLog-7.php#7.4.9

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2020-08-08 23:19:51 +02:00
Bernd Kuhls
a6a500bb99 package/php: bump version to 7.4.8 
Quoting https://www.php.net/
"For windows users running an official build, this release contains a
 patched version of libcurl addressing CVE-2020-8159.

For all other consumers of PHP, this is a bug fix release."

Changelog: https://www.php.net/ChangeLog-7.php#7.4.8

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2020-07-11 15:58:00 +02:00
Bernd Kuhls
759ed10395 package/php: bump version to 7.4.7 
Changelog: https://www.php.net/ChangeLog-7.php#7.4.7

Contrary to the release notification on the mailinglist
https://news-web.php.net/php.announce/287
which declares this release as "security bug fix release" no CVE IDs
could be found on the bugtracker entries mentioned in the Changelog.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2020-06-14 18:30:32 +02:00
Bernd Kuhls
1dd6d52226 package/php: security bump version to 7.4.6 
Changelog: https://www.php.net/ChangeLog-7.php#7.4.6

Fixes CVE 2019-11048.

Reformatted hashes.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2020-05-15 21:25:46 +02:00
Bernd Kuhls
db52b57c3d package/php: security bump version to 7.4.5 
Changelog: https://www.php.net/ChangeLog-7.php#7.4.5

Fixes CVE-2020-7067.

Removed patch applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2020-04-17 22:05:53 +02:00
Bernd Kuhls
51cd6b8641 package/php: security bump version to 7.4.4 
Changelog: https://www.php.net/ChangeLog-7.php#7.4.4

Fixes CVE-2020-7064, CVE-2020-7065 & CVE-2020-7066.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2020-03-20 21:53:34 +01:00
Bernd Kuhls
b467d58063 package/php: security bump version to 7.4.3 
Changelog: https://www.php.net/ChangeLog-7.php#7.4.3

Fixes CVE-2020-7061, CVE-2020-7062 & CVE-2020-7063.

Removed patch applied upstream:
f0f5c415a6

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2020-02-21 09:41:49 +01:00
Fabrice Fontaine
924e923639 package/php: remove trailing whitespace in php.hash 
A trailing whitespace was added by commit
26c16e9d5b

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 2020-02-02 14:58:49 +01:00
Pascal de Bruijn
26c16e9d5b package/php: bump version to 7.4.2 
patch 0005 has been sourced from upstream, and can be dropped when
7.4.3 is released.

The mbstrings module used to use a bundled oniguruma library, but now
uses an external one, hence the new dependency on this package for the
mbstrings module.

The hash of the license file has changed due to this change in the
copyright year:

-Copyright (c) 1999 - 2018 The PHP Group. All rights reserved.
+Copyright (c) 1999 - 2019 The PHP Group. All rights reserved.

Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2020-02-01 23:06:19 +01:00
Bernd Kuhls
fc3916efbc package/php: security bump to version 7.3.14 
Changelog of 7.3.13: https://www.php.net/ChangeLog-7.php#7.3.13

Fixes CVE-2019-11044, CVE-2019-11045, CVE-2019-11046, CVE-2019-11047,
CVE-2019-11049 & CVE-2019-11050

Changelog of 7.3.14: https://www.php.net/ChangeLog-7.php#7.3.14

Fixes CVE-2020-7059 & CVE-2020-7060.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2020-01-24 20:15:49 +01:00
Bernd Kuhls
a7ba9c54b4 package/php: bump version to 7.3.12 
Release notes of this bugfix release:
https://www.php.net/ChangeLog-7.php#7.3.12

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-11-23 11:58:22 +01:00
Bernd Kuhls
335edd0269 package/php: security bump version to 7.3.11 
Changelog: http://www.php.net/ChangeLog-7.php#7.3.11

Fixes CVE-2019-11043: https://bugs.php.net/bug.php?id=78599

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-10-24 23:24:45 +02:00
Bernd Kuhls
7169beb3fc package/php: security bump version to 7.3.10 
Release notes: https://www.php.net/archive/2019.php#2019-09-26-1

No CVE IDs can be found in the bug reports mentioned in the Changelog:
https://www.php.net/ChangeLog-7.php#7.3.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2019-09-27 22:17:21 +02:00
Bernd Kuhls
0c5acbbcb6 package/php: security bump version to 7.3.9 
Release notes: https://www.php.net/archive/2019.php#2019-08-29-1
Changelog: https://www.php.net/ChangeLog-7.php#7.3.9

Fixes CVE-2019-13224 & CVE-2019-13225:
https://bugs.mageia.org/show_bug.cgi?id=25380

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-08-30 19:42:57 +02:00
Bernd Kuhls
b9833c6f52 package/php: security bump version to 7.3.8 
Release notes: https://www.php.net/ChangeLog-7.php#7.3.8

Fixes CVE-2019-11042 & CVE-2019-11041

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-08-01 22:53:13 +02:00
Bernd Kuhls
7accdcb3a9 package/php: bump version to 7.3.7 
Changelog: https://www.php.net/ChangeLog-7.php#7.3.7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-07-05 08:24:11 +02:00
Bernd Kuhls
8d27812ac1 package/php: security bump version to 7.3.6 
Release notes: https://www.php.net/archive/2019.php#id2019-05-30-1

Fixes
CVE 2019-11038: https://bugs.php.net/bug.php?id=77973
CVE 2019-11039: https://bugs.php.net/bug.php?id=78069
CVE 2019-11040: https://bugs.php.net/bug.php?id=77988

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-05-30 15:01:47 +02:00
Bernd Kuhls
934239eafb package/php: security bump version to 7.3.5 
Release notes: https://www.php.net/archive/2019.php#id2019-05-02-1

Fixes 2019-11036:
* Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-05-05 12:09:32 +02:00
Bernd Kuhls
614c1e2edd package/php: security bump to version 7.3.4 
Changelog: https://www.php.net/ChangeLog-7.php#7.3.4

Fixes these bugs, CVE-ID were not assigned yet:

    Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
    Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-04-07 15:14:06 +02:00
Peter Korsgaard
b821ae3d63 package/php: security bump to version 7.3.3 
php-7.3.3 fixes a number of security issues (no CVE known, bugtracker issues
not yet public): https://secure.php.net/ChangeLog-7.php#7.3.3

Drop 0004-OPcache-flock-mechanism-is-obviously-linux-so-force-.patch as the
flock detection has been removed since commit 9222702633 (Avoid dependency
on "struct flock" fields order.)

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2019-03-12 21:33:18 +01:00
Bernd Kuhls
e5e40c94b3 package/php: security bump to version 7.3.2 
Rebased patch 0004.

This bump fixes https://bugs.php.net/bug.php?id=77369,
status of CVE-ID: needed

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-02-10 10:48:51 +01:00
Adam Duskett
6e6b257d54 php: security bump to 7.3.1 
Fixes the following security issue:

- CVE-2018-19935: Allows remote attackers to cause a denial of service
  (NULL pointer dereference and application crash) via an empty string in the
  message argument to the imap_mail function.
https://www.cvedetails.com/cve/CVE-2018-19935/

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2019-01-19 22:34:19 +01:00
Adam Duskett
cd6c2f41ef package/php: bump version to 7.3.0 
Other changes:

 - Update patches so they cleanly apply.

 - Remove patch 5, as it no longer applies.

 - Remove conf env option ac_cv_func_strcasestr=yes because of the
   above.

 - libzip is no longer bundled with php, because of this, libzip must
   now be selected and depended on if the zip extension is selected.

Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-12-28 14:04:00 +01:00
Peter Korsgaard
1af5232138 php: security bump to version 7.2.13 
Fixes CVE-2018-19518: University of Washington IMAP Toolkit 2007f on UNIX,
as used in imap_open() in PHP and other products, launches an rsh command
(by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen
function in osdep/unix/tcp_unix.c) without preventing argument injection,
which might allow remote attackers to execute arbitrary OS commands if the
IMAP server name is untrusted input (e.g., entered by a user of a web
application) and if rsh has been replaced by a program with different
argument semantics.  For example, if rsh is a link to ssh (as seen on Debian
and Ubuntu systems), then the attack can use an IMAP server name containing
a "-oProxyCommand" argument.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-12-08 10:55:53 +01:00
Bernd Kuhls
d383a73a8e package/php: bump version to 7.2.12 
Changelog: http://www.php.net/ChangeLog-7.php#7.2.12

Rebased patch 0004 and updated license hash after white space removal:
902d39a3a7

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-11-08 22:18:07 +01:00
Bernd Kuhls
8dc3d02bac package/php: bump version to 7.2.11 
Changelog: http://www.php.net/ChangeLog-7.php#7.2.11

Removed patch 0007, applied upstream.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-10-20 14:17:23 +02:00
Bernd Kuhls
7f3e2d2580 package/php: security bump to version 7.2.10 
Changelog: http://de2.php.net/ChangeLog-7.php#7.2.10

Fixes https://bugs.php.net/bug.php?id=76582, CVE ID pending.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-09-13 20:54:36 +02:00
Bernd Kuhls
addd279d73 package/php: security bump to version 7.2.9 
Version 7.2.8 fixed CVE-2018-12882, CVE-2018-14883 & CVE-2018-14851:
http://www.php.net/ChangeLog-7.php#7.2.8

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-08-18 11:21:48 +02:00
Bernd Kuhls
e14dc96df9 package/php: security bump to version 7.2.5 
Changelog: http://www.php.net/ChangeLog-7.php#7.2.5

This release fixes several security-related bugs for which no CVE id's
are assigned at the time of writing:

https://bugs.php.net/bug.php?id=76129
https://bugs.php.net/bug.php?id=76130
https://bugs.php.net/bug.php?id=76248
https://bugs.php.net/bug.php?id=76249

Removed patch 0007, applied upstream:
2842aa2a07

Re-numbered patch 0009 -> 0007.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 2018-04-28 12:33:19 +02:00
Bernd Kuhls
19e983a954 package/php: security bump to version 7.2.4 
Fixes https://bugs.php.net/bug.php?id=75605, no CVE-ID yet.

Removed patch 0008, applied upstream. Re-numbered patch 0009.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-03-29 18:09:48 +02:00
Bernd Kuhls
ee25f5c998 package/php: security bump to version 7.2.3 
Fixes CVE 2018-7584: https://bugs.php.net/bug.php?id=75981

For details see release notes:
http://www.php.net/archive/2018.php#id2018-03-01-2

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-03-02 07:58:29 +01:00
Adam Duskett
9a7eca9baa php: bump version to 7.2.2 
Additional changes:
  - Fix ordering of patches.
  - Update patches to apply cleanly against 7.2.2
  - Updates License sha256sum

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2018-02-02 21:36:38 +01:00
Adam Duskett
3595613c14 php: bump to 7.2.1 
Also update 0003-configure-disable-the-phar-tool.patch as configure.in is no
longer provided in the tarballs. Instead, configure.ac is patched.

Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2018-01-30 22:57:29 +01:00
Bernd Kuhls
2c59323b84 package/php: security bump to 7.1.13 
Removed 0008-fix-asm-constraints-in-aarch64-multiply-macro.patch, patch
was applied upstream:
d6d4f2a9b3

Renumbered patch 0009.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2018-01-07 15:05:45 +01:00
Bernd Kuhls
ab01a1279c package/php: bump version to 7.1.12 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-11-25 13:21:30 +01:00
Bernd Kuhls
8c4a432185 package/php: bump version to 7.1.11 
Changelog: http://www.php.net/ChangeLog-7.php#7.1.11
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-10-28 14:19:32 +02:00
Bernd Kuhls
6429f1a4bc package/php: bump version to 7.1.10 
Changelog: http://www.php.net/ChangeLog-7.php#7.1.10

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-10-03 14:18:37 +02:00
Bernd Kuhls
cee153b838 package/php: bump version to 7.1.9 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-09-07 21:41:59 +02:00
Peter Korsgaard
91f4c9d412 php: security bump to version 7.1.7 
Fixes the following security issues:

CVE-2017-7890 - Buffer over-read into uninitialized memory.  The GIF
decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be
reached with a call to the imagecreatefromstring() function) uses
constant-sized color tables of size 3 * 256, but does not zero-out these
arrays before use.

CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 -
Out-of-bonds access in oniguruma regexp library.

CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, the openssl extension PEM sealing code did not check the return value
of the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.

CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before
7.1.7, lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings to leak
information from the interpreter, related to an ext/date/lib/parse_date.c
out-of-bounds read affecting the php_parse_date function.

CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x
through 7.1.7, lack of bounds checks in the date extension's
timelib_meridian parsing code could be used by attackers able to supply date
strings to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date
function.  NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-11145.

While we're at it, add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-07-11 21:30:52 +02:00
Bernd Kuhls
0b5d531e6d package/php: bump version to 7.1.6 
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-06-10 23:02:47 +02:00
Vicente Olivert Riera
f9aee682f9 php: bump version to 7.1.5 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-05-15 23:07:48 +02:00
Vicente Olivert Riera
9f6357117b php: bump version to 7.1.4 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2017-04-18 17:39:20 +02:00
Vicente Olivert Riera
fca8df85c1 php: bump version to 7.1.3 
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-03-16 22:11:44 +01:00
Peter Korsgaard
34d19a23ad php: bump to version 7.1.2 
7.1.2 is a bugfix release, fixing a number of issues:

http://www.php.net/ChangeLog-7.php#7.1.2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-03-10 17:19:02 +01:00
Vicente Olivert Riera
34be501214 php: bump version to 7.1.1 
0006-Fix-php-fpm.service.in.patch already included:
  bb19125781

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-23 20:43:56 +01:00
Vicente Olivert Riera
e470b3fde7 php: bump version to 7.1.0 (security) 
Fixed CVEs:
 - CVE-2016-9933 (imagefilltoborder stackoverflow on truecolor images)
   http://bugs.php.net/72696
 - CVE-2016-9934 (NULL Pointer Dereference in WDDX Packet
   Deserialization with PDORow)
   http://bugs.php.net/73331

Full ChangeLog:
  http://php.net/ChangeLog-7.php#7.1.0

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2017-01-10 21:02:52 +01:00
Gustavo Zacarias
2483170d32 php: security bump to version 7.0.14 
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 2016-12-09 18:12:37 +01:00
Vicente Olivert Riera
cd59cb6b38 php: bump version to 7.0.13 
Release notes: http://php.net/ChangeLog-7.php#7.0.13

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-11-11 21:29:21 +01:00
Gustavo Zacarias
384e00515b php: security bump to version 7.0.12 
See http://www.php.net/ChangeLog-7.php#7.0.12 since there are no CVEs
out yet.

And drop upstream patch.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-10-14 09:26:35 +02:00
Tatsuyuki Ishi
82cc7ecf9f php: bump to 7.0.11 
Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
 2016-09-17 14:05:41 +02:00