buildroot/package/php/php.hash, branch 2018.02

package/php: security bump to version 7.2.3

2018-03-02T06:58:29+00:00

Fixes CVE 2018-7584: https://bugs.php.net/bug.php?id=75981 For details see release notes: http://www.php.net/archive/2018.php#id2018-03-01-2 Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

php: bump version to 7.2.2

2018-02-02T20:36:38+00:00

Additional changes: - Fix ordering of patches. - Update patches to apply cleanly against 7.2.2 - Updates License sha256sum Signed-off-by: Adam Duskett Signed-off-by: Peter Korsgaard

php: bump to 7.2.1

2018-01-30T21:57:29+00:00

Also update 0003-configure-disable-the-phar-tool.patch as configure.in is no longer provided in the tarballs. Instead, configure.ac is patched. Signed-off-by: Adam Duskett Signed-off-by: Thomas Petazzoni

package/php: security bump to 7.1.13

2018-01-07T14:05:45+00:00

Removed 0008-fix-asm-constraints-in-aarch64-multiply-macro.patch, patch was applied upstream: https://github.com/php/php-src/commit/d6d4f2a9b38cd7fa7e938142e49e5a514d612e52 Renumbered patch 0009. Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni

package/php: bump version to 7.1.12

2017-11-25T12:21:30+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni

package/php: bump version to 7.1.11

2017-10-28T12:19:32+00:00

Changelog: http://www.php.net/ChangeLog-7.php#7.1.11 Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

package/php: bump version to 7.1.10

2017-10-03T12:18:37+00:00

Changelog: http://www.php.net/ChangeLog-7.php#7.1.10 Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

package/php: bump version to 7.1.9

2017-09-07T19:41:59+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Peter Korsgaard

php: security bump to version 7.1.7

2017-07-11T19:30:52+00:00

Fixes the following security issues: CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be reached with a call to the imagecreatefromstring() function) uses constant-sized color tables of size 3 * 256, but does not zero-out these arrays before use. CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 - Out-of-bonds access in oniguruma regexp library. CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard

package/php: bump version to 7.1.6

2017-06-10T21:02:47+00:00

Signed-off-by: Bernd Kuhls Signed-off-by: Thomas Petazzoni