buildroot/package/php/php.mk, branch 2016.08 OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.08 2016-07-21T11:55:57+00:00 php: bump version to 7.0.9 2016-07-21T11:55:57+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-07-21T11:23:07+00:00 urn:sha1:ac43e455fe37a872398fc6552d39aed3cd84009e Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> package/php: security bump version to 7.0.8 2016-06-26T12:58:07+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-06-25T22:48:37+00:00 urn:sha1:a342452641bc364634eae0b9b97bb12d2b6d4edd Changelog is available here: http://php.net/ChangeLog-7.php#7.0.8 Fixes CVE-2015-8874 http://bugs.php.net/66387 Fixes CVE-2016-5766 http://bugs.php.net/72339 Fixes CVE-2016-5767 http://bugs.php.net/72446 Fixes CVE-2016-5768 http://bugs.php.net/72402 Fixes CVE-2016-5769 http://bugs.php.net/72455 Fixes CVE-2016-5772 http://bugs.php.net/72340 Fixes CVE-2016-5773 http://bugs.php.net/72434 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> package/php: fix date.timezone 2016-06-12T16:38:39+00:00 Yann E. MORIN yann.morin.1998@free.fr 2016-06-12T10:48:24+00:00 urn:sha1:30e572df3142f7c149befa9f49730c4d8d4479ba In 5f37843a (php.ini: set date.timezone), the configured timezone was used as the default for PHP. However, BR2_TARGET_LOCALTIME is a string, so is quoted, so it is never empty, so the check for emptynessnever matches. Fix that by q-stripping the value before testing it. Note however that we do not q-strip it before storing it in the php.ini file, because it has to be q-stripped in there. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Floris Bos <bos@je-eigen-domein.nl> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> php: security bump version to 7.0.7 2016-06-01T15:08:48+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-06-01T10:21:36+00:00 urn:sha1:b9a0903cfeec867b80bd646903af3f149eeefc4e Fixes CVE-2013-7456 https://bugs.php.net/bug.php?id=72227 Fixes CVE-2016-5093 https://bugs.php.net/bug.php?id=72241 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> php: bump version to 7.0.6 2016-05-31T19:31:34+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-05-23T14:51:32+00:00 urn:sha1:6f6b4dc16b07dcf901fc986b6aa22f67e4280f13 Remove MySQL legacy extension. Remove incompatible external modules: - php-gnupg - php-memcached - php-ssh2 - php-yaml Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> php: security bump to version 5.6.21 2016-04-29T06:49:22+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-29T00:19:56+00:00 urn:sha1:915576a01c9c758788ba42b7fe2b9fe0f6258abb Fixes (CVEs not assigned yet): bug #72094 - Out of bounds heap read access in exif header processing bug #71912 - libgd: signedness vulnerability bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset bug #71843 - null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER bug #71952 - Corruption inside imageaffinematrixget Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> php: security bump to version 5.6.20 2016-04-02T14:51:22+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-04-01T12:02:19+00:00 urn:sha1:039db88c6b500bbc1863e11a1141f12b1842af82 Fixes (no CVEs yet): Buffer over-write in finfo_open with malformed magic file. Invalid memory write in phar on filename with \0 in name. Parsing of tar file with duplicate filenames causes memory leak. php_snmp_error() Format String Vulnerability. Integer Overflow in php_raw_url_encode. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> php: bump to version 5.6.19 2016-03-04T16:07:47+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-03-04T10:47:40+00:00 urn:sha1:e6d744e3071af563a270060c13f3cc2ae7ce3c5f Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> package/php: security bump version to 5.6.18 2016-02-05T22:23:07+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-02-04T21:16:08+00:00 urn:sha1:b420e0b55983d44e7bad854da5ca00907a77f868 Changelog: http://www.php.net/ChangeLog-5.php#5.6.18 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> php: drop useless PHP_VERSION_MAJOR variable 2016-01-29T16:51:09+00:00 Jerzy Grzegorek jerzy.grzegorek@trzebnica.net 2016-01-29T07:52:43+00:00 urn:sha1:f6332ebcce5ab1e7ea212ccb94a9d9c49851fd30 ~/buildroot$ grep -R PHP_VERSION_MAJOR . ./package/php/php.mk:PHP_VERSION_MAJOR = 5.6 ./package/php/php.mk:PHP_VERSION = $(PHP_VERSION_MAJOR).17 Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>