OpenPOWER buildroot sources https://git.raptorcs.com/git/buildroot/atom?h=2016.11.2 2017-01-12T08:11:26+00:00 2017-01-12T08:11:26+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2017-01-09T17:13:34+00:00 urn:sha1:7f4c1ac310db1f5681501cec79bf76dea47f0b41 Fixed CVEs: - CVE-2016-9933 (imagefilltoborder stackoverflow on truecolor images) http://bugs.php.net/72696 - CVE-2016-9934 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow) http://bugs.php.net/73331 Full ChangeLog: http://php.net/ChangeLog-7.php#7.1.0 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit e470b3fde7fe7e69fc5ec57fe8a5c8a4cd66c8cc) 2016-12-19T22:00:23+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-12-09T12:47:30+00:00 urn:sha1:0757d8db1cd979fe6653870beec9733ff1653eef Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 2483170d3258ee3e805ead6f0ebafe9fc6765c19) 2016-10-24T12:46:43+00:00 Fabrice Fontaine fontaine.fabrice@gmail.com 2016-09-12T21:31:07+00:00 urn:sha1:c457213fbca5f3493544c8a4335b623620458b0c Following suggestion of Yann Morin, rework selection of php interfaces: use booleans instead of choice to be able to select multiple interfaces as they are not exclusive. We make sure at least one of the options is selected. It should be noted that previously CGI and FPM could not be selected at the same time. This is now possible. Bug that prevented compilation of CGI and FPM binaries at the same time has been fixed since PHP 5.4 (https://github.com/php-build/php-build/issues/101). Legacy handling is added for the two options that are removed, and the appropriate new options are selected. Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-10-14T07:26:35+00:00 Gustavo Zacarias gustavo@zacarias.com.ar 2016-10-13T22:39:26+00:00 urn:sha1:384e00515ba9b9d133998c3943889fb31ce59c4e See http://www.php.net/ChangeLog-7.php#7.0.12 since there are no CVEs out yet. And drop upstream patch. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-18T17:36:04+00:00 Floris Bos bos@je-eigen-domein.nl 2016-09-13T22:03:51+00:00 urn:sha1:411cb66acdca6bf74db52e652788f61c6d978c01 Set the PHP default MySQL socket path to match what the mysql package is using. Signed-off-by: Floris Bos <bos@je-eigen-domein.nl> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-17T12:05:41+00:00 Tatsuyuki Ishi ishitatsuyuki@gmail.com 2016-09-17T11:59:24+00:00 urn:sha1:82cc7ecf9f4626eb5458bc476cd3f0a1ae312e94 Signed-off-by: Tatsuyuki Ishi <ishitatsuyuki@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-08T19:59:03+00:00 Theo Debrouwere theo.debrouwere@skynet.be 2016-09-08T07:53:09+00:00 urn:sha1:5c506fa737f174879f37bb73aa2033dddeba0ec3 When building php, the package will also build/install phpdbg. This patch explicitly disables this behaviour. Signed-off-by: Theo Debrouwere <t.debrouwere@televic.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-09-06T21:21:50+00:00 Floris Bos bos@je-eigen-domein.nl 2016-08-23T16:54:48+00:00 urn:sha1:ea1e9e03442a5b375aa2214ba92e48ebba89070a The Mysql Native Driver has been the default mysql driver since PHP 5.4, but buildroot was still using libmysqlclient. Mysqlnd has several advantages such as improved memory management and the more favorable PHP licensing terms. (can combine it with proprietary PHP extensions like Ioncube loader, while libmysqlclient requires commercial licensing if you link to it and do not fall under their GPL/FOSS license exception) Signed-off-by: Floris Bos <bos@je-eigen-domein.nl> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-07-21T11:55:57+00:00 Vicente Olivert Riera Vincent.Riera@imgtec.com 2016-07-21T11:23:07+00:00 urn:sha1:ac43e455fe37a872398fc6552d39aed3cd84009e Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2016-06-26T12:58:07+00:00 Bernd Kuhls bernd.kuhls@t-online.de 2016-06-25T22:48:37+00:00 urn:sha1:a342452641bc364634eae0b9b97bb12d2b6d4edd Changelog is available here: http://php.net/ChangeLog-7.php#7.0.8 Fixes CVE-2015-8874 http://bugs.php.net/66387 Fixes CVE-2016-5766 http://bugs.php.net/72339 Fixes CVE-2016-5767 http://bugs.php.net/72446 Fixes CVE-2016-5768 http://bugs.php.net/72402 Fixes CVE-2016-5769 http://bugs.php.net/72455 Fixes CVE-2016-5772 http://bugs.php.net/72340 Fixes CVE-2016-5773 http://bugs.php.net/72434 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>