buildroot/package/php, branch 2016.05

php: security bump to version 5.6.22

2016-05-26T21:25:11+00:00

Fixes: Core: Integer Overflow in php_html_entities Core: Integer underflow / arbitrary null write in fread/gzread GD: imagescale out-of-bounds read Intl: get_icu_value_internal out-of-bounds read Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

php: security bump to version 5.6.21

2016-04-29T06:49:22+00:00

Fixes (CVEs not assigned yet): bug #72094 - Out of bounds heap read access in exif header processing bug #71912 - libgd: signedness vulnerability bug #72061 - Out-of-bounds reads in zif_grapheme_stripos with negative offset bug #71843 - null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER bug #71952 - Corruption inside imageaffinematrixget Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

php: security bump to version 5.6.20

2016-04-02T14:51:22+00:00

Fixes (no CVEs yet): Buffer over-write in finfo_open with malformed magic file. Invalid memory write in phar on filename with \0 in name. Parsing of tar file with duplicate filenames causes memory leak. php_snmp_error() Format String Vulnerability. Integer Overflow in php_raw_url_encode. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

php: bump to version 5.6.19

2016-03-04T16:07:47+00:00

Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

package/php: security bump version to 5.6.18

2016-02-05T22:23:07+00:00

Changelog: http://www.php.net/ChangeLog-5.php#5.6.18 Signed-off-by: Bernd Kuhls Acked-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni

php: drop useless PHP_VERSION_MAJOR variable

2016-01-29T16:51:09+00:00

~/buildroot$ grep -R PHP_VERSION_MAJOR . ./package/php/php.mk:PHP_VERSION_MAJOR = 5.6 ./package/php/php.mk:PHP_VERSION = $(PHP_VERSION_MAJOR).17 Signed-off-by: Jerzy Grzegorek Signed-off-by: Peter Korsgaard

icu: remove BR2_ARCH_HAS_ATOMICS dependency

2016-01-26T20:26:08+00:00

The BR2_ARCH_HAS_ATOMICS was added because on ARC, atomic instructions may not be provided by the architecture and therefore the compiler does not provide the __sync_*() built-ins. However, since then, icu was changed and is now able to use C++11 atomics, or even no atomic operations at all. In fact, icu will: * If possible, it will use C++11 atomics, which internally rely on the __atomic built-ins. These are available since gcc 4.7, and all architectures provide it. On some architectures, you *must* link with libatomic, on some other architectures, they are available built-in, but in all cases, linking against libatomic does not harm. Thanks to this, even ARC with no atomic support (which was the original reason for adding the BR2_ARCH_HAS_ATOMICS) dependency builds fine, provided -latomic is added to LIBS. * If C++11 atomics are not available, then it falls back to __sync_*() built-ins, which allows compilers older than 4.7 to be supported. * If really no atomic mechanism is available, then it falls back to a basic implementation based on a mutex. Conclusion: - The BR2_ARCH_HAS_ATOMICS dependency is no longer needed. - We need to link with -latomic when gcc >= 4.7 is used. Note that reverse dependencies of icu are also changed accordingly. Signed-off-by: Thomas Petazzoni Reviewed-by: "Yann E. MORIN" Signed-off-by: Thomas Petazzoni

php: security bump to version 5.6.17

2016-01-08T17:51:46+00:00

Bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). Bug #70755 (fpm_log.c memory leak and buffer overflow). Bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization). Bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability). Bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()). No CVEs assigned yet. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

php: add missing select BR2_PACKAGE_LIBMCRYPT

2015-12-30T16:23:01+00:00

Fixes: http://autobuild.buildroot.org/results/b0c/b0c9ea0d577a74549476ddbdb0d2ecd09311c765/ Signed-off-by: Thomas Petazzoni

package/php: Always link with libpthread for static builds

2015-12-17T21:50:56+00:00

Fixes http://autobuild.buildroot.net/results/c9f/c9fb2b4a25817d6455472767819018a62281d5f9/ http://autobuild.buildroot.net/results/a75/a757edcfce00d3e52c6787f28dc31cbaf8d2d2ab/ http://autobuild.buildroot.net/results/8df/8df836b6c241954449544c7b4c74a1cb19e7ff7b/ http://autobuild.buildroot.net/results/1b6/1b6e571e307c2b190116601bade382c43e8d3858/ http://autobuild.buildroot.net/results/aa3/aa34b2326a0702093162eb1f9d7bdf9c7cf45311/ http://autobuild.buildroot.net/results/74a/74ae21d78f7ea9d71407accd3e43900af6766e68/ http://autobuild.buildroot.net/results/7ec/7ec28c23b3f12e5b7e2376c7913329d2a38dd232/ Signed-off-by: Bernd Kuhls Acked-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni