Changelog:
Core:
Fixed bug #77738 (Nullptr deref in zend_compile_expr).
Fixed bug #77660 (Segmentation fault on break 2147483648).
Fixed bug #77652 (Anonymous classes can lose their interface information).
Fixed bug #77676 (Unable to run tests when building shared extension on AIX).
Bcmath:
Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
COM:
Fixed bug #77578 (Crash when php unload).
Date:
Fixed bug #50020 (DateInterval:createDateFromString() silently fails).
Fixed bug #75113 (Added DatePeriod::getRecurrences() method).
EXIF:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s).
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value).
FPM:
Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
GD:
Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
MySQLi:
Fixed bug #77597 (mysqli_fetch_field hangs scripts).
Opcache:
Fixed bug #77691 (Opcache passes wrong value for inline array push assignments).
Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
phpdbg:
Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
sodium:
Fixed bug #77646 (sign_detached() strings not terminated).
SQLite3:
Added sqlite3.defensive INI directive.
Standard:
Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
Fixed bug #77669 (Crash in extract() when overwriting extracted array).
Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
Changelog taken from: https://www.php.net/ChangeLog-7.php#7.2.17
MFH: 2019Q2
Changelog:
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing).
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF).
Fixed bug #77540 (Invalid Read on exif_process_SOFn).
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE).
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.2.16
MFH: 2019Q1
Changelog:
Core:
Fixed bug #77339 (__callStatic may get incorrect arguments).
Fixed bug #77494 (Disabling class causes segfault on member access).
Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
Curl:
Fixed bug #76675 (Segfault with H2 server push).
GD:
Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
Fixed bug #77272 (imagescale() may return image resource on failure).
Fixed bug #77391 (1bpp BMPs may fail to be loaded).
Fixed bug #77479 (imagewbmp() segfaults with very large images).
ldap:
Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
Mbstring:
Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
MySQLnd:
Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
Opcache:
Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
OpenSSL:
Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
PDO:
Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
Sockets:
Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
Standard:
Fixed bug #77395 (segfault about array_multisort).
Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.2.15
PR: 235575 235577
MFH: 2019Q1
Renaming the option to be inline with the already existing MYSQLND option
in the mysqli and pdo_mysqli ports.
Reported by: Jarrod Sayers <jarrod@downtools.com.au>
Currently PHP is always compiled with --enable-mysqlnd, to allow the use
of the native MySQL Native Driver. MySQL Native Driver is a replacement for the
MySQL Client Library.
While this is handy when working with MySQL there is no need for
it when MySQL is *not* used at all. This happens frequently when
working without databases or simply with other databases.
To avoid POLA the newly introduced option is a default option.
Disabling it will reduce the size of the package by ca. 175 KB,
which also helps in modern constraint VM run environments.
Submitted by: Reko Turja <reko.turja@liukuma.net>
Changelog:
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response).
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Date:
Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
IMAP:
Fixed bug #77020 (null pointer dereference in imap_mail).
Mbstring:
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
Fixed bug #77381 (heap buffer overflow in multibyte match_at).
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
Fixed bug #77385 (buffer overflow in fetch_token).
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
Changelog taken from: http://www.php.net/ChangeLog-7.php#7.2.14
MFH: 2019Q1
Notable changes:
- Switch from PCRE to PCRE2
- Many modules now require PCRE2 for building
- graphics/php73-gd: X11 option is no longer default
Changes to Mk/Uses/php.mk approved by ale
This port links some non-PIC code, which fails with lld as it defaults
to disallowing relocations against read-only segments. For i386 we can
just add -znotext unconditionally: for GNU BFD ld it just affirms BFD's
existing default.
PR: 214864, 230207
Approved by: bapt
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D17193
Changelog: http://www.php.net/ChangeLog-7.php#7.2.8
Also patch out MySQL 8 auth changes, which makes the hash
extension mandatory instead of optional and introduce further
bugs:
d6e81f0bfd
MFH: 2018Q3
script in pre-configure to regenerate configure scripts. Because this
regenerates php_config.h.in, merge a patch for that file into the patch
for configure.in.
- Remove redundant --localstatedir=/var (added by bsd.port.mk).
Add missing file zend_smart_string.h to pkg-plist.
The allows building many more of the pecl-* ports.
PR: 223766
Submitted by: Raivo Hool <raivo.hool@gmail.com>
Reported by: Raivo Hool <raivo.hool@gmail.com>, Daniel Ylitalo <daniel@blodan.se>
Notable changes:
- mcrypt module was removed
- sodium module was added
- sybase_ct artifacts removed
Also many PECL ports will not work with this version
since some files got renamed.
Reviewed by: mat, ale, Rainer Duffner <rainer@ultra-secure.de>
Differential Revision: https://reviews.freebsd.org/D12980
