The php package has been rebuilt and was uploaded to the Chaos Calmer 15.05 repository due to multiple security issues.
VERSION 5.6.8-1 => 5.6.17-1 CHANGELOG [Sun, 24 Jan 2016 21:47:52 +0100 18d121b] Update to 5.6.17 Fixes CVE-2016-1903. [Wed, 23 Dec 2015 16:00:14 -0500 766cfcc] Update to 5.6.16 [Wed, 23 Dec 2015 16:00:04 -0500 41f541b] Update to 5.6.15 [Wed, 23 Dec 2015 15:59:54 -0500 0df349f] Update to 5.6.14 [Wed, 23 Dec 2015 15:59:43 -0500 196b622] Update to 5.6.13 [Wed, 23 Dec 2015 15:59:32 -0500 1cbcdf7] Fix the two different maintainer fields into one (fixes #1688) [Wed, 23 Dec 2015 15:59:21 -0500 9bbdad4] Update to 5.6.12 [Wed, 23 Dec 2015 15:59:10 -0500 6cba0bf] This fixes the following CVEs: - in PCRE: CVE-2015-2325, CVE-2015-2326 - in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 [Wed, 23 Dec 2015 15:58:46 -0500 559df39] This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability, a heap buffer overflow in unpack and a integer overflow in ftp_genlist, which also results in a heap overflow. For more details, see http://php.net/ChangeLog-5.php#5.6.9 Also sync the timezone patch with latest version from Debian and adopt this patch for the changes in this php release. Refresh 950-Fix-dl-cross-compiling-issue.patch. [Wed, 23 Dec 2015 15:58:27 -0500 f0a0448] This patch adds build infrastructure for PHP's OPcache extension. Compared with the other extension, this is a Zend module and it need a little workaround during cross-compiling. [Wed, 23 Dec 2015 15:57:57 -0500 f04165e] Pecl: move phpize into prepare stage This allows pecl modules to rely on PKG_FIXUP:=autoreconf. CHANGES lang/php5/Makefile | 24 ++- lang/php5/files/php.ini | 10 ++ ...bian_patches_use_embedded_timezonedb.patch | 136 ++++++++------ ...xt-opcache-fix-detection-of-shm-mmap.patch | 159 +++++++++++++++++ .../950-Fix-dl-cross-compiling-issue.patch | 23 ++- lang/php5/pecl.mk | 7 +- 6 files changed, 277 insertions(+), 82 deletions(-) REFERENCES * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7243 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3414 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3415 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3416 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1903 * https://github.com/openwrt/packages/commit/f04165e4e0ddf7f9e62321f808d27aafd7631007 * https://github.com/openwrt/packages/commit/f0a0448857e04884a7ad2ae5534ac2b2cb3948fc * https://github.com/openwrt/packages/commit/559df398ffc86fe386db79a937c61235c4b45ce0 * https://github.com/openwrt/packages/commit/6cba0bf5454034b9ac7e6dcf917ebefc75d9bb8e * https://github.com/openwrt/packages/commit/9bbdad4ed72559aa03ccd024d5a49aae12d6a2c6 * https://github.com/openwrt/packages/commit/1cbcdf7f9e2aad526e0a59247525321aefa25234 * https://github.com/openwrt/packages/commit/196b622bd660384adecfd75959e0111ba34fe5f6 * https://github.com/openwrt/packages/commit/0df349f8df0fbc5272b909fad1320f64de622884 * https://github.com/openwrt/packages/commit/41f541bd267969d7676571be56f8c1a5c71e5257 * https://github.com/openwrt/packages/commit/766cfcc77f3be9152e818dc5703204b607a5a405 * https://github.com/openwrt/packages/commit/18d121b8542cff9734ac35bf1986bc1e3dbf7c05 _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
