This fixes the following CVEs:
- in GD: CVE-2015-8874, CVE-2016-5766, CVE-2016-5767
- in mbstring: CVE-2016-5768
- in mcrypt: CVE-2016-5769
- in SPL: CVE-2016-5770, CVE-2016-5771
- in WDDX: CVE-2016-5772
- in zip: CVE-2016-5773
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- in BCMath: CVE-2016-4537, CVE-2016-4538
- in EXIF: CVE-2016-4542, CVE-2016-4543, CVE-2016-4544
- in GD: CVE-2016-3074
- in Intl: CVE-2016-4540, CVE-2016-4541
- in XML: CVE-2016-4539
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- in PCRE: CVE-2015-2325, CVE-2015-2326
- in sqlite3: CVE-2015-3414, CVE-2015-3415, CVE-2015-3416
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes CVE-2006-7243, a multipart/form-data remote dos vulnerability,
a heap buffer overflow in unpack and a integer overflow in ftp_genlist,
which also results in a heap overflow.
For more details, see http://php.net/ChangeLog-5.php#5.6.9
Also sync the timezone patch with latest version from Debian and
adopt this patch for the changes in this php release.
Refresh 950-Fix-dl-cross-compiling-issue.patch.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This patch adds build infrastructure for PHP's OPcache extension.
Compared with the other extension, this is a Zend module and it
need a little workaround during cross-compiling.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This fixes the following CVEs:
- CVE-2015-1351
- CVE-2015-1352
- CVE-2015-2783
- CVE-2015-3329
- CVE-2015-3330
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: wuqiong <memccpy@gmail.com>
- split fpm config into main and pool file
- introduced uci config file
- re-worked init script
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
- fileinfo: PHP actually uses its own libmagic implementation
- pdo-sqlite/sqlite3: libsqlite3 itself depends on libpthread,
not the extension
- xml{reader,writer}: both do not use iconv stuff
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This commit adds a patch to enforce the usage of an alternative
code path, preventing the need of libiconv in the bundled libgd
of php.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>