<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-devtools/php, branch styhead-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=styhead-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-01-16T14:17:32+00:00</updated>
<entry>
<title>php: upgrade 8.2.20 -&gt; 8.2.26</title>
<updated>2025-01-16T14:17:32+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2024-12-20T15:36:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=117f44269dd91af78a608f529444ff46fa3d678f'/>
<id>urn:sha1:117f44269dd91af78a608f529444ff46fa3d678f</id>
<content type='text'>
Solves dozens of vulnerabilities. See
https://php.watch/versions/8.2/releases/8.2.21
https://php.watch/versions/8.2/releases/8.2.22
https://php.watch/versions/8.2/releases/8.2.23
https://php.watch/versions/8.2/releases/8.2.24
https://php.watch/versions/8.2/releases/8.2.25
https://php.watch/versions/8.2/releases/8.2.26

Removes CVE-2024-11233, CVE-2024-11234 and CVE-2024-11236 from
current cve metrics.

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit eea7188a24eed79113ea363b9343c0579937ff77)
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>php-native: CVE status update for CVE-2022-4900</title>
<updated>2024-07-04T03:20:17+00:00</updated>
<author>
<name>Ninette Adhikari</name>
<email>ninette@thehoodiefirm.com</email>
</author>
<published>2024-07-03T17:04:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d026169258a21cca7a8fddb3665cd1b99501e8e3'/>
<id>urn:sha1:d026169258a21cca7a8fddb3665cd1b99501e8e3</id>
<content type='text'>
The current version (8.2.20) is not affected.

Signed-off-by: Ninette Adhikari &lt;ninette@thehoodiefirm.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: Upgrade to 8.2.20</title>
<updated>2024-06-27T16:18:47+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2024-06-24T02:26:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e747ef80a8e45623509db323b5937cb848171dfa'/>
<id>urn:sha1:e747ef80a8e45623509db323b5937cb848171dfa</id>
<content type='text'>
Includes fix for CVE-2024-5458 and other bugs

Changelog:
https://www.php.net/ChangeLog-8.php#PHP_8_2

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>recipes: Start WORKDIR -&gt; UNPACKDIR transition</title>
<updated>2024-05-23T15:44:44+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2024-05-13T21:16:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=ffc64e9c6fee0af7eea3466135416d011172a5e6'/>
<id>urn:sha1:ffc64e9c6fee0af7eea3466135416d011172a5e6</id>
<content type='text'>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: Upgrade to 8.2.18</title>
<updated>2024-05-12T15:43:17+00:00</updated>
<author>
<name>Soumya Sambu</name>
<email>soumya.sambu@windriver.com</email>
</author>
<published>2024-05-08T11:23:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=34ee1ff3547cf7d01a2bcd960720cd8bd8515d56'/>
<id>urn:sha1:34ee1ff3547cf7d01a2bcd960720cd8bd8515d56</id>
<content type='text'>
Includes fixes for CVE-2024-3096, CVE-2024-2756 and other bugs.

Changelog:
https://www.php.net/ChangeLog-8.php#8.2.18

Rebase 0001-ext-opcache-config.m4-enable-opcache.patch to new version

Signed-off-by: Soumya Sambu &lt;soumya.sambu@windriver.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: Upgrade to 8.2.16</title>
<updated>2024-03-09T19:20:17+00:00</updated>
<author>
<name>Khem Raj</name>
<email>raj.khem@gmail.com</email>
</author>
<published>2024-03-09T19:15:08+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=29e772087c95dcf3e38d2becaf8958b5027a23fc'/>
<id>urn:sha1:29e772087c95dcf3e38d2becaf8958b5027a23fc</id>
<content type='text'>
License-Update: Copyright Year updated to 2024 [1]

[1] https://github.com/php/php-src/commit/2575e6b88c3d3bbd53383fb65057c9b7b029e264

Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>php-fpm: fix systemd</title>
<updated>2024-01-31T22:18:31+00:00</updated>
<author>
<name>Emil Kronborg</name>
<email>emil.kronborg@protonmail.com</email>
</author>
<published>2024-01-31T19:13:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4cefe0196f7a2471b144413510d072d525e1a041'/>
<id>urn:sha1:4cefe0196f7a2471b144413510d072d525e1a041</id>
<content type='text'>
2848cc99a186 ("php-fpm: Add support for systemd") introduced a systemd
service file, where ExecStart and ExecStop uses /etc/init.d/php-fpm,
which does not exist if systemd is enabled. Consequently, the php-fpm
service fails to start even though it is correctly installed. This is
fixed by this commit in which the service file is identical to the one
from the PHP source code except for the use of BitBake variables. Also,
use ${systemd_system_unitdir} instead of ${systemd_unitdir}/system.

Signed-off-by: Emil Kronborg &lt;emil.kronborg@protonmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: remove lemon-native build dependency</title>
<updated>2023-12-21T16:00:40+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2023-12-20T15:53:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=668ba95ea7d1d5a9ea37e2a725f152eaf5eebd94'/>
<id>urn:sha1:668ba95ea7d1d5a9ea37e2a725f152eaf5eebd94</id>
<content type='text'>
This was required by the sqlite2 extension, which was removed from PHP
in 2010[1].

[1] https://github.com/php/php-src/commit/6c76f3606cddeb010cf1fc5ea28b47456ea9639e

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>php: upgrade 8.2.8 -&gt; 8.2.9</title>
<updated>2023-08-27T00:32:44+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2023-08-24T08:09:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=739e880b21eb5c558e098eb9fe02e3dbaef37d65'/>
<id>urn:sha1:739e880b21eb5c558e098eb9fe02e3dbaef37d65</id>
<content type='text'>
Changelog:
===========
- Build:
  . Fixed bug GH-11522 (PHP version check fails with '-' separator).
- CLI:
  . Fix interrupted CLI output causing the process to exit.
- Core:
  . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
  . Fixed line number of JMP instruction over else block.
  . Fixed use-of-uninitialized-value with ??= on assert.
  . Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions).
  . Fixed build for FreeBSD before the 11.0 releases.
- Curl:
  . Fix crash when an invalid callback function is passed to
    CURLMOPT_PUSHFUNCTION.
- Date:
  . Fixed bug GH-11368 (Date modify returns invalid datetime).
  . Fixed bug GH-11600 (Can't parse time strings which include
    non-breaking space characters).
  . Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with
    extra space).
- DOM:
  . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with
    DOMDocumentFragment but just deletes node or causes wrapping &lt;&gt;&lt;/&gt;
    depending on libxml2 version).
- Fileinfo:
  . Fixed bug GH-11298 (finfo returns wrong mime type for xz files).
- FTP:
  . Fix context option check for "overwrite".
  . Fixed bug GH-10562 (Memory leak and invalid state with consecutive
    ftp_nb_fget).
- GD:
  . Fix most of the external libgd test failures.
- Intl:
  . Fix memory leak in MessageFormatter::format() on failure.
- Libxml:
  . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
    in XML without enabling it). (CVE-2023-3823)
- MBString:
  . Fix GH-11300 (license issue: restricted unicode license headers).
- Opcache:
  . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in
    segmentation fault).
  . Prevent potential deadlock if accelerated globals cannot be allocated.
- PCNTL:
  . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
- PDO:
  . Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true
    and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer
    filled).
- PDO SQLite:
  . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
- Phar:
  . Add missing check on EVP_VerifyUpdate() in phar util.
  . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
- PHPDBG:
  . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option).
- Session:
  . Removed broken url support for transferring session ID.
- Standard:
  . Fix serialization of RC1 objects appearing in object graph twice.
- Streams:
  . Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper
    from itself).
- SQLite3:
  . Fix replaced error handling in SQLite3Stmt::__construct.
- XMLReader:
  . Fix GH-11548 (Argument corruption when calling XMLReader::open or
    XMLReader::XML non-statically with observer active).

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS</title>
<updated>2023-07-27T15:54:40+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2023-07-26T09:50:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=8af2f17a6fa8bf282c4c27054adbea1bf0873069'/>
<id>urn:sha1:8af2f17a6fa8bf282c4c27054adbea1bf0873069</id>
<content type='text'>
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
  version

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
