kumquat-buildroot/package/php/php.hash

# From http://php.net/downloads.php
sha256 af70a33b3f7a51510467199b39af151333fbbe4cc21923bad9c7cf64268cddb2  php-7.2.5.tar.xz

# License file
sha256 00e567a8d50359d93ee1f9afdd9511277660c1e70a0cbf3229f84403aa9aebb1  LICENSE
php: bump to version 5.5.17 Add hash and switch to xz download for space savings. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2014-09-19 14:31:19 +02:00			`# From http://php.net/downloads.php`
package/php: security bump to version 7.2.5 Changelog: http://www.php.net/ChangeLog-7.php#7.2.5 This release fixes several security-related bugs for which no CVE id's are assigned at the time of writing: https://bugs.php.net/bug.php?id=76129 https://bugs.php.net/bug.php?id=76130 https://bugs.php.net/bug.php?id=76248 https://bugs.php.net/bug.php?id=76249 Removed patch 0007, applied upstream: https://github.com/php/php-src/commit/2842aa2a078eb1cad55540b61e7edf111395150d Re-numbered patch 0009 -> 0007. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-04-28 11:57:35 +02:00			`sha256 af70a33b3f7a51510467199b39af151333fbbe4cc21923bad9c7cf64268cddb2 php-7.2.5.tar.xz`
php: security bump to version 7.1.7 Fixes the following security issues: CVE-2017-7890 - Buffer over-read into uninitialized memory. The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c (which can be reached with a call to the imagecreatefromstring() function) uses constant-sized color tables of size 3 * 256, but does not zero-out these arrays before use. CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229 - Out-of-bonds access in oniguruma regexp library. CVE-2017-11144 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in ext/openssl/openssl.c, and an OpenSSL documentation omission. CVE-2017-11145 - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, lack of a bounds check in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to an ext/date/lib/parse_date.c out-of-bounds read affecting the php_parse_date function. CVE-2017-11146 - In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7, lack of bounds checks in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11145. While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2017-07-11 11:02:20 +02:00
			`# License file`
php: bump version to 7.2.2 Additional changes: - Fix ordering of patches. - Update patches to apply cleanly against 7.2.2 - Updates License sha256sum Signed-off-by: Adam Duskett <aduskett@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-02-02 13:50:39 +01:00			`sha256 00e567a8d50359d93ee1f9afdd9511277660c1e70a0cbf3229f84403aa9aebb1 LICENSE`