Message ID | 38121FAB319C3344930C920E7B518313886B225E@HHMAIL01.hh.imgtec.org |
---|---|
State | Rejected |
Headers | show |
Oops, didn't notice that. There's nothing urgent for master but it's a stable release as well. 2016年11月16日(水) 18:38 Vincent Olivert Riera <Vincent.Riera@imgtec.com>: > Hello Tatsuyuki, > > php has been already bumped to 7.0.13 in the next branch: > > > https://git.busybox.net/buildroot/commit/?h=next&id=cd59cb6b388d00865d0084e6a25eb306c0b5fdd3 > > Is there any reason to bump it for master as well? If so, please tell us > and if the reason is valid a maintainer will cherry-pick the patch from the > next branch. > > Regards, > > Vincent. > > > ________________________________________ > From: buildroot [buildroot-bounces@busybox.net] on behalf of > ishitatsuyuki@gmail.com [ishitatsuyuki@gmail.com] > Sent: 16 November 2016 09:27 > To: buildroot@busybox.net > Cc: Tatsuyuki Ishi > Subject: [Buildroot] [PATCH] PHP: bump to 7.0.13 > > From: Tatsuyuki Ishi <ishitatsuyuki@gmail.com> > > --- > package/php/php.hash | 2 +- > package/php/php.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/package/php/php.hash b/package/php/php.hash > index dde6a64..f1cd346 100644 > --- a/package/php/php.hash > +++ b/package/php/php.hash > @@ -1,2 +1,2 @@ > # From http://php.net/downloads.php > -sha256 f3d6c49e1c242e5995dec15e503fde996c327eb86cd7ec45c690e93c971b83ff > php-7.0.12.tar.xz > +sha256 357ba7f93975d7d836abed0852dc3ed96a988af539e87750613294cbee82f1bf > php-7.0.13.tar.xz > diff --git a/package/php/php.mk b/package/php/php.mk > index f85cb37..c8abe66 100644 > --- a/package/php/php.mk > +++ b/package/php/php.mk > @@ -4,7 +4,7 @@ > # > > ################################################################################ > > -PHP_VERSION = 7.0.12 > +PHP_VERSION = 7.0.13 > PHP_SITE = http://www.php.net/distributions > PHP_SOURCE = php-$(PHP_VERSION).tar.xz > PHP_INSTALL_STAGING = YES > -- > 2.10.2 > > _______________________________________________ > buildroot mailing list > buildroot@busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot >
On 16/11/16 06:38, Vincent Olivert Riera wrote: > Hello Tatsuyuki, > > php has been already bumped to 7.0.13 in the next branch: > > https://git.busybox.net/buildroot/commit/?h=next&id=cd59cb6b388d00865d0084e6a25eb306c0b5fdd3 > > Is there any reason to bump it for master as well? If so, please tell us and if the reason is valid a maintainer will cherry-pick the patch from the next branch. > > Regards, > > Vincent. Hi Vincent. It's a security release, you gotta read the ChangeLog more often: http://www.php.net/ChangeLog-7.php#7.0.13 They usually don't wait for CVE assignments or ask for them after the release, hence no references in it. Sometimes looking at the oss-security mailing lists helps. Regards.
Hi Gustavo, On 16/11/16 11:12, Gustavo Zacarias wrote: > On 16/11/16 06:38, Vincent Olivert Riera wrote: > >> Hello Tatsuyuki, >> >> php has been already bumped to 7.0.13 in the next branch: >> >> https://git.busybox.net/buildroot/commit/?h=next&id=cd59cb6b388d00865d0084e6a25eb306c0b5fdd3 >> >> >> Is there any reason to bump it for master as well? If so, please tell >> us and if the reason is valid a maintainer will cherry-pick the patch >> from the next branch. >> >> Regards, >> >> Vincent. > > Hi Vincent. > It's a security release, you gotta read the ChangeLog more often: > http://www.php.net/ChangeLog-7.php#7.0.13 > They usually don't wait for CVE assignments or ask for them after the > release, hence no references in it. > Sometimes looking at the oss-security mailing lists helps. I remember I searched for "CVE" in the ChangeLog and there wasn't any match, that's why I didn't specified it was a security update. They must changed that page later in order to add the CVE references. Vincent > Regards.
On 2016-11-16 08:20, Vicente Olivert Riera wrote: >> Hi Vincent. >> It's a security release, you gotta read the ChangeLog more often: >> http://www.php.net/ChangeLog-7.php#7.0.13 >> They usually don't wait for CVE assignments or ask for them after the >> release, hence no references in it. >> Sometimes looking at the oss-security mailing lists helps. > > I remember I searched for "CVE" in the ChangeLog and there wasn't any > match, that's why I didn't specified it was a security update. They > must > changed that page later in order to add the CVE references. > > Vincent There aren't any CVE references yet for 7.0.13, it requires some reading rather than Control-F (or similar keyboard shortcut) until they decide to update the notes, which will surely take some time. Regards.
diff --git a/package/php/php.hash b/package/php/php.hash index dde6a64..f1cd346 100644 --- a/package/php/php.hash +++ b/package/php/php.hash @@ -1,2 +1,2 @@ # From http://php.net/downloads.php -sha256 f3d6c49e1c242e5995dec15e503fde996c327eb86cd7ec45c690e93c971b83ff php-7.0.12.tar.xz +sha256 357ba7f93975d7d836abed0852dc3ed96a988af539e87750613294cbee82f1bf php-7.0.13.tar.xz diff --git a/package/php/php.mk b/package/php/php.mk index f85cb37..c8abe66 100644 --- a/package/php/php.mk +++ b/package/php/php.mk @@ -4,7 +4,7 @@ # ################################################################################ -PHP_VERSION = 7.0.12 +PHP_VERSION = 7.0.13 PHP_SITE = http://www.php.net/distributions PHP_SOURCE = php-$(PHP_VERSION).tar.xz PHP_INSTALL_STAGING = YES