CVS commit: [pkgsrc-2024Q1] pkgsrc/lang

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Mon Apr 22 12:56:31 UTC 2024

Modified Files:
        pkgsrc/lang/php [pkgsrc-2024Q1]: phpversion.mk
        pkgsrc/lang/php81 [pkgsrc-2024Q1]: distinfo

Log Message:
Pullup ticket #6849 - requested by taca
lang/php81: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.429
- lang/php81/distinfo                                           1.32

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sat Apr 13 02:53:35 UTC 2024

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php81: distinfo

   Log Message:
   lang/php81: update to 8.1.27

   This release includes security fixes.

   11 Apr 2024, PHP 8.1.28

   - Standard:
     . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
       parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
     . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
       partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
     . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
       opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)


To generate a diff of this commit:
cvs rdiff -u -r1.426.2.2 -r1.426.2.3 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.31 -r1.31.2.1 pkgsrc/lang/php81/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.426.2.2 pkgsrc/lang/php/phpversion.mk:1.426.2.3
--- pkgsrc/lang/php/phpversion.mk:1.426.2.2     Mon Apr 22 12:49:08 2024
+++ pkgsrc/lang/php/phpversion.mk       Mon Apr 22 12:56:30 2024
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.426.2.2 2024/04/22 12:49:08 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.426.2.3 2024/04/22 12:56:30 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -91,7 +91,7 @@ PHPVERSION_MK=        defined
 PHP56_VERSION= 5.6.40
 PHP74_VERSION= 7.4.33
 PHP80_VERSION= 8.0.30
-PHP81_VERSION= 8.1.27
+PHP81_VERSION= 8.1.28
 PHP82_VERSION= 8.2.18
 PHP83_VERSION= 8.3.4
 

Index: pkgsrc/lang/php81/distinfo
diff -u pkgsrc/lang/php81/distinfo:1.31 pkgsrc/lang/php81/distinfo:1.31.2.1
--- pkgsrc/lang/php81/distinfo:1.31     Fri Jan  5 02:10:34 2024
+++ pkgsrc/lang/php81/distinfo  Mon Apr 22 12:56:30 2024
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.31 2024/01/05 02:10:34 taca Exp $
+$NetBSD: distinfo,v 1.31.2.1 2024/04/22 12:56:30 bsiegert Exp $
 
-BLAKE2s (php-8.1.27.tar.xz) = adeaa2ba18ec7bf532947556261be717e6be2a6c8dc191a839eadcb6b682dc62
-SHA512 (php-8.1.27.tar.xz) = 07fb2b8e10e2487635e26bfd8a27949a26b85f76bc3984ad8599224bb7a7f9498d84299335ae5a0bba16599275e9747ab141f73f4f2076ddf49ebec8e76fd0ed
-Size (php-8.1.27.tar.xz) = 11915228 bytes
+BLAKE2s (php-8.1.28.tar.xz) = 3c9676ad6d04d5006f3135f377f22fab86b3f1f6804977b290e4bf9685d214c0
+SHA512 (php-8.1.28.tar.xz) = d56ecac164e00e9514cd3c6c8c453598b323118dc7d7ae7cc14ba0847d50a2e455b2391f52e0d81af325b02d8f73a7d2ed66bf66d068dac4a496d777c83a398f
+Size (php-8.1.28.tar.xz) = 11848504 bytes
 SHA1 (patch-configure) = bf9d652aa5b5509b08ce7cdb6168936ca7b80584
 SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640
 SHA1 (patch-ext_enchant_enchant.c) = 7924acc5fdadea89b3a385cf744ef982795bf89d