CVS commit: [pkgsrc-2026Q1] pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2026Q1] pkgsrc/lang
From: "Benny Siegert" <bsiegert%netbsd.org@localhost>
Date: Sat, 9 May 2026 19:13:11 +0000

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sat May  9 19:13:11 UTC 2026

Modified Files:
        pkgsrc/lang/php [pkgsrc-2026Q1]: phpversion.mk
        pkgsrc/lang/php82 [pkgsrc-2026Q1]: Makefile distinfo

Log Message:
Pullup ticket #7109 - requested by taca
lang/php82: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.499
- lang/php82/Makefile                                           1.25
- lang/php82/distinfo                                           1.36

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Fri May  8 02:09:05 UTC 2026

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php82: Makefile distinfo

   Log Message:
   lang/php82: update to 8.2.31

   PHP 8.2.31 (2026-05-07)

   - Curl:
     . Add support for brotli and zstd on Windows. (Shivam Mathur)

   - FPM:
     . Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735)
       (Jakub Zelenka)

   - MBString:
     . Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in
       php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259)
       (vi3tL0u1s)

   - OpenSSL:
     . Fix compatibility issues with OpenSSL 4.0. (jordikroon, Remi)

   - PDO_Firebird:
     . Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings).
       (CVE-2025-14179) (SakiTakamachi)

   - SOAP:
     . Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache
       Map). (CVE-2026-6722) (ilutov)
     . Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with
       SOAP_PERSISTENCE_SESSION). (CVE-2026-7261) (ilutov)
     . Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check).
       (CVE-2026-7262) (ilutov)

   - Standard:
     . Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset).
       (CVE-2026-7568) (TimWolla)
     . Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h
       functions). (CVE-2026-7258) (ilutov)


To generate a diff of this commit:
cvs rdiff -u -r1.494.2.3 -r1.494.2.4 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.24 -r1.24.2.1 pkgsrc/lang/php82/Makefile
cvs rdiff -u -r1.35 -r1.35.4.1 pkgsrc/lang/php82/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.494.2.3 pkgsrc/lang/php/phpversion.mk:1.494.2.4
--- pkgsrc/lang/php/phpversion.mk:1.494.2.3     Sat May  9 19:01:50 2026
+++ pkgsrc/lang/php/phpversion.mk       Sat May  9 19:13:10 2026
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.494.2.3 2026/05/09 19:01:50 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.494.2.4 2026/05/09 19:13:10 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -110,7 +110,7 @@ PHPVERSION_MK=      defined
 # Define each PHP's version.
 PHP56_VERSION= 5.6.40
 PHP74_VERSION= 7.4.33
-PHP82_VERSION= 8.2.30
+PHP82_VERSION= 8.2.31
 PHP83_VERSION= 8.3.31
 PHP84_VERSION= 8.4.20
 PHP85_VERSION= 8.5.6

Index: pkgsrc/lang/php82/Makefile
diff -u pkgsrc/lang/php82/Makefile:1.24 pkgsrc/lang/php82/Makefile:1.24.2.1
--- pkgsrc/lang/php82/Makefile:1.24     Wed Jan  7 08:47:40 2026
+++ pkgsrc/lang/php82/Makefile  Sat May  9 19:13:11 2026
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.24 2026/01/07 08:47:40 wiz Exp $
+# $NetBSD: Makefile,v 1.24.2.1 2026/05/09 19:13:11 bsiegert Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=               ${PHP_PKG_PREFIX}-${PHP_VERSION}
-PKGREVISION=           1
 CATEGORIES=            lang
 
 COMMENT=               PHP Hypertext Preprocessor version 8.2

Index: pkgsrc/lang/php82/distinfo
diff -u pkgsrc/lang/php82/distinfo:1.35 pkgsrc/lang/php82/distinfo:1.35.4.1
--- pkgsrc/lang/php82/distinfo:1.35     Fri Dec 19 14:29:57 2025
+++ pkgsrc/lang/php82/distinfo  Sat May  9 19:13:11 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.35 2025/12/19 14:29:57 taca Exp $
+$NetBSD: distinfo,v 1.35.4.1 2026/05/09 19:13:11 bsiegert Exp $
 
-BLAKE2s (php-8.2.30.tar.xz) = 2e7b46d8de52b9e124eac8fdcacaaa0b13d7b10aeba44a888c4e98f128b9a86b
-SHA512 (php-8.2.30.tar.xz) = 4026e39231551c45e0923d44d91a8a9b2614ab1cb432cf73fbb475b7d047f9fbdaa183289d7f149546b254ee1a6374ac65396272b46700d453e53bfe8af42a93
-Size (php-8.2.30.tar.xz) = 12153868 bytes
+BLAKE2s (php-8.2.31.tar.xz) = 3f26eecd6d30c9c40a26db7a02e23fd299f052191b32f72443e5f7f7e82b2fba
+SHA512 (php-8.2.31.tar.xz) = 814ea663bf638133e940639e0be00acae8d1e6a2c5058980cbf72c71a81224be0ac6c6cb37ad141c3ab81f1064ab81523c775b38c61511c0d0be9b05dd173ecc
+Size (php-8.2.31.tar.xz) = 12160520 bytes
 SHA1 (patch-build_Makefile.global) = 87c533087a536649b5f51108ef4f4b72c8efc5b2
 SHA1 (patch-build_php.m4) = 465d2896c8c4d88c325414caf221e1f2aec27fc3
 SHA1 (patch-configure.ac) = 97d6378ca03682aca635af45df3e7d777fd1d787

Prev by Date: CVS commit: [pkgsrc-2026Q1] pkgsrc/lang
Next by Date: CVS commit: pkgsrc/filesystems/fuse
Previous by Thread: CVS commit: [pkgsrc-2026Q1] pkgsrc/lang
Next by Thread: CVS commit: pkgsrc/filesystems/fuse
Indexes:

Home | Main Index | Thread Index | Old Index