[pkgsrc/pkgsrc-2016Q2]: pkgsrc/lang/php56 Pullup ticket #5069 - requested by ...

[spz <spz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/616bf2178a0f
branches:  pkgsrc-2016Q2
changeset: 408859:616bf2178a0f
user:      spz <spz%pkgsrc.org@localhost>
date:      Thu Jul 28 14:58:39 2016 +0000

description:
Pullup ticket #5069 - requested by taca
lang/php56: security update
lang/php: subsequent adjustment

Revisions pulled up:
- lang/php/phpversion.mk                                        1.143
- lang/php56/distinfo                                           1.29

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sun Jul 24 02:18:02 UTC 2016

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php56: distinfo

   Log Message:
   Update php56 to 5.6.24 (PHP 5.6.24).

   21 Jul 2016, PHP 5.6.24

   - Core:
     . Fixed bug #71936 (Segmentation fault destroying HTTP_RAW_POST_DATA).
       (mike dot laspina at gmail dot com, Remi)
     . Fixed bug #72496 (Cannot declare public method with signature incompatible
       with parent private method). (Pedro Magalh?es)
     . Fixed bug #72138 (Integer Overflow in Length of String-typed ZVAL). (Stas)
     . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
       virtual_file_ex). (loianhtuan at gmail dot com)
     . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
       Deserialization). (taoguangchen at icloud dot com)
     . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
       applications). (CVE-2016-5385) (Stas)

   - bz2:
     . Fixed bug #72447 (Type Confusion in php_bz2_filter_create()). (gogil at
       stealien dot com).
     . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)

   - EXIF:
     . Fixed bug #50845 (exif_read_data() returns corrupted exif headers).
       (Bartosz Dziewo?ski)
   - EXIF:
     . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
       (Stas)
     . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
       (Stas)

   - GD:
     . Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
     . Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
     . Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
     . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
       access). (Pierre)
     . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
     . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
       (CVE-2016-6207) (Pierre)

   - Intl:
     . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)

   - ODBC:
     . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

   - OpenSSL:
     . Fixed bug #71915 (openssl_random_pseudo_bytes is not fork-safe).
       (Jakub Zelenka)
     . Fixed bug #72336 (openssl_pkey_new does not fail for invalid DSA params).
       (Jakub Zelenka)

   - SNMP:
     . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
       unserialize()). (taoguangchen at icloud dot com)

   - SPL:
     . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin V?LCIU)

   - SQLite3:
     . Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
       (cmb)

   - Streams:
     . Fixed bug #72439 (Stream socket with remote address leads to a segmentation
       fault). (Laruence)

   - Xmlrpc:
     . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
       (Stas)

   - Zip:
     . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
       php_stream_zip_opener). (loianhtuan at gmail dot com)


   To generate a diff of this commit:
   cvs rdiff -u -r1.142 -r1.143 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.28 -r1.29 pkgsrc/lang/php56/distinfo

diffstat:

 lang/php56/distinfo |  10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diffs (18 lines):

diff -r 20612c3ad8ed -r 616bf2178a0f lang/php56/distinfo
--- a/lang/php56/distinfo       Thu Jul 28 14:49:19 2016 +0000
+++ b/lang/php56/distinfo       Thu Jul 28 14:58:39 2016 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.28 2016/06/24 15:25:21 taca Exp $
+$NetBSD: distinfo,v 1.28.2.1 2016/07/28 14:58:39 spz Exp $
 
-SHA1 (php-5.6.23.tar.bz2) = 27a5b59f28e92cf8b7961ac400d1fa7e3e7e191c
-RMD160 (php-5.6.23.tar.bz2) = 9907d4f13917c3aa1e015baf299ddb8220ec92f0
-SHA512 (php-5.6.23.tar.bz2) = 92be3685926f302223465e9673496971f0ee1b05c7b3a09682d4ef93a27b4c17e5c53c36acab15d26f38508f6d65bebe11a6f0f0fc98b27eafe95b02b4d9897d
-Size (php-5.6.23.tar.bz2) = 14178077 bytes
+SHA1 (php-5.6.24.tar.bz2) = c2b3ad1d968fbc615702ff0860efc3b35ca1fb70
+RMD160 (php-5.6.24.tar.bz2) = 6be7a7ea3a59dbbb618cb1251caf32f5332e5def
+SHA512 (php-5.6.24.tar.bz2) = 50bf22a1e4298049a3602906a47d4bbb52cf9e7bf8d01f6ebca76d15b4c87ef59ba94ac5d19889fb5f9a15f5da002b6304bb526327d5fe0409992a668a665ffc
+Size (php-5.6.24.tar.bz2) = 14905924 bytes
 SHA1 (patch-acinclude.m4) = b38fc34c3a3847dc317e8e286612b21ec8fd5ce8
 SHA1 (patch-configure) = 5d76f71aa903efa3c3491b908ff76419aa4af27c
 SHA1 (patch-ext_gd_config.m4) = 4b44853250eb4a638af4c663e618307ff25d2cbd