CVS commit: [pkgsrc-2014Q1] pkgsrc/lang

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/lang
From: "Matthias Scheler" <tron%netbsd.org@localhost>
Date: Mon, 2 Jun 2014 15:33:45 +0000

Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Jun  2 15:33:45 UTC 2014

Modified Files:
        pkgsrc/lang/php [pkgsrc-2014Q1]: phpversion.mk
        pkgsrc/lang/php55 [pkgsrc-2014Q1]: Makefile.php distinfo

Log Message:
Pullup ticket #4427 - requested by taca
lang/php55: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.63
- lang/php55/Makefile.php                                       1.3
- lang/php55/distinfo                                           1.22

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Sat May 31 04:26:40 UTC 2014

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php55: Makefile.php distinfo

   Log Message:
   Update php55 to 5.5.13, contains fix for CVE-2014-0237 and CVE-2014-0238.

   29 May 2014, PHP 5.5.13

   - CLI server:
     . Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)

   - COM:
     . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). 
(Anatol)

   - Core:
     . Fixed bug #65701 (copy() doesn't work when destination filename is 
created
       by tempnam()). (Boro Sitnikovski)
     . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
     . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
       zend_exceptions.c). (Bob)
     . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
     . Fixed bug #67249 (printf out-of-bounds read). (Stas)
     . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
     . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)

   - Curl:
     . Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)

   - Date:
     . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
     . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
     . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

   - DOM:
     . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE 
tag,
       not only the subset). (Anatol)

   - Fileinfo:
     . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
     . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) 
(CVE-2014-0238).
     . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls 
resulting in
       performance degradation) (CVE-2014-0237).

   - FPM:
     . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
       (Julio Pintos)

   - GD:
     . Fixed bug #67248 (imageaffinematrixget missing check of parameters). 
(Stas)

   - PCRE:
     . Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
       from the upstream). (Anatol)

   - Phar:
     . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an 
accent
       in its name). (PR #588)


To generate a diff of this commit:
cvs rdiff -u -r1.58.2.1 -r1.58.2.2 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.2 -r1.2.6.1 pkgsrc/lang/php55/Makefile.php
cvs rdiff -u -r1.17.2.1 -r1.17.2.2 pkgsrc/lang/php55/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: [pkgsrc-2014Q1] pkgsrc/lang
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: [pkgsrc-2014Q1] pkgsrc/lang
Indexes:

Home | Main Index | Thread Index | Old Index