CVS commit: pkgsrc/lang

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Sun Sep  6 12:25:11 UTC 2015

Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php54: distinfo

Log Message:
Update php54 to 5.4.45 including security fixes.

03 Sep 2015 PHP 5.4.45

- Core:
  . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
  . Fixed bug #70219 (Use after free vulnerability in session deserializer).
    (taoguangchen at icloud dot com)

- EXIF:
  . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
    value of 32 bytes). (Stas)

- hash:
  . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
    at naver dot com)

- PCRE:
  . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
    (Anatol Belski)

- SOAP:
  . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
    (Stas)

- SPL:
  . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
    SplObjectStorage). (taoguangchen at icloud dot com)
  . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
    SplDoublyLinkedList). (taoguangchen at icloud dot com)

- XSLT:
  . Fixed bug #69782 (NULL pointer dereference). (Stas)

- ZIP:
  . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
    creating directories). (neal at fb dot com)


To generate a diff of this commit:
cvs rdiff -u -r1.108 -r1.109 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.62 -r1.63 pkgsrc/lang/php54/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.