---
- branch: pkgsrc-2015Q1
  date: Wed Apr 22 22:43:54 UTC 2015
  files:
  - new: 1.93.2.3
    old: 1.93.2.2
    path: pkgsrc/lang/php/phpversion.mk
    pathrev: pkgsrc/lang/php/phpversion.mk@1.93.2.3
    type: modified
  - new: 1.8.2.1
    old: '1.8'
    path: pkgsrc/lang/php56/distinfo
    pathrev: pkgsrc/lang/php56/distinfo@1.8.2.1
    type: modified
  id: 20150422T224354Z.5ca9ce94bf64e5db848a63693cfd9fafd2fe347e
  log: "Pullup ticket #4680 - requested by taca\nlang/php56: security update\n\nRevisions
    pulled up:\n- lang/php/phpversion.mk                                        1.96\n-
    lang/php56/distinfo                                           1.9\n\n---\n   Module
    Name:\tpkgsrc\n   Committed By:\ttaca\n   Date:\t\tFri Apr 17 16:42:43 UTC 2015\n\n
    \  Modified Files:\n   \tpkgsrc/lang/php: phpversion.mk\n   \tpkgsrc/lang/php56:
    distinfo\n\n   Log Message:\n   Update php56 to 5.6.8.\n\n   16 Apr 2015, PHP
    5.6.8\n\n   - Core:\n     . Fixed bug #66609 (php crashes with __get() and ++
    operator in some cases).\n       (Dmitry, Laruence)\n     . Fixed bug #68021 (get_browser()
    browser_name_regex returns non-utf-8\n       characters). (Tjerk)\n     . Fixed
    bug #68917 (parse_url fails on some partial urls). (Wei Dai)\n     . Fixed bug
    #69134 (Per Directory Values overrides PHP_INI_SYSTEM\n       configuration options).
    (Anatol Belski)\n     . Additional fix for bug #69152 (Type confusion vulnerability
    in\n       exception::getTraceAsString). (Stas)\n     . Fixed bug #69210 (serialize
    function return corrupted data when sleep has\n       non-string values). (Juan
    Basso)\n     . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown
    in\n       __call/... arg passing). (Nikita)\n     . Fixed bug #69221 (Segmentation
    fault when using a generator in combination\n       with an Iterator). (Nikita)\n
    \    . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion\n       vulnerability).
    (Stas)\n     . Fixed bug #69353 (Missing null byte checks for paths in various
    PHP\n       extensions). (Stas)\n\n   - Apache2handler:\n     . Fixed bug #69218
    (potential remote code execution with apache 2.4\n       apache2handler). (Gerrit
    Venema)\n\n   - cURL:\n     . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)\n
    \    . Fixed bug #68739 (Missing break / control flow). (Laruence)\n     . Fixed
    bug #69316 (Use-after-free in php_curl related to\n       CURLOPT_FILE/_INFILE/_WRITEHEADER).
    (Laruence)\n\n   - Date:\n     . Fixed bug #69336 (Issues with \"last day of <monthname>\").
    (Derick Rethans)\n\n   - Enchant:\n     . Fixed bug #65406 (Enchant broker plugins
    are in the wrong place in windows\n       builds). (Anatol)\n\n   - Ereg:\n     .
    Fixed bug #68740 (NULL Pointer Dereference). (Laruence)\n\n   - Fileinfo:\n     .
    Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or\n       segfault).
    (Anatol Belski)\n\n   - Filter:\n     . Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK
    ignored unless other\n       flags are used). (Jeff Welch)\n     . Fixed bug #69203
    (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff\n       Welch)\n\n   -
    OPCache:\n     . Fixed bug #69297 (function_exists strange behavior with OPCache
    on\n       disabled function). (Laruence)\n     . Fixed bug #69281 (opcache_is_script_cached
    no longer works). (danack)\n     . Fixed bug #68677 (Use After Free). (CVE-2015-1351)
    (Laruence)\n\n   - OpenSSL\n     . Fixed bugs #68853, #65137 (Buffered crypto
    stream data breaks IO polling\n       in stream_select() contexts) (Chris Wright)\n
    \    . Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly)\n
    \      (Daniel Lowrey)\n     . Fixed bug #69215 (Crypto servers should send client
    CA list)\n       (Daniel Lowrey)\n     . Add a check for RAND_egd to allow compiling
    against LibreSSL (Leigh)\n\n   - Phar:\n     . Fixed bug #64343 (PharData::extractTo
    fails for tarball created by BSD tar).\n       (Mike)\n     . Fixed bug #64931
    (phar_add_file is too restrictive on filename). (Mike)\n     . Fixed bug #65467
    (Call to undefined method cli_arg_typ_string). (Mike)\n     . Fixed bug #67761
    (Phar::mapPhar fails for Phars inside a path containing\n       \".tar\"). (Mike)\n
    \    . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)\n
    \    . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in\n       phar_set_inode).
    (Stas)\n\n   - Postgres:\n     . Fixed bug #68741 (Null pointer dereference).
    (CVE-2015-1352) (Laruence)\n\n   - SPL:\n     . Fixed bug #69227 (Use after free
    in zval_scan caused by\n        spl_object_storage_get_gc). (adam dot scarr at
    99designs dot com)\n\n   - SOAP:\n     . Fixed bug #69293 (NEW segfault when using
    SoapClient::__setSoapHeader\n        (bisected, regression)). (Laruence)\n\n   -
    Sqlite3:\n     . Fixed bug #68760 (SQLITE segfaults if custom collator throws
    an exception).\n        (Dan Ackroyd)\n     . Fixed bug #69287 (Upgrade bundled
    libsqlite to 3.8.8.3). (Anatol)\n     . Fixed bug #66550 (SQLite prepared statement
    use-after-free). (Sean Heelan)\n"
  module: pkgsrc
  subject: 'CVS commit: [pkgsrc-2015Q1] pkgsrc/lang'
  unixtime: '1429742634'
  user: tron