---
- branch: MAIN
  date: Sun Sep  6 12:27:43 UTC 2015
  files:
  - new: '1.111'
    old: '1.110'
    path: pkgsrc/lang/php/phpversion.mk
    pathrev: pkgsrc/lang/php/phpversion.mk@1.111
    type: modified
  - new: '1.15'
    old: '1.14'
    path: pkgsrc/lang/php56/distinfo
    pathrev: pkgsrc/lang/php56/distinfo@1.15
    type: modified
  id: 20150906T122743Z.05cd4fb5704e41f4300f4d86d2ddd4584a89235a
  log: |
    Update php55 to 5.6.13 including security fixes.

    03 Sep 2015, PHP 5.6.13

    - Core:
      . Fixed bug #69900 (Too long timeout on pipes). (Anatol)
      . Fixed bug #69487 (SAPI may truncate POST data). (cmb)
      . Fixed bug #70198 (Checking liveness does not work as expected).
        (Shafreeck Sea, Anatol Belski)
      . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
      . Fixed bug #70219 (Use after free vulnerability in session deserializer).
        (taoguangchen at icloud dot com)

    - CLI server:
      . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
        (wusuopu, cmb)
      . Fixed bug #70264 (CLI server directory traversal). (cmb)

    - Date:
      . Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to
        be optional). (cmb)
      . Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
        (cmb)

    - EXIF:
      . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte
        value of 32 bytes). (Stas)

    - hash:
      . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee
        at naver dot com)

    - MCrypt:
      . Fixed bug #69833 (mcrypt fd caching not working). (Anatol)

    - Opcache:
      . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode
        on CLI enabled). (Dmitry, Laruence)

    - PCRE:
      . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string
        match). (cmb)
      . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
        (Anatol Belski)

    - SOAP:
      . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
        (Stas)

    - SPL:
      . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
        ob_start). (hugh at allthethings dot co dot nz)
      . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
      . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
        SplObjectStorage). (taoguangchen at icloud dot com)
      . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
        SplDoublyLinkedList). (taoguangchen at icloud dot com)

    - Standard:
      . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
        (cmb)
      . Fixed bug #70157 (parse_ini_string() segmentation fault with
        INI_SCANNER_TYPED). (Tjerk)

    - XSLT:
      . Fixed bug #69782 (NULL pointer dereference). (Stas)

    - ZIP:
      . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
        creating directories). (neal at fb dot com)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang'
  unixtime: '1441542463'
  user: taca