---
- branch: MAIN
  date: Fri Jun 24 15:25:21 UTC 2016
  files:
  - new: '1.140'
    old: '1.139'
    path: pkgsrc/lang/php/phpversion.mk
    pathrev: pkgsrc/lang/php/phpversion.mk@1.140
    type: modified
  - new: '1.12'
    old: '1.11'
    path: pkgsrc/lang/php56/Makefile
    pathrev: pkgsrc/lang/php56/Makefile@1.12
    type: modified
  - new: '1.28'
    old: '1.27'
    path: pkgsrc/lang/php56/distinfo
    pathrev: pkgsrc/lang/php56/distinfo@1.28
    type: modified
  id: 20160624T152521Z.c61034292ed635237a2becd3c136111313ff3253
  log: |
    Update php56 to 5.6.23 (PHP 5.6.23), including security fixes.

    pkgsrc change: remove confiugre from SUBST_FILES.path.

    23 Jun 2016, PHP 5.6.23

    - Core:
      . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
        json_utf8_to_utf16()). (Stas)
      . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
      . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)

    - GD:
      . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
      . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
      . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
        heap overflow). (Pierre)
      . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
      . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
        in heap overflow). (Pierre)

    - Intl:
      . Fixed bug #70484 (selectordinal doesn't work with named parameters).
        (Anatol)

    - mbstring:
       . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)

    - mcrypt:
       . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)

    - Phar:
      . Fixed bug #72321 (invalid free in phar_extract_file()).
        (hji at dyntopia dot com)

    - SPL:
      . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
      . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
        unserialize). (Dmitry)

    - OpenSSL:
      . Fixed bug #72140 (segfault after calling ERR_free_strings()).
        (Jakub Zelenka)

    - WDDX:
      . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)

    - zip:
      . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
        algorithm and unserialize). (Dmitry)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang'
  unixtime: '1466781921'
  user: taca