MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"
Date: Sat, 20 Aug 2011 13:55:09 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/lang/php53
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
Message-Id: <20110820135509.BAD94175DD@cvs.netbsd.org>
Sender: pkgsrc-changes-owner@NetBSD.org
Precedence: bulk

Module Name:	pkgsrc
Committed By:	taca
Date:		Sat Aug 20 13:55:09 UTC 2011

Modified Files:
	pkgsrc/lang/php53: Makefile Makefile.common PLIST distinfo
	pkgsrc/lang/php53/patches: patch-ac
Removed Files:
	pkgsrc/lang/php53/patches: patch-ext_sockets_sockets.c
	    patch-ext_standard_crypt__blowfish.c patch-ext_standard_string.c
	    patch-main_rfc1867.c

Log Message:
Update php53 package to 5.3.7.

PHP 5.3.7 Released!

[18-Aug-2011] The PHP development team would like to announce the immediate
availability of PHP 5.3.7. This release focuses on improving the stability of
the PHP 5.3.x branch with over 90 bug fixes, some of which are security
related.

Security Enhancements and Fixes in PHP 5.3.7:

* Updated crypt_blowfish to 1.2. (CVE-2011-2483)
* Fixed crash in error_log(). Reported by Mateusz Kocielski
* Fixed buffer overflow on overlog salt in crypt().
* Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload
  filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202)
* Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938)
* Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)

Key enhancements in PHP 5.3.7 include:

* Upgraded bundled Sqlite3 to version 3.7.7.1
* Upgraded bundled PCRE to version 8.12
* Fixed bug #54910 (Crash when calling call_user_func with unknown function
  name)

* Fixed bug #54585 (track_errors causes segfault)
* Fixed bug #54262 (Crash when assigning value to a dimension in a non-array)
* Fixed a crash inside dtor for error handling
* Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off)
* Fixed bug #54935 php_win_err can lead to crash
* Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption)
* Fixed bug #54305 (Crash in gc_remove_zval_from_buffer)
* Fixed bug #54580 (get_browser() segmentation fault when browscap ini
  directive is set through php_admin_value)
* Fixed bug #54529 (SAPI crashes on apache_config.c:197)
* Fixed bug #54283 (new DatePeriod(NULL) causes crash).
* Fixed bug #54269 (Short exception message buffer causes crash)
* Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries)
* Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters)
* Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and
  SplTempFileObject crash when user-space classes don't call the parent
  constructor)
* Fixed bug #54292 (Wrong parameter causes crash in
  SplFileObject::__construct())
* Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting
  with \0)
* Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator)
* Fixed bug #54623 (Segfault when writing to a persistent socket after closing
  a copy of the socket)
* Fixed bug #54681 (addGlob() crashes on invalid flags)
* Over 80 other bug fixes.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/lang/php53/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php53/Makefile.common
cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/lang/php53/PLIST
cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/php53/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php53/patches/patch-ac
cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php53/patches/patch-ext_sockets_sockets.c \
    pkgsrc/lang/php53/patches/patch-ext_standard_string.c \
    pkgsrc/lang/php53/patches/patch-main_rfc1867.c
cvs rdiff -u -r1.2 -r0 \
    pkgsrc/lang/php53/patches/patch-ext_standard_crypt__blowfish.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.