Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id ABB427A1BC
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Thu, 28 Jul 2016 14:49:21 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 5A05685EFD; Thu, 28 Jul 2016 14:49:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id E11F585E77
	for <pkgsrc-changes@NetBSD.org>; Thu, 28 Jul 2016 14:49:20 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id JgGO1iH4s7bv for <pkgsrc-changes@netbsd.org>;
	Thu, 28 Jul 2016 14:49:20 +0000 (UTC)
Received: from cvs.NetBSD.org (unknown [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 1470F84C6C
	for <pkgsrc-changes@NetBSD.org>; Thu, 28 Jul 2016 14:49:20 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 0EFE0FBB5; Thu, 28 Jul 2016 14:49:20 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1469717360242850"
MIME-Version: 1.0
Date: Thu, 28 Jul 2016 14:49:20 +0000
From: "S.P.Zeidler" <spz@netbsd.org>
Subject: CVS commit: [pkgsrc-2016Q2] pkgsrc/lang
To: pkgsrc-changes@NetBSD.org
Reply-To: spz@netbsd.org
X-Mailer: log_accum
Message-Id: <20160728144920.0EFE0FBB5@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1469717360242850
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	spz
Date:		Thu Jul 28 14:49:19 UTC 2016

Modified Files:
	pkgsrc/lang/php [pkgsrc-2016Q2]: phpversion.mk
	pkgsrc/lang/php55 [pkgsrc-2016Q2]: distinfo

Log Message:
Pullup ticket #5067 - requested by taca
lang/php55: security update
lang/php: subsequent adjustment

Revisions pulled up:
- lang/php/phpversion.mk                                        1.142
- lang/php55/distinfo                                           1.55

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sun Jul 24 02:15:16 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php55: distinfo

   Log Message:
   Update php55 to 5.5.38 (PHP 5.5.38).

   Quote from release note:

   Note that according to our release schedule, PHP 5.5.38 is the last release
   of the PHP 5.5 branch. There may be additional release if we discover
   important security issues that warrant it, otherwise this release will be
   the final one in the PHP 5.5 branch. If your PHP installation is based on
   PHP 5.5, it may be a good time to start making the plans for the upgrade to
   PHP 5.6 or PHP 7.0.

   21 Jul 2016, PHP 5.5.38

   - BZip2:
      . Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)

   - Core:
      . Fixed bug #70480 (php_url_parse_ex() buffer overflow read). (Stas)
      . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
        virtual_file_ex). (loianhtuan at gmail dot com)
      . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
        Deserialization). (taoguangchen at icloud dot com)
      . Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and
        applications). (CVE-2016-5385) (Stas)

   - EXIF:
      . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
        (Stas)
      . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
        (Stas)

   - GD:
      . Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read
        access). (Pierre)
      . Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
      . Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
        (CVE-2016-6207) (Pierre)

   - Intl:
      . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)

   - ODBC:
      . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

   - SNMP:
      . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
        unserialize()). (taoguangchen at icloud dot com)

   - Xmlrpc:
      . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
        (Stas)

   - Zip:
      . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
        php_stream_zip_opener). (loianhtuan at gmail dot com)

   To generate a diff of this commit:
   cvs rdiff -u -r1.141 -r1.142 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.54 -r1.55 pkgsrc/lang/php55/distinfo


To generate a diff of this commit:
cvs rdiff -u -r1.141 -r1.141.2.1 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.54 -r1.54.2.1 pkgsrc/lang/php55/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1469717360242850
Content-Disposition: inline
Content-Length: 2055
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.141 pkgsrc/lang/php/phpversion.mk:1.141.2.1
--- pkgsrc/lang/php/phpversion.mk:1.141	Fri Jun 24 15:27:57 2016
+++ pkgsrc/lang/php/phpversion.mk	Thu Jul 28 14:49:19 2016
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.141 2016/06/24 15:27:57 taca Exp $
+# $NetBSD: phpversion.mk,v 1.141.2.1 2016/07/28 14:49:19 spz Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -81,8 +81,8 @@
 PHPVERSION_MK=	defined
 
 # Define each PHP's version.
-PHP55_VERSION=	5.5.37
-PHP56_VERSION=	5.6.23
+PHP55_VERSION=	5.5.38
+PHP56_VERSION=	5.6.24
 PHP70_VERSION=	7.0.8
 
 # Define initial release of major version.

Index: pkgsrc/lang/php55/distinfo
diff -u pkgsrc/lang/php55/distinfo:1.54 pkgsrc/lang/php55/distinfo:1.54.2.1
--- pkgsrc/lang/php55/distinfo:1.54	Fri Jun 24 15:23:00 2016
+++ pkgsrc/lang/php55/distinfo	Thu Jul 28 14:49:19 2016
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.54 2016/06/24 15:23:00 taca Exp $
+$NetBSD: distinfo,v 1.54.2.1 2016/07/28 14:49:19 spz Exp $
 
-SHA1 (php-5.5.37.tar.bz2) = f999bf46a6b3a1adee8239c40e13e8ce06fd470a
-RMD160 (php-5.5.37.tar.bz2) = 349fbe9ea88423a2f6b0b8b47468401c3537ff8c
-SHA512 (php-5.5.37.tar.bz2) = d2da921f3efd858e1cb8004873e377ca9c5821d5269d5b8e7c9be830b183f4d18f737b14653f65a43c0957bdca994e09a476d77e3a29a11e357abc24618c4c0f
-Size (php-5.5.37.tar.bz2) = 13699851 bytes
+SHA1 (php-5.5.38.tar.bz2) = ac79d48510e4bfe8f376d009e3ecb5b734bbc3a1
+RMD160 (php-5.5.38.tar.bz2) = 2f1f0ff08c963975c6a624ecc83432cf48be3b39
+SHA512 (php-5.5.38.tar.bz2) = dd9e578013023cc8e9ab86ef129bf414682bca318c83816ff2f15be5f81863475737b48508d78542d4fe9dc7e31418bd9c0188b2d72745f069322f3ca4da9560
+Size (php-5.5.38.tar.bz2) = 13701262 bytes
 SHA1 (patch-acinclude.m4) = 9e9c433e4cb96e469f7cf14b2064a0f41fc4568a
 SHA1 (patch-aclocal.m4) = 46f192351e541453b1e32299acd1b4cfefc93cb2
 SHA1 (patch-build_libtool.m4) = 3811edd697fd21eadc4f65cba35c6297141e8ff2


--_----------=_1469717360242850--