Mon Apr 22 12:56:31 2024 UTC (55d)
Pullup ticket #6849 - requested by taca
lang/php81: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.429
- lang/php81/distinfo                                           1.32

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Apr 13 02:53:35 UTC 2024

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php81: distinfo

   Log Message:
   lang/php81: update to 8.1.27

   This release includes security fixes.

   11 Apr 2024, PHP 8.1.28

   - Standard:
     . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
       parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
     . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
       partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
     . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
       opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)


(bsiegert)
diff -r1.426.2.2 -r1.426.2.3 pkgsrc/lang/php/phpversion.mk
diff -r1.31 -r1.31.2.1 pkgsrc/lang/php81/distinfo
cvs diff -r1.426.2.2 -r1.426.2.3 pkgsrc/lang/php/phpversion.mk (expand / switch to context diff)
--- pkgsrc/lang/php/phpversion.mk 2024/04/22 12:49:08 1.426.2.2
+++ pkgsrc/lang/php/phpversion.mk 2024/04/22 12:56:30 1.426.2.3
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.426.2.2 2024/04/22 12:49:08 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.426.2.3 2024/04/22 12:56:30 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -91,7 +91,7 @@
 PHP56_VERSION=	5.6.40
 PHP74_VERSION=	7.4.33
 PHP80_VERSION=	8.0.30
-PHP81_VERSION=	8.1.27
+PHP81_VERSION=	8.1.28
 PHP82_VERSION=	8.2.18
 PHP83_VERSION=	8.3.4
cvs diff -r1.31 -r1.31.2.1 pkgsrc/lang/php81/distinfo (expand / switch to context diff)
--- pkgsrc/lang/php81/distinfo 2024/01/05 02:10:34 1.31
+++ pkgsrc/lang/php81/distinfo 2024/04/22 12:56:30 1.31.2.1
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.31 2024/01/05 02:10:34 taca Exp $
+$NetBSD: distinfo,v 1.31.2.1 2024/04/22 12:56:30 bsiegert Exp $
 
-BLAKE2s (php-8.1.27.tar.xz) = adeaa2ba18ec7bf532947556261be717e6be2a6c8dc191a839eadcb6b682dc62
-SHA512 (php-8.1.27.tar.xz) = 07fb2b8e10e2487635e26bfd8a27949a26b85f76bc3984ad8599224bb7a7f9498d84299335ae5a0bba16599275e9747ab141f73f4f2076ddf49ebec8e76fd0ed
-Size (php-8.1.27.tar.xz) = 11915228 bytes
+BLAKE2s (php-8.1.28.tar.xz) = 3c9676ad6d04d5006f3135f377f22fab86b3f1f6804977b290e4bf9685d214c0
+SHA512 (php-8.1.28.tar.xz) = d56ecac164e00e9514cd3c6c8c453598b323118dc7d7ae7cc14ba0847d50a2e455b2391f52e0d81af325b02d8f73a7d2ed66bf66d068dac4a496d777c83a398f
+Size (php-8.1.28.tar.xz) = 11848504 bytes
 SHA1 (patch-configure) = bf9d652aa5b5509b08ce7cdb6168936ca7b80584
 SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640
 SHA1 (patch-ext_enchant_enchant.c) = 7924acc5fdadea89b3a385cf744ef982795bf89d