CVS commit: pkgsrc/lang

["Takahiro Kambe" <taca%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   taca
Date:           Fri Apr 17 16:39:56 UTC 2015

Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php54: distinfo

Log Message:
Update php54 to 5.4.40.

16 Apr 2015 PHP 5.4.40

- Apache2handler:
  . Fixed bug #69218 (potential remote code execution with apache 2.4
    apache2handler). (Gerrit Venema)

- Core:
  . Additional fix for bug #69152 (Type confusion vulnerability in
    exception::getTraceAsString). (Stas)
  . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion
    vulnerability). (Stas)
  . Fixed bug #69353 (Missing null byte checks for paths in various PHP
    extensions). (Stas)

- cURL:
  . Fixed bug #69316 (Use-after-free in php_curl related to
    CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence)

- Ereg:
  . Fixed bug #68740 (NULL Pointer Dereference). (Laruence)

- Fileinfo:
  . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or
    segfault). (Anatol Belski)

- GD:
  . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi)

- Phar:
  . Fixed bug #68901 (use after free). (bugreports at internot dot info)
  . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas)
  . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in
    phar_set_inode). (Stas)

- Postgres:
  . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui)

- SOAP:
  . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize()
    with SoapFault). (Dmitry)

- Sqlite3:
  . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)


To generate a diff of this commit:
cvs rdiff -u -r1.93 -r1.94 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.55 -r1.56 pkgsrc/lang/php54/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.