Subject: CVS commit: [pkgsrc-2016Q1] pkgsrc/lang
From: Benny Siegert
Date: 2016-06-28 21:37:34
Message id: 20160628193734.7BF67FBB5@cvs.NetBSD.org

Log Message:
Pullup ticket #5051 - requested by taca
lang/php56: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.140
- lang/php56/Makefile                                           1.12
- lang/php56/distinfo                                           1.28

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jun 24 15:25:21 UTC 2016

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php56: Makefile distinfo

   Log Message:
   Update php56 to 5.6.23 (PHP 5.6.23), including security fixes.

   pkgsrc change: remove confiugre from SUBST_FILES.path.

   23 Jun 2016, PHP 5.6.23

   - Core:
     . Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/
       json_utf8_to_utf16()). (Stas)
     . Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
     . Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)

   - GD:
     . Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
     . Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
     . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
       heap overflow). (Pierre)
     . Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
     . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting
       in heap overflow). (Pierre)

   - Intl:
     . Fixed bug #70484 (selectordinal doesn't work with named parameters).
       (Anatol)

   - mbstring:
      . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)

   - mcrypt:
      . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)

   - Phar:
     . Fixed bug #72321 (invalid free in phar_extract_file()).
       (hji at dyntopia dot com)

   - SPL:
     . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
     . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and
       unserialize). (Dmitry)

   - OpenSSL:
     . Fixed bug #72140 (segfault after calling ERR_free_strings()).
       (Jakub Zelenka)

   - WDDX:
     . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)

   - zip:
     . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC
       algorithm and unserialize). (Dmitry)

Files:
RevisionActionfile
1.11.2.1modifypkgsrc/lang/php56/Makefile
1.25.2.3modifypkgsrc/lang/php56/distinfo