pkgsrc.se | The NetBSD package collection

Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/lang
From: Matthias Scheler
Date: 2014-06-02 17:51:10
Message id: 20140602155110.44D7996@cvs.netbsd.org

Log Message:
Pullup ticket #4428 - requested by taca
lang/php54: security update

Revisions pulled up:
- lang/php/phpversion.mk                                        1.64
- lang/php54/Makefile.php                                       1.8
- lang/php54/distinfo                                           1.40

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat May 31 04:28:57 UTC 2014

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php54: Makefile.php distinfo

   Log Message:
   Update php54 to 5.4.29, contains fix for CVE-2014-0237 and CVE-2014-0238.

   29 May 2014, PHP 5.4.29

   - COM:
     . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)

   - Core:
     . Fixed bug #65701 (copy() doesn't work when destination filename is created
       by tempnam()). (Boro Sitnikovski)
     . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). \ 
(Anatol)
     . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in
       zend_exceptions.c). (Bob)
     . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
     . Fixed bug #67249 (printf out-of-bounds read). (Stas)
     . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
     . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)

   - Date:
     . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
     . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
     . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)

   - DOM:
     . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire \ 
DOCTYPE tag,
       not only the subset). (Anatol)

    - Fileinfo:
      . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
      . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
        (CVE-2014-0238)
      . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
        performance degradation). (CVE-2014-0237)

   - FPM:
     . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
       (Julio Pintos)

   - Phar:
     . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an \ 
accent
       in its name). (PR #588)

Files:

Revision	Action	file
1.6.6.2	modify	pkgsrc/lang/php54/Makefile.php
1.36.2.2	modify	pkgsrc/lang/php54/distinfo