Update php54 to 5.4.38 (PHP 5.4.38).

19 Feb 2015 PHP 5.4.38

- Core:
  . Removed support for multi-line headers, as the are deprecated by RFC 7230.
    (Stas)
  . Added NULL byte protection to exec, system and passthru. (Yasuo)
  . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname
    buffer overflow). (Stas)
  . Fixed bug #67827 (broken detection of system crypt sha256/sha512 support).
    (ncopa at alpinelinux dot org)
  . Fixed bug #68942 (Use after free vulnerability in unserialize() with
    DateTimeZone). (Stas)

- Enchant:
  . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
    (Antony)

- SOAP:
  . Fixed bug #67427 (SoapServer cannot handle large messages)
    (brandt at docoloc dot de)

4 files changed, 5 insertions, 54 deletions

diff --git a/lang/php54/Makefile b/lang/php54/Makefile
index b8dd082d0a3..db8ba26de1e 100644
--- a/lang/php54/Makefile
+++ b/lang/php54/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.26 2015/02/18 11:04:03 sevan Exp $
+# $NetBSD: Makefile,v 1.27 2015/02/19 09:37:36 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php54/distinfo b/lang/php54/distinfo
index dde448413eb..d82873cc667 100644
--- a/lang/php54/distinfo
+++ b/lang/php54/distinfo
@@ -1,14 +1,12 @@
-$NetBSD: distinfo,v 1.52 2015/02/18 11:04:03 sevan Exp $
+$NetBSD: distinfo,v 1.53 2015/02/19 09:37:36 taca Exp $
 
-SHA1 (php-5.4.37.tar.bz2) = 608e00a730e9674e1a2e2627175e7a27f4add18f
-RMD160 (php-5.4.37.tar.bz2) = 9aa559cd4c4c63701133194b59ccff0f241a2241
-Size (php-5.4.37.tar.bz2) = 12275113 bytes
+SHA1 (php-5.4.38.tar.bz2) = 863fcb872fe20d054d1a3444c27ec7f8be9f4317
+RMD160 (php-5.4.38.tar.bz2) = 5cd4d7c80badd19aa7e1081e3fd190607e46e1af
+Size (php-5.4.38.tar.bz2) = 12273298 bytes
 SHA1 (patch-acinclude.m4) = 71635e5381abf99a9fc9f2537b1c2f18e8096f00
 SHA1 (patch-aclocal.m4) = 699086785fcd3d3834cc6016479dbdae6518e522
 SHA1 (patch-build_libtool.m4) = d81527abea3bd97e220f00a5d5296d8b1bfe2659
 SHA1 (patch-configure) = df6209127b1e23d17bc7128da3a44f3e44bbfd48
-SHA1 (patch-ext_date_php_date.c) = e1c6551a422c54c7be7ec16e6d10821f47cb924c
-SHA1 (patch-ext_date_tests_bug68942_2.phpt) = 385ed2c3077b5384bff117b97867463c6bdac15e
 SHA1 (patch-ext_gd_config.m4) = 2353efe6f25e1081b41d61033c3185cc643c7891
 SHA1 (patch-ext_imap_config.m4) = 01681e8b54ee586ec4db72a5da2d0aec3fa89fcc
 SHA1 (patch-ext_mssql_php__mssql.c) = 732e48b05086180585a3087c2e9737db557dbc3b
diff --git a/lang/php54/patches/patch-ext_date_php_date.c b/lang/php54/patches/patch-ext_date_php_date.c
deleted file mode 100644
index e1bc4ab8865..00000000000
--- a/lang/php54/patches/patch-ext_date_php_date.c
+++ /dev/null
@@ -1,30 +0,0 @@
-$NetBSD: patch-ext_date_php_date.c,v 1.1 2015/02/18 11:04:03 sevan Exp $
-
-Fix bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
-
---- ext/date/php_date.c.orig	2015-01-20 20:06:02.000000000 +0000
-+++ ext/date/php_date.c
-@@ -2575,12 +2575,9 @@ static int php_date_initialize_from_hash
- 	timelib_tzinfo   *tzi;
- 	php_timezone_obj *tzobj;
- 
--	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS) {
--		convert_to_string(*z_date);
--		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS) {
--			convert_to_long(*z_timezone_type);
--			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS) {
--				convert_to_string(*z_timezone);
-+	if (zend_hash_find(myht, "date", 5, (void**) &z_date) == SUCCESS && Z_TYPE_PP(z_date) == IS_STRING) {
-+		if (zend_hash_find(myht, "timezone_type", 14, (void**) &z_timezone_type) == SUCCESS && Z_TYPE_PP(z_timezone_type) == IS_LONG) {
-+			if (zend_hash_find(myht, "timezone", 9, (void**) &z_timezone) == SUCCESS && Z_TYPE_PP(z_timezone) == IS_STRING) {
- 
- 				switch (Z_LVAL_PP(z_timezone_type)) {
- 					case TIMELIB_ZONETYPE_OFFSET:
-@@ -2595,7 +2592,6 @@ static int php_date_initialize_from_hash
- 
- 					case TIMELIB_ZONETYPE_ID: {
- 						int ret;
--						convert_to_string(*z_timezone);
- 
- 						tzi = php_date_parse_tzfile(Z_STRVAL_PP(z_timezone), DATE_TIMEZONEDB TSRMLS_CC);
- 
diff --git a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt b/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt
deleted file mode 100644
index ceb358bbcee..00000000000
--- a/lang/php54/patches/patch-ext_date_tests_bug68942_2.phpt
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-ext_date_tests_bug68942_2.phpt,v 1.1 2015/02/18 11:04:03 sevan Exp $
-
-Test for bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone)
-
---- ext/date/tests/bug68942_2.phpt.orig	2015-02-18 01:43:49.000000000 +0000
-+++ ext/date/tests/bug68942_2.phpt
-@@ -0,0 +1,9 @@
-+--TEST--
-+Bug #68942 (Use after free vulnerability in unserialize() with DateTime).
-+--FILE--
-+<?php
-+$data = unserialize('a:2:{i:0;O:8:"DateTime":3:{s:4:"date";s:26:"2000-01-01 00:00:00.000000";s:13:"timezone_type";a:2:{i:0;i:1;i:1;i:2;}s:8:"timezone";s:1:"A";}i:1;R:5;}');
-+var_dump($data);
-+?>
-+--EXPECTF--
-+Fatal error: Invalid serialization data for DateTime object in %s/bug68942_2.php on line %d