[pkgsrc/pkgsrc-2016Q2]: pkgsrc/lang Pullup ticket #5096 - requested by taca

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a6a19402044c
branches:  pkgsrc-2016Q2
changeset: 408885:a6a19402044c
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Wed Sep 07 19:17:50 2016 +0000

description:
Pullup ticket #5096 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.150
- lang/php70/distinfo                                           1.18

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Aug 19 03:29:53 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php70: distinfo

   Log Message:
   Update php70 to 7.0.10 (PHP 7.0.10).

   18 Aug 2016 PHP 7.0.10

   - Core:
     . Fixed bug #72629 (Caught exception assignment to variables ignores
       references). (Laruence)
     . Fixed bug #72594 (Calling an earlier instance of an included anonymous
       class fatals). (Laruence)
     . Fixed bug #72581 (previous property undefined in Exception after
       deserialization). (Laruence)
     . Fixed bug #72496 (Cannot declare public method with signature incompatible
       with parent private method). (Pedro Magalha~es)
     . Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
     . Fixed bug #71911 (Unable to set --enable-debug on building extensions by
       phpize on Windows). (Yuji Uchiyama)
     . Fixed bug causing ClosedGeneratorException being thrown into the calling
       code instead of the Generator yielding from. (Bob)
     . Implemented FR #72614 (Support "nmake test" on building extensions by
       phpize). (Yuji Uchiyama)
     . Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
       (Yuji Uchiyama)
     . Fixed potential segfault in object storage freeing in shutdown sequence.
       (Bob)
     . Fixed bug #72663 (Create an Unexpected Object and Don't Invoke
         __wakeup() in Deserialization). (Stas)
     . Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
     . Fixed bug #72683 (getmxrr broken). (Anatol)
     . Fixed bug #72742 (memory allocator fails to realloc small block to large
       one). (Stas)

   - Bz2:
     . Fixed bug #72837 (integer overflow in bzdecompress caused heap
       corruption). (Stas)

   - Calendar:
     . Fixed bug #67976 (cal_days_month() fails for final month of the French
       calendar). (cmb)
     . Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in
       zif_cal_from_jd). (cmb)

   - COM:
     . Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)

   - CURL:
     . Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
       (Pierrick)
     . Fixed bug #71929 (CURLINFO_CERTINFO data parsing error). (Pierrick)
     . Fixed bug #72674 (Heap overflow in curl_escape). (Stas)

   - DOM:
     . Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)

   - EXIF:
     . Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
     . Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)

   - Filter:
     . Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8
       range). (bugs dot php dot net at majkl578 dot cz)

   - FPM:
     . Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
       (gooh)

   - GD:
     . Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
     . Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
     . Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
     . Fixed bug #43828 (broken transparency of imagearc for truecolor in
       blendingmode). (cmb)
     . Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
     . Fixed bug #68712 (suspicious if-else statements). (cmb)
     . Fixed bug #72697 (select_colors write out-of-bounds). (Stas)
     . Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (Stas)

   - Intl:
     . Fixed bug #72639 (Segfault when instantiating class that extends
       IntlCalendar and adds a property). (Laruence)
     . Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain
       names). (cmb)

   - mbstring:
     . Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
       (cmb)
     . Fixed bug #72693 (mb_ereg_search increments search position when a match
       zero-width). (cmb)
     . Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last
       position). (cmb)
     . Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
       (ju1ius)

   - Mcrypt:
     . Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas)

   - Opcache:
     . Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
       (Keyur)

   - PCRE:
     . Fixed bug #72688 (preg_match missing group names in matches). (cmb)

   - PDO_pgsql:
     . Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)

   - Reflection:
     . Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
       (Nikita Nefedov)

   - SimpleXML:
     . Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML
       element). (Laruence)

   - SNMP:
     . Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory
       allocation). (djodjo at gmail dot com)

   - SPL:
     . Fixed bug #55701 (GlobIterator throws LogicException). (Valentin V?LCIU)
     . Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape
       character). (cmb)
     . Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)

   - SQLite3:
     . Fixed bug #72668 (Spurious warning when exception is thrown in user defined
       function). (Laruence)
     . Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence)
     . Implemented FR #72653 (SQLite should allow opening with empty filename).
       (cmb)
     . Updated to SQLite3 3.13.0. (cmb)

   - Standard:
     . Fixed bug #72622 (array_walk + array_replace_recursive create references
       from nothing). (Laruence)
     . Fixed bug #72152 (base64_decode $strict fails to detect null byte).
       (Lauri Kentta:)
     . Fixed bug #72263 (base64_decode skips a character after padding in strict
       mode). (Lauri Kentta:)
     . Fixed bug #72264 (base64_decode $strict fails with whitespace between
       padding). (Lauri Kentta:)
     . Fixed bug #72330 (CSV fields incorrectly split if escape char followed by
       UTF chars). (cmb)

   - Streams:
     . Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
     . Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
     . Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for
       non-existent directories). (vhuk)
     . Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade
       attack). (Stas)

   - XMLRPC:
     . Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing
       array elements). (Laruence)

   - Wddx:
     . Fixed bug #72564 (boolean always deserialized as "true") (Remi)
     . Fixed bug #72142 (WDDX Packet Injection Vulnerability in
       wddx_serialize_value()). (Taoguang Chen)
     . Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
     . Fixed bug #72750 (wddx_deserialize null dereference). (Stas)
     . Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
       (Stas)
     . Fixed bug #72799 (wddx_deserialize null dereference in
       php_wddx_pop_element). (Stas)

   - Zip:
     . Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
       (Laruence)

diffstat:

 lang/php/phpversion.mk |   4 ++--
 lang/php70/distinfo    |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (36 lines):

diff -r d05aea9d499f -r a6a19402044c lang/php/phpversion.mk
--- a/lang/php/phpversion.mk    Wed Sep 07 19:03:34 2016 +0000
+++ b/lang/php/phpversion.mk    Wed Sep 07 19:17:50 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.141.2.3 2016/09/07 18:23:59 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.141.2.4 2016/09/07 19:17:50 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -83,7 +83,7 @@
 # Define each PHP's version.
 PHP55_VERSION= 5.5.38
 PHP56_VERSION= 5.6.25
-PHP70_VERSION= 7.0.9
+PHP70_VERSION= 7.0.10
 
 # Define initial release of major version.
 PHP55_RELDATE= 20130620
diff -r d05aea9d499f -r a6a19402044c lang/php70/distinfo
--- a/lang/php70/distinfo       Wed Sep 07 19:03:34 2016 +0000
+++ b/lang/php70/distinfo       Wed Sep 07 19:17:50 2016 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.14.2.1 2016/07/28 15:29:47 spz Exp $
+$NetBSD: distinfo,v 1.14.2.2 2016/09/07 19:17:50 bsiegert Exp $
 
-SHA1 (php-7.0.9.tar.bz2) = bc94c0c0d548ab4b89840994f9f3b468a3d89c4b
-RMD160 (php-7.0.9.tar.bz2) = d6771507506336da29f88ae59e5d93da4207bfdd
-SHA512 (php-7.0.9.tar.bz2) = 730a59a2564a5564165d8f2ddb357658137e86915dcf05b1186de36763860ddb1b0b95297d3a45e50ae77a0a591ae918bad71331e5a5de8309b88e521115c8db
-Size (php-7.0.9.tar.bz2) = 14870061 bytes
+SHA1 (php-7.0.10.tar.bz2) = cfbf014117dc1c572d1faa14da5c0135c44e1798
+RMD160 (php-7.0.10.tar.bz2) = f2801f69c5d49d434974e098b12de0d261d5ed2f
+SHA512 (php-7.0.10.tar.bz2) = 521ba5f57c1dbd8c8b7c0c2839e7054cce192f6688fd0f6f98bb30802a3bf2990ea3843fd366a18d20960797bd8ff410819847cae5717ec605674fb8a910e0e9
+Size (php-7.0.10.tar.bz2) = 15170680 bytes
 SHA1 (patch-acinclude.m4) = b682280fd89950c082c2226bdb7364b0dc475bad
 SHA1 (patch-configure) = a129e19ef87338f6e53ccc967c40ddcde7c7357c
 SHA1 (patch-ext_gd_config.m4) = a7ec1bd0d876657d4b5e597b9aa1e97c2d2801e3