CVS commit: [pkgsrc-2017Q2] pkgsrc/lang

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Sat Jul 15 18:58:04 UTC 2017

Modified Files:
        pkgsrc/lang/php [pkgsrc-2017Q2]: phpversion.mk
        pkgsrc/lang/php70 [pkgsrc-2017Q2]: distinfo

Log Message:
Pullup ticket #5507 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.182
- lang/php70/distinfo                                           1.35

---
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Thu Jul  6 13:32:02 UTC 2017

   Modified Files:
        pkgsrc/lang/php: phpversion.mk
        pkgsrc/lang/php70: distinfo

   Log Message:
   Update php70 to 7.0.21.

   06 Jul 2017 PHP 7.0.21

   - Core:
     . Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly
       parsed). (Manuel Mausz)
     . Fixed bug #74658 (Undefined constants in array properties result in broken
       properties). (Laruence)
     . Fixed misparsing of abstract unix domain socket names. (Sara)
     . Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in
       zval_get_type). (Nikita)
     . Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from
       unserialize). (Nikita)
     . Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability).
       (Stas)
     . Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via
       php_parse_date()). (Derick)

   - DOM:
     . Fixed bug #69373 (References to deleted XPath query results). (ttoohey)

   - GD:
     . Fixed bug #74435 (Buffer over-read into uninitialized memory). (cmb)

   - Intl:
     . Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
     . Fixed bug #74705 (Wrong reflection on Collator::getSortKey and
       collator_get_sort_key). (Tyson Andre, Remi)
     . Fixed bug #73634 (grapheme_strpos illegal memory access). (Stas)

   - Mbstring:
     . Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227,
       CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)

   - OCI8:
    . Add TAF callback (PR #2459). (KoenigsKind)

   - Opcache:
     . Fixed bug #74663 (Segfault with opcache.memory_protect and
       validate_timestamp). (Laruence)

   - OpenSSL:
     . Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()).
       (Stas)

   - PCRE:
     . Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
       (Stas)

   - PDO_OCI:
     . Support Instant Client 12.2 in --with-pdo-oci configure option.
       (Tianfang Yang)

   - Reflection:
     . Fixed bug #74673 (Segfault when cast Reflection object to string with
       undefined constant). (Laruence)

   - SPL:
     . Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
       (jhdxr)

   - Standard:
     . Fixed bug #74708 (Invalid Reflection signatures for random_bytes and
       random_int). (Tyson Andre, Remi)
     . Fixed bug #73648 (Heap buffer overflow in substr). (Stas)

   - FTP:
     . Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)

   - PHAR:
     . Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)

   - SOAP
     . Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
       (Dmitry)

   - Streams:
     . Fixed bug #74556 (stream_socket_get_name() returns '\0'). (Sara)


To generate a diff of this commit:
cvs rdiff -u -r1.181 -r1.181.2.1 pkgsrc/lang/php/phpversion.mk
cvs rdiff -u -r1.34 -r1.34.2.1 pkgsrc/lang/php70/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/lang/php/phpversion.mk
diff -u pkgsrc/lang/php/phpversion.mk:1.181 pkgsrc/lang/php/phpversion.mk:1.181.2.1
--- pkgsrc/lang/php/phpversion.mk:1.181 Fri Jun  9 01:23:25 2017
+++ pkgsrc/lang/php/phpversion.mk       Sat Jul 15 18:58:04 2017
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.181 2017/06/09 01:23:25 taca Exp $
+# $NetBSD: phpversion.mk,v 1.181.2.1 2017/07/15 18:58:04 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -88,7 +88,7 @@ PHPVERSION_MK=        defined
 
 # Define each PHP's version.
 PHP56_VERSION= 5.6.30
-PHP70_VERSION= 7.0.20
+PHP70_VERSION= 7.0.21
 PHP71_VERSION= 7.1.6
 
 # Define initial release of major version.

Index: pkgsrc/lang/php70/distinfo
diff -u pkgsrc/lang/php70/distinfo:1.34 pkgsrc/lang/php70/distinfo:1.34.2.1
--- pkgsrc/lang/php70/distinfo:1.34     Thu Jun  8 14:52:59 2017
+++ pkgsrc/lang/php70/distinfo  Sat Jul 15 18:58:04 2017
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.34 2017/06/08 14:52:59 taca Exp $
+$NetBSD: distinfo,v 1.34.2.1 2017/07/15 18:58:04 bsiegert Exp $
 
-SHA1 (php-7.0.20.tar.bz2) = cdcb2bc57635fcb0496b4922a1ae59675abc9ed2
-RMD160 (php-7.0.20.tar.bz2) = dd9247546d0ec83061befa00eb4388e1c6dc6c9b
-SHA512 (php-7.0.20.tar.bz2) = 5caa01783fb21161000a22be28815e206a3801610c0ac90ef6abb7661ce11d42aabf1ee74ec4d2edceb91e4de041bc6d7d7a4367f314d70c40d61f2feb9a5aea
-Size (php-7.0.20.tar.bz2) = 15327671 bytes
+SHA1 (php-7.0.21.tar.bz2) = c86add3ae2207fde3dcc4d41d5adb786fe676c30
+RMD160 (php-7.0.21.tar.bz2) = 8b6281735ae92a2549b3891f2e17f940eb5e1447
+SHA512 (php-7.0.21.tar.bz2) = c3c439fc79bef5492d3be94afea11125768cdd10f09f26caa140a6946c82eb2e49c817af616048c723bf9d6456d4ed1d9de844cfba862761b1cfc54f495367dd
+Size (php-7.0.21.tar.bz2) = 15342611 bytes
 SHA1 (patch-acinclude.m4) = 81a8f33a536500978ea5a9aa2d2875c61c843e56
 SHA1 (patch-configure) = a129e19ef87338f6e53ccc967c40ddcde7c7357c
 SHA1 (patch-ext_gd_config.m4) = bde93678626592cdcee619189bfc6532d0913a76