Subject: CVS commit: [pkgsrc-2016Q2] pkgsrc/lang
From: Benny Siegert
Date: 2016-09-24 19:24:39
Message id: 20160924172439.B8D82FBD1@cvs.NetBSD.org

Log Message:
Pullup ticket #5106 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.157
- lang/php70/distinfo                                           1.19

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Sep 16 16:10:29 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php70: distinfo

   Log Message:
   Update php70 to 7.0.11 (PHP 7.0.11).

   15 Sep 2016 PHP 7.0.11

   - Core:
     . Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
     . Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
     . Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper). (Laruence)
     . Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
     . Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
       (Nikita)
     . Fixed bug #72854 (PHP Crashes on duplicate destructor call). (Nikita)
     . Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)

   - COM:
     . Fixed bug #72922 (COM called from PHP does not return out parameters).
       (Anatol)

   - Dba:
     . Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
       (cmb)

   - FTP:
     . Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with
       require_ssl_reuse). (Benedict Singer)

   - GD:
     . Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
     . Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor
       images). (cmb)
     . Fixed bug #72913 (imagecopy() loses single-color transparency on palette
       images). (cmb)
     . Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)

   - iconv:
     . Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb)

   - IMAP:
     . Fixed bug #72852 (imap_mail null dereference). (Anatol)

   - Intl:
     . Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF
       sequence). (cmb)
     . Fixed bug #73007 (add locale length check). (Stas)

   - Mysqlnd:
     . Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)

   - OCI8
     . Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
     . Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)

   - Opcache:
     . Fixed bug #72949 (Typo in opcache error message). (cmb)

   - PDO:
     . Fixed bug #72788 (Invalid memory access when using persistent PDO
       connection). (Keyur)
     . Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur)
     . Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY
       returns false). (cmb)

   - PDO_DBlib:
     . Implemented stringify 'uniqueidentifier' fields.
       (Alexander Zhuravlev, Adam Baratz)

   - PDO_pgsql:
     . Implemented FR #72633 (Postgres PDO lastInsertId() should work without
       specifying a sequence). (Pablo Santiago Sa'nchez, Matteo)
     . Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)

   - Phar:
     . Fixed bug #72928 (Out of bound when verify signature of zip phar in
       phar_parse_zipfile). (Stas)
     . Fixed bug #73035 (Out of bound when verify signature of tar phar in
       phar_parse_tarfile). (Stas)

   - Reflection:
     . Fixed bug #72846 (getConstant for a array constant with constant values
       returns NULL/NFC/UKNOWN). (Laruence)

   - Session:
     . Fixed bug #72724 (PHP7: session-uploadprogress kills httpd). (Nikita)
     . Fixed bug #72940 (SID always return "name=ID", even if session
       cookie exist). (Yasuo)

   - SimpleXML:
     . Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita)
     . Fixed bug #72957 (Null coalescing operator doesn't behave as expected with
       SimpleXMLElement). (Nikita)

   - SPL:
     . Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)

   - Standard:
     . Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri
       Kentta:)
     . Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
     . Fixed bug #65550 (get_browser() incorrectly parses entries with \ 
"+" sign).
       (cmb)

   - Streams:
     . Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
     . Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails
       with IIS FTP 7.5, 8.5). (vhuk)
     . Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
       (cmb)

   - SQLite3:
     . Downgraded bundled SQLite to 3.8.10.2. (Anatol);

   - Sysvshm:
     . Fixed bug #72858 (shm_attach null dereference). (Anatol)

   - XML:
     . Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
     . Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)

   - Wddx:
     . Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
     . Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)

   - ZIP:
     . Fixed bug #68302 (impossible to compile php with zip support). (cmb)

Files:
RevisionActionfile
1.14.2.3modifypkgsrc/lang/php70/distinfo