Subject: CVS commit: [pkgsrc-2015Q4] pkgsrc/lang
From: Benny Siegert
Date: 2016-01-18 21:14:19
Message id: 20160118201419.3C705FBB7@cvs.NetBSD.org

Log Message:
Pullup ticket #4893 - requested by taca
lang/php70: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.122
- lang/php70/distinfo                                           1.3

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Fri Jan  8 03:29:12 UTC 2016

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php70: distinfo

   Log Message:
   Update php70 to 7.0.2, including security fix.

   07 Jan 2016 PHP 7.0.2

   - Core:
     . Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
       (y dot uchiyama dot 1015 at gmail dot com)
     . Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence)
     . Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). \ 
(Laruence)
     . Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence)
     . Fixed bug memleak in header_register_callback. (Laruence)
     . Fixed bug #71067 (Local object in class method stays in memory for each
       call). (Laruence)
     . Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
     . Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
       (Francois Laupretre)
     . Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
     . Fixed bug #71086 (Invalid numeric literal parse error within
       highlight_string() function). (Nikita)
     . Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse).
       (Nikita)
     . Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea)
     . Fixed bug #66179 (var_export() exports float as integer). (Andrea)
     . Fixed bug #70804 (Unary add on negative zero produces positive zero).
       (Andrea)

   - CURL:
     . Fixed bug #71144 (Sementation fault when using cURL with ZTS).
       (Michael Maroszek, Laruence)

   - DBA:
     . Fixed key leak with invalid resource. (Laruence)

   - Filter:
     . Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia)

   - FTP:
     . Implemented FR #55651 (Option to ignore the returned FTP PASV address).
       (abrender at elitehosts dot com)

   - FPM:
     . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)

   - GD:
     . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
       Out of Bounds). (emmanuel dot law at gmail dot com).

   - Mbstring:
     . Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV,
       Segmentation fault). (Laruence)

   - Opcache:
     . Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)

   - PCRE:
     . Fixed bug #71178 (preg_replace with arrays creates [0] in replace array
       if not already set). (Laruence)

   - Readline:
     . Fixed bug #71094 (readline_completion_function corrupts static array on
       second TAB). (Nikita)

   - Session:
     . Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo)

   - SPL:
     . Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns
       wrong number of parameters). (Laruence)
     . Fixed bug #71153 (Performance Degradation in ArrayIterator with large
       arrays). (Nikita)

   - Standard:
     . Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions).
       (emmanuel dot law at gmail dot com)

   - WDDX:
     . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet \ 
Deserialization).
       (taoguangchen at icloud dot com)
     . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
       Vulnerability). (taoguangchen at icloud dot com)

   - XMLRPC
     . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).
       (Julien)

Files:
RevisionActionfile
1.2.2.1modifypkgsrc/lang/php70/distinfo