Pullup ticket #6076 - requested by taca lang/php73: security fix Revisions pulled up: - lang/php/phpversion.mk 1.270,1.272 - lang/php73/Makefile 1.6 - lang/php73/Makefile.php 1.2 - lang/php73/distinfo 1.12-1.13 --- Module Name: pkgsrc Committed By: taca Date: Wed Oct 2 14:08:05 UTC 2019 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php73: Makefile Makefile.php distinfo Log Message: lang/php73: update to 7.3.10 Update lang/php73 to 7.3.10. pkgsrc changes * Clean two pkglint's warnings. 26 Sep 2019, PHP 7.3.10 - Core: . Fixed bug #78220 (Can't access OneDrive folder). (cmb, ab) . Fixed bug #77922 (Double release of doc comment on inherited shadow property). (Nikita) . Fixed bug #78441 (Parse error due to heredoc identifier followed by digit). (cmb) . Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc). (cmb, Nikita) - FastCGI: . Fixed bug #78469 (FastCGI on_accept hook is not called when using named pipes on Windows). (Sergei Turchanov) - FPM: . Fixed bug #78334 (fpm log prefix message includes wrong stdout/stderr notation). (Tsuyoshi Sadakata) - Intl: . Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8() when requested. (Sara) - MBString: . Fixed bug #78559 (Heap buffer overflow in mb_eregi). (cmb) - MySQLnd: . Fixed connect_attr issues and added the _server_host connection attribute. (Qianqian Bu) - ODBC: . Fixed bug #78473 (odbc_close() closes arbitrary resources). (cmb) - PDO_MySQL: . Fixed bug #41997 (SP call yields additional empty result set). (cmb) - sodium: . Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()). (Frank Denis, cmb) --- Module Name: pkgsrc Committed By: taca Date: Fri Oct 25 02:57:04 UTC 2019 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php73: distinfo Log Message: lang/php73: update to 7.3.11 Update php73 to 7.3.11. 24 Oct 2019, PHP 7.3.11 - Core: . Fixed bug #78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser) . Fixed bug #78620 (Out of memory error). (cmb, Nikita) - Exif : . Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle) - FPM: . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043) (Jakub Zelenka) . Fixed bug #78413 (request_terminate_timeout does not take effect after fastcgi_finish_request). (Sergei Turchanov) - MBString: . Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi). (cmb) . Fixed bug #78579 (mb_decode_numericentity: args number inconsistency). (cmb) . Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects). (cmb) - MySQLi: . Fixed bug #76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto) - Mysqlnd: . Fixed bug #78525 (Memory leak in pdo when reusing native prepared statements). (Nikita) - PCRE: . Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze child process). (Nikita) - PDO_MySQL: . Fixed bug #78623 (Regression caused by "SP call yields additional empty result set"). (cmb) - Session: . Fixed bug #78624 (session_gc return value for user defined session handlers). (bshaffer) - Standard: . Fixed bug #76342 (file_get_contents waits twice specified timeout). (Thomas Calvet) . Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita) . Fixed bug #76859 (stream_get_line skips data if used with data-generating filter). (kkopachev) - Zip: . Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)diff -r1.268.2.1 -r1.268.2.2 pkgsrc/lang/php/phpversion.mk
(bsiegert)
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: phpversion.mk,v 1.268.2.1 2019/10/25 11:10:20 bsiegert Exp $ | 1 | # $NetBSD: phpversion.mk,v 1.268.2.2 2019/10/25 11:59:44 bsiegert Exp $ | |
2 | # | 2 | # | |
3 | # This file selects a PHP version, based on the user's preferences and | 3 | # This file selects a PHP version, based on the user's preferences and | |
4 | # the installed packages. It does not add a dependency on the PHP | 4 | # the installed packages. It does not add a dependency on the PHP | |
5 | # package. | 5 | # package. | |
6 | # | 6 | # | |
7 | # === User-settable variables === | 7 | # === User-settable variables === | |
8 | # | 8 | # | |
9 | # PHP_VERSION_DEFAULT | 9 | # PHP_VERSION_DEFAULT | |
10 | # The PHP version to choose when more than one is acceptable to | 10 | # The PHP version to choose when more than one is acceptable to | |
11 | # the package. | 11 | # the package. | |
12 | # | 12 | # | |
13 | # Possible: 56 71 72 73 | 13 | # Possible: 56 71 72 73 | |
14 | # Default: 71 | 14 | # Default: 71 | |
@@ -80,27 +80,27 @@ | @@ -80,27 +80,27 @@ | |||
80 | # | 80 | # | |
81 | # Example: lib/php/20140828 | 81 | # Example: lib/php/20140828 | |
82 | # | 82 | # | |
83 | # Keywords: php | 83 | # Keywords: php | |
84 | # | 84 | # | |
85 | 85 | |||
86 | .if !defined(PHPVERSION_MK) | 86 | .if !defined(PHPVERSION_MK) | |
87 | PHPVERSION_MK= defined | 87 | PHPVERSION_MK= defined | |
88 | 88 | |||
89 | # Define each PHP's version. | 89 | # Define each PHP's version. | |
90 | PHP56_VERSION= 5.6.40 | 90 | PHP56_VERSION= 5.6.40 | |
91 | PHP71_VERSION= 7.1.32 | 91 | PHP71_VERSION= 7.1.32 | |
92 | PHP72_VERSION= 7.2.24 | 92 | PHP72_VERSION= 7.2.24 | |
93 | PHP73_VERSION= 7.3.9 | 93 | PHP73_VERSION= 7.3.11 | |
94 | 94 | |||
95 | # Define initial release of major version. | 95 | # Define initial release of major version. | |
96 | PHP56_RELDATE= 20140828 | 96 | PHP56_RELDATE= 20140828 | |
97 | PHP71_RELDATE= 20160303 | 97 | PHP71_RELDATE= 20160303 | |
98 | PHP72_RELDATE= 20170718 | 98 | PHP72_RELDATE= 20170718 | |
99 | PHP73_RELDATE= 20181200 | 99 | PHP73_RELDATE= 20181200 | |
100 | 100 | |||
101 | _VARGROUPS+= php | 101 | _VARGROUPS+= php | |
102 | _USER_VARS.php= PHP_VERSION_DEFAULT | 102 | _USER_VARS.php= PHP_VERSION_DEFAULT | |
103 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | 103 | _PKG_VARS.php= PHP_VERSIONS_ACCEPTED PHP_VERSION_REQD | |
104 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | 104 | _SYS_VARS.php= PKG_PHP_VERSION PKG_PHP PHPPKGSRCDIR PHP_PKG_PREFIX \ | |
105 | PKG_PHP_MAJOR_VERS | 105 | PKG_PHP_MAJOR_VERS | |
106 | 106 |
@@ -1,21 +1,20 @@ | @@ -1,21 +1,20 @@ | |||
1 | # $NetBSD: Makefile,v 1.5 2019/07/03 07:30:50 nia Exp $ | 1 | # $NetBSD: Makefile,v 1.5.2.1 2019/10/25 11:59:44 bsiegert Exp $ | |
2 | 2 | |||
3 | # | 3 | # | |
4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | 4 | # We can't omit PKGNAME here to handle PKG_OPTIONS. | |
5 | # | 5 | # | |
6 | PKGNAME= php-${PHP_VERSION:S/RC/rc/} | 6 | PKGNAME= php-${PHP_VERSION:S/RC/rc/} | |
7 | 7 | |||
8 | HOMEPAGE= https://www.php.net/ | |||
9 | COMMENT= PHP Hypertext Preprocessor version 7.3 | 8 | COMMENT= PHP Hypertext Preprocessor version 7.3 | |
10 | LICENSE= php | 9 | LICENSE= php | |
11 | 10 | |||
12 | TEST_TARGET= test | 11 | TEST_TARGET= test | |
13 | 12 | |||
14 | USE_TOOLS+= gmake lex pkg-config | 13 | USE_TOOLS+= gmake lex pkg-config | |
15 | LIBTOOL_OVERRIDE= # empty | 14 | LIBTOOL_OVERRIDE= # empty | |
16 | PHP_CHECK_INSTALLED= No | 15 | PHP_CHECK_INSTALLED= No | |
17 | 16 | |||
18 | PHP_VERSIONS_ACCEPTED= 73 | 17 | PHP_VERSIONS_ACCEPTED= 73 | |
19 | 18 | |||
20 | .include "Makefile.php" | 19 | .include "Makefile.php" | |
21 | 20 |
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | # $NetBSD: Makefile.php,v 1.1 2018/12/15 17:12:44 taca Exp $ | 1 | # $NetBSD: Makefile.php,v 1.1.8.1 2019/10/25 11:59:44 bsiegert Exp $ | |
2 | # used by lang/php73/Makefile | 2 | # used by lang/php73/Makefile | |
3 | # used by www/ap-php/Makefile | 3 | # used by www/ap-php/Makefile | |
4 | # used by www/php-fpm/Makefile | 4 | # used by www/php-fpm/Makefile | |
5 | 5 | |||
6 | # segfaults when buidling with many compilers | 6 | # segfaults when buidling with many compilers | |
7 | # https://bugs.php.net/bug.php?id=74527 | 7 | # https://bugs.php.net/bug.php?id=74527 | |
8 | # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86236 | 8 | # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86236 | |
9 | .if ${MACHINE_ARCH} == "i386" | 9 | .if ${MACHINE_ARCH} == "i386" | |
10 | CONFIGURE_ARGS+= --disable-gcc-global-regs | 10 | CONFIGURE_ARGS+= --disable-gcc-global-regs | |
11 | .endif | 11 | .endif | |
12 | 12 | |||
13 | # the binary actually needs full dep on PCRE | 13 | # the binary actually needs full dep on PCRE | |
14 | BUILDLINK_DEPMETHOD.pcre2= full | 14 | BUILDLINK_DEPMETHOD.pcre2= full | |
@@ -76,27 +76,26 @@ CONFIGURE_ARGS+= --with-openssl=yes | @@ -76,27 +76,26 @@ CONFIGURE_ARGS+= --with-openssl=yes | |||
76 | LIBS.SunOS+= -lcrypto | 76 | LIBS.SunOS+= -lcrypto | |
77 | . else | 77 | . else | |
78 | CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl} | 78 | CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl} | |
79 | . endif | 79 | . endif | |
80 | .else | 80 | .else | |
81 | CONFIGURE_ARGS+= --without-openssl | 81 | CONFIGURE_ARGS+= --without-openssl | |
82 | .endif | 82 | .endif | |
83 | 83 | |||
84 | .if !empty(PKG_OPTIONS:Mmaintainer-zts) | 84 | .if !empty(PKG_OPTIONS:Mmaintainer-zts) | |
85 | CONFIGURE_ARGS+= --enable-maintainer-zts | 85 | CONFIGURE_ARGS+= --enable-maintainer-zts | |
86 | .endif | 86 | .endif | |
87 | 87 | |||
88 | .if !empty(PKG_OPTIONS:Mreadline) | 88 | .if !empty(PKG_OPTIONS:Mreadline) | |
89 | USE_GNU_READLINE= yes | |||
90 | .include "../../devel/readline/buildlink3.mk" | 89 | .include "../../devel/readline/buildlink3.mk" | |
91 | CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} | 90 | CONFIGURE_ARGS+= --with-readline=${BUILDLINK_PREFIX.readline} | |
92 | .else | 91 | .else | |
93 | CONFIGURE_ARGS+= --without-readline | 92 | CONFIGURE_ARGS+= --without-readline | |
94 | .endif | 93 | .endif | |
95 | 94 | |||
96 | .if !empty(PKG_OPTIONS:Mdtrace) | 95 | .if !empty(PKG_OPTIONS:Mdtrace) | |
97 | PLIST.dtrace= yes | 96 | PLIST.dtrace= yes | |
98 | CONFIGURE_ARGS+= --enable-dtrace | 97 | CONFIGURE_ARGS+= --enable-dtrace | |
99 | 98 | |||
100 | # See https://bugs.php.net/bug.php?id=61268 | 99 | # See https://bugs.php.net/bug.php?id=61268 | |
101 | INSTALL_MAKE_FLAGS+= -r | 100 | INSTALL_MAKE_FLAGS+= -r | |
102 | .endif | 101 | .endif |
@@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
1 | $NetBSD: distinfo,v 1.11 2019/09/01 13:03:17 taca Exp $ | 1 | $NetBSD: distinfo,v 1.11.2.1 2019/10/25 11:59:44 bsiegert Exp $ | |
2 | 2 | |||
3 | SHA1 (php-7.3.9.tar.bz2) = d8d75fee3bed961f26e1beb8144ebb064fdc2ca4 | 3 | SHA1 (php-7.3.11.tar.bz2) = 01f6747706b6c33983e558acb733c87d3a39b557 | |
4 | RMD160 (php-7.3.9.tar.bz2) = 1dff6e84af9cad3d505aee87e562416f57b26d55 | 4 | RMD160 (php-7.3.11.tar.bz2) = a48e8604393b96b98b3bcb673768d2bf21d7b0ec | |
5 | SHA512 (php-7.3.9.tar.bz2) = a46beb28a91f7ee99f37215ddf5f65ab1743373ba98a703ed45615625ee6b4cbda1be8495901da54089f7cb285a6ac21773a29d32871e0a9540c43b57ea41b97 | 5 | SHA512 (php-7.3.11.tar.bz2) = 287d79953148fef5194502f0895faf7482202200e79366e65e0569dfb38efd9bb180555b9f31f180e5c0c679254396d00bb924f895cd5641868838319956b679 | |
6 | Size (php-7.3.9.tar.bz2) = 14947152 bytes | 6 | Size (php-7.3.11.tar.bz2) = 14988439 bytes | |
7 | SHA1 (patch-configure) = 08b80528ba90c705398e8841c232382663479a3b | 7 | SHA1 (patch-configure) = 08b80528ba90c705398e8841c232382663479a3b | |
8 | SHA1 (patch-disable-filter-url) = d7e450380b584e01e2f01e9c91c864d01991cdbf | 8 | SHA1 (patch-disable-filter-url) = d7e450380b584e01e2f01e9c91c864d01991cdbf | |
9 | SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335 | 9 | SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335 | |
10 | SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426 | 10 | SHA1 (patch-ext_phar_Makefile.frag) = 558869b60f8ed6674a3ba1d595a65f010df4c426 | |
11 | SHA1 (patch-ext_phar_phar_phar.php) = f630e3946b21b76d4fe857a43e00e25c9445f2c8 | 11 | SHA1 (patch-ext_phar_phar_phar.php) = f630e3946b21b76d4fe857a43e00e25c9445f2c8 | |
12 | SHA1 (patch-ext_recode_recode.c) = 639bf762302c7a30c88d3f3fa862494e0f847bdb | 12 | SHA1 (patch-ext_recode_recode.c) = 639bf762302c7a30c88d3f3fa862494e0f847bdb | |
13 | SHA1 (patch-ext_tidy_config.m4) = 4d6b4bf71c606fdb244937dc8a92b49e268060e6 | 13 | SHA1 (patch-ext_tidy_config.m4) = 4d6b4bf71c606fdb244937dc8a92b49e268060e6 | |
14 | SHA1 (patch-ext_xsl_php__xsl.h) = a9877bff7bacc77926a4541a0ac171c00ad1a627 | 14 | SHA1 (patch-ext_xsl_php__xsl.h) = a9877bff7bacc77926a4541a0ac171c00ad1a627 | |
15 | SHA1 (patch-php.ini-development) = 0150deec620db99272d10bc01585a503b2fc4b86 | 15 | SHA1 (patch-php.ini-development) = 0150deec620db99272d10bc01585a503b2fc4b86 | |
16 | SHA1 (patch-php.ini-production) = 8c3451ff6253c9cd0dbf342761231c8fe54fdc52 | 16 | SHA1 (patch-php.ini-production) = 8c3451ff6253c9cd0dbf342761231c8fe54fdc52 | |
17 | SHA1 (patch-run-tests.php) = 278cd99b3c5f3d2131eef564e18eb2ee9924db5a | 17 | SHA1 (patch-run-tests.php) = 278cd99b3c5f3d2131eef564e18eb2ee9924db5a | |
18 | SHA1 (patch-sapi_cgi_Makefile.frag) = 18769900f588ff81cc34474542afa1d65c070e65 | 18 | SHA1 (patch-sapi_cgi_Makefile.frag) = 18769900f588ff81cc34474542afa1d65c070e65 | |
19 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 | 19 | SHA1 (patch-sapi_cli_Makefile.frag) = 1cd29d09042863acbf5330e406410fdcf75d06b3 |