Pullup ticket #6019 - requested by taca

lang/php72: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.261,1.264
- lang/php72/distinfo                                           1.42-1.43

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Mon Jul  8 13:18:52 UTC 2019

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php72: distinfo

   Log Message:
   lang/php72: update to 7.2.20

   Update php72 to 7.2.20.

   04 Jul 2019, PHP 7.2.20

   - Core:
     . Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
       (Nikita)

   - DOM:
     . Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
       (cmb)

   - MySQLi:
     . Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful
       error message). (Sjon Hortensius)
     . Fixed bug #38546 (bindParam incorrect processing of bool types).
       (camporter)

   - Opcache:
     . Fixed bug #78106 (Path resolution fails if opcache disabled during request).
       (Nikita)
     . Fixed bug #78185 (File cache no longer works). (Dmitry)

   - OpenSSL:
     . Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
       (Jakub Zelenka)

   - Sockets:
     . Fixed bug #78038 (Socket_select fails when resource array contains
       references). (Nikita)

   - Standard:
     . Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
       (Craig Duncan, Dmitry)
     . Fixed bug ##77937   (preg_match failed). (cmb, Anatol)

   - Zip:
     . Fixed bug #76345 (zip.h not found). (Michael Maroszek)

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Thu Aug  1 14:19:40 UTC 2019

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php72: distinfo

   Log Message:
   lang/php72: update to 7.2.21

   01 Aug 2019, PHP 7.2.21

   - Date:
     . Fixed bug #69044 (discrepency between time and microtime). (krakjoe)

   - EXIF:
     . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
       (CVE-2019-11042) (Stas)
     . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
       (CVE-2019-11041) (Stas)

   - Fileinfo:
     . Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
       (Joshua Westerheide)

   - FTP:
     . Fixed bug #77124 (FTP with SSL memory leak). (Nikita)

   - Libxml:
     . Fixed bug #78279 (libxml_disable_entity_loader settings is shared between
       requests (cgi-fcgi)). (Nikita)

   - LiteSpeed:
     . Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from
       100 to 1000, added crash handler to cleanly shutdown PHP request, added
       CloudLinux mod_lsapi mode). (George Wang)
     . Fixed bug #76058 (After "POST data can't be buffered", using php://input
       makes huge tmp files). (George Wang)

   - Openssl:
     . Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported
       socket-to-stream). (Nikita)

   - OPcache:
     . Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
     . Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
       (cmb)
     . Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
       (Andrew Collington)

   - Phar:
     . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)

   - Phpdbg:
     . Fixed bug #78297 (Include unexistent file memory leak). (Nikita)

   - PDO_Sqlite:
     . Fixed bug #78192 (SegFault when reuse statement after schema has changed).
       (Vincent Quatrevieux)

   - SQLite:
     . Upgraded to SQLite 3.28.0. (cmb)

   - Standard:
     . Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
       (cmb)
     . Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)

   - XMLRPC:
     . Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
       (Asher Baker)

2 files changed, 7 insertions, 7 deletions

diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
index 5906c77e5e5..8d504bdc994 100644
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.260 2019/06/01 15:36:02 taca Exp $
+# $NetBSD: phpversion.mk,v 1.260.2.1 2019/08/10 11:59:33 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -89,7 +89,7 @@ PHPVERSION_MK=	defined
 # Define each PHP's version.
 PHP56_VERSION=	5.6.40
 PHP71_VERSION=	7.1.30
-PHP72_VERSION=	7.2.19
+PHP72_VERSION=	7.2.21
 PHP73_VERSION=	7.3.6
 
 # Define initial release of major version.
diff --git a/lang/php72/distinfo b/lang/php72/distinfo
index 68dfab28425..24e9c465032 100644
--- a/lang/php72/distinfo
+++ b/lang/php72/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.41 2019/06/01 15:33:52 taca Exp $
+$NetBSD: distinfo,v 1.41.2.1 2019/08/10 11:59:33 bsiegert Exp $
 
-SHA1 (php-7.2.19.tar.bz2) = ed5e83285e6fcdc9113ea6fa0358479a9f4b3b9c
-RMD160 (php-7.2.19.tar.bz2) = cfb4085f105d874d68152695555ad635bddbe0b9
-SHA512 (php-7.2.19.tar.bz2) = 79077e73075f4aaba86699c536d8bad4929d351ad40f89c35b6f9ff0d1237b9e3d528be2918dae16519659bdaf93c5ab16fc81653fe13f667e6251871f05d722
-Size (php-7.2.19.tar.bz2) = 15079655 bytes
+SHA1 (php-7.2.21.tar.bz2) = 71355854d784dee14eff83102ee227e283ed48c3
+RMD160 (php-7.2.21.tar.bz2) = c7458d6f6bc2e73fd01e24df468751ad69561746
+SHA512 (php-7.2.21.tar.bz2) = b234305f04bd621d355450ba38b34558a5b08403571749ac3b04ffa60d7639e847750109bef09a14f616110ba175b970d68cbae0d0b671c2dfeac6917f12f21d
+Size (php-7.2.21.tar.bz2) = 15198366 bytes
 SHA1 (patch-configure) = 6e66a79e691a84aa7ae461f8dec1752443ad6b61
 SHA1 (patch-disable-filter-url) = e9e92d686ddd1d1a1ece10fe4feee4e368fe510c
 SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335