Pullup ticket #6020 - requested by taca

lang/php73: security fix

Revisions pulled up:
- lang/php/phpversion.mk                                        1.262-1.263
- lang/php73/distinfo                                           1.9-1.10

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Mon Jul  8 13:20:29 UTC 2019

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php73: distinfo

   Log Message:
   lang/php73: update to 7.3.7

   Update php73 to 7.3.7.

   04 Jul 2019, PHP 7.3.7

   - Core:
     . Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
       (Nikita)

   - DOM:
     . Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
       (cmb)

   - MySQLi:
     . Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful
       error message). (Sjon Hortensius)
     . Fixed bug #38546 (bindParam incorrect processing of bool types).
       (camporter)

   - MySQLnd:
     . Fixed bug #77955 (Random segmentation fault in mysqlnd from php-fpm).
       (Nikita)

   - Opcache:
     . Fixed bug #78015 (Incorrect evaluation of expressions involving partials
       arrays in SCCP). (Nikita)
     . Fixed bug #78106 (Path resolution fails if opcache disabled during request).
       (Nikita)

   - OpenSSL:
     . Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
       (Jakub Zelenka)

   - phpdbg:
     . Fixed bug #78050 (SegFault phpdbg + opcache on include file twice).
       (Nikita)

   - Sockets:
     . Fixed bug #78038 (Socket_select fails when resource array contains
       references). (Nikita)

   - Sodium:
     . Fixed bug #78114 (segfault when calling sodium_* functions from eval). (cmb)

   - Standard:
     . Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
       (Craig Duncan, Dmitry)
     . Fixed bug ##77937   (preg_match failed). (cmb, Anatol)

   - Zip:
     . Fixed bug #76345 (zip.h not found). (Michael Maroszek)

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Thu Aug  1 14:14:04 UTC 2019

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php73: distinfo

   Log Message:
   lang/php73: update to 7.3.8

   01 Aug 2019, PHP 7.3.8

   - Core:
     . Added syslog.filter=raw option. (Erik Lundin)
     . Fixed bug #78212 (Segfault in built-in webserver). (cmb)

   - Date:
     . Fixed bug #69044 (discrepency between time and microtime). (krakjoe)
     . Updated timelib to 2018.02. (Derick)

   - EXIF:
     . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment).
       (CVE-2019-11042) (Stas)
     . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail).
       (CVE-2019-11041) (Stas)

   - FTP:
     . Fixed bug #78039 (FTP with SSL memory leak). (Nikita)

   - Libxml:
     . Fixed bug #78279 (libxml_disable_entity_loader settings is shared between
       requests (cgi-fcgi)). (Nikita)

   - LiteSpeed:
     . Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from
       100 to 1000, added crash handler to cleanly shutdown PHP request, added
       CloudLinux mod_lsapi mode). (George Wang)
     . Fixed bug #76058 (After "POST data can't be buffered", using php://input
       makes huge tmp files). (George Wang)

   - Openssl:
     . Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported
       socket-to-stream). (Nikita)

   - Opcache:
     . Fixed bug #78341 (Failure to detect smart branch in DFA pass). (Nikita)
     . Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
     . Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
       (cmb)
     . Fixed bug #78271 (Invalid result of if-else). (Nikita)
     . Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
       (Andrew Collington)

   - PCRE:
     . Fixed bug #78338 (Array cross-border reading in PCRE). (cmb)
     . Fixed bug #78197 (PCRE2 version check in configure fails for "##.##-xxx"
       version strings). (pgnet, Peter Kokot)

   - PDO_Sqlite:
     . Fixed bug #78192 (SegFault when reuse statement after schema has changed).
       (Vincent Quatrevieux)

   - Phar:
     . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)

   - Phpdbg:
     . Fixed bug #78297 (Include unexistent file memory leak). (Nikita)

   - SQLite:
     . Upgraded to SQLite 3.28.0. (cmb)

   - Standard:
     . Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)
     . Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)

2 files changed, 7 insertions, 7 deletions

diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
index 8d504bdc994..6efa8c0c9a0 100644
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.260.2.1 2019/08/10 11:59:33 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.260.2.2 2019/08/10 12:07:22 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -90,7 +90,7 @@ PHPVERSION_MK=	defined
 PHP56_VERSION=	5.6.40
 PHP71_VERSION=	7.1.30
 PHP72_VERSION=	7.2.21
-PHP73_VERSION=	7.3.6
+PHP73_VERSION=	7.3.8
 
 # Define initial release of major version.
 PHP56_RELDATE=	20140828
diff --git a/lang/php73/distinfo b/lang/php73/distinfo
index 501123fb9b7..41c96a8f0f6 100644
--- a/lang/php73/distinfo
+++ b/lang/php73/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.8 2019/06/01 15:36:02 taca Exp $
+$NetBSD: distinfo,v 1.8.2.1 2019/08/10 12:07:22 bsiegert Exp $
 
-SHA1 (php-7.3.6.tar.bz2) = 56b6df951a3ab4fabcd93e86d4ece55144174802
-RMD160 (php-7.3.6.tar.bz2) = 32f2ab01503ac63f4afa39c7c747b82933ff0af9
-SHA512 (php-7.3.6.tar.bz2) = 3da2d1edfbffc1f7af77f391b10db1ae31ccfbabc756c49c1425b970b92157005c6c5086472769c3d5439d724d277e4dff87f6d40e97b9c3961419cde45e3b17
-Size (php-7.3.6.tar.bz2) = 14841273 bytes
+SHA1 (php-7.3.8.tar.bz2) = 9264a6d51f40e5e45459e28bd9ad96540bbde402
+RMD160 (php-7.3.8.tar.bz2) = 6ac55c13d496904d3a0d9028ddd8a6403394a947
+SHA512 (php-7.3.8.tar.bz2) = c8aea78a21e95a1ad91bdd157684f80b316c51f9fdd6718554d59e0256f39213dec8b176e621ede44e1ef037f77ba2865169274b2bd9f13f319bf01c7e9ed058
+Size (php-7.3.8.tar.bz2) = 14939284 bytes
 SHA1 (patch-configure) = 08b80528ba90c705398e8841c232382663479a3b
 SHA1 (patch-disable-filter-url) = d7e450380b584e01e2f01e9c91c864d01991cdbf
 SHA1 (patch-ext_gd_config.m4) = eaecfb31b18700dd642c067ed82748d4f6be2335