Pullup ticket #6299 - requested by taca

lang/php74: security fix

Revisions pulled up:
- lang/php74/distinfo                                           1.10-1.11

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sat Jul 11 04:02:14 UTC 2020

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php74: distinfo

   Log Message:
   lang/php74: update to 7.4.8

   Update php74 to 7.4.8.

   09 Jul 2020, PHP 7.4.8

   - Core:
     . Fixed bug #79649 (Altering disable_functions from module init corrupts
       memory). (Laruence)
     . Fixed bug #79595 (zend_init_fpu() alters FPU precision). (cmb, Nikita)
     . Fixed bug #79650 (php-win.exe 100% cpu lockup). (cmb)
     . Fixed bug #79668 (get_defined_functions(true) may miss functions). (cmb,
       Nikita)
     . Fixed bug #79657 ("yield from" hangs when invalid value encountered).
       (Nikita)
     . Fixed bug #79683 (Fake reflection scope affects __toString()). (Nikita)
     . Fixed possibly unsupported timercmp() usage. (cmb)

   - Exif:
     . Fixed bug #79687 (Sony picture - PHP Warning - Make, Model, MakerNotes).
       (cmb)

   - Fileinfo:
     . Fixed bug #79681 (mime_content_type/finfo returning incorrect mimetype).
       (cmb)

   - Filter:
     . Fixed bug #73527 (Invalid memory access in php_filter_strip). (cmb)

   - GD:
     . Fixed bug #79676 (imagescale adds black border with IMG_BICUBIC). (cmb)

   - OpenSSL:
     . Fixed bug #62890 (default_socket_timeout=-1 causes connection to timeout).
       (cmb)

   - PDO SQLite:
     . Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set).
       (cmb)

   - phpdbg:
     . Fixed bug #73926 (phpdbg will not accept input on restart execution). (cmb)
     . Fixed bug #73927 (phpdbg fails with windows error prompt at "watch array").
       (cmb)
     . Fixed several mostly Windows related phpdbg bugs. (cmb)

   - SPL:
     . Fixed bug #79710 (Reproducible segfault in error_handler during GC
       involved an SplFileObject). (Nikita)

   - Standard:
     . Fixed bug #74267 (segfault with streams and invalid data). (cmb)
     . Fixed bug #79579 (ZTS build of PHP 7.3.17 doesn't handle ERANGE for
       posix_getgrgid and others). (Böszörményi Zoltán)

---
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Sat Aug  8 13:31:19 UTC 2020

   Modified Files:
           pkgsrc/lang/php: phpversion.mk
           pkgsrc/lang/php74: distinfo

   Log Message:
   lang/php74: update to 7.4.9

   Update php74 to 7.4.9 (PHP 7.4.9).

   06 Aug 2020, PHP 7.4.9

   - Apache:
     . Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time
       to return usec). (Herbert256)

   - COM:
     . Fixed bug #63208 (BSTR to PHP string conversion not binary safe). (cmb)
     . Fixed bug #63527 (DCOM does not work with Username, Password parameter).
       (cmb)

   - Core:
     . Fixed bug #79740 (serialize() and unserialize() methods can not be called
       statically). (Nikita)
     . Fixed bug #79783 (Segfault in php_str_replace_common). (Nikita)
     . Fixed bug #79778 (Assertion failure if dumping closure with unresolved
       static variable). (Nikita)
     . Fixed bug #79779 (Assertion failure when assigning property of string
       offset by reference). (Nikita)
     . Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
       (Nikita)
     . Fixed bug #78598 (Changing array during undef index RW error segfaults).
       (Nikita)
     . Fixed bug #79784 (Use after free if changing array during undef var during
       array write fetch). (Nikita)
     . Fixed bug #79793 (Use after free if string used in undefined index warning
       is changed). (Nikita)
     . Fixed bug #79862 (Public non-static property in child should take priority
       over private static). (Nikita)
     . Fixed bug #79877 (getimagesize function silently truncates after a null
       byte) (cmb)

   - Fileinfo:
     . Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)). (cmb)

   - FTP:
     . Fixed bug #55857 (ftp_size on large files). (cmb)

   - Mbstring:
     . Fixed bug #79787 (mb_strimwidth does not trim string). (XXiang)

   - Phar:
     . Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile
       function). (CVE-2020-7068) (cmb)

   - Reflection:
     . Fixed bug #79487 (::getStaticProperties() ignores property modifications).
       (cmb, Nikita)
     . Fixed bug #69804 (::getStaticPropertyValue() throws on protected props).
       (cmb, Nikita)
     . Fixed bug #79820 (Use after free when type duplicated into
       ReflectionProperty gets resolved). (Christopher Broadbent)

   - Standard:
     . Fixed bug #70362 (Can't copy() large 'data://' with open_basedir). (cmb)
     . Fixed bug #78008 (dns_check_record() always return true on Alpine).
       (Andy Postnikov)
     . Fixed bug #79839 (array_walk() does not respect property types). (Nikita)

2 files changed, 7 insertions, 7 deletions

diff --git a/lang/php/phpversion.mk b/lang/php/phpversion.mk
index 4929636d2df..ca96a52ec42 100644
--- a/lang/php/phpversion.mk
+++ b/lang/php/phpversion.mk
@@ -1,4 +1,4 @@
-# $NetBSD: phpversion.mk,v 1.300.2.1 2020/08/14 19:33:28 bsiegert Exp $
+# $NetBSD: phpversion.mk,v 1.300.2.2 2020/08/23 18:42:13 bsiegert Exp $
 #
 # This file selects a PHP version, based on the user's preferences and
 # the installed packages. It does not add a dependency on the PHP
@@ -90,7 +90,7 @@ PHPVERSION_MK=	defined
 PHP56_VERSION=	5.6.40
 PHP72_VERSION=	7.2.31
 PHP73_VERSION=	7.3.21
-PHP74_VERSION=	7.4.7
+PHP74_VERSION=	7.4.9
 
 # Define initial release of major version.
 PHP56_RELDATE=	20140828
diff --git a/lang/php74/distinfo b/lang/php74/distinfo
index dd2360a84a4..13dfcb910aa 100644
--- a/lang/php74/distinfo
+++ b/lang/php74/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.9 2020/06/14 05:59:17 taca Exp $
+$NetBSD: distinfo,v 1.9.2.1 2020/08/23 18:42:13 bsiegert Exp $
 
-SHA1 (php-7.4.7.tar.xz) = 81b2f89d3668b137514e94383b79957e19066caa
-RMD160 (php-7.4.7.tar.xz) = 7690589df7a30612698e5931a7b4b16965538a9d
-SHA512 (php-7.4.7.tar.xz) = 5b3ba690e610e0511675f06a10afe9edbcfa90b5b16956d22aab225cdf140b55e5a8a551e7b189d30404981c94c6921b8c4aed00102546cfa38784a719704b80
-Size (php-7.4.7.tar.xz) = 10286580 bytes
+SHA1 (php-7.4.9.tar.xz) = 6d8996e0e033745565eab8f4a8c67438c0f61ee0
+RMD160 (php-7.4.9.tar.xz) = 5d9e8153926dcadd5a08ef36e2232998f3a613d0
+SHA512 (php-7.4.9.tar.xz) = 6179c2d867d6775d7f41785003c36d06ce620e7746ea7e6a4d275264e814a66d465776b47b04e2926ed1228cf58f2c15cdda74faf10372435c74ede7aeb79e18
+Size (php-7.4.9.tar.xz) = 10289560 bytes
 SHA1 (patch-configure) = 5e9c9c06f6d819d5ba2832d648f41363f40f3108
 SHA1 (patch-disable-filter-url) = 0a2c19c18f089448a8d842e99738b292ab9e5640
 SHA1 (patch-ext_phar_Makefile.frag) = 53ea5c58b0bc27d236118d5750a74b1cba43e5dd