php7: update to 7.4.11

This fixes:
  - CVE-2020-7069
  - CVE-2020-7070

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

diff --git a/lang/php7/Makefile b/lang/php7/Makefile
index 4069d440148c68ea0843145b5c9fc40febbf5695..0158f5fa9a7b931b471a3ce352989b6736b9c974 100644 (file)
--- a/lang/php7/Makefile
+++ b/lang/php7/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=php
-PKG_VERSION:=7.4.10
+PKG_VERSION:=7.4.11
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
@@ -16,7 +16,7 @@ PKG_CPE_ID:=cpe:/a:php:php
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=c2d90b00b14284588a787b100dee54c2400e7db995b457864d66f00ad64fb010
+PKG_HASH:=5d31675a9b9c21b5bd03389418218c30b26558246870caba8eb54f5856e2d6ce
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0

diff --git a/lang/php7/patches/0050-remove-build-timestamps.patch b/lang/php7/patches/0050-remove-build-timestamps.patch
index 511d9899165da8f01799e5264170183413689b4f..d1c048192311bcd724cdad5734d4ff9ca2dff939 100644 (file)
--- a/lang/php7/patches/0050-remove-build-timestamps.patch
+++ b/lang/php7/patches/0050-remove-build-timestamps.patch
@@ -9,9 +9,9 @@
 -              PHP_MD5Update(&context, __DATE__, sizeof(__DATE__)-1);
 -              PHP_MD5Update(&context, __TIME__, sizeof(__TIME__)-1);
 -      }
-       PHP_MD5Final(digest, &context);
-       php_hash_bin2hex(accel_system_id, digest, sizeof digest);
- }
+       /* Modules may have changed after restart which can cause dangling pointers from
+      * custom opcode handlers in the second-level cache files
+      */
 --- a/sapi/litespeed/lsapi_main.c
 +++ b/sapi/litespeed/lsapi_main.c
 @@ -1284,9 +1284,9 @@ static int cli_main( int argc, char * ar