Age | Commit message (Collapse) | Author | Files | Lines |
|
in the patch file.
|
|
Bump PKGREVISION.
|
|
will trigger with failing distinfo entries.
|
|
file.
Bump PKGREVISION.
|
|
be defined before including lang/php/phpversion.mk.
|
|
* Define PHP's version at one place.
* Remove obsolete description in comments.
* Add "used by www/php-fpm/Makefile" in php5[34]/Makefile.php.
* Remove commented out support for suhosin extension from php54.
* Add PHP_CHECK_INSTALLED and PHP_EXTENSION_DIR to php/phpversion.mk.
No functional should be made.
|
|
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
|
|
11-Jul-2013
Core:
* Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
* Fixed bug #64960 (Segfault in gc_zval_possible_root).
* Fixed bug #64934 (Apache2 TS crash with get_browser()).
* Fixed bug #63186 (compile failure on netbsd).
DateTime:
* Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
PDO_firebird:
* Fixed bug #64037 (Firebird return wrong value for numeric field).
* Fixed bug #62024 (Cannot insert second row with null using parametrized
query).
PDO_pgsql:
* Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
pgsql:
* Fixed bug #64609 (pg_convert enum type support).
SPL:
* Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits
systems).
XML:
* Fixed bug #65236 (heap corruption in xml parser).
|
|
Thanks to Volkmar Seifert notified me the problem via private e-mail.
(I should modify my local mk.conf to handle better...)
|
|
06 Jun 2013, PHP 5.3.26
- Core:
. Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode,
CVE 2013-2110). (Stas)
- Calendar:
. Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
- FPM:
. Fixed some possible memory or resource leaks and possible null dereference
detected by code coverity scan. (Remi)
. Log a warning when a syscall fails. (Remi)
- MySQLi:
. Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB
pointer has closed). (Laruence)
- Phar
. Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or
with non std tmp dir). (Pierre)
- Streams:
. Fixed bug #64770 (stream_select() fails with pipes returned by proc_open()
on Windows x64). (Anatol)
- Zend Engine:
. Fixed bug #64821 (Custom Exception crash when internal properties
overridden). (Anatol)
|
|
09 May 2013, PHP 5.3.25
- Core:
. Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap:
segfault). (Laruence)
. Fixed bug #64458 (dns_get_record result with string of length -1). (Stas)
. Fixed bugs #47675 and #64577 (fd leak on Solaris). (Rasmus)
- Streams:
. Fixed Windows x64 version of stream_socket_pair() and improved error
handling. (Anatol Belski)
- Zip:
. Fixed bug #64342 (ZipArchive::addFile() has to check for file existence).
(Anatol)
|
|
|
|
11 Apr 2013, PHP 5.3.24
- Core
. Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
(Anatol)
. Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle
exceptions properly). (Jeff Welch)
. Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmitry)
- PCRE:
. Merged PCRE 8.32). (Anatol)
- mysqlnd
. Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc
for stmt->param_bind). (Andrey)
- DateTime
. Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
- Zip:
. Bug #64452 (Zip crash intermittently). (Anatol)
|
|
It was accidently dropped by previous update of PHP.
No PKGREVISION bump since it fixes broken status with suhosin PKG_OPTIONS.
|
|
14 Mar 2013, PHP 5.3.23
- SOAP
. Improved check that soap.wsdl_cache_dir conforms to open_basedir (Dmitry)
. Disabled external entities loading. (Dmitry)
- SPL:
. Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
. Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS).
(patch by kriss@krizalys.com, Laruence)
. Fixed bug #52861 (unset fails with ArrayObject and deep arrays).
(Mike Willbanks)
|
|
rc.d script can really start / stop php-fpm. Bump PKGREVISION.
|
|
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
21 Feb 2013, PHP 5.3.22
- Zend Engine:
. Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes)
. Fixed bug #63899 (Use after scope error in zend_compile). (Laruence)
- Core
. Fixed bug #63943 (Bad warning text from strpos() on empty needle).
(Laruence)
- Date:
. Fixed bug #55397 (comparsion of incomplete DateTime causes SIGSEGV).
(Laruence, Derick)
- FPM:
. Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
- SOAP
. Added check that soap.wsdl_cache_dir conforms to open_basedir
(CVE-2013-1635). (Dmitry)
. Disabled external entities loading (CVE-2013-1643). (Dmitry)
- SPL:
. Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)
|
|
|
|
|
|
* pkgsrc change: use locally recreated suhosin patch file.
17 Jan 2013, PHP 5.3.21
- Zend Engine:
. Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user).
(Johannes)
- cURL extension:
. Fixed bug (segfault due to libcurl connection caching). (Pierrick)
. Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for
CURLOPT_SSL_VERIFYHOST). (Pierrick)
. Fixed bug #63352 (Can't enable hostname validation when using curl stream
wrappers). (Pierrick)
. Fixed bug #55438 (Curlwapper is not sending http header randomly).
(phpnet@lostreality.org, Pierrick)
|
|
20 Dec 2012, PHP 5.3.20
- Zend Engine:
. Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry)
. Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes
from value). (Pierrick)
. Fixed bug #63468 (wrong called method as callback with inheritance).
(Laruence)
- Core:
. Fixed bug #63451 (config.guess file does not have AIX 7 defined,
shared objects are not created). (kemcline at au1 dot ibm dot com)
. Fixed bug #63377 (Segfault on output buffer).
(miau dot jp at gmail dot com, Laruence)
- Apache2 Handler SAPI:
. Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)
- Date:
. Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond).
(Remi)
- Fileinfo:
. Fixed bug #63248 (Load multiple magic files from a directory under Windows).
(Anatoliy)
. Fixed bug #63590 (Different results in TS and NTS under Windows).
(Anatoliy)
- FPM:
. Fixed bug #63581 (Possible null dereference and buffer overflow). (Remi)
- Imap:
. Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array). (Remi)
- MySQLnd:
. Fixed bug #63398 (Segfault when polling closed link). (Laruence)
- Reflection:
. Fixed Bug #63614 (Fatal error on Reflection). (Laruence)
- SOAP
. Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests).
(John Jawed, Dmitry)
|
|
22 Nov 2012, PHP 5.3.19
- Core
. Fixed bug #63241 (PHP fails to open Windows deduplicated files).
(daniel dot stelter-gliese at innogames dot de)
. Fixed bug #62444 (Handle leak in is_readable on windows).
(krazyest at seznam dot cz)
- Libxml
. Fixed bug #63389 (Missing context check on libxml_set_streams_context()
causes memleak). (Laruence)
- Mbstring:
. Fixed bug #63447 (max_input_vars doesn't filter variables when
mbstring.encoding_translation = On). (Laruence)
- MySQL:
. Fixed compilation failure on mixed 32/64 bit systems. (Andrey)
- OCI8:
. Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
(Chris Jones)
- PCRE:
. Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
(Dmitry, Laruence)
. Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)
- PDO:
. Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
(Martin Osvald, Remi)
- PDO_pgsql:
. Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).
(Will Fitch)
- Streams:
. Fixed bug #63240 (stream_get_line() return contains delimiter string).
(Tjerk, Gustavo)
- Phar:
. Fixed bug #63297 (Phar fails to write an openssl based signature).
(Anatoliy)
|
|
Since this problem was build problem with suhosin option, no PKGREVISION
bump.
Thanks Amitai Schlair who noted this problem via private mail.
|
|
18 Oct 2012, PHP 5.3.18
- Core:
. Fixed bug #63111 (is_callable() lies for abstract static method). (Dmitry)
. Fixed bug #63093 (Segfault while load extension failed in zts-build).
(Laruence)
. Fixed bug #62976 (Notice: could not be converted to int when comparing
some builtin classes). (Laruence)
. Fixed bug #61767 (Shutdown functions not called in certain error
situation). (Dmitry)
. Fixed bug #61442 (exception threw in __autoload can not be catched).
(Laruence)
. Fixed bug #60909 (custom error handler throwing Exception + fatal error
= no shutdown function). (Dmitry)
- cURL:
. Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will
cause cpu Soaring). (Pierrick)
- FPM:
. Fixed bug #62954 (startup problems fpm / php-fpm). (fat)
. Fixed bug #62886 (PHP-FPM may segfault/hang on startup). (fat)
. Fixed bug #63085 (Systemd integration and daemonize). (remi, fat)
. Fixed bug #62947 (Unneccesary warnings on FPM). (fat)
. Fixed bug #62887 (Only /status?plain&full gives "last request cpu"). (fat)
. Fixed bug #62216 (Add PID to php-fpm init.d script). (fat)
- Intl:
. Fix bug #62915 (defective cloning in several intl classes). (Gustavo)
- SOAP
. Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice).
(Dmitry)
- SPL:
. Bug #62987 (Assigning to ArrayObject[null][something] overrides all
undefined variables). (Laruence)
|
|
|
|
|
|
13 Sep 2012, PHP 5.3.17
- Core:
. Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence)
. Fixed bug #62955 (Only one directive is loaded from "Per Directory Values"
Windows registry). (aserbulov at parallels dot com)
. Fixed bug #62763 (register_shutdown_function and extending class).
(Laruence)
. Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
. Fixed bug #62716 (munmap() is called with the incorrect length).
(slangley@google.com)
. Fixed bug ##62460 (php binaries installed as binary.dSYM). (Reeze Xia)
- CURL:
. Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick)
- DateTime:
. Fixed bug #62852 (Unserialize invalid DateTime causes crash).
(reeze.xia@gmail.com)
- Intl:
. Fix null pointer dereferences in some classes of ext/intl. (Gustavo)
- MySQLnd:
. Fixed bug #62885 (mysqli_poll - Segmentation fault). (Laruence)
- PDO:
. Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence)
- Session:
. Fixed bug (segfault due to retval is not initialized). (Laruence)
- SPL:
. Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray)
(Laruence)
- Enchant:
. Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to
initialize it). (Tony, Mateusz Goik).
16 Aug 2012, PHP 5.3.16
- Core:
. Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK
with run-test.php). (Laruence)
- CURL:
. Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).
(r.hampartsumyan@gmail.com, Laruence)
- DateTime:
. Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence)
- Reflection:
. Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong
result). (Laruence)
- SPL:
. Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance
gives Segmentation fault). (Laruence, Gustavo)
|
|
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
16 Aug 2012, PHP 5.3.16
- Core:
. Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK
with run-test.php). (Laruence)
- CURL:
. Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).
(r.hampartsumyan@gmail.com, Laruence)
- DateTime:
. Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence)
- Reflection:
. Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong
result). (Laruence)
- SPL:
. Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance
gives Segmentation fault). (Laruence, Gustavo)
|
|
is taken on all SunOS platforms.
|
|
|
|
See https://bugs.php.net/bug.php?id=47675
|
|
|
|
19-July-2012
o Zend Engine
* Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value
that includes a semi-colon)
o COM
* Fixed bug #62146 com_dotnet cannot be built shared
o Core
* Fixed potential overflow in _php_stream_scandir, CVE-2012-2688
* Fixed bug #62432 (ReflectionMethod random corrupt memory on high
concurrent)
* Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt)
o Fileinfo
* Fixed magic file regex support
o FPM
* Fixed bug #61045 (fpm don't send error log to fastcgi clients)
* Fixed bug #61835 (php-fpm is not allowed to run as root)
* Fixed bug #61295 (php-fpm should not fail with commented 'user' for
non-root start)
* Fixed bug #61026 (FPM pools can listen on the same address)
* Fixed bug #62033 (php-fpm exits with status 0 on some failures to
start)
* Fixed bug #62153 (when using unix sockets, multiples FPM instances
can be launched without errors)
* Fixed bug #62160 (Add process.priority to set nice(2) priorities)
* Fixed bug #61218 (FPM drops connection while receiving some binary
values in FastCGI requests)
* Fixed bug #62205 (php-fpm segfaults (null passed to strstr))
o Intl
* Fixed bug #62083 (grapheme_extract() memory leaks)
* Fixed bug #62081 (IntlDateFormatter constructor leaks memory when
called twice)
* Fixed bug #62070 (Collator::getSortKey() returns garbage)
* Fixed bug #62017 (datefmt_create with incorrectly encoded timezone
leaks pattern)
* Fixed bug #60785 (memory leak in IntlDateFormatter constructor)
o JSON
* Reverted fix for bug #61537
o Phar
* Fixed bug #62227 (Invalid phar stream path causes crash)
o Reflection
* Fixed bug #62384 (Attempting to invoke a Closure more than once
causes segfault)
* Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory
leaks with constant)
o SPL
* Fixed bug #62262 (RecursiveArrayIterator does not implement Countable)
o SQLite
* Fixed open_basedir bypass, CVE-2012-3365
o XML Write
* Fixed bug #62064 (memory leak in the XML Writer module)
o Zip
* Upgraded libzip to 0.10
|
|
|
|
Version 5.3.14
06-June-2012
* CLI SAPI
- Fixed bug #61546 (functions related to current script failed when
chdir() in cli sapi)
* Core
- Fixed CVE-2012-2143
- Fixed bug #62005 (unexpected behavior when incrementally assigning to a
member of a null object)
- Fixed bug #61730 (Segfault from array_walk modifying an array passed by
reference)
- Fixed missing bound check in iptcparse()
- Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64)
- Fixed bug #54197 ([PATH=] sections incompatibility with
user_ini.filename set to null)
- Fixed bug #61713 (Logic error in charset detection for htmlentities)
- Fixed bug #61991 (long overflow in realpath_cache_get())
- Changed php://fd to be available only for CLI.
* CURL
- Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction)
* COM
- Fixed bug #62146 com_dotnet cannot be built shared
* Fileinfo
- Fixed bug #61812 (Uninitialised value used in libmagic)
* Iconv
- Fixed a bug that iconv extension fails to link to the correct library
when another extension makes use of a library that links to the iconv
library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail
* Intl
- Fixed bug #62082 (Memory corruption in internal function
get_icu_disp_value_src_php()
* JSON
- Fixed bug #61537 (json_encode() incorrectly truncates/discards
information)
* PDO
- Fixed bug #61755 (A parsing bug in the prepared statements can lead to
access violations)
* Phar
- Fixed bug #61065 (Secunia SA44335)
* Streams
- Fixed bug #61961 (file_get_contents leaks when access empty file with
maxlen set)
|
|
|
|
Bump PKGREVISION.
|
|
|
|
Bump PKGREVISION.
|
|
Replace OWN_DIRS with @pkgdir to avoid unwanted deletion of PHP extension
directory when the only extension is deinstalled.
|
|
|
|
08 May 2012, PHP 5.3.13
- CGI
. Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311.
(Stas)
|
|
|
|
Bump PKGREVISION.
|
|
03 Mar 2012, PHP 5.3.12
- Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)
|
|
For full changes, please refer <http://www.php.net/ChangeLog-5.php#5.3.11>.
Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to
corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).
Key enhancements in these releases include:
* Added debug info handler to DOM objects.
* Fixed bug #61172 (Add Apache 2.4 support).
|
|
from PHP 5.4.0. This is a small security fix.
Bump PKGREVISION.
|
|
in php-5.3.9nb2 package.
02 Feb 2012, PHP 5.3.10
- Core:
. Fixed arbitrary remote code execution vulnerability reported by Stefan
Esser, CVE-2012-0830. (Stas, Dmitry)
|
|
Hopefully, these 18 minutes is allowed to avoid to PKGREVISION bump.
|
|
Hashtable Collision DOS" by revision 323007 from PHP's repository.
http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
Bump PKGREVISION.
|