summaryrefslogtreecommitdiff
path: root/lang/php53
AgeCommit message (Collapse)AuthorFilesLines
2013-02-06PKGREVISION bumps for the security/openssl 1.0.1d update.jperkin1-1/+2
2013-01-17Update php53 to 5.3.21.taca3-30/+14
* pkgsrc change: use locally recreated suhosin patch file. 17 Jan 2013, PHP 5.3.21 - Zend Engine: . Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user). (Johannes) - cURL extension: . Fixed bug (segfault due to libcurl connection caching). (Pierrick) . Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST). (Pierrick) . Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers). (Pierrick) . Fixed bug #55438 (Curlwapper is not sending http header randomly). (phpnet@lostreality.org, Pierrick)
2013-01-07Update php53 to 5.3.20.taca3-8/+8
20 Dec 2012, PHP 5.3.20 - Zend Engine: . Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry) . Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value). (Pierrick) . Fixed bug #63468 (wrong called method as callback with inheritance). (Laruence) - Core: . Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created). (kemcline at au1 dot ibm dot com) . Fixed bug #63377 (Segfault on output buffer). (miau dot jp at gmail dot com, Laruence) - Apache2 Handler SAPI: . Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy) - Date: . Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond). (Remi) - Fileinfo: . Fixed bug #63248 (Load multiple magic files from a directory under Windows). (Anatoliy) . Fixed bug #63590 (Different results in TS and NTS under Windows). (Anatoliy) - FPM: . Fixed bug #63581 (Possible null dereference and buffer overflow). (Remi) - Imap: . Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array). (Remi) - MySQLnd: . Fixed bug #63398 (Segfault when polling closed link). (Laruence) - Reflection: . Fixed Bug #63614 (Fatal error on Reflection). (Laruence) - SOAP . Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests). (John Jawed, Dmitry)
2012-11-23Update php53 to 5.3.19.taca3-8/+8
22 Nov 2012, PHP 5.3.19 - Core . Fixed bug #63241 (PHP fails to open Windows deduplicated files). (daniel dot stelter-gliese at innogames dot de) . Fixed bug #62444 (Handle leak in is_readable on windows). (krazyest at seznam dot cz) - Libxml . Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak). (Laruence) - Mbstring: . Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On). (Laruence) - MySQL: . Fixed compilation failure on mixed 32/64 bit systems. (Andrey) - OCI8: . Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro) (Chris Jones) - PCRE: . Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite). (Dmitry, Laruence) . Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy) - PDO: . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec). (Martin Osvald, Remi) - PDO_pgsql: . Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL). (Will Fitch) - Streams: . Fixed bug #63240 (stream_get_line() return contains delimiter string). (Tjerk, Gustavo) - Phar: . Fixed bug #63297 (Phar fails to write an openssl based signature). (Anatoliy)
2012-10-20Fix build problem when suhosin option enabled with a little dirty way.taca2-2/+21
Since this problem was build problem with suhosin option, no PKGREVISION bump. Thanks Amitai Schlair who noted this problem via private mail.
2012-10-19Update php53 to 5.3.18.taca3-11/+8
18 Oct 2012, PHP 5.3.18 - Core: . Fixed bug #63111 (is_callable() lies for abstract static method). (Dmitry) . Fixed bug #63093 (Segfault while load extension failed in zts-build). (Laruence) . Fixed bug #62976 (Notice: could not be converted to int when comparing some builtin classes). (Laruence) . Fixed bug #61767 (Shutdown functions not called in certain error situation). (Dmitry) . Fixed bug #61442 (exception threw in __autoload can not be catched). (Laruence) . Fixed bug #60909 (custom error handler throwing Exception + fatal error = no shutdown function). (Dmitry) - cURL: . Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will cause cpu Soaring). (Pierrick) - FPM: . Fixed bug #62954 (startup problems fpm / php-fpm). (fat) . Fixed bug #62886 (PHP-FPM may segfault/hang on startup). (fat) . Fixed bug #63085 (Systemd integration and daemonize). (remi, fat) . Fixed bug #62947 (Unneccesary warnings on FPM). (fat) . Fixed bug #62887 (Only /status?plain&full gives "last request cpu"). (fat) . Fixed bug #62216 (Add PID to php-fpm init.d script). (fat) - Intl: . Fix bug #62915 (defective cloning in several intl classes). (Gustavo) - SOAP . Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice). (Dmitry) - SPL: . Bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables). (Laruence)
2012-10-02Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.asau1-2/+1
2012-09-15Re-enable suhosin PKG_OPTION.taca2-3/+6
2012-09-14Update php53 to 5.3.17 (PHP 5.3.17).taca2-9/+6
13 Sep 2012, PHP 5.3.17 - Core: . Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence) . Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" Windows registry). (aserbulov at parallels dot com) . Fixed bug #62763 (register_shutdown_function and extending class). (Laruence) . Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence) . Fixed bug #62716 (munmap() is called with the incorrect length). (slangley@google.com) . Fixed bug ##62460 (php binaries installed as binary.dSYM). (Reeze Xia) - CURL: . Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick) - DateTime: . Fixed bug #62852 (Unserialize invalid DateTime causes crash). (reeze.xia@gmail.com) - Intl: . Fix null pointer dereferences in some classes of ext/intl. (Gustavo) - MySQLnd: . Fixed bug #62885 (mysqli_poll - Segmentation fault). (Laruence) - PDO: . Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence) - Session: . Fixed bug (segfault due to retval is not initialized). (Laruence) - SPL: . Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray) (Laruence) - Enchant: . Fixed bug #62838 (enchant_dict_quick_check() destroys zval, but fails to initialize it). (Tony, Mateusz Goik). 16 Aug 2012, PHP 5.3.16 - Core: . Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php). (Laruence) - CURL: . Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false). (r.hampartsumyan@gmail.com, Laruence) - DateTime: . Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence) - Reflection: . Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result). (Laruence) - SPL: . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault). (Laruence, Gustavo)
2012-08-17Update php53 to 5.3.16 (PHP 5.3.16).taca8-47/+21
PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 16 Aug 2012, PHP 5.3.16 - Core: . Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php). (Laruence) - CURL: . Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false). (r.hampartsumyan@gmail.com, Laruence) - DateTime: . Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence) - Reflection: . Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result). (Laruence) - SPL: . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault). (Laruence, Gustavo)
2012-07-31Fix a silly bug in latest PHP. Arbitrary symbol cannot be 'sun', whichfhajny3-1/+45
is taken on all SunOS platforms.
2012-07-27readline support require GNU readline.obache1-1/+2
2012-07-25Fix file descriptor leak on SunOS. Bump PKGREVISION.fhajny3-2/+18
See https://bugs.php.net/bug.php?id=47675
2012-07-25Add support for readline (for interactive PHP CLI).fhajny1-2/+9
2012-07-20Update php53 pacakge to 5.3.15 (PHP 5.3.15).taca4-11/+13
19-July-2012 o Zend Engine * Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon) o COM * Fixed bug #62146 com_dotnet cannot be built shared o Core * Fixed potential overflow in _php_stream_scandir, CVE-2012-2688 * Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent) * Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt) o Fileinfo * Fixed magic file regex support o FPM * Fixed bug #61045 (fpm don't send error log to fastcgi clients) * Fixed bug #61835 (php-fpm is not allowed to run as root) * Fixed bug #61295 (php-fpm should not fail with commented 'user' for non-root start) * Fixed bug #61026 (FPM pools can listen on the same address) * Fixed bug #62033 (php-fpm exits with status 0 on some failures to start) * Fixed bug #62153 (when using unix sockets, multiples FPM instances can be launched without errors) * Fixed bug #62160 (Add process.priority to set nice(2) priorities) * Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests) * Fixed bug #62205 (php-fpm segfaults (null passed to strstr)) o Intl * Fixed bug #62083 (grapheme_extract() memory leaks) * Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice) * Fixed bug #62070 (Collator::getSortKey() returns garbage) * Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern) * Fixed bug #60785 (memory leak in IntlDateFormatter constructor) o JSON * Reverted fix for bug #61537 o Phar * Fixed bug #62227 (Invalid phar stream path causes crash) o Reflection * Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault) * Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant) o SPL * Fixed bug #62262 (RecursiveArrayIterator does not implement Countable) o SQLite * Fixed open_basedir bypass, CVE-2012-3365 o XML Write * Fixed bug #62064 (memory leak in the XML Writer module) o Zip * Upgraded libzip to 0.10
2012-06-16Limit upper version of PHP.taca1-3/+3
2012-06-16Update php53 to 5.3.14 (PHP 5.3.14).taca6-51/+9
Version 5.3.14 06-June-2012 * CLI SAPI - Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi) * Core - Fixed CVE-2012-2143 - Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object) - Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference) - Fixed missing bound check in iptcparse() - Fixed bug #61764 ('I' unpacks n as signed if n > 2^31-1 on LP64) - Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null) - Fixed bug #61713 (Logic error in charset detection for htmlentities) - Fixed bug #61991 (long overflow in realpath_cache_get()) - Changed php://fd to be available only for CLI. * CURL - Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction) * COM - Fixed bug #62146 com_dotnet cannot be built shared * Fileinfo - Fixed bug #61812 (Uninitialised value used in libmagic) * Iconv - Fixed a bug that iconv extension fails to link to the correct library when another extension makes use of a library that links to the iconv library. See https://bugs.gentoo.org/show_bug.cgi?id=364139 for detail * Intl - Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php() * JSON - Fixed bug #61537 (json_encode() incorrectly truncates/discards information) * PDO - Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations) * Phar - Fixed bug #61065 (Secunia SA44335) * Streams - Fixed bug #61961 (file_get_contents leaks when access empty file with maxlen set)
2012-06-14Recursive PKGREVISION bump for libxml2 buildlink addition.sbd2-4/+4
2012-06-12Add fix for http://secunia.com/advisories/44335/, also CVE-2012-2386.taca3-3/+27
Bump PKGREVISION.
2012-06-03Work around (FSVO work around) VAX's lack of inf.abs2-1/+17
2012-05-31Add a patch to fix for CVE_2012-2143 from PHP's repository.taca3-2/+20
Bump PKGREVISION.
2012-05-19lang/php53: Fix unwanted directory removalmarino2-4/+5
Replace OWN_DIRS with @pkgdir to avoid unwanted deletion of PHP extension directory when the only extension is deinstalled.
2012-05-13* Remove duplicate definition of PHP_EXTENSION_DIR from Makefile.php.taca1-4/+1
2012-05-09Update php53 pacakge to 5.3.13 (PHP 5.3.13).taca5-37/+12
08 May 2012, PHP 5.3.13 - CGI . Improve fix for PHP-CGI query string parameter vulnerability, CVE-2012-2311. (Stas)
2012-05-06Fix miss spelling in comment: s/CVS-/CVE-/.taca2-3/+3
2012-05-06Additional fix for CVS-2012-1823; it wasn't fixed by PHP 5.3.12.taca3-2/+26
Bump PKGREVISION.
2012-05-04Update php53 package to 5.3.12.taca3-11/+11
03 Mar 2012, PHP 5.3.12 - Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Rasmus)
2012-04-26Update php53 package to 5.3.11.taca5-56/+12
For full changes, please refer <http://www.php.net/ChangeLog-5.php#5.3.11>. Security Enhancements: * Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172). * Add open_basedir checks to readline_write_history and readline_read_history. * Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831). Key enhancements in these releases include: * Added debug info handler to DOM objects. * Fixed bug #61172 (Add Apache 2.4 support).
2012-04-05Add a patch to fix possible newline injection problem of header() functiontaca3-2/+46
from PHP 5.4.0. This is a small security fix. Bump PKGREVISION.
2012-02-03Update php53 package to 5.3.10. Below security fix is already includedtaca5-64/+12
in php-5.3.9nb2 package. 02 Feb 2012, PHP 5.3.10 - Core: . Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830. (Stas, Dmitry)
2012-02-02And more fix for memory leaks by revision 323013 from PHP's repository.taca2-6/+37
Hopefully, these 18 minutes is allowed to avoid to PKGREVISION bump.
2012-02-02Add fix for "Critical PHP Remote Vulnerability Introduced in Fix for PHPtaca3-3/+23
Hashtable Collision DOS" by revision 323007 from PHP's repository. http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ Bump PKGREVISION.
2012-02-02Trying to fix build problem on NetBSD current recently.taca2-1/+31
2012-01-20Use official suhosin-patch for PHP 5.3.9 instead of local one based ontaca3-12/+11
for PHP5.3.7. Bump PKGREVISION.
2012-01-12Fix build problem of databases/php-mssql.taca2-16/+1
2012-01-11Update php53 pacakge to 5.3.9; PHP 5.3.9.taca9-120/+16
suhosin-patch is provided as modified one; only copyright year. PHP 5.3.9 Released! [10-Jan-2012] The PHP development team would like to announce the immediate availability of PHP 5.3.9. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related. Security Enhancements and Fixes in PHP 5.3.9: * Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885) * Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566) Key enhancements in PHP 5.3.9 include: * Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of). * Fixed bug #55609 (mysqlnd cannot be built shared) * Many changes to the FPM SAPI module For a full list of changes in PHP 5.3.9, see the ChangeLog. For source downloads please visit our downloads page, Windows binaries can be found on windows.php.net/download/. All users are strongly encouraged to upgrade to PHP 5.3.9.
2012-01-04Wrong distinfo was accidently generated.taca1-2/+2
Noted by David Wetzel on netbsd-users.
2012-01-03Add security fix for http://www.ocert.org/advisories/ocert-2011-003.htmltaca5-4/+65
from r321038 from PHP's repository. Bump PKGREVISION.
2011-10-20A small correction in comment text of the patch.taca2-4/+4
2011-10-20Add fix for 2011-3379 from r317183 from PHP's repository.taca3-2/+33
Bump PKGREVISION.
2011-10-20Revert accidental commit with previous commit.taca1-2/+1
2011-10-20Re-add suhosin-patch to distinfo.taca2-2/+6
2011-10-06Atomic operations via gcc are not supported on many archs. Allow them onlyjklos2-4/+16
on amd64, powerpc, i386 and alpha.
2011-09-12Add some patches to fix build problem of databases/php-mssql with recenttaca3-1/+44
updated databases/freetds.
2011-08-23Update php53 package to 5.3.8.taca5-29/+12
(crypt()'s problem was already fixed our php53-5.3.7nb1 package.) PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 23 Aug 2011, PHP 5.3.8 - Core: . Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas) - OpenSSL: . Reverted a change in timeout handling restoring PHP 5.3.6 behavior, as the new behavior caused mysqlnd SSL connections to hang (#55283). (Pierre, Andrey, Johannes)
2011-08-22missing bump PKGREVISION of last fix for php53 MD5 password encryption problem.obache1-1/+2
2011-08-22Add fix for MD5 password encryption problem (r315218 from PHP repository).taca2-1/+17
Bump PKGREVISION.
2011-08-20Update suhosin patch with hoping this 45 minutes delay wouldn't needtaca2-3/+6
PKGREVISION bump.
2011-08-20Update php53 package to 5.3.7.taca9-397/+14
PHP 5.3.7 Released! [18-Aug-2011] The PHP development team would like to announce the immediate availability of PHP 5.3.7. This release focuses on improving the stability of the PHP 5.3.x branch with over 90 bug fixes, some of which are security related. Security Enhancements and Fixes in PHP 5.3.7: * Updated crypt_blowfish to 1.2. (CVE-2011-2483) * Fixed crash in error_log(). Reported by Mateusz Kocielski * Fixed buffer overflow on overlog salt in crypt(). * Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) * Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) * Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Key enhancements in PHP 5.3.7 include: * Upgraded bundled Sqlite3 to version 3.7.7.1 * Upgraded bundled PCRE to version 8.12 * Fixed bug #54910 (Crash when calling call_user_func with unknown function name) * Fixed bug #54585 (track_errors causes segfault) * Fixed bug #54262 (Crash when assigning value to a dimension in a non-array) * Fixed a crash inside dtor for error handling * Fixed bug #55339 (Segfault with allow_call_time_pass_reference = Off) * Fixed bug #54935 php_win_err can lead to crash * Fixed bug #54332 (Crash in zend_mm_check_ptr // Heap corruption) * Fixed bug #54305 (Crash in gc_remove_zval_from_buffer) * Fixed bug #54580 (get_browser() segmentation fault when browscap ini directive is set through php_admin_value) * Fixed bug #54529 (SAPI crashes on apache_config.c:197) * Fixed bug #54283 (new DatePeriod(NULL) causes crash). * Fixed bug #54269 (Short exception message buffer causes crash) * Fixed Bug #54221 (mysqli::get_warnings segfault when used in multi queries) * Fixed bug #54395 (Phar::mount() crashes when calling with wrong parameters) * Fixed bug #54384 (Dual iterators, GlobIterator, SplFileObject and SplTempFileObject crash when user-space classes don't call the parent constructor) * Fixed bug #54292 (Wrong parameter causes crash in SplFileObject::__construct()) * Fixed bug #54291 (Crash iterating DirectoryIterator for dir name starting with \0) * Fixed bug #54281 (Crash in non-initialized RecursiveIteratorIterator) * Fixed bug #54623 (Segfault when writing to a persistent socket after closing a copy of the socket) * Fixed bug #54681 (addGlob() crashes on invalid flags) * Over 80 other bug fixes.
2011-07-08pkglint clean-upadam3-24/+20