Age | Commit message (Collapse) | Author | Files | Lines |
|
for a different tarball.
|
|
|
|
|
|
|
|
as PHP Bug 37569 and 37571
|
|
As reported by Christopher W. Richardson on tech-pkg.
|
|
Modify the package to not seperately fetch the pear file from php.net
Problem found by Christopher W. Richardson on tech-pkg@
Bump PKGREVISION
|
|
|
|
|
|
|
|
PR: pkg/33432 by Martti Kuparinen
XXX PEAR should be moved to separate package
|
|
Some of the key changes include:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bundled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises
a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions.
* Over 120 various bug fixes.
See release annoucement on:
http://www.php.net/release_5_1_3.php
And ChangeLog:
http://www.php.net/ChangeLog-5.php#5.1.3
|
|
extension using php_date.h
problem reported upstream as PHP Bug 37163
|
|
also here
|
|
it produced empty *.so and the module couldn't be actually used
|
|
|
|
them between "not critical" and "less critical".
Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.
See:
http://secunia.com/advisories/19383/
http://secunia.com/advisories/19599/
Patches were extracted from CVS. I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why; I can confirm it fixes the issue).
While here, add PATCHDIR to the list of variables php5's Makefile.php
defines. That way, ap-php gets patched too...
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
|
|
|
|
* HTTP Response Splitting has been addressed in ext/session and in
the header() function.
* Fixed format string vulnerability in ext/mysqli.
* Fixed possible cross-site scripting problems in certain error conditions.
* Hash & XMLWriter extensions added and enabled by default.
* Upgraded OCI8 extension.
* Over 85 various bug fixes.
(I haven't heard anything from the MAINTAINER but since this works fine
on my servers and as this fixes security issues I checked in this)
|
|
|
|
|
|
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
and to uncomment and explicitly set upload_tmp_dir, so that this works
out of box (patches adapted from www/php4)
pointed out by Martti Kuparinen on tech-pkg@
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
patch framework, the file is part of binary .phar archive and is
created during installation
this has been submitted as PHP bug #35544, so this may be adressed
upstream hopefully
|
|
file (using pkgdiff now)
PR: 32233 by Peter Avalos
|
|
in private e-mail
|
|
* A complete rewrite of date handling code, with improved timezone support.
* Significant performance improvements compared to PHP 5.0.X.
* PDO extension is now enabled by default (separate pkg for pkgsrc)
* Over 30 new functions in various extensions and built-in functionality.
* Bundled libraries, PCRE and SQLite upgraded to latest versions.
* Over 400 various bug fixes.
* PEAR upgraded to version 1.4.5
This release also fixes various security problems discovered in 5.0.X.
|
|
This is done via an option group, default is CGI. Note that the
FastCGI interpreter can still be used for normal CGI, but there
might be security issues involved in doing so.
|
|
be used here.
|
|
|
|
in private e-mail
|
|
turn it off. It's still on by default (in PKG_SUGGESTED_OPTIONS), so
no PKGREVISION bump required.
|
|
misinterpreted some Japanese characters as ASCII.
PR: 31223 by Takahiro Kambe
|
|
there
PR: 31047 by Gilles Dauphin
|
|
support by default, since the USE_INET6 mapping now properly kicks in
|
|
|
|
when the base PHP is compiled with openssl extension (e.g. ssl://, tls://
stream support, and couple others). These don't work when SSL support
is loaded via extension.
For this reason, make openssl extension unconditionally built-in
into the main PHP package, and g/c security/php-openssl.
|
|
such as TLS support.
Patch provided by Stoned Elipot in private e-mail.
|
|
Fixes build of ap-php and PHP modules.
|
|
bug fixes only with only few and minor new features.
Full changelog available at:
http://mirrors.inway.cz/ChangeLog-5.php#5.0.5
|
|
(shared with ap-php) into the php package Makefile.
|
|
Fix suggested by salo@.
|
|
Fix based on work done by tron@ for the PHP 4.x branch fix
PLIST fixup to correctly remove @PREFIX@/lib/php
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|