summaryrefslogtreecommitdiff
path: root/lang/php5
AgeCommit message (Collapse)AuthorFilesLines
2010-07-24Update "php5" package to version 5.2.14. Changes since version 5.2.13:tron5-50/+15
- Reverted bug fix #49521 (PDO fetchObject sets values before calling constructor). (Felipe) - Updated timezone database to version 2010.5. (Derick) - Upgraded bundled PCRE to version 8.02. (Ilia) - Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531). (Scott) - Fixed a possible interruption array leak in strrchr(). Reported by Péter Veres. (CVE-2010-2484) (Felipe) - Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). (Felipe) - Fixed a possible memory corruption in substr_replace() (Dmitry) - Fixed SplObjectStorage unserialization problems (CVE-2010-2225). (Stas) - Fixed a possible stack exaustion inside fnmatch(). Reporeted by Stefan Esser (Ilia) - Reset error state in PDO::beginTransaction() reset error state. (Ilia) - Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert) - Fixed handling of session variable serialization on certain prefix characters. Reported by Stefan Esser (Ilia) - Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. (Ilia) - Fixed a crash when calling an inexistent method of a class that inherits PDOStatement if instantiated directly instead of doing by the PDO methods. (Felipe) - Fixed bug #52317 (Segmentation fault when using mail() on a rhel 4.x (only 64 bit)). (Adam) - Fixed bug #52238 (Crash when an Exception occured in iterator_to_array). (Johannes) - Fixed bug #52237 (Crash when passing the reference of the property of a non-object). (Dmitry) - Fixed bug #52163 (SplFileObject::fgetss() fails due to parameter that can't be set). (Felipe) - Fixed bug #52162 (custom request header variables with numbers are removed). (Sriram Natarajan) - Fixed bug #52160 (Invalid E_STRICT redefined constructor error). (Felipe) - Fixed bug #52061 (memory_limit above 2G). (Felipe) - Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function). (Dmitry) - Fixed bug #52037 (Concurrent builds fail in install-programs). (seanius at debian dot org, Kalle) - Fixed bug #52019 (make lcov doesn't support TESTS variable anymore). (Patrick) - Fixed bug #52010 (open_basedir restrictions mismatch on vacuum command). (Ilia, Felipe) - Fixed bug #51943 (AIX: Several files are out of ANSI spec). (Kalle, coreystup at gmail dot com) - Fixed bug #51911 (ReflectionParameter::getDefaultValue() memory leaks with constant array). (Felipe) - Fixed bug #51905 (ReflectionParameter fails if default value is an array with an access to self::). (Felipe) - Fixed bug #51822 (Segfault with strange __destruct() for static class variables). (Dmitry) - Fixed bug #51671 (imagefill does not work correctly for small images). (Pierre) - Fixed bug #51670 (getColumnMeta causes segfault when re-executing query after calling nextRowset). (Pierrick) - Fixed bug #51629 (CURLOPT_FOLLOWLOCATION error message is misleading). (Pierre) - Fixed bug #51617 (PDO PGSQL still broken against PostGreSQL < 7.4). (Felipe, wdierkes at 5dollarwhitebox dot org) - Fixed bug #51615 (PHP crash with wrong HTML in SimpleXML). (Felipe) - Fixed bug #51609 (pg_copy_to: Invalid results when using fourth parameter). (Felipe) - Fixed bug #51608 (pg_copy_to: WARNING: nonstandard use of \\ in a string literal). (cbandy at jbandy dot com) - Fixed bug #51607 (pg_copy_from does not allow schema in the tablename argument). (cbandy at jbandy dot com) - Fixed bug #51604 (newline in end of header is shown in start of message). (Daniel Egeberg) - Fixed bug #51562 (query timeout in mssql can not be changed per query). (ejsmont dot artur at gmail dot com) - Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues). (Dmitry) - Fixed bug #51532 (Wrong prototype for SplFileObject::fscanf()). (Etienne) - Fixed bug #51445 (var_dump() invalid/slow *RECURSION* detection). (Felipe) - Fixed bug #51393 (DateTime::createFromFormat() fails if format string contains timezone). (Adam) - Fixed bug #51374 (Wrongly initialized object properties). (Etienne) - Fixed bug #51338 (URL-Rewriter is still enabled if use_only_cookies is on). (Ilia, j dot jeising at gmail dot com) - Fixed bug #51273 (Faultstring property does not exist when the faultstring is empty) (Ilia, dennis at transip dot nl) - Fixed bug #51269 (zlib.output_compression Overwrites Vary Header). (Adam) - Fixed bug #51263 (imagettftext and rotated text uses wrong baseline) (cschneid at cschneid dot com, Takeshi Abe) - Fixed bug #51237 (milter SAPI crash on startup). (igmar at palsenberg dot com) - Fixed bug #51213 (pdo_mssql is trimming value of the money column). (Ilia, alexr at oplot dot com) - Fixed bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). (Adam, solar at azrael dot ws). - Fixed bug #51190 (ftp_put() returns false when transfer was successful). (Ilia) - Fixed bug #51183 (ext/date/php_date.c fails to compile with Sun Studio). (Sriram Natarajan) - Fixed bug #51171 (curl_setopt() doesn't output any errors or warnings when an invalid option is provided). (Ilia) - Fixed bug #51128 (imagefill() doesn't work with large images). (Pierre) - Fixed bug #51086 (DBA DB4 doesn't work with Berkeley DB 4.8). (Chris Jones) - Fixed bug #51062 (DBA DB4 uses mismatched headers and libraries). (Chris Jones) - Fixed bug #51023 (filter doesn't detect int overflows with GCC 4.4). (Raphael Geissert) - Fixed bug #50762 (in WSDL mode Soap Header handler function only being called if defined in WSDL). (mephius at gmail dot com) - Fixed bug #50698 (SoapClient should handle wsdls with some incompatiable endpoints). (Justin Dearing) - Fixed bug #50383 (Exceptions thrown in __call() / __callStatic() do not include file and line in trace). (Felipe) - Fixed bug #49730 (Firebird - new PDO() returns NULL). (Felipe) - Fixed bug #49723 (LimitIterator with empty SeekableIterator). (Etienne) - Fixed bug #49576 (FILTER_VALIDATE_EMAIL filter needs updating) (Rasmus) - Fixed bug #49320 (PDO returns null when SQLite connection fails). (Felipe) - Fixed bug #49267 (Linking fails for iconv). (Moriyosh) - Fixed bug #48601 (xpath() returns FALSE for legitimate query). (Rob) - Fixed bug #48289 (iconv_mime_encode() quoted-printable scheme is broken). (Adam, patch from hiroaki dot kawai at gmail dot com). - Fixed bug #43314 (iconv_mime_encode(), broken Q scheme). (Rasmus) - Fixed bug #33210 (getimagesize() fails to detect width/height on certain JPEGs). (Ilia) - Fixed bug #23229 (syslog() truncates messages). (Adam)
2010-06-13Bump PKGREVISION for libpng shlib name change.wiz2-4/+35
Also add some patches to remove use of deprecated symbols and fix other problems when looking for or compiling against libpng-1.4.x.
2010-03-27Add patch for php-xmlrpc to fix CVE-2010-0397 security problem.taca2-1/+37
These patch are created from r296152 and r296153 from svn from PHP.
2010-03-20Limit packages to PHP80xa before 5.3joerg1-2/+2
2010-03-16Update description in comments.taca1-15/+8
2010-03-04Update suhosin patch for PHP 5.2.13.taca3-4/+8
Bump PKGREVISION.
2010-03-03Re-enable suhosin option since there is no need to disable it.taca1-2/+2
Noted by Volkmar Seifert and I misunderstood something.
2010-03-03Oops, previous patch's path was wrong and corrected now.taca2-5/+5
2010-03-03Fix php-gmp build problem with gmp-5.0.1 and later referingtaca2-4/+22
http://svn.php.net/viewvc?view=revision&revision=295402. No PKGREVISION bump since it is only build problem fix.
2010-02-27Update php5 package to 5.2.13.taca4-13/+12
25 Feb 2010, PHP 5.2.13 - Updated timezone database to version 2010.2. (Derick) - Upgraded bundled PCRE to version 7.9. (Ilia) - Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes excluding Windows). (Tony, Ilia) - Changed tidyNode class to disallow manual node creation. (Pierrick) - Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia) - Improved LCG entropy. (Rasmus, Samy Kamkar) - Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen) - Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia) - Fixed bug in bundled libgd causing spurious horizontal lines drawn by gdImageFilledPolygon (libgd #100). (Takeshi Abe) - Fixed build of mysqli with MySQL 5.5.0-m2. (Andrey) - Fixed bug #50940 Custom content-length set incorrectly in Apache sapis. (Brian France, Rasmus) - Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick) - Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de) - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia) - Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani) - Fixed bug #50823 (ReflectionFunction::isDeprecated producing "cannot be called statically" error). (Jani, Felipe) - Fixed bug #50791 (Compile failure: Bad logic in defining fopencookie emulation). (Jani) - Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia) - Fixed bug #50772 (mysqli constructor without parameters does not return a working mysqli object). (Andrey) - Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia) - Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia) - Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia) - Fixed bug #50727 (Accessing mysqli->affected_rows on no connection causes segfault). (Andrey, Johannes) - Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia) - Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob) - Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia) - Fixed bug #50636 (MySQLi_Result sets values before calling constructor). (Pierrick) - Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). (Ilia) - Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick) - Fixed bug #50575 (PDO_PGSQL LOBs are not compatible with PostgreSQL 8.5). (Matteo) - Fixed bug #50558 (Broken object model when extending tidy). (Pierrick) - Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram) - Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani) - Fixed bug #50394 (Reference argument converted to value in __call). (Stas) - Fixed bug #49851 (http wrapper breaks on 1024 char long headers). (Ilia) - Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe) - Fixed bug #49585 (date_format buffer not long enough for >4 digit years). (Derick, Adam) - Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob) - Fixed bug #48667 (Implementing Iterator and IteratorAggregate). (Etienne) - Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram) - Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia) - Fixed bug #47601 (defined() requires class to exist when testing for class constants). (Ilia) - Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com) - Fixed bug #47002 (Field truncation when reading from dbase dbs with more then 1024 fields). (Ilia, sjoerd-php at linuxonly dot nl) - Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke) - Fixed bug #44827 (define() allows :: in constant names). (Ilia)
2010-02-05Suhosin patch for php-5.2.12 is available now.obache2-6/+6
Noticed by Volkmar Seifert via PR#42749.
2010-01-17Recursive PKGREVISION bump for jpeg update to 8.wiz1-1/+2
2009-12-23Update lang/php5 to 5.2.12, security update.taca12-530/+20
Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes.
2009-11-30Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry.taca10-27/+171
1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION.
2009-10-22Add patch to check byte sequence more strictly in htmlspecialchars().taca3-2/+372
http://bugs.php.net/bug.php?id=49785 These are patch refrects r289411, r289554, r289565, r289567 and r289605 in PHP svn repositry. Bump PKGREVISION.
2009-10-22Add a patch from PHP's SVN repositry to fix gd library security problem.taca2-1/+19
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 Bump PKGREVISION of php-gd package. (This fix is for php5 only and I don't know about php4.)
2009-10-09Add some infomation in comment about packages which shold be checkedtaca1-1/+21
when lang/php5 package updated.
2009-09-26Update suhosin patch to 5.2.11, too.taca2-3/+6
2009-09-26Update lang/php5 to 5.2.11, fixing security problem of 5.2.10.taca5-45/+10
One pkglint warning was fixed, too. PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 17 Sep 2009, PHP 5.2.11 - Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia) 10 Sep 2009, PHP 5.2.11RC3 - Updated timezone database to version 2009.13 (2009m) (Derick) - Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia) - Fixed bug #49447 (php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan) - Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo) 03 Sep 2009, PHP 5.2.11RC2 - Added missing sanity checks around exif processing. (Ilia) - Fixed sanity check for the color index in imagecolortransparent. (Pierre) - Fixed zlib.deflate compress filter to actually accept level parameter. (Jani) - Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre) - Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru) - Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani) - Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani) - Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry) - Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani) - Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry) - Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas) - Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe) - Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry) - Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett) 13 Aug 2009, PHP 5.2.11RC1 - Fixed regression in cURL extension that prevented flush of data to output defined as a file handle. (Ilia) - Fixed memory leak in stream_is_local(). (Felipe, Tony) - Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre) - Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us) - Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu) - Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe) - Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani) - Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre) - Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani) - Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani) - Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia) - Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani) - Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe) - Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia) - Fixed bug #48929 (Double \r\n after HTTP headers when "header" context option is an array). (David Zülke) - Fixed bug #48913 (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe) - Fixed bug #48802 (printf() returns incorrect outputted length). (Jani) - Fixed bug #48801 (Problem with imagettfbbox). (Takeshi Abe) - Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia) - Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan) - Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre) - Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe) - Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia) - Fixed bug #48732 (TTF Bounding box wrong for letters below baseline). (Takeshi Abe) - Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia) - Fixed bug #48709 (metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe) - Fixed bug #48697 (mb_internal_encoding() value gets reset by parse_str()). (Moriyoshi) - Fixed bug #48693 (Double declaration of __lambda_func when lambda wrongly formatted). (peter at lvp-media dot com, Felipe) - Fixed bug #48661 (phpize is broken with non-bash shells). (Jani) - Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi) - Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani) - Fixed bug #48636 (Error compiling of ext/date on netware). (guenter at php.net, Ilia) - Fixed bug #48629 (get_defined_constants() ignores categorize parameter). (Felipe) - Fixed bug #48619 (imap_search ALL segfaults). (Pierre) - Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani) - Fixed bug #48555 (ImageFTBBox() differs from previous versions for texts with new lines) (Takeshi Abe) - Fixed bug #48539 (pdo_dblib fails to connect, throws empty PDOException "SQLSTATE[] (null)"). (Felipe) - Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using TMPDIR). (Ilia) - Fixed bug #48450 (Compile failure under IRIX 6.5.30 building gd.c). (Kalle) - Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani) - Fixed bug #48284 (hash "adler32" byte order is reversed). (Scott) - Fixed bug #48276 (date("Y") on big endian machines produces the wrong result). (Scott) - Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani) - Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org) - Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan) - Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net) - Fixed bug #47481 (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke) - Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John) - Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler) - Fixed bug #45905 (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre) - Fixed bug #45280 (Reflection of instantiated COM classes causes PHP to crash) (Paul Richards, Kalle) - Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia) - Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre) - Fixed bug #44144 (spl_autoload_functions() should return object instance when appropriate). (Hannes, Etienne) - Fixed bug #43510 (stream_get_meta_data() does not return same mode as used in fopen). (Jani) - Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
2009-08-11* Add a patch to fix build problem with OpenSSL 1.0.0 and later.taca2-2/+32
The patch is provided by Sverre Froyen <sverre at viewmark.com> and I confirmed its contents. * Remove checksum for patch-ad which had been removed.
2009-07-07Update lang/php5 to version 5.2.10 - according to the release annoucement:jdolecek4-29/+12
Security Enhancements and Fixes in PHP 5.2.10: * Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre) Key enhancements in PHP 5.2.10 include: * Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara) * Fixed memory corruptions while reading properties of zip files. (Ilia) * Fixed memory leak in ob_get_clean/ob_get_flush. (Christian) * Fixed segfault on invalid session.save_path. (Hannes) * Fixed leaks in imap when a mail_criteria is used. (Pierre) * Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi) * Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt) * Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe) * Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott) * Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia) * Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems). * Over 100 bug fixes.
2009-06-26add checksum for new patch-asjdolecek1-1/+2
2009-06-26resurrect patch originally from databases/php-pdo/patches/patch-aa, sojdolecek1-0/+25
that databases/php-pdo compiles and works as shared module on Mac OS X after the package has been modified to use modules shipped with PHP instead of (obsolete) PCRE versions
2009-06-14Replace @exec/@unexec with @pkgdir or drop it.joerg1-3/+2
2009-06-14Remove @dirrm entries from PLISTsjoerg1-23/+1
2009-06-09Requires pkg-config to find openssl dependancy.sketch1-2/+2
2009-03-20Simply and speed up buildlink3.mk files and processing.joerg1-13/+6
This changes the buildlink3.mk files to use an include guard for the recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS, BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of enter/exit marker, which can be used to reconstruct the tree and to determine first level includes. Avoiding := for large variables (BUILDLINK_ORDER) speeds up parse time as += has linear complexity. The include guard reduces system time by avoiding reading files over and over again. For complex packages this reduces both %user and %sys time to half of the former time.
2009-03-05Add back suhosin patch as a new one for 5.2.9 is outadrianp2-4/+7
2009-03-02The PHP development team would like to announce the immediate availability ↵adrianp6-43/+27
of PHP 5.2.9. This release focuses on improving the stability of the PHP 5.2.x branch with over 50 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release. Security Enhancements and Fixes in PHP 5.2.9: * Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott) * Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre) * Fixed explode() behavior with empty string to respect negative limit. (Shire) * Fixed a segfault when malformed string is passed to json_decode(). (Scott) Key enhancements in PHP 5.2.9 include: * Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei) * Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob) * A number of fixes in the mbstring extension (Moriyoshi) * Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno) * Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob) * Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott) * Fixed bug #46889 (Memory leak in strtotime()). (Derick) * Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry) * Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry) * Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia) * Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt) * Over 50 bug fixes.
2009-02-25add comment to appease pkglinttnn1-1/+2
2009-02-25Fix memory leak and pullup bug fix for http://bugs.php.net/bug.php?id=46918sborrill2-1/+29
Remove this patch when PHP >= 5.2.9 is released as it will contain these changes Bump PKGREVISION of php-imap
2009-02-22Fix for suhosin MESSAGEadrianp1-3/+3
2009-02-21When building extensions make sure non-standard OpenSSL locations areadrianp2-1/+15
also searched if an explicit path is not given.
2009-02-17Add Suhosin patch support via options.mk - no change to default package.adrianp4-4/+27
2009-02-07Get SSL support working on OpenSolaris. Unfortunately on OpenSolairs theadrianp4-8/+50
OpenSSL install is split between /lib and /usr/include/openssl with plays havoc with the php ./configure as it assumes both have the same base directory (e.g. /usr). This patch uses a modified inbuilt check for OpenSSL instead of explicitly specifying a base using --with-openssl.
2008-12-10Remove obsolete patch - pointed out by tron@adrianp1-167/+0
2008-12-10Update to 5.2.8.adrianp4-11/+8
Security Enhancements and Fixes in PHP 5.2.7: Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) Key enhancements in PHP 5.2.7 include: Fixed several memory leaks inside the readline and sqlite extensions A number of corrections relating to date parsing inside the date extension Fixed bugs relating to data retrieval in the PDO extension A series of crashes in various areas of code were resolved Several corrections were made to the strip_tags() function in terms of < and <?XML handling A number of bugs were fixed in extract() function when EXTR_REFS flag is being used Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility Over 170 bug fixes. 5.2.8 Reverted bug fix Fixed bug #42718 that broke magic_quotes_gpc (Scott)
2008-12-08Revert to 5.2.6:adrianp5-8/+178
http://www.php.net/archive/2008.php#id2008-12-07-1 Thanks to tron@ for the heads up
2008-12-05Update to 5.2.7.adrianp5-178/+8
Security Enhancements and Fixes in PHP 5.2.7: Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) Key enhancements in PHP 5.2.7 include: Fixed several memory leaks inside the readline and sqlite extensions A number of corrections relating to date parsing inside the date extension Fixed bugs relating to data retrieval in the PDO extension A series of crashes in various areas of code were resolved Several corrections were made to the strip_tags() function in terms of < and <?XML handling A number of bugs were fixed in extract() function when EXTR_REFS flag is being used Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility Over 170 bug fixes.
2008-10-28Fix buildling ap-php with APACHE_MPM=workeradam2-4/+18
2008-08-17This adds ${PREFIX}/lib/php to the default include_path in php.iniadrianp2-3/+10
which makes integration with PEAR a little simpler. PKGREVISION++
2008-08-08Add maintainer-zts optionadrianp1-2/+6
Suggested by riz@ in PR 39312
2008-07-08Fix PEAR installs where PKG_SYSCONFDIR is not the default.adrianp3-4/+8
Fixes PR 39081 PKGREVISION++
2008-05-04Security Enhancements and Fixes in PHP 5.2.6:adrianp3-8/+7
Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. Upgraded bundled PCRE to version 7.6 Key enhancements in PHP 5.2.6 include: * Fixed two possible crashes inside the posix extension. * Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug 44141 (private parent constructor callable through static function). * Fixed bug 43589 (a possible infinite loop in bz2_filter.c). * Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug 43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug 42736 (xmlrpc_server_call_method() crashes). * Fixed bug 42369 (Implicit conversion to string leaks memory). * Fixed bug 41562 (SimpleXML memory issue). * Over 120 bug fixes. See http://www.php.net/ChangeLog-5.php#5.2.6 for all the details
2008-03-04Accidentally missed from last commitsborrill1-2/+2
2008-03-04Patch around imap_header() dying with SIGABRT if recipient lists are toosborrill1-5/+145
long. Patch appended to PHP bug 42862, so the fix may be incorporated in later PHP releases and thus this patch can be reverted. http://bugs.php.net/bug.php?id=42862 Bump PKGREVISION of php-imap
2008-01-18Per the process outlined in revbump(1), perform a recursive revbumptnn1-1/+2
on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
2007-11-23Update to 5.2.5adrianp5-36/+7
* Security Enhancements and Fixes in PHP 5.2.5: Fixed dl() to only accept filenames. Reported by Laurent Gaffie. Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason. Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms). Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Key enhancements in PHP 5.2.5 include: Upgraded PCRE to version 7.3 Updated timezone database to version 2007.9 Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()) Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax) Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23) Over 60 bug fixes. For all the details see: http://www.php.net/ChangeLog-5.php#5.2.5
2007-10-09Remove trailing spaces.martti1-3/+3
2007-09-25add test target, as suggested by Chris Ross on pkgsrc-users@n.o.jdolecek1-1/+2