| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
http://bugs.php.net/bug.php?id=49785
These are patch refrects r289411, r289554, r289565, r289567 and r289605
in PHP svn repositry.
Bump PKGREVISION.
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
Bump PKGREVISION of php-gd package.
(This fix is for php5 only and I don't know about php4.)
|
|
when lang/php5 package updated.
|
|
|
|
One pkglint warning was fixed, too.
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
17 Sep 2009, PHP 5.2.11
- Fixed certificate validation inside php_openssl_apply_verification_policy.
(Ryan Sleevi, Ilia)
10 Sep 2009, PHP 5.2.11RC3
- Updated timezone database to version 2009.13 (2009m) (Derick)
- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
- Fixed bug #49447 (php engine needs to correctly check for socket API return
status on windows). (Sriram Natarajan)
- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
03 Sep 2009, PHP 5.2.11RC2
- Added missing sanity checks around exif processing. (Ilia)
- Fixed sanity check for the color index in imagecolortransparent. (Pierre)
- Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
- Fixed leak on error in popen/exec (and related functions) on Windows.
(Pierre)
- Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries).
(Ilia, code-it at mail dot ru)
- Fixed bug #49289 (bcmath module doesn't compile with phpize configure).
(Jani)
- Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)
- Fixed bug #49269 (Ternary operator fails on Iterator object when used inside
foreach declaration). (Etienne, Dmitry)
- Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
- Fixed bug #49144 (Import of schema from different host transmits original
authentication details). (Dmitry)
- Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including
files from function). (Stas)
- Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe)
- Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)
- Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
13 Aug 2009, PHP 5.2.11RC1
- Fixed regression in cURL extension that prevented flush of data to output
defined as a file handle. (Ilia)
- Fixed memory leak in stream_is_local(). (Felipe, Tony)
- Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)
- Fixed bug #49132 (posix_times returns false without error).
(phpbugs at gunnu dot us)
- Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)
- Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)
- Fixed bug #49074 (private class static fields can be modified by using
reflection). (Jani)
- Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)
- Fixed bug #49052 (context option headers freed too early when using
--with-curlwrappers). (Jani)
- Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference).
(Jani)
- Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars
restrictions). (Ilia)
- Fixed bug #48994 (zlib.output_compression does not output HTTP headers when
set to a string value). (Jani)
- Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)
- Fixed bug #48962 (cURL does not upload files with specified filename).
(Ilia)
- Fixed bug #48929 (Double \r\n after HTTP headers when "header" context
option is an array). (David Zülke)
- Fixed bug #48913 (Too long error code strings in pdo_odbc driver).
(naf at altlinux dot ru, Felipe)
- Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
- Fixed bug #48801 (Problem with imagettfbbox). (Takeshi Abe)
- Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked
directories). (Ilia)
- Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()).
(Sriram Natarajan)
- Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at
gmail dot com, Pierre)
- Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)
- Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on
files that have been opened with r+). (Ilia)
- Fixed bug #48732 (TTF Bounding box wrong for letters below baseline).
(Takeshi Abe)
- Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain
components). (Ilia)
- Fixed bug #48709 (metaphone and 'wh'). (brettz9 at yahoo dot com, Felipe)
- Fixed bug #48697 (mb_internal_encoding() value gets reset by parse_str()).
(Moriyoshi)
- Fixed bug #48693 (Double declaration of __lambda_func when lambda wrongly
formatted). (peter at lvp-media dot com, Felipe)
- Fixed bug #48661 (phpize is broken with non-bash shells). (Jani)
- Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal
html-entities). (Moriyoshi)
- Fixed bug #48637 ("file" fopen wrapper is overwritten when using
--with-curlwrappers). (Jani)
- Fixed bug #48636 (Error compiling of ext/date on netware). (guenter at
php.net, Ilia)
- Fixed bug #48629 (get_defined_constants() ignores categorize parameter).
(Felipe)
- Fixed bug #48619 (imap_search ALL segfaults). (Pierre)
- Fixed bug #48608 (Invalid libreadline version not detected during configure).
(Jani)
- Fixed bug #48555 (ImageFTBBox() differs from previous versions for texts
with new lines) (Takeshi Abe)
- Fixed bug #48539 (pdo_dblib fails to connect, throws empty PDOException
"SQLSTATE[] (null)"). (Felipe)
- Fixed bug #48465 (sys_get_temp_dir() possibly inconsistent when using
TMPDIR). (Ilia)
- Fixed bug #48450 (Compile failure under IRIX 6.5.30 building gd.c). (Kalle)
- Fixed bug #48400 (imap crashes when closing stream opened with
OP_PROTOTYPE flag). (Jani)
- Fixed bug #48284 (hash "adler32" byte order is reversed). (Scott)
- Fixed bug #48276 (date("Y") on big endian machines produces the
wrong result). (Scott)
- Fixed bug #48247 (Infinite loop and possible crash during startup with
errors when errors are logged). (Jani)
- Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre,
Al dot Smith at aeschi dot ch dot eu dot org)
- Fixed bug #48182 (ssl handshake fails during asynchronous socket connection).
(Sriram Natarajan)
- Fixed bug #48057 (Only the date fields of the first row are fetched,
others are empty). (info at programmiernutte dot net)
- Fixed bug #47481 (natcasesort() does not sort extended ASCII characters
correctly). (Herman Radtke)
- Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)
- Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX).
(Uwe Schindler)
- Fixed bug #45905 (imagefilledrectangle() clipping error).
(markril at hotmail dot com, Pierre)
- Fixed bug #45280 (Reflection of instantiated COM classes causes PHP to crash)
(Paul Richards, Kalle)
- Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
- Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
- Fixed bug #44144 (spl_autoload_functions() should return object instance
when appropriate). (Hannes, Etienne)
- Fixed bug #43510 (stream_get_meta_data() does not return same mode as used
in fopen). (Jani)
- Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot
com, Kalle)
|
|
The patch is provided by Sverre Froyen <sverre at viewmark.com> and
I confirmed its contents.
* Remove checksum for patch-ad which had been removed.
|
|
Security Enhancements and Fixes in PHP 5.2.10:
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). (Pierre)
Key enhancements in PHP 5.2.10 include:
* Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Changed default value of array_unique()'s optional sorting type parameter back to SORT_STRING to fix backwards compatibility breakage introduced in PHP 5.2.9. (Moriyoshi)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47903 ("@" operator does not work with string offsets). (Felipe)
* Fixed bug #47644 (Valid integers are truncated with json_decode()). (Scott)
* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result). (Ilia)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain 64bit systems).
* Over 100 bug fixes.
|
|
|
|
that databases/php-pdo compiles and works as shared module on Mac OS X
after the package has been modified to use modules shipped with PHP instead
of (obsolete) PCRE versions
|
|
|
|
|
|
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
|
|
of PHP 5.2.9. This release focuses on improving the stability of the PHP 5.2.x branch with over 50 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.9:
* Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
* Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
* Fixed explode() behavior with empty string to respect negative limit. (Shire)
* Fixed a segfault when malformed string is passed to json_decode(). (Scott)
Key enhancements in PHP 5.2.9 include:
* Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
* Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)
* A number of fixes in the mbstring extension (Moriyoshi)
* Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)
* Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)
* Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott)
* Fixed bug #46889 (Memory leak in strtotime()). (Derick)
* Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry)
* Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)
* Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)
* Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)
* Over 50 bug fixes.
|
|
|
|
Remove this patch when PHP >= 5.2.9 is released as it will contain these
changes
Bump PKGREVISION of php-imap
|
|
|
|
also searched if an explicit path is not given.
|
|
|
|
OpenSSL install is split between /lib and /usr/include/openssl with plays
havoc with the php ./configure as it assumes both have the same base
directory (e.g. /usr). This patch uses a modified inbuilt check for
OpenSSL instead of explicitly specifying a base using --with-openssl.
|
|
|
|
Security Enhancements and Fixes in PHP 5.2.7:
Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:
Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
Over 170 bug fixes.
5.2.8
Reverted bug fix Fixed bug #42718 that broke magic_quotes_gpc (Scott)
|
|
http://www.php.net/archive/2008.php#id2008-12-07-1
Thanks to tron@ for the heads up
|
|
Security Enhancements and Fixes in PHP 5.2.7:
Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:
Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
Over 170 bug fixes.
|
|
|
|
which makes integration with PEAR a little simpler.
PKGREVISION++
|
|
Suggested by riz@ in PR 39312
|
|
Fixes PR 39081
PKGREVISION++
|
|
Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
Upgraded bundled PCRE to version 7.6
Key enhancements in PHP 5.2.6 include:
* Fixed two possible crashes inside the posix extension.
* Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=)
* Fixed bug 44141 (private parent constructor callable through static function).
* Fixed bug 43589 (a possible infinite loop in bz2_filter.c).
* Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call).
* Fixed bug 43201 (Crash on using uninitialized vals and __get/__set).
* Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql).
* Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class).
* Fixed bug 42736 (xmlrpc_server_call_method() crashes).
* Fixed bug 42369 (Implicit conversion to string leaks memory).
* Fixed bug 41562 (SimpleXML memory issue).
* Over 120 bug fixes.
See http://www.php.net/ChangeLog-5.php#5.2.6 for all the details
|
|
|
|
long. Patch appended to PHP bug 42862, so the fix may be incorporated in
later PHP releases and thus this patch can be reverted.
http://bugs.php.net/bug.php?id=42862
Bump PKGREVISION of php-imap
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
|
|
|
|
|
|
extension loading code to export all symbols (i.e. do equivalent
of dlopen(..., RTLD_GLOBAL)), so that older Mac OS X without dlopen()
(before 10.4) also load extensions properly
patch also submitted as PHP bug# 42629
|
|
and to support the "inet6" option instead.
Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files. Replace:
BUILD_DEFS+= USE_INET6
with
BUILD_DEFS+= IPV6_READY
and teach the README-generation tools to look for that instead.
This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.
|
|
on Mac OS X,
so that symbols of loaded modules are available for other, dependant modules;
dlopen() is native function since 10.4, so actually apparently preferable interface
now
this is necessary for PDO family of modules (pdo_* depends on symbols of PDO module),
and for XSL module (which depends on symbols of DOM module); doing it this way
allows for PDO and DOM modules to be also shared and dynamically loaded, this avoids
need to compile them into main PHP binary
bump PKGREVISION, this is functionality change for Mac OS X (no change for other
platforms)
|
|
PKGREVISION
PR: 36869 by Louis Guillaume
|
|
Bump package revision.
|
|
|
|
bug fixes
|
|
- Fix compile problem on NetBSD with mremap(2).
Bump PKGREVISION.
|
|
support for this before, probably unintentionally.
|
|
Pointed out by schmonz@ and taca@
Bump PKGREVISION
|
|
Spotted by Takahiro Kambe
|
|
Security Fixes
* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.
* Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
* Fixed gd build when used with freetype 1.x (Pierre, Tony)
And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3
for all the details.
|
|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* Fixed a header injection via Subject and To parameters to the mail() function
(MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
* Fixed substr_compare and substr_count information leak
(MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside make_http_soap_request()
(by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create().
(by Ilia Alshanetsky)
|
|
Bump package revision.
|
