Age | Commit message (Collapse) | Author | Files | Lines |
|
security update for php5
- pkgsrc/lang/php5/Makefile 1.62
- pkgsrc/lang/php5/Makefile.common 1.28
- pkgsrc/lang/php5/distinfo 1.50
- pkgsrc/lang/php5/patches/patch-ao removed
- pkgsrc/lang/php5/patches/patch-ar removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Nov 23 13:20:01 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ao patch-ar
Log Message:
Update to 5.2.5
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob() functions.
Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported by
SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to
non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using
ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(),
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with
fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale
rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
|
|
security fix for perl
- pkgsrc/lang/perl5/Makefile 1.129
- pkgsrc/lang/perl5/distinfo 1.43
- pkgsrc/lang/perl5/patches/patch-da 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Tue Nov 6 19:54:53 UTC 2007
Modified Files:
pkgsrc/lang/perl5: Makefile distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-da
Log Message:
add a patch from Redhat bugzilla #323571 to fix CVE-2007-5116:
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl.
|
|
|
|
NetBSD-4 (at least). Else pkg_sync and pkg_tarup won't work.
|
|
This is for PR #37095 noticed on Linux.
|
|
|
|
|
|
Basically, no change since previous update except Net::HTTP default
@enable_post_connection_check was wrongly set to true. (It might
cause compatibility problem.)
|
|
|
|
|
|
|
|
(I tested on old DragonFly 1.7.0-DEVELOPMENT.)
|
|
|
|
removed unavailable ftp://alpha.gnu.org/budne/snobol/.
add new entry ftp://ftp.snobol4.org/snobol/old/.
(ftp://ftp.snobol4.org/snobol/ have newer version 1.1).
|
|
officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's
version.
This isn't leaf package but fixes security problem reported by
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt.
Bump PKGREVISION.
|
|
By using /bin/ksh (${SH}), we get the desired value of $CWD in on of the
scripts called by the programs install procedure.
Fixes installation under solaris, other platforms unaffected.
|
|
|
|
|
|
|
|
|
|
Approved by wiz@.
This is bug fix release of Ruby 1.8.6. Especially it fixes thread/eval
function problem on Mac OS X. It also contains an openssl extention's
portablity problem which was bad patch by pkgsrc.
For more detail, please refer CHANGES file.
|
|
Approved by wiz@.
|
|
Location of boehm-gc header files has been changed.
|
|
|
|
Update HOMEPAGE and MASTER_SITES (but commented out, since only have ver0.11).
|
|
Instead use the older tarball that does have the version as part of the
name. It has same checksum.
It is really beta but at least the file name exists tomorrow.
We will wait until developer releases a real version.
Sorry about going back in time in versioning in pkgsrc
-- hopefully nobody hit this in the past few minutes.
|
|
This fixes PR # 37014
Also take MAINTAINERship.
Update DESCR to not be first person.
Note: man pages not installed as they still need a little cleanup.
|
|
ok'd by wiz@
|
|
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
Populate the PLIST
|
|
|
|
latest version of the portable C compiler.
The compiler is based on the original Portable C Compiler by S. C.
Johnson, written in the late 70's. Even though much of the compiler
has been rewritten, some of the basics still remain.
The intention is to write a C99 compiler while still keeping it small,
simple, fast and understandable. I think of it as if it shall be able
to compile and run on PDP11 (even if it may not happen in reality).
But with this in mind it becomes important to think twice about what
algorithms are used.
The compiler is conceptually structured in two parts; pass1 which is
language-dependent, does parsing, typechecking and build trees, and
pass2 which is mostly language-independent.
About 50% of the frontend code and 80% of the backend code has been
rewritten. Most stuff is written by me, with the exception of the
data-flow analysis part and the SSA conversion code which is written
by Peter A Jonsson, and the Mips port that were written as part of a
project by undergraduate students at LTU.
As discussed at great length at EuroBSDcon 2007.
|
|
- New language features
- New tools
- Faster type-checking of functor applications.
- Referencing an interface compiled with -rectypes from a module
not compiled with -rectypes is now an error.
- Revised the "fragile matching" warning.
- Print a stack backtrace on an uncaught exception.
- Stack overflow detection on MS Windows 32 bits.
- Stack overflow detection on MacOS X PPC and Intel.
- Intel/AMD 64 bits: generate position-independent code by default.
- Fixed bug involving -for-pack and missing .cmx files.
- Fixed bug causing duplication of literals.
- C/Caml interface functions take "char const *" arguments
instead of "char *" when appropriate.
- Faster string comparisons (fast case if strings are ==).
- Other
|
|
extension loading code to export all symbols (i.e. do equivalent
of dlopen(..., RTLD_GLOBAL)), so that older Mac OS X without dlopen()
(before 10.4) also load extensions properly
patch also submitted as PHP bug# 42629
|
|
a meta package.
|
|
|
|
Ruby 1.8.6 patchlevel 36 is maintainous release of Ruby.
Changes are too many, please see ChangeLog:
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_6_36/ChangeLog
|
|
|
|
them if they do exist.
|
|
and to support the "inet6" option instead.
Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files. Replace:
BUILD_DEFS+= USE_INET6
with
BUILD_DEFS+= IPV6_READY
and teach the README-generation tools to look for that instead.
This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.
|
|
|
|
|
|
when Perl is installed in the "outer" pkgsrc. Otherwise, references to
the pbulk directory are stored in the binary package.
|
|
build on case-insensitive filesystem
|
|
|
|
on Mac OS X,
so that symbols of loaded modules are available for other, dependant modules;
dlopen() is native function since 10.4, so actually apparently preferable interface
now
this is necessary for PDO family of modules (pdo_* depends on symbols of PDO module),
and for XSL module (which depends on symbols of DOM module); doing it this way
allows for PDO and DOM modules to be also shared and dynamically loaded, this avoids
need to compile them into main PHP binary
bump PKGREVISION, this is functionality change for Mac OS X (no change for other
platforms)
|