Age | Commit message (Collapse) | Author | Files | Lines |
|
php5: security update
Revisions pulled up:
- lang/php5/MESSAGE.suhosin 1.1 via patch
- lang/php5/Makefile 1.71 via patch
- lang/php5/Makefile.common 1.35
- lang/php5/Makefile.php 1.33-1.34
- lang/php5/PLIST 1.21
- lang/php5/distinfo 1.61-1.62
- lang/php5/patches/patch-an patch
- lang/php5/patches/patch-ar patch
- lang/php5/patches/patch-as delete
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Mar 2 22:52:17 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common Makefile.php PLIST distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-as
Log Message:
The PHP development team would like to announce the immediate availability of PHP 5.2.9. This release focuses on improving the stability of the PHP 5.2.x branch with over 50 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.9:
* Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
* Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
* Fixed explode() behavior with empty string to respect negative limit. (Shire)
* Fixed a segfault when malformed string is passed to json_decode(). (Scott)
Key enhancements in PHP 5.2.9 include:
* Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
* Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)
* A number of fixes in the mbstring extension (Moriyoshi)
* Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)
* Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)
* Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott)
* Fixed bug #46889 (Memory leak in strtotime()). (Derick)
* Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry)
* Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)
* Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)
* Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)
* Over 50 bug fixes.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Mar 5 23:22:24 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile.php distinfo
Log Message:
Add back suhosin patch as a new one for 5.2.9 is out
|
|
php-imap: bug fix
Revisions pulled up:
- lang/php5/distinfo 1.60 (via patch)
- lang/php5/patches/patch-as 1.4
- mail/php-imap/Makefile 1.18
---
Module Name: pkgsrc
Committed By: sborrill
Date: Wed Feb 25 08:59:47 UTC 2009
Modified Files:
pkgsrc/lang/php5: distinfo
pkgsrc/mail/php-imap: Makefile
Added Files:
pkgsrc/lang/php5/patches: patch-as
Log Message:
Fix memory leak and pullup bug fix for http://bugs.php.net/bug.php?id=46918
Remove this patch when PHP >= 5.2.9 is released as it will contain these
changes
Bump PKGREVISION of php-imap
|
|
php-imap: bug fix
Revisions pulled up:
- lang/php5/distinfo 1.60 (via patch)
- lang/php5/patches/patch-as 1.4
- mail/php-imap/Makefile 1.18
---
Module Name: pkgsrc
Committed By: sborrill
Date: Wed Feb 25 08:59:47 UTC 2009
Modified Files:
pkgsrc/lang/php5: distinfo
pkgsrc/mail/php-imap: Makefile
Added Files:
pkgsrc/lang/php5/patches: patch-as
Log Message:
Fix memory leak and pullup bug fix for http://bugs.php.net/bug.php?id=46918
Remove this patch when PHP >= 5.2.9 is released as it will contain these
changes
Bump PKGREVISION of php-imap
|
|
see: add patch for ppc ports
revisions pulled up:
pkgsrc/lang/see/Makefile pkgsrc/lang/see/distinfo 1.2
pkgsrc/lang/see/patches/patch-aa 1.1
Module Name: pkgsrc
Committed By: he
Date: Thu Feb 12 15:24:14 UTC 2009
Modified Files:
pkgsrc/lang/see: Makefile distinfo
Added Files:
pkgsrc/lang/see/patches: patch-aa
Log Message:
Update from version 3.0.1376 to 3.0.1376nb1.
Pkgsrc changes:
o Add a patch so that our PowerPC-based ports are properly detected
by the dtoa configuration logic, by also recognizing __powerpc__
to indicate big-endian float format.
This should fix PR#40624.
|
|
perl5: fix bulk build problem
Revisions pulled up:
- lang/perl5/patches/patch-da 1.5
---
Module Name: pkgsrc
Committed By: joerg
Date: Thu Jan 29 09:41:00 UTC 2009
Modified Files:
pkgsrc/lang/perl5/patches: patch-da
Log Message:
Fix patch.
|
|
ocaml: build fix for NetBSD/macppc
Revisons pulled up:
- lang/ocaml/Makefile 1.61
- lang/ocaml/distinfo 1.44
- lang/ocaml/patches/patch-bv 1.5
---
Module Name: pkgsrc
Committed By: he
Date: Thu Jan 22 01:00:34 UTC 2009
Modified Files:
pkgsrc/lang/ocaml: Makefile distinfo
Added Files:
pkgsrc/lang/ocaml/patches: patch-bv
Log Message:
Add a patch so that this package builds for our powerpc ports
as well. In this case, we fall into the SYS_elf branch together
with Linux, but we need a few other specifics to access registers
in the sigcontext.
|
|
|
|
match py([0-9][0-9])-.*. Fixes breakage when building gnome which then
tries to build hamster-applet and chokes due to PYPKGPREFIX ending up
undefined.
|
|
Add amd64 to that list. Bump revision of ocaml-graphics. Make ocaml
itself and ocaml-graphics destdir safe.
|
|
|
|
No functional change
|
|
Apply a fix for PR#39284
|
|
revision. In collaboration with Jens Rehsack.
|
|
This release is the last one before a major redesign of ECL,
which will affect issues like Unicode streams and handling of
interrupts.
Most notable changes since 0.9l include:
- new versioning scheme, based on <year>.<month>.<patchlevel>;
- compiler error, warning, notes and messages handling;
- float point number exceptions handling;
- signals handling;
- improvements to help file;
- improvements to operating system interface;
- CLX 0.7.3;
- many bug fixes.
|
|
* lots of bugfixes
* add/correct semantic checks
* more/improved warnings
* internal cleanups (introduce entity_t types)
* support more GCC extensions
* improved error recovery
* support more switches for GCC compatibility
* support for libc builtins
* add a manpage
|
|
by Chris Herborth in PR pkg/39425. This is somewhat cleaner than using
buildlink3 to do the same job.
|
|
manual page I have access to and breaks the build under Mac OS X Leopard
using the GCC 4.2.1 provided by Xcode Tools 3.1.2.
|
|
was there because guile was built against gmp etc. from /usr/pkg, not
present to let programs find -lguile. Therefore, add in rpath for
$(libdir) when we add in -L for libdir.
This looks ok to me, but I will be away AFK most of the day, so feel
free to remove the line in distinfo and re-commit if this turns out to
be bad.
|
|
merging to the new guile-config code, and it turns out not to be
necessary since there is some other mechanism to add rpath. Arguably
it should still be added, as the later rpath might only be there for
dependencies. (Plus, depending programs should use pkg-config
instead.)
|
|
Delete patch-aa as the whole lt_preloaded_symbols bit is gone upstream.
Changes in 1.8.6 (since 1.8.5)
* New features (see the manual for details)
** New convenience function `scm_c_symbol_length ()'
** Single stepping through code from Emacs
When you use GDS to evaluate Scheme code from Emacs, you can now use
`C-u' to indicate that you want to single step through that code. See
`Evaluating Scheme Code' in the manual for more details.
** New "guile(1)" man page!
* Changes to the distribution
** Automake's `AM_MAINTAINER_MODE' is no longer used
Thus, the `--enable-maintainer-mode' configure option is no longer
available: Guile is now always configured in "maintainer mode".
** `ChangeLog' files are no longer updated
Instead, changes are detailed in the version control system's logs. See
the top-level `ChangeLog' files for details.
* Bugs fixed
** `symbol->string' now returns a read-only string, as per R5RS
** Fix incorrect handling of the FLAGS argument of `fold-matches'
** `guile-config link' now prints `-L$libdir' before `-lguile'
** Fix memory corruption involving GOOPS' `class-redefinition'
** Fix possible deadlock in `mutex-lock'
** Fix build issue on Tru64 and ia64-hp-hpux11.23 (`SCM_UNPACK' macro)
** Fix build issue on mips, mipsel, powerpc and ia64 (stack direction)
** Fix build issue on hppa2.0w-hp-hpux11.11 (`dirent64' and `readdir64_r')
** Fix build issue on i386-unknown-freebsd7.0 ("break strict-aliasing rules")
** Fix misleading output from `(help rationalize)'
** Fix build failure on Debian hppa architecture (bad stack growth detection)
** Fix `gcd' when called with a single, negative argument.
** Fix `Stack overflow' errors seen when building on some platforms
** Fix bug when `scm_with_guile ()' was called several times from the
same thread
** The handler of SRFI-34 `with-exception-handler' is now invoked in the
dynamic environment of the call to `raise'
** Fix potential deadlock in `make-struct'
** Fix compilation problem with libltdl from Libtool 2.2.x
** Fix sloppy bound checking in `string-{ref,set!}' with the empty string
|
|
|
|
Security Enhancements and Fixes in PHP 5.2.7:
Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:
Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
Over 170 bug fixes.
5.2.8
Reverted bug fix Fixed bug #42718 that broke magic_quotes_gpc (Scott)
|
|
http://www.php.net/archive/2008.php#id2008-12-07-1
Thanks to tron@ for the heads up
|
|
Debian. While there also fix two check interpreter warnings.
|
|
|
|
Security Enhancements and Fixes in PHP 5.2.7:
Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:
Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
Over 170 bug fixes.
|
|
Noted by Robert Elz in PR 40082.
|
|
|
|
|
|
|
|
|
|
with e.g. -g (in the future)
|
|
|
|
Cparser is a recursive descent C99 parser written in C99. It contains
a lexer, a parser, and the appropriate constructs; it does AST and
semantic analysis. It is currently used as a frontend to the
libFirm intermediate representation. However, it can be used
independently, and also is able to bootstrap itself. Currently, cparser
uses an external preprocessor.
|
|
|
|
|
|
Bump PKGREVISION
|
|
let configure choose tls model
provide atomic_ops to Interlock functions in newer NetBSDs
bump PKGREVISION
|
|
|
|
|
|
|
|
|
|
decided to add files to the distribution.
|
|
java/sun-6/lib/servicetag/registration.xml
|
|
Python 2.3 is now well and truly in bugfix-only mode; no new features
are being added, and only security critical bugs have been fixed.
This release addresses a number of cases interpreter might have
crashed in certain boundary conditions.
What's New in Python 2.3.7?
===========================
*Release date: 11-Mar-2008*
What's New in Python 2.3.7c1?
===========================
*Release date: 02-Mar-2008*
Core and builtins
-----------------
- Added checks for integer overflows, contributed by Google. Some are
only available if asserts are left in the code, in cases where they
can't be triggered from Python code.
What's New in Python 2.3.6?
===========================
*Release date: 01-NOV-2006*
What's New in Python 2.3.6c1?
=============================
*Release date: 25-OCT-2006*
Core and builtins
-----------------
- Patch #1541585: fix buffer overrun when performing repr() on
a unicode string in a build with wide unicode (UCS-4) support.
This is the problem described in security advisory PSF-2006-001.
Extension modules
-----------------
- Apply fix for potential heap overflow in PCRE code (CAN-2005-2491).
Library
-------
- The email package has improved RFC 2231 support, specifically for
recognizing the difference between encoded (name*0*=<blah>) and non-encoded
(name*0=<blah>) parameter continuations. This may change the types of
values returned from email.message.Message.get_param() and friends.
Specifically in some cases where non-encoded continuations were used,
get_param() used to return a 3-tuple of (None, None, string) whereas now it
will just return the string (since non-encoded continuations don't have
charset and language parts).
Also, whereas % values were decoded in all parameter continuations, they are
now only decoded in encoded parameter parts.
|
|
|
|
|
|
As perl 5.6 wont be seen in a pkgsrc context just replace the test for
5.6 with one for 5.10 rather than a more substantial change.
|
|
|
|
|