| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Some highlights of changes since 4.2.3:
* PCRE updated to 4.3, GD to 2.0.15
* improved Apache2 support
* much improved stream & URL wrapper support, output compression support
* added CLI (Command Line Interface) SAPI
* debug_backtrace() backported from ZendEngine2
* faster build system
* huge number of other bug fixes and improvements
Packaging changes:
* 'pcre', 'xml', and 'session' modules folded back into main package -
'pcre' and 'xml' is required by PEAR, and 'session' is just too essential
to be separate
* 'gd' module now uses bundled PHP GD library, which is better integrated
* PHP modules use shared distinfo when possible to ease future PHP updates
* ${PREFIX}/bin/php is now CLI version, ${PREFIX}/libexec/cgi-big/php
remains CGI version
|
|
find this separately now that apr is provided in a separate package.
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
(Patch obtained from RedHat's php-4.2.2-8.0.7.src.rpm.)
Bump PKGREVISION.
|
|
tech-pkg@ where the incorrect libtoolize was being invoked. We now pass
in the path to libtoolize via the environment, much like how the other
GNU auto* tools are found in pkgsrc.
|
|
|
|
|
|
|
|
* lots of bug fixes
* experimental apache2 support
* added IPv6 support to gethostbyaddr()
ATTENTION!! register_globals defaults to 'off' now
|
|
|
|
generalise the linker flags used to export symbols by setting them on
a per-OS basis.
> many packages force -Wl,-export-dynamic which is not portable outside GNU ld
> and cause problems e.g. on Solaris. some of these packages use if
> conditionals either only for NetBSD or except SunOS, but the state is not
> coherent and it may complicate later when support for new OS is added to
> pkgsrc (e.g. ongoing work on HP-UX support).
>
> jlam proposed the following framework in discussion on tech-pkg:
>
> http://mail-index.netbsd.org/tech-pkg/2002/06/21/0009.html
>
> now, ${EXPORT_SYMBOLS_LDFLAGS} is used instead of directly defining
> -Wl,-export-dynamic which is set in appropriate defs.*.mk to reasonable
> values. packages should be converted to this framework by:
>
> 1) replacing LDFLAGS+= -Wl,-export-dynamic and LIBS+= -export-dynamic with:
>
> LDFLAGS+= ${EXPORT_SYMBOLS_LDFLAGS}
>
> 2) for use in patchfiles, add this variable to MAKE_ENV if needed:
>
> MAKE_ENV+= EXPORT_SYMBOLS_LDFLAGS=${EXPORT_SYMBOLS_LDFLAGS}
>
> 3) replace occurances of -Wl,-export-dynamic and -export-dynamic in patch
> files with:
>
> $(EXPORT_SYMBOLS_LDFLAGS)
|
|
|
|
|
|
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
|
|
- Fixed start up failure when mm save handler is used and there is multiple
SAPIs are working at the same time. (Yasuo)
- Fixed a buffer overflow in the RFC-1867 file upload code (Stefan)
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
[...]
"If you are running PHP 4.0.3 or above one way to workaround these bugs is
to disable the fileupload support within your php.ini (file_uploads = Off).
If you are running php as module keep in mind to restart the webserver.
Anyway you should better install the fixed or a properly patched version to
be safe."
|
|
- Fixed bug that caused crashes or error notices on shutdown on threaded
platforms. (Zeev)
- Fixed bug in gmmktime() which was one hour off during standard time -
bug #9878. Patch by bfoddy@mediaone.net. (jmoore)
- Fixed a bug where the is_file() family of functions would in-correctly give
an error when they were given filenames that didn't exist. (Sterling)
- Fixed a bug in the strtotime() function where it was incorrectly recognizing
GMT +0100 and GMT -0100. (Derick)
|
|
- Introduced a new $_REQUEST array, which includes any GET, POST or COOKIE
variables. Like the other new variables, this variable is also available
regardless of the context.
- Introduced $_GET, $_POST, $_COOKIE, $_SERVER and $_ENV variables, which
deprecate the old $HTTP_*_VARS arrays. In addition to be much shorter to
type - these variables are also available regardless of the scope, and
there's no need to import them using the 'global' statement.
Other relevant changes include:
- Bug fixes to prevent crashes on unexpected input.
- Huge performance improvements, especially in thread-safe code.
- Introduced extension version numbers.
- Added support for single dimensional SafeArrays and Enumerations.
Added an is_enum() function to check if a component implements an
enumeration.
- Improved speed of the serializer/deserializer.
- Floating point numbers are better detected when converting from strings.
- Added import_request_variables(), to allow users to safely import form
variables to the global scope
- Add config option (always_populate_raw_post_data) which when enabled
will always populate $HTTP_RAW_POST_DATA regardless of the post mime
type
- Added getmygid() and safe_mode_gid ini directive to allow safe mode to do
a gid check instead of a uid check.
- Assigning to a string offset beyond the end of the string now automatically
increases the string length by padding it with spaces, and performs the
assignment.
|
|
- Bug fixes (memory leaks and other errors)
- Made $HTTP_SESSION_VARS['foo'] and $foo be references to the same value
when register_globals is on. (Andrei)
- Added is_callable() function that can be used to find out whether
its argument is a valid callable construct. (Andrei)
- Added pg_last_notice() function. (Rasmus from suggestion by Dirk@rackspace.com)
- Added support to getimagesize to return dimensions of BMP and PSD
files. (Derick)
- Added Japanese multibyte string functions support. (Rui)
- Added key_exists() to check if a given key or index exists in an
array or object. (David Croft)
- Added -C command-line option to avoid chdir to the script's directory. (Stig)
- printf argnum (parameter swapping) support. (Morten Poulsen, Rasmus)
- Modified get_parent_class() and get_class_methods() to accept a class name as
well as a class instance. (Andrei, Zend Engine)
- Added array_map() function that applies a callback to the elements
of given arrays and returns the result. It can also be used with a
null callback to transpose arrays. (Andrei)
- Added array_filter(), which allows filtering of array elements via
the specified callback. (Andrei)
|
|
many general bugfixes, important fixes to the pgsql module to support
PostgreSQL transactions correctly, speedups, and a zlib output compressor.
|
|
|
|
|
|
+ move the patch digest/checksum values from files/patch-sum to distinfo
|
