| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Changes since 4.3.8:
* fixes to GPC input processing
* bundled GD extension synced with 2.0.28, re-introducing write support
for GIF (patent expiration worldwide)
* Implemented periodic PCRE compiled regexp cache cleanup, to avoid memory
exhaustion
* Fixed strip_tags() to correctly handle '\0' characters.
* Rewritten UNIX and Windows install help files.
* Fixed a file-descriptor leak with phpinfo() and other 'special' URLs.
* Fixed possible crash inside php_shutdown_config().
* Fixed isset crashes on arrays.
* Fixed imagecreatefromstring() crashes with external GD library.
* Fixed fgetcsv() parsing of strings ending with escaped enclosures.
* Fixed overflow in array_slice(), array_splice(), substr(), substr_replace(),
strspn(), strcspn().
* Fixed '\0' in Authenticate header passed via safe_mode.
* Allow bundled GD to compile against freetype 2.1.2.
All in all this release fixes over 50 bugs that have been discovered
and resolved since the 4.3.8 release.
|
|
This is security fix release, fixing several important security
issues. From the ChangeLog:
* Fixed strip_tags() to correctly handle '\0' characters.
* Improved stability during startup when memory_limit is used.
* Replace alloca() with emalloc() for better stack protection.
* Added missing safe_mode checks inside ftok and itpc.
* Fixed bug #28963 Fixed address allocation routine in IMAP extension.
* Fixed bug #28632 Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
Note: package update also includes extra patches from PHP CVS not
present in stock PHP 4.3.8 release - compilation fix for
mssql extension and Zend engine memory-use-after-free fix.
|
|
bump php4 PKGREVISION
|
|
Change list from release notes:
* Synchronized bundled GD library with GD 2.0.23.
* Fixed a bug that prevented compilation of GD extensions against
FreeType 2.1.0-2.1.2.
* Fixed thread safety issue with informix connection id.
* Fixed incorrect resolving of relative paths by glob() in windows.
* Fixed mapping of Greek letters to html entities.
* Fixed a bug that caused an on shutdown crash when using PHP with Apache
2.0.49.
* Fixed a number of crashes inside pgsql, cpdf and gd extensions.
All in all this release fixes over 30 bugs that have been discovered
and resolved since the 4.3.6 release.
|
|
|
|
http://cgi-spec.golux.com/
mentions SCRIPT_NAME but not SCRIPT_FILENAME.
Support web servers that only supply the former, even though
PHP 4.3 wants the latter to operate as a CGI...
Fixes problem using PHP 4.3 under a variety of non-Apache web servers.
|
|
Changes are bug-fixes mostly, but also synchronizes bundled GD
with GD 2.0.22 and updates PCRE to version 4.5. Several NetBSD
patches were integrated too, so future pkgsrc updates would
be even more smooth.
Full list of changes since PHP 4.3.4 is available at:
http://www.php.net/ChangeLog-4.php#4.3.6
http://www.php.net/ChangeLog-4.php#4.3.5
|
|
bump PKGREVISION for this change
|
|
|
|
From release announcemenet:
After a lengthy QA process, PHP 4.3.4 is finally out!
This is a medium size maintenance release, with a fair number of bug fixes.
All users are encouraged to upgrade to 4.3.4.
Bugfix release
PHP 4.3.4 contains, among others, following important fixes, additions
and improvements:
* Fixed disk_total_space() and disk_free_space() under FreeBSD.
* Fixed FastCGI support on Win32.
* Fixed FastCGI being unable to bind to a specific IP.
* Fixed several bugs in mail() implementation on win32.
* Fixed crashes in a number of functions.
* Fixed compile failure on MacOSX 10.3 Panther.
* Over 60 various bug fixes!
For full list of changes in PHP 4.3.4, see ChangeLog:
http://www.php.net/ChangeLog-4.php#4.3.4
|
|
|
|
Some highlights of changes since 4.2.3:
* PCRE updated to 4.3, GD to 2.0.15
* improved Apache2 support
* much improved stream & URL wrapper support, output compression support
* added CLI (Command Line Interface) SAPI
* debug_backtrace() backported from ZendEngine2
* faster build system
* huge number of other bug fixes and improvements
Packaging changes:
* 'pcre', 'xml', and 'session' modules folded back into main package -
'pcre' and 'xml' is required by PEAR, and 'session' is just too essential
to be separate
* 'gd' module now uses bundled PHP GD library, which is better integrated
* PHP modules use shared distinfo when possible to ease future PHP updates
* ${PREFIX}/bin/php is now CLI version, ${PREFIX}/libexec/cgi-big/php
remains CGI version
|
|
find this separately now that apr is provided in a separate package.
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1396
(Patch obtained from RedHat's php-4.2.2-8.0.7.src.rpm.)
Bump PKGREVISION.
|
|
tech-pkg@ where the incorrect libtoolize was being invoked. We now pass
in the path to libtoolize via the environment, much like how the other
GNU auto* tools are found in pkgsrc.
|
|
|
|
|
|
|
|
* lots of bug fixes
* experimental apache2 support
* added IPv6 support to gethostbyaddr()
ATTENTION!! register_globals defaults to 'off' now
|
|
|
|
generalise the linker flags used to export symbols by setting them on
a per-OS basis.
> many packages force -Wl,-export-dynamic which is not portable outside GNU ld
> and cause problems e.g. on Solaris. some of these packages use if
> conditionals either only for NetBSD or except SunOS, but the state is not
> coherent and it may complicate later when support for new OS is added to
> pkgsrc (e.g. ongoing work on HP-UX support).
>
> jlam proposed the following framework in discussion on tech-pkg:
>
> http://mail-index.netbsd.org/tech-pkg/2002/06/21/0009.html
>
> now, ${EXPORT_SYMBOLS_LDFLAGS} is used instead of directly defining
> -Wl,-export-dynamic which is set in appropriate defs.*.mk to reasonable
> values. packages should be converted to this framework by:
>
> 1) replacing LDFLAGS+= -Wl,-export-dynamic and LIBS+= -export-dynamic with:
>
> LDFLAGS+= ${EXPORT_SYMBOLS_LDFLAGS}
>
> 2) for use in patchfiles, add this variable to MAKE_ENV if needed:
>
> MAKE_ENV+= EXPORT_SYMBOLS_LDFLAGS=${EXPORT_SYMBOLS_LDFLAGS}
>
> 3) replace occurances of -Wl,-export-dynamic and -export-dynamic in patch
> files with:
>
> $(EXPORT_SYMBOLS_LDFLAGS)
|
|
|
|
|
|
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
|
|
- Fixed start up failure when mm save handler is used and there is multiple
SAPIs are working at the same time. (Yasuo)
- Fixed a buffer overflow in the RFC-1867 file upload code (Stefan)
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
[...]
"If you are running PHP 4.0.3 or above one way to workaround these bugs is
to disable the fileupload support within your php.ini (file_uploads = Off).
If you are running php as module keep in mind to restart the webserver.
Anyway you should better install the fixed or a properly patched version to
be safe."
|
|
- Fixed bug that caused crashes or error notices on shutdown on threaded
platforms. (Zeev)
- Fixed bug in gmmktime() which was one hour off during standard time -
bug #9878. Patch by bfoddy@mediaone.net. (jmoore)
- Fixed a bug where the is_file() family of functions would in-correctly give
an error when they were given filenames that didn't exist. (Sterling)
- Fixed a bug in the strtotime() function where it was incorrectly recognizing
GMT +0100 and GMT -0100. (Derick)
|
|
- Introduced a new $_REQUEST array, which includes any GET, POST or COOKIE
variables. Like the other new variables, this variable is also available
regardless of the context.
- Introduced $_GET, $_POST, $_COOKIE, $_SERVER and $_ENV variables, which
deprecate the old $HTTP_*_VARS arrays. In addition to be much shorter to
type - these variables are also available regardless of the scope, and
there's no need to import them using the 'global' statement.
Other relevant changes include:
- Bug fixes to prevent crashes on unexpected input.
- Huge performance improvements, especially in thread-safe code.
- Introduced extension version numbers.
- Added support for single dimensional SafeArrays and Enumerations.
Added an is_enum() function to check if a component implements an
enumeration.
- Improved speed of the serializer/deserializer.
- Floating point numbers are better detected when converting from strings.
- Added import_request_variables(), to allow users to safely import form
variables to the global scope
- Add config option (always_populate_raw_post_data) which when enabled
will always populate $HTTP_RAW_POST_DATA regardless of the post mime
type
- Added getmygid() and safe_mode_gid ini directive to allow safe mode to do
a gid check instead of a uid check.
- Assigning to a string offset beyond the end of the string now automatically
increases the string length by padding it with spaces, and performs the
assignment.
|
|
- Bug fixes (memory leaks and other errors)
- Made $HTTP_SESSION_VARS['foo'] and $foo be references to the same value
when register_globals is on. (Andrei)
- Added is_callable() function that can be used to find out whether
its argument is a valid callable construct. (Andrei)
- Added pg_last_notice() function. (Rasmus from suggestion by Dirk@rackspace.com)
- Added support to getimagesize to return dimensions of BMP and PSD
files. (Derick)
- Added Japanese multibyte string functions support. (Rui)
- Added key_exists() to check if a given key or index exists in an
array or object. (David Croft)
- Added -C command-line option to avoid chdir to the script's directory. (Stig)
- printf argnum (parameter swapping) support. (Morten Poulsen, Rasmus)
- Modified get_parent_class() and get_class_methods() to accept a class name as
well as a class instance. (Andrei, Zend Engine)
- Added array_map() function that applies a callback to the elements
of given arrays and returns the result. It can also be used with a
null callback to transpose arrays. (Andrei)
- Added array_filter(), which allows filtering of array elements via
the specified callback. (Andrei)
|
|
many general bugfixes, important fixes to the pgsql module to support
PostgreSQL transactions correctly, speedups, and a zlib output compressor.
|
|
|
|
|
|
+ move the patch digest/checksum values from files/patch-sum to distinfo
|
