| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
|
|
|
|
|
|
php-* modules failed on Darwin because gcc was used to link them.
Thanks to John Klos for testing.
Bump PKGREVISION.
|
|
it produced empty *.so and the module couldn't be actually used
|
|
|
|
them between "not critical" and "less critical".
Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.
See:
http://secunia.com/advisories/19383/
http://secunia.com/advisories/19599/
Patches were extracted from CVS. I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why; I can confirm it fixes the issue).
While here, add PATCHDIR to the list of variables php5's Makefile.php
defines. That way, ap-php gets patched too...
|
|
that they look nicer.
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
installation to go through on NetBSD/sparc64 (well, at least mine).
Failure reported by Joel Carnat.
|
|
This is a bug fix release, which addresses some security problems too.
The major points that this release corrects are:
* Prevent header injection by limiting each header to a single line.
* Possible XSS inside error reporting functionality.
* Missing safe_mode/open_basedir checks into cURL extension.
* Apache 2 regression with sub-request handling on non-Linux systems.
* key() and current() regression related to references.
This release also fixes about 30 other defects.
|
|
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
This is done via an option group, default is CGI. Note that the
FastCGI interpreter can still be used for normal CGI, but there
might be security issues involved in doing so.
|
|
|
|
(endless loop):
http://bugs.php.net/bug.php?id=35067
Pull in a patch from the php CVS repository to fix this, as suggested a
squirrelmail mailing list:
http://cvs.php.net/diff.php/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.3&r2=1.543.2.51.2.4&ty=u
OK'd by Jaromir Dolecek, tested on apache-1 and apache-2 servers.
Bump pkgrevision.
|
|
|
|
so that configure won't try to run the (possibly not installed) pkg-config.
|
|
bump revision.
|
|
longer downloaded manually.
|
|
security fix, this fixes serious security problems regarding overwriting
of the GLOBALS array.
All users of PHP 4.3 and 4.4 sare encouradged to update to this version.
The --with-regex=system bug with re_magic has been fixed too, so re-enabling
use of --with-regex=system for all operating systems again
|
|
in private e-mail
|
|
turn it off. It's still on by default (in PKG_SUGGESTED_OPTIONS), so
no PKGREVISION bump required.
|
|
misinterpreted some Japanese characters as ASCII.
PR: 31223 by Takahiro Kambe
|
|
there
PR: 31047 by Gilles Dauphin
|
|
similarily how this is done in lang/php5/Makefile.php; default depends
in USE_INET6 setting, i.e. enabled iff OS supports it
|
|
|
|
|
|
when the base PHP is compiled with openssl extension (e.g. ssl://, tls://
stream support, and couple others). These don't work when SSL support
is loaded via extension.
For this reason, make openssl extension unconditionally built-in
into the main PHP package, and g/c security/php-openssl.
|
|
such as TLS support.
Patch provided by Stoned Elipot in private e-mail.
|
|
|
|
|
|
it separately
|
|
(shared with ap-php) into the php package Makefile.
|
|
|
|
|
|
configurations. Problem pointed out by Adrian Portelli in
private e-mail.
|
|
of bugs discovered since the 4.3.11 release which could e.g. lead to
memory corruption.
Furthermore integrate version 1.4.0 of PEAR XML_RPC which contains a fix
for the "PEAR XML_RPC Remote PHP Code Injection Vulnerability" security
problem reported by the Hardened-PHP Project.
|
|
list causes problems with some (e.g. Irix) shells
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
so that lang/php/ext.php need not use = assignment and extensions
would be able to use different setting
|
|
|
|
|
|
|
|
This is a maintenance release that in addition to over 70 non-critical
bug fixes addresses several security issues inside the exif and
fbsql extensions as well as the unserialize(), swf_definepoly()
and getimagesize() functions. All Users of PHP are strongly
encouraged to upgrade to this release.
Bugfix release
* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object ref.
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.
PHP4 also doesn't bundle PEAR Net_Socket and Net_SMTP anymore now.
|
