| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
it separately
|
|
(shared with ap-php) into the php package Makefile.
|
|
|
|
|
|
configurations. Problem pointed out by Adrian Portelli in
private e-mail.
|
|
of bugs discovered since the 4.3.11 release which could e.g. lead to
memory corruption.
Furthermore integrate version 1.4.0 of PEAR XML_RPC which contains a fix
for the "PEAR XML_RPC Remote PHP Code Injection Vulnerability" security
problem reported by the Hardened-PHP Project.
|
|
list causes problems with some (e.g. Irix) shells
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
so that lang/php/ext.php need not use = assignment and extensions
would be able to use different setting
|
|
|
|
|
|
|
|
This is a maintenance release that in addition to over 70 non-critical
bug fixes addresses several security issues inside the exif and
fbsql extensions as well as the unserialize(), swf_definepoly()
and getimagesize() functions. All Users of PHP are strongly
encouraged to upgrade to this release.
Bugfix release
* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object ref.
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.
PHP4 also doesn't bundle PEAR Net_Socket and Net_SMTP anymore now.
|
|
|
|
|
|
|
|
to update
|
|
- Added the %F modifier to *printf to render a non-locale-aware representation
of a float with the . as decimal separator. (Derick)
- Fixed a bug in addslashes() handling of the '\0' character. (Ilia)
- Backported Marcus' foreach() speedup patch from PHP 5.x. (Derick)
- Fixed potential problems with unserializing invalid serialize data. (Marcus)
- Fixed bug #31034 (Problem with non-existing iconv header file). (Derick)
- Fixed bug #31024 (Crash in fgetcsv() with negative length). (Ilia)
- Fixed bug #31019 (Logic error mssql library checking). (Frank)
- Fixed bug #30995 (snmp extension does not build with net-snmp 5.2). (Ilia)
- Fixed bug #30990 (allow popen() on *NIX to accept 'b' flag). (Ilia)
- Fixed bug #30826 (Certain reference relations cannot be unserialized
properly). (Ilia)
- Fixed bug #30750 (Meaningful error message when upload directory is not
accessible). (Ilia)
- Fixed bug #30739 (imagefill does not set back alphablending mode). (Pierre)
- Fixed bug #30672 (Problem handling exif data in jpeg images at unusual
places). (Marcus)
- Fixed bug #30658 (Ensure that temporary files created by GD are removed).
(Ilia)
- Fixed bug #30654 (oci8 persistent connection is deleted from hash
if there was exclusive connection with the same credentials). (Tony)
- Fixed bug #30613 (Prevent infinite recursion in url redirection). (Ilia)
- Fixed bug #30587 (array_multisort doesn't separate zvals before
changing them). (Tony)
- Fixed bug #30475 (curl_getinfo() may crash in some situations). (Ilia)
- Fixed bug #30442 (segfault when parsing ?getvariable[][ ). (Tony)
- Fixed bug #30388 (rename across filesystems loses ownership and
permission info). (Tony)
- Fixed bug #30282 (segfault when using unknown/unsupported
session.save_handler and/or session.serialize_handler). (Tony)
- Fixed bug #30281 (Prevent non-wbmp images from being detected as such).
(Ilia)
- Fixed bug #30276 (Possible crash in ctype_digit on large numbers). (Ilia)
- Fixed bug #30229 (imagerectangle and imagefilledrectangle do work well
with alpha channel, corners are drawn twice). (Pierre)
- Fixed bug #30224 (Sybase date strings are sometimes not null terminated).
(Ilia)
- Fixed bug #30133 (get_current_user() crashes on Windows). (Edin)
- Fixed bug #30057 (did not detect IPV6 on FreeBSD 4.1). (Wez)
- Fixed bug #30027 (Possible crash inside ftp_get()).
(cfield at affinitysolutions dot com)
- Fixed bug #29805 (HTTP Authentication Issues). (Uwe Schindler)
- Fixed bug #29418 (double free when openssl_csr_new fails).
(Kamesh Jayachandran).
- Fixed bug #28598 (Lost support for MS Symbol fonts). (Pierre)
- Fixed bug #28325 (Circular references not properly serialized). (Moriyoshi)
- Fixed bug #28228 (NULL decimal separator is not being handled correctly).
(Ilia)
- Fixed bug #27469 (serialize() objects of incomplete class). (Dmitry)
|
|
|
|
is necessary to avoid being subject to e.g. open_basedir or safe_mode settings
|
|
|
|
some extra docs and tests
|
|
creates its own compiler wrapper script. This "meta_ccld" script
isn't recognized by the installed libtool script as a compiler, and
libtool gets confused as to which compiler tag to use. Rather than
inserting "--tag=CC" into the Makefiles, we patch the configure script
to not make the wrapper script, and instead, to simply append the
appropriate pthreads CFLAGS to the normal CFLAGS variable subsituted
into Makefiles. This fixes PR pkg/28485.
|
|
These include some important bug fixes, and some other pear packages
require the newer versions.
Bump PKGREVISION, and BUILDLINK_RECOMMENDED.
|
|
g/c no longer needed Makefile.module
add support for building extensions off PECL; version for PECL packages
is built as ${PHP_BASE_VERS}.${PECL_VERSION}, i.e. PECL pkg version 1.0
would become php-pkg-4.3.9.1.0 or php-pkg-5.0.2.1.0 respectively
|
|
them to lang/php/
|
|
the former php4 version
|
|
|
|
|
|
it would not patch php 5.x
|
|
|
|
extension-specific patches from php4/patches/
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
Changes since 4.3.8:
* fixes to GPC input processing
* bundled GD extension synced with 2.0.28, re-introducing write support
for GIF (patent expiration worldwide)
* Implemented periodic PCRE compiled regexp cache cleanup, to avoid memory
exhaustion
* Fixed strip_tags() to correctly handle '\0' characters.
* Rewritten UNIX and Windows install help files.
* Fixed a file-descriptor leak with phpinfo() and other 'special' URLs.
* Fixed possible crash inside php_shutdown_config().
* Fixed isset crashes on arrays.
* Fixed imagecreatefromstring() crashes with external GD library.
* Fixed fgetcsv() parsing of strings ending with escaped enclosures.
* Fixed overflow in array_slice(), array_splice(), substr(), substr_replace(),
strspn(), strcspn().
* Fixed '\0' in Authenticate header passed via safe_mode.
* Allow bundled GD to compile against freetype 2.1.2.
All in all this release fixes over 50 bugs that have been discovered
and resolved since the 4.3.8 release.
|
|
otherwise the default is better (and the variable doesn't need to be set).
Remove a few cases where it was set unnecessarily.
|
|
|
|
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
|
|
for each package can be determined by invoking:
make show-var VARNAME=PKG_OPTIONS_VAR
The old options are still supported unless the variable named in
PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
|
|
This is security fix release, fixing several important security
issues. From the ChangeLog:
* Fixed strip_tags() to correctly handle '\0' characters.
* Improved stability during startup when memory_limit is used.
* Replace alloca() with emalloc() for better stack protection.
* Added missing safe_mode checks inside ftok and itpc.
* Fixed bug #28963 Fixed address allocation routine in IMAP extension.
* Fixed bug #28632 Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
Note: package update also includes extra patches from PHP CVS not
present in stock PHP 4.3.8 release - compilation fix for
mssql extension and Zend engine memory-use-after-free fix.
|
|
it for pear packages
|
|
make sense standalone
|
|
so that it affects only the core iterpreter packages (php4 and ap-php4);
individual php4-* modules have their own PKGREVISION
|
|
bump php4 PKGREVISION
|
|
Change list from release notes:
* Synchronized bundled GD library with GD 2.0.23.
* Fixed a bug that prevented compilation of GD extensions against
FreeType 2.1.0-2.1.2.
* Fixed thread safety issue with informix connection id.
* Fixed incorrect resolving of relative paths by glob() in windows.
* Fixed mapping of Greek letters to html entities.
* Fixed a bug that caused an on shutdown crash when using PHP with Apache
2.0.49.
* Fixed a number of crashes inside pgsql, cpdf and gd extensions.
All in all this release fixes over 30 bugs that have been discovered
and resolved since the 4.3.6 release.
|
|
lintpkgsrc complain. Closes PR 25648.
|
|
|
|
|
|
(ports/lang/php4/files/patch-ext::pcre::php_pcre.c). Fixes a bug
(described at http://bugs.php.net/bug.php?id=27810) which causes
apache2 to dump core on receiving SIGHUP.
This is supposedly fixed in the next release of PHP.
|
