| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
installation to go through on NetBSD/sparc64 (well, at least mine).
Failure reported by Joel Carnat.
|
|
This is a bug fix release, which addresses some security problems too.
The major points that this release corrects are:
* Prevent header injection by limiting each header to a single line.
* Possible XSS inside error reporting functionality.
* Missing safe_mode/open_basedir checks into cURL extension.
* Apache 2 regression with sub-request handling on non-Linux systems.
* key() and current() regression related to references.
This release also fixes about 30 other defects.
|
|
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
This is done via an option group, default is CGI. Note that the
FastCGI interpreter can still be used for normal CGI, but there
might be security issues involved in doing so.
|
|
|
|
(endless loop):
http://bugs.php.net/bug.php?id=35067
Pull in a patch from the php CVS repository to fix this, as suggested a
squirrelmail mailing list:
http://cvs.php.net/diff.php/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.3&r2=1.543.2.51.2.4&ty=u
OK'd by Jaromir Dolecek, tested on apache-1 and apache-2 servers.
Bump pkgrevision.
|
|
|
|
so that configure won't try to run the (possibly not installed) pkg-config.
|
|
bump revision.
|
|
longer downloaded manually.
|
|
security fix, this fixes serious security problems regarding overwriting
of the GLOBALS array.
All users of PHP 4.3 and 4.4 sare encouradged to update to this version.
The --with-regex=system bug with re_magic has been fixed too, so re-enabling
use of --with-regex=system for all operating systems again
|
|
in private e-mail
|
|
turn it off. It's still on by default (in PKG_SUGGESTED_OPTIONS), so
no PKGREVISION bump required.
|
|
misinterpreted some Japanese characters as ASCII.
PR: 31223 by Takahiro Kambe
|
|
there
PR: 31047 by Gilles Dauphin
|
|
similarily how this is done in lang/php5/Makefile.php; default depends
in USE_INET6 setting, i.e. enabled iff OS supports it
|
|
|
|
|
|
when the base PHP is compiled with openssl extension (e.g. ssl://, tls://
stream support, and couple others). These don't work when SSL support
is loaded via extension.
For this reason, make openssl extension unconditionally built-in
into the main PHP package, and g/c security/php-openssl.
|
|
such as TLS support.
Patch provided by Stoned Elipot in private e-mail.
|
|
|
|
|
|
it separately
|
|
(shared with ap-php) into the php package Makefile.
|
|
|
|
|
|
configurations. Problem pointed out by Adrian Portelli in
private e-mail.
|
|
of bugs discovered since the 4.3.11 release which could e.g. lead to
memory corruption.
Furthermore integrate version 1.4.0 of PEAR XML_RPC which contains a fix
for the "PEAR XML_RPC Remote PHP Code Injection Vulnerability" security
problem reported by the Hardened-PHP Project.
|
|
list causes problems with some (e.g. Irix) shells
|
|
user settable variable. Set PKG_SUGGESTED_OPTIONS instead. Also,
make use of PKG_OPTIONS_LEGACY_VARS.
Reviewed by wiz.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
so that lang/php/ext.php need not use = assignment and extensions
would be able to use different setting
|
|
|
|
|
|
|
|
This is a maintenance release that in addition to over 70 non-critical
bug fixes addresses several security issues inside the exif and
fbsql extensions as well as the unserialize(), swf_definepoly()
and getimagesize() functions. All Users of PHP are strongly
encouraged to upgrade to this release.
Bugfix release
* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object ref.
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.
PHP4 also doesn't bundle PEAR Net_Socket and Net_SMTP anymore now.
|
|
|
|
|
|
|
|
to update
|
|
- Added the %F modifier to *printf to render a non-locale-aware representation
of a float with the . as decimal separator. (Derick)
- Fixed a bug in addslashes() handling of the '\0' character. (Ilia)
- Backported Marcus' foreach() speedup patch from PHP 5.x. (Derick)
- Fixed potential problems with unserializing invalid serialize data. (Marcus)
- Fixed bug #31034 (Problem with non-existing iconv header file). (Derick)
- Fixed bug #31024 (Crash in fgetcsv() with negative length). (Ilia)
- Fixed bug #31019 (Logic error mssql library checking). (Frank)
- Fixed bug #30995 (snmp extension does not build with net-snmp 5.2). (Ilia)
- Fixed bug #30990 (allow popen() on *NIX to accept 'b' flag). (Ilia)
- Fixed bug #30826 (Certain reference relations cannot be unserialized
properly). (Ilia)
- Fixed bug #30750 (Meaningful error message when upload directory is not
accessible). (Ilia)
- Fixed bug #30739 (imagefill does not set back alphablending mode). (Pierre)
- Fixed bug #30672 (Problem handling exif data in jpeg images at unusual
places). (Marcus)
- Fixed bug #30658 (Ensure that temporary files created by GD are removed).
(Ilia)
- Fixed bug #30654 (oci8 persistent connection is deleted from hash
if there was exclusive connection with the same credentials). (Tony)
- Fixed bug #30613 (Prevent infinite recursion in url redirection). (Ilia)
- Fixed bug #30587 (array_multisort doesn't separate zvals before
changing them). (Tony)
- Fixed bug #30475 (curl_getinfo() may crash in some situations). (Ilia)
- Fixed bug #30442 (segfault when parsing ?getvariable[][ ). (Tony)
- Fixed bug #30388 (rename across filesystems loses ownership and
permission info). (Tony)
- Fixed bug #30282 (segfault when using unknown/unsupported
session.save_handler and/or session.serialize_handler). (Tony)
- Fixed bug #30281 (Prevent non-wbmp images from being detected as such).
(Ilia)
- Fixed bug #30276 (Possible crash in ctype_digit on large numbers). (Ilia)
- Fixed bug #30229 (imagerectangle and imagefilledrectangle do work well
with alpha channel, corners are drawn twice). (Pierre)
- Fixed bug #30224 (Sybase date strings are sometimes not null terminated).
(Ilia)
- Fixed bug #30133 (get_current_user() crashes on Windows). (Edin)
- Fixed bug #30057 (did not detect IPV6 on FreeBSD 4.1). (Wez)
- Fixed bug #30027 (Possible crash inside ftp_get()).
(cfield at affinitysolutions dot com)
- Fixed bug #29805 (HTTP Authentication Issues). (Uwe Schindler)
- Fixed bug #29418 (double free when openssl_csr_new fails).
(Kamesh Jayachandran).
- Fixed bug #28598 (Lost support for MS Symbol fonts). (Pierre)
- Fixed bug #28325 (Circular references not properly serialized). (Moriyoshi)
- Fixed bug #28228 (NULL decimal separator is not being handled correctly).
(Ilia)
- Fixed bug #27469 (serialize() objects of incomplete class). (Dmitry)
|
|
|
|
is necessary to avoid being subject to e.g. open_basedir or safe_mode settings
|
|
|
|
some extra docs and tests
|
|
creates its own compiler wrapper script. This "meta_ccld" script
isn't recognized by the installed libtool script as a compiler, and
libtool gets confused as to which compiler tag to use. Rather than
inserting "--tag=CC" into the Makefiles, we patch the configure script
to not make the wrapper script, and instead, to simply append the
appropriate pthreads CFLAGS to the normal CFLAGS variable subsituted
into Makefiles. This fixes PR pkg/28485.
|
|
These include some important bug fixes, and some other pear packages
require the newer versions.
Bump PKGREVISION, and BUILDLINK_RECOMMENDED.
|
