pkgsrc

Author	SHA1	Message	Date
jperkin	8091aee373	Now that _STRIPFLAG_INSTALL is disabled by default on Darwin, remove manual settings of INSTALL_UNSTRIPPED=yes for Darwin in individual packages.	2015-09-07 12:02:05 +00:00
taca	639b0a5fbd	Update php54 to 5.4.45 including security fixes. 03 Sep 2015 PHP 5.4.45 - Core: . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) . Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) - EXIF: . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) - hash: . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) - PCRE: . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) - SOAP: . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) - SPL: . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) - XSLT: . Fixed bug #69782 (NULL pointer dereference). (Stas) - ZIP: . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com)	2015-09-06 12:25:11 +00:00
taca	21716201cf	Update phpt54 to 5.4.44. 06 Aug 2015 PHP 5.4.44 - Core: . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). (Stas) . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita) . Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). (Stas) - OpenSSL: . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (Stas) - Phar: . Improved fix for bug #69441. (Anatol Belski) . Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). (Anatol Belski) - SOAP: . Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). (Stas) - SPL: . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). (sean.heelan) . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). (taoguangchen at icloud dot com) . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)	2015-08-08 00:11:29 +00:00
taca	5c20395cab	Update php54 to 5.4.43. 09 Jul 2015 PHP 5.4.43 - Core: . Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb) . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo) - Mysqlnd: . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152). (Andrey) - Phar: . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (Stas) . Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). (Stas)	2015-07-11 00:29:17 +00:00
taca	ba064f36c8	Add fix to https://bugs.php.net/bug.php?id=69737 . Bump PKGREVISION.	2015-06-28 15:34:16 +00:00
fhajny	8cfb668581	Copy over sqlite3.c patch from lang/php55. Fixes build on SunOS.	2015-06-17 12:26:14 +00:00
taca	5cf1f27da0	Update php54 to 5.4.42. 11 Jun 2015 PHP 5.4.42 - Core: . Imroved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Max Spelsberg) . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). (Anatol Belski) . Fixed bug #69719 (Incorrect handling of paths with NULs). (Stas) - Litespeed SAPI: . Fixed bug #68812 (Unchecked return value). (George Wang) - Mail: . Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers). (Yasuo) - Postgres: . Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi) - Sqlite3: . Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416) (Kaplan)	2015-06-12 04:51:01 +00:00
taca	9003cb7386	Update php54 to 5.4.41. 14 May 2015 PHP 5.4.41 - Core: . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas) . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas) . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas) . Fixed bug #69522 (heap buffer overflow in unpack()). (Stas) - FTP: . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas) - PCNTL: . Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas) - PCRE . Upgraded pcrelib to 8.37. - Phar: . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)	2015-05-16 11:16:40 +00:00
taca	95f7c77dfe	Update php54 to 5.4.40. 16 Apr 2015 PHP 5.4.40 - Apache2handler: . Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema) - Core: . Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas) . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas) . Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas) - cURL: . Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence) - Ereg: . Fixed bug #68740 (NULL Pointer Dereference). (Laruence) - Fileinfo: . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski) - GD: . Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Remi) - Phar: . Fixed bug #68901 (use after free). (bugreports at internot dot info) . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas) - Postgres: . Fixed bug #68741 (Null pointer deference) (CVE-2015-1352). (Xinchen Hui) - SOAP: . Fixed bug #69152 (Type Confusion Infoleak Vulnerability in unserialize() with SoapFault). (Dmitry) - Sqlite3: . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan)	2015-04-17 16:39:56 +00:00
taca	7e868e355f	Update php54 to 5.4.39, including securitfy fix. 19 Mar 2015 PHP 5.4.39 - Core: . Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas) . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) . Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas) - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c). (Stas) - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (Dmitry) - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary). (Stas)	2015-03-20 16:29:23 +00:00
taca	45b8146ccd	Fix problem by PHP_BASE_VERS related changes.	2015-03-16 00:26:31 +00:00
manu	0af533107a	Calendar extension for PHP 5.3 and PHP 5.4 Add calendar options to lang/php53 and lang/php54 to build the calendar extension. Complete documentation on this extension can be found here: http://php.net/manual/en/book.calendar.php	2015-03-13 17:05:22 +00:00
he	798cfe53df	Well, the fpm_sockets.c patch doesn't belong in php-fpm, but rather in the PHP package proper, and there's three of them. Copy and adapt as necessary. No revision bump here: only build fix for NetBSD with TCP_INFO.	2015-03-05 11:16:28 +00:00
taca	32b42b6226	Update php54 to 5.4.38 (PHP 5.4.38). 19 Feb 2015 PHP 5.4.38 - Core: . Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) . Added NULL byte protection to exec, system and passthru. (Yasuo) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) . Fixed bug #67827 (broken detection of system crypt sha256/sha512 support). (ncopa at alpinelinux dot org) . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (Stas) - Enchant: . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). (Antony) - SOAP: . Fixed bug #67427 (SoapServer cannot handle large messages) (brandt at docoloc dot de)	2015-02-19 09:37:36 +00:00
sevan	76d330732e	Fix CVE-2015-0273 php: #68942 Use after free vulnerability in unserialize() with DateTimeZone Reviewed by wiz@	2015-02-18 11:04:03 +00:00
taca	f02c689193	Update to php54 to 5.4.37. 22 Jan 2015 PHP 5.4.37 - Core: . Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231) (Stefan Esser) - CGI: . Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427) (Stas) - EXIF: . Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) (Stas) - Fileinfo: . Removed readelf.c and related code from libmagic sources (Remi, Anatol) . Fixed bug #68735 (fileinfo out-of-bounds memory access). (Anatol) - OpenSSL: . Fixed bug #55618 (use case-insensitive cert name matching). (Daniel Lowrey)	2015-01-23 16:09:26 +00:00
taca	1b2d155c66	Update php54 to 5.4.36, including security fix. 18 Dec 2014 PHP 5.4.36 - Core: . Upgraded crypt_blowfish to version 1.3. (Leigh) . Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol) . Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser) 13 Nov 2014 PHP 5.4.35 - Core: . Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry) - Fileinfo: . Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) (Remi) - GMP: . Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). (Remi) - PDO_pgsql: . Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)	2014-12-19 16:08:35 +00:00
taca	8add7f0b9f	Update php54 to 5.4.35 (PHP 5.4.35). 13 Nov 2014 PHP 5.4.35 - Core: . Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy). (Dmitry) - Fileinfo: . Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710) (Remi) - GMP: . Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP). (Remi) - PDO_pgsql: . Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)	2014-11-15 14:49:45 +00:00
taca	d163a3afe7	Update to php54 5.4.34. 16 Oct 2014, PHP 5.4.34 - Fileinfo: . Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB) - Core: . Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk) . Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669) (Stas) - cURL: . Fixed bug #68089 (NULL byte injection - cURL lib). (Stas) - EXIF: . Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670) (Stas) - OpenSSL: . Reverted fixes for bug #41631, due to regressions. (Stas) - XMLRPC: . Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668) (Stas)	2014-10-18 14:29:04 +00:00
wiz	8b765c474f	Fix ``Please add a line "# used by foo/bar/Makefile" here.'' warnings.	2014-10-05 16:41:05 +00:00
taca	1c9a0fda95	Update to php54 to 5.4.33, aprroved by wiz@. 18 Sep 2014, PHP 5.4.33 - Core: . Fixed bug #47358 (glob returns error, should be empty array()). (Pierre) . Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande) . Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande) - OpenSSL: . Fixed bug #41631 (socket timeouts not honored in blocking SSL reads). (Daniel Lowrey) - Date: . Fixed bug #66091 (memory leaks in DateTime constructor). (Tjerk) - FPM: . Fixed #67606 (FPM with mod_fastcgi/apache2.4 is broken). (David Zuelke) - GD: . Made fontFetch's path parser thread-safe. (Sara) - Wddx: . Fixed bug #67873 (Segfaults in php_wddx_serialize_var). (Anatol, Remi) - Zlib: . Fixed bug #67724 (chained zlib filters silently fail with large amounts of data). (Mike) . Fixed bug #67865 (internal corruption phar error). (Mike)	2014-09-30 08:16:10 +00:00
taca	e997573e72	Update php54 to 5.4.32 (PHP 5.4.32). 07 Aug 2014, PHP 5.4.32 - Core: . Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) - COM: . Fixed missing type checks in com_event_sink. (Yussuf Khalil, Stas) - Fileinfo: . Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi) . Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) - GD: . Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497) (Remi) . Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120) (Ryan Mauger) - Milter: . Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) - OpenSSL: . Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). - Readline: . Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes) . Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes) - Sessions: . Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). - SPL: . Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (research at insighti dot org, Laruence) . Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence) - Core: . Fixed bug #67693 (incorrect push to the empty array) (Tjerk) - ODBC: . Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields). (Keyur) - Zlib: . Fixed bug #67724 (chained zlib filters silently fail with large amounts of data). (Mike)	2014-08-23 16:07:24 +00:00
taca	60facf7055	Update php54 to 5.4.31. 24 Jul 2014, PHP 5.4.31 - Core: . Fixed bug #67428 (header('Location: foo') will override a 308-399 response code). (Adam) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). (Ferenc) . Fixed bug #67151 (strtr with empty array crashes). (Nikita) . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012). (Christian Wenz) - CLI server: . Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam) . Fixed bug #66830 (Empty header causes PHP built-in web server to hang). (Adam) - FPM: . Fixed bug #67530 (error_log=syslog ignored). (Remi) . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi) - Intl: . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas) - pgsql: . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3. (Adam) - Phar: . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)	2014-07-26 00:12:53 +00:00
taca	afa36cf315	Add fix for CVE-2014-4698 and CVE-2014-4670. Bump PKGREVISION.	2014-07-13 15:25:03 +00:00
taca	b00909cbca	Update php54 to 5.4.30 which includes several security fixes. 26 Jun 2014, PHP 5.4.30 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) . Fixed regression in fix for bug #67118 (constructor can't be called twice). (Remi) - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) . Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) - OpenSSL: . Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler) . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler) - SOAP: . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) - SPL: . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515). (Stefan Esser)	2014-06-27 11:31:20 +00:00
fhajny	ef406dfd0d	Remove detection of a threaded Apache MPM at configure time. Fixes the problem where thread safety was not consistent in the php, ap-php and php-* extension packages, and makes ap-php adhere to the maintainer-zts option. Bump PKGREVISION.	2014-06-13 14:31:19 +00:00
fhajny	1bcd677f17	Add the mysqlnd (MySQL Native Driver) include files. Bump PKGREVISION for this and the previous commit.	2014-06-13 14:13:20 +00:00
fhajny	7bc1f7f9f0	Fix problems on SunOS with the combination of FPM, event ports and catch_workers_output=yes. See https://bugs.php.net/bug.php?id=65800.	2014-06-13 14:09:34 +00:00
taca	bbde72a409	Update php54 to 5.4.29, contains fix for CVE-2014-0237 and CVE-2014-0238. 29 May 2014, PHP 5.4.29 - COM: . Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol) - Core: . Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski) . Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol) . Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob) . Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas) . Fixed bug #67249 (printf out-of-bounds read). (Stas) . Fixed bug #67250 (iptcparse out-of-bounds read). (Stas) . Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas) - Date: . Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol) . Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas) . Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas) - DOM: . Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol) - Fileinfo: . Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol) . Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238) . Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237) - FPM: . Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos) - Phar: . Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)	2014-05-31 04:28:56 +00:00
he	b8f3a9e9b0	Apply a patch to fix CVE-2014-2497, taken from https://bugs.php.net/patch-display.php?bug_id=66901 Bump PKGREVISION for php-gd correspondingly.	2014-05-11 11:20:47 +00:00
taca	c148e7126f	Update php54 to 5.4.28. 01 May 2014, PHP 5.4.28 - Core: . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike) . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike) . Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass). (Jann Horn, Stas) . Fixed bug #66182 (exit in stream filter produces segfault). (Mike) . Fixed bug #66736 (fpassthru broken). (Mike) . Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella) - cURL: . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten) - Date: . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski) - Embed: . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol) - Fileinfo: . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi) - FPM: . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf). . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185). (Stas) - JSON: . Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set). (Kevin Israel) - LDAP: . Fixed issue with null bytes in LDAP bindings. (Matthew Daley) - OpenSSL: . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma) . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma) - SimpleXML: . Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol) - XSL: . Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol) - Apache2 Handler SAPI: . Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)	2014-05-02 13:04:12 +00:00
taca	5680449532	Update php54 to 5.4.27. CVE-2013-7345 is already fixed in 5.4.26nb2. 03 Apr 2014, PHP 5.4.27 - Core: . Fixed bug #60602 (proc_open() changes environment array) (Tjerk) - Fileinfo: . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345) (Remi) - FPM: . Added clear_env configuration directive to disable clearenv() call. (Github PR# 598, Paul Annesley) - GMP . fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre) - Mail: . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) - MySQLi: . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi) - Openssl: . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)	2014-04-05 03:43:40 +00:00
he	8fd043d847	Apply patch to fix CVE-2013-7345. OK'ed by wiz.	2014-03-29 22:06:06 +00:00
asau	b34b1b4288	Stop treating FreeBSD 10 as FreeBSD 1. This lets a number of PHP extensions build. Bump package revision.	2014-03-19 21:50:22 +00:00
taca	d7d3bfe734	Update php54 to 5.4.26 (PHP 5.4.26). Version 5.4.26 06-Mar-2014 * JSON: - Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) * Fileinfo: - Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943). - Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270). * LDAP: - Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch). * Openssl: - Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). * Pgsql: - Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().	2014-03-09 14:08:16 +00:00
tron	73d05e2276	Recursive PKGREVISION bump for OpenSSL API version bump.	2014-02-12 23:17:32 +00:00
taca	0dc8fb7b7b	Update php54 to 5.4.25. 06 Feb 2014, PHP 5.4.25 - Core: . Fixed bug #66286 (Incorrect object comparison with inheritance). (Nikita) . Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (Will Fitch) - mysqlnd . Fixed bug #66283 (Segmentation fault after memory_limit). (Johannes) - PDO_pgsql: . Fixed bug #62479 (PDO-psql cannot connect if password contains spaces). (Will Fitch, Ilia) - Session: . Fixed bug #66481 (Calls to session_name() segfault when session.name is null). (Laruence)	2014-02-07 15:36:07 +00:00
taca	030f48774f	Update php to 5.4.24. 09 Jan 2014, PHP 5.4.24 - Core: . Added validation of class names in the autoload process. (Dmitry) . Fixed invalid C code in zend_strtod.c. (Lior Kaplan) . Fixed bug #61645 (fopen and O_NONBLOCK). (Mike) - Date: . Fixed bug #66060 (Heap buffer over-read in DateInterval). (Remi) . Fixed bug #63391 (Incorrect/inconsistent day of week prior to the year 1600). (Derick, T. Carter) . Fixed bug #61599 (Wrong Day of Week). (Derick, T. Carter) - DOM: . Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup). (Mike) - Exif: . Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas) - Filter: . Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam) - GD: . Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). (Adam) - PDO_odbc: . Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries). (michael at orlitzky dot com) - SNMP: . Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin) - XSL . Fixed bug #49634 (Segfault throwing an exception in a XSL registered function). (Mike) - ZIP: . Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)	2014-01-11 17:03:57 +00:00
taca	c93eaad499	Update php54 to 5.4.23 (PHP 5.4.23). 28 Nov 2013, PHP 5.4.23 - Core: . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) - JSON . Fixed whitespace part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly"). (Andrea Faulds) - MySQLi: . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) - mysqlnd: . Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i'). (Andrey) . Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query). (Andrey) - OpenSSL: . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). - PDO . Fixed bug 65946 (sql_parser permanently converts values bound to strings)	2013-12-13 15:32:21 +00:00
taca	78a978b0a1	Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION.	2013-12-05 16:16:40 +00:00
taca	2be87cd2b3	Update php54 to 5.4.22. Version 5.4.22 14-Nov-2013 * Core: - Fixed bug #65911 (scope resolution operator - strange behavior with $this). CLI server: - Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding). * Exif: - Fixed crash on unknown encoding. * FTP: - Fixed bug #65667 (ftp_nb_continue produces segfault). * ODBC: - Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters). * Sockets: - Fixed bug #65808 (the socket_connect() won't work with IPv6 address). * Standard: - Fixed bug #64760 (var_export() does not use full precision for floating-point numbers). * XMLReader: - Fixed bug #51936 (Crash with clone XMLReader). - Fixed bug #64230 (XMLReader does not suppress errors).	2013-11-16 09:45:26 +00:00
khorben	2886b42c15	Fixed a typo in the DESCR files for PHP	2013-11-07 23:52:40 +00:00
joerg	f29d446a48	Override clang -R test, the wrappers drop -R/usr/lib.	2013-10-25 21:47:51 +00:00
taca	c75f2f0e40	Update php54 to 5.4.21 (PHP 5.4.21). 17 Oct 2013, PHP 5.4.21 - Core: . Fixed bug #65322 (compile time errors won't trigger auto loading). (Nikita) - CLI server: . Fixed bug #65633 (built-in server treat some http headers as case-sensitive). (Adam) - Datetime: . Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message). (Boro Sitnikovski) - DBA extension: . Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write). (Adam) - Filter: . Add RFC 6598 IPs to reserved addresses. (Sebastian Nohn) . Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names). (Syra) - IMAP: . Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap). (ryotakatsuki at gmail dot com) - Standard: . Fixed bug #61548 (content-type must appear at the end of headers for 201 Location to work in http). (Mike) - Build system: . Fixed bug #62396 ('make test' crashes starting with 5.3.14 (missing gzencode())). (Mike)	2013-10-18 12:25:12 +00:00
taca	b04633b3e7	Update php54 to 5.4.20, approved by wiz@. 19 Sep 2013, PHP 5.4.20 - Core: . Fixed bug #60598 (cli/apache sapi segfault on objects manipulation). (Laruence) . Fixed bug #65579 (Using traits with get_class_methods causes segfault). (Adam) . Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*). (Chris Jones) . Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces). (Michael M Slusarz) . Fixed bug #65481 (shutdown segfault due to serialize) (Mike) . Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace). (Chris Jones, Kris Van Hees) . Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference fails). (Laruence) . Fixed bug #65304 (Use of max int in array_sum). (Laruence) . Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case). (Arpad) . Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert) . Improved fix for bug #63186 (compile failure on netbsd). (Matteo) . Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees) . Fixed bug #61759 (class_alias() should accept classes with leading backslashes). (Julien) . Fixed bug #61345 (CGI mode - make install don't work). (Michael Heimpold) . Cherry-picked some DTrace build commits (allowing builds on Linux, bug #62691, and bug #63706) from PHP 5.5 branch . Fixed bug #61268 (--enable-dtrace leads make to clobber Zend/zend_dtrace.d) (Chris Jones) - cURL: . Fixed bug #65458 (curl memory leak). (Adam) - Datetime: . Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters). (Valentin Logvinskiy, Stas). . Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer). (Remi). - Openssl: . Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases). (Mark Jones) - Session: . Fixed bug #62129 (rfc1867 crashes php even though turned off). (gxd305 at gmail dot com) . Fixed bug #50308 (session id not appended properly for empty anchor tags). (Arpad) . Fixed possible buffer overflow under Windows. Note: Not a security fix. (Yasuo) . Changed session.auto_start to PHP_INI_PERDIR. (Yasuo) - SOAP: . Fixed bug #65018 (SoapHeader problems with SoapServer). (Dmitry) - SPL: . Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence) - PDO: . Fixed bug #64953 (Postgres prepared statement positional parameter casting). (Mike) - Phar: . Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents). (Stas) - Pgsql: . Fixed bug #65336 (pg_escape_literal/identifier() silently returns false). (Yasuo) . Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()). (Yasuo) - Zlib: . Fixed bug #65391 (Unable to send vary header user-agent when ob_start('ob_gzhandler') is called) (Mike)	2013-09-21 16:06:07 +00:00
taca	0ee7ff105d	Update php54 to 5.4.19. 22 Aug 2013, PHP 5.4.19 - Core: . Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse'). (Laruence) - Openssl: . Fixed UMR in fix for CVE-2013-4248.	2013-08-23 03:11:55 +00:00
taca	c81e87df7e	Make sure to update distinfo. Thanks to Greg Oster noted the problem to me.	2013-08-17 00:35:08 +00:00
taca	4dd9976760	Update php54 to 5.4.18. 15 Aug 2013, PHP 5.4.18 - Core: . Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey avp200681 gmail com). . Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace). (Laruence) . Fixed bug #65108 (is_callable() triggers Fatal Error). (David Soria Parra, Laruence) . Fixed bug #65088 (Generated configure script is malformed on OpenBSD). (Adam) . Fixed bug #62964 (Possible XSS on "Registered stream filters" info). (david at nnucomputerwhiz dot com) . Fixed bug #62672 (Error on serialize of ArrayObject). (Lior Kaplan) . Fixed bug #62475 (variant_* functions causes crash when null given as an argument). (Felipe) . Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana) . Fixed bug #65226 (chroot() does not get enabled). (Anatol) - CGI: . Fixed Bug #65143 (Missing php-cgi man page). (Remi) - CLI server: . Fixed bug #65066 (Cli server not responsive when responding with 422 http status code). (Adam) - CURL: . Fixed bug #62665 (curl.cainfo doesn't appear in php.ini). (Lior Kaplan) - FPM: . Fixed bug #63983 (enabling FPM borks compile on FreeBSD). (chibisuke at web dot de, Felipe) - FTP: . Fixed bug #65228 (FTPs memory leak with SSL). (marco dot beierer at mbsecurity dot ch) - GMP: . Fixed bug #65227 (Memory leak in gmp_cmp second parameter). (Felipe) - Imap: . Fixed bug #64467 (Segmentation fault after imap_reopen failure). (askalski at gmail dot com) - Intl: . Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas) . Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions). (Stas) - mysqlnd: . Fixed segfault in mysqlnd when doing long prepare. (Andrey) - ODBC: . Fixed bug #61387 (NULL valued anonymous column causes segfault in odbc_fetch_array). (Brandon Kirsch) - Openssl: . Fixed handling null bytes in subjectAltName (CVE-2013-4073). (Christian Heimes) - PDO: . Allowed PDO_OCI to compile with Oracle Database 12c client libraries. (Chris Jones) - PDO_dblib: . Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" not sent)). (Stanley Sufficool) - PDO_pgsql: . Fixed meta data retrieve when OID is larger than 2^31. (Yasuo) - Phar: . Fixed Bug #65142 (Missing phar man page). (Remi) - Session . Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as documented). (Arpad) . Fixed bug #35703 (when session_name("123") consist only digits, should warning). (Yasuo) . Fixed bug #49175 (mod_files.sh does not support hash bits). Patch by oorza2k5 at gmail dot com (Yasuo) - Sockets: . Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option). (Damjan Cvetko) - SPL: . Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence) . Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice). (Laruence) . Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings). (Adam) - XML: . Fixed bug #65236 (heap corruption in xml parser, CVE-2013-4113). (Rob)	2013-08-16 15:28:23 +00:00
taca	41c232d983	Since openssl's security problem has assigned CVE-2013-4248, update comment in the patch file.	2013-08-16 00:38:13 +00:00
taca	1d45c6e860	Add fix fo openssl, CVE-2013-4073. Bump PKGREVISION.	2013-08-14 15:42:56 +00:00

1 2

80 commits