pkgsrc

Author	SHA1	Message	Date
taca	45b8146ccd	Fix problem by PHP_BASE_VERS related changes.	2015-03-16 00:26:31 +00:00
taca	32b42b6226	Update php54 to 5.4.38 (PHP 5.4.38). 19 Feb 2015 PHP 5.4.38 - Core: . Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas) . Added NULL byte protection to exec, system and passthru. (Yasuo) . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas) . Fixed bug #67827 (broken detection of system crypt sha256/sha512 support). (ncopa at alpinelinux dot org) . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (Stas) - Enchant: . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). (Antony) - SOAP: . Fixed bug #67427 (SoapServer cannot handle large messages) (brandt at docoloc dot de)	2015-02-19 09:37:36 +00:00
sevan	76d330732e	Fix CVE-2015-0273 php: #68942 Use after free vulnerability in unserialize() with DateTimeZone Reviewed by wiz@	2015-02-18 11:04:03 +00:00
taca	60facf7055	Update php54 to 5.4.31. 24 Jul 2014, PHP 5.4.31 - Core: . Fixed bug #67428 (header('Location: foo') will override a 308-399 response code). (Adam) . Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob) . Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). (Ferenc) . Fixed bug #67151 (strtr with empty array crashes). (Nikita) . Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012). (Christian Wenz) - CLI server: . Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam) . Fixed bug #66830 (Empty header causes PHP built-in web server to hang). (Adam) - FPM: . Fixed bug #67530 (error_log=syslog ignored). (Remi) . Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi) - Intl: . Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas) - pgsql: . Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3. (Adam) - Phar: . Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske) - Streams: . Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)	2014-07-26 00:12:53 +00:00
taca	afa36cf315	Add fix for CVE-2014-4698 and CVE-2014-4670. Bump PKGREVISION.	2014-07-13 15:25:03 +00:00
taca	b00909cbca	Update php54 to 5.4.30 which includes several security fixes. 26 Jun 2014, PHP 5.4.30 - Core: . Fixed BC break introduced by patch for bug #67072. (Anatol, Stas) . Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison) . Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981) (Remi) . Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas) . Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability). (Stefan Esser) - CLI server: . Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi) - Date: . Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam) . Fixed regression in fix for bug #67118 (constructor can't be called twice). (Remi) - Fileinfo: . Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check). (CVE-2014-0207) . Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi) . Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi) - Intl: . Fixed bug #67349 (Locale::parseLocale Double Free). (Stas) . Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)). (Stas) - Network: . Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara) - OpenSSL: . Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler) . Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler) - SOAP: . Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski) - SPL: . Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas) . Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence) . Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam) . Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515). (Stefan Esser)	2014-06-27 11:31:20 +00:00
fhajny	1bcd677f17	Add the mysqlnd (MySQL Native Driver) include files. Bump PKGREVISION for this and the previous commit.	2014-06-13 14:13:20 +00:00
taca	5680449532	Update php54 to 5.4.27. CVE-2013-7345 is already fixed in 5.4.26nb2. 03 Apr 2014, PHP 5.4.27 - Core: . Fixed bug #60602 (proc_open() changes environment array) (Tjerk) - Fileinfo: . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345) (Remi) - FPM: . Added clear_env configuration directive to disable clearenv() call. (Github PR# 598, Paul Annesley) - GMP . fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre) - Mail: . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) - MySQLi: . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi) - Openssl: . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)	2014-04-05 03:43:40 +00:00
he	8fd043d847	Apply patch to fix CVE-2013-7345. OK'ed by wiz.	2014-03-29 22:06:06 +00:00
asau	b34b1b4288	Stop treating FreeBSD 10 as FreeBSD 1. This lets a number of PHP extensions build. Bump package revision.	2014-03-19 21:50:22 +00:00
taca	d7d3bfe734	Update php54 to 5.4.26 (PHP 5.4.26). Version 5.4.26 06-Mar-2014 * JSON: - Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) * Fileinfo: - Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943). - Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270). * LDAP: - Implemented ldap_modify_batch (https://wiki.php.net/rfc/ldap_modify_batch). * Openssl: - Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). * Pgsql: - Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select().	2014-03-09 14:08:16 +00:00
tron	73d05e2276	Recursive PKGREVISION bump for OpenSSL API version bump.	2014-02-12 23:17:32 +00:00
taca	c93eaad499	Update php54 to 5.4.23 (PHP 5.4.23). 28 Nov 2013, PHP 5.4.23 - Core: . Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence) . Fixed bug #65947 (basename is no more working after fgetcsv in certain situation). (Laruence) - JSON . Fixed whitespace part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly"). (Andrea Faulds) - MySQLi: . Fixed bug #66043 (Segfault calling bind_param() on mysqli). (Laruence) - mysqlnd: . Fixed bug #66124 (mysqli under mysqlnd loses precision when bind_param with 'i'). (Andrey) . Fixed bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query). (Andrey) - OpenSSL: . Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser). - PDO . Fixed bug 65946 (sql_parser permanently converts values bound to strings)	2013-12-13 15:32:21 +00:00
taca	78a978b0a1	Add fix for CVE-2013-6712, ext/date DoS vulnerability. Bump PKGREVISION.	2013-12-05 16:16:40 +00:00
taca	4dd9976760	Update php54 to 5.4.18. 15 Aug 2013, PHP 5.4.18 - Core: . Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey avp200681 gmail com). . Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace). (Laruence) . Fixed bug #65108 (is_callable() triggers Fatal Error). (David Soria Parra, Laruence) . Fixed bug #65088 (Generated configure script is malformed on OpenBSD). (Adam) . Fixed bug #62964 (Possible XSS on "Registered stream filters" info). (david at nnucomputerwhiz dot com) . Fixed bug #62672 (Error on serialize of ArrayObject). (Lior Kaplan) . Fixed bug #62475 (variant_* functions causes crash when null given as an argument). (Felipe) . Fixed bug #60732 (php_error_docref links to invalid pages). (Jakub Vrana) . Fixed bug #65226 (chroot() does not get enabled). (Anatol) - CGI: . Fixed Bug #65143 (Missing php-cgi man page). (Remi) - CLI server: . Fixed bug #65066 (Cli server not responsive when responding with 422 http status code). (Adam) - CURL: . Fixed bug #62665 (curl.cainfo doesn't appear in php.ini). (Lior Kaplan) - FPM: . Fixed bug #63983 (enabling FPM borks compile on FreeBSD). (chibisuke at web dot de, Felipe) - FTP: . Fixed bug #65228 (FTPs memory leak with SSL). (marco dot beierer at mbsecurity dot ch) - GMP: . Fixed bug #65227 (Memory leak in gmp_cmp second parameter). (Felipe) - Imap: . Fixed bug #64467 (Segmentation fault after imap_reopen failure). (askalski at gmail dot com) - Intl: . Fixed bug #62759 (Buggy grapheme_substr() on edge case). (Stas) . Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions). (Stas) - mysqlnd: . Fixed segfault in mysqlnd when doing long prepare. (Andrey) - ODBC: . Fixed bug #61387 (NULL valued anonymous column causes segfault in odbc_fetch_array). (Brandon Kirsch) - Openssl: . Fixed handling null bytes in subjectAltName (CVE-2013-4073). (Christian Heimes) - PDO: . Allowed PDO_OCI to compile with Oracle Database 12c client libraries. (Chris Jones) - PDO_dblib: . Fixed bug #65219 (PDO/dblib not working anymore ("use dbName" not sent)). (Stanley Sufficool) - PDO_pgsql: . Fixed meta data retrieve when OID is larger than 2^31. (Yasuo) - Phar: . Fixed Bug #65142 (Missing phar man page). (Remi) - Session . Fixed bug #62535 ($_SESSION[$key]["cancel_upload"] doesn't work as documented). (Arpad) . Fixed bug #35703 (when session_name("123") consist only digits, should warning). (Yasuo) . Fixed bug #49175 (mod_files.sh does not support hash bits). Patch by oorza2k5 at gmail dot com (Yasuo) - Sockets: . Implemented FR #63472 (Setting SO_BINDTODEVICE with socket_set_option). (Damjan Cvetko) - SPL: . Fixed bug #65136 (RecursiveDirectoryIterator segfault). (Laruence) . Fixed bug #61828 (Memleak when calling Directory(Recursive)Iterator /Spl(Temp)FileObject ctor twice). (Laruence) . Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings). (Adam) - XML: . Fixed bug #65236 (heap corruption in xml parser, CVE-2013-4113). (Rob)	2013-08-16 15:28:23 +00:00
taca	1d45c6e860	Add fix fo openssl, CVE-2013-4073. Bump PKGREVISION.	2013-08-14 15:42:56 +00:00
joerg	ce9d270850	Allow only the PHP version itself, otherwise the multi-version logic will trigger with failing distinfo entries.	2013-08-13 10:22:26 +00:00
taca	d9edbdde3e	Add fix for CVE-2013-4113 as php 5.3.27. (It will be fixed in next PHP 5.4 release.) Bump PKGREVISION.	2013-07-29 16:22:38 +00:00
taca	1c449bd547	Explicitly note it is PHP 5.4.x pacakge in COMMENT of Makefile and DESCR file.	2013-07-29 16:21:07 +00:00
taca	c85db08d9e	Move PHP_CHECK_INSTALLED to before including Makefile.php since it should be defined before including lang/php/phpversion.mk.	2013-07-29 03:59:44 +00:00
taca	f830c733b9	Update php54 to 5.4.13. 14 Mar 2012, PHP 5.4.13 - Core: . Fixed bug #64235 (Insteadof not work for class method in 5.4.11). (Laruence) . Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell) . Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi) . Fixed bug #64070 (Inheritance with Traits failed with error). (Dmitry) - CLI server: . Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi) - Mbstring: . mb_split() can now handle empty matches like preg_split() does. (Moriyoshi) - OpenSSL: . Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). (Stas) - PDO_mysql: . Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). (Johannes) - Phar: . Fixed timestamp update on Phar contents modification. (Dmitry) - SOAP . Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) . Disabled external entities loading (CVE-2013-1643). (Dmitry) - SPL: . Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence) . Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). (patch by kriss@krizalys.com, Laruence) . Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov) . Fixed bug #52861 (unset fails with ArrayObject and deep arrays). (Mike Willbanks) - SNMP: . Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)	2013-03-16 01:58:53 +00:00
imil	7b9b365729	Uncomment the pid parameter of php-fpm.conf so the pidfile is created and rc.d script can really start / stop php-fpm. Bump PKGREVISION.	2013-02-28 21:43:04 +00:00
taca	59f0126bc1	Update php54 to 5.4.12. PHP NEWS \|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\| 21 Feb 2012, PHP 5.4.12 - Core: . Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes) . Fixed bug #64011 (get_html_translation_table() output incomplete with HTML_ENTITIES and ISO-8859-1). (Gustavo) . Fixed bug #63982 (isset() inconsistently produces a fatal error on protected property). (Stas) . Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence) . Fixed bug #63899 (Use after scope error in zend_compile). (Laruence) . Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very different length). (Gustavo) . Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry) . Fixed bug #63462 (Magic methods called twice for unset protected properties). (Stas) . Fixed bug #62524 (fopen follows redirects for non-3xx statuses). (Wes Mason) . Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars) - Date: . Fixed bug #63699 (Performance improvements for various ext/date functions). (Lars, original patch by njaguar at gmail dot com) . Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV. (Derick) - FPM: . Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam) - Litespeed: . Fixed bug #63228 (-Werror=format-security error in lsapi code). (George) - SOAP . Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry) . Disabled external entities loading (CVE-2013-1643). (Dmitry) - sqlite3: . Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API). (srgoogleguy, Lars) - PDO_OCI . Fixed bug #57702 (Multi-row BLOB fetches). (hswong3i, Laruence) . Fixed bug #52958 (Segfault in PDO_OCI on cleanup after running a long testsuite). (hswong3i, Lars) - PDO_sqlite: . Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even on 64bit builds in pdo_sqlite). (srgoogleguy, Lars)	2013-02-22 03:06:50 +00:00
jperkin	becd113253	PKGREVISION bumps for the security/openssl 1.0.1d update.	2013-02-06 23:20:50 +00:00
asau	88feb4ac62	Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.	2012-10-02 20:11:34 +00:00
taca	addf6a9f06	Update php54 package to 5.4.6 (PHP 5.4.6). PHP NEWS \|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\|\| 16 Aug 2012, PHP 5.4.6 - CLI Server: . Implemented FR #62700 (have the console output 'Listening on http://localhost:8000'). (pascal.chevrel@free.fr) - Core: . Fixed bug #62661 (Interactive php-cli crashes if include() is used in auto_prepend_file). (Laruence) . Fixed bug #62653: (unset($array[$float]) causes a crash). (Nikita Popov, Laruence) . Fixed bug #62565 (Crashes due non-initialized internal properties_table). (Felipe) . Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php). (Laruence) - CURL: . Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false). (r.hampartsumyan@gmail.com, Laruence) - DateTime: . Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence) - Fileinfo: . Fixed bug #61964 (finfo_open with directory causes invalid free). (reeze.xia@gmail.com) - Intl: . Fixed bug #62564 (Extending MessageFormatter and adding property causes crash). (Felipe) - MySQLnd: . Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode). (Laruence) - readline: . Fixed bug #62612 (readline extension compilation fails with sapi/cli/cli.h: No such file). (Johannes) - Reflection: . Implemented FR #61602 (Allow access to name of constant used as default value). (reeze.xia@gmail.com) - SimpleXML: . Implemented FR #55218 Get namespaces from current node. (Lonny) - SPL: . Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault). (Laruence, Gustavo) . Fixed bug #61527 (ArrayIterator gives misleading notice on next() when moved to the end). (reeze.xia@gmail.com) - Streams: . Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build). (Laruence) - Zlib: . Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression). (Laruence)	2012-08-17 15:34:01 +00:00
fhajny	7ff447fcfe	Fix file descriptor leak on SunOS. See https://bugs.php.net/bug.php?id=47675	2012-07-25 13:16:01 +00:00
taca	b6cb9f9f85	Adding php54 (PHP 5.4.4) to pkgsrc. Key new features: traits, a shortened array syntax, a built-in webserver for testing purposes and more. A migration guide: http://php.net/migration54 Full changes: http://www.php.net/ChangeLog-5.php	2012-06-16 05:21:55 +00:00

28 commits