head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.4 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.2 pkgsrc-2012Q4-base:1.5 pkgsrc-2012Q1:1.4.0.20 pkgsrc-2012Q1-base:1.4 pkgsrc-2011Q4:1.4.0.18 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q3:1.4.0.16 pkgsrc-2011Q3-base:1.4 pkgsrc-2011Q2:1.4.0.14 pkgsrc-2011Q2-base:1.4 pkgsrc-2011Q1:1.4.0.12 pkgsrc-2011Q1-base:1.4 pkgsrc-2010Q4:1.4.0.10 pkgsrc-2010Q4-base:1.4 pkgsrc-2010Q3:1.4.0.8 pkgsrc-2010Q3-base:1.4 pkgsrc-2010Q2:1.4.0.6 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.4 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.4.0.2 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.2.0.34 pkgsrc-2009Q3-base:1.2 pkgsrc-2009Q2:1.2.0.32 pkgsrc-2009Q2-base:1.2 pkgsrc-2009Q1:1.2.0.30 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.2.0.28 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.26 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.24 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.22 pkgsrc-2008Q2-base:1.2 cwrapper:1.2.0.20 pkgsrc-2008Q1:1.2.0.18 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.16 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.14 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.12 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.10 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.8 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.6 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.4 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.2 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.1.0.2 pkgsrc-2005Q4-base:1.1; locks; strict; comment @# @; 1.5 date 2012.06.16.15.15.06; author taca; state dead; branches; next 1.4; 1.4 date 2009.12.23.07.07.34; author taca; state Exp; branches; next 1.3; 1.3 date 2009.11.30.06.14.08; author taca; state Exp; branches; next 1.2; 1.2 date 2006.02.06.06.39.59; author martti; state Exp; branches 1.2.34.1; next 1.1; 1.1 date 2005.12.06.08.32.22; author jdolecek; state Exp; branches 1.1.2.1; next ; 1.2.34.1 date 2009.11.30.23.10.20; author tron; state Exp; branches; next 1.2.34.2; 1.2.34.2 date 2009.12.23.19.09.51; author spz; state Exp; branches; next ; 1.1.2.1 date 2006.02.15.14.12.20; author salo; state Exp; branches; next ; desc @@ 1.5 log @Remove php5 (PHP 5.2.17), please migra to php53 or php54. @ text @$NetBSD: patch-ag,v 1.4 2009/12/23 07:07:34 taca Exp $ * Ajust for pkgsrc. --- php.ini-dist.orig 2009-11-05 13:29:34.000000000 +0000 +++ php.ini-dist @@@@ -471,7 +471,7 @@@@ default_mimetype = "text/html" ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" +include_path = ".:@@PREFIX@@/lib/php" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" @@@@ -487,8 +487,9 @@@@ doc_root = ; if nonempty. user_dir = -; Directory in which the loadable extensions (modules) reside. -extension_dir = "./" +; Directory in which the loadable extensions (modules) reside. If not +; defined, then use the extension directory specified at compile-time. +; extension_dir = "./" ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically @@@@ -546,7 +547,7 @@@@ file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). -;upload_tmp_dir = +upload_tmp_dir = /tmp ; Maximum allowed size for uploaded files. upload_max_filesize = 2M @ 1.4 log @Update lang/php5 to 5.2.12, security update. Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.3 2009/11/30 06:14:08 taca Exp $ @ 1.3 log @Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry. 1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.2 2006/02/06 06:39:59 martti Exp $ a3 2 * Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017: http://svn.php.net/viewvc?view=revision&revision=289990 d5 1 a5 1 --- php.ini-dist.orig 2009-02-14 01:55:18.000000000 +0900 d28 1 a28 1 @@@@ -546,11 +547,13 @@@@ file_uploads = On a36 6 +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 100 ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; @ 1.2 log @Updated lang/php5 to 5.1.2 * HTTP Response Splitting has been addressed in ext/session and in the header() function. * Fixed format string vulnerability in ext/mysqli. * Fixed possible cross-site scripting problems in certain error conditions. * Hash & XMLWriter extensions added and enabled by default. * Upgraded OCI8 extension. * Over 85 various bug fixes. (I haven't heard anything from the MAINTAINER but since this works fine on my servers and as this fixes security issues I checked in this) @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.1 2005/12/06 08:32:22 jdolecek Exp $ d3 16 a18 3 --- php.ini-dist.orig 2005-12-30 19:15:55.000000000 +0200 +++ php.ini-dist 2006-02-05 15:36:13.000000000 +0200 @@@@ -457,8 +457,9 @@@@ d30 1 a30 1 @@@@ -508,7 +509,7 @@@@ d39 6 @ 1.2.34.1 log @Pullup ticket #2939 - requested by taca php5: security patch Revisions pulled up: - lang/php5/Makefile 1.73-1.74 - lang/php5/distinfo 1.69-1.70 - lang/php5/patches/patch-ag 1.3 - lang/php5/patches/patch-ah 1.2 - lang/php5/patches/patch-ay 1.2 - lang/php5/patches/patch-az 1.1-1.2 - lang/php5/patches/patch-ba 1.1 - lang/php5/patches/patch-bb 1.1 - lang/php5/patches/patch-bc 1.1 - lang/php5/patches/patch-bd 1.1 --- Module Name: pkgsrc Committed By: taca Date: Thu Oct 22 14:49:06 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-az Log Message: Add patch to check byte sequence more strictly in htmlspecialchars(). http://bugs.php.net/bug.php?id=49785 These are patch refrects r289411, r289554, r289565, r289567 and r289605 in PHP svn repositry. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Mon Nov 30 06:14:08 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile distinfo pkgsrc/lang/php5/patches: patch-ag patch-ah patch-ay patch-az Added Files: pkgsrc/lang/php5/patches: patch-ba patch-bb patch-bc patch-bd Log Message: Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry. 1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 16 * Ajust for pkgsrc. * Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017: http://svn.php.net/viewvc?view=revision&revision=289990 --- php.ini-dist.orig 2009-02-14 01:55:18.000000000 +0900 +++ php.ini-dist @@@@ -471,7 +471,7 @@@@ default_mimetype = "text/html" ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" +include_path = ".:@@PREFIX@@/lib/php" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" @@@@ -487,8 +487,9 @@@@ doc_root = d17 1 a17 1 @@@@ -546,11 +547,13 @@@@ file_uploads = On a25 6 +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 100 ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; @ 1.2.34.2 log @Pullup ticket 2955 - requested by taca security update Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.75 - pkgsrc/lang/php5/Makefile.common 1.39 - pkgsrc/lang/php5/PLIST 1.25 - pkgsrc/lang/php5/distinfo 1.71 - pkgsrc/lang/php5/patches/patch-ag 1.4 - pkgsrc/lang/php5/patches/patch-ah 1.3 - pkgsrc/textproc/php5-xsl/Makefile 1.13 Files removed: pkgsrc/lang/php5/patches/patch-ay pkgsrc/lang/php5/patches/patch-az pkgsrc/lang/php5/patches/patch-ba pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc pkgsrc/lang/php5/patches/patch-bd ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Dec 23 07:07:35 UTC 2009 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo pkgsrc/lang/php5/patches: patch-ag patch-ah Removed Files: pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb patch-bc patch-bd Log Message: Update lang/php5 to 5.2.12, security update. Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. To generate a diff of this commit: cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \ pkgsrc/lang/php5/patches/patch-az cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \ pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \ pkgsrc/lang/php5/patches/patch-bd -------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Dec 23 07:08:31 UTC 2009 Modified Files: pkgsrc/textproc/php5-xsl: Makefile Log Message: Reset PKGREVISION by implicit update to 5.2.12. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile @ text @d1 1 a1 1 $NetBSD: patch-ag,v 1.4 2009/12/23 07:07:34 taca Exp $ d4 2 d7 1 a7 1 --- php.ini-dist.orig 2009-11-05 13:29:34.000000000 +0000 d30 1 a30 1 @@@@ -546,7 +547,7 @@@@ file_uploads = On d39 6 @ 1.1 log @patch php.ini-dist and php.ini-recommended to comment out extension_dir and to uncomment and explicitly set upload_tmp_dir, so that this works out of box (patches adapted from www/php4) pointed out by Martti Kuparinen on tech-pkg@@ @ text @d1 5 a5 4 $NetBSD: patch-ag,v 1.6 2003/09/01 10:17:38 cjep Exp $ --- php.ini-dist.orig 2003-07-10 00:38:36.000000000 +0200 +++ php.ini-dist 2003-08-30 21:59:51.000000000 +0200 @@@@ -424,8 +424,9 @@@@ d17 1 a17 1 @@@@ -476,7 +477,7 @@@@ @ 1.1.2.1 log @Pullup ticket 1136 - requested by Martti Kuparinen security update for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.24, 1.25, 1.27 - pkgsrc/lang/php5/Makefile.common 1.14, 1.15 - pkgsrc/lang/php5/PLIST 1.9, 1.10 - pkgsrc/lang/php5/buildlink3.mk 1.10 - pkgsrc/lang/php5/distinfo 1.14 - pkgsrc/lang/php5/patches/patch-ag 1.2 - pkgsrc/lang/php5/patches/patch-ak 1.2 - pkgsrc/lang/php5/patches/patch-aj 1.3 - pkgsrc/lang/php5/patches/patch-ao 1.3 Module Name: pkgsrc Committed By: reed Date: Wed Jan 4 17:44:24 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Log Message: Use PKGMANDIR instead of "man". --- Module Name: pkgsrc Committed By: rillig Date: Thu Feb 2 20:31:17 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile PLIST Log Message: Added two missing files to the PLIST. Bumped PKGREVISION. --- Module Name: pkgsrc Committed By: martti Date: Mon Feb 6 06:39:59 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common PLIST buildlink3.mk distinfo pkgsrc/lang/php5/patches: patch-ag patch-aj patch-ak patch-ao Log Message: Updated lang/php5 to 5.1.2 * HTTP Response Splitting has been addressed in ext/session and in the header() function. * Fixed format string vulnerability in ext/mysqli. * Fixed possible cross-site scripting problems in certain error conditions. * Hash & XMLWriter extensions added and enabled by default. * Upgraded OCI8 extension. * Over 85 various bug fixes. (I haven't heard anything from the MAINTAINER but since this works fine on my servers and as this fixes security issues I checked in this) --- Module Name: pkgsrc Committed By: jdolecek Date: Mon Feb 6 20:12:55 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile.common Log Message: add fix to build php-xmlrpc and php5-dom successfully with 5.1.2 @ text @d1 4 a4 5 $NetBSD: patch-ag,v 1.2 2006/02/06 06:39:59 martti Exp $ --- php.ini-dist.orig 2005-12-30 19:15:55.000000000 +0200 +++ php.ini-dist 2006-02-05 15:36:13.000000000 +0200 @@@@ -457,8 +457,9 @@@@ d16 1 a16 1 @@@@ -508,7 +509,7 @@@@ @