head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.22 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.20 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.18 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.16 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.14 pkgsrc-2009Q4-base:1.6 pkgsrc-2008Q4:1.6.0.12 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.10 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.8 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.6 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.4 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.2 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.5.0.2 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.4.0.8 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.6 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.4 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.2 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.2.0.2 pkgsrc-2005Q4-base:1.2; locks; strict; comment @# @; 1.6 date 2007.11.23.13.20.01; author adrianp; state dead; branches; next 1.5; 1.5 date 2007.09.02.21.13.43; author jdolecek; state Exp; branches 1.5.2.1; next 1.4; 1.4 date 2006.08.19.16.44.15; author taca; state dead; branches; next 1.3; 1.3 date 2006.02.06.06.39.59; author martti; state Exp; branches; next 1.2; 1.2 date 2005.12.04.12.02.08; author jdolecek; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2005.12.03.18.53.57; author jdolecek; state Exp; branches; next ; 1.5.2.1 date 2007.12.05.14.07.20; author ghen; state dead; branches; next ; 1.2.2.1 date 2006.02.15.14.12.20; author salo; state Exp; branches; next ; desc @@ 1.6 log @Update to 5.2.5 * Security Enhancements and Fixes in PHP 5.2.5: Fixed dl() to only accept filenames. Reported by Laurent Gaffie. Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason. Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms). Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Key enhancements in PHP 5.2.5 include: Upgraded PCRE to version 7.3 Updated timezone database to version 2007.9 Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()) Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax) Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23) Over 60 bug fixes. For all the details see: http://www.php.net/ChangeLog-5.php#5.2.5 @ text @$NetBSD: patch-ao,v 1.5 2007/09/02 21:13:43 jdolecek Exp $ --- ext/bz2/php_bz2.h.orig 2007-09-02 20:11:08.000000000 +0200 +++ ext/bz2/php_bz2.h @@@@ -51,7 +51,7 @@@@ PHP_BZ2_API php_stream *_php_stream_bz2o #define php_stream_bz2open_from_BZFILE(bz, mode, innerstream) _php_stream_bz2open_from_BZFILE((bz), (mode), (innerstream) STREAMS_CC TSRMLS_CC) #define php_stream_bz2open(wrapper, path, mode, options, opened_path) _php_stream_bz2open((wrapper), (path), (mode), (options), (opened_path), NULL STREAMS_CC TSRMLS_CC) -php_stream_filter_factory php_bz2_filter_factory; +extern php_stream_filter_factory php_bz2_filter_factory; extern php_stream_ops php_stream_bz2io_ops; #define PHP_STREAM_IS_BZIP2 &php_stream_bz2io_ops @ 1.5 log @fix build of php-bz2 on Mac OS X @ text @d1 1 a1 1 $NetBSD$ @ 1.5.2.1 log @Pullup ticket 2239 - requested by adrianp security update for php5 - pkgsrc/lang/php5/Makefile 1.62 - pkgsrc/lang/php5/Makefile.common 1.28 - pkgsrc/lang/php5/distinfo 1.50 - pkgsrc/lang/php5/patches/patch-ao removed - pkgsrc/lang/php5/patches/patch-ar removed Module Name: pkgsrc Committed By: adrianp Date: Fri Nov 23 13:20:01 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Removed Files: pkgsrc/lang/php5/patches: patch-ao patch-ar Log Message: Update to 5.2.5 * Security Enhancements and Fixes in PHP 5.2.5: Fixed dl() to only accept filenames. Reported by Laurent Gaffie. Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason. Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms). Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Key enhancements in PHP 5.2.5 include: Upgraded PCRE to version 7.3 Updated timezone database to version 2007.9 Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()) Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax) Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23) Over 60 bug fixes. For all the details see: http://www.php.net/ChangeLog-5.php#5.2.5 @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.5 2007/09/02 21:13:43 jdolecek Exp $ @ 1.4 log @Update php5 package to 5.1.5: 17 Aug 2006, PHP 5.1.5 - Fixed memory_limit on 64bit systems. (Stefan E.) - Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) - Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E., Ilia) - Fixed bug #38322 (reading past array in sscanf() leads to arbitrary code execution). (Tony) - Fixed bug #38125 (undefined reference to spl_dual_it_free_storage). (Marcus) - Fixed bug #38112 (corrupted gif segfaults) (Pierre) - Fixed bug #37587 (var without attribute causes segfault). (Marcus) - Fixed bug #37576 (FastCGI env (cgi vars) table overflow). (Piotr) - Fixed bug #37496 (FastCGI output buffer overrun). (Piotr, Dmitry) - Fixed bug #37487 (oci_fetch_array() array-type should always default to OCI_BOTH). (Tony) - Fixed bug #37416 (iterator_to_array() hides exceptions thrown in rewind() method). (Tony) - Fixed bug #37392 (Unnecessary call to OCITransRollback() at the end of request). (Tony) - Fixed bug #37341 ($_SERVER in included file is shortened to two entries, if $_ENV gets used). (Dmitry) - Fixed bug #37313 (sigemptyset() used without including ). (jdolecek) - Fixed bug #37346 (invalid colormap format) (Pierre) - Fixed bug #37360 (invalid gif size) (Pierre) - Fixed bug #37306 (max_execution_time = max_input_time). (Dmitry) - Fixed Bug #37278 (SOAP not respecting uri in __soapCall). (Dmitry) - Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()). (Ilia) - Fixed bug #37256 (php-fastcgi dosen't handle connection abort). (Dmitry) @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.3 2006/02/06 06:39:59 martti Exp $ d3 5 a7 5 --- ext/bz2/bz2_filter.c.orig 2006-01-01 14:50:00.000000000 +0200 +++ ext/bz2/bz2_filter.c 2006-02-05 15:37:44.000000000 +0200 @@@@ -22,6 +22,10 @@@@ #include "config.h" #endif d9 4 a12 6 +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "php.h" #include "php_bz2.h" @ 1.3 log @Updated lang/php5 to 5.1.2 * HTTP Response Splitting has been addressed in ext/session and in the header() function. * Fixed format string vulnerability in ext/mysqli. * Fixed possible cross-site scripting problems in certain error conditions. * Hash & XMLWriter extensions added and enabled by default. * Upgraded OCI8 extension. * Over 85 various bug fixes. (I haven't heard anything from the MAINTAINER but since this works fine on my servers and as this fixes security issues I checked in this) @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.2 2005/12/04 12:02:08 jdolecek Exp $ @ 1.2 log @regen patch-ao with less context lines to avoid $Id$ in the original file (using pkgdiff now) PR: 32233 by Peter Avalos @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 3 --- ext/bz2/bz2_filter.c.orig 2005-08-03 16:06:39.000000000 +0200 +++ ext/bz2/bz2_filter.c @@@@ -20,2 +20,6 @@@@ d14 2 @ 1.2.2.1 log @Pullup ticket 1136 - requested by Martti Kuparinen security update for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.24, 1.25, 1.27 - pkgsrc/lang/php5/Makefile.common 1.14, 1.15 - pkgsrc/lang/php5/PLIST 1.9, 1.10 - pkgsrc/lang/php5/buildlink3.mk 1.10 - pkgsrc/lang/php5/distinfo 1.14 - pkgsrc/lang/php5/patches/patch-ag 1.2 - pkgsrc/lang/php5/patches/patch-ak 1.2 - pkgsrc/lang/php5/patches/patch-aj 1.3 - pkgsrc/lang/php5/patches/patch-ao 1.3 Module Name: pkgsrc Committed By: reed Date: Wed Jan 4 17:44:24 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Log Message: Use PKGMANDIR instead of "man". --- Module Name: pkgsrc Committed By: rillig Date: Thu Feb 2 20:31:17 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile PLIST Log Message: Added two missing files to the PLIST. Bumped PKGREVISION. --- Module Name: pkgsrc Committed By: martti Date: Mon Feb 6 06:39:59 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common PLIST buildlink3.mk distinfo pkgsrc/lang/php5/patches: patch-ag patch-aj patch-ak patch-ao Log Message: Updated lang/php5 to 5.1.2 * HTTP Response Splitting has been addressed in ext/session and in the header() function. * Fixed format string vulnerability in ext/mysqli. * Fixed possible cross-site scripting problems in certain error conditions. * Hash & XMLWriter extensions added and enabled by default. * Upgraded OCI8 extension. * Over 85 various bug fixes. (I haven't heard anything from the MAINTAINER but since this works fine on my servers and as this fixes security issues I checked in this) --- Module Name: pkgsrc Committed By: jdolecek Date: Mon Feb 6 20:12:55 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile.common Log Message: add fix to build php-xmlrpc and php5-dom successfully with 5.1.2 @ text @d1 1 a1 1 $NetBSD: patch-ao,v 1.3 2006/02/06 06:39:59 martti Exp $ d3 3 a5 5 --- ext/bz2/bz2_filter.c.orig 2006-01-01 14:50:00.000000000 +0200 +++ ext/bz2/bz2_filter.c 2006-02-05 15:37:44.000000000 +0200 @@@@ -22,6 +22,10 @@@@ #include "config.h" #endif a11 2 #include "php_bz2.h" @ 1.1 log @Update PHP5 to version 5.1.1. Some of the key features include: * A complete rewrite of date handling code, with improved timezone support. * Significant performance improvements compared to PHP 5.0.X. * PDO extension is now enabled by default (separate pkg for pkgsrc) * Over 30 new functions in various extensions and built-in functionality. * Bundled libraries, PCRE and SQLite upgraded to latest versions. * Over 400 various bug fixes. * PEAR upgraded to version 1.4.5 This release also fixes various security problems discovered in 5.0.X. @ text @d3 3 a5 5 --- ext/bz2/bz2_filter.c.orig 2005-11-25 08:40:07.000000000 +0100 +++ ext/bz2/bz2_filter.c 2005-11-25 00:07:50.000000000 +0100 @@@@ -18,6 +18,10 @@@@ /* $Id: bz2_filter.c,v 1.3 2005/08/03 14:06:39 sniper Exp $ */ a11 2 #include "php_bz2.h" @