head 1.6;
access;
symbols
pkgsrc-2013Q2:1.6.0.4
pkgsrc-2013Q2-base:1.6
pkgsrc-2012Q4:1.6.0.2
pkgsrc-2012Q4-base:1.6
pkgsrc-2012Q1:1.5.0.26
pkgsrc-2012Q1-base:1.5
pkgsrc-2011Q4:1.5.0.24
pkgsrc-2011Q4-base:1.5
pkgsrc-2011Q3:1.5.0.22
pkgsrc-2011Q3-base:1.5
pkgsrc-2011Q2:1.5.0.20
pkgsrc-2011Q2-base:1.5
pkgsrc-2011Q1:1.5.0.18
pkgsrc-2011Q1-base:1.5
pkgsrc-2010Q4:1.5.0.16
pkgsrc-2010Q4-base:1.5
pkgsrc-2010Q3:1.5.0.14
pkgsrc-2010Q3-base:1.5
pkgsrc-2010Q2:1.5.0.12
pkgsrc-2010Q2-base:1.5
pkgsrc-2010Q1:1.5.0.10
pkgsrc-2010Q1-base:1.5
pkgsrc-2009Q4:1.5.0.8
pkgsrc-2009Q4-base:1.5
pkgsrc-2009Q3:1.5.0.6
pkgsrc-2009Q3-base:1.5
pkgsrc-2009Q2:1.5.0.4
pkgsrc-2009Q2-base:1.5
pkgsrc-2009Q1:1.5.0.2
pkgsrc-2009Q1-base:1.5
pkgsrc-2008Q4:1.4.0.12
pkgsrc-2008Q4-base:1.4
pkgsrc-2008Q3:1.4.0.10
pkgsrc-2008Q3-base:1.4
cube-native-xorg:1.4.0.8
cube-native-xorg-base:1.4
pkgsrc-2008Q2:1.4.0.6
pkgsrc-2008Q2-base:1.4
pkgsrc-2008Q1:1.4.0.4
pkgsrc-2008Q1-base:1.4
pkgsrc-2007Q4:1.4.0.2
pkgsrc-2007Q4-base:1.4
pkgsrc-2007Q3:1.3.0.2
pkgsrc-2007Q3-base:1.3
pkgsrc-2007Q2:1.2.0.10
pkgsrc-2007Q2-base:1.2
pkgsrc-2007Q1:1.2.0.8
pkgsrc-2007Q1-base:1.2
pkgsrc-2006Q4:1.2.0.6
pkgsrc-2006Q4-base:1.2
pkgsrc-2006Q3:1.2.0.4
pkgsrc-2006Q3-base:1.2
pkgsrc-2006Q2:1.2.0.2
pkgsrc-2006Q2-base:1.2
pkgsrc-2006Q1:1.1.0.2;
locks; strict;
comment @# @;
1.6
date 2012.06.16.15.15.06; author taca; state dead;
branches;
next 1.5;
1.5
date 2009.02.21.17.01.52; author adrianp; state Exp;
branches;
next 1.4;
1.4
date 2007.11.23.13.20.01; author adrianp; state dead;
branches
1.4.12.1;
next 1.3;
1.3
date 2007.09.11.20.14.46; author jdolecek; state Exp;
branches
1.3.2.1;
next 1.2;
1.2
date 2006.05.06.22.42.44; author jdolecek; state dead;
branches;
next 1.1;
1.1
date 2006.04.14.13.48.33; author cube; state Exp;
branches
1.1.2.1;
next ;
1.4.12.1
date 2009.03.15.19.21.22; author tron; state Exp;
branches;
next ;
1.3.2.1
date 2007.12.05.14.07.20; author ghen; state dead;
branches;
next ;
1.1.2.1
date 2006.04.14.13.48.33; author salo; state dead;
branches;
next 1.1.2.2;
1.1.2.2
date 2006.04.19.00.12.27; author salo; state Exp;
branches;
next ;
desc
@@
1.6
log
@Remove php5 (PHP 5.2.17), please migra to php53 or php54.
@
text
@$NetBSD: patch-ar,v 1.5 2009/02/21 17:01:52 adrianp Exp $
--- acinclude.m4.orig 2008-09-08 03:24:38.000000000 -0700
+++ acinclude.m4
@@@@ -2332,7 +2332,7 @@@@ AC_DEFUN([PHP_SETUP_OPENSSL],[
if test "$found_openssl" = "no"; then
if test "$PHP_OPENSSL_DIR" = "yes"; then
- PHP_OPENSSL_DIR="/usr/local/ssl /usr/local /usr /usr/local/openssl"
+ PHP_OPENSSL_DIR="/usr/local/ssl /usr/local /usr /usr/local/openssl /"
fi
for i in $PHP_OPENSSL_DIR; do
@
1.5
log
@When building extensions make sure non-standard OpenSSL locations are
also searched if an explicit path is not given.
@
text
@d1 1
a1 1
$NetBSD$
@
1.4
log
@Update to 5.2.5
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
@
text
@d1 1
a1 1
$NetBSD: patch-ar,v 1.3 2007/09/11 20:14:46 jdolecek Exp $
d3 9
a11 5
--- Zend/zend_extensions.c.orig 2007-09-11 22:00:50.000000000 +0200
+++ Zend/zend_extensions.c
@@@@ -243,7 +243,7 @@@@ void *zend_mh_bundle_load(char* bundle_p
return NULL;
}
d13 1
a13 5
- bundle_handle = NSLinkModule(bundle_image, bundle_path, NSLINKMODULE_OPTION_PRIVATE);
+ bundle_handle = NSLinkModule(bundle_image, bundle_path, NSLINKMODULE_OPTION_NONE);
NSDestroyObjectFileImage(bundle_image);
/* call the init function of the bundle */
@
1.4.12.1
log
@Pullup ticket #2721 - requested by adrianp
php5: security update
Revisions pulled up:
- lang/php5/MESSAGE.suhosin 1.1 via patch
- lang/php5/Makefile 1.71 via patch
- lang/php5/Makefile.common 1.35
- lang/php5/Makefile.php 1.33-1.34
- lang/php5/PLIST 1.21
- lang/php5/distinfo 1.61-1.62
- lang/php5/patches/patch-an patch
- lang/php5/patches/patch-ar patch
- lang/php5/patches/patch-as delete
---
Module Name: pkgsrc
Committed By: adrianp
Date: Mon Mar 2 22:52:17 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common Makefile.php PLIST distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-as
Log Message:
The PHP development team would like to announce the immediate availability of PHP 5.2.9. This release focuses on improving the stability of the PHP 5.2.x branch with over 50 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.9:
* Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
* Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
* Fixed explode() behavior with empty string to respect negative limit. (Shire)
* Fixed a segfault when malformed string is passed to json_decode(). (Scott)
Key enhancements in PHP 5.2.9 include:
* Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
* Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)
* A number of fixes in the mbstring extension (Moriyoshi)
* Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)
* Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)
* Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott)
* Fixed bug #46889 (Memory leak in strtotime()). (Derick)
* Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry)
* Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)
* Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)
* Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)
* Over 50 bug fixes.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Mar 5 23:22:24 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile.php distinfo
Log Message:
Add back suhosin patch as a new one for 5.2.9 is out
@
text
@d1 1
a1 1
$NetBSD: patch-ar,v 1.5 2009/02/21 17:01:52 adrianp Exp $
d3 5
a7 9
--- acinclude.m4.orig 2008-09-08 03:24:38.000000000 -0700
+++ acinclude.m4
@@@@ -2332,7 +2332,7 @@@@ AC_DEFUN([PHP_SETUP_OPENSSL],[
if test "$found_openssl" = "no"; then
if test "$PHP_OPENSSL_DIR" = "yes"; then
- PHP_OPENSSL_DIR="/usr/local/ssl /usr/local /usr /usr/local/openssl"
+ PHP_OPENSSL_DIR="/usr/local/ssl /usr/local /usr /usr/local/openssl /"
fi
d9 5
a13 1
for i in $PHP_OPENSSL_DIR; do
@
1.3
log
@add a patch to also adjust the Mac OS X-specific NSLinkModule()-based
extension loading code to export all symbols (i.e. do equivalent
of dlopen(..., RTLD_GLOBAL)), so that older Mac OS X without dlopen()
(before 10.4) also load extensions properly
patch also submitted as PHP bug# 42629
@
text
@d1 1
a1 1
$NetBSD$
@
1.3.2.1
log
@Pullup ticket 2239 - requested by adrianp
security update for php5
- pkgsrc/lang/php5/Makefile 1.62
- pkgsrc/lang/php5/Makefile.common 1.28
- pkgsrc/lang/php5/distinfo 1.50
- pkgsrc/lang/php5/patches/patch-ao removed
- pkgsrc/lang/php5/patches/patch-ar removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Nov 23 13:20:01 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ao patch-ar
Log Message:
Update to 5.2.5
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob() functions.
Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported by
SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to
non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using
ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(),
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with
fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale
rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
@
text
@d1 1
a1 1
$NetBSD: patch-ar,v 1.3 2007/09/11 20:14:46 jdolecek Exp $
@
1.2
log
@Update lang/php5 to 5.1.4.
Some of the key changes include:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bundled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises
a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions.
* Over 120 various bug fixes.
See release annoucement on:
http://www.php.net/release_5_1_3.php
And ChangeLog:
http://www.php.net/ChangeLog-5.php#5.1.3
@
text
@d1 1
a1 1
$NetBSD: patch-ar,v 1.1 2006/04/14 13:48:33 cube Exp $
d3 5
a7 3
--- ext/standard/info.c.orig 2006-04-14 14:03:22.000000000 +0200
+++ ext/standard/info.c
@@@@ -58,6 +58,23 @@@@ ZEND_EXTERN_MODULE_GLOBALS(iconv)
d9 3
a11 19
PHPAPI extern char *php_ini_opened_path;
PHPAPI extern char *php_ini_scanned_files;
+
+static int php_info_write_wrapper(const char *str, uint str_length)
+{
+ int new_len, written;
+ char *elem_esc;
+
+ TSRMLS_FETCH();
+
+ elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
+
+ written = php_body_write(elem_esc, new_len TSRMLS_CC);
+
+ efree(elem_esc);
+
+ return written;
+}
+
d13 1
a13 35
/* {{{ _display_module_info
*/
@@@@ -135,30 +152,13 @@@@ static void php_print_gpcse_array(char *
PUTS(" => ");
}
if (Z_TYPE_PP(tmp) == IS_ARRAY) {
- zval *tmp3;
-
- MAKE_STD_ZVAL(tmp3);
-
if (!sapi_module.phpinfo_as_text) {
PUTS("");
- }
- php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
-
- zend_print_zval_r(*tmp, 0 TSRMLS_CC);
-
- php_ob_get_buffer(tmp3 TSRMLS_CC);
- php_end_ob_buffer(0, 0 TSRMLS_CC);
-
- if (!sapi_module.phpinfo_as_text) {
- elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
- PUTS(elem_esc);
- efree(elem_esc);
+ zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
PUTS("");
} else {
- PUTS(Z_STRVAL_P(tmp3));
+ zend_print_zval_r(*tmp, 0 TSRMLS_CC);
}
- zval_ptr_dtor(&tmp3);
-
} else if (Z_TYPE_PP(tmp) != IS_STRING) {
tmp2 = **tmp;
zval_copy_ctor(&tmp2);
@
1.1
log
@The actual patches for PHP4/5.
@
text
@d1 1
a1 1
$NetBSD$
@
1.1.2.1
log
@file patch-ar was added on branch pkgsrc-2006Q1 on 2006-04-14 13:48:33 +0000
@
text
@d1 61
@
1.1.2.2
log
@Pullup ticket 1406 - requested by cube
security fixes for php
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.29
- pkgsrc/lang/php5/Makefile.php 1.18
- pkgsrc/lang/php5/distinfo 1.15
- pkgsrc/lang/php5/patches/patch-ap 1.1
- pkgsrc/lang/php5/patches/patch-aq 1.1
- pkgsrc/lang/php5/patches/patch-ar 1.1
- pkgsrc/www/php4/Makefile 1.63
- pkgsrc/www/php4/distinfo 1.52
- pkgsrc/www/php4/patches/patch-aq 1.1
- pkgsrc/www/php4/patches/patch-ar 1.1
- pkgsrc/www/php4/patches/patch-as 1.1
- pkgsrc/www/ap-php/Makefile 1.9
Module Name: pkgsrc
Committed By: cube
Date: Fri Apr 14 13:47:30 UTC 2006
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.php distinfo
pkgsrc/www/ap-php: Makefile
pkgsrc/www/php4: Makefile distinfo
Log Message:
PHP4/5 security changes... They're not critical issues; secunia classes
them between "not critical" and "less critical".
Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.
See:
http://secunia.com/advisories/19383/
http://secunia.com/advisories/19599/
Patches were extracted from CVS. I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why; I can confirm it fixes the issue).
While here, add PATCHDIR to the list of variables php5's Makefile.php
defines. That way, ap-php gets patched too...
---
Module Name: pkgsrc
Committed By: cube
Date: Fri Apr 14 13:48:33 UTC 2006
Added Files:
pkgsrc/lang/php5/patches: patch-ap patch-aq patch-ar
pkgsrc/www/php4/patches: patch-aq patch-ar patch-as
Log Message:
The actual patches for PHP4/5.
@
text
@a0 61
$NetBSD: patch-ar,v 1.1.2.1 2006/04/19 00:12:27 salo Exp $
--- ext/standard/info.c.orig 2006-04-14 14:03:22.000000000 +0200
+++ ext/standard/info.c
@@@@ -58,6 +58,23 @@@@ ZEND_EXTERN_MODULE_GLOBALS(iconv)
PHPAPI extern char *php_ini_opened_path;
PHPAPI extern char *php_ini_scanned_files;
+
+static int php_info_write_wrapper(const char *str, uint str_length)
+{
+ int new_len, written;
+ char *elem_esc;
+
+ TSRMLS_FETCH();
+
+ elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
+
+ written = php_body_write(elem_esc, new_len TSRMLS_CC);
+
+ efree(elem_esc);
+
+ return written;
+}
+
/* {{{ _display_module_info
*/
@@@@ -135,30 +152,13 @@@@ static void php_print_gpcse_array(char *
PUTS(" => ");
}
if (Z_TYPE_PP(tmp) == IS_ARRAY) {
- zval *tmp3;
-
- MAKE_STD_ZVAL(tmp3);
-
if (!sapi_module.phpinfo_as_text) {
PUTS("");
- }
- php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
-
- zend_print_zval_r(*tmp, 0 TSRMLS_CC);
-
- php_ob_get_buffer(tmp3 TSRMLS_CC);
- php_end_ob_buffer(0, 0 TSRMLS_CC);
-
- if (!sapi_module.phpinfo_as_text) {
- elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
- PUTS(elem_esc);
- efree(elem_esc);
+ zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
PUTS("");
} else {
- PUTS(Z_STRVAL_P(tmp3));
+ zend_print_zval_r(*tmp, 0 TSRMLS_CC);
}
- zval_ptr_dtor(&tmp3);
-
} else if (Z_TYPE_PP(tmp) != IS_STRING) {
tmp2 = **tmp;
zval_copy_ctor(&tmp2);
@