- add an alert on safe_mode intrinsic insecurity and
suggest to install the suhosin extension
- enable the suhosin patch by deafult also in php4
Submitted by: Thomas Vogt <thomas@bsdunix.ch> [1]
Obtained from: PHP CVS [1]
Approved by: portmgr (clement)
- remove all slave ports
- add the ability to build all SAPIs concurrently
- update php5 to 5.1.4
*Read* the UPDATING file *before* trying to update PHP
(or at least before mailing me).
- Increase pear memory limit (requested by amd64)
- Revert apache2handler to the latest working version found in
PHP 4.4.0, since PHP developers seem not interested in
fixing the bug with apache2 and mod_rewrite
- Fix crash with threaded apache2 [2]
- Fix build when SSL is in not in base system [3] [4]
PR: ports/75737 [1], ports/74780 [2],
ports/73896 [3], ports/74886 [4]
Submitted by: Toni Viemero <toni.viemero@iki.fi> [1],
Peter Jeffery <peterj@qubesoft.com> [2],
oliver [3], William Fletcher <ultraviolet@omina.co.za> [4]
Patch by: Simon Barner <barner@gmx.de> [4]
- Fix compilation of thread-safe PHP after the PTHREAD_LIBS change
- Include md5 and blowfish support on amd64 (fix headers) [1]
- Fix vulnerability in RFC 1867 file upload processing [2]
- Fix php_variables memory disclosure [2]
- GD LZW-GIF support is now enabled by default
PR: ports/71752 [1], ports/72420 [2]
Submitted by: Adam Gregoire <bsdunx@yahoo.com> [1],
Dmitry A Grigorovich <odip@bionet.nsc.ru> [2]
Approved by: portmgr (kris)
are still needed for PECL extensions that rely on mbstring
(e.g. mail/pear-mailparse, currently broken);
Remark: the proposed patch comes from PHP's CVS (please see
<http://groups.google.com/groups?selm=cvswez1068253752%40cvsserver>).
- the next release of devel/pear-PEAR (1.3) depends of the extension
xmlrpc;
- since I'm there, let slaves ports replace COMMENT.
PR: ports/59591
Submitted By: Thierry Thomas <thierry@pompo.net>
Approved By: maintainer
o Sync with latest PHP5 changes (new DB4 extension,
use correct knobs, etc...)
PR: ports/57399
Submitted by: Alex Dupre <sysadmin@alexdupre.com> (maintainer)
o Add WITHOUT_IPV6 knob (Requested by Jens Rehsack <rehsack@liwing.de>
in ports/53754, implemented in a slightly different way).
o Add GIF and animated GIF write support by default in GD and add
WITH_LZW knob to enable the LZW compression algorithm (patented
in some countries).
o Removed gd_gif_out.diff patch and added many new patches.
PR: ports/53754, ports/53879
Requested by: Jens Rehsack <rehsack@liwing.de>
Submitted by: Alex Dupre <sysadmin@alexdupre.com> (maintainer)
o New patch-main::main.c file [2]:
- Fixed bug #24253 (missing variables when register_globals is on)
- Fixed a memory leak when more then 1 E|S flag is passed to gpc_order.
- Fixed a memory leak when variables_order is not set and gpc_order
has S|s flag.
- Optimized out duplicate parsing of the variables order string.
PR: ports/53609
Submitted by: Alex Dupre <sysadmin@alexdupre.com> (maintainer)
Patched by: Thierry Thomas [1]
Requested by: Ian Service [2]
(enable with WITH_GD_GIF_OUT - not default due to LZW
patent in many countries)
PR: ports/53631
Submitted by: Alex Dupre <sysadmin@alexdupre.com> (maintainer)
