Commit Graph

75 Commits

Author SHA1 Message Date
Gustavo Zacarias
ec6bd7cdee php: security bump to version 5.3.26
Fixes CVE-2013-2110.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-10 14:09:27 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Gustavo Zacarias
7e50472ca8 php: bump to version 5.3.25
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-03 09:14:43 +02:00
Thomas Petazzoni
331b14a2ae qt, php: selecting mysql requires depending on MMU
The mysql_client package is only available on architectures having a
MMU, so all packages that are selecting mysql_client should depend on
BR2_USE_MMU.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-29 22:56:13 +02:00
Gustavo Zacarias
e08e72d7d1 php: fix libxml2 build failure
The libxml2 build test uses the PHP_TEST_BUILD macro which in turn uses
AC_TRY_RUN which is bad for cross compilations.
Force php_cv_libxml_build_works to yes when libxml2 is selected. Fixes:
http://autobuild.buildroot.net/results/8b45a1260ab6ae15dc59a5d6b5b98698ec3e7bbe/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-26 16:42:06 +02:00
Gustavo Zacarias
ba3385dc90 php: bump to version 5.3.24
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-22 10:54:37 +02:00
Gustavo Zacarias
ff2038924f php: fix typo for fileinfo extension
As reported by Aleksandar <aleksandar.zivkovic@gmail.com> in bug #6140

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-03-27 15:54:14 +01:00
Gustavo Zacarias
77b298c67e php: security bump to version 5.3.23
Fixes CVE-2013-1635 and CVE-2013-1643.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-03-20 23:27:11 +01:00
Gustavo Zacarias
289f3a33a4 php: bump to version 5.3.22
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-03-01 16:15:20 +01:00
Thomas Petazzoni
a5ce857674 package: use <pkg>_CONFIG_SCRIPTS wherever possible
Use the <pkg>_CONFIG_SCRIPTS mechanism in all packages for which it
does all what the package was doing. A few packages, like libxslt, are
for now left out, since they need some additional fixup (for example a
fixup of includedir).

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-02-08 22:34:26 +01:00
Gustavo Zacarias
4c1576042e php: bump to version 5.3.20
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-26 23:41:46 +01:00
Gustavo Zacarias
a72ae74337 php: bump to version 5.3.19
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-12-05 00:39:52 -08:00
Thomas Petazzoni
5995d68f95 php: fix C++ link issue
The intl module is implemented in C++, but PHP fails to use g++ as the
compiler for the final link. As a workaround, tell it to link
with libstdc++.

Fixes:

  http://autobuild.buildroot.org/results/13eefdf2121fa1aea7a844bbed8b6cbce3b45996/build-end.log

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-11-17 23:49:16 +01:00
Gustavo Zacarias
45072fc407 php: bump to version 5.3.18
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-10-30 22:37:16 +01:00
Gustavo Zacarias
ca56df4e44 php: bump to version 5.3.16
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-09-04 22:02:15 +02:00
Gustavo Zacarias
60279fb153 php: security bump to version 5.3.15
Fix for CVE-2012-2688 (potential overflow in _php_stream_scandir),
CVE-2012-3365 (SQLite open_basedir bypass) and other misc bugfixes.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-23 22:11:41 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Thomas Petazzoni
7944f19740 php: force cross-compilation
This fixes build problems like
http://autobuild.buildroot.org/results/e3c5815766fdcf3f13b06fa0758ec418618ac4be/build-end.log.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-06-23 22:00:41 +02:00
Gustavo Zacarias
74b442c8b4 php: security bump to version 5.3.14
Bump php to version 5.3.14 to fix CVE-2012-2143 and other assorted bugs.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-06-17 19:23:08 +02:00
Gustavo Zacarias
12d80fcf93 php: fix WDDX extension build failure
Fix WDDX extension build failure.
The documentation and source are conflicting about this, in theory
libexpat support is deprecated and libxml2 can replace it, but it seems
not so for WDDX, so pull in expat for it.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-06-05 08:53:19 +02:00
Gustavo Zacarias
48189d9500 php: fix build error for snmp extension
PHP requires that net-snmp be built with the ability to load MIB code,
so force it on when the extension is enabled.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-06-04 23:27:48 +02:00
Gustavo Zacarias
aeb9350cfb php: security bump to version 5.3.13 and enhance
Bump php to version 5.3.13 to solve multiple CVEs.
The 5.2 series is no longer maintained.

The PCRE and SPL extensions are no longer optional.
Reflection is no longer optional either.

Ncurses was spun out to PECL.

Add a ton of new extensions and give more granular options on others
(like the libxml2-based ones).

The FastCGI option no longer exists, it's always on as long as CGI is.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-21 13:30:52 +02:00
Peter Korsgaard
9374f6c125 php: fixup paths in php-config for cross compilation
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-05-01 10:51:57 +02:00
Gustavo Zacarias
30ed378a97 php: fix build breakage
The zip extension requires zlib, so select it.

[Peter: Only select zlib, not php zlib extension]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-11-26 13:55:11 +01:00
Thomas Petazzoni
300f9c9c9d package: remove useless arguments from AUTOTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:12:27 +02:00
Gustavo Zacarias
b3395489fe php: security bump to 5.2.17
PHP bug #53632 and CVE-2010-4645, where conversions from string to
double might cause the PHP interpreter to hang on systems using x87 FPU
registers.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-01-17 20:50:17 +01:00
Peter Korsgaard
b25cf0a05c php: fix CFLAGS handling
The shell doesn't understand += assignments. Fixes a build issue with
sqlite extension and !largefile (and possibly with ext toolchains as well).

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-01-02 22:53:16 +01:00
Peter Korsgaard
6527001c9d php: fix gmp extension build after libgmp bump
Patch from php svn r295402.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-12-28 08:52:14 +01:00
Gustavo Zacarias
eb8390d66f php: libgmp was renamed to gmp
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-12-27 22:00:59 +01:00
Gustavo Zacarias
1ecf423dfb php: security bump to version 5.2.16
* Fixed extract() to do not overwrite $GLOBALS and $this when using
  EXTR_OVERWRITE.

* Fixed crash in zip extract method (possible CWE-170).

* Fixed a possible double free in imap extension.

* Fixed possible flaw in open_basedir (CVE-2010-3436).

* Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
  (CVE-2010-3709).

* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
  with large amount of data).

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-12-22 22:53:57 +01:00
Thomas Rudin
972cd4229b php: add process control support
Closes #2791

Signed-off-by: Thomas Rudin <thomas@rudin.li>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-11-24 23:12:54 +01:00
Thomas Petazzoni
c692a3e443 php: convert old-style hooks to new-style hooks
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-09-12 19:24:59 +02:00
Gustavo Zacarias
a022ab5e01 Security bump php to 5.2.14
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2010-08-24 09:30:41 +02:00
Peter Korsgaard
6ef765d3bd php: filter plugin depends on pcre
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-07-22 13:08:24 +02:00
Peter Korsgaard
68fe213daa php: pdo mysql extension needs C++ support in toolchain
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-07-21 23:45:36 +02:00
Gustavo Zacarias
d9c2b63674 php: add sqlite3 dependency when using external
Closes #1945

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-06-06 22:46:19 +02:00
Peter Korsgaard
b730010c90 package: gettext needs WCHAR support
gettext needs WCHAR support in the toolchain, and as libglib2 depends on
gettext and lots of stuff depends on libglib2, quite a lot of packages
needs to have their dependencies adjusted.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-05-25 23:38:44 +02:00
Thomas Petazzoni
542fbe8520 Make all package using gettext rely on BR2_NEEDS_GETTEXT
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-05-20 22:34:27 +02:00
Thomas Petazzoni
fcdc9f891d php: make sure either CLI or CGI is selected
When neither CLI nor CGI is selected, PHP's configure script fails
with:

checking whether to build CGI binary... configure: error: No SAPIs selected.

Of couse, the help text of the options says that at least one of them
should be selected, but when doing testing with randpackageconfig,
noone is reading these help texts.

Therefore, based on the suggestion of Yann E. Morin, modify the
Config.in organization so that at least one of the option is selected.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-05-09 23:25:06 +02:00
Gustavo Zacarias
0fd372457e php: bump version
Closes #1429

[Peter: stick to bz2 upstream]
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-31 10:44:45 +02:00
Peter Korsgaard
a96be19bc3 package: remove redundant DISABLE_{IPV6,NLS,LARGEFILE} configure args
Makefile.autotools.in automatically adds these to the configure invocation,
so there's no need to explicitly list them.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-03-22 14:29:00 +01:00
Gustavo Zacarias
e052e9709a Bump php to 5.2.12
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-01-29 15:00:16 +01:00
Peter Korsgaard
bba2fd540b php: fix pdo sqlite compilation with !BR2_LARGEFILE
Similar fix as with the sqlite package.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-11-23 14:25:24 +01:00
Gustavo Zacarias
829d4ff63c Update php package to 5.2.11
Security Enhancements and Fixes in PHP 5.2.11:

   * Fixed certificate validation inside php_openssl_apply_verification_policy
   * Fixed sanity check for the color index in imagecolortransparent()
   * Added missing sanity checks around exif processing
   * Fixed bug #44683 (popen crashes when an invalid mode is passed)

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-10-09 15:38:41 +02:00
Will Newton
422ce6536b package: Remove unnecessary dependencies on uclibc.
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.

Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-09-03 20:22:38 +02:00
Gustavo Zacarias
93308ccba3 php: bump version
Closes #409.

php-5.2.10 is out, mostly misc bugfixes, one small security fix:

Security Enhancements and Fixes in PHP 5.2.10:

    * Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg
files). (Pierre)

Key enhancements in PHP 5.2.10 include:

    * Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
    * Fixed memory corruptions while reading properties of zip files. (Ilia)
    * Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
    * Fixed segfault on invalid session.save_path. (Hannes)
    * Fixed leaks in imap when a mail_criteria is used. (Pierre)
    * Changed default value of array_unique()'s optional sorting type parameter
back to SORT_STRING to fix backwards compatibility breakage introduced in PHP
5.2.9. (Moriyoshi)
    * Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
    * Fixed bug #47903 ("@" operator does not work with string offsets).
(Felipe)
    * Fixed bug #47644 (Valid integers are truncated with json_decode()).
(Scott)
    * Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong
result). (Ilia)
    * Fixed bug #47365 (ip2long() may allow some invalid values on certain
64bit systems).
    * Over 100 bug fixes.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2009-06-23 09:26:27 +02:00
Peter Korsgaard
b8a8f1c434 php: touch post-install stamp file 2009-03-05 21:38:36 +00:00
Peter Korsgaard
ee0bbc04ff php: only overwrite php.ini if not present in target_skeleton
Allow platforms to provide a custom php.ini in their target_skeleton.
2009-03-04 20:58:12 +00:00
Peter Korsgaard
7685dd41e1 php: convert to Makefile.autotools.in and other improvements
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>

Closes #5, #77, #141 and #143.

* Migrate php package to Makefile.autotools.in

* Make PCRE regex an option (previously forced on)

* Add calendar option from bug #77

* Add external sqlite3 option from bug #141
New option BR2_PACKAGE_PHP_PDO_SQLITE_EXTERNAL

* Add alternate php.ini configuration option from bug #5
Named BR2_PACKAGE_PHP_CONFIG and defaults to shipped config.
In most scenarios the shipped config isn't good enough, it has
a high memory limit for embedded for example.

* Changed some options from depends to select
Namely openssl, libxml2, zlib, gettext, gmp.

* Disabled some 'y' defaults to make things lighter by default
Namely libxml2, sqlite, pdo and pdo_sqlite.

* Made some of the extensions help text more verbose
2009-03-04 20:58:08 +00:00
Peter Korsgaard
0d5dfaa085 php: bump version
Fixes Fixes CVE-2008-5498, closes #137.

Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>
2009-03-02 19:05:33 +00:00