PHP bug #53632 and CVE-2010-4645, where conversions from string to
double might cause the PHP interpreter to hang on systems using x87 FPU
registers.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
The shell doesn't understand += assignments. Fixes a build issue with
sqlite extension and !largefile (and possibly with ext toolchains as well).
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Fixed extract() to do not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE.
* Fixed crash in zip extract method (possible CWE-170).
* Fixed a possible double free in imap extension.
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed NULL pointer dereference in ZipArchive::getArchiveComment.
(CVE-2010-3709).
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL
with large amount of data).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Makefile.autotools.in automatically adds these to the configure invocation,
so there's no need to explicitly list them.
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy
* Fixed sanity check for the color index in imagecolortransparent()
* Added missing sanity checks around exif processing
* Fixed bug #44683 (popen crashes when an invalid mode is passed)
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
A C library will have been built by the toolchain makefiles, so there is no
need for packages to explicitly depend on uclibc.
Signed-off-by: Will Newton <will.newton@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Closes#409.
php-5.2.10 is out, mostly misc bugfixes, one small security fix:
Security Enhancements and Fixes in PHP 5.2.10:
* Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg
files). (Pierre)
Key enhancements in PHP 5.2.10 include:
* Added "ignore_errors" option to http fopen wrapper. (David Zulke, Sara)
* Fixed memory corruptions while reading properties of zip files. (Ilia)
* Fixed memory leak in ob_get_clean/ob_get_flush. (Christian)
* Fixed segfault on invalid session.save_path. (Hannes)
* Fixed leaks in imap when a mail_criteria is used. (Pierre)
* Changed default value of array_unique()'s optional sorting type parameter
back to SORT_STRING to fix backwards compatibility breakage introduced in PHP
5.2.9. (Moriyoshi)
* Fixed bug #47940 (memory leaks in imap_body). (Pierre, Jake Levitt)
* Fixed bug #47903 ("@" operator does not work with string offsets).
(Felipe)
* Fixed bug #47644 (Valid integers are truncated with json_decode()).
(Scott)
* Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong
result). (Ilia)
* Fixed bug #47365 (ip2long() may allow some invalid values on certain
64bit systems).
* Over 100 bug fixes.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Patch by Gustavo Zacarias <gustavo@zacarias.com.ar>
Closes#5, #77, #141 and #143.
* Migrate php package to Makefile.autotools.in
* Make PCRE regex an option (previously forced on)
* Add calendar option from bug #77
* Add external sqlite3 option from bug #141
New option BR2_PACKAGE_PHP_PDO_SQLITE_EXTERNAL
* Add alternate php.ini configuration option from bug #5
Named BR2_PACKAGE_PHP_CONFIG and defaults to shipped config.
In most scenarios the shipped config isn't good enough, it has
a high memory limit for embedded for example.
* Changed some options from depends to select
Namely openssl, libxml2, zlib, gettext, gmp.
* Disabled some 'y' defaults to make things lighter by default
Namely libxml2, sqlite, pdo and pdo_sqlite.
* Made some of the extensions help text more verbose
- php comes with it's own embedded sqlite, so no need to select sqlite
- disable largefile support for !BR2_LARGEFILE
- php somehow forgets to link with -ldl, breaking the sqlite extension.
Fix it by disabling the (unused?) modload support in sqlite.
php.net only offers downloads though a strange php script with the file name
embedded in the *MIDDLE* of the URL, which isn't compatible with the DOWNLOAD
macro. Fix it by reverting php.mk hunk of r24689 to go back to $(WGET).
This ofcourse means that the primary site / fallback mirror stuff isn't used.
Till: buildroot@uclibc.org
Ämne: [Buildroot] [patch] php fixes and updates
Datum: Tue, 14 Aug 2007 16:39:03 -0400 (22.39 CEST)
Changes:
- fastcgi config option
- force php to find the php.ini in /etc (it seems to default
to /lib for some reason)
- build with posix support, a lot of php scripts require
this apparently
- strip the php binary when installing to TARGET_DIR
- actually 'uninstall' php on a php-clean
-Brad