Stack overflow, only affects a very specific and unusual non-default
configuration: transparent cookie encryption enabled, HTTP response
splitting protection disabled, *and* a PHP application must allow
unfiltered user input to header() in order to be affected.
Good write-up at http://seclists.org/fulldisclosure/2012/Jan/295
ok robert@
there are no core and extensions packages anymore, everything is built by
the main ports itself and the package names have changed to php-${V} or
php-mysql-${V} for modules.
The new ports allows you to install all of the php versions just like python
so you can actually run different webservers with different versions of php
because you can't load two modules to one. You can only do that with fastcgi.
The port tries to share all the files that can be shared and the different
extensions are located in the local version's Makefile instead of Makefile.inc.
The other change is that *all* of the configuration has moved to /etc out
of /var/www because that was a realy stupid concept, since apache if you
use it chrooted, will load all of the extensions before doing the actual
chroot.
This port is not linked to the build yet because several issues have to
be resolved first, like providing a way to update from php5-* packages,
and probably other things that do not come into my mind right now,
because the Bullfrog is making me crazy.
