fix for CVE-2011-4885 included in PHP 5.3.9
Note that the Suhosin extension (which is enabled by default in our packages)
mitigates against this problem
ok robert@ ajacoutot@
This solves some nasty 5.0 -> current update problems.
Up to 5.0, lots of php-using packages were depending on php-mysql-5.2.
So the dependencies would update to php-mysql-5.2 from current.
BUT the php-using packages are now depending on 5.3 -> internal conflict !
With this change, things work again. After the update, you end up with
php-mysql-5.2 AND php-mysql-5.3, you can then try pkg_delete -a to weed
out "unneeded" php*-5.2
okay sthen@, ajacoutot@
Stack overflow, only affects a very specific and unusual non-default
configuration: transparent cookie encryption enabled, HTTP response
splitting protection disabled, *and* a PHP application must allow
unfiltered user input to header() in order to be affected.
Good write-up at http://seclists.org/fulldisclosure/2012/Jan/295
ok robert@
- uncomment a couple of lines in the default php-fpm.conf so you
don't have to make any changes before it will start up
- add missing crypt_blowfish.h header to PLIST-main
ok robert@
there are no core and extensions packages anymore, everything is built by
the main ports itself and the package names have changed to php-${V} or
php-mysql-${V} for modules.
The new ports allows you to install all of the php versions just like python
so you can actually run different webservers with different versions of php
because you can't load two modules to one. You can only do that with fastcgi.
The port tries to share all the files that can be shared and the different
extensions are located in the local version's Makefile instead of Makefile.inc.
The other change is that *all* of the configuration has moved to /etc out
of /var/www because that was a realy stupid concept, since apache if you
use it chrooted, will load all of the extensions before doing the actual
chroot.
This port is not linked to the build yet because several issues have to
be resolved first, like providing a way to update from php5-* packages,
and probably other things that do not come into my mind right now,
because the Bullfrog is making me crazy.
