closes a security issue in multipart form handling (buffer overflow)
temporarily disable the freetds flavour, since the m4 patch cannot
seem to be regenerated
- add in similar fopen disable patch for php.ini-optimized
- bump version to php-4.0.6p1 to reflect all the backports
and bugfixes in the last two commits
(checked by heko, naddy)
- work with any LOCALBASE for most flavors (heko)
- turn off url_fopen by default for better security, most people
never use it
- correctly detect the crypt function as part of libc,
not a separate library
- unbreak curl, since 7.9 is now present in our tree
- more informative INSTALL script (naddy, heko)
- update MASTER_SITES to account for some wierdness on php.net
- all the old patches have been merged into the source tree now
- add a minor patch to improve the randomness of php temporary files
Upgrade is recommended. Contains a vast array of bugfixes over
previous PHP4 releases (read the NEWS file)
with OpenSSL 0.9.5a, instead of requiring only OpenSSL 0.9.6
These patches detect the revelant version and use the additional return
values in 0.9.6 only if present.
This also unbreaks the SNMP flavor on 2.8-stable, which requires SSL
support, since our UCD-SNMP daemon has OpenSSL compiled into it
(wierd, but thats how the PHP snmp-config.m4 works)
- Add OpenSSL patches
- Add note crypt.c patch that its now in 4.0.5-dev and can be removed soon
- Add --with-openssl to the standard set of configure options
encryption algorithms.
The patches are a backport from PHP-CVS to the mcrypt m4 script, which
didn't pick up the right version of libmcrypt. I've included the
m4 patch also, since the outputted configure script patch will make no
sense to anyone who looks at it in the future.
- bump NEED_VERSION
- no longer need extra distfile number4.tar.gz since it has
been integrated into the main distribution
- ltconfig, mysql socket patches are in main distribution now,
so they are removed. Note that the ltconfig patch was only
applied to the 4_0_4 branch by the PHP team, so we will have
to resubmit it for the next version, unless libtool-cvs has
been updated with our information.
- Since php3/4 conflict with each other anyway, versioning is
not needed.
ok jakob@
