pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/php-suhosin Update php-suhosin to 0.9.37.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/f1d013ccae78
branches: trunk
changeset: 648460:f1d013ccae78
user: taca <taca%pkgsrc.org@localhost>
date: Sun Mar 15 00:35:14 2015 +0000
description:
Update php-suhosin to 0.9.37.1
* support for PHP 5.3 was dropped.
2014-12-12 - 0.9.37.1
- Changed version string to 0.9.37.1 (without -dev)
- Relaxed array index blacklist (removed '-') due to wordpress incompatibility
2014-12-03 - 0.9.37
- Added SQL injection protection for Mysqli and several test cases
- Added wildcard matching for SQL username
- Added check for SQL username to only contain valid characters (>= ASCII 32)
- Test cases for user_prefix and user_postfix
- Added experimental PDO support
- SQL checks other than mysql (Mysqli + old-style) must be enabled with
configure --enable-suhosin-experimental, e.g. MSSQL.
- disallow_ws now matches all single-byte whitespace characters
- remove_binary and disallow_binary now optionally allow UTF-8.
- Introduced suhosin.upload.allow_utf8 (experimental)
- Reimplemented suhosin_get_raw_cookies()
- Fixed potential segfault for disable_display_errors=fail (only on ARM)
- Fixed potential NULL-pointer dereference with func.blacklist and logging
- Logging timestamps are localtime instead of gmt now (thanks to mkrokos)
- Added new array index filter (character whitelist/blacklist)
- Set default array index blacklist to '"+-<>;()
- Added option to suppress date/time for suhosin file logging (suhosin.log.file.time=0)
- Added simple script to create binary Debian package
- Fixed additional recursion problems with session handler
- Suhosin now depends on php_session.h instead of version-specific struct code
2014-06-10 - 0.9.36
- Added better handling of non existing/non executable shell scripts
- Added protection against XSS/SQL/Other Injections through User-Agent HTTP header
- Fix variable logging statistics outputting on every include - ticket: #37
- Added more entropy from /dev/urandom to internal random seeding (64 bit => 256 bit)
- Added non initialized stack variables to random seeding
- Added php_win32_get_random_bytes for windows compatibility in random seeding
- Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT)
- Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT)
- Changed that calls to srand() / mt_srand() will trigger auto reseeding (idea DavisNT)
- Fixed problems with SessionHandler() class and endless recursions
- Added LICENSE file to make distributions happy
2014-02-24 - 0.9.35
- From now only PHP >= 5.4 is officially supported
- Fix problems with the hard memory_limit on 64 bit systems
- Fix problems with user space session handler due to change in PHP 5.4.0
- Add changes in PHP 5.5 session handlers structures for PHP 5.5 compability
- Fix std post handler for PHP >= 5.3.11
- Fix suhosin logo in phpinfo() for PHP 5.5
- Change fileupload handling for PHP >= 5.4.0 to use an up to date RFC1867 replacement code
- Adapted suhosin to PHP 5.5 executor
- Added some test cases for various things
- Added suhosin.log.stdout to log to stdout (for debugging purposes only)
- Add ini_set() fail mode to suhosin.disable.display_errors
- Fix suhosin.get/post/cookie.max_totalname_length filter
- Refactor array index handling in filter to make it work always
- Added support for PHP 5.6.0alpha2
- WARNING: FUNCTION WHITELISTS/BLACKLISTS NEVER WORKED CORRECTLY WITH PHP < 5.5
2012-02-12 - 0.9.34
- Added initial support for PHP 5.4.0
- Fix include whitelist and blacklist to support shemes with dots in their names
- Fix read after efree() that lets function_exists() malfunction
- Fix build with clang compiler
- Added a request variable drop statistic log message
diffstat:
security/php-suhosin/Makefile | 19 ++++++-------------
security/php-suhosin/distinfo | 8 ++++----
2 files changed, 10 insertions(+), 17 deletions(-)
diffs (50 lines):
diff -r 021f0060623a -r f1d013ccae78 security/php-suhosin/Makefile
--- a/security/php-suhosin/Makefile Sun Mar 15 00:30:20 2015 +0000
+++ b/security/php-suhosin/Makefile Sun Mar 15 00:35:14 2015 +0000
@@ -1,27 +1,20 @@
-# $NetBSD: Makefile,v 1.10 2013/12/08 22:34:33 joerg Exp $
+# $NetBSD: Makefile,v 1.11 2015/03/15 00:35:14 taca Exp $
#
MODNAME= suhosin
DISTNAME= suhosin-${PECL_VERSION}
-PECL_VERSION= 0.9.33
+PECL_VERSION= 0.9.37.1
PECL_LEGACY_VERSION_SCHEME= yes
CATEGORIES= www
-MASTER_SITES= http://download.suhosin.org/
+MASTER_SITES= https://download.suhosin.org/
+# Do not remove EXTRACT_SUFX.
+EXTRACT_SUFX= .tar.gz
MAINTAINER= cg%cgall.de@localhost
-HOMEPAGE= http://www.hardened-php.net/suhosin/index.html
+HOMEPAGE= http://www.suhosin.org/
COMMENT= Advanced protection system for PHP installations
-# There is no patch for PHP 5.4 yet(?).
-PHP_VERSIONS_ACCEPTED= 53
-
CONFIGURE_ARGS= --enable-${MODNAME}
.include "../../lang/php/ext.mk"
-
-.include "../../mk/compiler.mk"
-.if !empty(PKGSRC_COMPILER:Mclang) && ${_PHP_VERSION} == "53"
-CFLAGS+= -Wno-error=return-type
-.endif
-
.include "../../mk/bsd.pkg.mk"
diff -r 021f0060623a -r f1d013ccae78 security/php-suhosin/distinfo
--- a/security/php-suhosin/distinfo Sun Mar 15 00:30:20 2015 +0000
+++ b/security/php-suhosin/distinfo Sun Mar 15 00:35:14 2015 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.4 2012/01/20 03:23:34 taca Exp $
+$NetBSD: distinfo,v 1.5 2015/03/15 00:35:14 taca Exp $
-SHA1 (php-suhosin/suhosin-0.9.33.tgz) = abb30c22e7fe341955b42ec71ed597c43439e2b8
-RMD160 (php-suhosin/suhosin-0.9.33.tgz) = 9c60b695b226ddcbe5562b1576228780123eb372
-Size (php-suhosin/suhosin-0.9.33.tgz) = 104488 bytes
+SHA1 (php-suhosin/suhosin-0.9.37.1.tar.gz) = 9de7a89ef7d336501a41f452fd3936ae66f63a6e
+RMD160 (php-suhosin/suhosin-0.9.37.1.tar.gz) = 37cd9bd86a65c9081260a9d809b646384290cebb
+Size (php-suhosin/suhosin-0.9.37.1.tar.gz) = 134207 bytes
Home |
Main Index |
Thread Index |
Old Index