• http://us2.php.net/distributions/ (Download)
• http://se.php.net/distributions/ (Download)
• http://no.php.net/distributions/ (Download)
• http://uk.php.net/distributions/ (Download)
• http://ftp.openbsd.org/pub/OpenBSD/distfiles// (Download)
• ftp://ftp.usa.openbsd.org/pub/OpenBSD/distfiles// (Download)

• no_suhosin

• (2011-05-09) Updated to version: php5-core-5.2.17
• (2010-03-21) Updated to version: php5-core-5.2.13
• (2009-12-22) Updated to version: php5-core-5.2.12
• (2009-09-22) Updated to version: php5-core-5.2.11
• (2009-09-09) Updated to version: php5-core-5.2.10p3
• (2009-08-18) Updated to version: php5-core-5.2.10p2
• (2009-07-21) Updated to version: php5-core-5.2.10p1
• (2009-07-21) Updated to version: php5-core-5.2.10p0
• (2009-06-22) Updated to version: php5-core-5.2.10
• (2009-03-06) Updated to version: php5-core-5.2.9

Log message:
bye bye

Log message:
Use PATCHORIG, regen patches and rename the files which didn't match the
normal update-patches filenames. This avoids update-patches picking up the
.orig files in PHP distfiles and make it easier to keep in-sync. ok robert@

Log message:
don't pick up an installed gsed; problem noticed by landry@, ok robert@

Log message:
- fix the autoconf bits for openssl's pkg-config files as well as a fix
for one of the autoconf tests which assumes libssl is linked with libcrypto.
from brad
ok robert@ (MAINTAINER)

Log message:
Add femail,-chroot as a RUN_DEPENDS for php*-core. It is super small and
is nice to have around from the start.
Idea from sthen@
ok robert@ (maintainer)

Log message:
Update to 5.2.16

Log message:
new depends

Log message:
every WANTLIB that's linked to the build should be okay

Log message:
USE_GROFF=Yes

Log message:
bump apache modules, since mod_headers in base httpd was updated.
OK, landry@

Log message:
Update to 5.2.14

Log message:
SECURITY: limited fixes cherry picked from 5.2.14.  If upstream had
mentioned the release on their announcements list maybe we would have
had time to get the full update in but, as it is, we just found out
about it and there are too many changes to test properly at short
notice, so we are just fixing these for now.
CVE-2010-2225: fix SplObjectStorage unserialization, upstream r300843
CVE-2010-0397: null pointer dereference when processing invalid XML-RPC
requests, upstream r296152
ok espie@

Log message:
SECURITY UPDATE to 5.2.13
ok robert@

Log message:
MFC:
SECURITY FIX
php5-5.2.13
ok robert@

Log message:
update to version 5.2.13

Log message:
Add a comment about why we don't use libtool from ports.
"yeah... sure... ok" robert@

Log message:
bump PKGNAMEs, the httpd abi changed, resulting in segfaults after
updating httpd until newly-built packages are installed.
ok espie@

Log message:
Install the tmp dir in the chroot with stricter permissions and change
owner to the www users.
ok ajacoutot@

Log message:
MFC:
SECURITY FIX
php5-5.2.12
ok robert@

Log message:
Update to php-5.2.12

Log message:
MFC:
Update to php 5.2.11;
Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
* Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
* Added missing sanity checks around exif processing. (Ilia)
* Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
and
update Suhosin extension to 0.9.29; fixes segfaults with session encryption.
ok robert@

Log message:
Create /var/www/tmp/ directory on install.
ok robert@ (maintainer)

Log message:
MFC:
Update to php 5.2.11;
Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
* Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
* Added missing sanity checks around exif processing. (Ilia)
* Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
ok robert@

Log message:
fix packaging

Log message:
Update to php 5.2.11;
Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
* Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
* Added missing sanity checks around exif processing. (Ilia)
* Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)

Log message:
Zap trailing blank space.

Log message:
MFC:
update Suhosin extension to 0.9.29; fixes segfaults with session encryption.
revert workaround (change default back to encrypted sessions).
ok sthen@ robert@

Log message:
update Suhosin extension to 0.9.29; fixes segfaults with session encryption.
revert workaround (change default back to encrypted sessions).
ok robert@, similar diff jolan@

Log message:
enable zend multibyte support, ok robert@

Log message:
MFC:
Make suhosin.session.encrypt=off by default because there are some problems
with php 5.2.10 and the suhosin patch. noted by william@ and people on ports@
It's going to be re-enabled when it gets fixed upstream.
and
patch-ext_suhosin_suhosin_c has to go the the shared patch
dir.
ok robert@

Log message:
patch-ext_suhosin_suhosin_c has to go the the shared patch
dir.

Log message:
enable sysvmsg support, ok robert@

Log message:
Make suhosin.session.encrypt=off by default because there are some problems
with php 5.2.10 and the suhosin patch. noted by william@ and people on ports@
It's going to be re-enabled when it gets fixed upstream.

Log message:
MFC:
SECURITY FIX
php5-5.2.10
Resolves:
- bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files)
- in imagerotate(), background colour isn't validated correctly with a
non-truecolour image (CVE-2008-5498)
- crash on extract in zip when files or directories entry names contain a
relative path
- explode() behavior with empty string to respect negative limit
- segfault when malformed string is passed to json_decode()
- bug in xml_error_string() which resulted in messages being off by one
ok robert@

Log message:
update to php-5.2.10:
This is a SECURITY FIX that fixes:
Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files.
Update the suhosin patch to the current one while here.

Log message:
bump following api change in base httpd

Log message:
don't zap /var/www/conf/php5.sample ini file fragments when you
upgrade php5-core. problem noticed by Alexander Hall, ok robert@

Log message:
Add an environment variable called PHP_INI_PATH so people can set a path
to their php.ini file in a SAPI independent way. This way can easily run
more instances of httpd with different php configs.
Idea after a discussion with "L. V. Lammert" <lvl@omnitec.net>

Log message:

Log message:
PHP 5.2.8 broke strtotime (making it leak memory badly, very obvious to
cacti users): add a patch from the upstream repository to fix this.
Thanks Steven Surdock for reporting the problem and testing this diff
(and similar patches sent by William Yodlowsky). While there, remove
a zero-byte patch that crept in before.  ok robert@

Log message:
update to php-5.2.8 and fix the no_suhosin flavor

Log message:
- s/LOCALBASE/PREFIX/
"of course" robert@

Log message:
update to php-5.2.6; from Brad Walker <me@bradmwalker.com>

Log message:
change @unexec to @extraunexec for the /var/www/conf/php5 directory
where users are supposed to create symlinks to config file fragments
in ../php5.sample, otherwise the symlinks are destroyed when someone
updates php5/core.
ok brad, seems ok to landry.

Log message:
activate index.php as directory index, since most php apps want that.
okay robert@

Log message:
tweak FAKE_FLAGS semantics to saner defaults.

Log message:
Integrate a patch from php's CVS repo to fix a crashing issue due
to an uninitialized variable.
from Brad

Log message:
- default config file contains ${LOCALBASE} variable that doesn't resolve
to any value
- fix a typo in MESSAGE-main file -- wrong name of default config
file.
- bump pkgname
ok robert@

Log message:
- update to php-5.2.5
- include the suhosin extension and suhosin patch by default unless
the no_suhosin flavor is defined
- add all the suhosin configuration options to the sample config
files

Log message:
Kill the phpxs script that was used for enabling and disabling
the php core module and extenions.
Install a sample configuration file to /var/www/conf/modules.sample
which can be symlinked or copied over to /var/www/conf/modules
so apache is going to pick it up.
Allow php to scan /var/www/conf/php5 for php configuration
files so if the user installs or creates a symlink from the
sample configuration files from the php5.sample directory,
it is going to be picked up by php5.
Create a dummy pwd.db file in the php5-imap package in the apache
chroot because it is needed by c-client.
feedback and tests by sthen@

Log message:
provide correct include paths by fixing a typo in patch-scripts_php_config_in;
bump PKGNAME; noticed by sturm@

Log message:
Remove surrounding quotes from
COMMENT-*/ERRORS/NO_REGRESS/PERMIT_*/REGRESS_IS_INTERACTIVE
Change '.include "bsd.port.mk"' to '.include <bsd.port.mk>' while here
(ok naddy@)

Log message:
update to version 5.2.4 and remove some obsolete CONFIGURE_ARGS;

Log message:
bump PKGNAME after PLIST change

Log message:
fix the packaging of the no_suhosin flavor

Log message:
update to version 5.2.3;
fixes many vulnerabilities just as usual. for more information
read http://www.php.net/releases/5_2_3.php
add a no_suhosin pseudo-flavor because horde has some problems
with the suhosin security patchset

Log message:
assorted security patches, from debian

Log message:
assorted security patches, from debian

Log message:
update to version 5.2.2;
fixes many vulnerabilities http://www.php.net/ChangeLog-5.php#5.2.2
from Lawrence Teo <lteo.openbsd1@calyptix.com>;

Log message:
point to the correct fastcgi website;
from Pierre Riteau <pierre.riteau@free.fr>

Log message:
compile zend_alloc.c with -O0 to prevent a compiler bug on sparc64
and regen patches while here; bump PKGNAMEs

Log message:
- add a fastcgi subpackage to core because now we are able to build
more than one php binaries within one workdir (idea from FreeBSD)
- move pdo_sqlite support from core to extensions and also add a pdo_mysql
and a pdo_sqlite subpackage
- regen patches while here
- bump PKGNAMEs

Log message:
- update to php 5.2.1 and suhosin 0.9.2.6
- remove the pear subpackage as it is now replaced with www/pear
- the filepro extension is no longer available
tested by a couple of people

Log message:
and relevant packing-lists

Log message:
new MULTI_PACKAGES.
give pear to daemon, explicitly

Log message:
update to version 5.1.6 and replace the hardened patchset with
the suhosin patchset;
kill the hardened flavor because we are going to use suhosin
patchet by default;

Log message:
new lib specs

Log message:
Make it work after recent iodbc changes

Log message:
- php-5.1.4 tarball has been rerolled, so update distinfo.
- add pear's distfile to SUPDISTFILES .
- bump relevent PKGNAMEs.
prompted by and ok robert@

Log message:
add OpenBSD tag

Log message:
Update to version 5.1.4;
Add a hardened flavor for both core and extensions (inspired by niallo@);
Use our own way to install pear because the bundled installer is totally
broken and upstream refuses to fix it.
Add a mysqli subpackage which can be used to access the functionality
provided by MySQL 4.1 and above.
Other minor changes and fixes are also included.
ok sturm@; tested by many

Log message:
move any perl or sed substitutions from post-patch to pre-configure
(fixes make update-patches)
ok sturm@; "looks reasonable" steven@

Log message:
Update to php-5.1.1;
for more information please check
http://www.php.net/ChangeLog-5.php#5.1.1
and
http://www.php.net/ChangeLog-5.php#5.1.0
The port now uses a CVS snapshot of PEAR;

Log message:
upgrade to php-5.0.5;

Log message:
MFC:
SECURITY: fix a heap overflow in internal pcre; bump PKGNAME
http://www.vuxml.org/openbsd/b552a55a-136d-11da-a0d4-00065bd5b0b6.html
ok brad@

Log message:
SECURITY: fix a heap overflow in internal pcre; bump PKGNAME
http://www.vuxml.org/openbsd/b552a55a-136d-11da-a0d4-00065bd5b0b6.html
ok pvalchev@

Log message:
SECURITY: update to 5.0.4
fixes multiple vulnerabilities
http://www.vuxml.org/openbsd/7612fe54-b00c-11d9-9c1d-00065bd5b0b6.html
ok brad@

Log message:
update to 5.0.4;

Log message:
- fix WANTLIB markers and dependencies (from alek@ and wilfried@)
- delete some whitespaces (from wilfried@)
- don't leave mess in ldconfig search path
(reported by Moritz Grimm <mlist@scapa.dnsalias.net>)
- bump PKGNAMEs
tested by many; ok pval@

Log message:
explicitly mark that php4-pear and php5-pear conflict.
core prevents from installing them both, but this confuses the hell
out of find-all-conflicts.

Log message:
SECURITY:
update to 5.0.3;
add libstdc++ to WANTLIB;
use {.CURDIR} for PATCH_LIST and CHECKSUM_FILE from jolan@

Log message:
Add WANTLIB markers

Log message:
Let's use ${PREFIX}/share/examples/php5/ for the example configuration
files.

Log message:
switch to MESSAGE and UNMESSAGE; fix the redefinition of socklen_t;
bump PKGNAME

Log message:
Put correct paths into php-config and phpize scripts.
ok robert@