The NetBSD Project

CVS log for pkgsrc/security/php-suhosin/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / security / php-suhosin

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.16: download - view: text, markup, annotated - select for diffs
Sat Feb 8 03:51:49 2025 UTC (2 months, 2 weeks ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2025Q1-base, pkgsrc-2025Q1, HEAD
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +2 -1 lines
multiple PHP support

* Use PHP_BASE_VERS in DEPENDS if required.
* Use REPLACE_PHP.

Bump PKGREVISION.

Revision 1.15: download - view: text, markup, annotated - select for diffs
Sun Jan 26 17:32:06 2020 UTC (5 years, 3 months ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2024Q4-base, pkgsrc-2024Q4, pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +2 -2 lines
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.

Revision 1.14: download - view: text, markup, annotated - select for diffs
Sun Sep 11 17:03:27 2016 UTC (8 years, 7 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +2 -2 lines
Drop "55" (php55) from PHP_VERSIONS_ACCEPTED.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Sat Dec 19 14:27:14 2015 UTC (9 years, 4 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +3 -1 lines
Restrict PHP_VERSIONS_ACCEPTED to 55 and 56.

Revision 1.12: download - view: text, markup, annotated - select for diffs
Sun Aug 30 14:54:49 2015 UTC (9 years, 8 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +3 -2 lines
Update php-suhosin to 0.9.38.

2015-05-21 - 0.9.38
    - removed code compatibility for PHP <5.4 (lots of code + ifdefs)
    - allow https location for suhosin.filter.action
    - fixed newline detection for suhosin.mail.protect
    - Added suhosin.upload.max_newlines to protect againt DOS attack via many
      MIME headers in RFC1867 uploads (CVE-2015-4024)
    - mail related test cases now work on linux

Revision 1.11: download - view: text, markup, annotated - select for diffs
Sun Mar 15 00:35:14 2015 UTC (10 years, 1 month ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +6 -13 lines
Update php-suhosin to 0.9.37.1

* support for PHP 5.3 was dropped.

2014-12-12 - 0.9.37.1
    - Changed version string to 0.9.37.1 (without -dev)
    - Relaxed array index blacklist (removed '-') due to wordpress incompatibility

2014-12-03 - 0.9.37

    - Added SQL injection protection for Mysqli and several test cases
    - Added wildcard matching for SQL username
    - Added check for SQL username to only contain valid characters (>= ASCII 32)
    - Test cases for user_prefix and user_postfix
    - Added experimental PDO support
    - SQL checks other than mysql (Mysqli + old-style) must be enabled with
      configure --enable-suhosin-experimental, e.g. MSSQL.
    - disallow_ws now matches all single-byte whitespace characters
    - remove_binary and disallow_binary now optionally allow UTF-8.
    - Introduced suhosin.upload.allow_utf8 (experimental)
    - Reimplemented suhosin_get_raw_cookies()
    - Fixed potential segfault for disable_display_errors=fail (only on ARM)
    - Fixed potential NULL-pointer dereference with func.blacklist and logging
    - Logging timestamps are localtime instead of gmt now (thanks to mkrokos)
    - Added new array index filter (character whitelist/blacklist)
    - Set default array index blacklist to '"+-<>;()
    - Added option to suppress date/time for suhosin file logging (suhosin.log.file.time=0)
    - Added simple script to create binary Debian package
    - Fixed additional recursion problems with session handler
    - Suhosin now depends on php_session.h instead of version-specific struct code

2014-06-10 - 0.9.36

    - Added better handling of non existing/non executable shell scripts
    - Added protection against XSS/SQL/Other Injections through User-Agent HTTP header
    - Fix variable logging statistics outputting on every include - ticket: #37
    - Added more entropy from /dev/urandom to internal random seeding (64 bit => 256 bit)
    - Added non initialized stack variables to random seeding
    - Added php_win32_get_random_bytes for windows compatibility in random seeding
    - Added suhosin.rand.seedingkey for INI supplied additional entropy string (idea DavisNT)
    - Added suhosin.rand.reseed_every_request to allow reseeding on every request (idea DavisNT)
    - Changed that calls to srand() / mt_srand() will trigger auto reseeding (idea DavisNT)
    - Fixed problems with SessionHandler() class and endless recursions
    - Added LICENSE file to make distributions happy

2014-02-24 - 0.9.35

    - From now only PHP >= 5.4 is officially supported
    - Fix problems with the hard memory_limit on 64 bit systems
    - Fix problems with user space session handler due to change in PHP 5.4.0
    - Add changes in PHP 5.5 session handlers structures for PHP 5.5 compability
    - Fix std post handler for PHP >= 5.3.11
    - Fix suhosin logo in phpinfo() for PHP 5.5
    - Change fileupload handling for PHP >= 5.4.0 to use an up to date RFC1867 replacement code
    - Adapted suhosin to PHP 5.5 executor
    - Added some test cases for various things
    - Added suhosin.log.stdout to log to stdout (for debugging purposes only)
    - Add ini_set() fail mode to suhosin.disable.display_errors
    - Fix suhosin.get/post/cookie.max_totalname_length filter
    - Refactor array index handling in filter to make it work always
    - Added support for PHP 5.6.0alpha2
    - WARNING: FUNCTION WHITELISTS/BLACKLISTS NEVER WORKED CORRECTLY WITH PHP < 5.5

2012-02-12 - 0.9.34

    - Added initial support for PHP 5.4.0
    - Fix include whitelist and blacklist to support shemes with dots in their names
    - Fix read after efree() that lets function_exists() malfunction
    - Fix build with clang compiler
    - Added a request variable drop statistic log message

Revision 1.10: download - view: text, markup, annotated - select for diffs
Sun Dec 8 22:34:33 2013 UTC (11 years, 4 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +7 -1 lines
Ignore missing return value when building against PHP 5.3.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Mon Apr 8 11:17:21 2013 UTC (12 years ago) by rodent
Branches: MAIN
CVS tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -2 lines
Remove "Trailing empty lines." and/or "Trailing white-space."

Revision 1.8: download - view: text, markup, annotated - select for diffs
Tue Oct 23 18:16:50 2012 UTC (12 years, 6 months ago) by asau
Branches: MAIN
CVS tags: pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +1 -3 lines
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Sat Jun 16 22:34:23 2012 UTC (12 years, 10 months ago) by dholland
Branches: MAIN
CVS tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -2 lines
Remove 52 from PHP_VERSIONS_ACCEPTED.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Sat Jun 16 02:59:48 2012 UTC (12 years, 10 months ago) by taca
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +4 -1 lines
Restrict to PHP 5.2.x and 5.3.x since there is no PHP 5.4.x officialy yet.

Revision 1.4.2.1: download - view: text, markup, annotated - select for diffs
Sat Jan 21 09:02:46 2012 UTC (13 years, 3 months ago) by sbd
Branches: pkgsrc-2011Q4
Diff to: previous 1.4: preferred, colored; next MAIN 1.5: preferred, colored
Changes since revision 1.4: +2 -3 lines
Pullup ticket #3658 - requested by taca
security/php-suhosin security fix

Revisions pulled up:
- security/php-suhosin/Makefile                                 1.5
- security/php-suhosin/distinfo                                 1.4

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan 20 03:23:34 UTC 2012

   Modified Files:
   	pkgsrc/security/php-suhosin: Makefile distinfo

   Log Message:
   Update php-suhosin package to 0.9.33 to fix security problem.

                            SektionEins GmbH
                           www.sektioneins.de

                        -= Security  Advisory =-

        Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
   Buffer Overflow
    Release Date: 2012/01/19
   Last Modified: 2012/01/19
          Author: Stefan Esser [stefan.esser[at]sektioneins.de]

     Application: Suhosin Extension <= 0.9.32.1
        Severity: A possible stack buffer overflow in Suhosin extension's
                  transparent cookie encryption that can only be triggered
                  in an uncommon and weakened Suhosin configuration can lead
                  to arbitrary remote code execution, if the FORTIFY_SOURCE
                  compile option was not used when Suhosin was compiled.
            Risk: Medium
   Vendor Status: Suhosin Extension 0.9.33 was released which fixes this
   vulnerability
       Reference: http://www.suhosin.org/
                  https://github.com/stefanesser/suhosin

Revision 1.5: download - view: text, markup, annotated - select for diffs
Fri Jan 20 03:23:34 2012 UTC (13 years, 3 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -3 lines
Update php-suhosin package to 0.9.33 to fix security problem.



                         SektionEins GmbH
                        www.sektioneins.de

                     -= Security  Advisory =-

     Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
Buffer Overflow
 Release Date: 2012/01/19
Last Modified: 2012/01/19
       Author: Stefan Esser [stefan.esser[at]sektioneins.de]

  Application: Suhosin Extension <= 0.9.32.1
     Severity: A possible stack buffer overflow in Suhosin extension's
               transparent cookie encryption that can only be triggered
               in an uncommon and weakened Suhosin configuration can lead
               to arbitrary remote code execution, if the FORTIFY_SOURCE
               compile option was not used when Suhosin was compiled.
         Risk: Medium
Vendor Status: Suhosin Extension 0.9.33 was released which fixes this
vulnerability
    Reference: http://www.suhosin.org/
               https://github.com/stefanesser/suhosin

Revision 1.4: download - view: text, markup, annotated - select for diffs
Sat Dec 17 13:46:28 2011 UTC (13 years, 4 months ago) by obache
Branches: MAIN
CVS tags: pkgsrc-2011Q4-base
Branch point for: pkgsrc-2011Q4
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +2 -1 lines
Change default PKGNAME scheme for PECL packages.
Drop ${PHP_BASE_VARS} from PKGVERSION by default.

It used to be required to support multiple php version.
But after PHP version based ${PHP_PKG_PREFIX} was introduced,
such trick is not required anymore.
In addition to this, such version name schme invokes unwanted version bump
when base php version is bumped, plus, such version scheme is hard to
use for DEPENDS pattern.

To avoid downgrading of package using such legacy version scheme,
PECL_LEGACY_VERSION_SCHEME is introduced.
If it is defined, current version scheme is still used for currently
supported PHP version (5 and 53), but instead of ${PHP_BASE_VARS},
current fixed PHP base version in pkgsrc is used to avoid unwanted version bump
from update of PHP base package.
With newer PHP (54, or so on), new version scheme will be used if
it is defined.
This trick will not be required and should be removed after php5 and php53 will
be gone away from pkgsrc.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Sun Dec 19 02:22:15 2010 UTC (14 years, 4 months ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +3 -3 lines
Update php-suhosin pacakge to 0.9.32.1.


2010-07-23 - 0.9.32.1

    - Fixed missing header file resulting in compile errors

2010-07-23 - 0.9.32

    - Added support for memory_limit > 2GB
    - Fixed missing header file resulting in wrong php_combined_lcg()
      prototype being used
    - Improved random number seed generation more by adding /dev/urandom juice

2010-03-28 - 0.9.31

    - Fix ZTS build of session.c
    - Increased session identifier entropy by using /dev/urandom if available

2010-03-25 - 0.9.30

    - Added line ending characters %0a and %0d to the list of
      dangerous characters handled
      by suhosin.server.encode and suhosin.server.strip
    - Fixed crash bug with PHP 5.3.x and session module (due to
      changed session globals struct)
    - Added ! protection to PHP session serializer
    - Fixed simulation mode now also affects (dis)allowed functions
    - Fixed missing return (1); in random number generator replacements
    - Fixed random number generator replacement error case behaviour
      in PHP 5.3.x
    - Fixed error case handling in function_exists() PHP 5.3.x
    - Merged changes/fixes in import_request_variables()/extract()
      from upstream PHP
    - Fixed suhosin_header_handler to be PHP 5.3.x compatible
    - Merge fixes and new features of PHP's file upload code to suhosin

Revision 1.2: download - view: text, markup, annotated - select for diffs
Thu Mar 4 15:38:53 2010 UTC (15 years, 1 month ago) by taca
Branches: MAIN
CVS tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -2 lines
Update php-suhosin package to 0.9.29.

2009-08-15 - 0.9.29

    - Fixing crash bugs with PHP 5.3.0 caused by unexpected NULL in
      EG(active_symbol_table)
    - Added more compatible way to retrieve ext/session globals
    - Increased default length and count limit for POST variables (for
      people not reading docu)

2009-08-14 - 0.9.28

    - Fixed crash bug with PHP 5.2.10 caused by a change in extension
      load order of ext/session
    - Fixed harmless parameter order error in a bogus memset()
    - Disable suhosin.session.cryptua by default because of Internet
      Explorer 8 "features"
    - Added suhosin.executor.include.allow_writable_files which can be
      disabled to disallow inclusion of files writable by the webserver

Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Tue Feb 17 23:16:14 2009 UTC (16 years, 2 months ago) by adrianp
Branches: TNF
CVS tags: pkgsrc-base, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections. 

Revision 1.1: download - view: text, markup, annotated - select for diffs
Tue Feb 17 23:16:14 2009 UTC (16 years, 2 months ago) by adrianp
Branches: MAIN
Initial revision

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>