Subject: CVS commit: pkgsrc/security/php-suhosin
From: Takahiro Kambe
Date: 2015-03-15 01:35:14
Message id: 20150315003514.9379298@cvs.netbsd.org

Log Message:
Update php-suhosin to 0.9.37.1

* support for PHP 5.3 was dropped.

2014-12-12 - 0.9.37.1
    - Changed version string to 0.9.37.1 (without -dev)
    - Relaxed array index blacklist (removed '-') due to wordpress incompatibility

2014-12-03 - 0.9.37

    - Added SQL injection protection for Mysqli and several test cases
    - Added wildcard matching for SQL username
    - Added check for SQL username to only contain valid characters (>= ASCII 32)
    - Test cases for user_prefix and user_postfix
    - Added experimental PDO support
    - SQL checks other than mysql (Mysqli + old-style) must be enabled with
      configure --enable-suhosin-experimental, e.g. MSSQL.
    - disallow_ws now matches all single-byte whitespace characters
    - remove_binary and disallow_binary now optionally allow UTF-8.
    - Introduced suhosin.upload.allow_utf8 (experimental)
    - Reimplemented suhosin_get_raw_cookies()
    - Fixed potential segfault for disable_display_errors=fail (only on ARM)
    - Fixed potential NULL-pointer dereference with func.blacklist and logging
    - Logging timestamps are localtime instead of gmt now (thanks to mkrokos)
    - Added new array index filter (character whitelist/blacklist)
    - Set default array index blacklist to '"+-<>;()
    - Added option to suppress date/time for suhosin file logging \ 
(suhosin.log.file.time=0)
    - Added simple script to create binary Debian package
    - Fixed additional recursion problems with session handler
    - Suhosin now depends on php_session.h instead of version-specific struct code

2014-06-10 - 0.9.36

    - Added better handling of non existing/non executable shell scripts
    - Added protection against XSS/SQL/Other Injections through User-Agent HTTP \ 
header
    - Fix variable logging statistics outputting on every include - ticket: #37
    - Added more entropy from /dev/urandom to internal random seeding (64 bit \ 
=> 256 bit)
    - Added non initialized stack variables to random seeding
    - Added php_win32_get_random_bytes for windows compatibility in random seeding
    - Added suhosin.rand.seedingkey for INI supplied additional entropy string \ 
(idea DavisNT)
    - Added suhosin.rand.reseed_every_request to allow reseeding on every \ 
request (idea DavisNT)
    - Changed that calls to srand() / mt_srand() will trigger auto reseeding \ 
(idea DavisNT)
    - Fixed problems with SessionHandler() class and endless recursions
    - Added LICENSE file to make distributions happy

2014-02-24 - 0.9.35

    - From now only PHP >= 5.4 is officially supported
    - Fix problems with the hard memory_limit on 64 bit systems
    - Fix problems with user space session handler due to change in PHP 5.4.0
    - Add changes in PHP 5.5 session handlers structures for PHP 5.5 compability
    - Fix std post handler for PHP >= 5.3.11
    - Fix suhosin logo in phpinfo() for PHP 5.5
    - Change fileupload handling for PHP >= 5.4.0 to use an up to date \ 
RFC1867 replacement code
    - Adapted suhosin to PHP 5.5 executor
    - Added some test cases for various things
    - Added suhosin.log.stdout to log to stdout (for debugging purposes only)
    - Add ini_set() fail mode to suhosin.disable.display_errors
    - Fix suhosin.get/post/cookie.max_totalname_length filter
    - Refactor array index handling in filter to make it work always
    - Added support for PHP 5.6.0alpha2
    - WARNING: FUNCTION WHITELISTS/BLACKLISTS NEVER WORKED CORRECTLY WITH PHP \ 
< 5.5

2012-02-12 - 0.9.34

    - Added initial support for PHP 5.4.0
    - Fix include whitelist and blacklist to support shemes with dots in their names
    - Fix read after efree() that lets function_exists() malfunction
    - Fix build with clang compiler
    - Added a request variable drop statistic log message

Files:
RevisionActionfile
1.11modifypkgsrc/security/php-suhosin/Makefile
1.5modifypkgsrc/security/php-suhosin/distinfo