commit eafd88fcf4f98dca1bf82fc8e0182f29d7c49d9b Author: Elan Ruusamäe <g...@delfi.ee> Date: Tue Oct 18 23:35:06 2016 +0300
up to 5.6.27 - http://php.net/releases/5_6_27.php php-cgi-fcgi.ini | 46 +++++++++++++++++++++++++++++++++++----------- php-ini.patch | 19 +++++++++++++++---- php.spec | 6 +++--- 3 files changed, 53 insertions(+), 18 deletions(-) --- diff --git a/php.spec b/php.spec index 982af49..c1a7b58 100644 --- a/php.spec +++ b/php.spec @@ -149,7 +149,7 @@ ERROR: You need to select at least one Apache SAPI to build shared modules. %undefine with_filter %endif -%define rel 3 +%define rel 1 %define orgname php %define ver_suffix 56 %define php_suffix %{!?with_default_php:%{ver_suffix}} @@ -160,7 +160,7 @@ Summary(pt_BR.UTF-8): A linguagem de script PHP Summary(ru.UTF-8): PHP Версии 5 - язык препроцессирования HTML-файлов, выполняемый на сервере Summary(uk.UTF-8): PHP Версії 5 - мова препроцесування HTML-файлів, виконувана на сервері Name: %{orgname}%{php_suffix} -Version: 5.6.26 +Version: 5.6.27 Release: %{rel} Epoch: 4 # All files licensed under PHP version 3.01, except @@ -169,7 +169,7 @@ Epoch: 4 License: PHP 3.01 and Zend and BSD Group: Libraries Source0: http://www.php.net/distributions/%{orgname}-%{version}.tar.xz -# Source0-md5: c51e9115263b4d63ef8f68935cefd7d4 +# Source0-md5: 9ce6efc96d5ab81ef808f8ed6b1f242d Source2: %{orgname}-mod_%{orgname}.conf Source3: %{orgname}-cgi-fcgi.ini Source4: %{orgname}-apache.ini diff --git a/php-cgi-fcgi.ini b/php-cgi-fcgi.ini index 809c7d3..bae4609 100644 --- a/php-cgi-fcgi.ini +++ b/php-cgi-fcgi.ini @@ -8,41 +8,65 @@ ; copying whole large php.ini. [PHP] -; Disable logging through FastCGI connection -; See http://bugs.php.net/bug.php?id=28074 -; fastcgi.logging = 0 - ; cgi.force_redirect is necessary to provide security running PHP as a CGI under ; most web servers. Left undefined, PHP turns this on by default. You can ; turn it off here AT YOUR OWN RISK ; **You CAN safely turn this off for IIS, in fact, you MUST.** -; cgi.force_redirect = 1 +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. -; cgi.nph = 1 +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP ; will look for to know it is OK to continue execution. Setting this variable MAY ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; cgi.redirect_status_env = ; +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo cgi.fix_pathinfo=1 +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +; http://php.net/cgi.dicard-path +;cgi.discard_path=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + ; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that -; is supported by Apache. When this option is set to 1 PHP will send +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send ; RFC2616 compliant header. ; Default is zero. +; http://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + [Session] session.save_path = /tmp ; argument passed to save_handler ; in the case of files, this is the diff --git a/php-ini.patch b/php-ini.patch index a5704d3..58ad800 100644 --- a/php-ini.patch +++ b/php-ini.patch @@ -1,6 +1,5 @@ -diff -ruN php-5.6.12.orig/php.ini php-5.6.12/php.ini ---- php-5.6.12.orig/php.ini 2015-08-06 09:55:57.000000000 +0200 -+++ php-5.6.12/php.ini 2015-08-08 09:21:30.507130679 +0200 +--- php-5.6.27/php.ini~ 2016-10-18 23:32:02.000000000 +0300 ++++ php-5.6.27/php.ini 2016-10-18 23:33:47.459569105 +0300 @@ -82,6 +82,20 @@ ; much more verbose when it comes to errors. We recommend using the ; development version only in development environments, as errors shown to @@ -58,7 +57,7 @@ diff -ruN php-5.6.12.orig/php.ini php-5.6.12/php.ini ; On windows: ; extension_dir = "ext" -@@ -745,53 +759,6 @@ +@@ -757,65 +757,6 @@ ; http://php.net/enable-dl enable_dl = Off @@ -89,6 +88,11 @@ diff -ruN php-5.6.12.orig/php.ini php-5.6.12/php.ini -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - +-; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +-; of the web tree and people will not be able to circumvent .htaccess security. +-; http://php.net/cgi.dicard-path +-;cgi.discard_path=1 +- -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache @@ -109,6 +113,13 @@ diff -ruN php-5.6.12.orig/php.ini php-5.6.12/php.ini -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - +-; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +-; (shebang) at the top of the running script. This line might be needed if the +-; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +-; mode skips this line and ignores its content if this directive is turned on. +-; http://php.net/cgi.check-shebang-line +-;cgi.check_shebang_line=1 +- ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/php.git/commitdiff/eafd88fcf4f98dca1bf82fc8e0182f29d7c49d9b _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit