[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q1 2008-05-15T09:56:31Z 2008-05-15T09:56:31Z rtr rtr 2008-05-15T09:56:31Z urn:sha1:d2ac2d71f4ad220146aaa8a709764f8a79471d7f php5: many security fixes revisions pulled up: - pkgsrc/lang/php5/Makefile 1.64 - pkgsrc/lang/php5/Makefile.common 1.29 - pkgsrc/lang/php5/distinfo 1.52 Module Name: pkgsrc Committed By: adrianp Date: Sun May 4 16:50:44 UTC 2008 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Log Message: Security Enhancements and Fixes in PHP 5.2.6: Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. Upgraded bundled PCRE to version 7.6 Key enhancements in PHP 5.2.6 include: * Fixed two possible crashes inside the posix extension. * Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug 44141 (private parent constructor callable through static function). * Fixed bug 43589 (a possible infinite loop in bz2_filter.c). * Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug 43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug 42736 (xmlrpc_server_call_method() crashes). * Fixed bug 42369 (Implicit conversion to string leaks memory). * Fixed bug 41562 (SimpleXML memory issue). * Over 120 bug fixes. 2007-11-23T13:20:00Z adrianp adrianp 2007-11-23T13:20:00Z urn:sha1:d8d50cb9dd029454ee4969a498c5dfa28d4137a5 * Security Enhancements and Fixes in PHP 5.2.5: Fixed dl() to only accept filenames. Reported by Laurent Gaffie. Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason. Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms). Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Key enhancements in PHP 5.2.5 include: Upgraded PCRE to version 7.3 Updated timezone database to version 2007.9 Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()) Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax) Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23) Over 60 bug fixes. For all the details see: http://www.php.net/ChangeLog-5.php#5.2.5 2007-09-02T21:12:40Z jdolecek jdolecek 2007-09-02T21:12:40Z urn:sha1:8d6ef02ecc06149e6618898fa0dd4906e76801ca bug fixes 2007-06-06T19:33:12Z adrianp adrianp 2007-06-06T19:33:12Z urn:sha1:e905df1f8f24c97c0d9d3a392c1b475bf4bb0696 Security Fixes * Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872) * Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756) * Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900) * Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk) * Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib. * Added mysql_set_charset() to allow runtime altering of connection encoding. * Upgraded bundled SQLite 3 to version 3.3.17. (Ilia) * Fixed gd build when used with freetype 1.x (Pierre, Tony) And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3 for all the details. 2007-05-06T20:07:28Z adrianp adrianp 2007-05-06T20:07:28Z urn:sha1:6d9bb9e5e5a7e62120c11598796097e3f396da67 * Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) * Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) * Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) * Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) * Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) * Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser). * Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser) * Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) * Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) * Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev) * Fixed a header injection via Subject and To parameters to the mail() function (MOPB-34 by Stefan Esser) * Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser) * Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia) * Fixed a remotely trigger-able buffer overflow inside make_http_soap_request() (by Ilia Alshanetsky) * Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky) 2007-02-22T19:01:13Z wiz wiz 2007-02-22T19:01:13Z urn:sha1:16ab66728257a19144999d3bf2b2fb954c58bce4 From Sergey Svishchev in private mail. 2007-02-20T20:46:19Z jdolecek jdolecek 2007-02-20T20:46:19Z urn:sha1:dbd40c68969a5d46450bd1c22936813083b5919a large number of other fixes. Update for all users is strongly advised. 2006-11-07T16:46:51Z tron tron 2006-11-07T16:46:51Z urn:sha1:df2c74bd86fa6920efe20d8b325c84b1316dd917 2006-11-06T22:06:35Z jdolecek jdolecek 2006-11-06T22:06:35Z urn:sha1:e16f057b55d74570b0d52149bf07a27c871bf100 Changes since 5.1.6: The key features of PHP 5.2.0 include: * New memory manager for the Zend Engine with improved performance and a more accurate memory usage tracking. * Input filtering extension was added and enabled by default. * JSON extension was added and enabled by default. * ZIP extension for creating and editing zip files was introduced. * Hooks for tracking file upload progress were introduced. * Introduced E_RECOVERABLE_ERROR error mode. * Introduced DateTime and DateTimeZone objects with methods to manipulate date/time information. * Upgraded bundled SQLite, PCRE libraries. * Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows installations. * Many performance improvements. * Over 200 bug fixes. Security Enhancements and Fixes in PHP 5.2.0: * Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible. * Added allow_url_include, set to Off by default to disallow use of URLs for include and require. * Disable realpath cache when open_basedir and safe_mode are being used. * Improved safe_mode enforcement for error_log() function. * Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions. * Added missing safe_mode and open_basedir checks for the cURL extension. * Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines. * Fixed handling of long paths inside the tempnam() function. * Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters. * Fixed ini setting overload in the ini_restore() function. For a full list of changes in PHP 5.2.0, see the ChangeLog: http://www.php.net/ChangeLog-5.php#5.2.0 Also other notable extensions changes: * filePRO extension removed (not in PECL yet, php-filepro disabled for PHP5) * JSON added (not enabled by default, packaged in php-json) * filter added (enabled by default) * wddx rewritten to native libxml2, fixing several encoding bugs 2006-08-28T12:17:10Z taca taca 2006-08-28T12:17:10Z urn:sha1:d03cbf5c4eeb3e36efe55af7aed5ef927fb35723 PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 24 Aug 2006, PHP 5.1.6 - Fixed memory_limit on 64bit systems. (Stefan E.) - Fixed bug #38488 (Access to "php://stdin" and family crashes PHP on win32). (Dmitry)