[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q1 2008-05-15T09:56:31Z 2008-05-15T09:56:31Z rtr rtr 2008-05-15T09:56:31Z urn:sha1:d2ac2d71f4ad220146aaa8a709764f8a79471d7f php5: many security fixes revisions pulled up: - pkgsrc/lang/php5/Makefile 1.64 - pkgsrc/lang/php5/Makefile.common 1.29 - pkgsrc/lang/php5/distinfo 1.52 Module Name: pkgsrc Committed By: adrianp Date: Sun May 4 16:50:44 UTC 2008 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Log Message: Security Enhancements and Fixes in PHP 5.2.6: Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. Upgraded bundled PCRE to version 7.6 Key enhancements in PHP 5.2.6 include: * Fixed two possible crashes inside the posix extension. * Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug 44141 (private parent constructor callable through static function). * Fixed bug 43589 (a possible infinite loop in bz2_filter.c). * Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug 43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug 42736 (xmlrpc_server_call_method() crashes). * Fixed bug 42369 (Implicit conversion to string leaks memory). * Fixed bug 41562 (SimpleXML memory issue). * Over 120 bug fixes. 2008-01-18T05:06:18Z tnn tnn 2008-01-18T05:06:18Z urn:sha1:1c8e24b168b5909ecc586bdbb660570b490d92ef on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@ 2007-11-23T13:20:00Z adrianp adrianp 2007-11-23T13:20:00Z urn:sha1:d8d50cb9dd029454ee4969a498c5dfa28d4137a5 * Security Enhancements and Fixes in PHP 5.2.5: Fixed dl() to only accept filenames. Reported by Laurent Gaffie. Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason. Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms). Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Key enhancements in PHP 5.2.5 include: Upgraded PCRE to version 7.3 Updated timezone database to version 2007.9 Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()) Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax) Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23) Over 60 bug fixes. For all the details see: http://www.php.net/ChangeLog-5.php#5.2.5 2007-09-25T21:00:16Z jdolecek jdolecek 2007-09-25T21:00:16Z urn:sha1:b751cb31471b46f91139961485f994cf4e964db9 2007-09-04T23:39:31Z jdolecek jdolecek 2007-09-04T23:39:31Z urn:sha1:fce03cf1edd3c485f2551b36a8be06ca34f6f90c so that symbols of loaded modules are available for other, dependant modules; dlopen() is native function since 10.4, so actually apparently preferable interface now this is necessary for PDO family of modules (pdo_* depends on symbols of PDO module), and for XSL module (which depends on symbols of DOM module); doing it this way allows for PDO and DOM modules to be also shared and dynamically loaded, this avoids need to compile them into main PHP binary bump PKGREVISION, this is functionality change for Mac OS X (no change for other platforms) 2007-09-04T22:12:23Z jdolecek jdolecek 2007-09-04T22:12:23Z urn:sha1:f64d3d928656cd083b503cb1c503d9be7ddc8cc6 PKGREVISION PR: 36869 by Louis Guillaume 2007-09-03T11:48:44Z tron tron 2007-09-03T11:48:44Z urn:sha1:e5bb7e09d12189a02d80afcdef42204fed745274 Bump package revision. 2007-09-02T21:12:40Z jdolecek jdolecek 2007-09-02T21:12:40Z urn:sha1:8d6ef02ecc06149e6618898fa0dd4906e76801ca bug fixes 2007-08-01T01:40:07Z taca taca 2007-08-01T01:40:07Z urn:sha1:5ae8ea80bd9d5046facf152bbfe4760b0f5d31fe - Fix compile problem on NetBSD with mremap(2). Bump PKGREVISION. 2007-06-11T17:45:30Z heinz heinz 2007-06-11T17:45:30Z urn:sha1:97162ff75b2b1b464f9dbd0fb79a24f63cc10634 support for this before, probably unintentionally.