[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q1 2008-05-15T09:56:31Z 2008-05-15T09:56:31Z rtr rtr 2008-05-15T09:56:31Z urn:sha1:d2ac2d71f4ad220146aaa8a709764f8a79471d7f php5: many security fixes revisions pulled up: - pkgsrc/lang/php5/Makefile 1.64 - pkgsrc/lang/php5/Makefile.common 1.29 - pkgsrc/lang/php5/distinfo 1.52 Module Name: pkgsrc Committed By: adrianp Date: Sun May 4 16:50:44 UTC 2008 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Log Message: Security Enhancements and Fixes in PHP 5.2.6: Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. Upgraded bundled PCRE to version 7.6 Key enhancements in PHP 5.2.6 include: * Fixed two possible crashes inside the posix extension. * Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug 44141 (private parent constructor callable through static function). * Fixed bug 43589 (a possible infinite loop in bz2_filter.c). * Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug 43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug 42736 (xmlrpc_server_call_method() crashes). * Fixed bug 42369 (Implicit conversion to string leaks memory). * Fixed bug 41562 (SimpleXML memory issue). * Over 120 bug fixes. 2008-03-04T18:58:52Z sborrill sborrill 2008-03-04T18:58:52Z urn:sha1:1e374f69b30afc3c6b5248e3acf7e63f3c1e6b7f 2008-03-04T17:13:49Z sborrill sborrill 2008-03-04T17:13:49Z urn:sha1:75dc426e31bcbbf5ba36a4995856ee48126e7902 long. Patch appended to PHP bug 42862, so the fix may be incorporated in later PHP releases and thus this patch can be reverted. http://bugs.php.net/bug.php?id=42862 Bump PKGREVISION of php-imap 2008-01-18T05:06:18Z tnn tnn 2008-01-18T05:06:18Z urn:sha1:1c8e24b168b5909ecc586bdbb660570b490d92ef on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@ 2007-11-23T13:20:00Z adrianp adrianp 2007-11-23T13:20:00Z urn:sha1:d8d50cb9dd029454ee4969a498c5dfa28d4137a5 * Security Enhancements and Fixes in PHP 5.2.5: Fixed dl() to only accept filenames. Reported by Laurent Gaffie. Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie. Fixed "mail.force_extra_parameters" php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason. Fixed bug 42869 (automatic session id insertion adds sessions id to non-local forms). Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()). * Key enhancements in PHP 5.2.5 include: Upgraded PCRE to version 7.3 Updated timezone database to version 2007.9 Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable. Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll()) Fixed bug 42785 (json_encode() formats doubles according to locale rather then following standard syntax) Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23) Over 60 bug fixes. For all the details see: http://www.php.net/ChangeLog-5.php#5.2.5 2007-10-09T19:19:08Z martti martti 2007-10-09T19:19:08Z urn:sha1:1f3e0ab0bcafd67927ec5477c01ae15f8c9c3287 2007-09-25T21:00:16Z jdolecek jdolecek 2007-09-25T21:00:16Z urn:sha1:b751cb31471b46f91139961485f994cf4e964db9 2007-09-11T20:14:46Z jdolecek jdolecek 2007-09-11T20:14:46Z urn:sha1:d2f057329e7ea2d721ca559a852cfb87633d6f2a extension loading code to export all symbols (i.e. do equivalent of dlopen(..., RTLD_GLOBAL)), so that older Mac OS X without dlopen() (before 10.4) also load extensions properly patch also submitted as PHP bug# 42629 2007-09-07T22:12:10Z jlam jlam 2007-09-07T22:12:10Z urn:sha1:2f517bc25c1dfd477877da169af65a161a689211 and to support the "inet6" option instead. Remaining usage of USE_INET6 was solely for the benefit of the scripts that generate the README.html files. Replace: BUILD_DEFS+= USE_INET6 with BUILD_DEFS+= IPV6_READY and teach the README-generation tools to look for that instead. This nukes USE_INET6 from pkgsrc proper. We leave a tiny bit of code to continue to support USE_INET6 for pkgsrc-wip until it has been nuked from there as well. 2007-09-04T23:39:31Z jdolecek jdolecek 2007-09-04T23:39:31Z urn:sha1:fce03cf1edd3c485f2551b36a8be06ca34f6f90c so that symbols of loaded modules are available for other, dependant modules; dlopen() is native function since 10.4, so actually apparently preferable interface now this is necessary for PDO family of modules (pdo_* depends on symbols of PDO module), and for XSL module (which depends on symbols of DOM module); doing it this way allows for PDO and DOM modules to be also shared and dynamically loaded, this avoids need to compile them into main PHP binary bump PKGREVISION, this is functionality change for Mac OS X (no change for other platforms)