diff options
author | taca <taca> | 2009-12-23 07:07:34 +0000 |
---|---|---|
committer | taca <taca> | 2009-12-23 07:07:34 +0000 |
commit | 271e133a03a171dbfe4c3cfc9306663ecb46741c (patch) | |
tree | 1059442fae6c0f711ca1ae9f5e92001651bc0b02 /lang/php5/patches/patch-ah | |
parent | b7793942dace0d750dd689d4e727a4418392cdac (diff) | |
download | pkgsrc-271e133a03a171dbfe4c3cfc9306663ecb46741c.tar.gz |
Update lang/php5 to 5.2.12, security update.
Security Enhancements and Fixes in PHP 5.2.12:
* Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the
number of file uploads per-request to 20 by default, to prevent possible
DOS via temporary file exhaustion, identified by Bogdan
Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
"session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
Stas)
* Fixed bug #49785 (insufficient input string validation of
htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Key enhancements in PHP 5.2.12 include:
* Fixed unnecessary invocation of setitimer when timeouts have been
disabled. (Arvind Srinivasan)
* Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
* Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
* Fixed crash when instantiating PDORow and PDOStatement through
Reflection. (Felipe)
* Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
* Fixed bug #50207 (segmentation fault when concatenating very large strings
on 64bit linux). (Ilia)
* Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
database). (Felipe)
* Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
* Fixed bug #50005 (Throwing through Reflection modified Exception object
makes segmentation fault). (Felipe)
* Fixed bug #49174 (crash when extending PDOStatement and trying to set
queryString property). (Felipe)
* Fixed bug #49098 (mysqli segfault on error). (Rasmus)
* Over 50 other bug fixes.
Diffstat (limited to 'lang/php5/patches/patch-ah')
-rw-r--r-- | lang/php5/patches/patch-ah | 14 |
1 files changed, 3 insertions, 11 deletions
diff --git a/lang/php5/patches/patch-ah b/lang/php5/patches/patch-ah index dfa5a9c1c67..33509e8c710 100644 --- a/lang/php5/patches/patch-ah +++ b/lang/php5/patches/patch-ah @@ -1,10 +1,8 @@ -$NetBSD: patch-ah,v 1.2 2009/11/30 06:14:08 taca Exp $ +$NetBSD: patch-ah,v 1.3 2009/12/23 07:07:34 taca Exp $ * Ajust for pkgsrc. -* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017: - http://svn.php.net/viewvc?view=revision&revision=289990 ---- php.ini-recommended.orig 2009-03-02 13:44:35.000000000 +0900 +--- php.ini-recommended.orig 2009-11-05 13:29:34.000000000 +0000 +++ php.ini-recommended @@ -522,7 +522,7 @@ default_mimetype = "text/html" ;;;;;;;;;;;;;;;;;;;;;;;;; @@ -27,7 +25,7 @@ $NetBSD: patch-ah,v 1.2 2009/11/30 06:14:08 taca Exp $ ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically -@@ -597,11 +598,13 @@ file_uploads = On +@@ -597,7 +598,7 @@ file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). @@ -36,9 +34,3 @@ $NetBSD: patch-ah,v 1.2 2009/11/30 06:14:08 taca Exp $ ; Maximum allowed size for uploaded files. upload_max_filesize = 2M - -+; Maximum number of files that can be uploaded via a single request -+max_file_uploads = 100 - - ;;;;;;;;;;;;;;;;;; - ; Fopen wrappers ; |