diff options
| author | spz <spz> | 2009-12-23 19:09:51 +0000 |
|---|---|---|
| committer | spz <spz> | 2009-12-23 19:09:51 +0000 |
| commit | a17e49f687a9be6d26fd5d438652b5f23a59f070 (patch) | |
| tree | 531479405ff9c469a5fd051c51b0865e4b99e4d0 /lang/php5/patches/patch-bb | |
| parent | 5041c97c9a92836f214980bc79c9ac97f6b36587 (diff) | |
| download | pkgsrc-a17e49f687a9be6d26fd5d438652b5f23a59f070.tar.gz | |
Pullup ticket 2955 - requested by taca
security update
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.75
- pkgsrc/lang/php5/Makefile.common 1.39
- pkgsrc/lang/php5/PLIST 1.25
- pkgsrc/lang/php5/distinfo 1.71
- pkgsrc/lang/php5/patches/patch-ag 1.4
- pkgsrc/lang/php5/patches/patch-ah 1.3
- pkgsrc/textproc/php5-xsl/Makefile 1.13
Files removed:
pkgsrc/lang/php5/patches/patch-ay
pkgsrc/lang/php5/patches/patch-az
pkgsrc/lang/php5/patches/patch-ba
pkgsrc/lang/php5/patches/patch-bb
pkgsrc/lang/php5/patches/patch-bc
pkgsrc/lang/php5/patches/patch-bd
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 23 07:07:35 UTC 2009
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
pkgsrc/lang/php5/patches: patch-ag patch-ah
Removed Files:
pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb
patch-bc patch-bd
Log Message:
Update lang/php5 to 5.2.12, security update.
Security Enhancements and Fixes in PHP 5.2.12:
* Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the
number of file uploads per-request to 20 by default, to prevent possible
DOS via temporary file exhaustion, identified by Bogdan
Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
"session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
Stas)
* Fixed bug #49785 (insufficient input string validation of
htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
Key enhancements in PHP 5.2.12 include:
* Fixed unnecessary invocation of setitimer when timeouts have been
disabled. (Arvind Srinivasan)
* Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
* Fixed crash in SQLiteDatabase::ArrayQuery() and
SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
* Fixed crash when instantiating PDORow and PDOStatement through
Reflection. (Felipe)
* Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
* Fixed bug #50207 (segmentation fault when concatenating very large strings
on 64bit linux). (Ilia)
* Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
database). (Felipe)
* Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
* Fixed bug #50005 (Throwing through Reflection modified Exception object
makes segmentation fault). (Felipe)
* Fixed bug #49174 (crash when extending PDOStatement and trying to set
queryString property). (Felipe)
* Fixed bug #49098 (mysqli segfault on error). (Rasmus)
* Over 50 other bug fixes.
To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
pkgsrc/lang/php5/patches/patch-az
cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
pkgsrc/lang/php5/patches/patch-bd
--------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Dec 23 07:08:31 UTC 2009
Modified Files:
pkgsrc/textproc/php5-xsl: Makefile
Log Message:
Reset PKGREVISION by implicit update to 5.2.12.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile
Diffstat (limited to 'lang/php5/patches/patch-bb')
| -rw-r--r-- | lang/php5/patches/patch-bb | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/lang/php5/patches/patch-bb b/lang/php5/patches/patch-bb deleted file mode 100644 index 07c69816914..00000000000 --- a/lang/php5/patches/patch-bb +++ /dev/null @@ -1,19 +0,0 @@ -$NetBSD: patch-bb,v 1.1.2.2 2009/11/30 23:10:20 tron Exp $ - -Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557: - http://svn.php.net/viewvc?view=revision&revision=288945 - http://svn.php.net/viewvc?view=revision&revision=288971 - ---- ext/standard/file.c.orig 2009-11-30 10:04:51.000000000 +0900 -+++ ext/standard/file.c -@@ -838,6 +838,10 @@ PHP_FUNCTION(tempnam) - convert_to_string_ex(arg1); - convert_to_string_ex(arg2); - -+ if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) { -+ RETURN_FALSE; -+ } -+ - if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) { - RETURN_FALSE; - } |