diff options
| author | adrianp <adrianp> | 2006-08-10 23:01:39 +0000 |
|---|---|---|
| committer | adrianp <adrianp> | 2006-08-10 23:01:39 +0000 |
| commit | cdab7af12d49aa22afa13097a818f9e2ca5f75ad (patch) | |
| tree | d59b7364e4fe6b71d8762f640ac123b6edfb58ab /www/php4/files | |
| parent | 3a88bf34d4ca5034281c30a95688fa5d39aabe87 (diff) | |
| download | pkgsrc-cdab7af12d49aa22afa13097a818f9e2ca5f75ad.tar.gz | |
Update to 4.4.3
All PHP 4.x users are encouraged to upgrade to this release as soon as possible.
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).
For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3
This also contains a fix for CVE-2006-4020 (SA21403)
Diffstat (limited to 'www/php4/files')
| -rw-r--r-- | www/php4/files/pear.sh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/www/php4/files/pear.sh b/www/php4/files/pear.sh index 935673a3e87..1c49ab1df01 100644 --- a/www/php4/files/pear.sh +++ b/www/php4/files/pear.sh @@ -25,4 +25,4 @@ else fi fi -exec $PHP -C -q $INCARG -d output_buffering=1 -dmemory_limit=12M $INCDIR/pearcmd.php "$@" +exec $PHP -C -q $INCARG -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit=12M $INCDIR/pearcmd.php "$@" |