Subject: CVS commit: [pkgsrc-2007Q3] pkgsrc/lang/php5
To: None <pkgsrc-changes@NetBSD.org>
From: Geert Hendrickx <ghen@netbsd.org>
List: pkgsrc-changes
Date: 12/05/2007 14:07:21
Module Name: pkgsrc
Committed By: ghen
Date: Wed Dec 5 14:07:21 UTC 2007
Modified Files:
pkgsrc/lang/php5 [pkgsrc-2007Q3]: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches [pkgsrc-2007Q3]: patch-ao patch-ar
Log Message:
Pullup ticket 2239 - requested by adrianp
security update for php5
- pkgsrc/lang/php5/Makefile 1.62
- pkgsrc/lang/php5/Makefile.common 1.28
- pkgsrc/lang/php5/distinfo 1.50
- pkgsrc/lang/php5/patches/patch-ao removed
- pkgsrc/lang/php5/patches/patch-ar removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Nov 23 13:20:01 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/lang/php5/patches: patch-ao patch-ar
Log Message:
Update to 5.2.5
* Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial multibyte
sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob() functions.
Reported by Laurent Gaffie.
Fixed "mail.force_extra_parameters" php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported by
SecurityReason.
Fixed bug 42869 (automatic session id insertion adds sessions id to
non-local forms).
Fixed bug 41561 (Values set with php_admin_* in httpd.conf can be
overwritten with ini_set()).
* Key enhancements in PHP 5.2.5 include:
Upgraded PCRE to version 7.3
Updated timezone database to version 2007.9
Added ability to control memory consumption between request using
ZEND_MM_COMPACT environment variable.
Improved speed of array_intersect_key(), array_intersect_assoc(),
array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and
array_udiff_assoc() functions
Fixed bug 43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with
fetchAll())
Fixed bug 42785 (json_encode() formats doubles according to locale
rather then following standard syntax)
Fixed bug 42549 (ext/mysql failed to compile with libmysql 3.23)
Over 60 bug fixes.
For all the details see:
http://www.php.net/ChangeLog-5.php#5.2.5
To generate a diff of this commit:
cvs rdiff -r1.61 -r1.61.2.1 pkgsrc/lang/php5/Makefile
cvs rdiff -r1.27 -r1.27.2.1 pkgsrc/lang/php5/Makefile.common
cvs rdiff -r1.49 -r1.49.2.1 pkgsrc/lang/php5/distinfo
cvs rdiff -r1.5 -r0 pkgsrc/lang/php5/patches/patch-ao
cvs rdiff -r1.3 -r0 pkgsrc/lang/php5/patches/patch-ar
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.