CVS commit: pkgsrc/lang/php5

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/lang/php5
From: Takahiro Kambe <taca%netbsd.org@localhost>
Date: Wed, 23 Dec 2009 07:07:35 +0000

Module Name:    pkgsrc
Committed By:   taca
Date:           Wed Dec 23 07:07:35 UTC 2009

Modified Files:
        pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
        pkgsrc/lang/php5/patches: patch-ag patch-ah
Removed Files:
        pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb patch-bc
            patch-bd

Log Message:
Update lang/php5 to 5.2.12, security update.

Security Enhancements and Fixes in PHP 5.2.12:

* Fixed a safe_mode bypass in tempnam() identified by Grzegorz
  Stachowiak. (CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
  Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the
  number of file uploads per-request to 20 by default, to prevent possible
  DOS via temporary file exhaustion, identified by Bogdan
  Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
  "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
  Stas)
* Fixed bug #49785 (insufficient input string validation of
  htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Key enhancements in PHP 5.2.12 include:

* Fixed unnecessary invocation of setitimer when timeouts have been
  disabled. (Arvind Srinivasan)
* Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
* Fixed crash in SQLiteDatabase::ArrayQuery() and
  SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
* Fixed crash when instantiating PDORow and PDOStatement through
  Reflection. (Felipe)
* Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
* Fixed bug #50207 (segmentation fault when concatenating very large strings
  on 64bit linux). (Ilia)
* Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
  database). (Felipe)
* Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
* Fixed bug #50005 (Throwing through Reflection modified Exception object
  makes segmentation fault). (Felipe)
* Fixed bug #49174 (crash when extending PDOStatement and trying to set
  queryString property). (Felipe)
* Fixed bug #49098 (mysqli segfault on error). (Rasmus)
* Over 50 other bug fixes.


To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
    pkgsrc/lang/php5/patches/patch-az
cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
    pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
    pkgsrc/lang/php5/patches/patch-bd

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/net/ettercap-NG
Next by Date: CVS commit: pkgsrc/textproc/php5-xsl
Previous by Thread: CVS commit: pkgsrc/net/ettercap-NG
Next by Thread: CVS commit: pkgsrc/textproc/php5-xsl
Indexes:

Home | Main Index | Thread Index | Old Index