Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by narn.NetBSD.org (Postfix) with ESMTP id 256B063BA4A for ; Sun, 4 May 2008 16:50:46 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 0) id C272C63B1DC; Sun, 4 May 2008 16:50:45 +0000 (UTC) Received: from cvs.netbsd.org (unknown [IPv6:2001:4f8:4:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id A2F6C63B1DB for ; Sun, 4 May 2008 16:50:44 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 904CD175D0; Sun, 4 May 2008 16:50:44 +0000 (UTC) From: Adrian Portelli Subject: CVS commit: pkgsrc/lang/php5 To: pkgsrc-changes@NetBSD.org Reply-To: adrianp@netbsd.org Message-Id: <20080504165044.904CD175D0@cvs.netbsd.org> Date: Sun, 4 May 2008 16:50:44 +0000 (UTC) Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes Precedence: list Module Name: pkgsrc Committed By: adrianp Date: Sun May 4 16:50:44 UTC 2008 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Log Message: Security Enhancements and Fixes in PHP 5.2.6: Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. Upgraded bundled PCRE to version 7.6 Key enhancements in PHP 5.2.6 include: * Fixed two possible crashes inside the posix extension. * Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=) * Fixed bug 44141 (private parent constructor callable through static function). * Fixed bug 43589 (a possible infinite loop in bz2_filter.c). * Fixed bug 43450 (Memory leak on some functions with implicit object __toString() call). * Fixed bug 43201 (Crash on using uninitialized vals and __get/__set). * Fixed bug 42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). * Fixed bug 42937 (__call() method not invoked when methods are called on parent from child class). * Fixed bug 42736 (xmlrpc_server_call_method() crashes). * Fixed bug 42369 (Implicit conversion to string leaks memory). * Fixed bug 41562 (SimpleXML memory issue). * Over 120 bug fixes. See http://www.php.net/ChangeLog-5.php#5.2.6 for all the details To generate a diff of this commit: cvs rdiff -r1.63 -r1.64 pkgsrc/lang/php5/Makefile cvs rdiff -r1.28 -r1.29 pkgsrc/lang/php5/Makefile.common cvs rdiff -r1.51 -r1.52 pkgsrc/lang/php5/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.