pkgsrc.se | The NetBSD package collection

Next | Query returned 3 messages, browsing 1 to 10 | previous

CVS Commit History:

2009-12-23 20:09:51 by S.P.Zeidler | Files touched by this commit (13) | Package updated

Log message:
Pullup ticket 2955 - requested by taca
security update

Revisions pulled up:
- pkgsrc/lang/php5/Makefile			1.75
- pkgsrc/lang/php5/Makefile.common		1.39
- pkgsrc/lang/php5/PLIST			1.25
- pkgsrc/lang/php5/distinfo			1.71
- pkgsrc/lang/php5/patches/patch-ag		1.4
- pkgsrc/lang/php5/patches/patch-ah		1.3
- pkgsrc/textproc/php5-xsl/Makefile		1.13

Files removed:
pkgsrc/lang/php5/patches/patch-ay
pkgsrc/lang/php5/patches/patch-az
pkgsrc/lang/php5/patches/patch-ba
pkgsrc/lang/php5/patches/patch-bb
pkgsrc/lang/php5/patches/patch-bc
pkgsrc/lang/php5/patches/patch-bd

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:07:35 UTC 2009

   Modified Files:
           pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
           pkgsrc/lang/php5/patches: patch-ag patch-ah
   Removed Files:
           pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb
               patch-bc patch-bd

   Log message:
   Update lang/php5 to 5.2.12, security update.

   Security Enhancements and Fixes in PHP 5.2.12:

   * Fixed a safe_mode bypass in tempnam() identified by Grzegorz
     Stachowiak. (CVE-2009-3557, Rasmus)
   * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
     Stachowiak. (CVE-2009-3558, Rasmus)
   * Added "max_file_uploads" INI directive, which can be set to limit the
     number of file uploads per-request to 20 by default, to prevent possible
     DOS via temporary file exhaustion, identified by Bogdan
     Calin. (CVE-2009-4017, Ilia)
   * Added protection for $_SESSION from interrupt corruption and improved
     "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
     Stas)
   * Fixed bug #49785 (insufficient input string validation of
     htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

   Key enhancements in PHP 5.2.12 include:

   * Fixed unnecessary invocation of setitimer when timeouts have been
     disabled. (Arvind Srinivasan)
   * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
   * Fixed crash in SQLiteDatabase::ArrayQuery() and
     SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
   * Fixed crash when instantiating PDORow and PDOStatement through
     Reflection. (Felipe)
   * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
   * Fixed bug #50207 (segmentation fault when concatenating very large strings
     on 64bit linux). (Ilia)
   * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
     database). (Felipe)
   * Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
   * Fixed bug #50005 (Throwing through Reflection modified Exception object
     makes segmentation fault). (Felipe)
   * Fixed bug #49174 (crash when extending PDOStatement and trying to set
     queryString property). (Felipe)
   * Fixed bug #49098 (mysqli segfault on error). (Rasmus)
   * Over 50 other bug fixes.

   To generate a diff of this commit:
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
   cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
   cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
       pkgsrc/lang/php5/patches/patch-az
   cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
       pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
       pkgsrc/lang/php5/patches/patch-bd

   --------------------------------------------------------------------------

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:08:31 UTC 2009

   Modified Files:
           pkgsrc/textproc/php5-xsl: Makefile

   Log message:
   Reset PKGREVISION by implicit update to 5.2.12.

   To generate a diff of this commit:
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile

2009-12-01 00:10:20 by Matthias Scheler | Files touched by this commit (10)

Log message:
Pullup ticket #2939 - requested by taca
php5: security patch

Revisions pulled up:
- lang/php5/Makefile				1.73-1.74
- lang/php5/distinfo				1.69-1.70
- lang/php5/patches/patch-ag			1.3
- lang/php5/patches/patch-ah			1.2
- lang/php5/patches/patch-ay			1.2
- lang/php5/patches/patch-az			1.1-1.2
- lang/php5/patches/patch-ba			1.1
- lang/php5/patches/patch-bb			1.1
- lang/php5/patches/patch-bc			1.1
- lang/php5/patches/patch-bd			1.1
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Oct 22 14:49:06 UTC 2009

Modified Files:
	pkgsrc/lang/php5: Makefile distinfo
Added Files:
	pkgsrc/lang/php5/patches: patch-az

Log message:
Add patch to check byte sequence more strictly in htmlspecialchars().

	http://bugs.php.net/bug.php?id=49785

These are patch refrects r289411, r289554, r289565, r289567 and r289605
in PHP svn repositry.

Bump PKGREVISION.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Nov 30 06:14:08 UTC 2009

Modified Files:
	pkgsrc/lang/php5: Makefile distinfo
	pkgsrc/lang/php5/patches: patch-ag patch-ah patch-ay patch-az
Added Files:
	pkgsrc/lang/php5/patches: patch-ba patch-bb patch-bc patch-bd

Log message:
Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry.

1. CVE-2009-3292 is already fixed in 5.2.11.

2. CVE-2009-3558

	http://svn.php.net/viewvc?view=revision&revision=288934

3. CVE-2009-3557

	http://svn.php.net/viewvc?view=revision&revision=288945
	http://svn.php.net/viewvc?view=revision&revision=288971

4. CVE-2009-4017

	http://svn.php.net/viewvc?view=revision&revision=289990
	http://svn.php.net/viewvc?view=revision&revision=290820
	http://svn.php.net/viewvc?view=revision&revision=290885

Other pkgsrc changes:

* Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended.
* Add comments to some of patch files.

Bump PKGREVISION.

2009-10-22 23:25:08 by Matthias Scheler | Files touched by this commit (3)

Log message:
Pullup ticket #2918 - requested by taca:
php-gd: security patch

Revisions pulled up:
- graphics/php-gd/Makefile			1.20
- lang/php5/distinfo				1.68
- lang/php5/patches/patch-ay			1.1
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Oct 22 14:37:47 UTC 2009

Modified Files:
	pkgsrc/graphics/php-gd: Makefile
	pkgsrc/lang/php5: distinfo
Added Files:
	pkgsrc/lang/php5/patches: patch-ay

Log message:
Add a patch from PHP's SVN repositry to fix gd library security problem.

	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546>

Next | Query returned 3 messages, browsing 1 to 10 | previous