pkgsrc.se | The NetBSD package collection

./lang/php5, PHP Hypertext Preprocessor version 5

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2008Q1, Version: 5.2.6, Package name: php-5.2.6, Maintainer: jdolecek

PHP is an HTML-embedded scripting language. It is modular, with
some object-oriented features. Much of its syntax is borrowed from
C, Java and Perl with a couple of unique PHP-specific features
thrown in. The language is designed to allow web developers to
write dynamically generated pages quickly.

Required to run:
[textproc/libxml2]

Required to build:
[devel/gmake] [devel/libtool-base]

Package options: cgi, inet6, ssl

Master sites: (Expand)

Version history: (Expand)

(2008-06-08) Updated to version: php-5.2.6
(2008-04-12) Package added to pkgsrc.se, version php-5.2.5nb1 (created)

CVS history: (Expand)

2008-05-15 11:56:31 by Tyler R. Retzlaff | Files touched by this commit (3)

Log message:
pullup ticket #2378 - requested by adrianp
php5: many security fixes

revisions pulled up:
- pkgsrc/lang/php5/Makefile		1.64
- pkgsrc/lang/php5/Makefile.common	1.29
- pkgsrc/lang/php5/distinfo		1.52

   Module Name:	pkgsrc
   Committed By:	adrianp
   Date:		Sun May  4 16:50:44 UTC 2008

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.common distinfo

   Log message:
   Security Enhancements and Fixes in PHP 5.2.6:

   Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei \ 
Nigmatulin.
   Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
   Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
   Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
   Properly address incomplete multibyte chars inside escapeshellcmd() \ 
identified by Stefan Esser.
   Upgraded bundled PCRE to version 7.6

   Key enhancements in PHP 5.2.6 include:
   * Fixed two possible crashes inside the posix extension.
   * Fixed bug 44069 (Huge memory usage with concatenation using . instead of .=)
   * Fixed bug 44141 (private parent constructor callable through static function).
   * Fixed bug 43589 (a possible infinite loop in bz2_filter.c).
   * Fixed bug 43450 (Memory leak on some functions with implicit object \ 
__toString() call).
   * Fixed bug 43201 (Crash on using uninitialized vals and __get/__set).
   * Fixed bug 42978 (mismatch between number of bound params and values causes \ 
a crash in pdo_pgsql).
   * Fixed bug 42937 (__call() method not invoked when methods are called on \ 
parent from child class).
   * Fixed bug 42736 (xmlrpc_server_call_method() crashes).
   * Fixed bug 42369 (Implicit conversion to string leaks memory).
   * Fixed bug 41562 (SimpleXML memory issue).
   * Over 120 bug fixes.