Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
* Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
* Added missing sanity checks around exif processing. (Ilia)
* Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
This is a SECURITY FIX that fixes:
Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files.
Update the suhosin patch to the current one while here.
to their php.ini file in a SAPI independent way. This way can easily run
more instances of httpd with different php configs.
Idea after a discussion with "L. V. Lammert" <lvl@omnitec.net>
cacti users): add a patch from the upstream repository to fix this.
Thanks Steven Surdock for reporting the problem and testing this diff
(and similar patches sent by William Yodlowsky). While there, remove
a zero-byte patch that crept in before. ok robert@
where users are supposed to create symlinks to config file fragments
in ../php5.sample, otherwise the symlinks are destroyed when someone
updates php5/core.
ok brad, seems ok to landry.
- include the suhosin extension and suhosin patch by default unless
the no_suhosin flavor is defined
- add all the suhosin configuration options to the sample config
files
the php core module and extenions.
Install a sample configuration file to /var/www/conf/modules.sample
which can be symlinked or copied over to /var/www/conf/modules
so apache is going to pick it up.
Allow php to scan /var/www/conf/php5 for php configuration
files so if the user installs or creates a symlink from the
sample configuration files from the php5.sample directory,
it is going to be picked up by php5.
Create a dummy pwd.db file in the php5-imap package in the apache
chroot because it is needed by c-client.
feedback and tests by sthen@
fixes many vulnerabilities just as usual. for more information
read http://www.php.net/releases/5_2_3.php
add a no_suhosin pseudo-flavor because horde has some problems
with the suhosin security patchset
more than one php binaries within one workdir (idea from FreeBSD)
- move pdo_sqlite support from core to extensions and also add a pdo_mysql
and a pdo_sqlite subpackage
- regen patches while here
- bump PKGNAMEs