mentioned the release on their announcements list maybe we would have
had time to get the full update in but, as it is, we just found out
about it and there are too many changes to test properly at short
notice, so we are just fixing these for now.
CVE-2010-2225: fix SplObjectStorage unserialization, upstream r300843
CVE-2010-0397: null pointer dereference when processing invalid XML-RPC
requests, upstream r296152
ok espie@
breaking cd /usr/ports && SUBDIR=some/path make something for
category makefiles. While there, also put spaces around += uniformously.
okay naddy@, jasper@
Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
* Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
* Added missing sanity checks around exif processing. (Ilia)
* Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
This is a SECURITY FIX that fixes:
Fixed bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files.
Update the suhosin patch to the current one while here.
to their php.ini file in a SAPI independent way. This way can easily run
more instances of httpd with different php configs.
Idea after a discussion with "L. V. Lammert" <lvl@omnitec.net>
cacti users): add a patch from the upstream repository to fix this.
Thanks Steven Surdock for reporting the problem and testing this diff
(and similar patches sent by William Yodlowsky). While there, remove
a zero-byte patch that crept in before. ok robert@
where users are supposed to create symlinks to config file fragments
in ../php5.sample, otherwise the symlinks are destroyed when someone
updates php5/core.
ok brad, seems ok to landry.
- include the suhosin extension and suhosin patch by default unless
the no_suhosin flavor is defined
- add all the suhosin configuration options to the sample config
files
