mentioned the release on their announcements list maybe we would have
had time to get the full update in but, as it is, we just found out
about it and there are too many changes to test properly at short
notice, so we are just fixing these for now.
CVE-2010-2225: fix SplObjectStorage unserialization, upstream r300843
CVE-2010-0397: null pointer dereference when processing invalid XML-RPC
requests, upstream r296152
ok espie@
Security Enhancements and Fixes in PHP 5.2.11:
* Fixed certificate validation inside php_openssl_apply_verification_policy. (Ryan Sleevi, Ilia)
* Fixed sanity check for the color index in imagecolortransparent(). (Pierre)
* Added missing sanity checks around exif processing. (Ilia)
* Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
- include the suhosin extension and suhosin patch by default unless
the no_suhosin flavor is defined
- add all the suhosin configuration options to the sample config
files
the php core module and extenions.
Install a sample configuration file to /var/www/conf/modules.sample
which can be symlinked or copied over to /var/www/conf/modules
so apache is going to pick it up.
Allow php to scan /var/www/conf/php5 for php configuration
files so if the user installs or creates a symlink from the
sample configuration files from the php5.sample directory,
it is going to be picked up by php5.
Create a dummy pwd.db file in the php5-imap package in the apache
chroot because it is needed by c-client.
feedback and tests by sthen@
fixes many vulnerabilities just as usual. for more information
read http://www.php.net/releases/5_2_3.php
add a no_suhosin pseudo-flavor because horde has some problems
with the suhosin security patchset
more than one php binaries within one workdir (idea from FreeBSD)
- move pdo_sqlite support from core to extensions and also add a pdo_mysql
and a pdo_sqlite subpackage
- regen patches while here
- bump PKGNAMEs
Add a hardened flavor for both core and extensions (inspired by niallo@);
Use our own way to install pear because the bundled installer is totally
broken and upstream refuses to fix it.
Add a mysqli subpackage which can be used to access the functionality
provided by MySQL 4.1 and above.
Other minor changes and fixes are also included.
ok sturm@; tested by many
the FULLPKGPATH, thus providing changes to packing-lists which shouldn't
happen, and making update more difficult.
Accordingly, bump all pkgnames with PSEUDO_FLAVORS, and provide an
update @pkgpath for the bug for most of them (left out the ones with 3
or 4 pseudo flavors for space constraints...)
