suhosin-patch is provided as modified one; only copyright year.
PHP 5.3.9 Released!
[10-Jan-2012] The PHP development team would like to announce the immediate
availability of PHP 5.3.9. This release focuses on improving the stability of
the PHP 5.3.x branch with over 90 bug fixes, some of which are security
related.
Security Enhancements and Fixes in PHP 5.3.9:
* Added max_input_vars directive to prevent attacks based on hash
collisions. (CVE-2011-4885)
* Fixed bug #60150 (Integer overflow during the parsing of invalid
exif header). (CVE-2011-4566)
Key enhancements in PHP 5.3.9 include:
* Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd
argument to is_a and is_subclass_of).
* Fixed bug #55609 (mysqlnd cannot be built shared)
* Many changes to the FPM SAPI module
For a full list of changes in PHP 5.3.9, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be found on
windows.php.net/download/.
All users are strongly encouraged to upgrade to PHP 5.3.9.
(crypt()'s problem was already fixed our php53-5.3.7nb1 package.)
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
23 Aug 2011, PHP 5.3.8
- Core:
. Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)
- OpenSSL:
. Reverted a change in timeout handling restoring PHP 5.3.6 behavior,
as the new behavior caused mysqlnd SSL connections to hang (#55283).
(Pierre, Andrey, Johannes)
5.3.5 was released due to a critical issue and the previous suhosin
patch still applies. Prior art of this can be seen in OpenBSD's and
FreeBSD's ports.
ok@ wiz
- Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
(Scott)
- Fixed a NULL pointer dereference when processing invalid XML-RPC
requests (Fixes CVE-2010-0397, bug #51288). (Raphael Geissert)
- Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
(Stas)
- A large number of not security related bug fixes
the extensions were not actually built since necessary libraries were not found due to pkgsrc
framework, but better be explicit
fix MESSAGE_SRC to use lang/php53 locations
bump PKGREVISION
This package and lang/php5 aren't installed at the same time.
Setting PHP_VERSION_DEFAULT as "5" or "53" to select PHP 5.2.x or 5.3.x.
PHP is an HTML-embedded scripting language. It is modular, with
some object-oriented features. Much of its syntax is borrowed from
C, Java and Perl with a couple of unique PHP-specific features
thrown in. The language is designed to allow web developers to
write dynamically generated pages quickly.
