7415620fc5
Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes.
36 lines
1.1 KiB
Text
36 lines
1.1 KiB
Text
$NetBSD: patch-ah,v 1.3 2009/12/23 07:07:34 taca Exp $
|
|
|
|
* Ajust for pkgsrc.
|
|
|
|
--- php.ini-recommended.orig 2009-11-05 13:29:34.000000000 +0000
|
|
+++ php.ini-recommended
|
|
@@ -522,7 +522,7 @@ default_mimetype = "text/html"
|
|
;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
|
|
; UNIX: "/path1:/path2"
|
|
-;include_path = ".:/php/includes"
|
|
+include_path = ".:@PREFIX@/lib/php"
|
|
;
|
|
; Windows: "\path1;\path2"
|
|
;include_path = ".;c:\php\includes"
|
|
@@ -538,8 +538,9 @@ doc_root =
|
|
; if nonempty.
|
|
user_dir =
|
|
|
|
-; Directory in which the loadable extensions (modules) reside.
|
|
-extension_dir = "./"
|
|
+; Directory in which the loadable extensions (modules) reside. If not
|
|
+; defined, then use the extension directory specified at compile-time.
|
|
+; extension_dir = "./"
|
|
|
|
; Whether or not to enable the dl() function. The dl() function does NOT work
|
|
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
|
|
@@ -597,7 +598,7 @@ file_uploads = On
|
|
|
|
; Temporary directory for HTTP uploaded files (will use system default if not
|
|
; specified).
|
|
-;upload_tmp_dir =
|
|
+upload_tmp_dir = /tmp
|
|
|
|
; Maximum allowed size for uploaded files.
|
|
upload_max_filesize = 2M
|