File: NEWS

package info (click to toggle)
php5 5.3.3.1-7%2Bsqueeze29
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 123,520 kB
  • ctags: 55,742
  • sloc: ansic: 633,963; php: 19,620; sh: 11,344; xml: 5,816; cpp: 2,400; yacc: 1,745; exp: 1,514; makefile: 1,019; pascal: 623; awk: 537; sql: 22
file content (102 lines) | stat: -rw-r--r-- 4,133 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high

  * The following new directives were added as part of security fixes:
    - max_input_vars - specifies how many GET/POST/COOKIE input variables
      may be accepted.  Default value is set to 1000.
    - xsl.security_prefs - define forbidden operations within XSLT
      stylesheets.  Write operations are now disabled by default.

 -- Ondřej Surý <ondrej@debian.org>  Mon, 23 Jan 2012 12:22:26 +0100

php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low

  * Updated blowfish crypt() algorithm fixes the 8-bit character handling
    vulnerability (CVE-2011-2483) and adds more self-tests.  Unfortunately
    this change is incompatible with some old (wrong) generated hashes for
    passwords containing 8-bit characters.  Therefore the new salt prefix
    '$2x$' was introduced which can be used as a replacement for '$2a$'
    salt prefix in the password database in case the incompatibility is
    found.

 -- Ondřej Surý <ondrej@debian.org>  Mon, 04 Jul 2011 10:31:16 +0200

php5 (5.3.1-3) unstable; urgency=low

  * mod_php disabled in userdirs.

  The default Debian libapache2-mod-php5 package now disables the PHP
  engine on ~/public_html directories when mod_userdir is enabled, for
  security reasons.  Although discouraged, it can be re-enabled by
  commenting the <IfModule mod_userdir.c> block in
  /etc/apache2/mods-available/php5.conf

  * PHP 5.2 compatibility settings

  Given the short time to the Squeeze release freeze, the
  short_open_tag setting has been turned On again (upstream now
  defaults to Off on the php.ini files.) However, the request_order and
  auto_globals_jit settings continue to be the default from upstream
  ("GP" and On, respectively.)

 -- Raphael Geissert <geissert@debian.org>  Mon, 11 Jan 2010 16:49:28 -0600

php5 (5.2.11.dfsg.1-2) unstable; urgency=high

  * Maximum number of file uploads per request limited

  To prevent Denial of Service attacks by exhausting the number of
  available temporary file names, upstream introduced the max_file_uploads
  option in 5.3.1 and 5.2.12.

  Due to the nature of this new option a default limit has been set
  to 50, hoping it is sensible enough to not to cause disruptions on
  existing services.
  The value of this new limit can be changed in the php.ini file.

  If you installed the php5-suhosin extension there was a limiting
  mechanism in place already. In this case you may want to make sure
  the new limit imposed by PHP itself is not smaller than suhosin's.

 -- Raphael Geissert <geissert@debian.org>  Sat, 21 Nov 2009 13:37:51 -0600

php5 (5.2.6-1) unstable; urgency=medium

  * Now uses system timezone database.

  Debian PHP now makes use of the system wide timezone database from the
  tzdata package, making sure any updates there are automatically used
  by PHP aswell. Note that this requires that the PHP process has access
  to /etc/localtime and /usr/share/zoneinfo (this is usually the case).

  * New php5-dbg package.

  We are now shipping a php5-dgb package which will greatly aid in finding
  the cause of many crashes that you may experience.  So if you are going to
  report a bug for a reproducible crash, please install this package before
  sending a backtrace.

  * New libapache2-mod-php5filter package.

  We are now also shipping a new libapache2-mod-php5filter package which
  uses the "Apache 2.0 filter-module support via DSO through APXS".

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 23 Jul 2008 17:42:06 +0200

php5 (5.2.3-2) unstable; urgency=low

  The Suhosin patch is now enabled by default!

  For more information, see
  <http://www.hardened-php.net/suhosin/index.html>.

  Special thanks to Blars Blarson for providing a sparc machine for testing
  that the patch seems to work okay on that architecture.  If you experience
  otherwise let us know!

  Suggestions are welcome for default configuration options, examples,
  documentation, etc.

  In any event please report successes and/or failures to us at
  pkg-php-maint@lists.alioth.debian.org. 

 -- sean finney <seanius@debian.org>  Thu, 12 Jul 2007 23:38:43 +0200