Fedora 13 Update: php-suhosin-0.9.32.1-1.fc13
updates at fedoraproject.org
updates at fedoraproject.org
Fri Aug 13 21:21:58 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-11845
2010-08-03 00:04:09
--------------------------------------------------------------------------------
Name : php-suhosin
Product : Fedora 13
Version : 0.9.32.1
Release : 1.fc13
URL : http://www.hardened-php.net/suhosin/
Summary : Suhosin is an advanced protection system for PHP installations
Description :
Suhosin is an advanced protection system for PHP installations. It was designed
to protect servers and users from known and unknown flaws in PHP applications
and the PHP core.
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.32.1 - Fixed missing header file resulting in compile
errors - Added support for memory_limit > 2GB - Fixed missing header
file resulting in wrong php_combined_lcg() prototype being used -
Improved random number seed generation more by adding /dev/urandom juice -
Fix ZTS build of session.c - Increased session identifier entropy by using
/dev/urandom if available - Added line ending characters 0a and 0d to the
list of dangerous characters handled by suhosin.server.encode and
suhosin.server.strip - Fixed crash bug with PHP 5.3.x and session module
(due to changed session globals struct) - Added ! protection to PHP
session serializer - Fixed simulation mode now also affects (dis)allowed
functions - Fixed missing return (1); in random number generator
replacements - Fixed random number generator replacement error case
behaviour in PHP 5.3.x - Fixed error case handling in
function_exists() PHP 5.3.x - Merged changes/fixes in
import_request_variables()/extract() from upstream PHP - Fixed
suhosin_header_handler to be PHP 5.3.x compatible - Merge fixes and new
features of PHP's file upload code to suhosin
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 31 2010 Bart Vanbrabant <bart.vanbrabant at zoeloelip.be> - 0.9.32.1-1
Update to version 0.9.32.1
- Fixed missing header file resulting in compile errors
- Added support for memory_limit > 2GB
- Fixed missing header file resulting in wrong php_combined_lcg() prototype
being used
- Improved random number seed generation more by adding /dev/urandom juice
- Fix ZTS build of session.c
- Increased session identifier entropy by using /dev/urandom if available
- Added line ending characters 0a and 0d to the list of dangerous
characters handled by suhosin.server.encode and suhosin.server.strip
- Fixed crash bug with PHP 5.3.x and session module (due to changed session
globals struct)
- Added ! protection to PHP session serializer
- Fixed simulation mode now also affects (dis)allowed functions
- Fixed missing return (1); in random number generator replacements
- Fixed random number generator replacement error case behaviour in PHP
5.3.x
- Fixed error case handling in function_exists() PHP 5.3.x
- Merged changes/fixes in import_request_variables()/extract() from
upstream PHP
- Fixed suhosin_header_handler to be PHP 5.3.x compatible
- Merge fixes and new features of PHP's file upload code to suhosin
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-suhosin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list