Sophie

Sophie

distrib > Mageia > 1 > i586 > media > core-updates > by-pkgid > 825f62a424e0b9c7467da10369080f57 > files > 5

php-suhosin-0.9.32.1-5.2.mga1.i586.rpm

2010-07-23 - 0.9.32.1

    - Fixed missing header file resulting in compile errors

2010-07-23 - 0.9.32

    - Added support for memory_limit > 2GB
    - Fixed missing header file resulting in wrong php_combined_lcg() prototype being used
    - Improved random number seed generation more by adding /dev/urandom juice

2010-03-28 - 0.9.31

    - Fix ZTS build of session.c
    - Increased session identifier entropy by using /dev/urandom if available

2010-03-25 - 0.9.30

    - Added line ending characters %0a and %0d to the list of dangerous characters handled
      by suhosin.server.encode and suhosin.server.strip
    - Fixed crash bug with PHP 5.3.x and session module (due to changed session globals struct)
    - Added ! protection to PHP session serializer
    - Fixed simulation mode now also affects (dis)allowed functions
    - Fixed missing return (1); in random number generator replacements
    - Fixed random number generator replacement error case behaviour in PHP 5.3.x
    - Fixed error case handling in function_exists() PHP 5.3.x
    - Merged changes/fixes in import_request_variables()/extract() from upstream PHP
    - Fixed suhosin_header_handler to be PHP 5.3.x compatible
    - Merge fixes and new features of PHP's file upload code to suhosin

2009-08-15 - 0.9.29

    - Fixing crash bugs with PHP 5.3.0 caused by unexpected NULL in EG(active_symbol_table)
    - Added more compatible way to retrieve ext/session globals
    - Increased default length and count limit for POST variables (for people not reading docu)

2009-08-14 - 0.9.28

    - Fixed crash bug with PHP 5.2.10 caused by a change in extension load order of ext/session
    - Fixed harmless parameter order error in a bogus memset()
    - Disable suhosin.session.cryptua by default because of Internet Explorer 8 "features"
    - Added suhosin.executor.include.allow_writable_files which can be disabled to disallow 
      inclusion of files writable by the webserver

2008-08-23 - 0.9.27

	- Fixed typo in replacement rand() / mt_rand() that was hidden by LAZY symbol loading

2008-08-22 - 0.9.26

	- Fixed problem with suhosin.perdir
	  Thanks to Hosteurope for tracking this down
	- Fixed problems with ext/uploadprogress
	  Reported by: Christian Stocker
	- Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
	- Modified rand()/srand() to use the Mersenne Twister algorithm with separate state 
	- Added better internal seeding of rand() and mt_rand()
	
2008-08-06 - 0.9.25

	- Fixed PHP 4 compilation problem introduced in 0.9.24
	- Fixed PHP 5.3 compilation problem
	- Changed PHP default POST handler to PHP's current handler

2008-05-10 - 0.9.24

    - Added support for method-calls to function handling
    - This fixes white- and blacklist affecting methods with the same name

2008-01-14 - 0.9.23

    - Fixed suhosin extension now compiles with snapshots of PHP 5.3
    - Fixed crypt() behaves like normal again when there is no salt supplied

2007-12-01 - 0.9.22

    - Removed LFS warning message because it crashed on several systems

2007-11-30 - 0.9.21

    - Fixed function_exists() now checks the Suhosin permissions
    - Fixed crypt() salt no longer uses Blowfish by default
    - Fixed .htaccess/perdir support
    - Fixed compilation problem on OS/X
    - Added protection against some attacks through _SERVER variables
    - Added suhosin.server.strip and suhosin.server.encode
    - Added error message that warns about the LFS binary incompatibility
    
2007-05-19 - 0.9.20

    - Added protection flags against whitespace at variable start
    - Added mutex around crypt() to close the PHP crypt() 
      thread safety vulnerability class
    - Improved HTTP Response Splitting Protection
    - Changed default maximum array depth to 50 for GPCR
    - Fixed possible endless loop in file logging
    - Fixed file locking in file logging

2007-05-01 - 0.9.19

    - Fixed typo in HTTP header protection (only during simulation mode)
      Reported by: Ilia Alshanetsky
    - Fixed wrong \0 termination in cookie decryptor
    - Fixed possible crash in SERVER variables protection when SAPI=embedded
      Fix provided by: Olivier Blin/Mandriva Linux
    - Added possibility to en-/disable INI_PERDIR
      Problem reported by: Ilia Alshanetsky
    - Added PHP Warning when disabled function is called
    - Added examples for new configuration option in suhosin.ini

2007-03-06 - 0.9.18

    - Fixed session double hooking in edge case
    - Added additional crash protection for PHP's session module

2007-03-04 - 0.9.17

    - Added a suhosin.ini example configuration 
      Thanks to Mandriva Linux for supplying us with one
    - Added new logging device: file
    - Fixed that suhosin.filter.action did not affect POST limits
    - Fixed behaviour of request variable limit to be an upper limit
      for the other settings instead of being additive limit
    - Fixed hard_memory_limit bypass due to casting bug in PHP 
      Problem was found by: Ilia Alshanetsky
    - Fixed some sql prefix/postfix problems
    - Added experimental SQL injection heuristic

2006-12-02 - 0.9.16

    - Added suhosin.stealth which controls if suhosin loads in
      stealth mode when it is not the only zend_extension
      (Required for full compatibility with certain encoders 
       that consider open source untrusted. e.g. ionCube, Zend)
    - Activate suhosin.stealth by default
    - Fixed that Suhosin tries handling functions disabled by
      disable_function. In v0.9.15 it was impossible to disable
      phpinfo() with disable_function.
      Problem was found by: Thorsten Schifferdecker
    
2006-11-28 - 0.9.15

    - Added a transparent protection for open phpinfo() pages by
      adding an HTML META ROBOTS tag to the output that forbids 
      indexing and archiving

2006-11-22 - 0.9.14

    - Drop wrongly decrypted cookies instead of leaving them empty
    - Fix another problem with urlencoded cookie names
    - Fix compilation problem with PHP4
    - Added better regression to the release process to stop 
      compilation and missing symbol problems

2006-11-20 - 0.9.13

    - More compatible support for ap_php_snprintf() for old PHP
    - Changed phpinfo() output to put suhosin logo into a data: URL
      for Opera and Gecko based browsers when expose_php=off
    
2006-11-14 - 0.9.12

    - Adding ap_php_snprintf() when compiling against PHP 4.3.9
    - Added suhosin.protectkey to remove cryptkeys from phpinfo() output
    - Disabled suhosin.cookie.encrypt in default install
    - Fixed static compilation against PHP 5.2.0

2006-11-06 - 0.9.11
    
    - Fixed input filter for simulation mode 

2006-10-26 - 0.9.10

    - Fixed ZTS compile problem in new code
    - Fixed PHP4 compile problem in new code

2006-10-25 - 0.9.9

    - Fixed mail() protection that failed to detect some injected headers
    - Fixed cookie decryption to not potentially trash apache memory
    - Fixed cookie enctyption to handle url encoded names correctly
    - Added suhosin.cookie/session.checkraddr
    - Added suhosin.cookie.cryptlist
    - Added suhosin.cookie.plainlist
    - Added suhosin_encrypt_cookie function for JS
    - Added suhosin_get_raw_cookies function
    - Changed dropped variable error messages
    
2006-10-08 - 0.9.8
     
    - Fixed a PHP4 ZTS compile problem

2006-10-08 - 0.9.7

    - Moved input handler hooking to a later place to ensure better compatibility
      with 3rd party extensions
    - Fixed a problem with overlong mail headers in mail protection
    - Fixed a problem with empty log/verification script names
    - Fixed a PHP4 compile problem with old gcc/in ZTS mode
    - Added mbregex.h from PHP4 to solve compile problems on systesm with broken
      header installations

2006-10-02 - 0.9.6

    - Disallow symlink() when open_basedir (activated by default)
    - Fix a problem with compilation in Visual Studio

2006-09-29 - 0.9.5

    - Added missing logo file
    - Added suhosin.apc_bug_workaround flag to enable compatibility with buggy APC 3.0.12x

2006-09-29 - 0.9.4

    - Added version number and logo to phpinfo() output
    - Fixed that all uploaded files are dropped after a single one was disallowed
    - Added undocumented suhosin.coredump flag to tell suhosin to dump core instead
      of logging S_MEMORY events
    - Disable handling of rfc1867 mbstring decoding

2006-09-24 - 0.9.3

    - Added protection against endless recursion for suhosin.log.phpscript
    - Added possibility to disable open_basedir and safe_mode for suhosin.log.phpscript
    - Added suhosin.executor.include.max_traversal to stop directory traversal includes

2006-09-19 - 0.9.2

    - Fixes broken rfc1867 fileupload hook
    - Changed definition of binary to: 0..31, 128..255 except whitespace
    - Added suhosin.log.phpscript(.name) directive to log to a PHP script
	
2006-09-16 - 0.9.1

    - A bunch of changes to compile and work on Windows

2006-09-09 - BETA

    - Added decryption of HTTP_COOKIE
    - Fixed a last problem in suhosin_strcasestr() helper function

2006-09-08 - BETA

    - Fixed a problem within suhosin_strcasestr() because it broke 
      URL checks

2006-09-07 - BETA

    - CVS version of PHP 5.2.0 was changed to support incasesensitive 
      URLs, support for this in suhosin added
    - Fixed a problem when preg_replace() was called with more than
      4 parameters

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional