-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP Development Team is proud to announce the release of PHP 4.3.7. This is a maintenance release that in addition to several non-critical bug fixes, addresses an input validation vulnerability in escapeshellcmd() and escapeshellarg() functions on the Windows platform. Users of PHP on Windows are encouraged to upgrade to this release as soon as possible. Aside from the above mentioned issues this release includes the following important fixes: Synchronized bundled GD library with GD 2.0.23. Fixed a bug that prevented compilation of GD extensions against FreeType 2.1.0-2.1.2. Fixed thread safety issue with informix connection id. Fixed incorrect resolving of relative paths by glob() in windows. Fixed mapping of Greek letters to html entities. Fixed a bug that caused an on shutdown crash when using PHP with Apache 2.0.49. Fixed a number of crashes inside pgsql, cpdf and gd extensions. All in all this release fixes over 30 bugs that have been discovered and resolved since the 4.3.6 release. Enjoy, PHP Development Team. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFAvx3HLKekh381/CERAmgrAJ9nNaznXGTUaf4Ro2Hfgx+BiMQ/DQCfWVI9 SkGCRZpZus2+P+SoLewPfpc= =KDq+ -----END PGP SIGNATURE-----
I don't see how this is a security bug. kicking over to the php team.
Moin .. I have the problem with the installation of PHP 4.3.7. I get the following errors emerge mod_php-4.3.7.ebuild Calculating dependencies ...done! >>> emerge (1 of 1) dev-php/mod_php-4.3.7 to / >>> md5 src_uri ;-) php-4.3.7.tar.bz2 >>> md5 src_uri ;-) php-4.3.2-fopen-url-secure.patch >>> md5 src_uri ;-) php-4.3.6-includepath.diff >>> Unpacking source... * Due to some previous bloopers with PHP and slotting, you may have * multiple instances of mod_php installed. Please look at the autoclean * output at the end of the emerge and unmerge all but relevant * instances. * Apache2 only detected >>> Unpacking php-4.3.7.tar.bz2 to /var/tmp/portage/mod_php-4.3.7/work * Applying mod_php-4.3.5-apache1security.diff... [ ok ] >>> Source unpacked. * Apache2 MPM: prefork !!! ERROR: dev-php/mod_php-4.3.7 failed. !!! Function php-sapi_src_compile, Line 267, Exitcode 1 !!! You need a virtual/mta that provides /usr/sbin/sendmail! I wonder what that has to do with my mail system? ps: sorry for my shit english :D
results from make test. ===================================================================== TEST RESULT SUMMARY --------------------------------------------------------------------- Exts skipped : 38 Exts tested : 49 --------------------------------------------------------------------- Number of tests : 596 Tests skipped : 107 (18.0%) Tests warned : 0 ( 0.0%) Tests failed : 2 ( 0.3%) Tests passed : 487 (81.7%) --------------------------------------------------------------------- Time taken : 365 seconds ===================================================================== ===================================================================== FAILED TEST SUMMARY --------------------------------------------------------------------- Bug #16069 [ext/iconv/tests/bug16069.phpt] xslt_set_object function [ext/xslt/tests/xslt_set_object.phpt] ===================================================================== coredumb: is it ok that those tests failed? if so, i'll go ahead and release 4.3.7 in unstable.
martin: exactly as the ebuild says, you need any MTA on your system that provides the /usr/sbin/sendmail binary (NOT related to the sendmail package). this is so that php's mail() functionality works.
4.3.7 is in the tree now.