|
Written by Scott Shinn
|
|
Monday, 13 December 2010 15:32 |
|
Changelog:
- Fixed extract() to do not overwrite $GLOBALS and $this when using EXTR_OVERWRITE. (jorto at redhat dot com)
- Fixed crash in zip extract method (possible CWE-170). (Maksymilian Arciemowicz, Pierre)
- Fixed a possible double free in imap extension (Identified by Mateusz Kocielski). (CVE-2010-4150). (Ilia)
- Fixed possible flaw in open_basedir (CVE-2010-3436). (Pierre)
- Fixed possible crash in mssql_fetch_batch(). (Kalle)
- Fixed NULL pointer dereference in ZipArchive::getArchiveComment. (CVE-2010-3709). (Maksymilian Arciemowicz)
- Fixed bug #53492 (fix crash if anti-aliasing steps are invalid). (Pierre)
- Fixed bug #53323 (pdo_firebird getAttribute() crash). (preeves at ibphoenix dot com)
- Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with large amount of data). (CVE-2010-3709). (Adam)
- Fixed bug #52879 (Objects unreferenced in __get, __set, __isset or __unset can be freed too early). (mail_ben_schmidt at yahoo dot com dot au, Dmitry)
- Fixed bug #52772 (var_dump() doesn't check for the existence of get_class_name before calling it). (Kalle, Gustavo)
- Fixed bug #52546 (pdo_dblib segmentation fault when iterating MONEY values). (Felipe, Adam)
- Fixed bug #52436 (Compile error if systems do not have stdint.h) (Sriram Natarajan)
- Fixed bug #52390 (mysqli_report() should be per-request setting). (Kalle)
- Fixed bug #51008 (Zend/tests/bug45877.phpt fails). (Dmitry)
- Fixed bug #47643 (array_diff() takes over 3000 times longer than php 5.2.4). (Felipe)
- Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy with SoapClient object). (Dmitry)
To upgrade:
yum upgrade php
|
|
Written by Scott Shinn
|
|
Friday, 26 November 2010 18:05 |
|
This is the initial import of mod_ruid2 to the atomic repo.
Description:
With this module, all httpd process run under user's access right, not nobody or apache.
mod_ruid2 is similar to mod_suid2, but has better performance than mod_suid2 because it
doesn`t need to kill httpd children after one request. It makes use of kernel capabilites
and after receiving a new request suids again. If you want to run apache modules, i.e.
WebDAV, PHP, and so on under user's right, this module is useful.
To Install:
yum iinstall mod_ruid2
|
|
Written by Scott Shinn
|
|
Friday, 26 November 2010 14:57 |
|
Changelog:
-
Replication: SET PASSWORD caused row-based replication to fail between a MySQL 5.1 master and a MySQL 5.5 slave.
This fix makes it possible to replicate SET PASSWORD correctly, using row-based replication between a master running MySQL 5.1.53 or a later MySQL 5.1 release to a slave running MySQL 5.5.7 or a later MySQL 5.5 release. (Bug#57098)
See also Bug#55452, Bug#57357.
-
Replication: An ALTER TABLE statement against a MyISAM table that altered a column without setting its size caused the binary log to become corrupted, leading to replication failure. (Bug#56226)
-
Replication: When STOP SLAVE is issued, the slave SQL thread rolls back the current transaction and stops immediately if the transaction updates only tables which use transactional storage engines are updated. Previously, this occurred even when the transaction contained CREATE TEMPORARY TABLE statements, DROP TEMPORARY TABLE statements, or both, although these statements cannot be rolled back. Because temporary tables persist for the lifetime of a user session (in the case, the replication user), they remain until the slave is stopped or reset. When the transaction is restarted following a subsequent START SLAVE statement, the SQL thread aborts with an error that a temporary table to be created (or dropped) already exists (or does not exist, in the latter case).
Following this fix, if an ongoing transaction contains CREATE TEMPORARY TABLE statements, DROP TEMPORARY TABLE statements, or both, the SQL thread now waits until the transaction ends, then stops. (Bug#56118)
-
Replication: If there exist both a temporary table and a non-temporary table having the same, updates normally apply only to the temporary table, with the exception of a CREATE TABLE ... SELECT statement that creates a non-temporary table having the same name as an existing temporary table. When such a statement was replicated using the MIXED logging format, and the statement was unsafe for row-based logging, updates were misapplied to the temporary table. (Bug#55478)
See also Bug#47899, Bug#55709.
-
Replication: When a slave tried to execute a transaction larger than the slave's value for max_binlog_cache_size, it crashed. This was caused by an assertion that the server should roll back only the statement but not the entire transaction when the error ER_TRANS_CACHE_FULL occurred. However, the slave SQL thread always rolled back the entire transaction whenever any error occurred, regardless of the type of error. (Bug#55375)
-
Replication: When making changes to relay log settings using CHANGE MASTER TO, the I/O cache was not cleared. This could result in replication failure when the slave attempted to read stale data from the cache and then stopped with an assertion. (Bug#55263)
-
Replication: Trying to read from a binary log containing a log event of an invalid type caused the slave to crash. (Bug#38718)
-
Replication: When replicating the mysql.tables_priv table, the Grantor column was not replicated, and was thus left empty on the slave. (Bug#27606)
-
SET GLOBAL debug could cause a crash on Solaris if the server failed to open the trace file. (Bug#57274)
-
On file systems with case insensitive file names, and lower_case_table_names=2, the server could crash due to a table definition cache inconsistency. (Bug#46941)
-
Handling of host name lettercase in GRANT statements was inconsistent. (Bug#36742)
To Upgrade:
yum upgrade mysql
Upgrading from Mysql 5.0 to 5.1 please read this:
http://www.atomicorp.com/wiki/index.php/Mysql
|
|
Written by Scott Shinn
|
|
Monday, 15 November 2010 15:25 |
|
This update includes both spamdyke, and the plesk psa-spamdyke package.
Changelog:
- Changed the option "hostname-file" to read /var/qmail/control/me by default.
- Added the option "dns-resolv-conf" to read the nameserver from a file other than /etc/resolv.conf if necessary. Multiple files can be read, if needed.
- Changed all uses of strncpy() to memcpy() because strncpy() will fill the remainder of the destination buffer with zeroes if the source string is too short. This is not needed because all strings are being explicitly terminated after copies anyway.
- Added two new parameters to search_file() to allow the matching line data to be returned to the caller.
- Changed process_access() to save the contents of the RELAYCLIENT environment variable, if set.
- Added the timefilter program to the utils folder.
- Reversed a small change to spamdyke_log() made 4.0.8 that will prevent buffer overflows in obscure situations.
- Changed is_ip_in_name() to look for more patterns of IP addresses in rDNS names: 044.033.022.011, 44.033.022.011, 44.33.022.011 and 44.33.22.011. Thanks to Eduard Svarc for suggesting this one. Changed the syslog output to include an "encryption:" tag at the end that shows the current status of TLS/SSL encryption. Thanks to Eric Shubert for suggesting this one.
- Added a "-R" option to smtpdummy so it will reject all recipients.
- Completely rewrote find_address() to completely conform to RFC 2822 when parsing addresses, including quoting, comments, folded whitespace and all the rest.
- Added the option "reject-identical-sender-recipient" to block any messages where the sender and recipient are the same. Thanks to almost everyone on the mailing list for suggesting this one.
- Changed nihdns_mx() to tolerate MX records that contain IP addresses (illegal) instead of names.
- Fixed Makefile.in to use the CPPFLAGS variable from the "configure" script, if the user provided it in an environment variable. Thanks to Iavor Stoev for reporting this one.
- Fixed the "configure" script to correctly include header files on FreeBSD 7.0. Thanks to Andrew Khon for reporting this one.
- Added a "-S" flag to sendrecv to prevent it from starting a TLS session when it sees "STARTTLS".
- Improved sendrecv's usage display to document what each option does.
- Changed do_spamdyke() to set the stdin and stdout file descriptors to nonblocking before calling middleman(). This works around a bug in the SSL library that will block forever waiting for input, even after SSL_pending() and/or select() has already indicated the socket is ready. Thanks to Teodor Milkov for identifying this problem more than a year ago and trog for producing a patch to fix it!
- Fixed process_config_file() to reject configuration file lines with bad/missing characters.
- Fixed process_config_file() to print an "unknown option" error message instead of an "illegal option" message when an unknown option is found in a configuration file.
- Added option "rejection-text-identical-sender-recipient" to set the rejection message for the identical sender/recipient filter.
- Created dnsdummy to simulate a nameserver but exit after a short while for testing spamdyke's DNS routines.
- Converted all DNS-related tests to use dnsdummy and removed all references to spamdyke.org and silence.org. This will also allow the removal of the (hundreds of) bogus entries from the spamdyke.org zone file. Removed the use of getprotobyname() from dns.c and used the defined protocol values in netinet/in.h.
- Changed nihdns_query() to retry DNS queries via TCP if the response received via UDP has the "truncation" flag set (indicating the answers are too large for a UDP packet). Thanks to Roland Moelle for suggesting this one.
- Added option "dns-tcp" to control if spamdyke will retry DNS queries via TCP. Added option "dns-spoof" to control if spamdyke will attempt to detect DNS spoofing and, if so, what it should do about it.
- Fixed smtp_filter() to offer and accept SMTP AUTH (when appropriate) even if the connection is already whitelisted. Thanks to Ratko Rudic for reporting this one.
- Merged in mysql patches from haggybear.de
To Upgrade:
yum upgrade spamdyke psa-spamdyke
|
|
|
