<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pkgsrc/www/php4/Makefile.common, branch pkgsrc_2008Q2</title>
<subtitle>[no description]</subtitle>
<id>https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2</id>
<link rel='self' href='https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc_2008Q2'/>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/'/>
<updated>2008-01-04T10:07:52Z</updated>
<entry>
<title>Update to 4.4.8</title>
<updated>2008-01-04T10:07:52Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2008-01-04T10:07:52Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=1ed7596ea61bab8d84dae6937b055c1ee3cb09ca'/>
<id>urn:sha1:1ed7596ea61bab8d84dae6937b055c1ee3cb09ca</id>
<content type='text'>
Improved fix for MOPB-02-2007.
Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
Fixed integer overlow in str[c]spn().
Fixed regression in glob when open_basedir is on introduced by 41655 fix.
Fixed money_format() not to accept multiple %i or %n tokens.
Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
Fixed bug 43010 (Fixed regression in imagearc with two equivelent angles).
Fixed bug 41765 (Recode crashes/does not work on amd64).
Fixed bug 41630 (segfault when an invalid color index is present in the image data).
Fixed bug 41628 (PHP settings leak between Virtual Hosts in Apache 1.3).
Fixed bug 38798 (OpenSSL init corrected in php5 but not in php4).
</content>
</entry>
<entry>
<title>Update to 4.4.7</title>
<updated>2007-05-06T19:50:18Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2007-05-06T19:50:18Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=24c898ff273ec835c18fcfbf29d93e1f5440456f'/>
<id>urn:sha1:24c898ff273ec835c18fcfbf29d93e1f5440456f</id>
<content type='text'>
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
  (MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
  (MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir &amp; safe_mode checks to zip:// and bzip:// wrappers.
  (MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
  (MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
  (by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
  library. (by Stanislav Malyshev)
* XSS in phpinfo() (MOPB-8 by Stefan Esser)
</content>
</entry>
<entry>
<title>Update to 4.4.6</title>
<updated>2007-03-03T13:19:52Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2007-03-03T13:19:52Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=a5b409e6bc05f9b852072bf33cde3576045f15b9'/>
<id>urn:sha1:a5b409e6bc05f9b852072bf33cde3576045f15b9</id>
<content type='text'>
* Updated PCRE to version 7.0.
* Fixed segfault in ext/session when register_globals=On.
* Fixed (segfault in cURL extension).
* Fixed (possible cURL memory error).
* Fixed (imagettftext() multithreading issue).
* Fixed (ext/interbase compile failure).
* Fixed (PHP fastcgi with PHP_FCGI_CHILDREN don't kill children when parent is killed).

4.4.5
# Upgraded PEAR to 1.5.0.
# Updated PCRE to version 6.7.
# Moved extensions to PECL: ext/ovrimos
# Added a meta tag to phpinfo() output to prevent search engines from indexing the page.
# Backported a fix in the configure tests to detect the "rounding fuzz".
# Backported fix for ext/imap compilation failure with recent c-client versions.
# Fixed missing open_basedir check inside chdir() function.
# Fixed (Compile fails when using GCC 4.1.1/binutils 2.17).
# Fixed (pg_insert/pg_update do not allow now() to be used for timestamp fields).
# Fixed (using autoconf 2.6x and --with-layout=GNU breaks PEAR install path).
# Fixed (Using $this not in object context can cause segfaults).
# Fixed (ext/dba doesn't check for db-4.5 and db-4.4 when db4 support is enabled).
# Fixed (ftp_put() does not change transfer mode to ASCII).
# Fixed (ftp_nlist() returns false on empty dirs).
# Fixed (Allow building of curl extension against libcurl 7.16.0).
# Fixed (curl_exec() with return transfer returns TRUE on empty files).
# Fixed (Fixed a possible open_basedir bypass in tempnam()).
# Fixed (ldap_connect causes segfault with newer versions of OpenLDAP).
# Fixed (parse_url() fails if passing '@' in passwd).
# Fixed (Calling undefined method prints insufficient error message).
# Fixed (segfault when calling setlocale() in userspace session handler).
# Fixed (constructor is not called for classes used in userspace stream wrappers).
# Fixed (wddx_serialize_value() generates no wellformed xml).
# Fixed (aggregate_methods_by_list fails to take certain methods).
# Fixed (natcasesort() causes array_pop() to misbehave).
# Fixed (CURLOPT_HEADERFUNCTION, couldn't set the function in the class).
# Fixed (recursive array_walk causes segfault).
</content>
</entry>
<entry>
<title>PHP 4.4.4 Release Announcement</title>
<updated>2006-08-20T09:44:59Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2006-08-20T09:44:59Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=d7a538536f19d315f4d68bb4a65d6f5e93fb8641'/>
<id>urn:sha1:d7a538536f19d315f4d68bb4a65d6f5e93fb8641</id>
<content type='text'>
This release address a series of locally exploitable security problems
discovered since PHP 4.4.3. All PHP users are encouraged to upgrade to this
release as soon as possible.

This release provides the following security fixes:

* Added missing safe_mode/open_basedir checks inside the error_log(),
  file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed memory_limit restriction on 64 bit system.
</content>
</entry>
<entry>
<title>Update to 4.4.3</title>
<updated>2006-08-10T23:01:39Z</updated>
<author>
<name>adrianp</name>
<email>adrianp</email>
</author>
<published>2006-08-10T23:01:39Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=cdab7af12d49aa22afa13097a818f9e2ca5f75ad'/>
<id>urn:sha1:cdab7af12d49aa22afa13097a818f9e2ca5f75ad</id>
<content type='text'>
All PHP 4.x users are encouraged to upgrade to this release as soon as possible.

The security issues resolved include the following:

* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
  function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.

The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).

For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3

This also contains a fix for CVE-2006-4020 (SA21403)
</content>
</entry>
<entry>
<title>Update to version 4.4.2.  Ok'd by jdolecek@.</title>
<updated>2006-03-03T07:11:34Z</updated>
<author>
<name>cube</name>
<email>cube</email>
</author>
<published>2006-03-03T07:11:34Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=d42167593af1ab18de3b8c9617ae3a07b5c50890'/>
<id>urn:sha1:d42167593af1ab18de3b8c9617ae3a07b5c50890</id>
<content type='text'>
This is a bug fix release, which addresses some security problems too.
The major points that this release corrects are:

    * Prevent header injection by limiting each header to a single line.
    * Possible XSS inside error reporting functionality.
    * Missing safe_mode/open_basedir checks into cURL extension.
    * Apache 2 regression with sub-request handling on non-Linux systems.
    * key() and current() regression related to references.

This release also fixes about 30 other defects.
</content>
</entry>
<entry>
<title>Fixed pkglint warnings. The warnings are mostly quoting issues, for</title>
<updated>2005-12-05T20:49:47Z</updated>
<author>
<name>rillig</name>
<email>rillig</email>
</author>
<published>2005-12-05T20:49:47Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=b4f920543059af038598712771c3211999ef42a6'/>
<id>urn:sha1:b4f920543059af038598712771c3211999ef42a6</id>
<content type='text'>
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
</content>
</entry>
<entry>
<title>Update php to 4.4.1. Besides incorporating XML_RPC-1.4.0 and fopen wrappers</title>
<updated>2005-11-01T23:12:15Z</updated>
<author>
<name>jdolecek</name>
<email>jdolecek</email>
</author>
<published>2005-11-01T23:12:15Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=aad4d313f112468ffcef7e7590909a84a5750df1'/>
<id>urn:sha1:aad4d313f112468ffcef7e7590909a84a5750df1</id>
<content type='text'>
security fix, this fixes serious security problems regarding overwriting
of the GLOBALS array.

All users of PHP 4.3 and 4.4 sare encouradged to update to this version.

The --with-regex=system bug with re_magic has been fixed too, so re-enabling
use of --with-regex=system for all operating systems again
</content>
</entry>
<entry>
<title>Update "php4" package to version 4.4.0. The update fixes a large number</title>
<updated>2005-08-17T19:58:34Z</updated>
<author>
<name>tron</name>
<email>tron</email>
</author>
<published>2005-08-17T19:58:34Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=0b533de61f9886f00a50888907ab915599359af4'/>
<id>urn:sha1:0b533de61f9886f00a50888907ab915599359af4</id>
<content type='text'>
of bugs discovered since the 4.3.11 release which could e.g. lead to
memory corruption.

Furthermore integrate version 1.4.0 of PEAR XML_RPC which contains a fix
for the "PEAR XML_RPC Remote PHP Code Injection Vulnerability" security
problem reported by the Hardened-PHP Project.
</content>
</entry>
<entry>
<title>do not define MASTER_SITES and EXTRACT_SUFX if PECL_VERSION is set,</title>
<updated>2005-05-07T18:50:24Z</updated>
<author>
<name>jdolecek</name>
<email>jdolecek</email>
</author>
<published>2005-05-07T18:50:24Z</published>
<link rel='alternate' type='text/html' href='https://git.osdyson.ru/mirror/pkgsrc/commit/?id=08f55d50c3074c16bb653c15455cd8aad806efb3'/>
<id>urn:sha1:08f55d50c3074c16bb653c15455cd8aad806efb3</id>
<content type='text'>
so that lang/php/ext.php need not use = assignment and extensions
would be able to use different setting
</content>
</entry>
</feed>
