summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2006-08-24 22:45:09 +0000
committersalo <salo@pkgsrc.org>2006-08-24 22:45:09 +0000
commit6eb6e4e166153f2d0d9c5327afb7153a30aec1bf (patch)
treeeb92d7d79a058ea9906d91204189bc4c3963b65b
parent4fc1fdec7b680fc9f0953de2636dfb0e51abecdd (diff)
downloadpkgsrc-6eb6e4e166153f2d0d9c5327afb7153a30aec1bf.tar.gz
Pullup ticket 1807 - requested by adrianp
security update for php4 Revisions pulled up: - pkgsrc/www/php4/Makefile.common 1.54 - pkgsrc/www/php4/distinfo 1.57 - pkgsrc/www/php4/patches/patch-aw removed Module Name: pkgsrc Committed By: adrianp Date: Sun Aug 20 09:44:59 UTC 2006 Modified Files: pkgsrc/www/php4: Makefile.common distinfo Removed Files: pkgsrc/www/php4/patches: patch-aw Log Message: PHP 4.4.4 Release Announcement This release address a series of locally exploitable security problems discovered since PHP 4.4.3. All PHP users are encouraged to upgrade to this release as soon as possible. This release provides the following security fixes: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed overflows inside str_repeat() and wordwrap() functions on 64bit * systems. * Fixed possible open_basedir/safe_mode bypass in cURL extension. * Fixed overflow in GD extension on invalid GIF images. * Fixed a buffer overflow inside sscanf() function. * Fixed memory_limit restriction on 64 bit system.
Diffstat
-rw-r--r--www/php4/Makefile.common4
-rw-r--r--www/php4/distinfo9
-rw-r--r--www/php4/patches/patch-aw83
3 files changed, 6 insertions, 90 deletions
diff --git a/www/php4/Makefile.common b/www/php4/Makefile.common
index 95fed932790..5c1beaa7fa4 100644
--- a/www/php4/Makefile.common
+++ b/www/php4/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.52.4.1 2006/08/16 07:17:41 salo Exp $
+# $NetBSD: Makefile.common,v 1.52.4.2 2006/08/24 22:45:09 salo Exp $
DISTNAME?= php-${PHP_DIST_VERS}
CATEGORIES+= www php4
@@ -18,7 +18,7 @@ HOMEPAGE?= http://www.php.net/
# PHP_DIST_VERS version number on the php distfile
# PHP_BASE_VERS pkgsrc-mangled version number (convert pl -> .)
#
-PHP_DIST_VERS= 4.4.3
+PHP_DIST_VERS= 4.4.4
PHP_BASE_VERS= ${PHP_DIST_VERS}
DISTFILES?= ${PHP_DISTFILE}
diff --git a/www/php4/distinfo b/www/php4/distinfo
index 78a5617a547..112982dc324 100644
--- a/www/php4/distinfo
+++ b/www/php4/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.54.2.2 2006/08/16 07:17:41 salo Exp $
+$NetBSD: distinfo,v 1.54.2.3 2006/08/24 22:45:09 salo Exp $
-SHA1 (php-4.4.3.tar.bz2) = 42aec56fec03c13366c0b0aac13169138814a4b5
-RMD160 (php-4.4.3.tar.bz2) = 36c91930af44e8a1ed59eb159e6131ae8f0c77f0
-Size (php-4.4.3.tar.bz2) = 4461353 bytes
+SHA1 (php-4.4.4.tar.bz2) = 05d62910fb5734344db87f0a17b1e8e001b26b05
+RMD160 (php-4.4.4.tar.bz2) = 02fd7d5135a9e5ce11d905a4a474a5d42b8441f3
+Size (php-4.4.4.tar.bz2) = 4478698 bytes
SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407
SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469
SHA1 (patch-ad) = 9ca5d2f59bfeea77a98cd0e727546d11669114cd
@@ -15,4 +15,3 @@ SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46
SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344
SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
-SHA1 (patch-aw) = f8e2f36a4d9bb4a60d255127ac5984c33ea74841
diff --git a/www/php4/patches/patch-aw b/www/php4/patches/patch-aw
deleted file mode 100644
index 10ea46cce89..00000000000
--- a/www/php4/patches/patch-aw
+++ /dev/null
@@ -1,83 +0,0 @@
---- ext/standard/scanf.c.orig 2006-01-01 13:46:58.000000000 +0000
-+++ ext/standard/scanf.c 2006-08-10 23:00:19.000000000 +0100
-@@ -732,7 +732,7 @@
- if (*end == '$') {
- format = end+1;
- ch = format++;
-- objIndex = varStart + value;
-+ objIndex = varStart + value - 1;
- }
- }
-
-@@ -762,8 +762,10 @@
- switch (*ch) {
- case 'n':
- if (!(flags & SCAN_SUPPRESS)) {
-- if (numVars) {
-- current = args[objIndex++];
-+ if (numVars && objIndex >= argCount) {
-+ break;
-+ } else if (numVars) {
-+ current = args[objIndex++];
- zval_dtor( *current );
- ZVAL_LONG( *current, (long)(string - baseString) );
- } else {
-@@ -883,8 +885,10 @@
- }
- }
- if (!(flags & SCAN_SUPPRESS)) {
-- if (numVars) {
-- current = args[objIndex++];
-+ if (numVars && objIndex >= argCount) {
-+ break;
-+ } else if (numVars) {
-+ current = args[objIndex++];
- zval_dtor( *current );
- ZVAL_STRINGL( *current, string, end-string, 1);
- } else {
-@@ -922,7 +926,9 @@
- goto done;
- }
- if (!(flags & SCAN_SUPPRESS)) {
-- if (numVars) {
-+ if (numVars && objIndex >= argCount) {
-+ break;
-+ } else if (numVars) {
- current = args[objIndex++];
- zval_dtor( *current );
- ZVAL_STRINGL( *current, string, end-string, 1);
-@@ -1079,8 +1085,10 @@
- value = (int) (*fn)(buf, NULL, base);
- if ((flags & SCAN_UNSIGNED) && (value < 0)) {
- sprintf(buf, "%u", value); /* INTL: ISO digit */
-- if (numVars) {
-- /* change passed value type to string */
-+ if (numVars && objIndex >= argCount) {
-+ break;
-+ } else if (numVars) {
-+ /* change passed value type to string */
- current = args[objIndex++];
- convert_to_string( *current );
- ZVAL_STRING( *current, buf, 1 );
-@@ -1088,7 +1096,9 @@
- add_index_string(*return_value, objIndex++, buf, 1);
- }
- } else {
-- if (numVars) {
-+ if (numVars && objIndex >= argCount) {
-+ break;
-+ } else if (numVars) {
- current = args[objIndex++];
- convert_to_long( *current );
- Z_LVAL(**current) = value;
-@@ -1196,7 +1206,9 @@
- double dvalue;
- *end = '\0';
- dvalue = zend_strtod(buf, NULL);
-- if (numVars) {
-+ if (numVars && objIndex >= argCount) {
-+ break;
-+ } else if (numVars) {
- current = args[objIndex++];
- convert_to_double( *current );
- Z_DVAL_PP( current ) = dvalue;
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 00:54:58 +0000