diff options
author | ghen <ghen@pkgsrc.org> | 2008-01-15 08:33:28 +0000 |
---|---|---|
committer | ghen <ghen@pkgsrc.org> | 2008-01-15 08:33:28 +0000 |
commit | 33b39b4f589251e97709070dff0ede60a50186fd (patch) | |
tree | 2e35778dc392f47cb4431b1b03d5b320e67276f6 | |
parent | 30aa3f2bfa91e6489fe813fb3581cf715dbc0a5c (diff) | |
download | pkgsrc-33b39b4f589251e97709070dff0ede60a50186fd.tar.gz |
Pullup ticket 2267 - requested by adrianp
security update for php4
- pkgsrc/lang/php4/Makefile 1.80
- pkgsrc/lang/php4/Makefile.common 1.57
- pkgsrc/lang/php4/distinfo 1.67
- pkgsrc/lang/php4/patches/patch-aw removed
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Jan 4 10:07:54 UTC 2008
Modified Files:
pkgsrc/www/php4: Makefile Makefile.common distinfo
Removed Files:
pkgsrc/www/php4/patches: patch-aw
Log Message:
Update to 4.4.8
Improved fix for MOPB-02-2007.
Fixed an integer overflow inside chunk_split(). Identified by Gerhard Wagner.
Fixed integer overlow in str[c]spn().
Fixed regression in glob when open_basedir is on introduced by 41655 fix.
Fixed money_format() not to accept multiple %i or %n tokens.
Addded "max_input_nesting_level" php.ini option to limit nesting level of input variables. Fix for MOPB-03-2007.
Fixed INFILE LOCAL option handling with MySQL - now not allowed when open_basedir or safe_mode is active.
Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378).
Fixed bug 43010 (Fixed regression in imagearc with two equivelent angles).
Fixed bug 41765 (Recode crashes/does not work on amd64).
Fixed bug 41630 (segfault when an invalid color index is present in the image data).
Fixed bug 41628 (PHP settings leak between Virtual Hosts in Apache 1.3).
Fixed bug 38798 (OpenSSL init corrected in php5 but not in php4).
-rw-r--r-- | www/php4/Makefile | 3 | ||||
-rw-r--r-- | www/php4/Makefile.common | 4 | ||||
-rw-r--r-- | www/php4/distinfo | 9 | ||||
-rw-r--r-- | www/php4/patches/patch-aw | 14 |
4 files changed, 7 insertions, 23 deletions
diff --git a/www/php4/Makefile b/www/php4/Makefile index 24fa415f5c6..246ebadf4c8 100644 --- a/www/php4/Makefile +++ b/www/php4/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.79 2007/08/01 01:40:54 taca Exp $ +# $NetBSD: Makefile,v 1.79.4.1 2008/01/15 08:33:28 ghen Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES+= lang COMMENT= HTML-embedded scripting language diff --git a/www/php4/Makefile.common b/www/php4/Makefile.common index a60fbf83dfb..79d289cd73f 100644 --- a/www/php4/Makefile.common +++ b/www/php4/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.56 2007/05/06 19:50:18 adrianp Exp $ +# $NetBSD: Makefile.common,v 1.56.6.1 2008/01/15 08:33:28 ghen Exp $ DISTNAME?= php-${PHP_DIST_VERS} CATEGORIES+= www php4 @@ -18,7 +18,7 @@ HOMEPAGE?= http://www.php.net/ # PHP_DIST_VERS version number on the php distfile # PHP_BASE_VERS pkgsrc-mangled version number (convert pl -> .) # -PHP_DIST_VERS= 4.4.7 +PHP_DIST_VERS= 4.4.8 PHP_BASE_VERS= ${PHP_DIST_VERS} DISTFILES?= ${PHP_DISTFILE} diff --git a/www/php4/distinfo b/www/php4/distinfo index d81611d9455..91579054b74 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.66 2007/08/01 01:40:54 taca Exp $ +$NetBSD: distinfo,v 1.66.4.1 2008/01/15 08:33:28 ghen Exp $ -SHA1 (php-4.4.7.tar.bz2) = a6e2d6b5c5aa4e82a718563dc8dbb4b83fc91b78 -RMD160 (php-4.4.7.tar.bz2) = 5eb44c4b7711111dcbc9117e21ad644e9e6562f3 -Size (php-4.4.7.tar.bz2) = 4543531 bytes +SHA1 (php-4.4.8.tar.bz2) = fca6259fd3e8e3a7a37343e9a81651f5b6d4835c +RMD160 (php-4.4.8.tar.bz2) = dedf4a1a853b19bd3fb91a6028a256facb2d3224 +Size (php-4.4.8.tar.bz2) = 4546525 bytes SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407 SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469 SHA1 (patch-ac) = 28288b1e79c14fb2b40eaefed0d6d2bff4775607 @@ -15,4 +15,3 @@ SHA1 (patch-ak) = 1f9fbe26c7329e1d18eec053499ee2d574b5b970 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63 SHA1 (patch-au) = f9798aa440e174f65dde574c4f3b28183b3d18bc -SHA1 (patch-aw) = 2cdfd3c194c30f19a102bce66a68125ccfa59697 diff --git a/www/php4/patches/patch-aw b/www/php4/patches/patch-aw deleted file mode 100644 index 55d8d55a4fd..00000000000 --- a/www/php4/patches/patch-aw +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-aw,v 1.3 2007/08/01 01:40:55 taca Exp $ - -Fix for CVE-2007-3806. - ---- ext/standard/dir.c.orig 2007-01-01 18:46:47.000000000 +0900 -+++ ext/standard/dir.c -@@ -382,6 +382,7 @@ PHP_FUNCTION(glob) - } - #endif - -+ memset(&globbuf, 0, sizeof(glob_t)); - globbuf.gl_offs = 0; - if (0 != (ret = glob(pattern, flags & GLOB_FLAGMASK, NULL, &globbuf))) { - #ifdef GLOB_NOMATCH |