Fix for CVE-2006-4625

Bump nb

3 files changed, 20 insertions, 3 deletions

diff --git a/www/php4/Makefile b/www/php4/Makefile
index dc2b5f63b23..f5315fb2ccd 100644
--- a/www/php4/Makefile
+++ b/www/php4/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.71 2006/10/20 22:10:33 jdolecek Exp $
+# $NetBSD: Makefile,v 1.72 2006/10/22 13:16:41 adrianp Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES+=		lang
 COMMENT=		HTML-embedded scripting language
 
diff --git a/www/php4/distinfo b/www/php4/distinfo
index 6ba26f153f7..539b343e027 100644
--- a/www/php4/distinfo
+++ b/www/php4/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.57 2006/08/20 09:44:59 adrianp Exp $
+$NetBSD: distinfo,v 1.58 2006/10/22 13:16:41 adrianp Exp $
 
 SHA1 (php-4.4.4.tar.bz2) = 05d62910fb5734344db87f0a17b1e8e001b26b05
 RMD160 (php-4.4.4.tar.bz2) = 02fd7d5135a9e5ce11d905a4a474a5d42b8441f3
@@ -15,3 +15,4 @@ SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46
 SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344
 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
 SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
+SHA1 (patch-au) = 8b8e317dbb9cfc265bf29ebe0827d9b734a1a3b7
diff --git a/www/php4/patches/patch-au b/www/php4/patches/patch-au
new file mode 100644
index 00000000000..02a8a9e1b01
--- /dev/null
+++ b/www/php4/patches/patch-au
@@ -0,0 +1,16 @@
+$NetBSD: patch-au,v 1.3 2006/10/22 13:16:41 adrianp Exp $
+
+# CVE-2006-4625
+
+--- Zend/zend_ini.c.orig	2005-09-02 22:09:03.000000000 +0100
++++ Zend/zend_ini.c
+@@ -256,7 +256,8 @@ ZEND_API int zend_restore_ini_entry(char
+ 	zend_ini_entry *ini_entry;
+ 	TSRMLS_FETCH();
+ 
+-	if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) {
++	if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE ||
++            (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifyable & ZEND_INI_USER) == 0)) {                return FAILURE;
+ 		return FAILURE;
+ 	}
+