diff options
| author | adrianp <adrianp@pkgsrc.org> | 2006-08-20 09:44:59 +0000 |
|---|---|---|
| committer | adrianp <adrianp@pkgsrc.org> | 2006-08-20 09:44:59 +0000 |
| commit | e9f89c2175607a2df9f6e67be6125f52d987a3f5 (patch) | |
| tree | 0785d38439f080deb9064c5e09f3f094f78e430a /www/php4/patches | |
| parent | 1d7922597664f9d8c65b5aacc99fbb27c370ccb5 (diff) | |
| download | pkgsrc-e9f89c2175607a2df9f6e67be6125f52d987a3f5.tar.gz | |
PHP 4.4.4 Release Announcement
This release address a series of locally exploitable security problems
discovered since PHP 4.4.3. All PHP users are encouraged to upgrade to this
release as soon as possible.
This release provides the following security fixes:
* Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed memory_limit restriction on 64 bit system.
Diffstat (limited to 'www/php4/patches')
| -rw-r--r-- | www/php4/patches/patch-aw | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/www/php4/patches/patch-aw b/www/php4/patches/patch-aw deleted file mode 100644 index 10ea46cce89..00000000000 --- a/www/php4/patches/patch-aw +++ /dev/null @@ -1,83 +0,0 @@ ---- ext/standard/scanf.c.orig 2006-01-01 13:46:58.000000000 +0000 -+++ ext/standard/scanf.c 2006-08-10 23:00:19.000000000 +0100 -@@ -732,7 +732,7 @@ - if (*end == '$') { - format = end+1; - ch = format++; -- objIndex = varStart + value; -+ objIndex = varStart + value - 1; - } - } - -@@ -762,8 +762,10 @@ - switch (*ch) { - case 'n': - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -- current = args[objIndex++]; -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { -+ current = args[objIndex++]; - zval_dtor( *current ); - ZVAL_LONG( *current, (long)(string - baseString) ); - } else { -@@ -883,8 +885,10 @@ - } - } - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -- current = args[objIndex++]; -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { -+ current = args[objIndex++]; - zval_dtor( *current ); - ZVAL_STRINGL( *current, string, end-string, 1); - } else { -@@ -922,7 +926,9 @@ - goto done; - } - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - zval_dtor( *current ); - ZVAL_STRINGL( *current, string, end-string, 1); -@@ -1079,8 +1085,10 @@ - value = (int) (*fn)(buf, NULL, base); - if ((flags & SCAN_UNSIGNED) && (value < 0)) { - sprintf(buf, "%u", value); /* INTL: ISO digit */ -- if (numVars) { -- /* change passed value type to string */ -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { -+ /* change passed value type to string */ - current = args[objIndex++]; - convert_to_string( *current ); - ZVAL_STRING( *current, buf, 1 ); -@@ -1088,7 +1096,9 @@ - add_index_string(*return_value, objIndex++, buf, 1); - } - } else { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - convert_to_long( *current ); - Z_LVAL(**current) = value; -@@ -1196,7 +1206,9 @@ - double dvalue; - *end = '\0'; - dvalue = zend_strtod(buf, NULL); -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - convert_to_double( *current ); - Z_DVAL_PP( current ) = dvalue; |