diff options
| author | adrianp <adrianp> | 2007-05-06 19:50:18 +0000 |
|---|---|---|
| committer | adrianp <adrianp> | 2007-05-06 19:50:18 +0000 |
| commit | 24c898ff273ec835c18fcfbf29d93e1f5440456f (patch) | |
| tree | aac2bd10c20ec295f8d675eb8b28150872ca1cef /www | |
| parent | a8e460b1d4cbea1194a97870cf16bc1e35c5986a (diff) | |
| download | pkgsrc-24c898ff273ec835c18fcfbf29d93e1f5440456f.tar.gz | |
Update to 4.4.7
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* XSS in phpinfo() (MOPB-8 by Stefan Esser)
Diffstat (limited to 'www')
| -rw-r--r-- | www/php4/Makefile | 3 | ||||
| -rw-r--r-- | www/php4/Makefile.common | 4 | ||||
| -rw-r--r-- | www/php4/distinfo | 9 | ||||
| -rw-r--r-- | www/php4/patches/patch-ae | 38 |
4 files changed, 7 insertions, 47 deletions
diff --git a/www/php4/Makefile b/www/php4/Makefile index 1b73f7c32de..0965489f32d 100644 --- a/www/php4/Makefile +++ b/www/php4/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.76 2007/05/05 21:35:05 adrianp Exp $ +# $NetBSD: Makefile,v 1.77 2007/05/06 19:50:18 adrianp Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 1 CATEGORIES+= lang COMMENT= HTML-embedded scripting language diff --git a/www/php4/Makefile.common b/www/php4/Makefile.common index 8024e03b7e5..a60fbf83dfb 100644 --- a/www/php4/Makefile.common +++ b/www/php4/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.55 2007/03/03 13:19:52 adrianp Exp $ +# $NetBSD: Makefile.common,v 1.56 2007/05/06 19:50:18 adrianp Exp $ DISTNAME?= php-${PHP_DIST_VERS} CATEGORIES+= www php4 @@ -18,7 +18,7 @@ HOMEPAGE?= http://www.php.net/ # PHP_DIST_VERS version number on the php distfile # PHP_BASE_VERS pkgsrc-mangled version number (convert pl -> .) # -PHP_DIST_VERS= 4.4.6 +PHP_DIST_VERS= 4.4.7 PHP_BASE_VERS= ${PHP_DIST_VERS} DISTFILES?= ${PHP_DISTFILE} diff --git a/www/php4/distinfo b/www/php4/distinfo index 785843b97a3..2e345b9156f 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,13 +1,12 @@ -$NetBSD: distinfo,v 1.64 2007/05/06 13:08:34 tron Exp $ +$NetBSD: distinfo,v 1.65 2007/05/06 19:50:18 adrianp Exp $ -SHA1 (php-4.4.6.tar.bz2) = e9c11ae084e2d505568d672afd06d4e6fc431621 -RMD160 (php-4.4.6.tar.bz2) = 16a81ee94d1f8f56adf3e76dde32c62597130674 -Size (php-4.4.6.tar.bz2) = 4559282 bytes +SHA1 (php-4.4.7.tar.bz2) = a6e2d6b5c5aa4e82a718563dc8dbb4b83fc91b78 +RMD160 (php-4.4.7.tar.bz2) = 5eb44c4b7711111dcbc9117e21ad644e9e6562f3 +Size (php-4.4.7.tar.bz2) = 4543531 bytes SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407 SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469 SHA1 (patch-ac) = 28288b1e79c14fb2b40eaefed0d6d2bff4775607 SHA1 (patch-ad) = 9ca5d2f59bfeea77a98cd0e727546d11669114cd -SHA1 (patch-ae) = 2a5989d3eb144a1c238703d388055d0f47624e1a SHA1 (patch-ag) = 1ded1d7f4daac6806f41864c783f16d3403315e4 SHA1 (patch-ah) = 0ac37bd35c4594cb58f1ea85ef811154b644a931 SHA1 (patch-ai) = 0b9c1c9fb75a64026f2fb3cbd44cc19e0a1f186c diff --git a/www/php4/patches/patch-ae b/www/php4/patches/patch-ae deleted file mode 100644 index 9553e2ed3e9..00000000000 --- a/www/php4/patches/patch-ae +++ /dev/null @@ -1,38 +0,0 @@ -$NetBSD: patch-ae,v 1.7 2007/05/06 13:08:34 tron Exp $ - -Patch for CVE-2007-1001, taken from here: - -http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1&view=patch - ---- ext/gd/libgd/wbmp.c.orig 2003-04-25 01:59:03.000000000 +0100 -+++ ext/gd/libgd/wbmp.c 2007-05-06 13:47:23.000000000 +0100 -@@ -116,6 +116,15 @@ - if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL) - return (NULL); - -+ if (overflow2(sizeof (int), width)) { -+ gdFree(wbmp); -+ return NULL; -+ } -+ if (overflow2(sizeof (int) * width, height)) { -+ gdFree(wbmp); -+ return NULL; -+ } -+ - if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (width * height), 0)) == NULL) - { - gdFree (wbmp); -@@ -176,6 +185,13 @@ - printf ("W: %d, H: %d\n", wbmp->width, wbmp->height); - #endif - -+ if (overflow2(sizeof (int), wbmp->width) || -+ overflow2(sizeof (int) * wbmp->width, wbmp->height)) -+ { -+ gdFree(wbmp); -+ return (-1); -+ } -+ - if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (wbmp->width * wbmp->height), 0)) == NULL) - { - gdFree (wbmp); |