From d7a538536f19d315f4d68bb4a65d6f5e93fb8641 Mon Sep 17 00:00:00 2001 From: adrianp Date: Sun, 20 Aug 2006 09:44:59 +0000 Subject: PHP 4.4.4 Release Announcement This release address a series of locally exploitable security problems discovered since PHP 4.4.3. All PHP users are encouraged to upgrade to this release as soon as possible. This release provides the following security fixes: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems. * Fixed possible open_basedir/safe_mode bypass in cURL extension. * Fixed overflow in GD extension on invalid GIF images. * Fixed a buffer overflow inside sscanf() function. * Fixed memory_limit restriction on 64 bit system. --- www/php4/Makefile.common | 4 +-- www/php4/distinfo | 9 +++-- www/php4/patches/patch-aw | 83 ----------------------------------------------- 3 files changed, 6 insertions(+), 90 deletions(-) delete mode 100644 www/php4/patches/patch-aw (limited to 'www') diff --git a/www/php4/Makefile.common b/www/php4/Makefile.common index cc2c400fb69..9b707bfc4c9 100644 --- a/www/php4/Makefile.common +++ b/www/php4/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.53 2006/08/10 23:01:40 adrianp Exp $ +# $NetBSD: Makefile.common,v 1.54 2006/08/20 09:44:59 adrianp Exp $ DISTNAME?= php-${PHP_DIST_VERS} CATEGORIES+= www php4 @@ -18,7 +18,7 @@ HOMEPAGE?= http://www.php.net/ # PHP_DIST_VERS version number on the php distfile # PHP_BASE_VERS pkgsrc-mangled version number (convert pl -> .) # -PHP_DIST_VERS= 4.4.3 +PHP_DIST_VERS= 4.4.4 PHP_BASE_VERS= ${PHP_DIST_VERS} DISTFILES?= ${PHP_DISTFILE} diff --git a/www/php4/distinfo b/www/php4/distinfo index e6eb2a43a11..6ba26f153f7 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.56 2006/08/10 23:01:40 adrianp Exp $ +$NetBSD: distinfo,v 1.57 2006/08/20 09:44:59 adrianp Exp $ -SHA1 (php-4.4.3.tar.bz2) = 42aec56fec03c13366c0b0aac13169138814a4b5 -RMD160 (php-4.4.3.tar.bz2) = 36c91930af44e8a1ed59eb159e6131ae8f0c77f0 -Size (php-4.4.3.tar.bz2) = 4461353 bytes +SHA1 (php-4.4.4.tar.bz2) = 05d62910fb5734344db87f0a17b1e8e001b26b05 +RMD160 (php-4.4.4.tar.bz2) = 02fd7d5135a9e5ce11d905a4a474a5d42b8441f3 +Size (php-4.4.4.tar.bz2) = 4478698 bytes SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407 SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469 SHA1 (patch-ad) = 9ca5d2f59bfeea77a98cd0e727546d11669114cd @@ -15,4 +15,3 @@ SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46 SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63 -SHA1 (patch-aw) = f8e2f36a4d9bb4a60d255127ac5984c33ea74841 diff --git a/www/php4/patches/patch-aw b/www/php4/patches/patch-aw deleted file mode 100644 index 10ea46cce89..00000000000 --- a/www/php4/patches/patch-aw +++ /dev/null @@ -1,83 +0,0 @@ ---- ext/standard/scanf.c.orig 2006-01-01 13:46:58.000000000 +0000 -+++ ext/standard/scanf.c 2006-08-10 23:00:19.000000000 +0100 -@@ -732,7 +732,7 @@ - if (*end == '$') { - format = end+1; - ch = format++; -- objIndex = varStart + value; -+ objIndex = varStart + value - 1; - } - } - -@@ -762,8 +762,10 @@ - switch (*ch) { - case 'n': - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -- current = args[objIndex++]; -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { -+ current = args[objIndex++]; - zval_dtor( *current ); - ZVAL_LONG( *current, (long)(string - baseString) ); - } else { -@@ -883,8 +885,10 @@ - } - } - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -- current = args[objIndex++]; -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { -+ current = args[objIndex++]; - zval_dtor( *current ); - ZVAL_STRINGL( *current, string, end-string, 1); - } else { -@@ -922,7 +926,9 @@ - goto done; - } - if (!(flags & SCAN_SUPPRESS)) { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - zval_dtor( *current ); - ZVAL_STRINGL( *current, string, end-string, 1); -@@ -1079,8 +1085,10 @@ - value = (int) (*fn)(buf, NULL, base); - if ((flags & SCAN_UNSIGNED) && (value < 0)) { - sprintf(buf, "%u", value); /* INTL: ISO digit */ -- if (numVars) { -- /* change passed value type to string */ -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { -+ /* change passed value type to string */ - current = args[objIndex++]; - convert_to_string( *current ); - ZVAL_STRING( *current, buf, 1 ); -@@ -1088,7 +1096,9 @@ - add_index_string(*return_value, objIndex++, buf, 1); - } - } else { -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - convert_to_long( *current ); - Z_LVAL(**current) = value; -@@ -1196,7 +1206,9 @@ - double dvalue; - *end = '\0'; - dvalue = zend_strtod(buf, NULL); -- if (numVars) { -+ if (numVars && objIndex >= argCount) { -+ break; -+ } else if (numVars) { - current = args[objIndex++]; - convert_to_double( *current ); - Z_DVAL_PP( current ) = dvalue; -- cgit v1.2.3