head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2;
locks; strict;
comment	@# @;


1.2
date	2010.12.13.13.16.37;	author taca;	state dead;
branches;
next	1.1;

1.1
date	2010.11.25.03.43.50;	author taca;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update lang/php53 package to 5.3.4 (PHP 5.3.4).


The PHP development team is proud to announce the immediate release of PHP
5.3.4. This is a maintenance release in the 5.3 series, which includes a large
number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.4:

* Fixed crash in zip extract method (possible CWE-170).
* Paths with NULL in them (foo\0bar.txt) are now considered as invalid
  (CVE-2006-7243).
* Fixed a possible double free in imap extension (Identified by Mateusz
  Kocielski). (CVE-2010-4150).
* Fixed NULL pointer dereference in
  ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
* Fixed symbolic resolution support when the target is a DFS share.
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
  large amount of data) (CVE-2010-3710).

Key Bug Fixes in PHP 5.3.4 include:

* Added stat support for zip stream.
* Added follow_location (enabled by default) option for the http stream
  support.
* Added a 3rd parameter to get_html_translation_table. It now takes a charset
  hint, like htmlentities et al.
* Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend
  multibyte at runtime.
* Multiple improvements to the FPM SAPI.
* Over 100 other bug fixes.

For users upgrading from PHP 5.2 there is a migration guide available here,
detailing the changes between those releases and PHP 5.3.

For a full list of changes in PHP 5.3.4, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be found on
windows.php.net/download/.
@
text
@$NetBSD: patch-ap,v 1.1 2010/11/25 03:43:50 taca Exp $

Fix for CVE-2010-4150:
	http://svn.php.net/viewvc?view=revision&revision=305032

--- ext/imap/php_imap.c.orig	2010-04-14 09:45:37.000000000 +0000
+++ ext/imap/php_imap.c
@@@@ -1209,10 +1209,12 @@@@ static void php_imap_do_open(INTERNAL_FU
 
 	if (IMAPG(imap_user)) {
 		efree(IMAPG(imap_user));
+		IMAPG(imap_user) = 0;
 	}
 
 	if (IMAPG(imap_password)) {
 		efree(IMAPG(imap_password));
+		IMAPG(imap_password) = 0;
 	}
 
 	/* local filename, need to perform open_basedir and safe_mode checks */
@


1.1
log
@
- GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016
- CVE-2010-3710 (a part of SA41724)
	http://svn.php.net/viewvc?view=revision&revision=303779
- CVE-2010-3870 (a part of SA41724)
	http://svn.php.net/viewvc?view=revision&revision=304959
- CVE-2010-4150 (php-imap)
	http://svn.php.net/viewvc?view=revision&revision=305032
- CVE-2010-4156 (SA42135)
	http://svn.php.net/viewvc?view=revision&revision=305214

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@