head 1.8; access; symbols pkgsrc-2013Q2:1.8.0.26 pkgsrc-2013Q2-base:1.8 pkgsrc-2012Q4:1.8.0.24 pkgsrc-2012Q4-base:1.8 pkgsrc-2011Q4:1.8.0.22 pkgsrc-2011Q4-base:1.8 pkgsrc-2011Q2:1.8.0.20 pkgsrc-2011Q2-base:1.8 pkgsrc-2009Q4:1.8.0.18 pkgsrc-2009Q4-base:1.8 pkgsrc-2008Q4:1.8.0.16 pkgsrc-2008Q4-base:1.8 pkgsrc-2008Q3:1.8.0.14 pkgsrc-2008Q3-base:1.8 cube-native-xorg:1.8.0.12 cube-native-xorg-base:1.8 pkgsrc-2008Q2:1.8.0.10 pkgsrc-2008Q2-base:1.8 pkgsrc-2008Q1:1.8.0.8 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.6 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.4 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.2 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.6.0.26 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.24 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.6.0.22 pkgsrc-2006Q3-base:1.6 pkgsrc-2006Q2:1.6.0.20 pkgsrc-2006Q2-base:1.6 pkgsrc-2006Q1:1.6.0.18 pkgsrc-2006Q1-base:1.6 pkgsrc-2005Q4:1.6.0.16 pkgsrc-2005Q4-base:1.6 pkgsrc-2005Q3:1.6.0.14 pkgsrc-2005Q3-base:1.6 pkgsrc-2005Q2:1.6.0.12 pkgsrc-2005Q2-base:1.6 pkgsrc-2005Q1:1.6.0.10 pkgsrc-2005Q1-base:1.6 pkgsrc-2004Q4:1.6.0.8 pkgsrc-2004Q4-base:1.6 pkgsrc-2004Q3:1.6.0.6 pkgsrc-2004Q3-base:1.6 pkgsrc-2004Q2:1.6.0.4 pkgsrc-2004Q2-base:1.6 pkgsrc-2004Q1:1.6.0.2 pkgsrc-2004Q1-base:1.6 pkgsrc-2003Q4:1.5.0.2 pkgsrc-2003Q4-base:1.5 netbsd-1-6-1:1.3.0.6 netbsd-1-6-1-base:1.3 netbsd-1-6:1.3.0.8 netbsd-1-6-RELEASE-base:1.3 pkgviews:1.3.0.4 pkgviews-base:1.3 buildlink2:1.3.0.2 buildlink2-base:1.3 netbsd-1-5-PATCH003:1.3 netbsd-1-5-PATCH001:1.1; locks; strict; comment @# @; 1.8 date 2007.05.06.19.50.18; author adrianp; state dead; branches; next 1.7; 1.7 date 2007.05.06.13.08.34; author tron; state Exp; branches; next 1.6; 1.6 date 2004.02.14.00.46.26; author jdolecek; state dead; branches 1.6.26.1; next 1.5; 1.5 date 2003.09.01.10.17.38; author cjep; state Exp; branches; next 1.4; 1.4 date 2003.08.31.19.56.07; author jdolecek; state Exp; branches; next 1.3; 1.3 date 2001.10.16.04.54.24; author jlam; state Exp; branches; next 1.2; 1.2 date 2001.05.14.14.12.29; author jlam; state Exp; branches; next 1.1; 1.1 date 2000.12.25.21.03.47; author jlam; state Exp; branches; next ; 1.6.26.1 date 2007.05.07.17.36.24; author ghen; state Exp; branches; next 1.6.26.2; 1.6.26.2 date 2007.05.15.23.40.43; author salo; state dead; branches; next ; desc @@ 1.8 log @Update to 4.4.7 * Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) * Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) * Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) * Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) * Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) * Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. (MOPB-21 by Stefan Esser). * Limit nesting level of input variables with max_input_nesting_level as fix for (MOPB-03 by Stefan Esser) * Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) * Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) * Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev) * XSS in phpinfo() (MOPB-8 by Stefan Esser) @ text @$NetBSD: patch-ae,v 1.7 2007/05/06 13:08:34 tron Exp $ Patch for CVE-2007-1001, taken from here: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1&view=patch --- ext/gd/libgd/wbmp.c.orig 2003-04-25 01:59:03.000000000 +0100 +++ ext/gd/libgd/wbmp.c 2007-05-06 13:47:23.000000000 +0100 @@@@ -116,6 +116,15 @@@@ if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL) return (NULL); + if (overflow2(sizeof (int), width)) { + gdFree(wbmp); + return NULL; + } + if (overflow2(sizeof (int) * width, height)) { + gdFree(wbmp); + return NULL; + } + if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (width * height), 0)) == NULL) { gdFree (wbmp); @@@@ -176,6 +185,13 @@@@ printf ("W: %d, H: %d\n", wbmp->width, wbmp->height); #endif + if (overflow2(sizeof (int), wbmp->width) || + overflow2(sizeof (int) * wbmp->width, wbmp->height)) + { + gdFree(wbmp); + return (-1); + } + if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (wbmp->width * wbmp->height), 0)) == NULL) { gdFree (wbmp); @ 1.7 log @Add security fix for CVE-2007-1001 to "php4-gd" and "php5-gd" packages. Bump package revision. @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @no need to add XXXes to mkstemp() call, g/c this patch in an efford to minimize number of PHP patches in pkgsrc @ text @d1 11 a11 6 $NetBSD: patch-ae,v 1.5 2003/09/01 10:17:38 cjep Exp $ --- main/php_open_temporary_file.c.orig 2003-08-30 21:45:02.000000000 +0200 +++ main/php_open_temporary_file.c 2003-08-30 21:45:13.000000000 +0200 @@@@ -132,7 +132,7 @@@@ trailing_slash = "/"; } d13 15 a27 2 - (void)snprintf(opened_path, MAXPATHLEN, "%s%s%sXXXXXX", path, trailing_slash, pfx); + (void)snprintf(opened_path, MAXPATHLEN, "%s%s%sXXXXXXXXXX", path, trailing_slash, pfx); d29 10 a38 2 #ifdef PHP_WIN32 if (GetTempFileName(path, pfx, 0, opened_path)) { @ 1.6.26.1 log @Pullup ticket 2078 - requested by tron security fix for php-gd - pkgsrc/graphics/php-gd/Makefile 1.16 - pkgsrc/lang/php5/distinfo 1.39 - pkgsrc/lang/php5/patches/patch-ac 1.4 - pkgsrc/www/php4/distinfo 1.64 - pkgsrc/www/php4/patches/patch-ae 1.7 Module Name: pkgsrc Committed By: tron Date: Sun May 6 13:08:34 UTC 2007 Modified Files: pkgsrc/graphics/php-gd: Makefile pkgsrc/lang/php5: distinfo pkgsrc/www/php4: distinfo Added Files: pkgsrc/lang/php5/patches: patch-ac pkgsrc/www/php4/patches: patch-ae Log Message: Add security fix for CVE-2007-1001 to "php4-gd" and "php5-gd" packages. Bump package revision. @ text @d1 6 a6 11 $NetBSD: patch-ae,v 1.7 2007/05/06 13:08:34 tron Exp $ Patch for CVE-2007-1001, taken from here: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/wbmp.c?r1=1.2.4.1&r2=1.2.4.1.8.1&view=patch --- ext/gd/libgd/wbmp.c.orig 2003-04-25 01:59:03.000000000 +0100 +++ ext/gd/libgd/wbmp.c 2007-05-06 13:47:23.000000000 +0100 @@@@ -116,6 +116,15 @@@@ if ((wbmp = (Wbmp *) gdMalloc (sizeof (Wbmp))) == NULL) return (NULL); d8 2 a9 15 + if (overflow2(sizeof (int), width)) { + gdFree(wbmp); + return NULL; + } + if (overflow2(sizeof (int) * width, height)) { + gdFree(wbmp); + return NULL; + } + if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (width * height), 0)) == NULL) { gdFree (wbmp); @@@@ -176,6 +185,13 @@@@ printf ("W: %d, H: %d\n", wbmp->width, wbmp->height); #endif d11 2 a12 10 + if (overflow2(sizeof (int), wbmp->width) || + overflow2(sizeof (int) * wbmp->width, wbmp->height)) + { + gdFree(wbmp); + return (-1); + } + if ((wbmp->bitmap = (int *) safe_emalloc(sizeof(int), (wbmp->width * wbmp->height), 0)) == NULL) { gdFree (wbmp); @ 1.6.26.2 log @Pullup ticket 2084 - requested by adrianp security update for php4 Updated via patch provided by the submitter. Module Name: pkgsrc Committed By: adrianp Date: Sun May 6 19:50:18 UTC 2007 Modified Files: pkgsrc/www/php4: Makefile.common distinfo Removed Files: pkgsrc/www/php4/patches: patch-ae Log Message: Update to 4.4.7 * Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) * Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) * Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) * Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) * Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) * Added missing open_basedir & safe_mode checks to zip:// and bzip:// * wrappers. (MOPB-21 by Stefan Esser). * Limit nesting level of input variables with max_input_nesting_level as fix * for (MOPB-03 by Stefan Esser) * Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) * Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) * Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev) * XSS in phpinfo() (MOPB-8 by Stefan Esser) @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.6.26.1 2007/05/07 17:36:24 ghen Exp $ @ 1.5 log @Add NetBSD RCS tags @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Update PHP to final 4.3.3 Some highlights of changes since 4.2.3: * PCRE updated to 4.3, GD to 2.0.15 * improved Apache2 support * much improved stream & URL wrapper support, output compression support * added CLI (Command Line Interface) SAPI * debug_backtrace() backported from ZendEngine2 * faster build system * huge number of other bug fixes and improvements Packaging changes: * 'pcre', 'xml', and 'session' modules folded back into main package - 'pcre' and 'xml' is required by PEAR, and 'session' is just too essential to be separate * 'gd' module now uses bundled PHP GD library, which is better integrated * PHP modules use shared distinfo when possible to ease future PHP updates * ${PREFIX}/bin/php is now CLI version, ${PREFIX}/libexec/cgi-big/php remains CGI version @ text @d1 1 @ 1.3 log @Update ap-php and php to 4.0.6. Changes from version 4.0.5 include: - Bug fixes (memory leaks and other errors) - Made $HTTP_SESSION_VARS['foo'] and $foo be references to the same value when register_globals is on. (Andrei) - Added is_callable() function that can be used to find out whether its argument is a valid callable construct. (Andrei) - Added pg_last_notice() function. (Rasmus from suggestion by Dirk@@rackspace.com) - Added support to getimagesize to return dimensions of BMP and PSD files. (Derick) - Added Japanese multibyte string functions support. (Rui) - Added key_exists() to check if a given key or index exists in an array or object. (David Croft) - Added -C command-line option to avoid chdir to the script's directory. (Stig) - printf argnum (parameter swapping) support. (Morten Poulsen, Rasmus) - Modified get_parent_class() and get_class_methods() to accept a class name as well as a class instance. (Andrei, Zend Engine) - Added array_map() function that applies a callback to the elements of given arrays and returns the result. It can also be used with a null callback to transpose arrays. (Andrei) - Added array_filter(), which allows filtering of array elements via the specified callback. (Andrei) @ text @d1 3 a3 5 $NetBSD$ --- main/php_open_temporary_file.c.orig Mon Apr 30 08:43:40 2001 +++ main/php_open_temporary_file.c @@@@ -110,7 +110,7 @@@@ @ 1.2 log @Update php4 and modules to 4.0.5. Changes from version 4.0.4.1nb1 include many general bugfixes, important fixes to the pgsql module to support PostgreSQL transactions correctly, speedups, and a zlib output compressor. @ text @d3 5 a7 3 --- ext/standard/config.m4.orig Sun Mar 11 05:08:27 2001 +++ ext/standard/config.m4 @@@@ -187,9 +187,11 @@@@ d9 2 a10 9 AC_CHECK_FUNC(dlopen, [AC_DEFINE(HAVE_LIBDL,1,[ ])]) +if false; then AC_CHECK_LIB(pam, pam_start, [ EXTRA_LIBS="$EXTRA_LIBS -lpam" AC_DEFINE(HAVE_LIBPAM,1,[ ]) ], []) +fi # if false AC_CHECK_FUNCS(getcwd getwd) d12 2 @ 1.1 log @Update php4 to the latest stable release 4.0.4. Relevant changes from version 4.0.3 include many bugfixes (including one bad interaction with mod_perl which caused segfaults) and additions of several new functions. Several new PHP modules were also added to the main distribution, including new database extensions and OpenSSL, and some bugs with improperly closing database connections was fixed. @ text @d3 1 a3 1 --- ext/standard/config.m4.orig Wed Jul 19 12:19:40 2000 d5 1 a5 1 @@@@ -136,10 +136,6 @@@@ d9 6 a14 4 -AC_CHECK_LIB(pam, pam_start, [ - EXTRA_LIBS="$EXTRA_LIBS -lpam" - AC_DEFINE(HAVE_LIBPAM,1,[ ]) ], []) - a16 1 AC_CRYPT_CAP @