head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.32
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.30
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.28
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.26
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.24
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.22
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.20
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.18
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.16
	pkgsrc-2008Q2-base:1.2
	pkgsrc-2008Q1:1.2.0.14
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.12
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.10
	pkgsrc-2007Q3-base:1.2
	pkgsrc-2007Q2:1.2.0.8
	pkgsrc-2007Q2-base:1.2
	pkgsrc-2007Q1:1.2.0.6
	pkgsrc-2007Q1-base:1.2
	pkgsrc-2006Q4:1.2.0.4
	pkgsrc-2006Q4-base:1.2
	pkgsrc-2006Q3:1.2.0.2
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.1.0.4
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2006.08.10.23.01.39;	author adrianp;	state dead;
branches;
next	1.1;

1.1
date	2006.04.14.13.48.33;	author cube;	state Exp;
branches
	1.1.2.1
	1.1.4.1;
next	;

1.1.2.1
date	2006.04.14.13.48.33;	author salo;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2006.04.19.00.12.27;	author salo;	state Exp;
branches;
next	;

1.1.4.1
date	2006.08.16.07.17.41;	author salo;	state dead;
branches;
next	;


desc
@@


1.2
log
@Update to 4.4.3

All PHP 4.x users are encouraged to upgrade to this release as soon as possible.

The security issues resolved include the following:

* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
  function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.

The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).

For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3

This also contains a fix for CVE-2006-4020 (SA21403)
@
text
@$NetBSD: patch-aq,v 1.1 2006/04/14 13:48:33 cube Exp $

--- ext/standard/html.c.orig	2006-01-01 14:46:57.000000000 +0100
+++ ext/standard/html.c
@@@@ -793,7 +793,7 @@@@ PHPAPI char *php_unescape_html_entities(
 	enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
 	unsigned char replacement[15];
 	
-	ret = estrdup(old);
+	ret = estrndup(old, oldlen);
 	retlen = oldlen;
 	if (!retlen) {
 		goto empty_source;
@


1.1
log
@The actual patches for PHP4/5.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-aq was added on branch pkgsrc-2006Q1 on 2006-04-14 13:48:33 +0000
@
text
@d1 13
@


1.1.2.2
log
@Pullup ticket 1406 - requested by cube
security fixes for php

Revisions pulled up:
- pkgsrc/lang/php5/Makefile			1.29
- pkgsrc/lang/php5/Makefile.php			1.18
- pkgsrc/lang/php5/distinfo			1.15
- pkgsrc/lang/php5/patches/patch-ap		1.1
- pkgsrc/lang/php5/patches/patch-aq		1.1
- pkgsrc/lang/php5/patches/patch-ar		1.1
- pkgsrc/www/php4/Makefile			1.63
- pkgsrc/www/php4/distinfo			1.52
- pkgsrc/www/php4/patches/patch-aq		1.1
- pkgsrc/www/php4/patches/patch-ar		1.1
- pkgsrc/www/php4/patches/patch-as		1.1
- pkgsrc/www/ap-php/Makefile			1.9

   Module Name:		pkgsrc
   Committed By:	cube
   Date:		Fri Apr 14 13:47:30 UTC 2006

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.php distinfo
   	pkgsrc/www/ap-php: Makefile
   	pkgsrc/www/php4: Makefile distinfo

   Log Message:
   PHP4/5 security changes...  They're not critical issues;  secunia classes
   them between "not critical" and "less critical".

   Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.

   See:
       http://secunia.com/advisories/19383/
       http://secunia.com/advisories/19599/

   Patches were extracted from CVS.  I had to translate the one for
   CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
   (I don't know why;  I can confirm it fixes the issue).

   While here, add PATCHDIR to the list of variables php5's Makefile.php
   defines.  That way, ap-php gets patched too...
---
   Module Name:		pkgsrc
   Committed By:	cube
   Date:		Fri Apr 14 13:48:33 UTC 2006

   Added Files:
   	pkgsrc/lang/php5/patches: patch-ap patch-aq patch-ar
   	pkgsrc/www/php4/patches: patch-aq patch-ar patch-as

   Log Message:
   The actual patches for PHP4/5.
@
text
@a0 13
$NetBSD: patch-aq,v 1.1.2.1 2006/04/19 00:12:27 salo Exp $

--- ext/standard/html.c.orig	2006-01-01 14:46:57.000000000 +0100
+++ ext/standard/html.c
@@@@ -793,7 +793,7 @@@@ PHPAPI char *php_unescape_html_entities(
 	enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
 	unsigned char replacement[15];
 	
-	ret = estrdup(old);
+	ret = estrndup(old, oldlen);
 	retlen = oldlen;
 	if (!retlen) {
 		goto empty_source;
@


1.1.4.1
log
@Pullup ticket 1790 - requested by adrianp
security update for php4

Revisions pulled up:
- pkgsrc/www/php4/Makefile			1.70
- pkgsrc/www/php4/Makefile.common		1.53
- pkgsrc/www/php4/distinfo			1.56
- pkgsrc/www/php4/files/pear.sh			1.3
- pkgsrc/www/php4/patches/patch-ao		1.3
- pkgsrc/www/php4/patches/patch-aq		removed
- pkgsrc/www/php4/patches/patch-ar		removed
- pkgsrc/www/php4/patches/patch-as		removed
- pkgsrc/www/php4/patches/patch-au		removed
- pkgsrc/www/php4/patches/patch-av		removed
- pkgsrc/www/php4/patches/patch-aw		1.1

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Aug 10 23:01:40 UTC 2006

   Modified Files:
   	pkgsrc/www/php4: Makefile Makefile.common distinfo
   	pkgsrc/www/php4/files: pear.sh
   	pkgsrc/www/php4/patches: patch-ao
   Added Files:
   	pkgsrc/www/php4/patches: patch-aw
   Removed Files:
   	pkgsrc/www/php4/patches: patch-aq patch-ar patch-as patch-au patch-av

   Log Message:
   Update to 4.4.3

   All PHP 4.x users are encouraged to upgrade to this release as soon as possible.

   The security issues resolved include the following:

   * Disallow certain characters in session names.
   * Fixed a buffer overflow inside the wordwrap() function.
   * Prevent jumps to parent directory via the 2nd parameter of the tempnam()
     function.
   * Improved safe_mode check for the error_log() function.
   * Fixed cross-site scripting inside the phpinfo() function.

   The release also includes about 20 bug fixes and an upgraded PCRE library
   (version 6.6).

   For a full list of changes in PHP 4.4.3, see the ChangeLog:
   http://www.php.net/ChangeLog-4.php#4.4.3

   This also contains a fix for CVE-2006-4020 (SA21403)
@
text
@d1 1
a1 1
$NetBSD: patch-aq,v 1.1 2006/04/14 13:48:33 cube Exp $
@