The NetBSD Project

CVS log for pkgsrc/lang/php5/Attic/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / lang / php5

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: pkgsrc-2007Q1


Revision 1.48.2.2 / (download) - annotate - [select for diffs], Thu Jun 14 23:34:08 2007 UTC (16 years, 9 months ago) by salo
Branch: pkgsrc-2007Q1
Changes since 1.48.2.1: +26 -9 lines
Diff to previous 1.48.2.1 (colored) to branchpoint 1.48 (colored) next main 1.49 (colored)

Pullup ticket 2113 - requested by adrianp
security update for php5

Revisions pulled up:
- pkgsrc/lang/php5/Makefile			1.52, 1.53, 1.54, 1.55
- pkgsrc/lang/php5/Makefile.common		1.26
- pkgsrc/lang/php5/distinfo			1.41, 1.42, 1.43, 1.44
- pkgsrc/lang/php5/patches/patch-am		1.3
- pkgsrc/lang/php5/patches/patch-an		1.3, 1.4

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Wed Jun  6 19:33:13 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.common distinfo

   Log Message:
   Update to php-5.2.3

   Security Fixes
   * Fixed an integer overflow inside chunk_split() (by Gerhard Wagner,
     CVE-2007-2872)
   * Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche,
     CVE-2007-2756)
   * Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan
     Esser, CVE-2007-1900)
   * Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath())
     (by bugs dot php dot net at chsc dot dk)
   * Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
   * Added mysql_set_charset() to allow runtime altering of connection
     encoding.

   * Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
   * Fixed gd build when used with freetype 1.x (Pierre, Tony)

   And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3
   for all the details.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Jun  7 10:45:18 UTC 2007

   Added Files:
   	pkgsrc/lang/php5/patches: patch-am

   Log Message:
   Add in the correct patch to fix CVE-2007-2872
   Spotted by Takahiro Kambe
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Jun  7 10:45:42 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile distinfo

   Log Message:
   Add in the correct patch to fix CVE-2007-2872
   Spotted by Takahiro Kambe
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Jun  8 12:29:53 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile distinfo
   Added Files:
   	pkgsrc/lang/php5/patches: patch-an

   Log Message:
   Fix the install path for the CGI binary so it ends up where we want it.
   Pointed out by schmonz@ and taca@
   Bump PKGREVISION
---
   Module Name:		pkgsrc
   Committed By:	heinz
   Date:		Mon Jun 11 17:45:30 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile distinfo
   	pkgsrc/lang/php5/patches: patch-an

   Log Message:
   Added support for installation to DESTDIR. patch-an had removed correct
   support for this before, probably unintentionally.

Revision 1.48.2.1 / (download) - annotate - [select for diffs], Tue May 15 23:42:38 2007 UTC (16 years, 10 months ago) by salo
Branch: pkgsrc-2007Q1
Changes since 1.48: +1 -2 lines
Diff to previous 1.48 (colored)

Pullup ticket 2085 - requested by adrianp
security update for php5

Updated via patch provided by the submitter.

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Sun May  6 20:07:37 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.common distinfo
   Removed Files:
   	pkgsrc/lang/php5/patches: patch-ac

   Log Message:
   Update 5.2.2
   * Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
   * Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
   * Fixed a bug in mb_parse_str() that can be used to activate register_globals
     (MOPB-26 by Stefan Esser)
   * Fixed unallocated memory access/double free in in array_user_key_compare()
     (MOPB-24 by Stefan Esser)
   * Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
   * Added missing open_basedir & safe_mode checks to zip:// and bzip://
   * wrappers.
     (MOPB-21 by Stefan Esser).
   * Limit nesting level of input variables with max_input_nesting_level as fix
   * for
     (MOPB-03 by Stefan Esser)
   * Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
   * Fixed a possible super-global overwrite inside import_request_variables().
     (by Stefano Di Paola, Stefan Esser)
   * Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
     library. (by Stanislav Malyshev)
   * Fixed a header injection via Subject and To parameters to the mail()
   * function
     (MOPB-34 by Stefan Esser)
   * Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan
   * Esser)
   * Fixed substr_compare and substr_count information leak
     (MOPB-14 by Stefan Esser) (Stas, Ilia)
   * Fixed a remotely trigger-able buffer overflow inside
   * make_http_soap_request()
     (by Ilia Alshanetsky)
   * Fixed a buffer overflow inside user_filter_factory_create().
     (by Ilia Alshanetsky)

Revision 1.48 / (download) - annotate - [select for diffs], Sun Feb 25 20:05:11 2007 UTC (17 years, 1 month ago) by jdolecek
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base
Branch point for: pkgsrc-2007Q1
Changes since 1.47: +2 -1 lines
Diff to previous 1.47 (colored)

put back openssl extension, mistakely commented out in PHP 5.2.1 upgrade

noted by Manuel Bouyer

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>