Up to [cvs.NetBSD.org] / pkgsrc / lang / php5
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: pkgsrc-2007Q1
Revision 1.48.2.2 / (download) - annotate - [select for diffs], Thu Jun 14 23:34:08 2007 UTC (16 years, 9 months ago) by salo
Branch: pkgsrc-2007Q1
Changes since 1.48.2.1: +26 -9
lines
Diff to previous 1.48.2.1 (colored) to branchpoint 1.48 (colored) next main 1.49 (colored)
Pullup ticket 2113 - requested by adrianp security update for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.52, 1.53, 1.54, 1.55 - pkgsrc/lang/php5/Makefile.common 1.26 - pkgsrc/lang/php5/distinfo 1.41, 1.42, 1.43, 1.44 - pkgsrc/lang/php5/patches/patch-am 1.3 - pkgsrc/lang/php5/patches/patch-an 1.3, 1.4 Module Name: pkgsrc Committed By: adrianp Date: Wed Jun 6 19:33:13 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Log Message: Update to php-5.2.3 Security Fixes * Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872) * Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756) * Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900) * Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk) * Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib. * Added mysql_set_charset() to allow runtime altering of connection encoding. * Upgraded bundled SQLite 3 to version 3.3.17. (Ilia) * Fixed gd build when used with freetype 1.x (Pierre, Tony) And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3 for all the details. --- Module Name: pkgsrc Committed By: adrianp Date: Thu Jun 7 10:45:18 UTC 2007 Added Files: pkgsrc/lang/php5/patches: patch-am Log Message: Add in the correct patch to fix CVE-2007-2872 Spotted by Takahiro Kambe --- Module Name: pkgsrc Committed By: adrianp Date: Thu Jun 7 10:45:42 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile distinfo Log Message: Add in the correct patch to fix CVE-2007-2872 Spotted by Takahiro Kambe --- Module Name: pkgsrc Committed By: adrianp Date: Fri Jun 8 12:29:53 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-an Log Message: Fix the install path for the CGI binary so it ends up where we want it. Pointed out by schmonz@ and taca@ Bump PKGREVISION --- Module Name: pkgsrc Committed By: heinz Date: Mon Jun 11 17:45:30 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile distinfo pkgsrc/lang/php5/patches: patch-an Log Message: Added support for installation to DESTDIR. patch-an had removed correct support for this before, probably unintentionally.
Revision 1.48.2.1 / (download) - annotate - [select for diffs], Tue May 15 23:42:38 2007 UTC (16 years, 10 months ago) by salo
Branch: pkgsrc-2007Q1
Changes since 1.48: +1 -2
lines
Diff to previous 1.48 (colored)
Pullup ticket 2085 - requested by adrianp security update for php5 Updated via patch provided by the submitter. Module Name: pkgsrc Committed By: adrianp Date: Sun May 6 20:07:37 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Removed Files: pkgsrc/lang/php5/patches: patch-ac Log Message: Update 5.2.2 * Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric) * Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser) * Fixed a bug in mb_parse_str() that can be used to activate register_globals (MOPB-26 by Stefan Esser) * Fixed unallocated memory access/double free in in array_user_key_compare() (MOPB-24 by Stefan Esser) * Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser) * Added missing open_basedir & safe_mode checks to zip:// and bzip:// * wrappers. (MOPB-21 by Stefan Esser). * Limit nesting level of input variables with max_input_nesting_level as fix * for (MOPB-03 by Stefan Esser) * Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team) * Fixed a possible super-global overwrite inside import_request_variables(). (by Stefano Di Paola, Stefan Esser) * Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. (by Stanislav Malyshev) * Fixed a header injection via Subject and To parameters to the mail() * function (MOPB-34 by Stefan Esser) * Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan * Esser) * Fixed substr_compare and substr_count information leak (MOPB-14 by Stefan Esser) (Stas, Ilia) * Fixed a remotely trigger-able buffer overflow inside * make_http_soap_request() (by Ilia Alshanetsky) * Fixed a buffer overflow inside user_filter_factory_create(). (by Ilia Alshanetsky)
Revision 1.48 / (download) - annotate - [select for diffs], Sun Feb 25 20:05:11 2007 UTC (17 years, 1 month ago) by jdolecek
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base
Branch point for: pkgsrc-2007Q1
Changes since 1.47: +2 -1
lines
Diff to previous 1.47 (colored)
put back openssl extension, mistakely commented out in PHP 5.2.1 upgrade noted by Manuel Bouyer