Subject: CVS commit: pkgsrc/www/php4
To: None <pkgsrc-changes@NetBSD.org>
From: Adrian Portelli <adrianp@netbsd.org>
List: pkgsrc-changes
Date: 08/10/2006 23:01:40
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Thu Aug 10 23:01:40 UTC 2006

Modified Files:
	pkgsrc/www/php4: Makefile Makefile.common distinfo
	pkgsrc/www/php4/files: pear.sh
	pkgsrc/www/php4/patches: patch-ao
Added Files:
	pkgsrc/www/php4/patches: patch-aw
Removed Files:
	pkgsrc/www/php4/patches: patch-aq patch-ar patch-as patch-au patch-av

Log Message:
Update to 4.4.3

All PHP 4.x users are encouraged to upgrade to this release as soon as possible.

The security issues resolved include the following:

* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
  function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.

The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).

For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3

This also contains a fix for CVE-2006-4020 (SA21403)


To generate a diff of this commit:
cvs rdiff -r1.69 -r1.70 pkgsrc/www/php4/Makefile
cvs rdiff -r1.52 -r1.53 pkgsrc/www/php4/Makefile.common
cvs rdiff -r1.55 -r1.56 pkgsrc/www/php4/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/www/php4/files/pear.sh
cvs rdiff -r1.2 -r1.3 pkgsrc/www/php4/patches/patch-ao
cvs rdiff -r1.1 -r0 pkgsrc/www/php4/patches/patch-aq \
    pkgsrc/www/php4/patches/patch-ar pkgsrc/www/php4/patches/patch-as \
    pkgsrc/www/php4/patches/patch-au pkgsrc/www/php4/patches/patch-av
cvs rdiff -r0 -r1.1 pkgsrc/www/php4/patches/patch-aw

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.