Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sun May  6 19:50:18 UTC 2007

Modified Files:
	pkgsrc/www/php4: Makefile Makefile.common distinfo
Removed Files:
	pkgsrc/www/php4/patches: patch-ae

Log Message:
Update to 4.4.7
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
  (MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
  (MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
  (MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
  (MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
  (by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
  library. (by Stanislav Malyshev)
* XSS in phpinfo() (MOPB-8 by Stefan Esser)


To generate a diff of this commit:
cvs rdiff -r1.76 -r1.77 pkgsrc/www/php4/Makefile
cvs rdiff -r1.55 -r1.56 pkgsrc/www/php4/Makefile.common
cvs rdiff -r1.64 -r1.65 pkgsrc/www/php4/distinfo
cvs rdiff -r1.7 -r0 pkgsrc/www/php4/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.