pkgsrc-changes: CVS commit: [pkgsrc-2007Q1] pkgsrc/lang/php5

Subject: CVS commit: [pkgsrc-2007Q1] pkgsrc/lang/php5
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 05/15/2007 23:42:40
Module Name:	pkgsrc
Committed By:	salo
Date:		Tue May 15 23:42:40 UTC 2007

Modified Files:
	pkgsrc/lang/php5 [pkgsrc-2007Q1]: Makefile Makefile.common PLIST
	    distinfo
Removed Files:
	pkgsrc/lang/php5/patches [pkgsrc-2007Q1]: patch-ac

Log Message:
Pullup ticket 2085 - requested by adrianp
security update for php5

Updated via patch provided by the submitter.

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Sun May  6 20:07:37 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.common distinfo
   Removed Files:
   	pkgsrc/lang/php5/patches: patch-ac

   Log Message:
   Update 5.2.2
   * Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
   * Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
   * Fixed a bug in mb_parse_str() that can be used to activate register_globals
     (MOPB-26 by Stefan Esser)
   * Fixed unallocated memory access/double free in in array_user_key_compare()
     (MOPB-24 by Stefan Esser)
   * Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
   * Added missing open_basedir & safe_mode checks to zip:// and bzip://
   * wrappers.
     (MOPB-21 by Stefan Esser).
   * Limit nesting level of input variables with max_input_nesting_level as fix
   * for
     (MOPB-03 by Stefan Esser)
   * Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
   * Fixed a possible super-global overwrite inside import_request_variables().
     (by Stefano Di Paola, Stefan Esser)
   * Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
     library. (by Stanislav Malyshev)
   * Fixed a header injection via Subject and To parameters to the mail()
   * function
     (MOPB-34 by Stefan Esser)
   * Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan
   * Esser)
   * Fixed substr_compare and substr_count information leak
     (MOPB-14 by Stefan Esser) (Stas, Ilia)
   * Fixed a remotely trigger-able buffer overflow inside
   * make_http_soap_request()
     (by Ilia Alshanetsky)
   * Fixed a buffer overflow inside user_filter_factory_create().
     (by Ilia Alshanetsky)


To generate a diff of this commit:
cvs rdiff -r1.48 -r1.48.2.1 pkgsrc/lang/php5/Makefile
cvs rdiff -r1.24 -r1.24.2.1 pkgsrc/lang/php5/Makefile.common
cvs rdiff -r1.14 -r1.14.2.1 pkgsrc/lang/php5/PLIST
cvs rdiff -r1.36.2.1 -r1.36.2.2 pkgsrc/lang/php5/distinfo
cvs rdiff -r1.3.2.1 -r0 pkgsrc/lang/php5/patches/patch-ac

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.