Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Jaromir Dolecek <jdolecek@netbsd.org>
List: pkgsrc-changes
Date: 07/14/2004 08:03:16
Module Name: pkgsrc
Committed By: jdolecek
Date: Wed Jul 14 08:03:16 UTC 2004
Modified Files:
pkgsrc/databases/php4-mssql: Makefile
pkgsrc/databases/php4-mysql: distinfo
pkgsrc/doc: CHANGES
pkgsrc/mail/php4-imap: distinfo
pkgsrc/www/php4: Makefile.common Makefile.php distinfo
Added Files:
pkgsrc/databases/php4-mssql/patches: patch-aa
Log Message:
Update php4 to 4.3.8.
This is security fix release, fixing several important security
issues. From the ChangeLog:
* Fixed strip_tags() to correctly handle '\0' characters.
* Improved stability during startup when memory_limit is used.
* Replace alloca() with emalloc() for better stack protection.
* Added missing safe_mode checks inside ftok and itpc.
* Fixed bug #28963 Fixed address allocation routine in IMAP extension.
* Fixed bug #28632 Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
Note: package update also includes extra patches from PHP CVS not
present in stock PHP 4.3.8 release - compilation fix for
mssql extension and Zend engine memory-use-after-free fix.
To generate a diff of this commit:
cvs rdiff -r1.2 -r1.3 pkgsrc/databases/php4-mssql/Makefile
cvs rdiff -r0 -r1.1 pkgsrc/databases/php4-mssql/patches/patch-aa
cvs rdiff -r1.10 -r1.11 pkgsrc/databases/php4-mysql/distinfo
cvs rdiff -r1.6548 -r1.6549 pkgsrc/doc/CHANGES
cvs rdiff -r1.11 -r1.12 pkgsrc/mail/php4-imap/distinfo
cvs rdiff -r1.42 -r1.43 pkgsrc/www/php4/Makefile.common
cvs rdiff -r1.14 -r1.15 pkgsrc/www/php4/Makefile.php
cvs rdiff -r1.30 -r1.31 pkgsrc/www/php4/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.