Subject: CVS commit: pkgsrc/www/php4
To: None <pkgsrc-changes@NetBSD.org>
From: Adrian Portelli <adrianp@netbsd.org>
List: pkgsrc-changes
Date: 08/10/2006 23:01:40
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Aug 10 23:01:40 UTC 2006
Modified Files:
pkgsrc/www/php4: Makefile Makefile.common distinfo
pkgsrc/www/php4/files: pear.sh
pkgsrc/www/php4/patches: patch-ao
Added Files:
pkgsrc/www/php4/patches: patch-aw
Removed Files:
pkgsrc/www/php4/patches: patch-aq patch-ar patch-as patch-au patch-av
Log Message:
Update to 4.4.3
All PHP 4.x users are encouraged to upgrade to this release as soon as possible.
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).
For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3
This also contains a fix for CVE-2006-4020 (SA21403)
To generate a diff of this commit:
cvs rdiff -r1.69 -r1.70 pkgsrc/www/php4/Makefile
cvs rdiff -r1.52 -r1.53 pkgsrc/www/php4/Makefile.common
cvs rdiff -r1.55 -r1.56 pkgsrc/www/php4/distinfo
cvs rdiff -r1.2 -r1.3 pkgsrc/www/php4/files/pear.sh
cvs rdiff -r1.2 -r1.3 pkgsrc/www/php4/patches/patch-ao
cvs rdiff -r1.1 -r0 pkgsrc/www/php4/patches/patch-aq \
pkgsrc/www/php4/patches/patch-ar pkgsrc/www/php4/patches/patch-as \
pkgsrc/www/php4/patches/patch-au pkgsrc/www/php4/patches/patch-av
cvs rdiff -r0 -r1.1 pkgsrc/www/php4/patches/patch-aw
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.