head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.4 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.2 pkgsrc-2012Q4-base:1.4 pkgsrc-2012Q1:1.3.0.48 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.46 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.44 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.42 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.40 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.38 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.36 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.34 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.32 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.30 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.28 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.26 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.24 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.22 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.20 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.18 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.16 pkgsrc-2008Q2-base:1.3 cwrapper:1.3.0.14 pkgsrc-2008Q1:1.3.0.12 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.10 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.8 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.6 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.4 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.2 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.1.0.2; locks; strict; comment @# @; 1.4 date 2012.06.16.15.15.06; author taca; state dead; branches; next 1.3; 1.3 date 2006.11.07.16.57.46; author tron; state Exp; branches; next 1.2; 1.2 date 2006.11.06.22.06.35; author jdolecek; state dead; branches; next 1.1; 1.1 date 2006.10.22.13.19.19; author adrianp; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.10.22.13.19.19; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.10.29.16.47.58; author ghen; state Exp; branches; next ; desc @@ 1.4 log @Remove php5 (PHP 5.2.17), please migra to php53 or php54. @ text @$NetBSD: patch-aa,v 1.3 2006/11/07 16:57:46 tron Exp $ --- ext/pdo_sqlite/sqlite/configure.orig 2006-08-14 17:15:28.000000000 +0100 +++ ext/pdo_sqlite/sqlite/configure 2006-11-07 16:51:39.000000000 +0000 @@@@ -19700,7 +19700,7 @@@@ OS_WIN=0 OS_OS2=1 TARGET_CFLAGS="$TARGET_CFLAGS -DOS_OS2=1" - if test "$ac_compiler_gnu" == "yes" ; then + if test "$ac_compiler_gnu" = "yes" ; then TARGET_CFLAGS="$TARGET_CFLAGS -Zomf -Zexe -Zmap" BUILD_CFLAGS="$BUILD_CFLAGS -Zomf -Zexe" fi @ 1.3 log @Fix non-portable "configure" shell script. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update lang/php5 to 5.2.0. Changes since 5.1.6: The key features of PHP 5.2.0 include: * New memory manager for the Zend Engine with improved performance and a more accurate memory usage tracking. * Input filtering extension was added and enabled by default. * JSON extension was added and enabled by default. * ZIP extension for creating and editing zip files was introduced. * Hooks for tracking file upload progress were introduced. * Introduced E_RECOVERABLE_ERROR error mode. * Introduced DateTime and DateTimeZone objects with methods to manipulate date/time information. * Upgraded bundled SQLite, PCRE libraries. * Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows installations. * Many performance improvements. * Over 200 bug fixes. Security Enhancements and Fixes in PHP 5.2.0: * Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible. * Added allow_url_include, set to Off by default to disallow use of URLs for include and require. * Disable realpath cache when open_basedir and safe_mode are being used. * Improved safe_mode enforcement for error_log() function. * Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions. * Added missing safe_mode and open_basedir checks for the cURL extension. * Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines. * Fixed handling of long paths inside the tempnam() function. * Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters. * Fixed ini setting overload in the ini_restore() function. For a full list of changes in PHP 5.2.0, see the ChangeLog: http://www.php.net/ChangeLog-5.php#5.2.0 Also other notable extensions changes: * filePRO extension removed (not in PECL yet, php-filepro disabled for PHP5) * JSON added (not enabled by default, packaged in php-json) * filter added (enabled by default) * wddx rewritten to native libxml2, fixing several encoding bugs @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1 2006/10/22 13:19:19 adrianp Exp $ d3 11 a13 19 # CVE-2006-4812 --- Zend/zend_alloc.c.orig 2006-08-10 18:16:24.000000000 +0100 +++ Zend/zend_alloc.c @@@@ -331,12 +331,12 @@@@ ZEND_API void *_ecalloc(size_t nmemb, si int final_size = size*nmemb; HANDLE_BLOCK_INTERRUPTIONS(); - p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); if (!p) { HANDLE_UNBLOCK_INTERRUPTIONS(); return (void *) p; } - memset(p, 0, final_size); + memset(p, 0, size * nmemb); HANDLE_UNBLOCK_INTERRUPTIONS(); return p; } @ 1.1 log @Fixes for CVE-2006-4812 and CVE-2006-4625 Bump nb @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-aa was added on branch pkgsrc-2006Q3 on 2006-10-22 13:19:19 +0000 @ text @d1 21 @ 1.1.2.2 log @Pullup ticket 1889 - requested by adrianp security fix for php Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.44-1.45 - pkgsrc/lang/php5/Makefile.php 1.20 - pkgsrc/lang/php5/distinfo 1.30 - pkgsrc/lang/php5/patches/patch-aa 1.1 - pkgsrc/lang/php5/patches/patch-ab 1.2 - pkgsrc/lang/www/ap-php/Makefile 1.12 - pkgsrc/lang/www/php4/Makefile 1.71-1.72 - pkgsrc/lang/www/php4/Makefile.php 1.36 - pkgsrc/lang/www/php4/distinfo 1.58 - pkgsrc/lang/www/php4/patches/patch-au 1.3 Module Name: pkgsrc Committed By: jdolecek Date: Fri Oct 20 22:10:34 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile Makefile.php pkgsrc/www/ap-php: Makefile pkgsrc/www/php4: Makefile Makefile.php Log Message: remove --enable-memory-limit - 8MB is too low, and this just duplicates process resource limits, which already provide necessary "safety net" protection against rogue scripts bump PKGREVISION for this adressess PR pkg/32007 by "pancake" also remove --enable-track-vars, since that configure argument is long gone from PHP --- Module Name: pkgsrc Committed By: adrianp Date: Sun Oct 22 13:16:42 UTC 2006 Modified Files: pkgsrc/www/php4: Makefile distinfo Added Files: pkgsrc/www/php4/patches: patch-au Log Message: Fix for CVE-2006-4625 Bump nb --- Module Name: pkgsrc Committed By: adrianp Date: Sun Oct 22 13:19:19 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-aa patch-ab Log Message: Fixes for CVE-2006-4812 and CVE-2006-4625 Bump nb @ text @a0 21 $NetBSD: patch-aa,v 1.1.2.1 2006/10/29 16:47:58 ghen Exp $ # CVE-2006-4812 --- Zend/zend_alloc.c.orig 2006-08-10 18:16:24.000000000 +0100 +++ Zend/zend_alloc.c @@@@ -331,12 +331,12 @@@@ ZEND_API void *_ecalloc(size_t nmemb, si int final_size = size*nmemb; HANDLE_BLOCK_INTERRUPTIONS(); - p = _emalloc(final_size ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); + p = _safe_emalloc(nmemb, size, 0 ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC); if (!p) { HANDLE_UNBLOCK_INTERRUPTIONS(); return (void *) p; } - memset(p, 0, final_size); + memset(p, 0, size * nmemb); HANDLE_UNBLOCK_INTERRUPTIONS(); return p; } @