head	1.9;
access;
symbols
	pkgsrc-2013Q2:1.9.0.8
	pkgsrc-2013Q2-base:1.9
	pkgsrc-2012Q4:1.9.0.6
	pkgsrc-2012Q4-base:1.9
	pkgsrc-2011Q4:1.9.0.4
	pkgsrc-2011Q4-base:1.9
	pkgsrc-2011Q2:1.9.0.2
	pkgsrc-2011Q2-base:1.9
	pkgsrc-2009Q4:1.7.0.4
	pkgsrc-2009Q4-base:1.7
	pkgsrc-2008Q4:1.7.0.2
	pkgsrc-2008Q4-base:1.7
	pkgsrc-2008Q3:1.4.0.10
	pkgsrc-2008Q3-base:1.4
	cube-native-xorg:1.4.0.8
	cube-native-xorg-base:1.4
	pkgsrc-2008Q2:1.4.0.6
	pkgsrc-2008Q2-base:1.4
	cwrapper:1.4.0.4
	pkgsrc-2008Q1:1.4.0.2
	pkgsrc-2008Q1-base:1.4
	pkgsrc-2007Q4:1.3.0.10
	pkgsrc-2007Q4-base:1.3
	pkgsrc-2007Q3:1.3.0.8
	pkgsrc-2007Q3-base:1.3
	pkgsrc-2007Q2:1.3.0.6
	pkgsrc-2007Q2-base:1.3
	pkgsrc-2007Q1:1.3.0.4
	pkgsrc-2007Q1-base:1.3
	pkgsrc-2006Q4:1.3.0.2
	pkgsrc-2006Q4-base:1.3
	pkgsrc-2006Q3:1.2.0.6
	pkgsrc-2006Q3-base:1.2
	pkgsrc-2006Q2:1.2.0.4
	pkgsrc-2006Q2-base:1.2
	pkgsrc-2006Q1:1.2.0.2
	pkgsrc-2006Q1-base:1.2
	pkgsrc-2005Q4:1.1.0.10
	pkgsrc-2005Q4-base:1.1
	pkgsrc-2005Q3:1.1.0.8
	pkgsrc-2005Q3-base:1.1
	pkgsrc-2005Q2:1.1.0.6
	pkgsrc-2005Q2-base:1.1
	pkgsrc-2005Q1:1.1.0.4
	pkgsrc-2005Q1-base:1.1
	pkgsrc-2004Q4:1.1.0.2
	pkgsrc-2004Q4-base:1.1;
locks; strict;
comment	@# @;


1.9
date	2010.12.13.13.15.45;	author taca;	state dead;
branches;
next	1.8;

1.8
date	2010.11.25.03.44.16;	author taca;	state Exp;
branches;
next	1.7;

1.7
date	2008.12.10.20.44.56;	author adrianp;	state dead;
branches;
next	1.6;

1.6
date	2008.12.08.14.52.01;	author adrianp;	state Exp;
branches;
next	1.5;

1.5
date	2008.12.05.13.07.37;	author adrianp;	state dead;
branches;
next	1.4;

1.4
date	2008.03.04.17.13.49;	author sborrill;	state Exp;
branches;
next	1.3;

1.3
date	2006.11.06.22.06.35;	author jdolecek;	state Exp;
branches;
next	1.2;

1.2
date	2006.02.06.06.39.59;	author martti;	state Exp;
branches;
next	1.1;

1.1
date	2004.10.31.21.14.54;	author jdolecek;	state Exp;
branches
	1.1.10.1;
next	;

1.1.10.1
date	2006.02.15.14.12.20;	author salo;	state Exp;
branches;
next	;


desc
@@


1.9
log
@Update php5 package to 5.2.15 (PHP 5.2.15):


The PHP development team would like to announce the immediate
availability of PHP 5.2.15. This release marks the end of support for
PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

This release focuses on improving the security and stability of the
PHP 5.2.x branch with a small number, of predominatly security fixes.

Security Enhancements and Fixes in PHP 5.2.15:

* Fixed extract() to do not overwrite $GLOBALS and $this when using
  EXTR_OVERWRITE.
* Fixed crash in zip extract method (possible CWE-170).
* Fixed a possible double free in imap extension.
* Fixed possible flaw in open_basedir (CVE-2010-3436).
* Fixed NULL pointer dereference in
  ZipArchive::getArchiveComment. (CVE-2010-3709).
* Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
  large amount of data).

Key enhancements in PHP 5.2.15 include:

* Fixed bug #47643 (array_diff() takes over 3000 times longer than php
  5.2.4).
* Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
  with SoapClient object).
* To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
  migration guide available on http://php.net/migration53, details the changes
  between PHP 5.2 and PHP 5.3.

For a full list of changes in PHP 5.2.15 see the ChangeLog at
http://www.php.net/ChangeLog-5.php#5.2.15.
@
text
@$NetBSD: patch-ak,v 1.8 2010/11/25 03:44:16 taca Exp $

Fix for CVE-2010-4150:
	http://svn.php.net/viewvc?view=revision&revision=305032

--- ext/imap/php_imap.c.orig	2010-02-07 13:06:54.000000000 +0000
+++ ext/imap/php_imap.c
@@@@ -794,10 +794,12 @@@@ static void php_imap_do_open(INTERNAL_FU
 
 	if (IMAPG(imap_user)) {
 		efree(IMAPG(imap_user));
+		IMAPG(imap_user) = 0;
 	}
 
 	if (IMAPG(imap_password)) {
 		efree(IMAPG(imap_password));
+		IMAPG(imap_password) = 0;
 	}
 
 	/* local filename, need to perform open_basedir and safe_mode checks */
@


1.8
log
@- CVE-2010-4150 (php-imap)
	http://svn.php.net/viewvc?view=revision&revision=305032
- CVE-2010-3710 (a part of SA41724)
	http://svn.php.net/viewvc?view=revision&revision=303885
- CVE-2010-3870 (a part of SA41724)
	http://svn.php.net/viewvc?view=revision&revision=305055

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@


1.7
log
@Remove obsolete patch - pointed out by tron@@
@
text
@d1 1
a1 1
$NetBSD: patch-ak,v 1.6 2008/12/08 14:52:01 adrianp Exp $
d3 10
a12 67
--- ext/imap/php_imap.c.orig	2007-07-31 01:31:10.000000000 +0100
+++ ext/imap/php_imap.c	2008-03-04 18:14:19.000000000 +0000
@@@@ -70,6 +70,7 @@@@
 static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
 static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC);
 static int _php_imap_address_size(ADDRESS *addresslist);
+static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len);
 
 /* the gets we use */
 static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md);
@@@@ -452,6 +453,11 @@@@
 {
 	unsigned long sa_all =	SA_MESSAGES | SA_RECENT | SA_UNSEEN | SA_UIDNEXT | SA_UIDVALIDITY;
 
+/*
+ * Optionally use the installed c-client linkage.c to determine which drivers
+ * are authenticators are linked in. Otherwise use this fixed list.
+ */
+#ifndef HAVE_IMAP_LINKAGE
 #ifndef PHP_WIN32
 	mail_link(&unixdriver);		/* link in the unix driver */
 	mail_link(&mhdriver);		/* link in the mh driver */
@@@@ -467,6 +473,10 @@@@
 	mail_link(&tenexdriver);	/* link in the tenex driver */
 	mail_link(&mtxdriver);		/* link in the mtx driver */
 	mail_link(&dummydriver);	/* link in the dummy driver */
+#else /* HAVE_IMAP_LINKAGE */
+        /* link in the c-client mail and auth drivers */
+#include "linkage.c"
+#endif /* HAVE_IMAP_LINKAGE */
 
 #ifndef PHP_WIN32
 	auth_link(&auth_log);		/* link in the log authenticator */
@@@@ -1603,18 +1613,21 @@@@
 	}
 	
 	PHP_IMAP_CHECK_MSGNO(Z_LVAL_PP(msgno));
-
+	printf("mail_fetchstructure\n");
 	if (mail_fetchstructure(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), NIL)) {
 		cache = mail_elt(imap_le_struct->imap_stream, Z_LVAL_PP(msgno));
 	} else {
 		RETURN_FALSE;
 	}
 	
+	printf("mail_fetchenvelope a\n");
 	en = mail_fetchenvelope(imap_le_struct->imap_stream, Z_LVAL_PP(msgno));
+	printf("mail_fetchenvelope b\n");
 
 	/* call a function to parse all the text, so that we can use the
 	   same function to parse text from other sources */
 	_php_make_header_object(return_value, en TSRMLS_CC);
+	printf("mail_fetchenvelope c\n");
 	
 	/* now run through properties that are only going to be returned
 	   from a server, not text headers */
@@@@ -1624,6 +1637,7 @@@@
 	add_property_string(return_value, "Answered", cache->answered ? "A" : " ", 1);
 	add_property_string(return_value, "Deleted", cache->deleted ? "D" : " ", 1);
 	add_property_string(return_value, "Draft", cache->draft ? "X" : " ", 1);
+	printf("mail_fetchenvelope d\n");
 	
 	snprintf(dummy, sizeof(dummy), "%4ld", cache->msgno);
 	add_property_string(return_value, "Msgno", dummy, 1);
@@@@ -1646,6 +1660,7 @@@@
 		mail_fetchsubject(fulladdress, imap_le_struct->imap_stream, Z_LVAL_PP(msgno), Z_LVAL_PP(subjectlength));
 		add_property_string(return_value, "fetchsubject", fulladdress, 1);
a13 3
+	printf("mail_fetchenvelope e\n");
 }
 /* }}} */
d15 3
a17 9
@@@@ -2105,7 +2120,6 @@@@
 	zval **mailbox, **host, **personal;
 	ADDRESS *addr;
 	char string[MAILTMPLEN];
-
 	if (ZEND_NUM_ARGS() != 3 || zend_get_parameters_ex(3, &mailbox, &host, &personal) == FAILURE) {
 		ZEND_WRONG_PARAM_COUNT();
 	}
@@@@ -2137,7 +2151,7 @@@@
d20 1
a20 82
 	string[0]='\0';
-	rfc822_write_address(string, addr);
+	_php_rfc822_write_address_len(string, addr, sizeof(string));
 	RETVAL_STRING(string, 1);
 }
 /* }}} */
@@@@ -2906,13 +2920,13 @@@@
 				if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) {
 					env->from->next=NULL;
 					address[0] = '\0';
-					rfc822_write_address(address, env->from);
+					_php_rfc822_write_address_len(address, env->from, sizeof(address));
 					add_property_string(myoverview, "from", address, 1);
 				}
 				if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) {
 					env->to->next = NULL;
 					address[0] = '\0';
-					rfc822_write_address(address, env->to);
+					_php_rfc822_write_address_len(address, env->to, sizeof(address));
 					add_property_string(myoverview, "to", address, 1);
 				}
 				if (env->date) {
@@@@ -3868,6 +3882,7 @@@@
 		ret += _php_rfc822_len(tmp->mailbox);
 		ret += _php_rfc822_len(tmp->host);
 		num_ent++;
+		printf("%d:%s %s %s %s\n",num_ent,tmp->personal,tmp->adl,tmp->mailbox,tmp->host);
 	} while ((tmp = tmp->next));
 
 	/* 
@@@@ -3883,6 +3898,33 @@@@
 /* }}} */
 
 
+/* {{{ _php_rfc822_soutr
+ */
+static long _php_rfc822_soutr (void *stream,char *string)
+{
+	return NIL;
+}
+
+/* }}} */
+
+
+/* {{{ _php_rfc822_write_address_len
+ */
+static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len)
+{
+	RFC822BUFFER buf;
+	buf.beg = dest;
+	buf.cur = buf.beg;
+	buf.end = buf.beg + len - 1;
+	buf.s = NIL;
+	buf.f = _php_rfc822_soutr;
+	rfc822_output_address_list (&buf, adr, 0, NIL);
+	*buf.cur = '\0';
+}
+	
+/* }}} */
+
+
 /* {{{ _php_imap_parse_address
  */
 static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC)
@@@@ -3891,13 +3933,15 @@@@
 	zval *tmpvals;
 	char *tmpstr;
 	int len=0;
-		
+
+	
 	addresstmp = addresslist;
 
 	if ((len = _php_imap_address_size(addresstmp))) {
 		tmpstr = (char *) pemalloc(len + 1, 1);
 		tmpstr[0] = '\0';
-		rfc822_write_address(tmpstr, addresstmp);
+
+		_php_rfc822_write_address_len(tmpstr, addresstmp, len);
 		*fulladdress = tmpstr;
 	} else {
 		*fulladdress = NULL;
@


1.6
log
@Revert to 5.2.6:
http://www.php.net/archive/2008.php#id2008-12-07-1

Thanks to tron@@ for the heads up
@
text
@d1 1
a1 1
$NetBSD: patch-ak,v 1.4 2008/03/04 17:13:49 sborrill Exp $
@


1.5
log
@Update to 5.2.7.

Security Enhancements and Fixes in PHP 5.2.7:

Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:

Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
Over 170 bug fixes.
@
text
@@


1.4
log
@Patch around imap_header() dying with SIGABRT if recipient lists are too
long. Patch appended to PHP bug 42862, so the fix may be incorporated in
later PHP releases and thus this patch can be reverted.

http://bugs.php.net/bug.php?id=42862

Bump PKGREVISION of php-imap
@
text
@d1 1
a1 1
$NetBSD$
@


1.3
log
@Update lang/php5 to 5.2.0.

Changes since 5.1.6:

The key features of PHP 5.2.0 include:
* New memory manager for the Zend Engine with improved performance and a more
  accurate memory usage tracking.
* Input filtering extension was added and enabled by default.
* JSON extension was added and enabled by default.
* ZIP extension for creating and editing zip files was introduced.
* Hooks for tracking file upload progress were introduced.
* Introduced E_RECOVERABLE_ERROR error mode.
* Introduced DateTime and DateTimeZone objects with methods to manipulate
  date/time information.
* Upgraded bundled SQLite, PCRE libraries.
* Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows
  installations.
* Many performance improvements.
* Over 200 bug fixes.

Security Enhancements and Fixes in PHP 5.2.0:
* Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep
  track of character set encoding whenever possible.
* Added allow_url_include, set to Off by default to disallow use of URLs
  for include and require.
* Disable realpath cache when open_basedir and safe_mode are being used.
* Improved safe_mode enforcement for error_log() function.
* Fixed a possible buffer overflow in the underlying code responsible
  for htmlspecialchars() and htmlentities() functions.
* Added missing safe_mode and open_basedir checks for the cURL extension.
* Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines.
* Fixed handling of long paths inside the tempnam() function.
* Fixed safe_mode/open_basedir checks for session.save_path, allowing them
  to account for extra parameters.
* Fixed ini setting overload in the ini_restore() function.

For a full list of changes in PHP 5.2.0, see the ChangeLog:
	http://www.php.net/ChangeLog-5.php#5.2.0

Also other notable extensions changes:
* filePRO extension removed (not in PECL yet, php-filepro disabled for PHP5)
* JSON added (not enabled by default, packaged in php-json)
* filter added (enabled by default)
* wddx rewritten to native libxml2, fixing several encoding bugs
@
text
@d3 11
a13 3
--- ext/imap/php_imap.c.orig	2006-10-05 16:25:41.000000000 +0200
+++ ext/imap/php_imap.c
@@@@ -441,6 +441,11 @@@@ PHP_MINIT_FUNCTION(imap)
d25 1
a25 1
@@@@ -456,6 +461,10 @@@@ PHP_MINIT_FUNCTION(imap)
d36 132
@


1.2
log
@Updated lang/php5 to 5.1.2

* HTTP Response Splitting has been addressed in ext/session and in
  the header() function.
* Fixed format string vulnerability in ext/mysqli.
* Fixed possible cross-site scripting problems in certain error conditions.
* Hash & XMLWriter extensions added and enabled by default.
* Upgraded OCI8 extension.
* Over 85 various bug fixes.

(I haven't heard anything from the MAINTAINER but since this works fine
on my servers and as this fixes security issues I checked in this)
@
text
@d1 1
a1 1
$NetBSD: patch-ak,v 1.1 2004/10/31 21:14:54 jdolecek Exp $
d3 5
a7 5
--- ext/imap/php_imap.c.orig	2006-01-05 02:47:16.000000000 +0200
+++ ext/imap/php_imap.c	2006-02-05 15:37:19.000000000 +0200
@@@@ -429,6 +429,11 @@@@
 
 	ZEND_INIT_MODULE_GLOBALS(imap, php_imap_init_globals, NULL)
d17 1
a17 1
@@@@ -444,6 +449,10 @@@@
@


1.1
log
@add patches necessary to build php-imap with PHP5
@
text
@d1 1
a1 1
$NetBSD$
d3 3
a5 3
--- ext/imap/php_imap.c.orig	2004-08-12 21:32:18.000000000 +0200
+++ ext/imap/php_imap.c	2004-10-31 21:11:57.000000000 +0100
@@@@ -428,6 +428,11 @@@@
d17 1
a17 1
@@@@ -443,6 +448,10 @@@@
@


1.1.10.1
log
@Pullup ticket 1136 - requested by Martti Kuparinen
security update for php5

Revisions pulled up:
- pkgsrc/lang/php5/Makefile			1.24, 1.25, 1.27
- pkgsrc/lang/php5/Makefile.common		1.14, 1.15
- pkgsrc/lang/php5/PLIST			1.9, 1.10
- pkgsrc/lang/php5/buildlink3.mk		1.10
- pkgsrc/lang/php5/distinfo			1.14
- pkgsrc/lang/php5/patches/patch-ag		1.2
- pkgsrc/lang/php5/patches/patch-ak		1.2
- pkgsrc/lang/php5/patches/patch-aj		1.3
- pkgsrc/lang/php5/patches/patch-ao		1.3

   Module Name:		pkgsrc
   Committed By:	reed
   Date:		Wed Jan  4 17:44:24 UTC 2006

   Modified Files:
    	pkgsrc/lang/php5: Makefile

   Log Message:
   Use PKGMANDIR instead of "man".
---
   Module Name:		pkgsrc
   Committed By:	rillig
   Date:		Thu Feb  2 20:31:17 UTC 2006

   Modified Files:
    	pkgsrc/lang/php5: Makefile PLIST


   Log Message:
   Added two missing files to the PLIST. Bumped PKGREVISION.
---
   Module Name:		pkgsrc
   Committed By:	martti
   Date:		Mon Feb  6 06:39:59 UTC 2006

   Modified Files:
    	pkgsrc/lang/php5: Makefile Makefile.common PLIST buildlink3.mk
		distinfo
    	pkgsrc/lang/php5/patches: patch-ag patch-aj patch-ak patch-ao

   Log Message:
   Updated lang/php5 to 5.1.2

   * HTTP Response Splitting has been addressed in ext/session and in
     the header() function.
   * Fixed format string vulnerability in ext/mysqli.
   * Fixed possible cross-site scripting problems in certain error
     conditions.
   * Hash & XMLWriter extensions added and enabled by default.
   * Upgraded OCI8 extension.
   * Over 85 various bug fixes.

   (I haven't heard anything from the MAINTAINER but since this works fine
   on my servers and as this fixes security issues I checked in this)
---
   Module Name:		pkgsrc
   Committed By:	jdolecek
   Date:		Mon Feb  6 20:12:55 UTC 2006

   Modified Files:
    	pkgsrc/lang/php5: Makefile.common

   Log Message:
   add fix to build php-xmlrpc and php5-dom successfully with 5.1.2
@
text
@d1 1
a1 1
$NetBSD: patch-ak,v 1.2 2006/02/06 06:39:59 martti Exp $
d3 3
a5 3
--- ext/imap/php_imap.c.orig	2006-01-05 02:47:16.000000000 +0200
+++ ext/imap/php_imap.c	2006-02-05 15:37:19.000000000 +0200
@@@@ -429,6 +429,11 @@@@
d17 1
a17 1
@@@@ -444,6 +449,10 @@@@
@