head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.24 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.22 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.20 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.18 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.16 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.14 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.12 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.10 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.8 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.6 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.4 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.2 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.3.0.2 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.2.0.12 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.10 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.8 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.6 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.4 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.2 pkgsrc-2005Q4-base:1.2; locks; strict; comment @# @; 1.4 date 2007.09.02.21.12.42; author jdolecek; state dead; branches; next 1.3; 1.3 date 2007.06.07.10.45.18; author adrianp; state Exp; branches; next 1.2; 1.2 date 2005.12.03.18.53.57; author jdolecek; state dead; branches 1.2.12.1; next 1.1; 1.1 date 2005.10.07.21.09.28; author jdolecek; state Exp; branches; next ; 1.2.12.1 date 2007.06.14.23.34.09; author salo; state Exp; branches; next ; desc @@ 1.4 log @Update lang/php5 to 5.2.4 - miscellaneous security fixes and over 120 other bug fixes @ text @$NetBSD: patch-am,v 1.3 2007/06/07 10:45:18 adrianp Exp $ --- ext/standard/string.c.orig 2007-05-30 01:33:13.000000000 +0100 +++ ext/standard/string.c @@@@ -1956,18 +1956,20 @@@@ static char *php_chunk_split(char *src, char *p, *q; int chunks; /* complete chunks! */ int restlen; - int out_len; + float out_len; chunks = srclen / chunklen; restlen = srclen - chunks * chunklen; /* srclen % chunklen */ - out_len = (srclen + (chunks + 1) * endlen + 1); + out_len = chunks + 1; + out_len *= endlen; + out_len += srclen + 1; if (out_len > INT_MAX || out_len <= 0) { return NULL; } - dest = safe_emalloc(out_len, sizeof(char), 0); + dest = safe_emalloc((int)out_len, sizeof(char), 0); for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) { memcpy(q, p, chunklen); @ 1.3 log @Add in the correct patch to fix CVE-2007-2872 Spotted by Takahiro Kambe @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update PHP5 to version 5.1.1. Some of the key features include: * A complete rewrite of date handling code, with improved timezone support. * Significant performance improvements compared to PHP 5.0.X. * PDO extension is now enabled by default (separate pkg for pkgsrc) * Over 30 new functions in various extensions and built-in functionality. * Bundled libraries, PCRE and SQLite upgraded to latest versions. * Over 400 various bug fixes. * PEAR upgraded to version 1.4.5 This release also fixes various security problems discovered in 5.0.X. @ text @d1 1 a1 1 $NetBSD: patch-am,v 1.1 2005/10/07 21:09:28 jdolecek Exp $ d3 26 a28 10 --- ext/ldap/config.m4.orig 2005-05-08 16:06:24.000000000 +0000 +++ ext/ldap/config.m4 @@@@ -114,6 +114,7 @@@@ if test "$PHP_LDAP" != "no"; then _SAVE_CPPFLAGS=$CPPFLAGS _SAVE_LDFLAGS=$LDFLAGS CPPFLAGS="$CPPFLAGS -I$LDAP_INCDIR" + LDFLAGS="$LDFLAGS $LDAP_SHARED_LIBADD" AC_CACHE_CHECK([for 3 arg ldap_set_rebind_proc], ac_cv_3arg_setrebindproc, [AC_TRY_COMPILE([#include ], [ldap_set_rebind_proc(0,0,0)], ac_cv_3arg_setrebindproc=yes, ac_cv_3arg_setrebindproc=no)]) @ 1.2.12.1 log @Pullup ticket 2113 - requested by adrianp security update for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.52, 1.53, 1.54, 1.55 - pkgsrc/lang/php5/Makefile.common 1.26 - pkgsrc/lang/php5/distinfo 1.41, 1.42, 1.43, 1.44 - pkgsrc/lang/php5/patches/patch-am 1.3 - pkgsrc/lang/php5/patches/patch-an 1.3, 1.4 Module Name: pkgsrc Committed By: adrianp Date: Wed Jun 6 19:33:13 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile Makefile.common distinfo Log Message: Update to php-5.2.3 Security Fixes * Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872) * Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756) * Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900) * Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk) * Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib. * Added mysql_set_charset() to allow runtime altering of connection encoding. * Upgraded bundled SQLite 3 to version 3.3.17. (Ilia) * Fixed gd build when used with freetype 1.x (Pierre, Tony) And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3 for all the details. --- Module Name: pkgsrc Committed By: adrianp Date: Thu Jun 7 10:45:18 UTC 2007 Added Files: pkgsrc/lang/php5/patches: patch-am Log Message: Add in the correct patch to fix CVE-2007-2872 Spotted by Takahiro Kambe --- Module Name: pkgsrc Committed By: adrianp Date: Thu Jun 7 10:45:42 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile distinfo Log Message: Add in the correct patch to fix CVE-2007-2872 Spotted by Takahiro Kambe --- Module Name: pkgsrc Committed By: adrianp Date: Fri Jun 8 12:29:53 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-an Log Message: Fix the install path for the CGI binary so it ends up where we want it. Pointed out by schmonz@@ and taca@@ Bump PKGREVISION --- Module Name: pkgsrc Committed By: heinz Date: Mon Jun 11 17:45:30 UTC 2007 Modified Files: pkgsrc/lang/php5: Makefile distinfo pkgsrc/lang/php5/patches: patch-an Log Message: Added support for installation to DESTDIR. patch-an had removed correct support for this before, probably unintentionally. @ text @d1 1 a1 1 $NetBSD: patch-am,v 1.3 2007/06/07 10:45:18 adrianp Exp $ d3 10 a12 26 --- ext/standard/string.c.orig 2007-05-30 01:33:13.000000000 +0100 +++ ext/standard/string.c @@@@ -1956,18 +1956,20 @@@@ static char *php_chunk_split(char *src, char *p, *q; int chunks; /* complete chunks! */ int restlen; - int out_len; + float out_len; chunks = srclen / chunklen; restlen = srclen - chunks * chunklen; /* srclen % chunklen */ - out_len = (srclen + (chunks + 1) * endlen + 1); + out_len = chunks + 1; + out_len *= endlen; + out_len += srclen + 1; if (out_len > INT_MAX || out_len <= 0) { return NULL; } - dest = safe_emalloc(out_len, sizeof(char), 0); + dest = safe_emalloc((int)out_len, sizeof(char), 0); for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) { memcpy(q, p, chunklen); @ 1.1 log @Add a fix to LDAP extension build to properly detect LDAP capabilities, such as TLS support. Patch provided by Stoned Elipot in private e-mail. @ text @d1 1 a1 1 $NetBSD$ @