head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.30 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.4.0.28 pkgsrc-2012Q4-base:1.4 pkgsrc-2011Q4:1.4.0.26 pkgsrc-2011Q4-base:1.4 pkgsrc-2011Q2:1.4.0.24 pkgsrc-2011Q2-base:1.4 pkgsrc-2009Q4:1.4.0.22 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.20 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.18 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.16 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.14 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.12 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.10 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.8 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.6 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.4 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.2 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.2.0.2 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.1.0.2; locks; strict; comment @# @; 1.4 date 2006.11.06.22.06.35; author jdolecek; state dead; branches; next 1.3; 1.3 date 2006.11.04.11.27.55; author adrianp; state Exp; branches; next 1.2; 1.2 date 2006.08.19.16.44.15; author taca; state dead; branches 1.2.2.1; next 1.1; 1.1 date 2006.07.18.21.57.30; author adrianp; state Exp; branches 1.1.2.1; next ; 1.2.2.1 date 2006.11.04.16.25.31; author ghen; state Exp; branches; next ; 1.1.2.1 date 2006.07.18.21.57.30; author salo; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.07.23.16.17.02; author salo; state Exp; branches; next ; desc @@ 1.4 log @Update lang/php5 to 5.2.0. Changes since 5.1.6: The key features of PHP 5.2.0 include: * New memory manager for the Zend Engine with improved performance and a more accurate memory usage tracking. * Input filtering extension was added and enabled by default. * JSON extension was added and enabled by default. * ZIP extension for creating and editing zip files was introduced. * Hooks for tracking file upload progress were introduced. * Introduced E_RECOVERABLE_ERROR error mode. * Introduced DateTime and DateTimeZone objects with methods to manipulate date/time information. * Upgraded bundled SQLite, PCRE libraries. * Upgraded OpenSSL, MySQL and PostgreSQL client libraries for Windows installations. * Many performance improvements. * Over 200 bug fixes. Security Enhancements and Fixes in PHP 5.2.0: * Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible. * Added allow_url_include, set to Off by default to disallow use of URLs for include and require. * Disable realpath cache when open_basedir and safe_mode are being used. * Improved safe_mode enforcement for error_log() function. * Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions. * Added missing safe_mode and open_basedir checks for the cURL extension. * Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines. * Fixed handling of long paths inside the tempnam() function. * Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters. * Fixed ini setting overload in the ini_restore() function. For a full list of changes in PHP 5.2.0, see the ChangeLog: http://www.php.net/ChangeLog-5.php#5.2.0 Also other notable extensions changes: * filePRO extension removed (not in PECL yet, php-filepro disabled for PHP5) * JSON added (not enabled by default, packaged in php-json) * filter added (enabled by default) * wddx rewritten to native libxml2, fixing several encoding bugs @ text @$NetBSD: patch-av,v 1.3 2006/11/04 11:27:55 adrianp Exp $ # CVE-2006-5465 --- ext/standard/html.c.orig 2006-02-25 21:32:11.000000000 +0000 +++ ext/standard/html.c @@@@ -1096,7 +1096,7 @@@@ PHPAPI char *php_escape_html_entities(un matches_map = 0; - if (len + 9 > maxlen) + if (len + 16 > maxlen) replaced = erealloc (replaced, maxlen += 128); if (all) { @@@@ -1121,9 +1121,15 @@@@ PHPAPI char *php_escape_html_entities(un } if (matches_map) { + int l = strlen(rep); + /* increase the buffer size */ + if (len + 2 + l >= maxlen) { + replaced = erealloc(replaced, maxlen += 128); + } + replaced[len++] = '&'; strcpy(replaced + len, rep); - len += strlen(rep); + len += l; replaced[len++] = ';'; } } @ 1.3 log @Fix for CVE-2006-5465 from PHP CVS http://www.hardened-php.net/advisory_132006.138.html @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update php5 package to 5.1.5: 17 Aug 2006, PHP 5.1.5 - Fixed memory_limit on 64bit systems. (Stefan E.) - Fixed overflow on 64bit systems in str_repeat() and wordwrap(). (Stefan E.) - Disabled CURLOPT_FOLLOWLOCATION in curl when open_basedir or safe_mode are enabled. (Stefan E., Ilia) - Fixed bug #38322 (reading past array in sscanf() leads to arbitrary code execution). (Tony) - Fixed bug #38125 (undefined reference to spl_dual_it_free_storage). (Marcus) - Fixed bug #38112 (corrupted gif segfaults) (Pierre) - Fixed bug #37587 (var without attribute causes segfault). (Marcus) - Fixed bug #37576 (FastCGI env (cgi vars) table overflow). (Piotr) - Fixed bug #37496 (FastCGI output buffer overrun). (Piotr, Dmitry) - Fixed bug #37487 (oci_fetch_array() array-type should always default to OCI_BOTH). (Tony) - Fixed bug #37416 (iterator_to_array() hides exceptions thrown in rewind() method). (Tony) - Fixed bug #37392 (Unnecessary call to OCITransRollback() at the end of request). (Tony) - Fixed bug #37341 ($_SERVER in included file is shortened to two entries, if $_ENV gets used). (Dmitry) - Fixed bug #37313 (sigemptyset() used without including ). (jdolecek) - Fixed bug #37346 (invalid colormap format) (Pierre) - Fixed bug #37360 (invalid gif size) (Pierre) - Fixed bug #37306 (max_execution_time = max_input_time). (Dmitry) - Fixed Bug #37278 (SOAP not respecting uri in __soapCall). (Dmitry) - Fixed bug #37265 (Added missing safe_mode & open_basedir checks to imap_body()). (Ilia) - Fixed bug #37256 (php-fastcgi dosen't handle connection abort). (Dmitry) @ text @d1 1 a1 1 $NetBSD: patch-av,v 1.1 2006/07/18 21:57:30 adrianp Exp $ d3 1 a3 1 # This is CVE-2006-3011 d5 3 a7 4 --- ext/standard/basic_functions.c.orig 2006-04-03 14:46:11.000000000 +0100 +++ ext/standard/basic_functions.c @@@@ -2034,7 +2034,7 @@@@ PHPAPI int _php_error_log(int opt_err, c break; d9 24 a32 6 case 3: /*save to a file */ - stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); if (!stream) return FAILURE; php_stream_write(stream, message, strlen(message)); @ 1.2.2.1 log @Pullup ticket 1898 - requested by adrianp security fix for php - pkgsrc/lang/php5/Makefile 1.46 - pkgsrc/lang/php5/distinfo 1.32 - pkgsrc/lang/php5/patches/patch-av 1.3 Module Name: pkgsrc Committed By: adrianp Date: Sat Nov 4 11:27:55 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-av Log Message: Fix for CVE-2006-5465 from PHP CVS http://www.hardened-php.net/advisory_132006.138.html @ text @d1 1 a1 1 $NetBSD: patch-av,v 1.3 2006/11/04 11:27:55 adrianp Exp $ d3 1 a3 1 # CVE-2006-5465 d5 4 a8 3 --- ext/standard/html.c.orig 2006-02-25 21:32:11.000000000 +0000 +++ ext/standard/html.c @@@@ -1096,7 +1096,7 @@@@ PHPAPI char *php_escape_html_entities(un d10 6 a15 24 matches_map = 0; - if (len + 9 > maxlen) + if (len + 16 > maxlen) replaced = erealloc (replaced, maxlen += 128); if (all) { @@@@ -1121,9 +1121,15 @@@@ PHPAPI char *php_escape_html_entities(un } if (matches_map) { + int l = strlen(rep); + /* increase the buffer size */ + if (len + 2 + l >= maxlen) { + replaced = erealloc(replaced, maxlen += 128); + } + replaced[len++] = '&'; strcpy(replaced + len, rep); - len += strlen(rep); + len += l; replaced[len++] = ';'; } } @ 1.1 log @Fix for CVE-2006-3011 Bump to nb2 @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-av was added on branch pkgsrc-2006Q2 on 2006-07-18 21:57:30 +0000 @ text @d1 15 @ 1.1.2.2 log @Pullup ticket 1751 - requested by adrianp security fix for php5 Revisions pulled up: - pkgsrc/lang/php5/Makefile 1.38 - pkgsrc/lang/php5/distinfo 1.25 - pkgsrc/lang/php5/patches/patch-av 1.1 Module Name: pkgsrc Committed By: adrianp Date: Tue Jul 18 21:57:30 UTC 2006 Modified Files: pkgsrc/lang/php5: Makefile distinfo Added Files: pkgsrc/lang/php5/patches: patch-av Log Message: Fix for CVE-2006-3011 Bump to nb2 @ text @a0 15 $NetBSD: patch-av,v 1.1.2.1 2006/07/23 16:17:02 salo Exp $ # This is CVE-2006-3011 --- ext/standard/basic_functions.c.orig 2006-04-03 14:46:11.000000000 +0100 +++ ext/standard/basic_functions.c @@@@ -2034,7 +2034,7 @@@@ PHPAPI int _php_error_log(int opt_err, c break; case 3: /*save to a file */ - stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); if (!stream) return FAILURE; php_stream_write(stream, message, strlen(message)); @