2006-11-04 12:19:41 by Adrian Portelli | Files touched by this commit (3) |
Log message:
Fix for CVE-2006-5465 from PHP CVS
http://www.hardened-php.net/advisory_132006.138.html
|
2006-11-03 08:00:40 by Thomas Klausner | Files touched by this commit (2) |
Log message:
Fix build for php4-curl with curl-7.16.0, using same patch as for php5.
|
2006-10-22 15:16:42 by Adrian Portelli | Files touched by this commit (3) |
Log message:
Fix for CVE-2006-4625
Bump nb
|
2006-10-21 00:10:34 by Jaromir Dolecek | Files touched by this commit (5) |
Log message:
remove --enable-memory-limit - 8MB is too low, and this just
duplicates process resource limits, which already provide necessary
"safety net" protection against rogue scripts
bump PKGREVISION for this
adressess PR pkg/32007 by "pancake"
also remove --enable-track-vars, since that configure argument
is long gone from PHP
|
2006-08-20 11:44:59 by Adrian Portelli | Files touched by this commit (3) |
Log message:
PHP 4.4.4 Release Announcement
This release address a series of locally exploitable security problems
discovered since PHP 4.4.3. All PHP users are encouraged to upgrade to this
release as soon as possible.
This release provides the following security fixes:
* Added missing safe_mode/open_basedir checks inside the error_log(),
file_exists(), imap_open() and imap_reopen() functions.
* Fixed overflows inside str_repeat() and wordwrap() functions on 64bit systems.
* Fixed possible open_basedir/safe_mode bypass in cURL extension.
* Fixed overflow in GD extension on invalid GIF images.
* Fixed a buffer overflow inside sscanf() function.
* Fixed memory_limit restriction on 64 bit system.
|
2006-08-16 08:49:56 by Lubomir Sedlacik | Files touched by this commit (1) |
Log message:
Add RCSid for better tracking.
|
2006-08-11 01:01:40 by Adrian Portelli | Files touched by this commit (11) |
Log message:
Update to 4.4.3
All PHP 4.x users are encouraged to upgrade to this release as soon as possible.
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
function.
* Improved safe_mode check for the error_log() function.
* Fixed cross-site scripting inside the phpinfo() function.
The release also includes about 20 bug fixes and an upgraded PCRE library
(version 6.6).
For a full list of changes in PHP 4.4.3, see the ChangeLog:
http://www.php.net/ChangeLog-4.php#4.4.3
This also contains a fix for CVE-2006-4020 (SA21403)
|
2006-07-18 23:26:17 by Adrian Portelli | Files touched by this commit (2) |
Log message:
Replace an absolute path for sh
Ride the previous nb bump
|
2006-07-18 23:21:19 by Adrian Portelli | Files touched by this commit (5) |
Log message:
Fix for CVE-2006-1990
Fix for CVE-2006-3011
Include our own pear.sh from the tarball but slightly hacked to get around
memory isses on installation.
|
2006-07-09 01:11:17 by Johnny C. Lam | Files touched by this commit (877) |
Log message:
Change the format of BUILDLINK_ORDER to contain depth information as well,
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|