pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/php4 Fix for CVE-2006-4625
details: https://anonhg.NetBSD.org/pkgsrc/rev/43494e536d26
branches: trunk
changeset: 520493:43494e536d26
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sun Oct 22 13:16:41 2006 +0000
description:
Fix for CVE-2006-4625
Bump nb
diffstat:
www/php4/Makefile | 4 ++--
www/php4/distinfo | 3 ++-
www/php4/patches/patch-au | 16 ++++++++++++++++
3 files changed, 20 insertions(+), 3 deletions(-)
diffs (47 lines):
diff -r 52923fb3c7b5 -r 43494e536d26 www/php4/Makefile
--- a/www/php4/Makefile Sun Oct 22 13:02:57 2006 +0000
+++ b/www/php4/Makefile Sun Oct 22 13:16:41 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.71 2006/10/20 22:10:33 jdolecek Exp $
+# $NetBSD: Makefile,v 1.72 2006/10/22 13:16:41 adrianp Exp $
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES+= lang
COMMENT= HTML-embedded scripting language
diff -r 52923fb3c7b5 -r 43494e536d26 www/php4/distinfo
--- a/www/php4/distinfo Sun Oct 22 13:02:57 2006 +0000
+++ b/www/php4/distinfo Sun Oct 22 13:16:41 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.57 2006/08/20 09:44:59 adrianp Exp $
+$NetBSD: distinfo,v 1.58 2006/10/22 13:16:41 adrianp Exp $
SHA1 (php-4.4.4.tar.bz2) = 05d62910fb5734344db87f0a17b1e8e001b26b05
RMD160 (php-4.4.4.tar.bz2) = 02fd7d5135a9e5ce11d905a4a474a5d42b8441f3
@@ -15,3 +15,4 @@
SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344
SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
+SHA1 (patch-au) = 8b8e317dbb9cfc265bf29ebe0827d9b734a1a3b7
diff -r 52923fb3c7b5 -r 43494e536d26 www/php4/patches/patch-au
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/php4/patches/patch-au Sun Oct 22 13:16:41 2006 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-au,v 1.3 2006/10/22 13:16:41 adrianp Exp $
+
+# CVE-2006-4625
+
+--- Zend/zend_ini.c.orig 2005-09-02 22:09:03.000000000 +0100
++++ Zend/zend_ini.c
+@@ -256,7 +256,8 @@ ZEND_API int zend_restore_ini_entry(char
+ zend_ini_entry *ini_entry;
+ TSRMLS_FETCH();
+
+- if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) {
++ if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE ||
++ (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifyable & ZEND_INI_USER) == 0)) { return FAILURE;
+ return FAILURE;
+ }
+
Home |
Main Index |
Thread Index |
Old Index