pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/php4 Fix for CVE-2006-4625



details:   https://anonhg.NetBSD.org/pkgsrc/rev/43494e536d26
branches:  trunk
changeset: 520493:43494e536d26
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sun Oct 22 13:16:41 2006 +0000

description:
Fix for CVE-2006-4625
Bump nb

diffstat:

 www/php4/Makefile         |   4 ++--
 www/php4/distinfo         |   3 ++-
 www/php4/patches/patch-au |  16 ++++++++++++++++
 3 files changed, 20 insertions(+), 3 deletions(-)

diffs (47 lines):

diff -r 52923fb3c7b5 -r 43494e536d26 www/php4/Makefile
--- a/www/php4/Makefile Sun Oct 22 13:02:57 2006 +0000
+++ b/www/php4/Makefile Sun Oct 22 13:16:41 2006 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.71 2006/10/20 22:10:33 jdolecek Exp $
+# $NetBSD: Makefile,v 1.72 2006/10/22 13:16:41 adrianp Exp $
 
 PKGNAME=               php-${PHP_BASE_VERS}
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES+=           lang
 COMMENT=               HTML-embedded scripting language
 
diff -r 52923fb3c7b5 -r 43494e536d26 www/php4/distinfo
--- a/www/php4/distinfo Sun Oct 22 13:02:57 2006 +0000
+++ b/www/php4/distinfo Sun Oct 22 13:16:41 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.57 2006/08/20 09:44:59 adrianp Exp $
+$NetBSD: distinfo,v 1.58 2006/10/22 13:16:41 adrianp Exp $
 
 SHA1 (php-4.4.4.tar.bz2) = 05d62910fb5734344db87f0a17b1e8e001b26b05
 RMD160 (php-4.4.4.tar.bz2) = 02fd7d5135a9e5ce11d905a4a474a5d42b8441f3
@@ -15,3 +15,4 @@
 SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344
 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
 SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
+SHA1 (patch-au) = 8b8e317dbb9cfc265bf29ebe0827d9b734a1a3b7
diff -r 52923fb3c7b5 -r 43494e536d26 www/php4/patches/patch-au
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/php4/patches/patch-au Sun Oct 22 13:16:41 2006 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-au,v 1.3 2006/10/22 13:16:41 adrianp Exp $
+
+# CVE-2006-4625
+
+--- Zend/zend_ini.c.orig       2005-09-02 22:09:03.000000000 +0100
++++ Zend/zend_ini.c
+@@ -256,7 +256,8 @@ ZEND_API int zend_restore_ini_entry(char
+       zend_ini_entry *ini_entry;
+       TSRMLS_FETCH();
+ 
+-      if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE) {
++      if (zend_hash_find(EG(ini_directives), name, name_length, (void **) &ini_entry)==FAILURE ||
++            (stage == ZEND_INI_STAGE_RUNTIME && (ini_entry->modifyable & ZEND_INI_USER) == 0)) {                return FAILURE;
+               return FAILURE;
+       }
+ 



Home | Main Index | Thread Index | Old Index