a security fix for a file-upload bug.
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
modules are handled. Also buildlinkify, honor ${PKG_SYSCONFDIR}, and use
the general INSTALL scripts to handle the php3.ini config file. Become
the maintainer since the changes to the package structure are fairly large.
The new framework should make creating new PHP3 modules simpler, and makes
buildlinkifying those modules simpler as well.
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.
While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).
Patch by Alistair Crooks <agc@netbsd.org>
October 21, 2000, Version 3.0.18
- Fixed file upload bugs (Sascha)
October 11, 2000, Version 3.0.17
- Fixed output functions (Sascha)
- Added odbc_tables() (Frank)
- Fixed htmlspecialchars/htmlentities inconsistencies (Rasmus)
- Added is_uploaded_file() (Zeev)
- Clean up htmlspecialchars/htmlentities inconsistencies (Rasmus)
- Add optional charset parameter to sybase_[p]connect (alf@alpha.ulatina.ac.cr)
- Fixed incorrect handling of 0-precision strings (e.g., %4.0s)
in printf (Ken Coar)
- You can now call Ora_Error() without prameters to get the reason
for a failed connection attempt. (Kirill Maximov)
- Fixed crash in OCIFetchStatement() when trying to read after
all data has already been read. (Thies)
- Added --enable-sigchild. Use this option if you encounter
<defunc> processes when using Oracle 8i. (Thies)
- Uncommitted outstanding OCI8 transactions are now rolled back
before the connection is closed. (Thies)
- Improved configure checks for Oracle 8i. (Thies)
- Added imap_mime_header_decode() function (Skalski)
