1) Affected package: mod_php4-4.3.8_2,1 Type of problem: php -- vulnerability in RFC 1867 file upload processing. Reference: <http://www.FreeBSD.org/ports/portaudit/562a3fdf-16d6-11d9-bc4a-000c41e2cdad.html> 2) Affected package: mod_php4-4.3.8_2,1 Type of problem: php -- php_variables memory disclosure. Reference: <http://www.FreeBSD.org/ports/portaudit/ad74a1bd-16d2-11d9-bc4a-000c41e2cdad.html> 3) http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/72275 Fix: Follow patch contain files: patch-Mk patch-php4_variables.c patch-rfc1867.c patch-php-port Type: cd /usr/ports patch <.../patch-Mk patch <.../patch-php-port cd /usr/ports/lang/php4/files cp .../patch-php4_variables.c . cp .../patch-rfc1867.c . Files patch-php4_variables.c and patch-rfc1867.c is diff betweeen php-4.3.8 and php-4.3.9 ( see it ) Problems (1) and (2) fixed in cvs.php between releases 4.3.8 and 4.3.9 Remove mod_php4, php4-extensions, php4-* subports Install mod_php4, php4-extensions, php4-* subports How-To-Repeat: See 1), 2), 3)
Responsible Changed From-To: freebsd-ports-bugs->ale Over to maintainer.
Fixed bug: building with openssl port instead of openssl base failed begin 644 patch-php4.tar.bz2 M0EIH.3%!629366'!NF,`"HE_C/FQ`%1________?_O_O__\``0``@`A@"O]X M/7KO/2]N>E5HY*N8`#N[J%.C1H8MMA*)&*:$U/93R*>$S0F)HQ0]0T!H&F@, MAZGJ`:`&FC0:(-`3329*::?JFAH/4TR#0`8@``R,@#0``&J>C$C2@;4`!D`- M-!IH9!HR`````-``2$D0T4]3U3QDU1[4Q3:)Z1ZC3!,GI&1H&@T`::--#0-` M.!H&@&@:&@`T,AIH`::`:``,AB``T$D@30"#03"!E-3Q"8FFIX)Z$U/2'J>( M@>IY3(T:>FH/3Y?>C[C\?=Q\@<U"H1>.9D"&I!("\84>L<SH&<?1$6"SP=3I M<;K3AC:;$TLB&I"*(0F@6(&42(2`Z'J\=R*Z3DD8QM,;J1M-ILCC3;.G*=@E MJ8ZA*DO"YN@JE<RI$4Z8,NJ!0-QHN3&TFOMU;LF[X;*Z\,&ED:;"D,!R)L/[ MS<6+L>;K7RG?.=58W9E.?3@9*@Y0I`Y#-4>]P16@F%"SL#&=:#[#10KAHO6( MF*UV.?MG\VY^/#Q\6+SMQCX1YZ8U!C8YNS<M9ZI&9?).PJFR:7.^V/ZOH'NR M0EHJMN,S>:F:+7H-=L8`7_?DS9.F%IZ-^L5(7((289$,2@<!OD5^TNA.'</' M2_38:CR!)QH:LH"D*#\KG#F-@TV&UV&KR#FO+:60?92)")4%4.ZI-LMB9W"L MIN.(GQ%BHIT-"=],*C!5;B',RB)&6@)PW\531EOL9R`W+@S69LT'AKUBH4_U M:=8B85&.-YHC51"1\TK5\`G80EUKW&EVR.2!QL1L$PA.@A6%S-IJP&BW-(LT MMF`:H4M8O!\BK'MCLZNN7^!O(6'P/3=T8P><['0BN3XK5SYW3]K?GDVXTB1( M,*VJK,E3<'-ICS-1)KCH+.ZC/#FPT!FJ\3"(K^(C<&B0U(LIVE*N'D44@64X M*0C#']&]P&FV+QJO<8RSI&TT8%`0MSM#*R0P>[$S"(D!\(Y81F]4'47%`J_Q M9U;RX#0#U1$V,*!Q!WND^3M4[S*!%$T'C@@W,+,P=2\45H!Y`M6XQQ@$AI'D M7X#T'$(81Q\/F^/ES2AFYX]3#4$E@PEH8"H&T!M=;T.)=/$M36F[J8KZ?A/) MUN+JYLYGWWJITS4[79L=>*Z+I\BQ<DZJ?=&%L*N3(P#>I@7H8X$S,R[Z0'N& M'KH0YD,B[-VYJ"1(2DO]#AD\!_"&WL',93*R;D9Y3P/[7+\/Q2=^2>"XM<?' M?Q6F/'=>3Y-0<6E+4=U#:/^H9K'DF.NCZ5(*%N9(BO&:HU]*?X#91Y:(]3`M MS*FLH2T)N1K+N[J9O#/:HALX=X;;;&=#2LQE?,#F^L^`SPL#',IF%Y'N)#E0 M,4XZF;FU=#>*KE8RY7[O3&15%%US+5A+K!@7K==G"71"<*X;$E5"XRZ=AV-K MA&I),(F)>B`<![^KM??220RI$4YH/&L>\$]KF"_3&BU/88=1(G,%/ZV>C;V7 M$V/'52%J-TB4)%)4-OHI*"5`OY/OBZ)$F7NA(:DI'$!#:Q-%JV*+L$\U.[F: M3#F6;#)(&`M`13R*8\*,,996VDC<\2".CEA9-V(-E\@N5SUW401,C:T3:MZ1 M!D*6VPH^$)0H:9*@@41O0[G8*V1$'W,AZ80]PT@R7#RL)$Y47V5E!.H18/R1 M'$&C*10\,@K8.C`,=USU*=80S@3@DX@JATU@",:@I/<(@@L(B[6"$7W#IA30 M*)0YAH19]E#/'EQ76PT[^DY3Y@ZYFMR&=V`LHVHL10JQ3D684T),;'Y[VAO< M.9F/7V%#>?133;5W4MU*T;+6J;SG=CUY=]&G.\IV[<A=49J]W7.7QL;&VV,Q MI9)$Z9`*TG;'%2%V>]V9KMZ^@YO?!*K"7U"5?K_*CC/V5#+\P^P7A(UKE-(L M)D(NK'NX&=%E(>!8F)6`.4/Q^RSH;U?!>WX1$O6!5^<1@;X4*!YQRQ19+S_: M&4'EUC@VX\JS^:(GA&!UFM6)5W<%@`X?&]>A5A8L$8#C:I>P/\5;);&1F,:; M%K-'">9::XYYF;,ME2\`%=)K*-61:N!X#UD"(/%MMI,RME0L2O,84X)28^!4 M'&=8>=F\#$)TJTJTFQ/PW13ZQU0E9-8%*T*S4]X;\>(DE:SAS!@C08+7!Z;7 M:K`+!4K<Q967EXI\HKRDUTK8UZF18J16*-[K#XE\2H5N+*K53+*L>FS*,M&& MF4`QC!(D\,FU2.*P[H?7XF;L02],4>!#(XK$QALR\&CO]SM>M92I29.K0;QK M#D-)L*`B'T([Z[WJ\?N#J)+'[6\0]<+*00(`QQ%3.;J_<X9CI1R?<4K$R5,J M?2!B:W>$I1.8"$Y?:/[KJ@Q.-G'8D?&%X&:M$CRCV'8@[GX02[0&ATT2Z8]E M:*(22H]4ADMUD6M9LJ"HGW]6\<?4=,HE!=($+++HM`.N/L!0?5B+MX@P@1#/ MQ1#H(Y_#@6^%77U4LM4#3=D,V1-I@PA_7H,;B<@65C<+!V@H7!D,QZ2;WD1' MO\^C*(R!$VWE44;\^(QLSZAZ<XWEXZ:[KW0]J[HU>7V1X5+"*;F*XM.$N>>& M@(=G`\U?9`O"ROHH>[AX]1CQWLDL0Q-(M9,XF3Y'.?YQB^8+*DPO"JD6%UD< M=&8?R!+H?38XU4N(L=,0'JS4FP-N.LUCJR.MW;9<"-(,?2(X4+(#`'2,4NL$ M\OA:IMR,%XP06S02K:FDD9'N2)[?>]&D6-G`Q,!L<>%*-J2;QTZR\Y"":+!Y M^YEO`WD]*IR9FTBM"E7LE?>YS'8=!\BG2'*,6,EIJ+1M[)D<7^1_SW#3#+L5 MLME^D%I<(W=%(<&S')9JZ,^)NO+GO;M]I*.6=`4UI4CZ;VS,@)"L*`L+'B/H MLP0LS4N$]^TPSB,7SJT-XL[#=MR+458&Q&`23QFN()Z5"-G&1N,O_GS;(!FY M=4[]#!HTJR8:HUK.U(:6GP->HYX8&\VD@ZR5?3CH>UP&MYK:"\L05SPN'S0[ M-4(&#%"(SEL12=DB7(F$^##KA=IR=&F:0,R*A7.<(Q(L8YE)YI0-K1\49-8= M5P2X;"S,&LMZPSBYO2,GB'K;7Z.(,N,&*]5X:2_0@?VB=W<HYWB*-VLQ'7W@ M]^M1JFX&?C9Z0KW$`>'CH42)=H_W7S\W*UZK+&3@5-+K:I;9;35"7*3`<HBB M,..<#/@_4`TLR<;-\E"`NR4I:U@2RLZLRR:"[$@V3F4$J$SE(@G(G4_V0FU! M]!BC$2H+EE[S2P&B?PK2NIYD.<%MYS8@]G/2@DAILAQG:;!@-5\Q!Z'LD^IP MS*(;`\)E'Y-!<%IW==V8VPV@LBH+>]RF!Q-#N_C+M&U#;S)?/N4M:VD>7AQC M>60IM3V*RV5<MC6_*S,^JG$ULVUUUG>G0Y;$3;VK]E%8WD1D5DT[XD6U)$R% MDQBK(<!E!8T76G,2OZ^-C8TG%R(NPP#FCG8K	=>`L36'.\[K@ANSKRGU+5 MU3Q.#AWZKT"/$!D&R&1K^9#+!QA,<^D]%$@"O,F>LUX;..&A+#92Y@UO,P>G M*C?35'@"$&`;$:Y2CBO[SE"#E))[&1=/>F^A"/:A!A\ODX_X1'%`1X]-<QM< BJ7GO9JXN!C3$M]:0^%*"*AJ:0(4D$$_XNY(IPH2##@W3&``` ` end [ODiP] == Grigorovich Dmitry
State Changed From-To: open->closed Fixed with latest updates, thanks for submission!