its not all that complicated. download the php 4.1.2 source.
check out a copy of php4/main/rfc1867.c from cvs.php.net replace the ~main/rfc1867.c in the 4.1.2 source with version 1.71.2.3 from cvs.php.net and carry on. both the folks from mitel and most of the posters on php-dev and to bug tracking system are not listening to the php.net developers. 4.1.2 fixed the security hole but left in a crashing bug. the 1.71.2.3 version of the file in question fixes the crashing bug too, its just not included in the 4.1.2 tagged release. [EMAIL PROTECTED] who submitted a patch to php.net didn't look in cvs to see his suggested patch was redundent, code to address his suggested changes was already checked in when he posted his patch. hth, cheers, blake ----- Original Message ----- From: "Dan Brown" <[EMAIL PROTECTED]> To: "Ari Novikoff" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, March 06, 2002 12:13 PM Subject: Re: [e-smith-devinfo] PHP Vulnerabilities - Observation > Quoting Ari Novikoff <[EMAIL PROTECTED]>: > > > 1) There is a patch release to PHP 4.1.2 which apparently addresses the > > PHP 4.1.2 does not fix the bug, and appears to introduce new ones. I > have built RPMs of 4.1.2, but on learning this, I pulled them. > > -- > Dan Brown, KE6MKS, [EMAIL PROTECTED] > "Since all the world is but a story, it were well for thee to buy the > more enduring story rather than the story that is less enduring." > -- The Judgment of St. Colum Cille > > -- > Please report bugs to [EMAIL PROTECTED] > Please mail [EMAIL PROTECTED] (only) to discuss security issues > Support for registered customers and partners to [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
