diff options
author | salo <salo@pkgsrc.org> | 2007-06-14 23:34:08 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2007-06-14 23:34:08 +0000 |
commit | aacdcbca6431a143f95137d777ec931d6c1fe86a (patch) | |
tree | b8be59aa6d96a5dfa6e8944aa90f1651d7253d83 | |
parent | 850a3b9f5b331a7f8b9f16f0ec03a5172806b7bd (diff) | |
download | pkgsrc-aacdcbca6431a143f95137d777ec931d6c1fe86a.tar.gz |
Pullup ticket 2113 - requested by adrianp
security update for php5
Revisions pulled up:
- pkgsrc/lang/php5/Makefile 1.52, 1.53, 1.54, 1.55
- pkgsrc/lang/php5/Makefile.common 1.26
- pkgsrc/lang/php5/distinfo 1.41, 1.42, 1.43, 1.44
- pkgsrc/lang/php5/patches/patch-am 1.3
- pkgsrc/lang/php5/patches/patch-an 1.3, 1.4
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Jun 6 19:33:13 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile Makefile.common distinfo
Log Message:
Update to php-5.2.3
Security Fixes
* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner,
CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche,
CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan
Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath())
(by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection
encoding.
* Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
* Fixed gd build when used with freetype 1.x (Pierre, Tony)
And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3
for all the details.
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jun 7 10:45:18 UTC 2007
Added Files:
pkgsrc/lang/php5/patches: patch-am
Log Message:
Add in the correct patch to fix CVE-2007-2872
Spotted by Takahiro Kambe
---
Module Name: pkgsrc
Committed By: adrianp
Date: Thu Jun 7 10:45:42 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile distinfo
Log Message:
Add in the correct patch to fix CVE-2007-2872
Spotted by Takahiro Kambe
---
Module Name: pkgsrc
Committed By: adrianp
Date: Fri Jun 8 12:29:53 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile distinfo
Added Files:
pkgsrc/lang/php5/patches: patch-an
Log Message:
Fix the install path for the CGI binary so it ends up where we want it.
Pointed out by schmonz@ and taca@
Bump PKGREVISION
---
Module Name: pkgsrc
Committed By: heinz
Date: Mon Jun 11 17:45:30 UTC 2007
Modified Files:
pkgsrc/lang/php5: Makefile distinfo
pkgsrc/lang/php5/patches: patch-an
Log Message:
Added support for installation to DESTDIR. patch-an had removed correct
support for this before, probably unintentionally.
-rw-r--r-- | lang/php5/Makefile | 35 | ||||
-rw-r--r-- | lang/php5/Makefile.common | 4 | ||||
-rw-r--r-- | lang/php5/distinfo | 10 | ||||
-rw-r--r-- | lang/php5/patches/patch-am | 28 | ||||
-rw-r--r-- | lang/php5/patches/patch-an | 13 |
5 files changed, 75 insertions, 15 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile index 34b802a5fd4..151fa3606ea 100644 --- a/lang/php5/Makefile +++ b/lang/php5/Makefile @@ -1,11 +1,14 @@ -# $NetBSD: Makefile,v 1.48.2.1 2007/05/15 23:42:38 salo Exp $ +# $NetBSD: Makefile,v 1.48.2.2 2007/06/14 23:34:08 salo Exp $ PKGNAME= php-${PHP_BASE_VERS} +PKGREVISION= 2 CATEGORIES= lang HOMEPAGE= http://www.php.net/ COMMENT= PHP Hypertext Preprocessor version 5 +PKG_DESTDIR_SUPPORT= user-destdir + USE_TOOLS+= gmake lex LIBTOOL_OVERRIDE= # empty @@ -28,17 +31,31 @@ CGIDIR= ${PREFIX}/libexec/cgi-bin EGDIR= ${PREFIX}/share/examples/php MESSAGE_SUBST+= CGIDIR=${CGIDIR:Q} +MAKE_ENV+= INSTALL_ROOT=${DESTDIR:Q} + CONF_FILES= ${EGDIR}/php.ini-recommended ${PKG_SYSCONFDIR}/php.ini OWN_DIRS= ${PREFIX}/${PHP_EXTENSION_DIR} +SUBST_CLASSES+= cgi +SUBST_MESSAGE.cgi= Fixing CGI path. +SUBST_STAGE.cgi= pre-configure +SUBST_FILES.cgi= configure +SUBST_SED.cgi= -e 's,@CGIDIR@,${CGIDIR},g' + +pre-install: + ${INSTALL_DATA_DIR} ${DESTDIR:Q}${CGIDIR:Q} + post-install: - ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cli/php ${PREFIX}/bin/php - ${INSTALL_DATA} ${WRKSRC}/sapi/cli/php.1 ${PREFIX}/${PKGMANDIR}/man1/php.1 - ${INSTALL_DATA_DIR} ${CGIDIR} - ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cgi/php ${CGIDIR} - ${INSTALL_DATA_DIR} ${EGDIR} - cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended ${EGDIR} - ${INSTALL_DATA_DIR} ${PREFIX}/share/php - ${INSTALL_DATA} ${WRKSRC}/php.gif ${PREFIX}/share/php + ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cli/php \ + ${DESTDIR:Q}${PREFIX:Q}/bin/php + ${INSTALL_DATA} ${WRKSRC}/sapi/cli/php.1 \ + ${DESTDIR:Q}${PREFIX:Q}/${PKGMANDIR}/man1/php.1 + ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cgi/php-cgi \ + ${DESTDIR:Q}${CGIDIR:Q}/php + ${INSTALL_DATA_DIR} ${DESTDIR:Q}${EGDIR:Q} + cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended \ + ${DESTDIR:Q}${EGDIR:Q} + ${INSTALL_DATA_DIR} ${DESTDIR:Q}${PREFIX:Q}/share/php + ${INSTALL_DATA} ${WRKSRC}/php.gif ${DESTDIR:Q}${PREFIX:Q}/share/php .include "../../mk/bsd.pkg.mk" diff --git a/lang/php5/Makefile.common b/lang/php5/Makefile.common index 282f141140b..ef043a3dd2c 100644 --- a/lang/php5/Makefile.common +++ b/lang/php5/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.24.2.1 2007/05/15 23:42:38 salo Exp $ +# $NetBSD: Makefile.common,v 1.24.2.2 2007/06/14 23:34:08 salo Exp $ .if !defined(DISTNAME) DISTNAME= php-${PHP_BASE_VERS} @@ -15,7 +15,7 @@ EXTRACT_SUFX?= .tar.bz2 MAINTAINER?= jdolecek@NetBSD.org HOMEPAGE?= http://www.php.net/ -PHP_BASE_VERS= 5.2.2 +PHP_BASE_VERS= 5.2.3 PHP_EXTENSION_DIR= lib/php/20040412 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q} diff --git a/lang/php5/distinfo b/lang/php5/distinfo index 35a8872aa75..4f1d250148a 100644 --- a/lang/php5/distinfo +++ b/lang/php5/distinfo @@ -1,11 +1,13 @@ -$NetBSD: distinfo,v 1.36.2.2 2007/05/15 23:42:39 salo Exp $ +$NetBSD: distinfo,v 1.36.2.3 2007/06/14 23:34:08 salo Exp $ -SHA1 (php-5.2.2/php-5.2.2.tar.bz2) = b9b0b8f778eee61afcff24e286e626baed8d2934 -RMD160 (php-5.2.2/php-5.2.2.tar.bz2) = 15e844530bced2960e35fd291fb71a416562aec0 -Size (php-5.2.2/php-5.2.2.tar.bz2) = 7310926 bytes +SHA1 (php-5.2.3/php-5.2.3.tar.bz2) = 0a02e05e1c663c0d4ee0b253917c0e140e606261 +RMD160 (php-5.2.3/php-5.2.3.tar.bz2) = 3c895cf7e513e5a3d7d9f742a9d56102cbb3a79b +Size (php-5.2.3/php-5.2.3.tar.bz2) = 7417635 bytes SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20 SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50 +SHA1 (patch-am) = 430a79a913aa0885ff6ef9a8d7b938732747445a +SHA1 (patch-an) = 8e33ce700049bdb05e5f56f0a8132b55e357abeb diff --git a/lang/php5/patches/patch-am b/lang/php5/patches/patch-am new file mode 100644 index 00000000000..bb016e2eea3 --- /dev/null +++ b/lang/php5/patches/patch-am @@ -0,0 +1,28 @@ +$NetBSD: patch-am,v 1.2.12.1 2007/06/14 23:34:09 salo Exp $ + +--- ext/standard/string.c.orig 2007-05-30 01:33:13.000000000 +0100 ++++ ext/standard/string.c +@@ -1956,18 +1956,20 @@ static char *php_chunk_split(char *src, + char *p, *q; + int chunks; /* complete chunks! */ + int restlen; +- int out_len; ++ float out_len; + + chunks = srclen / chunklen; + restlen = srclen - chunks * chunklen; /* srclen % chunklen */ + +- out_len = (srclen + (chunks + 1) * endlen + 1); ++ out_len = chunks + 1; ++ out_len *= endlen; ++ out_len += srclen + 1; + + if (out_len > INT_MAX || out_len <= 0) { + return NULL; + } + +- dest = safe_emalloc(out_len, sizeof(char), 0); ++ dest = safe_emalloc((int)out_len, sizeof(char), 0); + + for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) { + memcpy(q, p, chunklen); diff --git a/lang/php5/patches/patch-an b/lang/php5/patches/patch-an new file mode 100644 index 00000000000..348faf5de48 --- /dev/null +++ b/lang/php5/patches/patch-an @@ -0,0 +1,13 @@ +$NetBSD: patch-an,v 1.2.12.1 2007/06/14 23:34:09 salo Exp $ + +--- configure.orig 2007-05-30 20:50:52.000000000 +0200 ++++ configure +@@ -11985,7 +11985,7 @@ EOF + + echo "$ac_t""$PHP_ENABLE_FASTCGI" 1>&6 + +- INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)" ++ INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)@CGIDIR@/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)@CGIDIR@/php" + + PHP_SAPI=cgi + |