Pullup ticket 2113 - requested by adrianp

security update for php5

Revisions pulled up:
- pkgsrc/lang/php5/Makefile			1.52, 1.53, 1.54, 1.55
- pkgsrc/lang/php5/Makefile.common		1.26
- pkgsrc/lang/php5/distinfo			1.41, 1.42, 1.43, 1.44
- pkgsrc/lang/php5/patches/patch-am		1.3
- pkgsrc/lang/php5/patches/patch-an		1.3, 1.4

   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Wed Jun  6 19:33:13 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.common distinfo

   Log Message:
   Update to php-5.2.3

   Security Fixes
   * Fixed an integer overflow inside chunk_split() (by Gerhard Wagner,
     CVE-2007-2872)
   * Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche,
     CVE-2007-2756)
   * Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan
     Esser, CVE-2007-1900)
   * Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath())
     (by bugs dot php dot net at chsc dot dk)
   * Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
   * Added mysql_set_charset() to allow runtime altering of connection
     encoding.

   * Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
   * Fixed gd build when used with freetype 1.x (Pierre, Tony)

   And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3
   for all the details.
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Jun  7 10:45:18 UTC 2007

   Added Files:
   	pkgsrc/lang/php5/patches: patch-am

   Log Message:
   Add in the correct patch to fix CVE-2007-2872
   Spotted by Takahiro Kambe
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Thu Jun  7 10:45:42 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile distinfo

   Log Message:
   Add in the correct patch to fix CVE-2007-2872
   Spotted by Takahiro Kambe
---
   Module Name:		pkgsrc
   Committed By:	adrianp
   Date:		Fri Jun  8 12:29:53 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile distinfo
   Added Files:
   	pkgsrc/lang/php5/patches: patch-an

   Log Message:
   Fix the install path for the CGI binary so it ends up where we want it.
   Pointed out by schmonz@ and taca@
   Bump PKGREVISION
---
   Module Name:		pkgsrc
   Committed By:	heinz
   Date:		Mon Jun 11 17:45:30 UTC 2007

   Modified Files:
   	pkgsrc/lang/php5: Makefile distinfo
   	pkgsrc/lang/php5/patches: patch-an

   Log Message:
   Added support for installation to DESTDIR. patch-an had removed correct
   support for this before, probably unintentionally.

5 files changed, 75 insertions, 15 deletions

diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index 34b802a5fd4..151fa3606ea 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,11 +1,14 @@
-# $NetBSD: Makefile,v 1.48.2.1 2007/05/15 23:42:38 salo Exp $
+# $NetBSD: Makefile,v 1.48.2.2 2007/06/14 23:34:08 salo Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		2
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
 
+PKG_DESTDIR_SUPPORT=	user-destdir
+
 USE_TOOLS+=		gmake lex
 LIBTOOL_OVERRIDE=	# empty
 
@@ -28,17 +31,31 @@ CGIDIR=			${PREFIX}/libexec/cgi-bin
 EGDIR=			${PREFIX}/share/examples/php
 MESSAGE_SUBST+=		CGIDIR=${CGIDIR:Q}
 
+MAKE_ENV+=		INSTALL_ROOT=${DESTDIR:Q}
+
 CONF_FILES=		${EGDIR}/php.ini-recommended ${PKG_SYSCONFDIR}/php.ini
 OWN_DIRS=		${PREFIX}/${PHP_EXTENSION_DIR}
 
+SUBST_CLASSES+=		cgi
+SUBST_MESSAGE.cgi=	Fixing CGI path.
+SUBST_STAGE.cgi=	pre-configure
+SUBST_FILES.cgi=	configure
+SUBST_SED.cgi=		-e 's,@CGIDIR@,${CGIDIR},g'
+
+pre-install:
+	${INSTALL_DATA_DIR} ${DESTDIR:Q}${CGIDIR:Q}
+
 post-install:
-	${INSTALL_PROGRAM} ${WRKSRC}/sapi/cli/php ${PREFIX}/bin/php
-	${INSTALL_DATA} ${WRKSRC}/sapi/cli/php.1 ${PREFIX}/${PKGMANDIR}/man1/php.1
-	${INSTALL_DATA_DIR} ${CGIDIR}
-	${INSTALL_PROGRAM} ${WRKSRC}/sapi/cgi/php ${CGIDIR}
-	${INSTALL_DATA_DIR} ${EGDIR}
-	cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended ${EGDIR}
-	${INSTALL_DATA_DIR} ${PREFIX}/share/php
-	${INSTALL_DATA} ${WRKSRC}/php.gif ${PREFIX}/share/php
+	${INSTALL_PROGRAM} ${WRKSRC}/sapi/cli/php \
+		${DESTDIR:Q}${PREFIX:Q}/bin/php
+	${INSTALL_DATA} ${WRKSRC}/sapi/cli/php.1 \
+		${DESTDIR:Q}${PREFIX:Q}/${PKGMANDIR}/man1/php.1
+	${INSTALL_PROGRAM} ${WRKSRC}/sapi/cgi/php-cgi \
+		${DESTDIR:Q}${CGIDIR:Q}/php
+	${INSTALL_DATA_DIR} ${DESTDIR:Q}${EGDIR:Q}
+	cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended \
+		${DESTDIR:Q}${EGDIR:Q}
+	${INSTALL_DATA_DIR} ${DESTDIR:Q}${PREFIX:Q}/share/php
+	${INSTALL_DATA} ${WRKSRC}/php.gif ${DESTDIR:Q}${PREFIX:Q}/share/php
 
 .include "../../mk/bsd.pkg.mk"
diff --git a/lang/php5/Makefile.common b/lang/php5/Makefile.common
index 282f141140b..ef043a3dd2c 100644
--- a/lang/php5/Makefile.common
+++ b/lang/php5/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.24.2.1 2007/05/15 23:42:38 salo Exp $
+# $NetBSD: Makefile.common,v 1.24.2.2 2007/06/14 23:34:08 salo Exp $
 
 .if !defined(DISTNAME)
 DISTNAME=		php-${PHP_BASE_VERS}
@@ -15,7 +15,7 @@ EXTRACT_SUFX?=		.tar.bz2
 MAINTAINER?=		jdolecek@NetBSD.org
 HOMEPAGE?=		http://www.php.net/
 
-PHP_BASE_VERS=		5.2.2
+PHP_BASE_VERS=		5.2.3
 
 PHP_EXTENSION_DIR=	lib/php/20040412
 PLIST_SUBST+=		PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 35a8872aa75..4f1d250148a 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,11 +1,13 @@
-$NetBSD: distinfo,v 1.36.2.2 2007/05/15 23:42:39 salo Exp $
+$NetBSD: distinfo,v 1.36.2.3 2007/06/14 23:34:08 salo Exp $
 
-SHA1 (php-5.2.2/php-5.2.2.tar.bz2) = b9b0b8f778eee61afcff24e286e626baed8d2934
-RMD160 (php-5.2.2/php-5.2.2.tar.bz2) = 15e844530bced2960e35fd291fb71a416562aec0
-Size (php-5.2.2/php-5.2.2.tar.bz2) = 7310926 bytes
+SHA1 (php-5.2.3/php-5.2.3.tar.bz2) = 0a02e05e1c663c0d4ee0b253917c0e140e606261
+RMD160 (php-5.2.3/php-5.2.3.tar.bz2) = 3c895cf7e513e5a3d7d9f742a9d56102cbb3a79b
+Size (php-5.2.3/php-5.2.3.tar.bz2) = 7417635 bytes
 SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
 SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e
 SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
 SHA1 (patch-ak) = 0a6445b5cf390cb63de8474d75c6e8a4c058afab
 SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
+SHA1 (patch-am) = 430a79a913aa0885ff6ef9a8d7b938732747445a
+SHA1 (patch-an) = 8e33ce700049bdb05e5f56f0a8132b55e357abeb
diff --git a/lang/php5/patches/patch-am b/lang/php5/patches/patch-am
new file mode 100644
index 00000000000..bb016e2eea3
--- /dev/null
+++ b/lang/php5/patches/patch-am
@@ -0,0 +1,28 @@
+$NetBSD: patch-am,v 1.2.12.1 2007/06/14 23:34:09 salo Exp $
+
+--- ext/standard/string.c.orig	2007-05-30 01:33:13.000000000 +0100
++++ ext/standard/string.c
+@@ -1956,18 +1956,20 @@ static char *php_chunk_split(char *src, 
+ 	char *p, *q;
+ 	int chunks; /* complete chunks! */
+ 	int restlen;
+-	int out_len; 
++	float out_len; 
+ 
+ 	chunks = srclen / chunklen;
+ 	restlen = srclen - chunks * chunklen; /* srclen % chunklen */
+ 
+-	out_len = (srclen + (chunks + 1) * endlen + 1);
++	out_len = chunks + 1;
++	out_len *= endlen;
++	out_len += srclen + 1;
+ 
+ 	if (out_len > INT_MAX || out_len <= 0) {
+ 		return NULL;
+ 	}
+ 
+-	dest = safe_emalloc(out_len, sizeof(char), 0);
++	dest = safe_emalloc((int)out_len, sizeof(char), 0);
+ 
+ 	for (p = src, q = dest; p < (src + srclen - chunklen + 1); ) {
+ 		memcpy(q, p, chunklen);
diff --git a/lang/php5/patches/patch-an b/lang/php5/patches/patch-an
new file mode 100644
index 00000000000..348faf5de48
--- /dev/null
+++ b/lang/php5/patches/patch-an
@@ -0,0 +1,13 @@
+$NetBSD: patch-an,v 1.2.12.1 2007/06/14 23:34:09 salo Exp $
+
+--- configure.orig	2007-05-30 20:50:52.000000000 +0200
++++ configure
+@@ -11985,7 +11985,7 @@ EOF
+ 
+     echo "$ac_t""$PHP_ENABLE_FASTCGI" 1>&6
+ 
+-    INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
++    INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)@CGIDIR@/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)@CGIDIR@/php"
+     
+   PHP_SAPI=cgi
+