summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoradrianp <adrianp@pkgsrc.org>2006-08-10 23:01:39 +0000
committeradrianp <adrianp@pkgsrc.org>2006-08-10 23:01:39 +0000
commitc6db99b6c07a261d28c54b7a72701b42335de558 (patch)
treed59b7364e4fe6b71d8762f640ac123b6edfb58ab
parentdd2923d1565489029d8f5d001e2178783e163c97 (diff)
downloadpkgsrc-c6db99b6c07a261d28c54b7a72701b42335de558.tar.gz
Update to 4.4.3
All PHP 4.x users are encouraged to upgrade to this release as soon as possible. The security issues resolved include the following: * Disallow certain characters in session names. * Fixed a buffer overflow inside the wordwrap() function. * Prevent jumps to parent directory via the 2nd parameter of the tempnam() function. * Improved safe_mode check for the error_log() function. * Fixed cross-site scripting inside the phpinfo() function. The release also includes about 20 bug fixes and an upgraded PCRE library (version 6.6). For a full list of changes in PHP 4.4.3, see the ChangeLog: http://www.php.net/ChangeLog-4.php#4.4.3 This also contains a fix for CVE-2006-4020 (SA21403)
-rw-r--r--www/php4/Makefile3
-rw-r--r--www/php4/Makefile.common4
-rw-r--r--www/php4/distinfo16
-rw-r--r--www/php4/files/pear.sh2
-rw-r--r--www/php4/patches/patch-ao12
-rw-r--r--www/php4/patches/patch-aq13
-rw-r--r--www/php4/patches/patch-ar55
-rw-r--r--www/php4/patches/patch-as43
-rw-r--r--www/php4/patches/patch-au24
-rw-r--r--www/php4/patches/patch-av15
-rw-r--r--www/php4/patches/patch-aw83
11 files changed, 97 insertions, 173 deletions
diff --git a/www/php4/Makefile b/www/php4/Makefile
index 37d5339479c..9577f98ddc7 100644
--- a/www/php4/Makefile
+++ b/www/php4/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.69 2006/07/18 21:26:17 adrianp Exp $
+# $NetBSD: Makefile,v 1.70 2006/08/10 23:01:40 adrianp Exp $
PKGNAME= php-${PHP_BASE_VERS}
-PKGREVISION= 3
CATEGORIES+= lang
COMMENT= HTML-embedded scripting language
diff --git a/www/php4/Makefile.common b/www/php4/Makefile.common
index f777b0b817f..cc2c400fb69 100644
--- a/www/php4/Makefile.common
+++ b/www/php4/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.52 2006/03/03 07:11:34 cube Exp $
+# $NetBSD: Makefile.common,v 1.53 2006/08/10 23:01:40 adrianp Exp $
DISTNAME?= php-${PHP_DIST_VERS}
CATEGORIES+= www php4
@@ -18,7 +18,7 @@ HOMEPAGE?= http://www.php.net/
# PHP_DIST_VERS version number on the php distfile
# PHP_BASE_VERS pkgsrc-mangled version number (convert pl -> .)
#
-PHP_DIST_VERS= 4.4.2
+PHP_DIST_VERS= 4.4.3
PHP_BASE_VERS= ${PHP_DIST_VERS}
DISTFILES?= ${PHP_DISTFILE}
diff --git a/www/php4/distinfo b/www/php4/distinfo
index 44e4265ee46..e6eb2a43a11 100644
--- a/www/php4/distinfo
+++ b/www/php4/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.55 2006/07/18 21:21:19 adrianp Exp $
+$NetBSD: distinfo,v 1.56 2006/08/10 23:01:40 adrianp Exp $
-SHA1 (php-4.4.2.tar.bz2) = 88f2e9efff0add8d8e3034d4ce3a948429b88756
-RMD160 (php-4.4.2.tar.bz2) = cbef0fa4e233529422bc0944dcfb79d866013f5e
-Size (php-4.4.2.tar.bz2) = 4371185 bytes
+SHA1 (php-4.4.3.tar.bz2) = 42aec56fec03c13366c0b0aac13169138814a4b5
+RMD160 (php-4.4.3.tar.bz2) = 36c91930af44e8a1ed59eb159e6131ae8f0c77f0
+Size (php-4.4.3.tar.bz2) = 4461353 bytes
SHA1 (patch-aa) = feb064407950d0fc732b7240e65cac84420d2407
SHA1 (patch-ab) = 38a4bcd0d65b26c5d8e54e22b552f60831188469
SHA1 (patch-ad) = 9ca5d2f59bfeea77a98cd0e727546d11669114cd
@@ -12,11 +12,7 @@ SHA1 (patch-ai) = 0b9c1c9fb75a64026f2fb3cbd44cc19e0a1f186c
SHA1 (patch-aj) = cc68ce876dc5998becbe2f1f74288b5da5bbaca3
SHA1 (patch-ak) = 1f9fbe26c7329e1d18eec053499ee2d574b5b970
SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46
-SHA1 (patch-ao) = cd30bbff10f1d045c829f72d94304c9dcf202fc6
+SHA1 (patch-ao) = 0fd4becf023451ac8cb185df354830efc86c1344
SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
-SHA1 (patch-aq) = 00f410eb61624aee0c68d2fd6802a6be7adb373e
-SHA1 (patch-ar) = 5606c1ec5a7afaeda2e3cc7879cc0caa4f86ca68
-SHA1 (patch-as) = 7987c293d2290aa5e68fba87d0aa759797ace40d
SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63
-SHA1 (patch-au) = b5fa682fa6b03cc91e68db7e7ed6985897a3288f
-SHA1 (patch-av) = fc105360bccbff5a5eae119f24a8aa12b4e08139
+SHA1 (patch-aw) = f8e2f36a4d9bb4a60d255127ac5984c33ea74841
diff --git a/www/php4/files/pear.sh b/www/php4/files/pear.sh
index 935673a3e87..1c49ab1df01 100644
--- a/www/php4/files/pear.sh
+++ b/www/php4/files/pear.sh
@@ -25,4 +25,4 @@ else
fi
fi
-exec $PHP -C -q $INCARG -d output_buffering=1 -dmemory_limit=12M $INCDIR/pearcmd.php "$@"
+exec $PHP -C -q $INCARG -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit=12M $INCDIR/pearcmd.php "$@"
diff --git a/www/php4/patches/patch-ao b/www/php4/patches/patch-ao
index c1b4524a89e..f65f1fca145 100644
--- a/www/php4/patches/patch-ao
+++ b/www/php4/patches/patch-ao
@@ -1,13 +1,9 @@
-$NetBSD: patch-ao,v 1.2 2006/03/06 15:57:58 cube Exp $
+$NetBSD: patch-ao,v 1.3 2006/08/10 23:01:39 adrianp Exp $
---- pear/Makefile.frag.orig 2005-11-05 19:19:23.000000000 +0100
+--- pear/Makefile.frag.orig 2006-05-07 17:33:41.000000000 +0100
+++ pear/Makefile.frag
-@@ -3,10 +3,10 @@
- peardir=$(PEAR_INSTALLDIR)
-
- # Skip all php.ini files altogether
--PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0
-+PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dsafe_mode=0 -dmemory_limit=16M
+@@ -6,7 +6,7 @@ peardir=$(PEAR_INSTALLDIR)
+ PEAR_INSTALL_FLAGS = -n -dshort_open_tag=0 -dopen_basedir= -dsafe_mode=0 -dmemory_limit=-1
install-pear-packages: $(top_builddir)/sapi/cli/php
- @$(top_builddir)/sapi/cli/php $(PEAR_INSTALL_FLAGS) $(srcdir)/install-pear.php -d "$(peardir)" -b "$(bindir)" $(srcdir)/packages/*.tar
diff --git a/www/php4/patches/patch-aq b/www/php4/patches/patch-aq
deleted file mode 100644
index f173fc82dc2..00000000000
--- a/www/php4/patches/patch-aq
+++ /dev/null
@@ -1,13 +0,0 @@
-$NetBSD: patch-aq,v 1.1 2006/04/14 13:48:33 cube Exp $
-
---- ext/standard/html.c.orig 2006-01-01 14:46:57.000000000 +0100
-+++ ext/standard/html.c
-@@ -793,7 +793,7 @@ PHPAPI char *php_unescape_html_entities(
- enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
- unsigned char replacement[15];
-
-- ret = estrdup(old);
-+ ret = estrndup(old, oldlen);
- retlen = oldlen;
- if (!retlen) {
- goto empty_source;
diff --git a/www/php4/patches/patch-ar b/www/php4/patches/patch-ar
deleted file mode 100644
index bfdc845b1b0..00000000000
--- a/www/php4/patches/patch-ar
+++ /dev/null
@@ -1,55 +0,0 @@
-$NetBSD: patch-ar,v 1.1 2006/04/14 13:48:33 cube Exp $
-
---- ext/standard/info.c.orig 2006-01-01 14:46:57.000000000 +0100
-+++ ext/standard/info.c
-@@ -58,6 +58,23 @@ ZEND_EXTERN_MODULE_GLOBALS(iconv)
-
- PHPAPI extern char *php_ini_opened_path;
- PHPAPI extern char *php_ini_scanned_files;
-+
-+static int php_info_write_wrapper(const char *str, uint str_length)
-+{
-+ int new_len, written;
-+ char *elem_esc;
-+
-+ TSRMLS_FETCH();
-+
-+ elem_esc = php_escape_html_entities((char *)str, str_length, &new_len, 0, ENT_QUOTES, NULL TSRMLS_CC);
-+
-+ written = php_body_write(elem_esc, new_len TSRMLS_CC);
-+
-+ efree(elem_esc);
-+
-+ return written;
-+}
-+
-
- /* {{{ _display_module_info
- */
-@@ -133,23 +150,12 @@ static void php_print_gpcse_array(char *
- PUTS(" => ");
- }
- if (Z_TYPE_PP(tmp) == IS_ARRAY) {
-- zval *tmp3;
-- MAKE_STD_ZVAL(tmp3);
- if (!sapi_module.phpinfo_as_text) {
- PUTS("<pre>");
-- }
-- php_start_ob_buffer(NULL, 4096, 1 TSRMLS_CC);
-- zend_print_zval_r(*tmp, 0);
-- php_ob_get_buffer(tmp3 TSRMLS_CC);
-- php_end_ob_buffer(0, 0 TSRMLS_CC);
--
-- elem_esc = php_info_html_esc(Z_STRVAL_P(tmp3) TSRMLS_CC);
-- PUTS(elem_esc);
-- efree(elem_esc);
-- zval_ptr_dtor(&tmp3);
--
-- if (!sapi_module.phpinfo_as_text) {
-+ zend_print_zval_ex((zend_write_func_t) php_info_write_wrapper, *tmp, 0);
- PUTS("</pre>");
-+ } else {
-+ zend_print_zval_r(*tmp, 0 TSRMLS_CC);
- }
- } else if (Z_TYPE_PP(tmp) != IS_STRING) {
- tmp2 = **tmp;
diff --git a/www/php4/patches/patch-as b/www/php4/patches/patch-as
deleted file mode 100644
index 984a8a3b7aa..00000000000
--- a/www/php4/patches/patch-as
+++ /dev/null
@@ -1,43 +0,0 @@
-$NetBSD: patch-as,v 1.1 2006/04/14 13:48:33 cube Exp $
-
---- ext/standard/file.c.orig 2006-01-01 14:46:57.000000000 +0100
-+++ ext/standard/file.c
-@@ -552,7 +552,7 @@ PHP_FUNCTION(tempnam)
- pval **arg1, **arg2;
- char *d;
- char *opened_path;
-- char p[64];
-+ char *p;
- FILE *fp;
-
- if (ZEND_NUM_ARGS() != 2 || zend_get_parameters_ex(2, &arg1, &arg2) == FAILURE) {
-@@ -566,7 +566,11 @@ PHP_FUNCTION(tempnam)
- }
-
- d = estrndup(Z_STRVAL_PP(arg1), Z_STRLEN_PP(arg1));
-- strlcpy(p, Z_STRVAL_PP(arg2), sizeof(p));
-+
-+ p = php_basename(Z_STRVAL_PP(arg2), Z_STRLEN_PP(arg2), NULL, 0);
-+ if (strlen(p) > 64) {
-+ p[63] = '\0';
-+ }
-
- if ((fp = php_open_temporary_file(d, p, &opened_path TSRMLS_CC))) {
- fclose(fp);
-@@ -574,6 +578,7 @@ PHP_FUNCTION(tempnam)
- } else {
- RETVAL_FALSE;
- }
-+ efree(p);
- efree(d);
- }
- /* }}} */
-@@ -2196,7 +2201,7 @@ no_stat:
- safe_to_copy:
-
- srcstream = php_stream_open_wrapper(src, "rb",
-- STREAM_DISABLE_OPEN_BASEDIR | REPORT_ERRORS,
-+ ENFORCE_SAFE_MODE | REPORT_ERRORS,
- NULL);
-
- if (!srcstream)
diff --git a/www/php4/patches/patch-au b/www/php4/patches/patch-au
deleted file mode 100644
index 8f7483c3602..00000000000
--- a/www/php4/patches/patch-au
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD: patch-au,v 1.1 2006/07/18 21:21:19 adrianp Exp $
-
-# This is CVE-2006-1990
-
---- ext/standard/string.c.orig 2006-01-01 13:46:58.000000000 +0000
-+++ ext/standard/string.c
-@@ -672,15 +672,13 @@ PHP_FUNCTION(wordwrap)
- /* Multiple character line break or forced cut */
- if (linelength > 0) {
- chk = (int)(textlen/linelength + 1);
-+ newtext = safe_emalloc(chk, breakcharlen, textlen + 1);
- alloced = textlen + chk * breakcharlen + 1;
- } else {
- chk = textlen;
-+ newtext = safe_emalloc(textlen, (breakcharlen + 1), 1);
- alloced = textlen * (breakcharlen + 1) + 1;
- }
-- if (alloced <= 0) {
-- RETURN_FALSE;
-- }
-- newtext = emalloc(alloced);
-
- /* now keep track of the actual new text length */
- newtextlen = 0;
diff --git a/www/php4/patches/patch-av b/www/php4/patches/patch-av
deleted file mode 100644
index 52040a157ef..00000000000
--- a/www/php4/patches/patch-av
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-av,v 1.1 2006/07/18 21:21:19 adrianp Exp $
-
-# This is CVE-2006-3011
-
---- ext/standard/basic_functions.c.orig 2006-01-01 13:46:57.000000000 +0000
-+++ ext/standard/basic_functions.c
-@@ -1866,7 +1866,7 @@ PHPAPI int _php_error_log(int opt_err, c
- break;
-
- case 3: /*save to a file */
-- stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
-+ stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL);
- if (!stream)
- return FAILURE;
- php_stream_write(stream, message, strlen(message));
diff --git a/www/php4/patches/patch-aw b/www/php4/patches/patch-aw
new file mode 100644
index 00000000000..10ea46cce89
--- /dev/null
+++ b/www/php4/patches/patch-aw
@@ -0,0 +1,83 @@
+--- ext/standard/scanf.c.orig 2006-01-01 13:46:58.000000000 +0000
++++ ext/standard/scanf.c 2006-08-10 23:00:19.000000000 +0100
+@@ -732,7 +732,7 @@
+ if (*end == '$') {
+ format = end+1;
+ ch = format++;
+- objIndex = varStart + value;
++ objIndex = varStart + value - 1;
+ }
+ }
+
+@@ -762,8 +762,10 @@
+ switch (*ch) {
+ case 'n':
+ if (!(flags & SCAN_SUPPRESS)) {
+- if (numVars) {
+- current = args[objIndex++];
++ if (numVars && objIndex >= argCount) {
++ break;
++ } else if (numVars) {
++ current = args[objIndex++];
+ zval_dtor( *current );
+ ZVAL_LONG( *current, (long)(string - baseString) );
+ } else {
+@@ -883,8 +885,10 @@
+ }
+ }
+ if (!(flags & SCAN_SUPPRESS)) {
+- if (numVars) {
+- current = args[objIndex++];
++ if (numVars && objIndex >= argCount) {
++ break;
++ } else if (numVars) {
++ current = args[objIndex++];
+ zval_dtor( *current );
+ ZVAL_STRINGL( *current, string, end-string, 1);
+ } else {
+@@ -922,7 +926,9 @@
+ goto done;
+ }
+ if (!(flags & SCAN_SUPPRESS)) {
+- if (numVars) {
++ if (numVars && objIndex >= argCount) {
++ break;
++ } else if (numVars) {
+ current = args[objIndex++];
+ zval_dtor( *current );
+ ZVAL_STRINGL( *current, string, end-string, 1);
+@@ -1079,8 +1085,10 @@
+ value = (int) (*fn)(buf, NULL, base);
+ if ((flags & SCAN_UNSIGNED) && (value < 0)) {
+ sprintf(buf, "%u", value); /* INTL: ISO digit */
+- if (numVars) {
+- /* change passed value type to string */
++ if (numVars && objIndex >= argCount) {
++ break;
++ } else if (numVars) {
++ /* change passed value type to string */
+ current = args[objIndex++];
+ convert_to_string( *current );
+ ZVAL_STRING( *current, buf, 1 );
+@@ -1088,7 +1096,9 @@
+ add_index_string(*return_value, objIndex++, buf, 1);
+ }
+ } else {
+- if (numVars) {
++ if (numVars && objIndex >= argCount) {
++ break;
++ } else if (numVars) {
+ current = args[objIndex++];
+ convert_to_long( *current );
+ Z_LVAL(**current) = value;
+@@ -1196,7 +1206,9 @@
+ double dvalue;
+ *end = '\0';
+ dvalue = zend_strtod(buf, NULL);
+- if (numVars) {
++ if (numVars && objIndex >= argCount) {
++ break;
++ } else if (numVars) {
+ current = args[objIndex++];
+ convert_to_double( *current );
+ Z_DVAL_PP( current ) = dvalue;