diff options
| author | jlam <jlam@pkgsrc.org> | 2002-02-28 06:14:45 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2002-02-28 06:14:45 +0000 |
| commit | 1cc929effe0b6922cc847d332aacc7f99609cd56 (patch) | |
| tree | aee1220fa95820b9fb781532bab52932f2b0c1a9 /www/ap-php4 | |
| parent | aa484b2c1e6f071d90c8790c93f20d0f697a20ba (diff) | |
| download | pkgsrc-1cc929effe0b6922cc847d332aacc7f99609cd56.tar.gz | |
Update php4 and ap-php4 to 4.1.2. Changes from version 4.1.1 include:
- Fixed start up failure when mm save handler is used and there is multiple
SAPIs are working at the same time. (Yasuo)
- Fixed a buffer overflow in the RFC-1867 file upload code (Stefan)
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
[...]
"If you are running PHP 4.0.3 or above one way to workaround these bugs is
to disable the fileupload support within your php.ini (file_uploads = Off).
If you are running php as module keep in mind to restart the webserver.
Anyway you should better install the fixed or a properly patched version to
be safe."
Diffstat (limited to 'www/ap-php4')
| -rw-r--r-- | www/ap-php4/MESSAGE | 4 | ||||
| -rw-r--r-- | www/ap-php4/Makefile | 11 |
2 files changed, 6 insertions, 9 deletions
diff --git a/www/ap-php4/MESSAGE b/www/ap-php4/MESSAGE index d7be0caf1af..b7628d20ca3 100644 --- a/www/ap-php4/MESSAGE +++ b/www/ap-php4/MESSAGE @@ -1,12 +1,12 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.1 2001/11/01 02:15:53 zuntum Exp $ +$NetBSD: MESSAGE,v 1.2 2002/02/28 06:14:45 jlam Exp $ To add this to your Apache server, you will need to add the following lines to the appropriate place in your httpd.conf file: LoadModule php4_module lib/httpd/mod_php4.so - AddModule mod_php4.c + AddType application/x-httpd-php .php You may also add following if you still use .php3 files: diff --git a/www/ap-php4/Makefile b/www/ap-php4/Makefile index 0384a987133..2d7d494aeba 100644 --- a/www/ap-php4/Makefile +++ b/www/ap-php4/Makefile @@ -1,6 +1,4 @@ -# $NetBSD: Makefile,v 1.19 2001/12/31 23:54:37 jlam Exp $ - -.include "../../www/php4/Makefile.php" +# $NetBSD: Makefile,v 1.20 2002/02/28 06:14:46 jlam Exp $ PKGNAME= ap-php-${PHP_BASE_VERS} PKGREVISION= # empty @@ -9,11 +7,9 @@ COMMENT= Apache module for PHP4 DEPENDS+= php>=${PHP_BASE_VERS}:../../www/php4 DEPENDS+= apache{,6}>=1.3:../../www/apache -# For "apxs": -BUILD_DEPENDS+= perl>=${PERL5_REQD}:../../lang/perl5 - USE_BUILDLINK_ONLY= YES -CONFIGURE_ARGS+= --with-apxs=${LOCALBASE}/sbin/apxs + +.include "../../www/php4/Makefile.php" # Ensure we export symbols in the linked shared object. .if ${OPSYS} != "SunOS" @@ -24,4 +20,5 @@ do-install: ${INSTALL_DATA} ${WRKSRC}/.libs/libphp4.so \ ${PREFIX}/lib/httpd/mod_php4.so +.include "../../www/apache/buildlink.mk" .include "../../mk/bsd.pkg.mk" |