diff options
| author | jlam <jlam@pkgsrc.org> | 2002-02-28 06:14:45 +0000 |
|---|---|---|
| committer | jlam <jlam@pkgsrc.org> | 2002-02-28 06:14:45 +0000 |
| commit | 1cc929effe0b6922cc847d332aacc7f99609cd56 (patch) | |
| tree | aee1220fa95820b9fb781532bab52932f2b0c1a9 /www/php4 | |
| parent | aa484b2c1e6f071d90c8790c93f20d0f697a20ba (diff) | |
| download | pkgsrc-1cc929effe0b6922cc847d332aacc7f99609cd56.tar.gz | |
Update php4 and ap-php4 to 4.1.2. Changes from version 4.1.1 include:
- Fixed start up failure when mm save handler is used and there is multiple
SAPIs are working at the same time. (Yasuo)
- Fixed a buffer overflow in the RFC-1867 file upload code (Stefan)
<===> SECURITY NOTE <===>
Note that the buffer overflow fix is a major security fix. Quoting from
the security advisory at:
http://security.e-matters.de/advisories/012002.html
"PHP supports multipart/form-data POST requests (as described in RFC1867)
known as POST fileuploads. Unfourtunately there are several flaws in the
php_mime_split function that could be used by an attacker to execute
arbitrary code. During our research we found out that not only PHP4 but
also older versions from the PHP3 tree are vulnerable.
[...]
"If you are running PHP 4.0.3 or above one way to workaround these bugs is
to disable the fileupload support within your php.ini (file_uploads = Off).
If you are running php as module keep in mind to restart the webserver.
Anyway you should better install the fixed or a properly patched version to
be safe."
Diffstat (limited to 'www/php4')
| -rw-r--r-- | www/php4/Makefile | 13 | ||||
| -rw-r--r-- | www/php4/Makefile.common | 6 | ||||
| -rw-r--r-- | www/php4/PLIST | 9 | ||||
| -rw-r--r-- | www/php4/distinfo | 8 | ||||
| -rw-r--r-- | www/php4/patches/patch-ad | 12 |
5 files changed, 24 insertions, 24 deletions
diff --git a/www/php4/Makefile b/www/php4/Makefile index f6bddf56143..2f71cc052d1 100644 --- a/www/php4/Makefile +++ b/www/php4/Makefile @@ -1,9 +1,7 @@ -# $NetBSD: Makefile,v 1.22 2001/12/31 23:54:24 jlam Exp $ - -.include "Makefile.php" +# $NetBSD: Makefile,v 1.23 2002/02/28 06:14:46 jlam Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION?= # empty +PKGREVISION= # empty CATEGORIES+= lang COMMENT= HTML-embedded scripting language @@ -11,6 +9,8 @@ CONFLICTS+= ap-php-4.0.3pl1 USE_BUILDLINK_ONLY= YES +.include "Makefile.php" + # Ensure we export symbols in the linked shared object. LDFLAGS+= -Wl,--export-dynamic @@ -30,11 +30,14 @@ MAKE_ENV+= LINK_LIBGCC_LDFLAGS="${LINK_LIBGCC_LDFLAGS}" .endif CONF_FILES= ${EGDIR}/php.ini-recommended ${PKG_SYSCONFDIR}/php.ini +OWN_DIRS= ${PREFIX}/${PHP_EXTENSION_DIR} post-install: + ${RMDIR} ${PREFIX}/include/php/ext/xml/expat/xmltok + ${RMDIR} ${PREFIX}/include/php/ext/xml/expat/xmlparse + ${RMDIR} ${PREFIX}/include/php/ext/xml/expat ${INSTALL_DATA_DIR} ${CGIDIR} ${LN} -sf ../../bin/php ${CGIDIR}/php - ${TOUCH} ${PREFIX}/${PHP_EXTENSION_DIR}/.directory ${INSTALL_DATA_DIR} ${EGDIR} cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended ${EGDIR} ${INSTALL_DATA_DIR} ${PREFIX}/share/php diff --git a/www/php4/Makefile.common b/www/php4/Makefile.common index 4cd1e9656e3..cc14c64edd0 100644 --- a/www/php4/Makefile.common +++ b/www/php4/Makefile.common @@ -1,4 +1,4 @@ -# $NetBSD: Makefile.common,v 1.22 2002/01/06 19:57:13 jlam Exp $ +# $NetBSD: Makefile.common,v 1.23 2002/02/28 06:14:46 jlam Exp $ DISTNAME= php-${PHP_DIST_VERS} CATEGORIES+= www php4 @@ -14,7 +14,7 @@ HOMEPAGE= http://www.php.net/ # PHP_DIST_VERS version number on the php distfile # PHP_BASE_VERS pkgsrc-mangled version number (convert pl -> .) # -PHP_DIST_VERS= 4.1.1 +PHP_DIST_VERS= 4.1.2 PHP_BASE_VERS= ${PHP_DIST_VERS} # Location of installed PHP4 loadable modules under ${PREFIX}. @@ -25,4 +25,6 @@ PHP_BASE_VERS= ${PHP_DIST_VERS} PHP_EXTENSION_DIR= lib/php/20010901 PLIST_SUBST+= PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR} +PKG_SYSCONFVAR?= php + .include "../../mk/bsd.prefs.mk" diff --git a/www/php4/PLIST b/www/php4/PLIST index 006030e80cb..58353c8b4c7 100644 --- a/www/php4/PLIST +++ b/www/php4/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.3 2002/02/15 10:13:04 skrll Exp $ +@comment $NetBSD: PLIST,v 1.4 2002/02/28 06:14:46 jlam Exp $ bin/pear bin/pearize bin/php @@ -144,7 +144,6 @@ include/php/regex/regex.h include/php/regex/regex2.h include/php/regex/regex_extra.h include/php/regex/utils.h -${PHP_EXTENSION_DIR}/.directory lib/php/Archive/Tar.php lib/php/Benchmark/Iterate.php lib/php/Benchmark/Timer.php @@ -185,8 +184,8 @@ lib/php/File/SearchReplace.php lib/php/HTML/Common.php lib/php/HTML/Form.php lib/php/HTML/IT.php -lib/php/HTML/IT_Error.php lib/php/HTML/ITX.php +lib/php/HTML/IT_Error.php lib/php/HTML/Page.php lib/php/HTML/Processor.php lib/php/HTML/Select.php @@ -266,12 +265,8 @@ share/php/php4.gif @dirrm lib/php/Cache @dirrm lib/php/Benchmark @dirrm lib/php/Archive -@unexec ${RMDIR} -p %D/${PHP_EXTENSION_DIR} 2>/dev/null || true @dirrm include/php/regex @dirrm include/php/main -@dirrm include/php/ext/xml/expat/xmltok -@dirrm include/php/ext/xml/expat/xmlparse -@dirrm include/php/ext/xml/expat @dirrm include/php/ext/xml @dirrm include/php/ext/standard @dirrm include/php/ext/session diff --git a/www/php4/distinfo b/www/php4/distinfo index ca23cad4524..6c2e5ae17ab 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,10 +1,10 @@ -$NetBSD: distinfo,v 1.7 2002/01/06 19:57:13 jlam Exp $ +$NetBSD: distinfo,v 1.8 2002/02/28 06:14:46 jlam Exp $ -SHA1 (php-4.1.1.tar.gz) = 3a926707819f5ea0dfa03785078f96a39d85e086 -Size (php-4.1.1.tar.gz) = 3356062 bytes +SHA1 (php-4.1.2.tar.gz) = fc4f9685b2b26d6e12af2e746a34fadfe57f0466 +Size (php-4.1.2.tar.gz) = 3359964 bytes SHA1 (patch-aa) = 08f98c6b41c24a2aa8fa417bba50cf0cb5f711af SHA1 (patch-ac) = 9478c18dbe18e8c4c05dffce31fa3f923562c832 -SHA1 (patch-ad) = 86558b18a03fef6fcbebdfd8587a73dfa5a66f17 +SHA1 (patch-ad) = 3b90e5c60493689cfad5ea3563f19d03b7b3f354 SHA1 (patch-ae) = e7acc06a63f47053c81ab442b53c68d89d122f78 SHA1 (patch-af) = 34ec060ed3cdbcfc44286323f85f9938a79b0444 SHA1 (patch-ag) = 91e84f6d6862a328d3f66f87260e8f2b2953fc11 diff --git a/www/php4/patches/patch-ad b/www/php4/patches/patch-ad index f03619bf17e..3cf81567ff7 100644 --- a/www/php4/patches/patch-ad +++ b/www/php4/patches/patch-ad @@ -1,8 +1,8 @@ -$NetBSD: patch-ad,v 1.6 2001/12/31 23:54:26 jlam Exp $ +$NetBSD: patch-ad,v 1.7 2002/02/28 06:14:47 jlam Exp $ ---- configure.orig Sat Dec 8 14:40:35 2001 +--- configure.orig Wed Feb 27 04:18:32 2002 +++ configure -@@ -5132,11 +5132,6 @@ +@@ -5138,11 +5138,6 @@ fi @@ -14,7 +14,7 @@ $NetBSD: patch-ad,v 1.6 2001/12/31 23:54:26 jlam Exp $ INCLUDES="$INCLUDES -I\$(top_builddir)/Zend" -@@ -16142,10 +16137,6 @@ +@@ -16148,10 +16143,6 @@ else echo "$ac_t""no" 1>&6 @@ -25,7 +25,7 @@ $NetBSD: patch-ad,v 1.6 2001/12/31 23:54:26 jlam Exp $ fi -@@ -23549,19 +23540,10 @@ +@@ -23572,19 +23563,10 @@ else @@ -45,7 +45,7 @@ $NetBSD: patch-ad,v 1.6 2001/12/31 23:54:26 jlam Exp $ echo "$ac_t""no" 1>&6 fi -@@ -63204,7 +63186,7 @@ +@@ -63418,7 +63400,7 @@ if test "$enable_debug" != "yes"; then |