From 9a8ee5cca177226d38e2535915499b30b2d6706b Mon Sep 17 00:00:00 2001 From: adrianp Date: Tue, 18 Jul 2006 21:21:19 +0000 Subject: Fix for CVE-2006-1990 Fix for CVE-2006-3011 Include our own pear.sh from the tarball but slightly hacked to get around memory isses on installation. --- www/php4/Makefile | 15 +++++++++++++-- www/php4/distinfo | 4 +++- www/php4/files/pear.sh | 28 ++++++++++++++++++++++++++++ www/php4/patches/patch-au | 24 ++++++++++++++++++++++++ www/php4/patches/patch-av | 15 +++++++++++++++ 5 files changed, 83 insertions(+), 3 deletions(-) create mode 100644 www/php4/files/pear.sh create mode 100644 www/php4/patches/patch-au create mode 100644 www/php4/patches/patch-av (limited to 'www') diff --git a/www/php4/Makefile b/www/php4/Makefile index 7dd0bce46e7..4ae829dabe2 100644 --- a/www/php4/Makefile +++ b/www/php4/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.67 2006/07/07 15:49:34 jlam Exp $ +# $NetBSD: Makefile,v 1.68 2006/07/18 21:21:19 adrianp Exp $ PKGNAME= php-${PHP_BASE_VERS} -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES+= lang COMMENT= HTML-embedded scripting language @@ -50,6 +50,16 @@ OWN_DIRS= ${PREFIX}/${PHP_EXTENSION_DIR} USE_TOOLS+= gzcat +SUBST_CLASSES= pear +SUBST_STAGE.pear= pre-install +SUBST_FILES.pear= ${WRKDIR}/pear.sh +SUBST_SED.pear= -e "s|@php_bin@|${PREFIX}/bin/php|g" +SUBST_SED.pear+= -e "s|@php_dir@|${PREFIX}/lib/php|g" +SUBST_MESSAGE.pear= Fixing pear installation script. + +post-extract: + ${CP} ${FILESDIR}/pear.sh ${WRKDIR} + post-install: ${INSTALL_PROGRAM} ${WRKSRC}/sapi/cli/php ${PREFIX}/bin/php ${INSTALL_DATA} ${WRKSRC}/sapi/cli/php.1 ${PREFIX}/man/man1/php.1 @@ -59,5 +69,6 @@ post-install: cd ${WRKSRC}; ${INSTALL_DATA} php.ini-dist php.ini-recommended ${EGDIR} ${INSTALL_DATA_DIR} ${PREFIX}/share/php ${INSTALL_DATA} ${WRKSRC}/php.gif ${PREFIX}/share/php + ${INSTALL_SCRIPT} ${WRKDIR}/pear.sh ${PREFIX}/bin/pear .include "../../mk/bsd.pkg.mk" diff --git a/www/php4/distinfo b/www/php4/distinfo index ef5f83e539b..44e4265ee46 100644 --- a/www/php4/distinfo +++ b/www/php4/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.54 2006/05/11 06:50:39 minskim Exp $ +$NetBSD: distinfo,v 1.55 2006/07/18 21:21:19 adrianp Exp $ SHA1 (php-4.4.2.tar.bz2) = 88f2e9efff0add8d8e3034d4ce3a948429b88756 RMD160 (php-4.4.2.tar.bz2) = cbef0fa4e233529422bc0944dcfb79d866013f5e @@ -18,3 +18,5 @@ SHA1 (patch-aq) = 00f410eb61624aee0c68d2fd6802a6be7adb373e SHA1 (patch-ar) = 5606c1ec5a7afaeda2e3cc7879cc0caa4f86ca68 SHA1 (patch-as) = 7987c293d2290aa5e68fba87d0aa759797ace40d SHA1 (patch-at) = f8b3aebd61fe2d5b5a994e1d973424a1ed397f63 +SHA1 (patch-au) = b5fa682fa6b03cc91e68db7e7ed6985897a3288f +SHA1 (patch-av) = fc105360bccbff5a5eae119f24a8aa12b4e08139 diff --git a/www/php4/files/pear.sh b/www/php4/files/pear.sh new file mode 100644 index 00000000000..a8eb8cdc80f --- /dev/null +++ b/www/php4/files/pear.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +# first find which PHP binary to use +if test "x$PHP_PEAR_PHP_BIN" != "x"; then + PHP="$PHP_PEAR_PHP_BIN" +else + if test "@php_bin@" = '@'php_bin'@'; then + PHP=php + else + PHP="@php_bin@" + fi +fi + +# then look for the right pear include dir +if test "x$PHP_PEAR_INSTALL_DIR" != "x"; then + INCDIR=$PHP_PEAR_INSTALL_DIR + INCARG="-d include_path=$PHP_PEAR_INSTALL_DIR" +else + if test "@php_dir@" = '@'php_dir'@'; then + INCDIR=`dirname $0` + INCARG="" + else + INCDIR="@php_dir@" + INCARG="-d include_path=@php_dir@" + fi +fi + +exec $PHP -C -q $INCARG -d output_buffering=1 -dmemory_limit=12M $INCDIR/pearcmd.php "$@" diff --git a/www/php4/patches/patch-au b/www/php4/patches/patch-au new file mode 100644 index 00000000000..8f7483c3602 --- /dev/null +++ b/www/php4/patches/patch-au @@ -0,0 +1,24 @@ +$NetBSD: patch-au,v 1.1 2006/07/18 21:21:19 adrianp Exp $ + +# This is CVE-2006-1990 + +--- ext/standard/string.c.orig 2006-01-01 13:46:58.000000000 +0000 ++++ ext/standard/string.c +@@ -672,15 +672,13 @@ PHP_FUNCTION(wordwrap) + /* Multiple character line break or forced cut */ + if (linelength > 0) { + chk = (int)(textlen/linelength + 1); ++ newtext = safe_emalloc(chk, breakcharlen, textlen + 1); + alloced = textlen + chk * breakcharlen + 1; + } else { + chk = textlen; ++ newtext = safe_emalloc(textlen, (breakcharlen + 1), 1); + alloced = textlen * (breakcharlen + 1) + 1; + } +- if (alloced <= 0) { +- RETURN_FALSE; +- } +- newtext = emalloc(alloced); + + /* now keep track of the actual new text length */ + newtextlen = 0; diff --git a/www/php4/patches/patch-av b/www/php4/patches/patch-av new file mode 100644 index 00000000000..52040a157ef --- /dev/null +++ b/www/php4/patches/patch-av @@ -0,0 +1,15 @@ +$NetBSD: patch-av,v 1.1 2006/07/18 21:21:19 adrianp Exp $ + +# This is CVE-2006-3011 + +--- ext/standard/basic_functions.c.orig 2006-01-01 13:46:57.000000000 +0000 ++++ ext/standard/basic_functions.c +@@ -1866,7 +1866,7 @@ PHPAPI int _php_error_log(int opt_err, c + break; + + case 3: /*save to a file */ +- stream = php_stream_open_wrapper(opt, "a", IGNORE_URL | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); ++ stream = php_stream_open_wrapper(opt, "a", IGNORE_URL_WIN | ENFORCE_SAFE_MODE | REPORT_ERRORS, NULL); + if (!stream) + return FAILURE; + php_stream_write(stream, message, strlen(message)); -- cgit v1.2.3