From da63540a46496623b2d7c602313c11cc9986115c Mon Sep 17 00:00:00 2001 From: jlam Date: Thu, 28 Feb 2002 15:07:16 +0000 Subject: Update php3 and ap-php3 to 3.0.18nb1. Changes from version 3.0.18 are a security fix for a file-upload bug. <===> SECURITY NOTE <===> Note that the buffer overflow fix is a major security fix. Quoting from the security advisory at: http://security.e-matters.de/advisories/012002.html "PHP supports multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Unfourtunately there are several flaws in the php_mime_split function that could be used by an attacker to execute arbitrary code. During our research we found out that not only PHP4 but also older versions from the PHP3 tree are vulnerable. --- www/ap-php3/Makefile | 6 +++--- www/php3/Makefile | 4 ++-- www/php3/distinfo | 3 ++- www/php3/patches/patch-ak | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 6 deletions(-) create mode 100644 www/php3/patches/patch-ak (limited to 'www') diff --git a/www/ap-php3/Makefile b/www/ap-php3/Makefile index 6d47c1c0d7d..46b6c073e82 100644 --- a/www/ap-php3/Makefile +++ b/www/ap-php3/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.9 2002/01/10 13:18:06 jlam Exp $ +# $NetBSD: Makefile,v 1.10 2002/02/28 15:07:16 jlam Exp $ # PKGNAME= ap-php-${BASE_VERS} -PKGREVISION= # empty +PKGREVISION= 1 COMMENT= Apache module for PHP3 USE_BUILDLINK_ONLY= yes @@ -10,7 +10,7 @@ USE_BUILDLINK_ONLY= yes .include "../../www/php3/Makefile.common" DEPENDS+= php>=${BASE_VERS}:../../www/php3 -DEPENDS+= apache{,6}>=1.3:../../www/apache +DEPENDS+= ${BUILDLINK_DEPENDS.apache}:../../www/apache CPPFLAGS+= -DPHP_INTERNAL_FUNCS diff --git a/www/php3/Makefile b/www/php3/Makefile index cb7b4de195c..db442731c06 100644 --- a/www/php3/Makefile +++ b/www/php3/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.32 2002/01/10 13:17:11 jlam Exp $ +# $NetBSD: Makefile,v 1.33 2002/02/28 15:07:17 jlam Exp $ PKGNAME= php-${BASE_VERS} -PKGREVISION?= # empty +PKGREVISION?= 1 CATEGORIES+= lang COMMENT= HTML-embedded programming language diff --git a/www/php3/distinfo b/www/php3/distinfo index f4695743482..e9902839eb2 100644 --- a/www/php3/distinfo +++ b/www/php3/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.3 2002/01/10 13:17:12 jlam Exp $ +$NetBSD: distinfo,v 1.4 2002/02/28 15:07:17 jlam Exp $ SHA1 (php-3.0.18.tar.gz) = 49550006e1dbf8f792bc0b9499b3f0bd7b14427c Size (php-3.0.18.tar.gz) = 2219410 bytes @@ -11,3 +11,4 @@ SHA1 (patch-ag) = 8a3c71c9ba82fd0dbb08f6e7727b626810eca7f4 SHA1 (patch-ah) = f88ea107135580574777ed1dc2127c2b4efad6ba SHA1 (patch-ai) = ba18ee38a99475caa076e465049ea22c4f3dcc1e SHA1 (patch-aj) = 6dc9bf15d17e7fb2bcd2364528da6f90eb6fae3e +SHA1 (patch-ak) = 09eab3fe8a567f98baad5d578cf3fbdc8f2abd11 diff --git a/www/php3/patches/patch-ak b/www/php3/patches/patch-ak new file mode 100644 index 00000000000..3ebaa00cf11 --- /dev/null +++ b/www/php3/patches/patch-ak @@ -0,0 +1,40 @@ +$NetBSD: patch-ak,v 1.1 2002/02/28 15:07:18 jlam Exp $ + +--- functions/mime.c.orig Mon Oct 16 21:30:59 2000 ++++ functions/mime.c Thu Feb 28 09:20:34 2002 +@@ -1,4 +1,14 @@ + /* ++ * This file is patched with the security fix for the file-upload bug ++ * taken from: ++ * ++ * http://www.php.net/do_download.php?download_file=mime.c.diff-3.0.gz ++ * ++ * and fixes the security problem noted in ++ * ++ * http://security.e-matters.de/advisories/012002.html ++ */ ++/* + +----------------------------------------------------------------------+ + | PHP HTML Embedded Scripting Language Version 3.0 | + +----------------------------------------------------------------------+ +@@ -85,7 +95,9 @@ + SAFE_RETURN; + } + loc = memchr(ptr, '\n', rem); ++ rem -= loc - ptr; + name = strstr(ptr, " name="); ++ ptr = loc; + if (name && name < loc) { + name += 6; + s = memchr(name, '\"', loc - name); +@@ -138,6 +150,10 @@ + sprintf(lbuf, "%s_name[]", abuf); + sbuf=estrdup(abuf); + } else { ++ if (abuf) { ++ efree(abuf); ++ abuf = NULL; ++ } + sprintf(lbuf, "%s_name", namebuf); + sbuf=estrdup(namebuf); + } -- cgit v1.2.3