pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/34768: lang/php5 suhosin patch



>Number:         34768
>Category:       pkg
>Synopsis:       enable suhosin patch (from the hardened-php project) via 
>PKG_OPTIONS
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Oct 09 11:50:00 +0000 2006
>Originator:     cg%cgall.de@localhost
>Release:        NetBSD 4.0_BETA
>Environment:
System: NetBSD cg.intra 4.0_BETA NetBSD 4.0_BETA (WORKSTATION-$Revision: 
1.10.2.3 $) #3: Mon Sep 18 10:44:55 CEST 2006 
cg%cg.intra@localhost:/home/cg/netbsd/netbsd-4/obj/sys/arch/i386/compile/WORKSTATION
 i386
Architecture: i386
Machine: i386
>Description:
        Enable the patch "suhosin" from the hardened-php project
        http://www.hardened-php.net/suhosin/index.html

        "Suhosin is an advanced protection system for PHP installations.
        It was designed to protect servers and users from known and unknown
        flaws in PHP applications and the PHP core. Suhosin comes in two
        independent parts, that can be used separately or in combination.
        The first part is a small patch against the PHP core, that implements
        a few low-level protections against bufferoverflows or format string
        vulnerabilities and the second part is a powerful PHP extension that
        implements all the other protections.

        Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP
        installation, which means it is compatible to 3rd party binary extension
        like ZendOptimizer."

>How-To-Repeat:
        
>Fix:
CVS diff againt lang/php5:

Index: Makefile.php
===================================================================
RCS file: /cvsroot/pkgsrc/lang/php5/Makefile.php,v
retrieving revision 1.19
diff -u -r1.19 Makefile.php
--- Makefile.php        5 Jun 2006 17:24:06 -0000       1.19
+++ Makefile.php        9 Oct 2006 10:15:31 -0000
@@ -40,7 +40,7 @@
 # Note: This expression is the same as ${PKGBASE}, but the latter is
 # not defined yet, so we cannot use it here.
 PKG_OPTIONS_VAR=       PKG_OPTIONS.${PKGNAME:C/-[0-9].*//}
-PKG_SUPPORTED_OPTIONS+=        inet6 ssl
+PKG_SUPPORTED_OPTIONS+=        inet6 ssl suhosin
 PKG_SUGGESTED_OPTIONS+=        ssl
 
 .include "../../mk/bsd.options.mk"
@@ -57,3 +57,12 @@
 .else
 CONFIGURE_ARGS+=       --without-openssl
 .endif
+
+.if !empty(PKG_OPTIONS:Msuhosin)
+PATCH_SITES+=          http://www.hardened-php.net/suhosin/_media/
+PATCHFILES+=           suhosin-patch-${PHP_BASE_VERS}-0.9.5.patch.gz
+PATCH_DIST_STRIP=      -p1
+PLIST_SUBST+=          SUHOSIN=
+.else
+PLIST_SUBST+=          SUHOSIN="@comment: "
+.endif
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/lang/php5/PLIST,v
retrieving revision 1.13
diff -u -r1.13 PLIST
--- PLIST       19 Aug 2006 14:47:44 -0000      1.13
+++ PLIST       9 Oct 2006 10:15:31 -0000
@@ -200,6 +200,9 @@
 include/php/main/streams/php_stream_userspace.h
 include/php/main/streams/php_streams_int.h
 include/php/main/win95nt.h
+${SUHOSIN}include/php/main/suhosin_globals.h
+${SUHOSIN}include/php/main/suhosin_logo.h
+${SUHOSIN}include/php/main/suhosin_patch.h
 include/php/regex/cclass.h
 include/php/regex/cname.h
 include/php/regex/regex.h
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/lang/php5/distinfo,v
retrieving revision 1.29
diff -u -r1.29 distinfo
--- distinfo    28 Aug 2006 12:17:10 -0000      1.29
+++ distinfo    9 Oct 2006 10:15:31 -0000
@@ -3,6 +3,9 @@
 SHA1 (php-5.1.6/php-5.1.6.tar.bz2) = a20b946f1de0a8a35a8a6bf437adbba4e5448d27
 RMD160 (php-5.1.6/php-5.1.6.tar.bz2) = 7ac52f4674532397c982f6ced594b70dd17522af
 Size (php-5.1.6/php-5.1.6.tar.bz2) = 6454408 bytes
+SHA1 (php-5.1.6/suhosin-patch-5.1.6-0.9.5.patch.gz) = 
7863e0b2cfb433ba4f82c5ad4aa27d73a47e920d
+RMD160 (php-5.1.6/suhosin-patch-5.1.6-0.9.5.patch.gz) = 
38420c6cb6f381cd763a9463e3c35706a7518f09
+Size (php-5.1.6/suhosin-patch-5.1.6-0.9.5.patch.gz) = 23141 bytes
 SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e
 SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
cvs diff: Diffing patches





Home | Main Index | Thread Index | Old Index