pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/34768: lang/php5 suhosin patch
>Number: 34768
>Category: pkg
>Synopsis: enable suhosin patch (from the hardened-php project) via
>PKG_OPTIONS
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Oct 09 11:50:00 +0000 2006
>Originator: cg%cgall.de@localhost
>Release: NetBSD 4.0_BETA
>Environment:
System: NetBSD cg.intra 4.0_BETA NetBSD 4.0_BETA (WORKSTATION-$Revision:
1.10.2.3 $) #3: Mon Sep 18 10:44:55 CEST 2006
cg%cg.intra@localhost:/home/cg/netbsd/netbsd-4/obj/sys/arch/i386/compile/WORKSTATION
i386
Architecture: i386
Machine: i386
>Description:
Enable the patch "suhosin" from the hardened-php project
http://www.hardened-php.net/suhosin/index.html
"Suhosin is an advanced protection system for PHP installations.
It was designed to protect servers and users from known and unknown
flaws in PHP applications and the PHP core. Suhosin comes in two
independent parts, that can be used separately or in combination.
The first part is a small patch against the PHP core, that implements
a few low-level protections against bufferoverflows or format string
vulnerabilities and the second part is a powerful PHP extension that
implements all the other protections.
Unlike our Hardening-Patch Suhosin is binary compatible to normal PHP
installation, which means it is compatible to 3rd party binary extension
like ZendOptimizer."
>How-To-Repeat:
>Fix:
CVS diff againt lang/php5:
Index: Makefile.php
===================================================================
RCS file: /cvsroot/pkgsrc/lang/php5/Makefile.php,v
retrieving revision 1.19
diff -u -r1.19 Makefile.php
--- Makefile.php 5 Jun 2006 17:24:06 -0000 1.19
+++ Makefile.php 9 Oct 2006 10:15:31 -0000
@@ -40,7 +40,7 @@
# Note: This expression is the same as ${PKGBASE}, but the latter is
# not defined yet, so we cannot use it here.
PKG_OPTIONS_VAR= PKG_OPTIONS.${PKGNAME:C/-[0-9].*//}
-PKG_SUPPORTED_OPTIONS+= inet6 ssl
+PKG_SUPPORTED_OPTIONS+= inet6 ssl suhosin
PKG_SUGGESTED_OPTIONS+= ssl
.include "../../mk/bsd.options.mk"
@@ -57,3 +57,12 @@
.else
CONFIGURE_ARGS+= --without-openssl
.endif
+
+.if !empty(PKG_OPTIONS:Msuhosin)
+PATCH_SITES+= http://www.hardened-php.net/suhosin/_media/
+PATCHFILES+= suhosin-patch-${PHP_BASE_VERS}-0.9.5.patch.gz
+PATCH_DIST_STRIP= -p1
+PLIST_SUBST+= SUHOSIN=
+.else
+PLIST_SUBST+= SUHOSIN="@comment: "
+.endif
Index: PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/lang/php5/PLIST,v
retrieving revision 1.13
diff -u -r1.13 PLIST
--- PLIST 19 Aug 2006 14:47:44 -0000 1.13
+++ PLIST 9 Oct 2006 10:15:31 -0000
@@ -200,6 +200,9 @@
include/php/main/streams/php_stream_userspace.h
include/php/main/streams/php_streams_int.h
include/php/main/win95nt.h
+${SUHOSIN}include/php/main/suhosin_globals.h
+${SUHOSIN}include/php/main/suhosin_logo.h
+${SUHOSIN}include/php/main/suhosin_patch.h
include/php/regex/cclass.h
include/php/regex/cname.h
include/php/regex/regex.h
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/lang/php5/distinfo,v
retrieving revision 1.29
diff -u -r1.29 distinfo
--- distinfo 28 Aug 2006 12:17:10 -0000 1.29
+++ distinfo 9 Oct 2006 10:15:31 -0000
@@ -3,6 +3,9 @@
SHA1 (php-5.1.6/php-5.1.6.tar.bz2) = a20b946f1de0a8a35a8a6bf437adbba4e5448d27
RMD160 (php-5.1.6/php-5.1.6.tar.bz2) = 7ac52f4674532397c982f6ced594b70dd17522af
Size (php-5.1.6/php-5.1.6.tar.bz2) = 6454408 bytes
+SHA1 (php-5.1.6/suhosin-patch-5.1.6-0.9.5.patch.gz) =
7863e0b2cfb433ba4f82c5ad4aa27d73a47e920d
+RMD160 (php-5.1.6/suhosin-patch-5.1.6-0.9.5.patch.gz) =
38420c6cb6f381cd763a9463e3c35706a7518f09
+Size (php-5.1.6/suhosin-patch-5.1.6-0.9.5.patch.gz) = 23141 bytes
SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e
SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
cvs diff: Diffing patches
Home |
Main Index |
Thread Index |
Old Index