Hi.
This diff updates php to the current version and includes
the hardened-php patch by default. This diff needs heavy
testing so please go ahead and help me. Please try to test
on different arches. Thank you!
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/php5/Makefile,v
retrieving revision 1.2
diff -u -r1.2 Makefile
--- Makefile 9 May 2006 14:15:40 -0000 1.2
+++ Makefile 21 Sep 2006 14:52:32 -0000
@@ -1,9 +1,7 @@
# $OpenBSD: Makefile,v 1.2 2006/05/09 14:15:40 robert Exp $
SUBDIR += core
-SUBDIR += core,hardened
SUBDIR += extensions
-SUBDIR += extensions,hardened
SUBDIR += extensions,no_x11
.include <bsd.port.subdir.mk>
Index: Makefile.inc
===================================================================
RCS file: /cvs/ports/www/php5/Makefile.inc,v
retrieving revision 1.11
diff -u -r1.11 Makefile.inc
--- Makefile.inc 18 Jul 2006 21:44:40 -0000 1.11
+++ Makefile.inc 21 Sep 2006 14:52:32 -0000
@@ -4,8 +4,9 @@
# and has Apache that supports DSO's.
NOT_FOR_ARCHS= ${NO_SHARED_ARCHS}
-V= 5.1.4
+V= 5.1.6
PEAR_V= 20060428
+HARDENED_V= 0.4.15
DISTNAME?= php-${V}
CATEGORIES= www lang
@@ -67,15 +68,5 @@
CHECKSUM_FILE= ${.CURDIR}/../distinfo
PATCH_LIST= ${.CURDIR}/../patches/patch-* \
patch-*
-
-# the hardened flavor is used by both core and extensions
-FLAVORS+= hardened
-FLAVOR?=
-
-HARDENED_V= 0.4.9
-.if ${FLAVOR:L:Mhardened}
PATCHFILES= hardening-patch-${V}-${HARDENED_V}.patch.gz:1
PATCH_DIST_STRIP= -p1
-.else
-SUPDISTFILES= hardening-patch-${V}-${HARDENED_V}.patch.gz:1
-.endif
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/php5/distinfo,v
retrieving revision 1.9
diff -u -r1.9 distinfo
--- distinfo 21 May 2006 20:46:06 -0000 1.9
+++ distinfo 21 Sep 2006 14:52:32 -0000
@@ -1,12 +1,12 @@
-MD5 (hardening-patch-5.1.4-0.4.9.patch.gz) = 12eb5eb043afcae99e7da668a6bd411d
+MD5 (hardening-patch-5.1.6-0.4.15.patch.gz) = c59126d6db37fae50d7c091bba5e5e0a
MD5 (pear-20060428.tar.gz) = 28ab6f44a90cbcb5dd9ed0aef32d2fa9
-MD5 (php-5.1.4.tar.gz) = 7c846aa09ec1fe0f54a57c8ba030d9f8
-RMD160 (hardening-patch-5.1.4-0.4.9.patch.gz) =
b02533b8e9b56d81233c0eb783bd36e0e5adf082
+MD5 (php-5.1.6.tar.gz) = 04d6166552289eaeff771f5ec953b065
+RMD160 (hardening-patch-5.1.6-0.4.15.patch.gz) =
0df2a3c5c6f1b3edbd8d84eceb7ce2d0e8acb1ba
RMD160 (pear-20060428.tar.gz) = 34bac3122dfc8218efdce0ea7df046da031e72e7
-RMD160 (php-5.1.4.tar.gz) = e8f42a9c6a2554c9b0c4ef9d7843b26d278ae592
-SHA1 (hardening-patch-5.1.4-0.4.9.patch.gz) =
b20f67186d87f03ba34ce9f65e20967dc24e79f8
+RMD160 (php-5.1.6.tar.gz) = 89aeed0b88368f4e93bd7bdacdd94ce47eebe115
+SHA1 (hardening-patch-5.1.6-0.4.15.patch.gz) =
c52fba7a75c15e02b2e750926cad6973fd04d81c
SHA1 (pear-20060428.tar.gz) = 09713b3052904c1c45acba015dc067ddad0136cb
-SHA1 (php-5.1.4.tar.gz) = cfabe187fa1cd9c51a9e1ce8d61b6bc9f43d0016
-SIZE (hardening-patch-5.1.4-0.4.9.patch.gz) = 57671
+SHA1 (php-5.1.6.tar.gz) = e6f9df1db989e694dac6e1e190c5022f75c6a9cc
+SIZE (hardening-patch-5.1.6-0.4.15.patch.gz) = 63294
SIZE (pear-20060428.tar.gz) = 619353
-SIZE (php-5.1.4.tar.gz) = 8109575
+SIZE (php-5.1.6.tar.gz) = 8187896
Index: core/Makefile
===================================================================
RCS file: /cvs/ports/www/php5/core/Makefile,v
retrieving revision 1.17
diff -u -r1.17 Makefile
--- core/Makefile 4 Aug 2006 00:10:42 -0000 1.17
+++ core/Makefile 21 Sep 2006 14:52:32 -0000
@@ -5,8 +5,8 @@
COMMENT= "server-side HTML-embedded scripting language"
COMMENT-pear= "base classes for common PHP tasks"
-PKGNAME= php5-core-${V}p1
-FULLPKGNAME-pear= php5-pear-${V}p0
+PKGNAME= php5-core-${V}
+FULLPKGNAME-pear= php5-pear-${V}
DISTFILES= php-${V}.tar.gz \
pear-${PEAR_V}.tar.gz:0
Index: core/pkg/DESCR
===================================================================
RCS file: /cvs/ports/www/php5/core/pkg/DESCR,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 DESCR
--- core/pkg/DESCR 2 Oct 2004 12:36:49 -0000 1.1.1.1
+++ core/pkg/DESCR 21 Sep 2006 14:52:32 -0000
@@ -8,3 +8,10 @@
This package installs a stand-alone binary which can be used for
command-line scripts, as well as an Apache module.
+
+By default this port uses the hardened-php patch.
+The hardened patch adds security hardening features to PHP
+to protect your servers on the one hand against a number of
+well known problems in PHP applications and on the other hand
+against potential unknown vulnerabilities within those
+applications or the PHP core itself.
Index: core/pkg/PLIST-pear
===================================================================
RCS file: /cvs/ports/www/php5/core/pkg/PLIST-pear,v
retrieving revision 1.8
diff -u -r1.8 PLIST-pear
--- core/pkg/PLIST-pear 9 May 2006 14:15:40 -0000 1.8
+++ core/pkg/PLIST-pear 21 Sep 2006 14:52:33 -0000
@@ -195,6 +195,7 @@
pear/include/ext/standard/reg.h
pear/include/ext/standard/scanf.h
pear/include/ext/standard/sha1.h
[EMAIL PROTECTED] pear/include/ext/standard/sha256.h
pear/include/ext/standard/streamsfuncs.h
pear/include/ext/standard/uniqid.h
pear/include/ext/standard/url.h
@@ -209,6 +210,8 @@
pear/include/main/build-defs.h
pear/include/main/config.w32.h
pear/include/main/fopen_wrappers.h
[EMAIL PROTECTED] pear/include/main/hardened_globals.h
[EMAIL PROTECTED] pear/include/main/hardening_patch.h
pear/include/main/logos.h
pear/include/main/php.h
pear/include/main/php3_compat.h
Index: extensions/Makefile
===================================================================
RCS file: /cvs/ports/www/php5/extensions/Makefile,v
retrieving revision 1.23
diff -u -r1.23 Makefile
--- extensions/Makefile 4 Aug 2006 00:10:42 -0000 1.23
+++ extensions/Makefile 21 Sep 2006 14:52:33 -0000
@@ -14,11 +14,7 @@
WANTLIB= stdc++ m
-.if ${FLAVOR:L:Mhardened}
-RUN_DEPENDS= :php5-core-${V}-hardened:www/php5/core,hardened
-.else
-RUN_DEPENDS= :php5-core-${V}-!hardened:www/php5/core
-.endif
+RUN_DEPENDS= :php5-core-${V}:www/php5/core
.if !defined(PACKAGING)
MODULES= devel/gettext
.endif
@@ -171,7 +167,7 @@
MULTI_PACKAGES+= -mcrypt
COMMENT-mcrypt= "mcrypt encryption/decryption extensions for
php5"
CONFIGURE_ARGS+= --with-mcrypt=shared,${LOCALBASE}
-MCRYPT_DEPENDS= mcrypt::security/libmcrypt
ltdl.1::devel/libtool,-ltdl
+MCRYPT_DEPENDS= mcrypt::security/libmcrypt
ltdl.>=1::devel/libtool,-ltdl
.endif
# mhash
@@ -324,9 +320,6 @@
.for i in ${MULTI_PACKAGES}
. if !defined(FULLPKGNAME${i})
FULLPKGNAME${i}= php5${i}-${V}
-. endif
-. if ${FLAVOR:L:Mhardened}
-FULLPKGNAME${i}:= ${FULLPKGNAME${i}}-hardened
. endif
.endfor
Index: patches/patch-main_php_open_temporary_file_c
===================================================================
RCS file: /cvs/ports/www/php5/patches/patch-main_php_open_temporary_file_c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 patch-main_php_open_temporary_file_c
--- patches/patch-main_php_open_temporary_file_c 2 Oct 2004 11:32:37
-0000 1.1.1.1
+++ patches/patch-main_php_open_temporary_file_c 21 Sep 2006 14:52:33
-0000
@@ -1,12 +1,12 @@
-$OpenBSD: patch-main_php_open_temporary_file_c,v 1.1.1.1 2004/10/02 11:32:37
robert Exp $
---- main/php_open_temporary_file.c.orig Mon Jul 26 23:14:59 2004
-+++ main/php_open_temporary_file.c Mon Jul 26 23:15:13 2004
-@@ -130,7 +130,7 @@
+$OpenBSD$
+--- main/php_open_temporary_file.c.orig Wed May 24 01:22:26 2006
++++ main/php_open_temporary_file.c Fri Aug 18 21:15:57 2006
+@@ -120,7 +120,7 @@
trailing_slash = "/";
}
-- (void)snprintf(opened_path, MAXPATHLEN, "%s%s%sXXXXXX", path,
trailing_slash, pfx);
-+ (void)snprintf(opened_path, MAXPATHLEN, "%s%s%sXXXXXXXXXX", path,
trailing_slash, pfx);
-
- #ifdef PHP_WIN32
- if (GetTempFileName(path, pfx, 0, opened_path)) {
+- if (spprintf(&opened_path, 0, "%s%s%sXXXXXX", path, trailing_slash,
pfx) >= MAXPATHLEN) {
++ if (spprintf(&opened_path, 0, "%s%s%sXXXXXXXXXX", path, trailing_slash,
pfx) >= MAXPATHLEN) {
+ efree(opened_path);
+ return -1;
+ }
