[arch] Important security-fix for php

Pierre Schmitz Mon, 09 Oct 2006 02:06:39 -0700

Hi all,

there is a critical issue with current php-versions. For more details look at 
http://www.hardened-php.net/advisory_092006.133.html


For those who use PHP with Arch on a public server it is important to patch 
theier PHP with http://www.hardened-php.net/files/CVE-2006-4812.patch

I made an updated package which can be found at 
http://www.archlinux.de/~pierre/packages/i686/php-5.1.6-3.pkg.tar.gz

The PKGBUILD is attached

Pierre

# $Id: PKGBUILD,v 1.83 2006/08/30 21:56:10 jgc Exp $
# Maintainer: dorphell <[EMAIL PROTECTED]>
pkgname=php
pkgver=5.1.6
pkgrel=3
pkgdesc="A high-level scripting language"
arch=(i686 x86_64)
url="http://www.php.net";
backup=(etc/php.ini)
install=php.install
depends=('openssl>=0.9.8b' 'pam' 'bzip2' 'gdbm' 'ncurses' 'curl' 'libxslt'
         'freetype2' 'libjpeg' 'libpng')
makedepends=('apache>=2.0.55-1' 'imap' 'postgresql-libs>=8.1.4-3'
             'libmysqlclient' 'libldap' 'smtp-server' 'sqlite3' 'unixodbc'
             'net-snmp')
source=(http://www.php.net/distributions/${pkgname}-${pkgver}.tar.gz php.ini \
        http://www.hardened-php.net/files/CVE-2006-4812.patch)
md5sums=('04d6166552289eaeff771f5ec953b065' '5930a0e7bc33f536166220465cbf544d' 
'd7ef04db1db885c6fe8285fc4b8c239e')

build() {
  export MAKEFLAGS="-j1"
  cd ${startdir}/src/${pkgname}-${pkgver}
  patch -Np1 -i ../CVE-2006-4812.patch || return 1
  ./configure --with-apxs2 --prefix=/usr --sysconfdir=/etc \
    --with-layout=PHP \
    --with-ttf --enable-mailparse --with-config-file-scan-dir=/etc \
    --enable-bcmath=shared --enable-calendar=shared --enable-ftp=shared \
    --enable-gd-native-ttf --enable-magic-quotes --enable-posix=shared \
    --enable-session --enable-shared --enable-shmop=shared --enable-pdo=shared \
    --enable-sqlite-utf8 --enable-sockets=shared --enable-xml\
    --enable-sysvsem=shared --enable-sysvshm=shared --enable-sysvmsg=shared \
    --enable-track-vars --enable-trans-sid --enable-safe-mode \
    --with-imap --with-imap-ssl --with-ncurses --with-readline \
    --with-bz2=shared --with-curl --with-mime-magic \
    --with-freetype-dir=/usr --with-gd=shared --enable-exif 
--with-jpeg-dir=/usr \
    --enable-dba --without-db2 --without-db3 --with-inifile --with-flatfile \
    --with-gdbm --with-ldap=shared --with-openssl --with-gettext \
    --with-unixODBC=shared,/usr --with-pdo-odbc=shared,unixODBC,/usr \
    --with-mysqli=shared --with-mysql-sock=/tmp/mysql.sock \
    --with-pdo-mysql=shared,/usr --with-mysql=shared,/usr \
    --with-pgsql=shared --with-pgsql-sock=/tmp/pgsql.sock 
--with-pdo-pgsql=shared,/usr \
    --with-sqlite=shared --with-pdo-sqlite=shared,/usr \
    --with-pear=/usr/share/pear --with-dom --with-dom-xslt --with-xsl \
    --with-png-dir=/usr --with-regex=php --with-zlib --enable-soap=shared \
    --enable-mbstring=all --enable-mbregex --with-snmp=shared,/usr
  # fixes a build error in sqlite support
  ln -s main/php_config.h ./config.h
  make || return 1
  mkdir -p ${startdir}/pkg/usr/lib/apache
#  cp config_vars.mk config_vars.old
#  sed "s|^INSTALL_IT.*$|INSTALL_IT = apxs -i -a -S 
LIBEXECDIR=${startdir}/pkg/usr/lib/apache -n php4 libs/libphp4.so|" 
config_vars.old >config_vars.mk
  sed -i "s|-i -a -n php5|-i -n php5|g" Makefile
  make INSTALL_ROOT=${startdir}/pkg install
  cp ../php.ini ${startdir}/pkg/etc

  #FS #3395
  cd ${startdir}/pkg/usr/lib/php/extensions && ln -s * php

  ############## Ugly fix for FS #3563 and #3577
  cd ${startdir}/pkg
  sed "s|$PWD||g" -i 
usr/share/pear/{peclcmd.php,pearcmd.php,PEAR/Command/Package.php} 
usr/bin/{pear,peardev,pecl}

  sed 's#:\([0-9]*\):\"'$PWD'#:$((\1-'`echo -n $PWD|wc -c`')):\"#g;  
s#\"#\\"#g;  s#.*#echo "&"#g' \
    etc/pear.conf |sh > etc/pear.conf.tmp
  mv etc/pear.conf.tmp etc/pear.conf

  sed 's#:\([0-9]*\):\"'$PWD'#:$((\1-'`echo -n $PWD|wc -c`')):\"#g;  
s#\"#\\"#g;  s#.*#echo "&"#g' \
    usr/share/pear/.registry/console_getopt.reg |sh > 
usr/share/pear/.registry/console_getopt.reg.tmp
  mv usr/share/pear/.registry/console_getopt.reg.tmp 
usr/share/pear/.registry/console_getopt.reg

  sed 's#:\([0-9]*\):\"'$PWD'#:$((\1-'`echo -n $PWD|wc -c`')):\"#g;  
s#\"#\\"#g;  s#.*#echo "&"#g' \
    usr/share/pear/.registry/archive_tar.reg |sh > 
usr/share/pear/.registry/archive_tar.reg.tmp
  mv usr/share/pear/.registry/archive_tar.reg.tmp 
usr/share/pear/.registry/archive_tar.reg

  sed 's#:\([0-9]*\):\"'$PWD'#:$((\1-'`echo -n $PWD|wc -c`')):\"#g;  
s#\"#\\"#g;  s#.*#echo "&"#g' \
    usr/share/pear/.registry/pear.reg |sh > 
usr/share/pear/.registry/pear.reg.tmp
  mv usr/share/pear/.registry/pear.reg.tmp usr/share/pear/.registry/pear.reg
  ##############
}

_______________________________________________
arch mailing list
[email protected]
http://www.archlinux.org/mailman/listinfo/arch

[arch] Important security-fix for php

Reply via email to