Fix for CVE-2008-2665 and CVE-2008-2666.

Obtained from: PHP CVS
author: Alex Dupre <ale@FreeBSD.org> 2008-09-04 13:55:11 +0000
committer: Alex Dupre <ale@FreeBSD.org> 2008-09-04 13:55:11 +0000
commit: 067f51c23a1e6f413d0abb965b71fc97d18a6421 (patch)
tree: 45e6e224bc2f9db65e9d4bf49e8a33127a506a07 /lang/php5
parent: Update to 0.12.0 (diff)
2 files changed, 18 insertions, 1 deletions
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index f5148c497f24..b0354884ee5b 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	php5
 PORTVERSION=	5.2.6
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
diff --git a/lang/php5/files/patch-main_safe_mode.c b/lang/php5/files/patch-main_safe_mode.c
new file mode 100644
index 000000000000..4b0d4e1c531c
--- /dev/null
+++ b/lang/php5/files/patch-main_safe_mode.c
@@ -0,0 +1,17 @@
+--- main/safe_mode.c.orig	2008-09-04 15:52:19.000000000 +0200
++++ main/safe_mode.c	2008-09-04 15:52:35.000000000 +0200
+@@ -74,14 +74,6 @@
+ 		}
+ 	}
+ 
+-	/* 
+-	 * If given filepath is a URL, allow - safe mode stuff
+-	 * related to URL's is checked in individual functions
+-	 */
+-	wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
+-	if (wrapper != NULL)
+-		return 1;
+-		
+ 	/* First we see if the file is owned by the same user...
+ 	 * If that fails, passthrough and check directory...
+ 	 */
author	Alex Dupre <ale@FreeBSD.org>	2008-09-04 13:55:11 +0000
committer	Alex Dupre <ale@FreeBSD.org>	2008-09-04 13:55:11 +0000
commit	067f51c23a1e6f413d0abb965b71fc97d18a6421 (patch)
tree	45e6e224bc2f9db65e9d4bf49e8a33127a506a07 /lang/php5
parent	Update to 0.12.0 (diff)