- fix open_basedir vulnerability in php4 and php5 [1]

- add an alert on safe_mode intrinsic insecurity and suggest to install the suhosin extension - enable the suhosin patch by deafult also in php4 Submitted by: Thomas Vogt <thomas@bsdunix.ch> [1] Obtained from: PHP CVS [1] Approved by: portmgr (clement)
author: Alex Dupre <ale@FreeBSD.org> 2006-10-16 09:30:58 +0000
committer: Alex Dupre <ale@FreeBSD.org> 2006-10-16 09:30:58 +0000
commit: d754180768ceb88d6503eb611b91f8153d84da04 (patch)
tree: 194f945e56fcc78457c3972839630e2725b992a3 /lang
parent: - follow devel/libticalcs 4.6.1 library version (diff)
15 files changed, 302 insertions, 5 deletions
diff --git a/lang/php4/Makefile b/lang/php4/Makefile
index 165cacf8d818..6d8269cb5da8 100644
--- a/lang/php4/Makefile
+++ b/lang/php4/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	php4
 PORTVERSION=	4.4.4
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP:S,$,:release,} \
 		http://downloads.php.net/ilia/:rc \
@@ -37,7 +37,7 @@ OPTIONS=	CLI "Build CLI version" on \
 		CGI "Build CGI version" on \
 		APACHE "Build Apache module" off \
 		DEBUG "Enable debug" off \
-		SUHOSIN "Enable Suhosin protection system" off \
+		SUHOSIN "Enable Suhosin protection system" on \
 		MULTIBYTE "Enable zend multibyte support" off \
 		IPV6 "Enable ipv6 support" on \
 		REDIRECT "Enable force-cgi-redirect support (CGI only)" off \
@@ -53,7 +53,7 @@ MAN1=		php-config.1 phpize.1
 
 .include <bsd.port.pre.mk>
 
-.if defined(WITH_SUHOSIN)
+.if !defined(WITHOUT_SUHOSIN)
 PATCHFILES=	suhosin-patch-${PORTVERSION}-0.9.5.patch.gz
 PATCH_SITES=	http://www.hardened-php.net/suhosin/_media/
 PATCH_DIST_STRIP=	-p1
diff --git a/lang/php4/files/patch-ext_standard_dir.c b/lang/php4/files/patch-ext_standard_dir.c
new file mode 100644
index 000000000000..ef819306883b
--- /dev/null
+++ b/lang/php4/files/patch-ext_standard_dir.c
@@ -0,0 +1,20 @@
+--- ext/standard/dir.c.orig	Mon Oct 16 06:59:56 2006
++++ ext/standard/dir.c	Mon Oct 16 07:00:06 2006
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: dir.c,v 1.109.2.18.2.2 2006/01/01 13:46:57 sniper Exp $ */
++/* $Id: dir.c,v 1.109.2.18.2.3 2006/10/04 23:20:02 iliaa Exp $ */
+ 
+ /* {{{ includes/startup/misc */
+ 
+@@ -275,7 +275,7 @@
+ 		RETURN_FALSE;
+ 	}
+ 
+-	if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
++	if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
+ 		RETURN_FALSE;
+ 	}
+ 	ret = VCWD_CHDIR(str);
diff --git a/lang/php4/files/patch-main_php_open_temporary_file.c b/lang/php4/files/patch-main_php_open_temporary_file.c
new file mode 100644
index 000000000000..1af8a22b5a6e
--- /dev/null
+++ b/lang/php4/files/patch-main_php_open_temporary_file.c
@@ -0,0 +1,43 @@
+--- main/php_open_temporary_file.c.orig	Mon Oct 16 07:26:57 2006
++++ main/php_open_temporary_file.c	Mon Oct 16 07:27:01 2006
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: php_open_temporary_file.c,v 1.18.2.10.2.3 2006/05/23 23:23:39 iliaa Exp $ */
++/* $Id: php_open_temporary_file.c,v 1.18.2.10.2.6 2006/10/13 01:12:11 iliaa Exp $ */
+ 
+ #include "php.h"
+ 
+@@ -207,6 +207,7 @@
+ PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC)
+ {
+ 	int fd;
++	const char *temp_dir;
+ 
+ 	if (!pfx) {
+ 		pfx = "tmp.";
+@@ -215,11 +216,22 @@
+ 		*opened_path_p = NULL;
+ 	}
+ 
++	if (!dir || *dir == '\0') {
++def_tmp:
++		temp_dir = php_get_temporary_directory();
++
++		if (temp_dir && *temp_dir != '\0' && !php_check_open_basedir(temp_dir TSRMLS_CC)) {
++			return php_do_open_temporary_file(temp_dir, pfx, opened_path_p TSRMLS_CC);
++		} else {
++			return -1;
++		}
++	}
++
+ 	/* Try the directory given as parameter. */
+ 	fd = php_do_open_temporary_file(dir, pfx, opened_path_p TSRMLS_CC);
+ 	if (fd == -1) {
+ 		/* Use default temporary directory. */
+-		fd = php_do_open_temporary_file(php_get_temporary_directory(), pfx, opened_path_p TSRMLS_CC);
++		goto def_tmp;
+ 	}
+ 	return fd;
+ }
diff --git a/lang/php4/files/patch-php.ini-dist b/lang/php4/files/patch-php.ini-dist
new file mode 100644
index 000000000000..5ba593157aab
--- /dev/null
+++ b/lang/php4/files/patch-php.ini-dist
@@ -0,0 +1,18 @@
+--- php.ini-dist.orig	Fri Dec 30 18:19:43 2005
++++ php.ini-dist	Mon Oct 16 08:12:28 2006
+@@ -155,6 +155,15 @@
+ 
+ ; Safe Mode
+ ;
++; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
++; the PHP Safe Mode feature not be relied upon for security, since the
++; issues Safe Mode tries to handle cannot properly be handled in PHP
++; (primarily due to PHP's use of external libraries).  While many bugs
++; in Safe Mode has been fixed it's very likely that more issues exist
++; which allows a user to bypass Safe Mode restrictions.
++; For increased security we always recommend to install the Suhosin
++; extension.
++;
+ safe_mode = Off
+ 
+ ; By default, Safe Mode does a UID compare check when
diff --git a/lang/php4/files/patch-php.ini-recommended b/lang/php4/files/patch-php.ini-recommended
new file mode 100644
index 000000000000..a2baecd55e4f
--- /dev/null
+++ b/lang/php4/files/patch-php.ini-recommended
@@ -0,0 +1,18 @@
+--- php.ini-recommended.orig	Fri Dec 30 18:19:43 2005
++++ php.ini-recommended	Mon Oct 16 08:13:05 2006
+@@ -169,6 +169,15 @@
+ ;
+ ; Safe Mode
+ ;
++; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
++; the PHP Safe Mode feature not be relied upon for security, since the
++; issues Safe Mode tries to handle cannot properly be handled in PHP
++; (primarily due to PHP's use of external libraries).  While many bugs
++; in Safe Mode has been fixed it's very likely that more issues exist
++; which allows a user to bypass Safe Mode restrictions.
++; For increased security we recommend to always install the Suhosin
++; extension.
++;
+ safe_mode = Off
+ 
+ ; By default, Safe Mode does a UID compare check when
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index e0d2013da065..90bd0d34af2c 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	php5
 PORTVERSION=	5.1.6
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP:S,$,:release,} \
 		http://downloads.php.net/ilia/:rc \
diff --git a/lang/php5/files/patch-ext_standard_dir.c b/lang/php5/files/patch-ext_standard_dir.c
new file mode 100644
index 000000000000..58a6bccb9cfe
--- /dev/null
+++ b/lang/php5/files/patch-ext_standard_dir.c
@@ -0,0 +1,20 @@
+--- ext/standard/dir.c.orig	Mon Oct 16 07:08:36 2006
++++ ext/standard/dir.c	Mon Oct 16 07:08:40 2006
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: dir.c,v 1.147.2.3 2006/02/26 10:49:50 helly Exp $ */
++/* $Id: dir.c,v 1.147.2.3.2.1 2006/10/04 23:19:25 iliaa Exp $ */
+ 
+ /* {{{ includes/startup/misc */
+ 
+@@ -286,7 +286,7 @@
+ 		RETURN_FALSE;
+ 	}
+ 
+-	if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
++	if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
+ 		RETURN_FALSE;
+ 	}
+ 	ret = VCWD_CHDIR(str);
diff --git a/lang/php5/files/patch-main_php_open_temporary_file.c b/lang/php5/files/patch-main_php_open_temporary_file.c
new file mode 100644
index 000000000000..85f7c51ab47d
--- /dev/null
+++ b/lang/php5/files/patch-main_php_open_temporary_file.c
@@ -0,0 +1,43 @@
+--- main/php_open_temporary_file.c.orig	Mon Oct 16 07:21:14 2006
++++ main/php_open_temporary_file.c	Mon Oct 16 07:22:00 2006
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: php_open_temporary_file.c,v 1.34.2.2 2006/05/23 23:22:26 iliaa Exp $ */
++/* $Id: php_open_temporary_file.c,v 1.34.2.1.2.4 2006/10/13 01:11:30 iliaa Exp $ */
+ 
+ #include "php.h"
+ 
+@@ -206,6 +206,7 @@
+ PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC)
+ {
+ 	int fd;
++	const char *temp_dir;
+ 
+ 	if (!pfx) {
+ 		pfx = "tmp.";
+@@ -214,11 +215,22 @@
+ 		*opened_path_p = NULL;
+ 	}
+ 
++	if (!dir || *dir == '\0') {
++def_tmp:
++		temp_dir = php_get_temporary_directory();
++
++		if (temp_dir && *temp_dir != '\0' && !php_check_open_basedir(temp_dir TSRMLS_CC)) {
++			return php_do_open_temporary_file(temp_dir, pfx, opened_path_p TSRMLS_CC);
++		} else {
++			return -1;
++		}
++	}
++
+ 	/* Try the directory given as parameter. */
+ 	fd = php_do_open_temporary_file(dir, pfx, opened_path_p TSRMLS_CC);
+ 	if (fd == -1) {
+ 		/* Use default temporary directory. */
+-		fd = php_do_open_temporary_file(php_get_temporary_directory(), pfx, opened_path_p TSRMLS_CC);
++		goto def_tmp;
+ 	}
+ 	return fd;
+ }
diff --git a/lang/php5/files/patch-php.ini-dist b/lang/php5/files/patch-php.ini-dist
new file mode 100644
index 000000000000..6d84f3a80891
--- /dev/null
+++ b/lang/php5/files/patch-php.ini-dist
@@ -0,0 +1,18 @@
+--- php.ini-dist.orig	Fri Dec 30 18:19:43 2005
++++ php.ini-dist	Mon Oct 16 08:12:28 2006
+@@ -165,6 +165,15 @@
+ 
+ ; Safe Mode
+ ;
++; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
++; the PHP Safe Mode feature not be relied upon for security, since the
++; issues Safe Mode tries to handle cannot properly be handled in PHP
++; (primarily due to PHP's use of external libraries).  While many bugs
++; in Safe Mode has been fixed it's very likely that more issues exist
++; which allows a user to bypass Safe Mode restrictions.
++; For increased security we always recommend to install the Suhosin
++; extension.
++;
+ safe_mode = Off
+ 
+ ; By default, Safe Mode does a UID compare check when
diff --git a/lang/php5/files/patch-php.ini-recommended b/lang/php5/files/patch-php.ini-recommended
new file mode 100644
index 000000000000..7b648b1ea0b5
--- /dev/null
+++ b/lang/php5/files/patch-php.ini-recommended
@@ -0,0 +1,18 @@
+--- php.ini-recommended.orig	Fri Dec 30 18:19:43 2005
++++ php.ini-recommended	Mon Oct 16 08:13:05 2006
+@@ -223,6 +223,15 @@
+ ;
+ ; Safe Mode
+ ;
++; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
++; the PHP Safe Mode feature not be relied upon for security, since the
++; issues Safe Mode tries to handle cannot properly be handled in PHP
++; (primarily due to PHP's use of external libraries).  While many bugs
++; in Safe Mode has been fixed it's very likely that more issues exist
++; which allows a user to bypass Safe Mode restrictions.
++; For increased security we recommend to always install the Suhosin
++; extension.
++;
+ safe_mode = Off
+ 
+ ; By default, Safe Mode does a UID compare check when
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index e0d2013da065..90bd0d34af2c 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	php5
 PORTVERSION=	5.1.6
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP:S,$,:release,} \
 		http://downloads.php.net/ilia/:rc \
diff --git a/lang/php53/files/patch-ext_standard_dir.c b/lang/php53/files/patch-ext_standard_dir.c
new file mode 100644
index 000000000000..58a6bccb9cfe
--- /dev/null
+++ b/lang/php53/files/patch-ext_standard_dir.c
@@ -0,0 +1,20 @@
+--- ext/standard/dir.c.orig	Mon Oct 16 07:08:36 2006
++++ ext/standard/dir.c	Mon Oct 16 07:08:40 2006
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: dir.c,v 1.147.2.3 2006/02/26 10:49:50 helly Exp $ */
++/* $Id: dir.c,v 1.147.2.3.2.1 2006/10/04 23:19:25 iliaa Exp $ */
+ 
+ /* {{{ includes/startup/misc */
+ 
+@@ -286,7 +286,7 @@
+ 		RETURN_FALSE;
+ 	}
+ 
+-	if (PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) {
++	if ((PG(safe_mode) && !php_checkuid(str, NULL, CHECKUID_CHECK_FILE_AND_DIR)) || php_check_open_basedir(str TSRMLS_CC)) {
+ 		RETURN_FALSE;
+ 	}
+ 	ret = VCWD_CHDIR(str);
diff --git a/lang/php53/files/patch-main_php_open_temporary_file.c b/lang/php53/files/patch-main_php_open_temporary_file.c
new file mode 100644
index 000000000000..85f7c51ab47d
--- /dev/null
+++ b/lang/php53/files/patch-main_php_open_temporary_file.c
@@ -0,0 +1,43 @@
+--- main/php_open_temporary_file.c.orig	Mon Oct 16 07:21:14 2006
++++ main/php_open_temporary_file.c	Mon Oct 16 07:22:00 2006
+@@ -16,7 +16,7 @@
+    +----------------------------------------------------------------------+
+  */
+ 
+-/* $Id: php_open_temporary_file.c,v 1.34.2.2 2006/05/23 23:22:26 iliaa Exp $ */
++/* $Id: php_open_temporary_file.c,v 1.34.2.1.2.4 2006/10/13 01:11:30 iliaa Exp $ */
+ 
+ #include "php.h"
+ 
+@@ -206,6 +206,7 @@
+ PHPAPI int php_open_temporary_fd(const char *dir, const char *pfx, char **opened_path_p TSRMLS_DC)
+ {
+ 	int fd;
++	const char *temp_dir;
+ 
+ 	if (!pfx) {
+ 		pfx = "tmp.";
+@@ -214,11 +215,22 @@
+ 		*opened_path_p = NULL;
+ 	}
+ 
++	if (!dir || *dir == '\0') {
++def_tmp:
++		temp_dir = php_get_temporary_directory();
++
++		if (temp_dir && *temp_dir != '\0' && !php_check_open_basedir(temp_dir TSRMLS_CC)) {
++			return php_do_open_temporary_file(temp_dir, pfx, opened_path_p TSRMLS_CC);
++		} else {
++			return -1;
++		}
++	}
++
+ 	/* Try the directory given as parameter. */
+ 	fd = php_do_open_temporary_file(dir, pfx, opened_path_p TSRMLS_CC);
+ 	if (fd == -1) {
+ 		/* Use default temporary directory. */
+-		fd = php_do_open_temporary_file(php_get_temporary_directory(), pfx, opened_path_p TSRMLS_CC);
++		goto def_tmp;
+ 	}
+ 	return fd;
+ }
diff --git a/lang/php53/files/patch-php.ini-dist b/lang/php53/files/patch-php.ini-dist
new file mode 100644
index 000000000000..6d84f3a80891
--- /dev/null
+++ b/lang/php53/files/patch-php.ini-dist
@@ -0,0 +1,18 @@
+--- php.ini-dist.orig	Fri Dec 30 18:19:43 2005
++++ php.ini-dist	Mon Oct 16 08:12:28 2006
+@@ -165,6 +165,15 @@
+ 
+ ; Safe Mode
+ ;
++; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
++; the PHP Safe Mode feature not be relied upon for security, since the
++; issues Safe Mode tries to handle cannot properly be handled in PHP
++; (primarily due to PHP's use of external libraries).  While many bugs
++; in Safe Mode has been fixed it's very likely that more issues exist
++; which allows a user to bypass Safe Mode restrictions.
++; For increased security we always recommend to install the Suhosin
++; extension.
++;
+ safe_mode = Off
+ 
+ ; By default, Safe Mode does a UID compare check when
diff --git a/lang/php53/files/patch-php.ini-recommended b/lang/php53/files/patch-php.ini-recommended
new file mode 100644
index 000000000000..7b648b1ea0b5
--- /dev/null
+++ b/lang/php53/files/patch-php.ini-recommended
@@ -0,0 +1,18 @@
+--- php.ini-recommended.orig	Fri Dec 30 18:19:43 2005
++++ php.ini-recommended	Mon Oct 16 08:13:05 2006
+@@ -223,6 +223,15 @@
+ ;
+ ; Safe Mode
+ ;
++; SECURITY NOTE: The FreeBSD Security Officer strongly recommend that
++; the PHP Safe Mode feature not be relied upon for security, since the
++; issues Safe Mode tries to handle cannot properly be handled in PHP
++; (primarily due to PHP's use of external libraries).  While many bugs
++; in Safe Mode has been fixed it's very likely that more issues exist
++; which allows a user to bypass Safe Mode restrictions.
++; For increased security we recommend to always install the Suhosin
++; extension.
++;
+ safe_mode = Off
+ 
+ ; By default, Safe Mode does a UID compare check when
author	Alex Dupre <ale@FreeBSD.org>	2006-10-16 09:30:58 +0000
committer	Alex Dupre <ale@FreeBSD.org>	2006-10-16 09:30:58 +0000
commit	d754180768ceb88d6503eb611b91f8153d84da04 (patch)
tree	194f945e56fcc78457c3972839630e2725b992a3 /lang
parent	- follow devel/libticalcs 4.6.1 library version (diff)