From 067f51c23a1e6f413d0abb965b71fc97d18a6421 Mon Sep 17 00:00:00 2001
From: Alex Dupre <ale@FreeBSD.org>
Date: Thu, 4 Sep 2008 13:55:11 +0000
Subject: Fix for CVE-2008-2665 and CVE-2008-2666.

Obtained from:	PHP CVS
---
 lang/php5/Makefile                     |  2 +-
 lang/php5/files/patch-main_safe_mode.c | 17 +++++++++++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 lang/php5/files/patch-main_safe_mode.c

(limited to 'lang/php5')

diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index f5148c497f24..b0354884ee5b 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	php5
 PORTVERSION=	5.2.6
-PORTREVISION?=	1
+PORTREVISION?=	2
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
diff --git a/lang/php5/files/patch-main_safe_mode.c b/lang/php5/files/patch-main_safe_mode.c
new file mode 100644
index 000000000000..4b0d4e1c531c
--- /dev/null
+++ b/lang/php5/files/patch-main_safe_mode.c
@@ -0,0 +1,17 @@
+--- main/safe_mode.c.orig	2008-09-04 15:52:19.000000000 +0200
++++ main/safe_mode.c	2008-09-04 15:52:35.000000000 +0200
+@@ -74,14 +74,6 @@
+ 		}
+ 	}
+ 
+-	/* 
+-	 * If given filepath is a URL, allow - safe mode stuff
+-	 * related to URL's is checked in individual functions
+-	 */
+-	wrapper = php_stream_locate_url_wrapper(filename, NULL, STREAM_LOCATE_WRAPPERS_ONLY TSRMLS_CC);
+-	if (wrapper != NULL)
+-		return 1;
+-		
+ 	/* First we see if the file is owned by the same user...
+ 	 * If that fails, passthrough and check directory...
+ 	 */
-- 
cgit v1.2.3