Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-php
diff options
context:
space:
mode:
authorOle Markus With <olemarkus@gentoo.org>2011-03-14 17:13:18 +0000
committerOle Markus With <olemarkus@gentoo.org>2011-03-14 17:13:18 +0000
commitc084574dc92a375357592f623c5f6069829192b8 (patch)
treef3f5d119e5709d7799ed9007c3a1e3ce932bbc7b /dev-php
parentDuplicate gnome-use-flag related stuff to allow eclass changes from overlay t... (diff)
downloadhistorical-c084574dc92a375357592f623c5f6069829192b8.tar.gz
historical-c084574dc92a375357592f623c5f6069829192b8.tar.bz2
historical-c084574dc92a375357592f623c5f6069829192b8.zip
Fixes security bug #356893
Package-Manager: portage-2.1.9.41/cvs/Linux x86_64
Diffstat (limited to 'dev-php')
-rw-r--r--dev-php/PEAR-PEAR/ChangeLog8
-rw-r--r--dev-php/PEAR-PEAR/Manifest4
-rw-r--r--dev-php/PEAR-PEAR/PEAR-PEAR-1.9.2-r1.ebuild108
-rw-r--r--dev-php/PEAR-PEAR/files/symlink-attack-fix.patch126
4 files changed, 244 insertions, 2 deletions
diff --git a/dev-php/PEAR-PEAR/ChangeLog b/dev-php/PEAR-PEAR/ChangeLog
index f34595454c21..6a1434883ddb 100644
--- a/dev-php/PEAR-PEAR/ChangeLog
+++ b/dev-php/PEAR-PEAR/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for dev-php/PEAR-PEAR
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-php/PEAR-PEAR/ChangeLog,v 1.135 2011/03/06 10:59:47 olemarkus Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-php/PEAR-PEAR/ChangeLog,v 1.136 2011/03/14 17:13:18 olemarkus Exp $
+
+*PEAR-PEAR-1.9.2-r1 (14 Mar 2011)
+
+ 14 Mar 2011; <olemarkus@gentoo.org> +PEAR-PEAR-1.9.2-r1.ebuild,
+ +files/symlink-attack-fix.patch:
+ Fixes security bug #356893
06 Mar 2011; Ole Markus With <olemarkus@gentoo.org>
-PEAR-PEAR-1.6.2-r1.ebuild, -PEAR-PEAR-1.9.0.ebuild,
diff --git a/dev-php/PEAR-PEAR/Manifest b/dev-php/PEAR-PEAR/Manifest
index 09ef01ddecda..3a82acb87261 100644
--- a/dev-php/PEAR-PEAR/Manifest
+++ b/dev-php/PEAR-PEAR/Manifest
@@ -2,7 +2,9 @@ AUX 1.6.2-accept-encoding-bug_12116.patch 603 RMD160 d19b8be3352e479c7316f259cfb
AUX pear.conf 291 RMD160 311e624d97640448754aa2f3e643aa53501f9c25 SHA1 47b350c2bf4b882b5981504ac6acfd7c708367e6 SHA256 cbe9363c760952d00b90070d4a41e88a175e12c65f99668fbe16d8158f5fa7ab
AUX pear.conf-r1 379 RMD160 df2595353d3a0ee5474dff41a445ebd2e642a5ec SHA1 a9971714efca2a84ef54b5f7c71f3adbbe3d2930 SHA256 43e78396b7b91cf16a3d33d36c19096c9e7281b7f771c379f383a16c7756c490
AUX pear.conf-r2 379 RMD160 adaf8e0edd442e7a612754af1f594d8e9e776023 SHA1 098fd2a554643380bf09cc36e03d556459e00eeb SHA256 33296ad828fdbe5447edc93aea6e81351f643fc2e845c6e4bdfad84b299023aa
+AUX symlink-attack-fix.patch 4898 RMD160 17507378f94f61b47b92f29d12c87d63b35f8600 SHA1 4ad06a704337b50c1eb6aa5fc4d863da68c3ee17 SHA256 af94b54e313782a9306b2e5dad1563ebb9abc371531dfad2b8e14f4d26f4a475
DIST PEAR-1.9.2.tgz 295120 RMD160 f12b6a0a4600b0b227a88687c124b515621ca803 SHA1 1dda2c7c1c87532f6a45a54b98521a2e9efa02b3 SHA256 7f1446f3d92b4e19d3d4ca38dff6f50b66882b9b11a901b069e89a60ff4aff82
+EBUILD PEAR-PEAR-1.9.2-r1.ebuild 3728 RMD160 ecdd135dc59d703b441021943d13608c79f3f44a SHA1 055a5f17ec8fd473765ccad2b0cafa4044943a75 SHA256 c176119fd8abf0b0567b2b6efc383676ad02ff753269b5e35b85d301f58082d7
EBUILD PEAR-PEAR-1.9.2.ebuild 3636 RMD160 f88015f6e95a7250bef04756f69be35a5c1d7197 SHA1 d40a6dc8ded82e540d5cc4482ae1156b7c52b9a9 SHA256 2d565affd0b52d3d85b9914156fe04d49951c618a602b594061ae9eba68b7398
-MISC ChangeLog 19121 RMD160 917f9c5e5f6258d760de56ed1d1796f60480617b SHA1 b102d6a664386d50908158ec753f56b5a3431325 SHA256 d5fe511b15ecc4502b534c16ade9a427fc96a132f7e6c71b8cfeb0bbf9806ea8
+MISC ChangeLog 19287 RMD160 96ae3acc0c05957e4c0240434fe23e406fa135bf SHA1 ea0d3f510492ac20a02f0242d080e9dd2d4e0bda SHA256 7dd141baa1797596ee7015042d34d3cdfe92f4b31633c87299dcf42d9fd3bd72
MISC metadata.xml 248 RMD160 a52d2dcf8ab8231c5e8332d5022d921fb8b6754e SHA1 84c45cabf8e0959e44317f8db4449c0056c7959e SHA256 a98d66f97c0d4f6f57c10b1b2038cfb7c5a76a58ff187ddff241024dfa8dee51
diff --git a/dev-php/PEAR-PEAR/PEAR-PEAR-1.9.2-r1.ebuild b/dev-php/PEAR-PEAR/PEAR-PEAR-1.9.2-r1.ebuild
new file mode 100644
index 000000000000..876db88104ad
--- /dev/null
+++ b/dev-php/PEAR-PEAR/PEAR-PEAR-1.9.2-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-php/PEAR-PEAR/PEAR-PEAR-1.9.2-r1.ebuild,v 1.1 2011/03/14 17:13:18 olemarkus Exp $
+
+EAPI="3"
+
+inherit depend.php
+
+PEAR="${PV}"
+
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux ~x86-macos"
+
+DESCRIPTION="PEAR Base System"
+HOMEPAGE="http://pear.php.net/package/PEAR"
+SRC_URI="http://pear.php.net/get/PEAR-${PEAR}.tgz"
+LICENSE="MIT"
+SLOT="0"
+IUSE=""
+
+DEPEND="|| ( <dev-lang/php-5.3[pcre] >=dev-lang/php-5.3 )
+ dev-lang/php[cli,xml,zlib]"
+
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+ has_php
+
+ [[ -z "${PEAR_CACHEDIR}" ]] && PEAR_CACHEDIR="${EPREFIX}/var/cache/pear"
+ [[ -z "${PEAR_DOWNLOADDIR}" ]] && PEAR_DOWNLOADDIR="${EPREFIX}/var/tmp/pear"
+ [[ -z "${PEAR_TEMPDIR}" ]] && PEAR_TEMPDIR="${EPREFIX}/tmp"
+
+ elog
+ elog "cache_dir is set to: ${PEAR_CACHEDIR}"
+ elog "download_dir is set to: ${PEAR_DOWNLOADDIR}"
+ elog "temp_dir is set to: ${PEAR_TEMPDIR}"
+ elog
+ elog "If you want to change the above values, you need to set"
+ elog "PEAR_CACHEDIR, PEAR_DOWNLOADDIR and PEAR_TEMPDIR variable(s)"
+ elog "accordingly in /etc/make.conf and re-emerge ${PN}."
+ elog
+}
+
+src_prepare() {
+ #356893
+ epatch "${FILESDIR}/symlink-attack-fix.patch"
+}
+
+src_install() {
+ # Prevent SNMP related sandbox violoation.
+ addpredict /usr/share/snmp/mibs/.index
+ addpredict /var/lib/net-snmp/
+
+ # install PEAR package
+ cd "${S}"/PEAR-${PEAR}
+
+ insinto /usr/share/php
+ doins -r PEAR/
+ doins -r OS/
+ doins PEAR.php PEAR5.php System.php
+ doins scripts/pearcmd.php
+ doins scripts/peclcmd.php
+
+ newbin scripts/pear.sh pear
+ newbin scripts/peardev.sh peardev
+ newbin scripts/pecl.sh pecl
+
+ # adjust some scripts for current version
+ for i in pearcmd.php peclcmd.php ; do
+ dosed "s:@pear_version@:${PEAR}:g" /usr/share/php/${i}
+ done
+
+ for i in pear peardev pecl ; do
+ dosed "s:@bin_dir@:${EPREFIX}/usr/bin:g" /usr/bin/${i}
+ dosed "s:@php_dir@:${EPREFIX}/usr/share/php:g" /usr/bin/${i}
+ done
+ dosed "s:-d output_buffering=1:-d output_buffering=1 -d memory_limit=32M:g" /usr/bin/pear
+
+ dosed "s:@package_version@:${PEAR}:g" /usr/share/php/PEAR/Command/Package.php
+ dosed "s:@PEAR-VER@:${PEAR}:g" /usr/share/php/PEAR/Dependency2.php
+ dosed "s:@PEAR-VER@:${PEAR}:g" /usr/share/php/PEAR/PackageFile/Parser/v1.php
+ dosed "s:@PEAR-VER@:${PEAR}:g" /usr/share/php/PEAR/PackageFile/Parser/v2.php
+
+ # finalize install
+ insinto /etc
+ newins "${FILESDIR}"/pear.conf-r2 pear.conf
+ dosed "s|s:PHPCLILEN:\"PHPCLI\"|s:${#PHPCLI}:\"${PHPCLI}\"|g" /etc/pear.conf
+ dosed "s|s:CACHEDIRLEN:\"CACHEDIR\"|s:${#PEAR_CACHEDIR}:\"${PEAR_CACHEDIR}\"|g" /etc/pear.conf
+ dosed "s|s:DOWNLOADDIRLEN:\"DOWNLOADDIR\"|s:${#PEAR_DOWNLOADDIR}:\"${PEAR_DOWNLOADDIR}\"|g" /etc/pear.conf
+ dosed "s|s:TEMPDIRLEN:\"TEMPDIR\"|s:${#PEAR_TEMPDIR}:\"${PEAR_TEMPDIR}\"|g" /etc/pear.conf
+
+ # Change the paths for eprefix!
+ dosed "s|s:19:\"/usr/share/php/docs\"|s:$(( ${#EPREFIX}+19 )):\"${EPREFIX}/usr/share/php/docs\"|g" /etc/pear.conf
+ dosed "s|s:19:\"/usr/share/php/data\"|s:$(( ${#EPREFIX}+19 )):\"${EPREFIX}/usr/share/php/data\"|g" /etc/pear.conf
+ dosed "s|s:20:\"/usr/share/php/tests\"|s:$(( ${#EPREFIX}+20 )):\"${EPREFIX}/usr/share/php/tests\"|g" /etc/pear.conf
+ dosed "s|s:14:\"/usr/share/php\"|s:$(( ${#EPREFIX}+14 )):\"${EPREFIX}/usr/share/php\"|g" /etc/pear.conf
+ dosed "s|s:8:\"/usr/bin\"|s:$(( ${#EPREFIX}+8 )):\"${EPREFIX}/usr/bin\"|g" /etc/pear.conf
+
+ [[ "${PEAR_TEMPDIR}" != "/tmp" ]] && keepdir "${PEAR_TEMPDIR#${EPREFIX}}"
+ keepdir "${PEAR_CACHEDIR#${EPREFIX}}"
+ diropts -m1777
+ keepdir "${PEAR_DOWNLOADDIR#${EPREFIX}}"
+}
+
+pkg_preinst() {
+ rm -f "${EROOT}/etc/pear.conf"
+}
diff --git a/dev-php/PEAR-PEAR/files/symlink-attack-fix.patch b/dev-php/PEAR-PEAR/files/symlink-attack-fix.patch
new file mode 100644
index 000000000000..8101b2e592af
--- /dev/null
+++ b/dev-php/PEAR-PEAR/files/symlink-attack-fix.patch
@@ -0,0 +1,126 @@
+Fixes issue with symlink attacks found in PEAR-PEAR-1.9.2
+Upstream bug: http://pear.php.net/bugs/bug.php?id=18056
+Gentoo bug: 356893
+
+--- pear/pear-core/tags/PEAR-1.9.3/PEAR/REST.php 2011/03/08 22:46:27 309041
++++ pear/pear-core/tags/PEAR-1.9.3/PEAR/REST.php 2011/03/08 23:16:30 309042
+@@ -228,59 +228,75 @@
+ $cacheidfile = $d . 'rest.cacheid';
+ $cachefile = $d . 'rest.cachefile';
+
++ if (!is_dir($cache_dir)) {
++ if (System::mkdir(array('-p', $cache_dir) === false)) {
++ return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory and attempts to create the directory failed.");
++ }
++ }
++
+ if ($cacheid === null && $nochange) {
+ $cacheid = unserialize(implode('', file($cacheidfile)));
+ }
+
+- if (is_link($cacheidfile)) {
+- return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack');
+- }
++ $idData = serialize(array(
++ 'age' => time(),
++ 'lastChange' => ($nochange ? $cacheid['lastChange'] : $lastmodified),
++ ));
+
+- if (is_link($cachefile)) {
+- return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $cacheidfile . ' as it is symlinked to ' . readlink($cacheidfile) . ' - Possible symlink attack');
++ $result = $this->saveCacheFile($cacheidfile, $idData);
++ if (PEAR::isError($result)) {
++ return $result;
++ } elseif ($nochange) {
++ return true;
+ }
+
+- $cacheidfile_fp = @fopen($cacheidfile, 'wb');
+- if (!$cacheidfile_fp) {
+- if (is_dir($cache_dir)) {
+- return PEAR::raiseError("The value of config option cache_dir ($cache_dir) is not a directory. ");
++ $result = $this->saveCacheFile($cachefile, serialize($contents));
++ if (PEAR::isError($result)) {
++ if (file_exists($cacheidfile)) {
++ @unlink($cacheidfile);
+ }
+
+- System::mkdir(array('-p', $cache_dir));
+- $cacheidfile_fp = @fopen($cacheidfile, 'wb');
+- if (!$cacheidfile_fp) {
+- return PEAR::raiseError("Could not open $cacheidfile for writing.");
+- }
++ return $result;
+ }
+
+- if ($nochange) {
+- fwrite($cacheidfile_fp, serialize(array(
+- 'age' => time(),
+- 'lastChange' => $cacheid['lastChange'],
+- ))
+- );
+-
+- fclose($cacheidfile_fp);
+- return true;
+- }
++ return true;
++ }
+
+- fwrite($cacheidfile_fp, serialize(array(
+- 'age' => time(),
+- 'lastChange' => $lastmodified,
+- ))
+- );
+- fclose($cacheidfile_fp);
++ function saveCacheFile($file, $contents)
++ {
++ $len = strlen($contents);
+
+- $cachefile_fp = @fopen($cachefile, 'wb');
+- if (!$cachefile_fp) {
+- if (file_exists($cacheidfile)) {
+- @unlink($cacheidfile);
++ $cachefile_fp = @fopen($file, 'xb'); // x is the O_CREAT|O_EXCL mode
++ if ($cachefile_fp !== false) { // create file
++ if (fwrite($cachefile_fp, $contents, $len) < $len) {
++ fclose($cachefile_fp);
++ return PEAR::raiseError("Could not write $file.");
++ }
++ } else { // update file
++ $cachefile_lstat = lstat($file);
++ $cachefile_fp = @fopen($file, 'wb');
++ if (!$cachefile_fp) {
++ return PEAR::raiseError("Could not open $file for writing.");
++ }
++
++ $cachefile_fstat = fstat($cachefile_fp);
++ if (
++ $cachefile_lstat['mode'] == $cachefile_fstat['mode'] &&
++ $cachefile_lstat['ino'] == $cachefile_fstat['ino'] &&
++ $cachefile_lstat['dev'] == $cachefile_fstat['dev'] &&
++ $cachefile_fstat['nlink'] === 1
++ ) {
++ if (fwrite($cachefile_fp, $contents, $len) < $len) {
++ fclose($cachefile_fp);
++ return PEAR::raiseError("Could not write $file.");
++ }
++ } else {
++ fclose($cachefile_fp);
++ $link = function_exists('readlink') ? readlink($file) : $file;
++ return PEAR::raiseError('SECURITY ERROR: Will not write to ' . $file . ' as it is symlinked to ' . $link . ' - Possible symlink attack');
+ }
+-
+- return PEAR::raiseError("Could not open $cacheidfile for writing.");
+ }
+
+- fwrite($cachefile_fp, serialize($contents));
+ fclose($cachefile_fp);
+ return true;
+ }
+@@ -464,4 +480,4 @@
+
+ return $data;
+ }
+-}
++}
+\ No newline at end of file