diff options
| author |   Christian Hoffmann <hoffie@gentoo.org> | 2007-12-08 23:23:39 +0000 |
|---|---|---|
| committer | Christian Hoffmann <hoffie@gentoo.org> | 2007-12-08 23:23:39 +0000 |
| commit | a813a2f45b5a592cb83d70995ca437e9f1385786 (patch) | |
| tree | 945c2bb6fbfbdaa76183647e0300d09b0f8b38d2 /dev-lang | |
| parent | Dropping old version (diff) | |
| download | gentoo-2-a813a2f45b5a592cb83d70995ca437e9f1385786.tar.gz gentoo-2-a813a2f45b5a592cb83d70995ca437e9f1385786.tar.bz2 gentoo-2-a813a2f45b5a592cb83d70995ca437e9f1385786.zip | |
revision bump w/ updated patchset to fix most of the security issues listed in bug 199156
(Portage version: 2.1.4_rc8)
Diffstat (limited to 'dev-lang')
| -rw-r--r-- | dev-lang/php/ChangeLog | 8 | ||||
| -rw-r--r-- | dev-lang/php/files/digest-php-5.2.5-r1 | 9 | ||||
| -rw-r--r-- | dev-lang/php/php-5.2.5-r1.ebuild | 495 |
3 files changed, 511 insertions, 1 deletions
diff --git a/dev-lang/php/ChangeLog b/dev-lang/php/ChangeLog index d60a60e3a055..e2dad8910500 100644 --- a/dev-lang/php/ChangeLog +++ b/dev-lang/php/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-lang/php # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-lang/php/ChangeLog,v 1.212 2007/11/15 17:25:24 hoffie Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-lang/php/ChangeLog,v 1.213 2007/12/08 23:23:38 hoffie Exp $ + +*php-5.2.5-r1 (08 Dec 2007) + + 08 Dec 2007; Christian Hoffmann <hoffie@gentoo.org> +php-5.2.5-r1.ebuild: + revision bump w/ updated patchset to fix most of the security issues listed + in bug 199156 15 Nov 2007; Christian Hoffmann <hoffie@gentoo.org> -php-4.4.7.ebuild, -php-5.2.4.ebuild, -php-5.2.4_p20070914-r2.ebuild: diff --git a/dev-lang/php/files/digest-php-5.2.5-r1 b/dev-lang/php/files/digest-php-5.2.5-r1 new file mode 100644 index 000000000000..408a19198c9b --- /dev/null +++ b/dev-lang/php/files/digest-php-5.2.5-r1 @@ -0,0 +1,9 @@ +MD5 1fe14ca892460b09f06729941a1bb605 php-5.2.5.tar.bz2 7773024 +RMD160 2d5755f2ae8884e80f0a5c70e8fdfdb6deed46bc php-5.2.5.tar.bz2 7773024 +SHA256 5cac1e70df5019ebdfdab2e0b8b216f7fdf56b9895c9f68c993313918249bba3 php-5.2.5.tar.bz2 7773024 +MD5 6247e2dbd9c1a3495e3815c2e0a7691f php-patchset-5.2.5-r1.tar.bz2 15350 +RMD160 777f77e351ed024952f2adf323261db28f98c428 php-patchset-5.2.5-r1.tar.bz2 15350 +SHA256 50860764cf068465af09acc5ed32ad89f2e8ee0e03b02b2dd70fa19bd1176f10 php-patchset-5.2.5-r1.tar.bz2 15350 +MD5 a43f1a0ee9e7c41c4cb6890174f1f9d8 suhosin-patch-5.2.5-0.9.6.2.patch.gz 23157 +RMD160 25863ad76bea4a8e5bf50bd916835b5d9324452c suhosin-patch-5.2.5-0.9.6.2.patch.gz 23157 +SHA256 fd77ccdeb90c83af7492876dda17518de95dd74a5b6feecc5a1bd2c8e322ab53 suhosin-patch-5.2.5-0.9.6.2.patch.gz 23157 diff --git a/dev-lang/php/php-5.2.5-r1.ebuild b/dev-lang/php/php-5.2.5-r1.ebuild new file mode 100644 index 000000000000..4e46231a6bab --- /dev/null +++ b/dev-lang/php/php-5.2.5-r1.ebuild @@ -0,0 +1,495 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-lang/php/php-5.2.5-r1.ebuild,v 1.1 2007/12/08 23:23:38 hoffie Exp $ + +CGI_SAPI_USE="discard-path force-cgi-redirect" +APACHE2_SAPI_USE="concurrentmodphp threads" +IUSE="cli cgi ${CGI_SAPI_USE} ${APACHE2_SAPI_USE} fastbuild" + +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" + +# NOTE: Portage doesn't support setting PROVIDE based on the USE flags +# that have been enabled, so we have to PROVIDE everything for now +# and hope for the best +PROVIDE="virtual/php virtual/httpd-php" + +# php package settings +SLOT="5" +MY_PHP_PV="${PV}" +MY_PHP_P="php-${MY_PHP_PV}" +PHP_PACKAGE="1" + +# php patch settings, general +PHP_PATCHSET_REV="1" +SUHOSIN_PATCH="suhosin-patch-${PV}-0.9.6.2.patch.gz" +MULTILIB_PATCH="${MY_PHP_PV}/opt/multilib-search-path.patch" +# php patch settings, ebuild specific +FASTBUILD_PATCH="${MY_PHP_PV}/opt/fastbuild.patch" +CONCURRENTMODPHP_PATCH="${MY_PHP_PV}/opt/concurrent_apache_modules.patch" + +inherit versionator php5_2-sapi apache-module + +DESCRIPTION="The PHP language runtime engine: CLI, CGI and Apache2 SAPIs." + +DEPEND="app-admin/php-toolkit" +RDEPEND="${DEPEND}" + +want_apache + +pkg_setup() { + PHPCONFUTILS_AUTO_USE="" + + # Make sure the user has specified at least one SAPI + einfo "Determining SAPI(s) to build" + phpconfutils_require_any " Enabled SAPI:" " Disabled SAPI:" cli cgi apache2 + + # Threaded Apache2 support + if use apache2 ; then + if [[ "${APACHE_VERSION}" != "0" ]] ; then + if ! use threads ; then + APACHE2_SAFE_MPMS="itk peruser prefork" + else + APACHE2_SAFE_MPMS="event leader metuxmpm perchild threadpool worker" + fi + + ewarn + ewarn "If this package fails with a fatal error about Apache2 not having" + ewarn "been compiled with a compatible MPM, this is normally because you" + ewarn "need to toggle the 'threads' USE flag." + ewarn + ewarn "If 'threads' is off, try switching it on." + ewarn "If 'threads' is on, try switching it off." + ewarn + + apache-module_pkg_setup + fi + fi + + # Concurrent PHP Apache2 modules support + if use apache2 ; then + if [[ "${APACHE_VERSION}" != "0" ]] ; then + if use concurrentmodphp ; then + ewarn + ewarn "'concurrentmodphp' makes it possible to load multiple, differently" + ewarn "versioned mod_php's into the same Apache instance. This is done with" + ewarn "a few linker tricks and workarounds, and is not guaranteed to always" + ewarn "work correctly, so use it at your own risk. Especially, do not use" + ewarn "this in conjunction with PHP modules (PECL, ...) other than the ones" + ewarn "you may find in the Portage tree or the PHP Overlay!" + ewarn "This is an experimental feature, so please rebuild PHP" + ewarn "without the 'concurrentmodphp' USE flag if you experience" + ewarn "any problems, and then reproduce any bugs before filing" + ewarn "them in Gentoo's Bugzilla or bugs.php.net." + ewarn "If you have conclusive evidence that a bug directly" + ewarn "derives from 'concurrentmodphp', please file a bug in" + ewarn "Gentoo's Bugzilla only." + ewarn + ebeep 5 + fi + fi + fi + + # fastbuild support + if use fastbuild ; then + ewarn + ewarn "'fastbuild' attempts to build all SAPIs in a single pass." + ewarn "This is an experimental feature, so please rebuild PHP" + ewarn "without the 'fastbuild' USE flag if you experience" + ewarn "any problems, and then reproduce any bugs before filing" + ewarn "them in Gentoo's Bugzilla or bugs.php.net." + ewarn "If you have conclusive evidence that a bug directly" + ewarn "derives from 'fastbuild', please file a bug in" + ewarn "Gentoo's Bugzilla only." + ewarn + fi + + php5_2-sapi_pkg_setup +} + +php_determine_sapis() { + # holds the list of sapis that we want to build + PHPSAPIS= + + if use cli || phpconfutils_usecheck cli ; then + PHPSAPIS="${PHPSAPIS} cli" + fi + + if use cgi ; then + PHPSAPIS="${PHPSAPIS} cgi" + fi + + # note - apache SAPI comes after the simpler cli/cgi sapis + if use apache2 ; then + if [[ "${APACHE_VERSION}" != "0" ]] ; then + PHPSAPIS="${PHPSAPIS} apache${APACHE_VERSION}" + fi + fi +} + +src_unpack() { + if [[ "${PHP_PACKAGE}" == 1 ]] ; then + unpack ${A} + fi + + cd "${S}" + + # Concurrent PHP Apache2 modules support + if use apache2 ; then + if [[ "${APACHE_VERSION}" != "0" ]] ; then + if use concurrentmodphp ; then + if [[ -n "${CONCURRENTMODPHP_PATCH}" ]] && [[ -f "${WORKDIR}/${CONCURRENTMODPHP_PATCH}" ]] ; then + epatch "${WORKDIR}/${CONCURRENTMODPHP_PATCH}" + else + ewarn "There is no concurrent mod_php patch available for this PHP release yet!" + fi + fi + fi + fi + + # fastbuild support + if use fastbuild ; then + if [[ -n "${FASTBUILD_PATCH}" ]] && [[ -f "${WORKDIR}/${FASTBUILD_PATCH}" ]] ; then + epatch "${WORKDIR}/${FASTBUILD_PATCH}" + else + ewarn "There is no fastbuild patch available for this PHP release yet!" + fi + fi + + # Now let the eclass do the rest and regenerate the configure + php5_2-sapi_src_unpack + + # Fix Makefile.global:test to consider the CGI SAPI if present + if use cgi ; then + sed -e "s|test \! -z \"\$(top_builddir)/php-cli\" \&\& test -x \"\$(top_builddir)/php-cli\"|test \! -z \"\$(top_builddir)/php-cli\" \&\& test -x \"\$(top_builddir)/php-cli\" \&\& test \! -z \"\$(top_builddir)/php-cgi\" \&\& test -x \"\$(top_builddir)/php-cgi\"|g" -i Makefile.global + sed -e "s|TEST_PHP_EXECUTABLE=\"\$(top_builddir)/php-cli\"|TEST_PHP_EXECUTABLE=\"\$(top_builddir)/php-cli\" TEST_PHP_CGI_EXECUTABLE=\"\$(top_builddir)/php-cgi\"|g" -i Makefile.global + fi + + # try to fix some test cases which fail because of sandbox otherwise + sed -e 's:/no/such/:.\0:' -i ext/standard/tests/file/005_error.phpt \ + ext/standard/tests/file/006_error.phpt \ + ext/standard/tests/file/touch.phpt + + # REMOVING BROKEN TESTS: + # removing this test as it has been broken for ages and is not easily + # fixable (depends on a lot of factors) + rm ext/standard/tests/general_functions/phpinfo.phpt + + # never worked properly, no easy fix + rm ext/iconv/tests/bug16069.phpt ext/iconv/tests/iconv_stream_filter.phpt +} + +src_compile() { + if use fastbuild && [[ -n "${FASTBUILD_PATCH}" ]] ; then + src_compile_fastbuild + else + src_compile_normal + fi +} + +src_compile_fastbuild() { + php_determine_sapis + + build_cli=0 + build_cgi=0 + build_apache2=0 + my_conf="" + + for x in ${PHPSAPIS} ; do + case ${x} in + cli) + build_cli=1 + ;; + cgi) + build_cgi=1 + ;; + apache2) + build_apache2=1 + ;; + esac + done + + if [[ ${build_cli} = 1 ]] ; then + my_conf="${my_conf} --enable-cli" + else + my_conf="${my_conf} --disable-cli" + fi + + if [[ ${build_cgi} = 1 ]] ; then + my_conf="${my_conf} --enable-cgi --enable-fastcgi" + phpconfutils_extension_enable "discard-path" "discard-path" 0 + phpconfutils_extension_enable "force-cgi-redirect" "force-cgi-redirect" 0 + else + my_conf="${my_conf} --disable-cgi" + fi + + if [[ ${build_apache2} = 1 ]] ; then + my_conf="${my_conf} --with-apxs2=/usr/sbin/apxs2" + + # Threaded Apache2 support + if use threads ; then + my_conf="${my_conf} --enable-maintainer-zts" + ewarn "Enabling ZTS for Apache2 MPM" + fi + + # Concurrent PHP Apache2 modules support + if use concurrentmodphp ; then + append-ldflags "-Wl,--version-script=${FILESDIR}/php5-ldvs" + fi + fi + + # Now we know what we are building, build it + php5_2-sapi_src_compile + + # To keep the separate php.ini files for each SAPI, we change the + # build-defs.h and recompile + + if [[ ${build_cli} = 1 ]] ; then + einfo + einfo "Building CLI SAPI" + einfo + + sed -e 's|^#define PHP_CONFIG_FILE_PATH.*|#define PHP_CONFIG_FILE_PATH "/etc/php/cli-php5"|g;' -i main/build-defs.h + sed -e 's|^#define PHP_CONFIG_FILE_SCAN_DIR.*|#define PHP_CONFIG_FILE_SCAN_DIR "/etc/php/cli-php5/ext-active"|g;' -i main/build-defs.h + for x in main/main.o main/main.lo main/php_ini.o main/php_ini.lo ; do + [[ -f ${x} ]] && rm -f ${x} + done + make sapi/cli/php || die "Unable to make CLI SAPI" + cp sapi/cli/php php-cli || die "Unable to copy CLI SAPI" + fi + + if [[ ${build_cgi} = 1 ]] ; then + einfo + einfo "Building CGI SAPI" + einfo + + sed -e 's|^#define PHP_CONFIG_FILE_PATH.*|#define PHP_CONFIG_FILE_PATH "/etc/php/cgi-php5"|g;' -i main/build-defs.h + sed -e 's|^#define PHP_CONFIG_FILE_SCAN_DIR.*|#define PHP_CONFIG_FILE_SCAN_DIR "/etc/php/cgi-php5/ext-active"|g;' -i main/build-defs.h + for x in main/main.o main/main.lo main/php_ini.o main/php_ini.lo ; do + [[ -f ${x} ]] && rm -f ${x} + done + make sapi/cgi/php-cgi || die "Unable to make CGI SAPI" + cp sapi/cgi/php-cgi php-cgi || die "Unable to copy CGI SAPI" + fi + + if [[ ${build_apache2} = 1 ]] ; then + einfo + einfo "Building apache${APACHE_VERSION} SAPI" + einfo + + sed -e "s|^#define PHP_CONFIG_FILE_PATH.*|#define PHP_CONFIG_FILE_PATH \"/etc/php/apache${APACHE_VERSION}-php5\"|g;" -i main/build-defs.h + sed -e "s|^#define PHP_CONFIG_FILE_SCAN_DIR.*|#define PHP_CONFIG_FILE_SCAN_DIR \"/etc/php/apache${APACHE_VERSION}-php5/ext-active\"|g;" -i main/build-defs.h + for x in main/main.o main/main.lo main/php_ini.o main/php_ini.lo ; do + [[ -f ${x} ]] && rm -f ${x} + done + make || die "Unable to make apache${APACHE_VERSION} SAPI" + fi +} + +src_compile_normal() { + php_determine_sapis + + CLEAN_REQUIRED=0 + my_conf="" + + # Support the Apache2 extras, they must be set globally for all + # SAPIs to work correctly, especially for external PHP extensions + if use apache2 ; then + if [[ "${APACHE_VERSION}" != "0" ]] ; then + # Concurrent PHP Apache2 modules support + if use concurrentmodphp ; then + append-ldflags "-Wl,--version-script=${FILESDIR}/php5-ldvs" + fi + fi + fi + + for x in ${PHPSAPIS} ; do + # Support the Apache2 extras, they must be set globally for all + # SAPIs to work correctly, especially for external PHP extensions + if use apache2 ; then + if [[ "${APACHE_VERSION}" != "0" ]] ; then + # Threaded Apache2 support + if use threads ; then + my_conf="${my_conf} --enable-maintainer-zts" + ewarn "Enabling ZTS for Apache2 MPM" + fi + fi + fi + + if [[ "${CLEAN_REQUIRED}" = 1 ]] ; then + make clean + fi + + PHPSAPI="${x}" + + case ${x} in + cli) + my_conf="${my_conf} --enable-cli --disable-cgi" + php5_2-sapi_src_compile + cp sapi/cli/php php-cli || die "Unable to copy CLI SAPI" + ;; + cgi) + my_conf="${my_conf} --disable-cli --enable-cgi --enable-fastcgi" + phpconfutils_extension_enable "discard-path" "discard-path" 0 + phpconfutils_extension_enable "force-cgi-redirect" "force-cgi-redirect" 0 + php5_2-sapi_src_compile + cp sapi/cgi/php-cgi php-cgi || die "Unable to copy CGI SAPI" + ;; + apache2) + my_conf="${my_conf} --disable-cli --with-apxs2=/usr/sbin/apxs2" + php5_2-sapi_src_compile + ;; + esac + + CLEAN_REQUIRED=1 + my_conf="" + done +} + +src_install() { + php_determine_sapis + + destdir=/usr/$(get_libdir)/php5 + + # Let the eclass do the common work + php5_2-sapi_src_install + + einfo + einfo "Installing SAPI(s) ${PHPSAPIS}" + einfo + + for x in ${PHPSAPIS} ; do + + PHPSAPI="${x}" + + case ${x} in + cli) + einfo "Installing CLI SAPI" + into ${destdir} + newbin php-cli php || die "Unable to install ${x} sapi" + php5_2-sapi_install_ini + ;; + cgi) + einfo "Installing CGI SAPI" + into ${destdir} + dobin php-cgi || die "Unable to install ${x} sapi" + php5_2-sapi_install_ini + ;; + apache2) + einfo "Installing Apache${APACHE_VERSION} SAPI" + make INSTALL_ROOT="${D}" install-sapi || die "Unable to install ${x} SAPI" + if use concurrentmodphp ; then + einfo "Installing Apache${APACHE_VERSION} config file for PHP5-concurrent (70_mod_php5_concurr.conf)" + insinto ${APACHE_MODULES_CONFDIR} + newins "${FILESDIR}/70_mod_php5_concurr.conf-apache2" "70_mod_php5_concurr.conf" + + # Put the ld version script in the right place so it's always accessible + insinto "/var/lib/php-pkg/${CATEGORY}/${PN}-${PVR}/" + doins "${FILESDIR}/php5-ldvs" + + # Redefine the extension dir to have the modphp suffix + PHPEXTDIR="`"${D}/${destdir}/bin/php-config" --extension-dir`-versioned" + else + einfo "Installing Apache${APACHE_VERSION} config file for PHP5 (70_mod_php5.conf)" + insinto ${APACHE_MODULES_CONFDIR} + newins "${FILESDIR}/70_mod_php5.conf-apache2" "70_mod_php5.conf" + fi + php5_2-sapi_install_ini + ;; + esac + done + + # Install env.d files + newenvd "${FILESDIR}/20php5-envd" "20php5" + sed -e "s|/lib/|/$(get_libdir)/|g" -i "${D}/etc/env.d/20php5" +} + +pkg_postinst() { + # Output some general info to the user + if use apache2 ; then + APACHE2_MOD_DEFINE="PHP5" + if use concurrentmodphp ; then + APACHE2_MOD_CONF="70_mod_php5_concurr" + else + APACHE2_MOD_CONF="70_mod_php5" + fi + apache-module_pkg_postinst + fi + + # Update Apache2 to use mod_php + if use apache2 ; then + "${ROOT}/usr/sbin/php-select" -t apache2 php5 > /dev/null 2>&1 + exitStatus=$? + if [[ ${exitStatus} == 2 ]] ; then + php-select apache2 php5 + elif [[ ${exitStatus} == 4 ]] ; then + ewarn + ewarn "Apache2 is configured to load a different version of PHP." + ewarn "To make Apache2 use PHP v5, use php-select:" + ewarn + ewarn " php-select apache2 php5" + ewarn + fi + fi + + # Create the symlinks for php-cli + if use cli || phpconfutils_usecheck cli ; then + "${ROOT}/usr/sbin/php-select" -t php php5 > /dev/null 2>&1 + exitStatus=$? + if [[ ${exitStatus} == 5 ]] ; then + php-select php php5 + elif [[ ${exitStatus} == 4 ]] ; then + ewarn + ewarn "/usr/bin/php links to a different version of PHP." + ewarn "To make /usr/bin/php point to PHP v5, use php-select:" + ewarn + ewarn " php-select php php5" + ewarn + fi + fi + + # Create the symlinks for php-cgi + if use cgi ; then + "${ROOT}/usr/sbin/php-select" -t php-cgi php5 > /dev/null 2>&1 + exitStatus=$? + if [[ ${exitStatus} == 5 ]] ; then + php-select php-cgi php5 + elif [[ ${exitStatus} == 4 ]] ; then + ewarn + ewarn "/usr/bin/php-cgi links to a different version of PHP." + ewarn "To make /usr/bin/php-cgi point to PHP v5, use php-select:" + ewarn + ewarn " php-select php-cgi php5" + ewarn + fi + fi + + # Create the symlinks for php-devel + "${ROOT}/usr/sbin/php-select" -t php-devel php5 > /dev/null 2>&1 + exitStatus=$? + if [[ $exitStatus == 5 ]] ; then + php-select php-devel php5 + elif [[ $exitStatus == 4 ]] ; then + ewarn + ewarn "/usr/bin/php-config and/or /usr/bin/phpize are linked to a" + ewarn "different version of PHP. To make them point to PHP v5, use" + ewarn "php-select:" + ewarn + ewarn " php-select php-devel php5" + ewarn + fi + + php5_2-sapi_pkg_postinst +} + +src_test() { + vecho ">>> Test phase [test]: ${CATEGORY}/${PF}" + if ! use cli; then + einfo "Skipping tests as PHP was built without CLI support" + return + fi + REPORT_EXIT_STATUS=1 TEST_PHP_EXECUTABLE=./sapi/cli/php \ + TEST_PHP_CGI_EXECUTABLE=./sapi/cgi/php-cgi ./sapi/cli/php -n ./run-tests.php -n + if [[ $? != 0 ]] ; then + eerror "Some tests failed!" + fi +} |