[Lunar-commits] r22672 - in moonbase/trunk/compilers: . php php5 php5-suhosin

striker striker at lunar-linux.org
Wed Dec 20 00:05:43 CET 2006


Author: striker
Date: 2006-12-20 00:05:43 +0100 (Wed, 20 Dec 2006)
New Revision: 22672

Added:
   moonbase/trunk/compilers/php5-suhosin/
   moonbase/trunk/compilers/php5-suhosin/BUILD
   moonbase/trunk/compilers/php5-suhosin/CONFIGURE
   moonbase/trunk/compilers/php5-suhosin/CONFLICTS
   moonbase/trunk/compilers/php5-suhosin/DEPENDS
   moonbase/trunk/compilers/php5-suhosin/DETAILS
   moonbase/trunk/compilers/php5-suhosin/POST_INSTALL
   moonbase/trunk/compilers/php5-suhosin/POST_REMOVE
   moonbase/trunk/compilers/php5-suhosin/PRE_BUILD
Modified:
   moonbase/trunk/compilers/php/CONFLICTS
   moonbase/trunk/compilers/php/POST_REMOVE
   moonbase/trunk/compilers/php5/CONFLICTS
   moonbase/trunk/compilers/php5/POST_REMOVE
Log:
- Adding php5-suhosin, a hardened-php.net patchset for PHP
- Adjusting conflicts for php, php5
- Added POST_REMOVE case for apache2


Modified: moonbase/trunk/compilers/php/CONFLICTS
===================================================================
--- moonbase/trunk/compilers/php/CONFLICTS	2006-12-19 20:37:09 UTC (rev 22671)
+++ moonbase/trunk/compilers/php/CONFLICTS	2006-12-19 23:05:43 UTC (rev 22672)
@@ -1 +1,3 @@
-conflicts php5
+conflicts php5         &&
+conflicts php5-suhosin
+

Modified: moonbase/trunk/compilers/php/POST_REMOVE
===================================================================
--- moonbase/trunk/compilers/php/POST_REMOVE	2006-12-19 20:37:09 UTC (rev 22671)
+++ moonbase/trunk/compilers/php/POST_REMOVE	2006-12-19 23:05:43 UTC (rev 22672)
@@ -14,4 +14,12 @@
   rm    -f  /tmp/httpd.conf
   /etc/init.d/apache_modssl.sh  restart
 
+elif  module_installed  apache2;  then
+
+  cp        /etc/httpd/httpd.conf       /tmp/httpd.conf
+  grep  -v  "LoadModule php4_module"    /tmp/httpd.conf  |
+  grep  -v  "AddType  application/x-httpd-php"   >  /etc/httpd/httpd.conf
+  rm    -f  /tmp/httpd.conf
+  /usr/sbin/apachectl  graceful
+
 fi

Modified: moonbase/trunk/compilers/php5/CONFLICTS
===================================================================
--- moonbase/trunk/compilers/php5/CONFLICTS	2006-12-19 20:37:09 UTC (rev 22671)
+++ moonbase/trunk/compilers/php5/CONFLICTS	2006-12-19 23:05:43 UTC (rev 22672)
@@ -1 +1,3 @@
-conflicts php
+conflicts php          &&
+conflicts php5-suhosin
+

Modified: moonbase/trunk/compilers/php5/POST_REMOVE
===================================================================
--- moonbase/trunk/compilers/php5/POST_REMOVE	2006-12-19 20:37:09 UTC (rev 22671)
+++ moonbase/trunk/compilers/php5/POST_REMOVE	2006-12-19 23:05:43 UTC (rev 22672)
@@ -14,4 +14,13 @@
   rm    -f  /tmp/httpd.conf
   /etc/init.d/apache_modssl.sh  restart
 
+elif  module_installed  apache2;  then
+
+  cp        /etc/httpd/httpd.conf       /tmp/httpd.conf
+  grep  -v  "LoadModule php5_module"    /tmp/httpd.conf  |
+  grep  -v  "AddType  application/x-httpd-php"   >  /etc/httpd/httpd.conf
+  rm    -f  /tmp/httpd.conf
+  /usr/sbin/apachectl  graceful
+
 fi
+

Added: moonbase/trunk/compilers/php5-suhosin/BUILD
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/BUILD	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/BUILD	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,82 @@
+(
+
+  if [ "$USE_PATCH" == "y" ]; then
+    patch_it $SOURCE4 1
+  fi &&
+
+  ./buildconf --force &&
+
+  if [ "$USE_IMAP" == "y" ]; then
+    unpack $SOURCE2
+    make -C imap-${IMAP_VERSION} slx SPECIALS="SSLDIR=/etc/ssl SSLINCLUDE=/usr/include SSLLIB=/usr/lib"
+    OPTS="$OPTS --with-imap=imap-${IMAP_VERSION}"
+  fi &&
+
+  if [ "$USE_REGGLOBALS" == "y" ]; then
+    OPTS="$OPTS "
+  fi &&
+
+  if [ "$USE_FTP" == "y" ]; then
+    OPTS="$OPTS --enable-ftp"
+  fi &&
+
+  if [ "$USE_SESSIONID" == "y" ]; then
+    OPTS="$OPTS --enable-trans-sid"
+  fi &&
+
+  if [ "$USE_SQLITE" == "y" ]; then
+    OPTS="$OPTS --enable-sqlite-utf8"
+  fi &&
+
+  if [ "$USE_SOCKETS" == "y" ]; then
+    OPTS="$OPTS --enable-sockets"
+  fi &&
+
+  if [ "$USE_NCURSES" == "y" ]; then
+    OPTS="$OPTS --with-ncurses"
+  fi &&
+
+  if [ "$USE_FASTCGI" == "y" ]; then
+    OPTS="$OPTS --enable-fastcgi"
+  fi &&
+
+  if [ "$USE_MBYTESTR" == "y" ]; then
+    OPTS="$OPTS --enable-mbstring"
+  fi &&
+
+  if [ "$USE_MBYTEREGEX" == "n" ]; then
+    OPTS="$OPTS --disable-mbregex"
+  fi &&
+
+  if module_installed apache || module_installed apache-mod_ssl ; then
+    OPTS="$OPTS --with-apxs=/usr/sbin/apxs"
+  elif module_installed apache2 ; then
+    OPTS="$OPTS --with-apxs2=/usr/sbin/apxs"
+  fi &&
+
+  if [ -s /etc/httpsd/httpd.conf ] ; then
+    cp /etc/httpsd/httpd.conf /etc/httpsd/httpd.conf.`date +%Y%m%d`
+  fi &&
+
+  if [ -s /etc/httpd/httpd.conf ] ; then
+    cp /etc/httpd/httpd.conf /etc/httpd/httpd.conf.`date +%Y%m%d`
+  fi &&
+
+  # sedit "s:^:#include <errno.h>\n:" ext/mysql/libmysql/mysys_err.h &&
+
+  verbose_msg "OPTS=$OPTS" &&
+  ./configure  --prefix=/usr                 \
+               --sysconfdir=/etc             \
+               --with-config-file-path=/etc  \
+               --enable-suhosin              \
+               --enable-dbase                \
+               --enable-dbx                  \
+               --enable-dio                  \
+               --with-readline               \
+               --with-zlib=/usr              \
+               --enable-force-cgi-redirect   \
+               --enable-discard-path         \
+               $OPTS                        &&
+  default_make
+
+) > $C_FIFO 2>&1

Added: moonbase/trunk/compilers/php5-suhosin/CONFIGURE
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/CONFIGURE	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/CONFIGURE	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,13 @@
+mquery USE_PATCH "[SUHOSIN] Do you want to use the PHP core patch?" y
+mquery USE_IMAP "Install imap support?" y
+mquery USE_REGGLOBALS "Enable global variable support (potential security risk)?" n
+mquery USE_FTP "Install ftp support?" y
+mquery USE_SESSIONID "Enable transparent session id?" y
+mquery USE_SQLITE "Enable UTF-8 support for SQLite?" y
+mquery USE_SOCKETS "Enable sockets support (experimental)?" y
+mquery USE_NCURSES "Enable ncurses support (experimental)?" y
+if module_installed lighttpd; then
+  mquery USE_FASTCGI "Build FastCGI version (required by lighttpd)?" y
+fi
+mquery USE_MBYTESTR "Enable multibyte string support?" n
+mquery USE_MBYTEREGEX "Enable multibyte regular expression functions?" n

Added: moonbase/trunk/compilers/php5-suhosin/CONFLICTS
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/CONFLICTS	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/CONFLICTS	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,3 @@
+conflicts php  &&
+conflicts php5
+

Added: moonbase/trunk/compilers/php5-suhosin/DEPENDS
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/DEPENDS	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/DEPENDS	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,105 @@
+depends  readline  &&
+depends  libxml2   &&
+
+optional_depends  "aspell"                      \
+                  "--with-pspell"               \
+                  ""                            \
+                  "for spelling functions"      &&
+
+optional_depends  "mhash"                       \
+                  "--with-mhash"                \
+                  ""                            \
+                  "for hash functions support"  &&
+
+optional_depends  "mcrypt"                      \
+                  "--with-mcrypt"               \
+                  ""                            \
+                  "for crypto library"          &&
+
+optional_depends  "gmp"                         \
+                  "--with-gmp"                  \
+                  ""                            \
+                  "GNU math lib support"        &&
+
+optional_depends  "openssl"                     \
+                  "--with-openssl"              \
+                  ""                            \
+                  "for OpenSSL support"         &&
+
+optional_depends  "gettext"                     \
+                  "--with-gettext"              \
+                  ""                            \
+                  "for GNU gettext support"     &&
+    
+optional_depends  "db"                          \
+                  "--with-db4"                  \
+                  ""                            \
+                  "for Berkeley DB4 support"    &&
+
+optional_depends  "gdbm"                        \
+                  "--with-gdbm"                 \
+		  ""                            \
+		  "for GNU dbm support"         &&
+
+optional_depends  "sqlite"                      \
+                  "--with-pdo-sqlite=/usr"      \
+                  ""                            \
+                  "for PDO SQLite support"      &&
+
+optional_depends  "postgresql"                  \
+                  "--with-pgsql=/usr"           \
+                  ""                            \
+                  "for Postgresql support"      &&
+    
+optional_depends  "mysql"                       \
+                  "--with-mysql=/usr"           \
+                  ""                            \
+                  "for native MySQL support"    &&
+
+optional_depends  "freetds"                     \
+                  "--with-sybase=/usr"          \
+                  ""                            \
+                  "for SyBase support"          &&
+
+optional_depends  "freetype2"                   \
+                  "--with-freetype-dir=/usr"    \
+                  ""                            \
+                  "for freetype2 support"       &&
+
+optional_depends  "pdflib"                      \
+                  "--with-pdflib"               \
+                  ""                            \
+                  "for pdflib support"          &&
+
+optional_depends  "gd"                          \
+                  "--with-gd                    \
+                   --enable-gd-native-ttf       \
+                   --with-jpeg-dir=/usr         \
+                   --with-png-dir=/usr"         \
+                  ""                            \
+                   "for on the fly graphics"    &&
+
+optional_depends  "curl"                        \
+                  "--with-curl"                 \
+		  ""                            \
+		  "for curl support"            &&
+
+optional_depends  "ming"                        \
+                  "--with-ming"                 \
+		  "--without-ming"              \
+		  "dynamic FLASH generation"    &&
+
+optional_depends  "expat"                       \
+                  "--with-expat-dir=/usr"       \
+                  ""                            \
+                  "for expat xml support"       &&
+
+optional_depends  "libxslt"                     \
+		  "--with-xsl=/usr"             \
+		  ""                            \
+		  "for DOM Xslt support"        &&
+
+optional_depends  "openldap"                    \
+                  "--with-ldap"                 \
+		  ""                            \
+		  "For ldap support"

Added: moonbase/trunk/compilers/php5-suhosin/DETAILS
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/DETAILS	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/DETAILS	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,42 @@
+          MODULE=php5-suhosin
+     PHP_VERSION=5.2.0
+     SUHOSIN_VER=0.9.16
+    SUHOSIN_PVER=0.9.6.2
+         VERSION=$PHP_VERSION-$SUHOSIN_VER
+    IMAP_VERSION=2004g
+SOURCE_DIRECTORY=$BUILD_DIRECTORY/php-$PHP_VERSION
+          SOURCE=php-$PHP_VERSION.tar.bz2
+   SOURCE_URL[0]=http://www.php.net/distributions/
+   SOURCE_URL[1]=http://uk2.php.net/distributions/
+   SOURCE_URL[2]=http://us2.php.net/distributions/
+   SOURCE_URL[3]=http://uk.php.net/distributions/
+   SOURCE_URL[4]=http://nl.php.net/distributions/
+   SOURCE_URL[5]=http://de.php.net/distributions/
+   SOURCE_URL[6]=http://fr.php.net/distributions/
+         SOURCE2=imap-$IMAP_VERSION.tar.Z
+  SOURCE2_URL[0]=ftp://ftp.cac.washington.edu/imap/
+  SOURCE2_URL[1]=ftp://ftp.cac.washington.edu/imap/old/
+         SOURCE3=suhosin-$SUHOSIN_VER.tgz
+         SOURCE4=suhosin-patch-$PHP_VERSION-$SUHOSIN_PVER.patch.gz
+     SOURCE3_URL=http://www.hardened-php.net/suhosin/_media/
+     SOURCE4_URL=http://www.hardened-php.net/suhosin/_media/
+      SOURCE_VFY=sha1:6306829b1b252156ca3a936ec809aba89a71d9e1
+     SOURCE2_VFY=sha1:791a8bb247ca51ce0a4c32e814a2f736c2bcf066
+     SOURCE3_VFY=sha1:c0b1e92ba7a60853775e2441159f23af36d73c75
+     SOURCE4_VFY=sha1:01f5f23a8c087d5ad5c2e7e464f9f3bf36e8578a
+        WEB_SITE=http://www.hardened-php.net/suhosin/index.html
+      MAINTAINER=striker at lunar-linux.org
+         ENTERED=20061219
+         UPDATED=20061219
+           SHORT="Suhosin is an advanced protection system for PHP"
+
+cat << EOF
+Suhosin is an advanced protection system for PHP installations. It was
+designed to protect servers and users from known and unknown flaws in
+PHP applications and the PHP core. Suhosin comes in two independent
+parts, that can be used separately or in combination. The first part
+is a small patch against the PHP core, that implements a few low-level
+protections against bufferoverflows or format string vulnerabilities
+and the second part is a powerful PHP extension that implements all
+the other protections.
+EOF

Added: moonbase/trunk/compilers/php5-suhosin/POST_INSTALL
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/POST_INSTALL	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/POST_INSTALL	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,26 @@
+
+# prototype AddType definition for apache2
+if [ -f /etc/httpd/conf/httpd.conf ] ; then
+  if ! grep -q "x-httpd-php" /etc/httpd/conf/httpd.conf ; then
+    cat >> /etc/httpd/conf/httpd.conf << EOF
+
+# AddType required for php to work:
+AddType  application/x-httpd-php         .php .php5 .php4 .php3 .phtml
+AddType  application/x-httpd-php-source  .phps
+
+EOF
+  fi
+fi
+
+if [ ! -e /etc/php.ini ] ; then
+  cp $SOURCE_DIRECTORY/php.ini-dist /etc/php.ini
+fi
+
+case  $REGGLOBALS  in
+  y|Y)
+    sedit "s/register_globals = Off/register_globals = On/" /etc/php.ini
+    ;;
+    *) true
+    ;;
+esac
+

Added: moonbase/trunk/compilers/php5-suhosin/POST_REMOVE
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/POST_REMOVE	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/POST_REMOVE	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,26 @@
+if  module_installed  apache;  then
+
+  cp        /etc/httpd/httpd.conf       /tmp/httpd.conf
+  grep  -v  "LoadModule php5_module"    /tmp/httpd.conf  |
+  grep  -v  "AddModule mod_php5.c"   >  /etc/httpd/httpd.conf
+  rm    -f  /tmp/httpd.conf
+  /usr/sbin/apachectl  graceful
+
+elif  module_installed  apache_mod_ssl;  then
+
+  cp        /etc/httpsd/httpd.conf      /tmp/httpd.conf
+  grep  -v  "LoadModule php5_module"    /tmp/httpd.conf  |
+  grep  -v  "AddModule mod_php5.c"   >  /etc/httpsd/httpd.conf
+  rm    -f  /tmp/httpd.conf
+  /etc/init.d/apache_modssl.sh  restart
+
+elif  module_installed  apache2;  then
+
+  cp        /etc/httpd/httpd.conf       /tmp/httpd.conf
+  grep  -v  "LoadModule php5_module"    /tmp/httpd.conf  |
+  grep  -v  "AddType  application/x-httpd-php"   >  /etc/httpd/httpd.conf
+  rm    -f  /tmp/httpd.conf
+  /usr/sbin/apachectl  graceful
+
+fi
+

Added: moonbase/trunk/compilers/php5-suhosin/PRE_BUILD
===================================================================
--- moonbase/trunk/compilers/php5-suhosin/PRE_BUILD	                        (rev 0)
+++ moonbase/trunk/compilers/php5-suhosin/PRE_BUILD	2006-12-19 23:05:43 UTC (rev 22672)
@@ -0,0 +1,13 @@
+(
+
+  default_pre_build               &&
+  cd $SOURCE_DIRECTORY/ext        &&
+  unpack $SOURCE3                 &&
+  mv suhosin-$SUHOSIN_VER suhosin &&
+  mv package.xml suhosin          
+#  cd ..                           &&
+#  patch_it $SOURCE4 1             &&
+#  false
+
+)
+



More information about the Lunar-commits mailing list