Update the Suhosin extension to 0.9.33 fixing CVE-2012-0807.

Stack overflow, only affects a very specific and unusual non-default configuration: transparent cookie encryption enabled, HTTP response splitting protection disabled, *and* a PHP application must allow unfiltered user input to header() in order to be affected. Good write-up at http://seclists.org/fulldisclosure/2012/Jan/295 ok robert@
2012-01-25 11:17:22 +00:00 · 2012-01-25 11:17:22 +00:00 · 7ed8f39ef4
commit 7ed8f39ef4
parent 615af0852a
5 changed files with 21 additions and 19 deletions
--- a/lang/php/5.2/Makefile
+++ b/lang/php/5.2/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.20 2012/01/21 23:34:35 sthen Exp $
+# $OpenBSD: Makefile,v 1.21 2012/01/25 11:17:22 sthen Exp $

 # doesn't set USE_LIBTOOL but use the bundled one because it needs some
 # specific options we don't have.
@ -9,8 +9,8 @@ SUHOSIN_PHPV=	5.2.16
 SUHOSIN_P_V=	0.9.7

 REVISION=		4
-REVISION-main=		7
-REVISION-fastcgi=	7
+REVISION-main=		8
+REVISION-fastcgi=	8
 REVISION-snmp=		5
 REVISION-gd=		5

--- a/lang/php/5.2/distinfo
+++ b/lang/php/5.2/distinfo
@ -1,15 +1,15 @@
 MD5 (php-5.2.17.tar.gz) = BNMh1a6506BRIz29JCIO8Q==
-MD5 (suhosin-0.9.32.1.tar.gz) = JqhvD2hKZWw+eJ4+tOwdsw==
+MD5 (suhosin-0.9.33.tgz) = DOSYoCqCgeQnTqjjkMK0hw==
 MD5 (suhosin-patch-5.2.16-0.9.7.patch.gz) = 2BX8maDCXCH13yhVH8uwAQ==
 RMD160 (php-5.2.17.tar.gz) = bEdlNlRfCa/MtAHcNd4vjcxYxRE=
-RMD160 (suhosin-0.9.32.1.tar.gz) = YYTu8za509XIhafR3L8g2XsFXo0=
+RMD160 (suhosin-0.9.33.tgz) = nGC2lbIm3cvlVisVdiKHgBI+s3I=
 RMD160 (suhosin-patch-5.2.16-0.9.7.patch.gz) = sotw+vE2s+BMW0g9oPTCJ5N49Do=
 SHA1 (php-5.2.17.tar.gz) = W6fty16hh2hwAcTM27lKxI93+pI=
-SHA1 (suhosin-0.9.32.1.tar.gz) = k/yx1flmkcTFCAihTdPW1Lv+pFE=
+SHA1 (suhosin-0.9.33.tgz) = q7MMIuf+NBlVtC7HHtWXxDQ54rg=
 SHA1 (suhosin-patch-5.2.16-0.9.7.patch.gz) = /sELK4FYLQa7DQqW6lXFJa/Iqyk=
 SHA256 (php-5.2.17.tar.gz) = Gr4Hwf3WQYRwijuheavPzKVmKk4NIDfrJ0i3WrxC52c=
-SHA256 (suhosin-0.9.32.1.tar.gz) = 0oOry9GAPqoRu9kctarnJ7K7qzoAod6FEPhdjMWY5JA=
+SHA256 (suhosin-0.9.33.tgz) = hlsccrrppacQ/gsHoGNVVs5sg4ZT7DZNKipub1lFKcU=
 SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = quEVoxjYCz8yzt+HbnqOS5Mv67Gwx0PAs5gAPr4SL5E=
 SIZE (php-5.2.17.tar.gz) = 11801597
-SIZE (suhosin-0.9.32.1.tar.gz) = 119117
+SIZE (suhosin-0.9.33.tgz) = 104488
 SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069
--- a/lang/php/5.3/Makefile
+++ b/lang/php/5.3/Makefile
@ -1,10 +1,12 @@
-# $OpenBSD: Makefile,v 1.21 2012/01/25 10:03:40 sthen Exp $
+# $OpenBSD: Makefile,v 1.22 2012/01/25 11:17:22 sthen Exp $

 PV=		5.3
 V=		${PV}.9
 SUHOSIN_PHPV=	${V}
 SUHOSIN_P_V=	0.9.10
-REVISION-main=	0
+REVISION-main=	1
+REVISION-fastcgi= 1
+REVISION-fpm=	0

 INI_TEMPLATES=	development production

--- a/lang/php/5.3/distinfo
+++ b/lang/php/5.3/distinfo
@ -1,15 +1,15 @@
 MD5 (php-5.3.9.tar.gz) = x543TGFCO+tkpp2h61Umtw==
-MD5 (suhosin-0.9.32.1.tar.gz) = JqhvD2hKZWw+eJ4+tOwdsw==
+MD5 (suhosin-0.9.33.tgz) = DOSYoCqCgeQnTqjjkMK0hw==
 MD5 (suhosin-patch-5.3.9-0.9.10.patch.gz) = wJmz1+rJUBirq9Qd7X8wZg==
 RMD160 (php-5.3.9.tar.gz) = Sx/y86oFPWnwiLt/CK3qKmr7s6I=
-RMD160 (suhosin-0.9.32.1.tar.gz) = YYTu8za509XIhafR3L8g2XsFXo0=
+RMD160 (suhosin-0.9.33.tgz) = nGC2lbIm3cvlVisVdiKHgBI+s3I=
 RMD160 (suhosin-patch-5.3.9-0.9.10.patch.gz) = zkOSH9mxg7FUcT7NqYKU9saNXyI=
 SHA1 (php-5.3.9.tar.gz) = vGf2c+/9nli/Mo8TiYKXNGrNT+M=
-SHA1 (suhosin-0.9.32.1.tar.gz) = k/yx1flmkcTFCAihTdPW1Lv+pFE=
+SHA1 (suhosin-0.9.33.tgz) = q7MMIuf+NBlVtC7HHtWXxDQ54rg=
 SHA1 (suhosin-patch-5.3.9-0.9.10.patch.gz) = e571w+CDEVTfDWKQq6CYnKkBOO0=
 SHA256 (php-5.3.9.tar.gz) = QkxjEqsj0fiwE1zVLCwIBU0e6bIWkeXKPrsHdWcLeu4=
-SHA256 (suhosin-0.9.32.1.tar.gz) = 0oOry9GAPqoRu9kctarnJ7K7qzoAod6FEPhdjMWY5JA=
+SHA256 (suhosin-0.9.33.tgz) = hlsccrrppacQ/gsHoGNVVs5sg4ZT7DZNKipub1lFKcU=
 SHA256 (suhosin-patch-5.3.9-0.9.10.patch.gz) = RDjK6rChDGyUrun36qcD9Xmfl9TgV59DqUe7cxTjgxc=
 SIZE (php-5.3.9.tar.gz) = 15390277
-SIZE (suhosin-0.9.32.1.tar.gz) = 119117
+SIZE (suhosin-0.9.33.tgz) = 104488
 SIZE (suhosin-patch-5.3.9-0.9.10.patch.gz) = 40967
--- a/lang/php/Makefile.inc
+++ b/lang/php/Makefile.inc
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.25 2012/01/21 23:34:35 sthen Exp $
+# $OpenBSD: Makefile.inc,v 1.26 2012/01/25 11:17:22 sthen Exp $

 # This port currently only works with archs supporting dynamic loading
 # and has Apache that supports DSO's.
@ -18,7 +18,7 @@ CATEGORIES=		lang www
 MAINTAINER=		Robert Nagy <robert@openbsd.org>
 HOMEPAGE=		http://www.php.net/

-SUHOSIN_V=		0.9.32.1
+SUHOSIN_V=		0.9.33
 SUHOSIN_PHPV?=		${V}

 MASTER_SITES=		http://us2.php.net/distributions/ \
@ -319,10 +319,10 @@ RUN_DEPENDS-main=	${MODGETTEXT_RUN_DEPENDS} \
 LIB_DEPENDS-fastcgi=	${LIB_DEPENDS-main}

 .if ${FLAVOR:L:Mno_suhosin}
-SUPDISTFILES=		suhosin-${SUHOSIN_V}.tar.gz:0 \
+SUPDISTFILES=		suhosin-${SUHOSIN_V}.tgz:0 \
 			suhosin-patch-${SUHOSIN_PHPV}-${SUHOSIN_P_V}.patch.gz:0
 .else
-DISTFILES+=		suhosin-${SUHOSIN_V}.tar.gz:0
+DISTFILES+=		suhosin-${SUHOSIN_V}.tgz:0
 PATCHFILES=		suhosin-patch-${SUHOSIN_PHPV}-${SUHOSIN_P_V}.patch.gz:0
 PATCH_DIST_STRIP=	-p1
 CONFIGURE_ARGS+=	--enable-suhosin