ports/145635: [patch] port security/base update to 1.4.5
olli hauer
ohauer at gmx.de
Sun Apr 11 22:50:01 UTC 2010
>Number: 145635
>Category: ports
>Synopsis: [patch] port security/base update to 1.4.5
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sun Apr 11 22:50:00 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: olli hauer <ohauer at gmx.de>
>Release:
>Organization:
>Environment:
7.3-RELEASE, php5-5.3.2
>Description:
Update security/base to version 1.4.5.
base 1.4.4 is broken with php5-5.3.x, I spend some time patching 1.4.4 but recognized there is a new version ;)
the new version is not perfect, has many deprecated calls to ereg/ereg_replace which I replaced with preg/preg_replace.
additional I replaced the adodb port with adodb5, since adodb is even more or less broken with php5-5.3.
since graphics/pear-Image_Graph does not work correct with php5-5.3.x graphs can not be created.
Note:
I have not found all issues until now, but the basic functionality is working again (for me).
Please confirm the patches, I'm not a PHP coder!
>How-To-Repeat:
>Fix:
--- patch_security_base.txt begins here ---
diff -Nru base/Makefile base/Makefile
--- base/Makefile 2009-09-17 23:16:19.000000000 +0200
+++ base/Makefile 2010-04-11 22:34:49.000000000 +0200
@@ -6,14 +6,14 @@
#
PORTNAME= base
-PORTVERSION= 1.4.4
+PORTVERSION= 1.4.5
CATEGORIES= security
MASTER_SITES= SF/secureideas/BASE/${PORTNAME}-${PORTVERSION}
MAINTAINER= miwi at FreeBSD.org
COMMENT= Basic Analysis and Security Engine - analyzing Snort alerts
-RUN_DEPENDS= ${ADODB_DIR}/adodb.inc.php:${PORTSDIR}/databases/adodb \
+RUN_DEPENDS= ${ADODB_DIR}/adodb.inc.php:${PORTSDIR}/databases/adodb5 \
${LOCALBASE}/share/pear/Image/Graph.php:${PORTSDIR}/graphics/pear-Image_Graph \
${LOCALBASE}/share/pear/Mail.php:${PORTSDIR}/mail/pear-Mail \
${LOCALBASE}/share/pear/Mail/mime.php:${PORTSDIR}/mail/pear-Mail_Mime
diff -Nru base/distinfo base/distinfo
--- base/distinfo 2009-09-17 23:16:19.000000000 +0200
+++ base/distinfo 2010-04-11 22:26:04.000000000 +0200
@@ -1,3 +1,3 @@
-MD5 (base-1.4.4.tar.gz) = bb8c10cf033113585155c6fa4c77c9cb
-SHA256 (base-1.4.4.tar.gz) = 5a5e5a1b2b20efca2fe7f57edfacf78a92aeea60f4f5c4f3b49af7dcdb37639d
-SIZE (base-1.4.4.tar.gz) = 966138
+MD5 (base-1.4.5.tar.gz) = 2ce7de089b7b860f8230731f94a02044
+SHA256 (base-1.4.5.tar.gz) = 23910f5277ceb43398442074e444182941bf7f6da85efd84ecdd0cf62c4b8935
+SIZE (base-1.4.5.tar.gz) = 958567
diff -Nru base/files/patch-base_graph_display.php base/files/patch-base_graph_display.php
--- base/files/patch-base_graph_display.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-base_graph_display.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,35 @@
+--- ./base_graph_display.php.orig 2010-03-05 16:06:17.000000000 +0100
++++ ./base_graph_display.php 2010-04-11 23:52:13.000000000 +0200
+@@ -320,27 +320,27 @@
+
+ // special case '"I0" => "private network (rfc 1918)"' and
+ // '"** (private network) " => "private network (rfc 1918)"'
+- if (ereg("rfc 1918", $tmp, $substring) || (ereg("[*][*] \(private network\) ", $tmp_lower, $substring)))
++ if (preg_match("/rfc 1918/", $tmp, $substring) || (preg_match("/[*][*] \(private network\) /", $tmp_lower, $substring)))
+ {
+ $Dataset->addPoint("private network (rfc 1918)", $xdata[$i][1]);
+ }
+ // special case '?? (Not Found) ' => 'unknown'
+- elseif(ereg("[?][?][ \t]+\(Not Found\)[ \t]*", $tmp, $substring))
++ elseif(preg_match("/[?][?][ \t]+\(Not Found\)[ \t]*/", $tmp, $substring))
+ {
+ $Dataset->addPoint("unknown", $xdata[$i][1]);
+ }
+ // anything inside parentheses, following a 2-letter TLD:
+- elseif (ereg("^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$", $tmp, $substring))
++ elseif (preg_match("/^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$/", $tmp, $substring))
+ {
+ $Dataset->addPoint($substring[1], $xdata[$i][1]);
+ }
+ // anything after two-letter top level domain names and after one space or tab:
+- elseif (ereg("[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)", $tmp, $substring))
++ elseif (preg_match("/[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)/", $tmp, $substring))
+ {
+ $Dataset->addPoint($substring[1], $xdata[$i][1]);
+ }
+ // two-letter top level domain names right at the beginning:
+- elseif (ereg("[ \t]*([-a-zA-Z0-9]{2})[ \t]", $tmp_lower, $substring))
++ elseif (preg_match("/[ \t]*([-a-zA-Z0-9]{2})[ \t]/", $tmp_lower, $substring))
+ {
+ $Dataset->addPoint($substring[1], $xdata[$i][1]);
+ }
diff -Nru base/files/patch-base_qry_common.php base/files/patch-base_qry_common.php
--- base/files/patch-base_qry_common.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-base_qry_common.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,16 @@
+--- ./base_qry_common.php.orig 2010-03-05 16:06:17.000000000 +0100
++++ ./base_qry_common.php 2010-04-11 23:52:13.000000000 +0200
+@@ -773,10 +773,10 @@
+ }
+ }
+ /* if have chosen the address type to be both source and destination */
+- if ( ereg("ip_both", $tmp) )
++ if ( preg_match("/ip_both/", $tmp) )
+ {
+- $tmp_src = ereg_replace("ip_both","ip_src",$tmp);
+- $tmp_dst = ereg_replace("ip_both","ip_dst",$tmp);
++ $tmp_src = preg_replace("/ip_both/","ip_src",$tmp);
++ $tmp_dst = preg_replace("/ip_both/","ip_dst",$tmp);
+
+ if ( $ip_addr[$i][2] == '=' )
+ $tmp = "(".$tmp_src.') OR ('.$tmp_dst.')';
diff -Nru base/files/patch-base_qry_sqlcalls.php base/files/patch-base_qry_sqlcalls.php
--- base/files/patch-base_qry_sqlcalls.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-base_qry_sqlcalls.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,14 @@
+--- ./base_qry_sqlcalls.php.orig 2010-03-05 16:06:17.000000000 +0100
++++ ./base_qry_sqlcalls.php 2010-04-11 23:52:13.000000000 +0200
+@@ -259,9 +259,9 @@
+ $line = split (" ", $current_sig_txt);
+ foreach ($line as $ps_element)
+ {
+- if ( ereg("[0-9]*\.[0-9]*\.[0-9]*\.[0-9]", $ps_element) )
++ if ( preg_match("/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]/", $ps_element) )
+ {
+- $ps_element = ereg_replace (":", "", $ps_element);
++ $ps_element = preg_replace ("/:/", "", $ps_element);
+ qroPrintEntry("<A HREF=\"base_stat_ipaddr.php?ip=".$ps_element."&netmask=32\">".
+ $ps_element."</A>");
+ }
diff -Nru base/files/patch-base_stat_ipaddr.php base/files/patch-base_stat_ipaddr.php
--- base/files/patch-base_stat_ipaddr.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-base_stat_ipaddr.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,38 @@
+--- ./base_stat_ipaddr.php.orig 2010-03-05 16:06:17.000000000 +0100
++++ ./base_stat_ipaddr.php 2010-04-11 23:52:13.000000000 +0200
+@@ -135,7 +135,7 @@
+ print "</PRE><BR>\n";
+ */
+
+- if(ereg($ip, $contents)) {
++ if(preg_match("/$ip/", $contents)) {
+ $total++;
+ if( $total % 2 == 0 ) {
+ $color="DDDDDD";
+@@ -143,7 +143,7 @@
+ $color="FFFFFF";
+ }
+
+- $contents = ereg_replace(" ", " ", $contents);
++ $contents = preg_replace("/ /", " ", $contents);
+ $elements = explode(" ", $contents);
+
+ echo '<tr bgcolor="'.$color.'"><td align="center">'.
+@@ -183,7 +183,7 @@
+ print "</PRE></TD>";
+
+ /*
+- ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[3],$store);
++ preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[3],$store);
+ $source_ip = $store[1];
+ $source_port = $store[2];
+ if (empty($source_ip))
+@@ -197,7 +197,7 @@
+ echo '<td align="center">' . $source_ip . '</td>';
+ echo '<td align="center">' . $source_port . '</td>';
+
+- ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[5],$store);
++ preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[5],$store);
+ $destination_ip = $store[1];
+ $destination_port = $store[2];
+ if (empty($destination_ip))
diff -Nru base/files/patch-includes__base_db.inc.php base/files/patch-includes__base_db.inc.php
--- base/files/patch-includes__base_db.inc.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-includes__base_db.inc.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,11 @@
+--- ./includes/base_db.inc.php.orig 2010-03-05 16:06:18.000000000 +0100
++++ ./includes/base_db.inc.php 2010-04-11 23:52:13.000000000 +0200
+@@ -209,7 +209,7 @@
+ /* ** Begin DB specific SQL fix-up ** */
+ if ($this->DB_type == "mssql")
+ {
+- $sql = eregi_replace("''", "NULL", $sql);
++ $sql = preg_replace("/''/i", "NULL", $sql);
+ }
+
+ if ($this->DB_type == "oci8")
diff -Nru base/files/patch-includes__base_net.inc.php base/files/patch-includes__base_net.inc.php
--- base/files/patch-includes__base_net.inc.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-includes__base_net.inc.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,11 @@
+--- ./includes/base_net.inc.php.orig 2010-03-05 16:06:18.000000000 +0100
++++ ./includes/base_net.inc.php 2010-04-11 23:52:13.000000000 +0200
+@@ -391,7 +391,7 @@
+ $line = explode(" ", $response_l[$i]);
+ for ($j=0; $j < sizeof($line); $j++ )
+ {
+- if ( eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $line[$j]) )
++ if ( preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $line[$j]) )
+ {
+ if ( $email == "" )
+ $email = $line[$j];
diff -Nru base/files/patch-includes__base_signature.inc.php base/files/patch-includes__base_signature.inc.php
--- base/files/patch-includes__base_signature.inc.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-includes__base_signature.inc.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,11 @@
+--- ./includes/base_signature.inc.php.orig 2010-03-05 16:06:18.000000000 +0100
++++ ./includes/base_signature.inc.php 2010-04-11 23:52:13.000000000 +0200
+@@ -139,7 +139,7 @@
+ {
+ if ($tmp_ref_system_name == "snort")
+ {
+- if (ereg("([0-9]+):([0-9]+)", $ref_tag, $backref))
++ if (preg_match("/([0-9]+):([0-9]+)/", $ref_tag, $backref))
+ {
+ if ($backref[1] == "1")
+ {
diff -Nru base/files/patch-includes__base_state_citems.inc.php base/files/patch-includes__base_state_citems.inc.php
--- base/files/patch-includes__base_state_citems.inc.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-includes__base_state_citems.inc.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,11 @@
+--- ./includes/base_state_citems.inc.php.orig 2010-03-05 16:06:18.000000000 +0100
++++ ./includes/base_state_citems.inc.php 2010-04-11 23:52:13.000000000 +0200
+@@ -963,7 +963,7 @@
+ for ( $i = 0; $i < $this->criteria_cnt; $i++ )
+ {
+ if ( (isset ($this->criteria[$i][3])) &&
+- (ereg("([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)", $this->criteria[$i][3])) )
++ (preg_match("/([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)/", $this->criteria[$i][3])) )
+ {
+ $tmp_ip_str = $this->criteria[$i][7] = $this->criteria[$i][3];
+ $this->criteria[$i][3] = strtok($tmp_ip_str, ".");
diff -Nru base/files/patch-includes__base_state_common.inc.php base/files/patch-includes__base_state_common.inc.php
--- base/files/patch-includes__base_state_common.inc.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-includes__base_state_common.inc.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,11 @@
+--- ./includes/base_state_common.inc.php.orig 2010-03-05 16:06:18.000000000 +0100
++++ ./includes/base_state_common.inc.php 2010-04-11 23:52:13.000000000 +0200
+@@ -181,7 +181,7 @@
+ if ( ($valid_data & VAR_SCORE) > 0 )
+ $regex_mask = $regex_mask . "\-";
+
+- return ereg_replace("[^".$regex_mask."]", "", $item);
++ return preg_replace("/[^".$regex_mask."]/", "", $item);
+ }
+
+ /* ***********************************************************************
diff -Nru base/files/patch-includes__base_state_criteria.inc.php base/files/patch-includes__base_state_criteria.inc.php
--- base/files/patch-includes__base_state_criteria.inc.php 1970-01-01 01:00:00.000000000 +0100
+++ base/files/patch-includes__base_state_criteria.inc.php 2010-04-11 23:52:39.000000000 +0200
@@ -0,0 +1,11 @@
+--- ./includes/base_state_criteria.inc.php.orig 2010-03-05 16:06:18.000000000 +0100
++++ ./includes/base_state_criteria.inc.php 2010-04-11 23:52:13.000000000 +0200
+@@ -252,7 +252,7 @@
+ if ( isset($_POST['current_view']) ) $query_string .= "¤t_view=".$_POST['current_view'];
+ if ( isset($_POST['submit']) ) $query_string .= "&submit=".$_POST['submit'];
+
+- $query_string = ereg_replace("back=1&", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
++ $query_string = preg_replace("/back=1&/", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER));
+
+ ++$_SESSION['back_list_cnt'];
+ $_SESSION['back_list'][$_SESSION['back_list_cnt']] =
--- patch_security_base.txt ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list