ports/187669: [MAINTAINER] security/pecl-scrypt: security improvements
Horia Racoviceanu
horia at racoviceanu.com
Mon Mar 17 18:10:02 UTC 2014
>Number: 187669
>Category: ports
>Synopsis: [MAINTAINER] security/pecl-scrypt: security improvements
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 17 18:10:02 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Horia Racoviceanu
>Release: 9.2-RELEASE
>Organization:
>Environment:
FreeBSD aitch 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Fri Sep 27 03:52:52 UTC 2013 root at bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386
>Description:
>How-To-Repeat:
>Fix:
- Bump PORTREVISION
- Change License from BSD to BSD2CLAUSE
- Add USES=compiler, REINPLACE is only needed for gcc
- Add DOCS to Options
- Add DOCSDIR
- Add BUFFER_OVERFLOW_PROTECTION to Options
- Strip library
Patch attached with submission follows:
Index: Makefile
===================================================================
--- Makefile (revision 348441)
+++ Makefile (working copy)
@@ -3,6 +3,7 @@
PORTNAME= scrypt
PORTVERSION= 1.2
+PORTREVISION= 1
CATEGORIES= security pear
MASTER_SITES= http://pecl.php.net/get/
PKGNAMEPREFIX= pecl-
@@ -11,17 +12,39 @@
MAINTAINER= horia at racoviceanu.com
COMMENT= PHP wrapper to Colin Percival's scrypt implementation
-LICENSE= BSD
+LICENSE= BSD2CLAUSE
+USES= compiler
USE_PHP= hash
USE_PHPEXT= yes
USE_PHP_BUILD= yes
+DOCSDIR= ${PREFIX}/share/doc/${PKGNAMEPREFIX}${PORTNAME}
+PORTDOCS= README.md
+
+OPTIONS_DEFINE= DOCS
+OPTIONS_DEFAULT=STACKPROTECTOR
+
+OPTIONS_RADIO= BUFFER_OVERFLOW_PROTECTION
+OPTIONS_RADIO_BUFFER_OVERFLOW_PROTECTION= STACKPROTECTOR STACKPROTECTORALL
+
+STACKPROTECTOR_DESC= Protect functions with vulnerable objects
+STACKPROTECTORALL_DESC= Protect all functions
+
+STACKPROTECTOR_CFLAGS= -fstack-protector
+STACKPROTECTORALL_CFLAGS= -fstack-protector-all
+
.include <bsd.port.pre.mk>
-.if ${ARCH} != amd64
+.if ${ARCH} != amd64 && ${COMPILER_TYPE} == gcc
post-patch:
${REINPLACE_CMD} '/emmintrin.h/d' ${WRKSRC}/config.m4
.endif
+post-install:
+ ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/php/${PHP_EXT_DIR}/${PORTNAME}.so
+
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+
.include <bsd.port.post.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list