- Update suPHP to 0.7.2

- Document possible privilege escalation

Approved by:	maintainer timeout
Security:	2fbfd455-f2d0-11e2-8a46-000d601460a4

3 files changed, 43 insertions, 9 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 2226e8b61a89..fc098cba3542 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -51,6 +51,42 @@ Note:  Please add new entries to the beginning of this file.
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="2fbfd455-f2d0-11e2-8a46-000d601460a4">
+    <topic>suPHP -- Privilege escalation</topic>
+    <affects>
+      <package>
+	<name>suphp</name>
+	<range><lt>0.7.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>suPHP developer Sebastian Marsching reports:</p>
+	<blockquote cite="https://lists.marsching.com/pipermail/suphp/2013-May/002552.html">
+	  <p>When the suPHP_PHPPath was set, mod_suphp would use the specified PHP
+	    executable to pretty-print PHP source files (MIME type
+	    x-httpd-php-source or application/x-httpd-php-source).
+
+	    However, it would not sanitize the environment. Thus a user that was
+	    allowed to use the SetEnv directive in a .htaccess file (AllowOverride
+	    FileInfo) could make PHP load a malicious configuration file (e.g.
+	    loading malicious extensions).
+
+	    As the PHP process for highlighting the source file was run with the
+	    privileges of the user Apache HTTPd was running as, a local attacker
+	    could probably execute arbitrary code with the privileges of this user.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://lists.marsching.com/pipermail/suphp/2013-May/002552.html</url>
+    </references>
+    <dates>
+      <discovery>2013-05-20</discovery>
+      <entry>2013-07-22</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="ca4d63fb-f15c-11e2-b183-20cf30e32f6d">
     <topic>apache24 -- several vulnerabilities</topic>
     <affects>
diff --git a/www/suphp/Makefile b/www/suphp/Makefile
index 714330321d9f..d76f5ca26ca9 100644
--- a/www/suphp/Makefile
+++ b/www/suphp/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	suphp
-PORTVERSION=	0.7.1
-PORTREVISION=	5
+PORTVERSION=	0.7.2
 CATEGORIES=	www
 MASTER_SITES=	http://www.suphp.org/download/ \
 		${MASTER_SITE_LOCAL:S|%SUBDIR%|koitsu|}
@@ -12,7 +11,8 @@ MAINTAINER=	yzlin@FreeBSD.org
 COMMENT=	Securely execute PHP scripts under Apache
 
 GNU_CONFIGURE=	yes
-USE_AUTOTOOLS=	aclocal:env automake:env autoconf:env libtool:env
+USE_AUTOTOOLS=	aclocal:env automake autoconf:env libtool:env
+AUTOMAKE_ARGS+=	--add-missing
 
 # Maintainer has not tested suPHP 0.6.x on Apache 1.3.
 USE_APACHE=	22
@@ -39,11 +39,9 @@ CONFIGURE_ARGS+=	--with-apr=${LOCALBASE}
 AUTOTOOLSFILES=	aclocal.m4
 
 post-patch:
-	@${REINPLACE_CMD} -e 's|2.61|%%AUTOCONF_VERSION%%|g' \
-			  -e 's|1.10.1|%%AUTOMAKE_APIVER%%|g' \
-			  -e 's|1.10|%%AUTOMAKE_VERSION%%|g' \
+	@${REINPLACE_CMD} -e 's|2.68|%%AUTOCONF_VERSION%%|g' \
+			  -e 's|1.11.3|%%AUTOMAKE_VERSION%%|g' \
 			  ${WRKSRC}/aclocal.m4
-	@${CHMOD} 755 ${WRKSRC}/config/install-sh
 
 post-install:
 .if !defined(NOPORTDOCS)
diff --git a/www/suphp/distinfo b/www/suphp/distinfo
index 11415fbbfeb1..1fd478eacd4e 100644
--- a/www/suphp/distinfo
+++ b/www/suphp/distinfo
@@ -1,2 +1,2 @@
-SHA256 (suphp-0.7.1.tar.gz) = 91d180046f95f66c9ad12f3ca67bba87e2b64338543145e68370babc4434e58a
-SIZE (suphp-0.7.1.tar.gz) = 386521
+SHA256 (suphp-0.7.2.tar.gz) = e09d4d73a552f4a5bb46961ac7e7ea61c5c24757a8b80d8d770e4c7ed6519760
+SIZE (suphp-0.7.2.tar.gz) = 343223