Date: Wed, 20 Jun 2012 17:40:00 GMT From: Svyatoslav Lempert <svyatoslav.lempert@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/169272: [update] lang/php52 to 5.2.17_9 (20120526) Message-ID: <201206201740.q5KHe06I052530@red.freebsd.org> Resent-Message-ID: <201206201740.q5KHe9KD097132@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 169272 >Category: ports >Synopsis: [update] lang/php52 to 5.2.17_9 (20120526) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Jun 20 17:40:09 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Svyatoslav Lempert >Release: 9.0-STABLE >Organization: >Environment: >Description: - update backports patch to latest version (20120526) - magic_quotes_gpc fix for regression introduced by CVE-2012-0831 fix - security 3761df02-0f9c-11e0-becc-0022156e8794 59b68b1e-9c78-11e1-b5e0-000c299b62e1 Please remove security vulnerabilities http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html CVE-2006-7243 : This is NOT vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=662707 We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 http://www.vuxml.org/freebsd/59b68b1e-9c78-11e1-b5e0-000c299b62e1.html CVE-2012-1823 : was fixed in 5.2.17_8 CVE-2012-2311 : fixed in the last patch CVE-2012-2329 : this flaw only affects PHP 5.4.0 through 5.4.2 https://access.redhat.com/security/cve/CVE-2012-2329 https://bugzilla.redhat.com/show_bug.cgi?id=820000 >How-To-Repeat: >Fix: Patch attached with submission follows: diff -Nru php52.old/Makefile php52/Makefile --- php52.old/Makefile 2012-05-16 16:36:34.000000000 +0900 +++ php52/Makefile 2012-05-26 02:26:32.000000000 +0900 @@ -7,7 +7,7 @@ PORTNAME= php52 PORTVERSION= 5.2.17 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} MASTER_SITE_SUBDIR= distributions @@ -26,7 +26,7 @@ MAKE_JOBS_SAFE= yes # BACKPORTS patch for lang/php52 and all php52-extensions -PATCHFILES= php52-backports-security-20120504.patch +PATCHFILES= php52-backports-security-20120526.patch PATCH_SITES= http://php52-backports.googlecode.com/files/ .if !defined(PKGNAMESUFFIX) diff -Nru php52.old/distinfo php52/distinfo --- php52.old/distinfo 2012-05-06 00:21:14.000000000 +0900 +++ php52/distinfo 2012-05-26 03:00:13.000000000 +0900 @@ -1,10 +1,10 @@ SHA256 (php-5.2.17.tar.bz2) = e81beb13ec242ab700e56f366e9da52fd6cf18961d155b23304ca870e53f116c SIZE (php-5.2.17.tar.bz2) = 9092312 +SHA256 (php52-backports-security-20120526.patch) = f5c62f44c2c040b89d14b55770aca7fae86d1f7c0f572f97d89550aec416d60d +SIZE (php52-backports-security-20120526.patch) = 293532 SHA256 (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 354ce451417d14ef47761ae55147e9cee30fa0ff6f59447da021194c539f4d7f SIZE (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 43550 SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = aae115a318d80b3f32cedf876e7a8e4b932febb1b0c743c0b398003ebe122f91 SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f SIZE (php-5.2.10-mail-header.patch) = 3383 -SHA256 (php52-backports-security-20120504.patch) = 1ccf9faabccc2f682359076c15162b1acc972e01faeabd9fce6e8d69f5b12c89 -SIZE (php52-backports-security-20120504.patch) = 292077 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206201740.q5KHe06I052530>