Date: Wed, 12 Sep 2012 18:16:37 GMT From: Svyatoslav Lempert <svyatoslav.lempert@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/171583: [update] lang/php52 to 5.2.17_11 (20120911) Message-ID: <201209121816.q8CIGbZG010598@red.freebsd.org> Resent-Message-ID: <201209121820.q8CIK2Yx049210@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 171583 >Category: ports >Synopsis: [update] lang/php52 to 5.2.17_11 (20120911) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Sep 12 18:20:01 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Svyatoslav Lempert >Release: 9.0-STABLE >Organization: >Environment: >Description: - Update backports patch to 20120911 - Bump PORTREVISION Changes: - CVE-2011-1398 - The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 does not properly handle %0D sequences - CVE-2012-0789 - Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. - CVE-2012-3365 - The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors - Timezone database updated to version 2012.5 (2012e) (from 2011.13 (2011m)) - Minor improvements (CVE-2012-2688, compilation issues with old GCC) List VuXML http://www.freshports.org/vuxml.php?vid=918f38cd-f71e-11e1-8bd8-0022156e8794|bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89|3761df02-0f9c-11e0-becc-0022156e8794 also should be changed 918f38cd-f71e-11e1-8bd8-0022156e8794 - fixed 2012-09-11 http://code.google.com/p/php52-backports/ - remove this mark bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89 - fixed 2012-06-21 - remove this mark 3761df02-0f9c-11e0-becc-0022156e8794 - it can't be fixed by PHP 5.2 design (most likely before the end of the support this will not be corrected) - leave this mark >How-To-Repeat: >Fix: Patch attached with submission follows: diff -Nru php52.old/Makefile php52/Makefile --- php52.old/Makefile 2012-08-18 14:29:08.000000000 +0000 +++ php52/Makefile 2012-09-11 18:49:45.000000000 +0000 @@ -7,7 +7,7 @@ PORTNAME= php52 PORTVERSION= 5.2.17 -PORTREVISION= 10 +PORTREVISION= 11 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} MASTER_SITE_SUBDIR= distributions @@ -26,7 +26,7 @@ MAKE_JOBS_SAFE= yes # BACKPORTS patch for lang/php52 and all php52-extensions -PATCHFILES= php52-backports-security-20120721.patch +PATCHFILES= php52-backports-security-20120911.patch PATCH_SITES+= http://php52-backports.googlecode.com/files/ .if !defined(PKGNAMESUFFIX) diff -Nru php52.old/distinfo php52/distinfo --- php52.old/distinfo 2012-07-23 04:14:11.000000000 +0000 +++ php52/distinfo 2012-09-11 18:51:15.000000000 +0000 @@ -1,7 +1,7 @@ SHA256 (php-5.2.17.tar.bz2) = e81beb13ec242ab700e56f366e9da52fd6cf18961d155b23304ca870e53f116c SIZE (php-5.2.17.tar.bz2) = 9092312 -SHA256 (php52-backports-security-20120721.patch) = a8ef22aaf2c7c1ff43d4154709a465f1ae6afaf1aeb1e6a39e274dcf36e33499 -SIZE (php52-backports-security-20120721.patch) = 306125 +SHA256 (php52-backports-security-20120911.patch) = 4911e2a5abb72d0558b2baf07ff64ca054d71219bde183e41b591894fb7cb1f6 +SIZE (php52-backports-security-20120911.patch) = 356599 SHA256 (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 354ce451417d14ef47761ae55147e9cee30fa0ff6f59447da021194c539f4d7f SIZE (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 43550 SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = aae115a318d80b3f32cedf876e7a8e4b932febb1b0c743c0b398003ebe122f91 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209121816.q8CIGbZG010598>