From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Jun 20 17:40:09 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A2E311065675 for ; Wed, 20 Jun 2012 17:40:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7BFC88FC1B for ; Wed, 20 Jun 2012 17:40:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5KHe9Bs097133 for ; Wed, 20 Jun 2012 17:40:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5KHe9KD097132; Wed, 20 Jun 2012 17:40:09 GMT (envelope-from gnats) Resent-Date: Wed, 20 Jun 2012 17:40:09 GMT Resent-Message-Id: <201206201740.q5KHe9KD097132@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Svyatoslav Lempert Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 25682106566C for ; Wed, 20 Jun 2012 17:40:01 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id EAE5E8FC12 for ; Wed, 20 Jun 2012 17:40:00 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q5KHe0J4052531 for ; Wed, 20 Jun 2012 17:40:00 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id q5KHe06I052530; Wed, 20 Jun 2012 17:40:00 GMT (envelope-from nobody) Message-Id: <201206201740.q5KHe06I052530@red.freebsd.org> Date: Wed, 20 Jun 2012 17:40:00 GMT From: Svyatoslav Lempert To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/169272: [update] lang/php52 to 5.2.17_9 (20120526) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2012 17:40:09 -0000 >Number: 169272 >Category: ports >Synopsis: [update] lang/php52 to 5.2.17_9 (20120526) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Jun 20 17:40:09 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Svyatoslav Lempert >Release: 9.0-STABLE >Organization: >Environment: >Description: - update backports patch to latest version (20120526) - magic_quotes_gpc fix for regression introduced by CVE-2012-0831 fix - security 3761df02-0f9c-11e0-becc-0022156e8794 59b68b1e-9c78-11e1-b5e0-000c299b62e1 Please remove security vulnerabilities http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html CVE-2006-7243 : This is NOT vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=662707 We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 http://www.vuxml.org/freebsd/59b68b1e-9c78-11e1-b5e0-000c299b62e1.html CVE-2012-1823 : was fixed in 5.2.17_8 CVE-2012-2311 : fixed in the last patch CVE-2012-2329 : this flaw only affects PHP 5.4.0 through 5.4.2 https://access.redhat.com/security/cve/CVE-2012-2329 https://bugzilla.redhat.com/show_bug.cgi?id=820000 >How-To-Repeat: >Fix: Patch attached with submission follows: diff -Nru php52.old/Makefile php52/Makefile --- php52.old/Makefile 2012-05-16 16:36:34.000000000 +0900 +++ php52/Makefile 2012-05-26 02:26:32.000000000 +0900 @@ -7,7 +7,7 @@ PORTNAME= php52 PORTVERSION= 5.2.17 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} MASTER_SITE_SUBDIR= distributions @@ -26,7 +26,7 @@ MAKE_JOBS_SAFE= yes # BACKPORTS patch for lang/php52 and all php52-extensions -PATCHFILES= php52-backports-security-20120504.patch +PATCHFILES= php52-backports-security-20120526.patch PATCH_SITES= http://php52-backports.googlecode.com/files/ .if !defined(PKGNAMESUFFIX) diff -Nru php52.old/distinfo php52/distinfo --- php52.old/distinfo 2012-05-06 00:21:14.000000000 +0900 +++ php52/distinfo 2012-05-26 03:00:13.000000000 +0900 @@ -1,10 +1,10 @@ SHA256 (php-5.2.17.tar.bz2) = e81beb13ec242ab700e56f366e9da52fd6cf18961d155b23304ca870e53f116c SIZE (php-5.2.17.tar.bz2) = 9092312 +SHA256 (php52-backports-security-20120526.patch) = f5c62f44c2c040b89d14b55770aca7fae86d1f7c0f572f97d89550aec416d60d +SIZE (php52-backports-security-20120526.patch) = 293532 SHA256 (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 354ce451417d14ef47761ae55147e9cee30fa0ff6f59447da021194c539f4d7f SIZE (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 43550 SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = aae115a318d80b3f32cedf876e7a8e4b932febb1b0c743c0b398003ebe122f91 SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f SIZE (php-5.2.10-mail-header.patch) = 3383 -SHA256 (php52-backports-security-20120504.patch) = 1ccf9faabccc2f682359076c15162b1acc972e01faeabd9fce6e8d69f5b12c89 -SIZE (php52-backports-security-20120504.patch) = 292077 >Release-Note: >Audit-Trail: >Unformatted: