From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Oct 30 09:50:09 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A4E8106566B for ; Sun, 30 Oct 2011 09:50:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 017108FC0C for ; Sun, 30 Oct 2011 09:50:09 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p9U9o8O7006244 for ; Sun, 30 Oct 2011 09:50:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p9U9o8FD006243; Sun, 30 Oct 2011 09:50:08 GMT (envelope-from gnats) Resent-Date: Sun, 30 Oct 2011 09:50:08 GMT Resent-Message-Id: <201110300950.p9U9o8FD006243@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Svyatoslav Lempert Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0B35F1065675 for ; Sun, 30 Oct 2011 09:49:34 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id EE98E8FC15 for ; Sun, 30 Oct 2011 09:49:33 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p9U9nXWO026529 for ; Sun, 30 Oct 2011 09:49:33 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p9U9nXob026528; Sun, 30 Oct 2011 09:49:33 GMT (envelope-from nobody) Message-Id: <201110300949.p9U9nXob026528@red.freebsd.org> Date: Sun, 30 Oct 2011 09:49:33 GMT From: Svyatoslav Lempert To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/162165: [update] lang/php52 update for new timezone set in timezonedb.h X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Oct 2011 09:50:09 -0000 >Number: 162165 >Category: ports >Synopsis: [update] lang/php52 update for new timezone set in timezonedb.h >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Oct 30 09:50:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Svyatoslav Lempert >Release: 8.2-STABLE >Organization: >Environment: FreeBSD bsd8.ispsystem.info 8.2-STABLE FreeBSD 8.2-STABLE #2 r95: Wed Oct 5 11:31:11 IRKST 2011 root@freebsd8-amd64.ispsystem.net:/root/src/sys/amd64/compile/ISPSYSTEM amd64 >Description: - Patch for new timezone set in timezonedb.h (actually especially for Russia and other countries have abolished the transition to winter time) from upstream PHP svn trunk - One patchfile http://code.google.com/p/php52-backports/ from security branch instead of multiple files - Bump portrevision to 4 >How-To-Repeat: Run this code bsd8# cat time.php without new timezonedb.h bsd8# php time.php Sun, 30 Oct 2011 12:41:35 +0300 It's wrong. But PHP used "own" timzone file and do not check system localtime Run code again with fixed zoneinfo in PHP compiled with new timezonedb.h bsd8# ./php time.php Sun, 30 Oct 2011 13:41:40 +0400 >Fix: Apply patch to lang/php52 and rebuild and reinstall port Patch attached with submission follows: diff -Nru php52.old/Makefile php52/Makefile --- php52.old/Makefile 2011-09-29 18:53:25.000000000 +0100 +++ php52/Makefile 2011-10-30 09:26:31.000000000 +0000 @@ -7,7 +7,7 @@ PORTNAME= php52 PORTVERSION= 5.2.17 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} MASTER_SITE_SUBDIR= distributions @@ -191,12 +191,7 @@ .endif .if defined(WITH_BACKPORTS) -PATCHFILES+= php-5.2.17-CVE-2011-0421.patch \ - php-5.2.17-CVE-2011-0708.patch \ - php-5.2.17-CVE-2011-1092.patch \ - php-5.2.17-CVE-2011-1148.patch \ - php-5.2.17-CVE-2011-1938.patch \ - php-5.2.17-CVE-2011-2202.patch +PATCHFILES+= php52-backports-security-20111030.patch PATCH_SITES+= http://php52-backports.googlecode.com/files/ .else FORBIDDEN= Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html diff -Nru php52.old/distinfo php52/distinfo --- php52.old/distinfo 2011-09-29 18:53:25.000000000 +0100 +++ php52/distinfo 2011-10-30 09:27:36.000000000 +0000 @@ -6,15 +6,5 @@ SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f SIZE (php-5.2.10-mail-header.patch) = 3383 -SHA256 (php-5.2.17-CVE-2011-0421.patch) = e31086a77a5c4ec1cb4e302d3c7107eadbfebc26cf9e1ca5a018407616a95e7a -SIZE (php-5.2.17-CVE-2011-0421.patch) = 383 -SHA256 (php-5.2.17-CVE-2011-0708.patch) = e07d9cac035da6a53216600b17a6d0b4d524ccae1c48288dfdfb9ca965a0f70a -SIZE (php-5.2.17-CVE-2011-0708.patch) = 1724 -SHA256 (php-5.2.17-CVE-2011-1092.patch) = 4e57151848f006258d9566605929d9121b754c8b5957c24d481d1d6390ecc518 -SIZE (php-5.2.17-CVE-2011-1092.patch) = 380 -SHA256 (php-5.2.17-CVE-2011-1148.patch) = ca9f77ad7d0350d6155b5aa7f2947b4ea3f20df436a2687f578bfde3f890b43d -SIZE (php-5.2.17-CVE-2011-1148.patch) = 5115 -SHA256 (php-5.2.17-CVE-2011-1938.patch) = f6f6e8b0f6ec430c598eed17b5bb2bb4223591406920d578a1c5711c214988e4 -SIZE (php-5.2.17-CVE-2011-1938.patch) = 641 -SHA256 (php-5.2.17-CVE-2011-2202.patch) = b131428a79548c9164721a03fe33003f7b7631e26d50084308e140ed5dd9d995 -SIZE (php-5.2.17-CVE-2011-2202.patch) = 845 +SHA256 (php52-backports-security-20111030.patch) = 642c124f702310d584940608f1ebcaf5a5c44ca4e17c0adb5aa538d76a86ec1f +SIZE (php52-backports-security-20111030.patch) = 280143 >Release-Note: >Audit-Trail: >Unformatted: