Date: Sun, 30 Oct 2011 09:49:33 GMT From: Svyatoslav Lempert <svyatoslav.lempert@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/162165: [update] lang/php52 update for new timezone set in timezonedb.h Message-ID: <201110300949.p9U9nXob026528@red.freebsd.org> Resent-Message-ID: <201110300950.p9U9o8FD006243@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 162165 >Category: ports >Synopsis: [update] lang/php52 update for new timezone set in timezonedb.h >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Oct 30 09:50:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Svyatoslav Lempert >Release: 8.2-STABLE >Organization: >Environment: FreeBSD bsd8.ispsystem.info 8.2-STABLE FreeBSD 8.2-STABLE #2 r95: Wed Oct 5 11:31:11 IRKST 2011 root@freebsd8-amd64.ispsystem.net:/root/src/sys/amd64/compile/ISPSYSTEM amd64 >Description: - Patch for new timezone set in timezonedb.h (actually especially for Russia and other countries have abolished the transition to winter time) from upstream PHP svn trunk - One patchfile http://code.google.com/p/php52-backports/ from security branch instead of multiple files - Bump portrevision to 4 >How-To-Repeat: Run this code bsd8# cat time.php <?php date_default_timezone_set('Europe/Moscow'); echo date("r"); ?> without new timezonedb.h bsd8# php time.php Sun, 30 Oct 2011 12:41:35 +0300 It's wrong. But PHP used "own" timzone file and do not check system localtime Run code again with fixed zoneinfo in PHP compiled with new timezonedb.h bsd8# ./php time.php Sun, 30 Oct 2011 13:41:40 +0400 >Fix: Apply patch to lang/php52 and rebuild and reinstall port Patch attached with submission follows: diff -Nru php52.old/Makefile php52/Makefile --- php52.old/Makefile 2011-09-29 18:53:25.000000000 +0100 +++ php52/Makefile 2011-10-30 09:26:31.000000000 +0000 @@ -7,7 +7,7 @@ PORTNAME= php52 PORTVERSION= 5.2.17 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} MASTER_SITE_SUBDIR= distributions @@ -191,12 +191,7 @@ .endif .if defined(WITH_BACKPORTS) -PATCHFILES+= php-5.2.17-CVE-2011-0421.patch \ - php-5.2.17-CVE-2011-0708.patch \ - php-5.2.17-CVE-2011-1092.patch \ - php-5.2.17-CVE-2011-1148.patch \ - php-5.2.17-CVE-2011-1938.patch \ - php-5.2.17-CVE-2011-2202.patch +PATCHFILES+= php52-backports-security-20111030.patch PATCH_SITES+= http://php52-backports.googlecode.com/files/ .else FORBIDDEN= Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html diff -Nru php52.old/distinfo php52/distinfo --- php52.old/distinfo 2011-09-29 18:53:25.000000000 +0100 +++ php52/distinfo 2011-10-30 09:27:36.000000000 +0000 @@ -6,15 +6,5 @@ SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f SIZE (php-5.2.10-mail-header.patch) = 3383 -SHA256 (php-5.2.17-CVE-2011-0421.patch) = e31086a77a5c4ec1cb4e302d3c7107eadbfebc26cf9e1ca5a018407616a95e7a -SIZE (php-5.2.17-CVE-2011-0421.patch) = 383 -SHA256 (php-5.2.17-CVE-2011-0708.patch) = e07d9cac035da6a53216600b17a6d0b4d524ccae1c48288dfdfb9ca965a0f70a -SIZE (php-5.2.17-CVE-2011-0708.patch) = 1724 -SHA256 (php-5.2.17-CVE-2011-1092.patch) = 4e57151848f006258d9566605929d9121b754c8b5957c24d481d1d6390ecc518 -SIZE (php-5.2.17-CVE-2011-1092.patch) = 380 -SHA256 (php-5.2.17-CVE-2011-1148.patch) = ca9f77ad7d0350d6155b5aa7f2947b4ea3f20df436a2687f578bfde3f890b43d -SIZE (php-5.2.17-CVE-2011-1148.patch) = 5115 -SHA256 (php-5.2.17-CVE-2011-1938.patch) = f6f6e8b0f6ec430c598eed17b5bb2bb4223591406920d578a1c5711c214988e4 -SIZE (php-5.2.17-CVE-2011-1938.patch) = 641 -SHA256 (php-5.2.17-CVE-2011-2202.patch) = b131428a79548c9164721a03fe33003f7b7631e26d50084308e140ed5dd9d995 -SIZE (php-5.2.17-CVE-2011-2202.patch) = 845 +SHA256 (php52-backports-security-20111030.patch) = 642c124f702310d584940608f1ebcaf5a5c44ca4e17c0adb5aa538d76a86ec1f +SIZE (php52-backports-security-20111030.patch) = 280143 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110300949.p9U9nXob026528>