Date: Fri, 14 Sep 2007 09:30:52 GMT From: Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/116342: php5 port need to be updated due to multiply security fixes. Message-ID: <200709140930.l8E9UqIg046345@www.freebsd.org> Resent-Message-ID: <200709140940.l8E9e13W073978@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 116342 >Category: ports >Synopsis: php5 port need to be updated due to multiply security fixes. >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Fri Sep 14 09:40:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Aleksey Ovcharenko >Release: 6.2-RELEASE-p7 >Organization: >Environment: >Description: Please see http://www.FreeBSD.org/ports/portaudit/71d903fc-602d-11dc-898c-001921ab2fa4.html >How-To-Repeat: Install lang/php5 port. >Fix: Apply attached patch. Patch attached with submission follows: --- ./files/patch-sapi_cgi_config9.m4.orig Mon Jun 4 11:30:55 2007 +++ ./files/patch-sapi_cgi_config9.m4 Fri Sep 14 01:04:26 2007 @@ -1,31 +1,31 @@ ---- sapi/cgi/config9.m4.orig Thu Feb 2 10:59:23 2006 -+++ sapi/cgi/config9.m4 Thu May 4 11:19:41 2006 -@@ -80,7 +80,6 @@ - ]) - - +--- sapi/cgi/config9.m4.orig Wed Jul 11 16:20:36 2007 ++++ sapi/cgi/config9.m4 Fri Sep 14 01:02:59 2007 +@@ -25,7 +25,6 @@ + dnl + dnl CGI setup + dnl -if test "$PHP_SAPI" = "default"; then - AC_MSG_CHECKING(for CGI build) - if test "$PHP_SAPI_CGI" != "no"; then + AC_MSG_CHECKING(whether to build CGI binary) + if test "$PHP_CGI" != "no"; then AC_MSG_RESULT(yes) -@@ -145,8 +144,9 @@ - AC_DEFINE_UNQUOTED(PHP_FCGI_STATIC, $PHP_FCGI_STATIC, [ ]) - AC_MSG_RESULT($PHP_ENABLE_FASTCGI) +@@ -85,8 +84,9 @@ + AC_MSG_RESULT($PHP_PATH_INFO_CHECK) + dnl Set install target and select SAPI - INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)" -- PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c, , '$(SAPI_CGI_PATH)') +- PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c,, '$(SAPI_CGI_PATH)') + INSTALL_CGI="@echo \"Installing PHP CGI binary: $(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)" + PHP_ADD_SOURCES(sapi/cgi, $PHP_FCGI_FILES cgi_main.c getopt.c,, cgi) + PHP_ADD_SOURCES(/main, internal_functions.c,,cgi) case $host_alias in *aix*) -@@ -156,17 +156,29 @@ +@@ -96,17 +96,29 @@ BUILD_CGI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)" ;; *) - BUILD_CGI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)" -+ BUILD_CGI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CGI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)" ++ BUILD_CGI="\$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_CGI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)" ;; esac @@ -37,10 +37,10 @@ + PHP_SUBST(PHP_CGI_TARGET) + PHP_SUBST(PHP_INSTALL_CGI_TARGET) -- elif test "$PHP_SAPI_CLI" != "no"; then +- elif test "$PHP_CLI" != "no"; then - AC_MSG_RESULT(no) + if test "$PHP_SAPI" = "default" ; then -+ PHP_BUILD_PROGRAM($SAPI_CGI_PATH) ++ PHP_BUILD_PROGRAM($SAPI_CGI_PATH) + fi + else + AC_MSG_RESULT(no) --- ./distinfo.orig Mon Jun 4 11:30:54 2007 +++ ./distinfo Fri Sep 14 00:45:56 2007 @@ -1,9 +1,9 @@ -MD5 (php-5.2.3.tar.bz2) = eb50b751c8e1ced05bd012d5a0e4dec3 -SHA256 (php-5.2.3.tar.bz2) = eedffda5069caa801a7fec217c77619657416a5fcaefb79ba4620432f0befe29 -SIZE (php-5.2.3.tar.bz2) = 7417635 -MD5 (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = f217d04f9513222e48cea6588ac65b89 -SHA256 (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = 214c43e4808483f0700f36ffa57aba909a669cb335c179d46c1e8f765d70bd1f -SIZE (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = 22789 -MD5 (php-5.2.3-mail-header.patch) = c48ef565c02a2aeb6aadd3d12cea7bb8 -SHA256 (php-5.2.3-mail-header.patch) = dc80159705c2e2806fdab1632d573218383487dce3ad5aa700e92b909dcd03e5 -SIZE (php-5.2.3-mail-header.patch) = 3420 +SIZE (php-5.2.4-mail-header.patch) = 3420 +SHA256 (php-5.2.4-mail-header.patch) = c84ecc5619c900d3ec0c98fd5c09dbfb78afe572f298c00d68f9254596e6e708 +MD5 (php-5.2.4-mail-header.patch) = d1b5bbfe95078a367821b74fbbd45e3f +SHA256 (php-5.2.4.tar.bz2) = 502f5259e4619ba3549cd9f9bdeb4152c7effa66672348f3b108fccc8e1ca1c0 +MD5 (php-5.2.4.tar.bz2) = 55c97a671fdabf462cc7a82971a656d2 +SIZE (php-5.2.4.tar.bz2) = 7608429 +SHA256 (suhosin-patch-5.2.4-0.9.6.2.patch.gz) = 08dc68e53188dec7f851e2bc5392eba4c2ccc70cfba91eab1ddbd41dde6bcc14 +SIZE (suhosin-patch-5.2.4-0.9.6.2.patch.gz) = 22736 +MD5 (suhosin-patch-5.2.4-0.9.6.2.patch.gz) = 58b18d0db00bc52b004fc749190a958f --- ./Makefile.orig Fri Jul 27 23:33:54 2007 +++ ./Makefile Fri Sep 14 00:48:26 2007 @@ -6,7 +6,7 @@ # PORTNAME= php5 -PORTVERSION= 5.2.3 +PORTVERSION= 5.2.4 PORTREVISION?= 1 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709140930.l8E9UqIg046345>