From owner-freebsd-ports-bugs@FreeBSD.ORG  Tue May  8 19:00:16 2007
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
X-Original-To: freebsd-ports-bugs@hub.freebsd.org
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 89B2916A403
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue,  8 May 2007 19:00:16 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 6BCD713C44B
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Tue,  8 May 2007 19:00:16 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l48J0GKU006598
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Tue, 8 May 2007 19:00:16 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l48J0Gk4006597;
	Tue, 8 May 2007 19:00:16 GMT (envelope-from gnats)
Resent-Date: Tue, 8 May 2007 19:00:16 GMT
Resent-Message-Id: <200705081900.l48J0Gk4006597@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Nick Barkas<snb@threerings.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id E248816A4EF
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue,  8 May 2007 18:51:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id C720D13C44B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue,  8 May 2007 18:51:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l48Ipmgo094993
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 8 May 2007 18:51:48 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l48IklxK084021;
	Tue, 8 May 2007 18:46:47 GMT (envelope-from nobody)
Message-Id: <200705081846.l48IklxK084021@www.freebsd.org>
Date: Tue, 8 May 2007 18:46:47 GMT
From: Nick Barkas<snb@threerings.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.0
Cc: 
Subject: ports/112527: [patch] Upgrade lang/php5 to 5.2.2
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 May 2007 19:00:16 -0000


>Number:         112527
>Category:       ports
>Synopsis:       [patch] Upgrade lang/php5 to 5.2.2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 08 19:00:16 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Nick Barkas
>Release:        FreeBSD 6.1
>Organization:
Three Rings Design
>Environment:
FreeBSD lab1.earth.threerings.net 6.1-RELEASE-p6 FreeBSD 6.1-RELEASE-p6 #5: Wed Sep 13 17:45:32 PDT 2006     root@lab1.earth.threerings.net:/usr/obj/usr/src/sys/SMP  i386

>Description:
PHP 5.2.2 has been released and fixes a number of security vulnerabilities shown here:
http://www.vuxml.org/freebsd/f5e52bf5-fc77-11db-8163-000e0c2e438a.html

Here is a patch that will upgrade the lang/php5 port to 5.2.2. If this is used, VuXML should be updated to indicate that 5.2.2 is not vulnerable to the problems listed in the above mentioned advisory. Until then, I could only build my patched port using DISABLE_VULNERABILITIES=yes.

I've only compiled the ports for the following extensions with the new version of PHP: ctype, dom, gettext, iconv, ldap, mbstring, mcrypt, mysql, openssl, pcre, readline, session, simplexml, spl, tokenizer, xml, xmlreader, xmlwriter, and zlib. pcre, from devel/php5-pcre, needed to have the files/patch-pcre-7.0 patch removed to build, and can also probably have PORTREVISION removed from its Makefile. I have also tried the sqlite extension (databases/sqlite) and posix (sysutils/php5-posix), and was unable to build either due to failed patching. I have not yet had the time to find what changes need to be made to their patches to get them to build.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -urN php5.orig/Makefile php5/Makefile
--- php5.orig/Makefile	Mon May  7 11:44:44 2007
+++ php5/Makefile	Mon May  7 11:48:36 2007
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	php5
-PORTVERSION=	5.2.1
-PORTREVISION?=	3
+PORTVERSION=	5.2.2
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP:S,$,:release,} \
 		http://downloads.php.net/ilia/:rc \
diff -urN php5.orig/distinfo php5/distinfo
--- php5.orig/distinfo	Mon May  7 11:44:44 2007
+++ php5/distinfo	Mon May  7 11:55:25 2007
@@ -1,9 +1,9 @@
-MD5 (php-5.2.1.tar.bz2) = 261218e3569a777dbd87c16a15f05c8d
-SHA256 (php-5.2.1.tar.bz2) = 4b60fa70969644d193d58dd7cb9f2765e304c6368e98b1551e92e8d4e14d35ed
-SIZE (php-5.2.1.tar.bz2) = 7163383
-MD5 (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 98cae8ee994df74e3ea1b25c955310e8
-SHA256 (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 78802a71c35ed2bed2e0e32cb8443f682451989ebe1ed5d5b384b7bb85b90c1b
-SIZE (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 22679
-MD5 (php-5.2.1-mail-header.patch) = be00d628a43e650e98c45185485100c1
-SHA256 (php-5.2.1-mail-header.patch) = e72c3f0d8d905bf92513bbf858a450469b15ee3c7d4da33feb495100ac7b1cd2
-SIZE (php-5.2.1-mail-header.patch) = 3420
+MD5 (php-5.2.2.tar.bz2) = d084337867d70b50a10322577be0e44e
+SHA256 (php-5.2.2.tar.bz2) = cd69e73c46e1d171ac0cf27b7ee492c3bf8f6b45a763a77fd0cb79d5afa9f407
+SIZE (php-5.2.2.tar.bz2) = 7310926
+MD5 (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 081fe08d584820a6ece1fe2e8629711f
+SHA256 (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 932d8155028686b96d3ebf89215dab7cd9353ac72f9ea82c252d0999fb4bd864
+SIZE (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 22850
+MD5 (php-5.2.2-mail-header.patch) = 6b2562b5230b1f85a2ccb292e124a91a
+SHA256 (php-5.2.2-mail-header.patch) = 5394732be1953c7eedc2de9529d10971d85959af6352c8a67b4561124ddc8df5
+SIZE (php-5.2.2-mail-header.patch) = 3420
diff -urN php5.orig/files/patch-ext_standard_string.c php5/files/patch-ext_standard_string.c
--- php5.orig/files/patch-ext_standard_string.c	Mon May  7 11:44:44 2007
+++ php5/files/patch-ext_standard_string.c	Wed Dec 31 16:00:00 1969
@@ -1,11 +0,0 @@
---- ext/standard/string.c.orig	Thu Feb 15 07:50:09 2007
-+++ ext/standard/string.c	Thu Feb 15 07:50:33 2007
-@@ -3148,7 +3148,7 @@
- 	}
- 	
- 	Z_STRLEN_P(result) = len + (char_count * (to_len - 1));
--	Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len);
-+	Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len + 1);
- 	Z_TYPE_P(result) = IS_STRING;
- 
- 	if (case_sensitivity) {

>Release-Note:
>Audit-Trail:
>Unformatted: