From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Mar 4 19:20:02 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 522B01065677 for ; Thu, 4 Mar 2010 19:20:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 3236A8FC0A for ; Thu, 4 Mar 2010 19:20:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o24JK2Y6040216 for ; Thu, 4 Mar 2010 19:20:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o24JK21i040215; Thu, 4 Mar 2010 19:20:02 GMT (envelope-from gnats) Resent-Date: Thu, 4 Mar 2010 19:20:02 GMT Resent-Message-Id: <201003041920.o24JK21i040215@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, falz Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0D551065672 for ; Thu, 4 Mar 2010 19:15:24 +0000 (UTC) (envelope-from falz@chrisw.colo.supranet.net) Received: from chrisw.colo.supranet.net (300bps.org [66.170.13.170]) by mx1.freebsd.org (Postfix) with ESMTP id 4DD7E8FC0A for ; Thu, 4 Mar 2010 19:15:23 +0000 (UTC) Received: by chrisw.colo.supranet.net (Postfix, from userid 1001) id 24E56BFAEC; Thu, 4 Mar 2010 12:58:43 -0600 (CST) Message-Id: <20100304185843.24E56BFAEC@chrisw.colo.supranet.net> Date: Thu, 4 Mar 2010 12:58:43 -0600 (CST) From: falz To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/144475: lang/php5 update from 5.2.12 to 5.2.13 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: falz List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2010 19:20:02 -0000 >Number: 144475 >Category: ports >Synopsis: lang/php5 update from 5.2.12 to 5.2.13 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Mar 04 19:20:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: falz >Release: FreeBSD 8.0-RELEASE i386 >Organization: >Environment: System: FreeBSD falz.net 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: PHP 5.2.12 has a known vulnerability in the wild. See: http://www.php.net/releases/5_2_13.php and http://samy.pl/phpwn/ Patch to update php5.2.12 to 5.2.13. Also bumped suhosin patch which was at 5.2.11 for 5.2.12. Patch also avilable here: http://falz.net/static/lang-php5.2.13.diff >How-To-Repeat: >Fix: patch --- lang-php5.2.13.diff begins here --- diff -ruN /usr/ports/lang/php5/Makefile /usr/local/ports/lang/php5/Makefile --- /usr/ports/lang/php5/Makefile 2009-12-29 08:39:10.000000000 -0600 +++ /usr/local/ports/lang/php5/Makefile 2010-03-04 12:22:24.000000000 -0600 @@ -2,11 +2,9 @@ # Date created: Tue Feb 18 11:17:13 CET 2003 # Whom: Alex Dupre # -# $FreeBSD: ports/lang/php5/Makefile,v 1.141 2009/12/29 14:39:10 ale Exp $ -# PORTNAME= php5 -PORTVERSION= 5.2.12 +PORTVERSION= 5.2.13 PORTREVISION?= 0 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} @@ -57,7 +55,7 @@ .if !defined(WITHOUT_SUHOSIN) #PATCHFILES+= suhosin-patch-${PORTVERSION}-0.9.7.patch.gz:suhosin -PATCHFILES+= suhosin-patch-5.2.11-0.9.7.patch.gz:suhosin +PATCHFILES+= suhosin-patch-5.2.13-0.9.7.patch.gz:suhosin PATCH_SITES+= http://download.suhosin.org/:suhosin PLIST_SUB+= SUHOSIN="" .else diff -ruN /usr/ports/lang/php5/distinfo /usr/local/ports/lang/php5/distinfo --- /usr/ports/lang/php5/distinfo 2009-12-29 08:39:10.000000000 -0600 +++ /usr/local/ports/lang/php5/distinfo 2010-03-04 12:22:20.000000000 -0600 @@ -1,9 +1,9 @@ -MD5 (php-5.2.12.tar.bz2) = 5b7077e366c7eeab34da31dd860a1923 -SHA256 (php-5.2.12.tar.bz2) = e65756a8412726a491ca48da1e0693eaeb3f38f19fb6cbc8f53005cab1f2491a -SIZE (php-5.2.12.tar.bz2) = 9075161 -MD5 (suhosin-patch-5.2.11-0.9.7.patch.gz) = 8f9de4d97fae6eba163cf3699509a260 -SHA256 (suhosin-patch-5.2.11-0.9.7.patch.gz) = 392f10c9b7d9c47f30e989fb7775cc46d36153b933bf7ac9ccd8826b2954584b -SIZE (suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 +MD5 (php-5.2.13.tar.bz2) = eb4d0766dc4fb9667f05a68b6041e7d1 +SHA256 (php-5.2.13.tar.bz2) = 2b50a2535e3bb9a98cd4d1633f9452d877276c40b385915261f040d535c7eadb +SIZE (php-5.2.13.tar.bz2) = 9084518 +MD5 (suhosin-patch-5.2.13-0.9.7.patch.gz) = 8188e119ce7abce98b8f004de46fbac5 +SHA256 (suhosin-patch-5.2.13-0.9.7.patch.gz) = 787743e5d201ab2ce3fcc3f252eedd7f167470fa1f55af0646d7f03aab89d184 +SIZE (suhosin-patch-5.2.13-0.9.7.patch.gz) = 22989 MD5 (php-5.2.10-mail-header.patch) = 7f73682e78d32e22989c3fb3678d668b SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f SIZE (php-5.2.10-mail-header.patch) = 3383 --- lang-php5.2.13.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: