Date: Thu, 4 Mar 2010 12:58:43 -0600 (CST) From: falz <me@falz.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/144475: lang/php5 update from 5.2.12 to 5.2.13 Message-ID: <20100304185843.24E56BFAEC@chrisw.colo.supranet.net> Resent-Message-ID: <201003041920.o24JK21i040215@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 144475 >Category: ports >Synopsis: lang/php5 update from 5.2.12 to 5.2.13 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Mar 04 19:20:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: falz >Release: FreeBSD 8.0-RELEASE i386 >Organization: >Environment: System: FreeBSD falz.net 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: PHP 5.2.12 has a known vulnerability in the wild. See: http://www.php.net/releases/5_2_13.php and http://samy.pl/phpwn/ Patch to update php5.2.12 to 5.2.13. Also bumped suhosin patch which was at 5.2.11 for 5.2.12. Patch also avilable here: http://falz.net/static/lang-php5.2.13.diff >How-To-Repeat: >Fix: patch --- lang-php5.2.13.diff begins here --- diff -ruN /usr/ports/lang/php5/Makefile /usr/local/ports/lang/php5/Makefile --- /usr/ports/lang/php5/Makefile 2009-12-29 08:39:10.000000000 -0600 +++ /usr/local/ports/lang/php5/Makefile 2010-03-04 12:22:24.000000000 -0600 @@ -2,11 +2,9 @@ # Date created: Tue Feb 18 11:17:13 CET 2003 # Whom: Alex Dupre <sysadmin@alexdupre.com> # -# $FreeBSD: ports/lang/php5/Makefile,v 1.141 2009/12/29 14:39:10 ale Exp $ -# PORTNAME= php5 -PORTVERSION= 5.2.12 +PORTVERSION= 5.2.13 PORTREVISION?= 0 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} @@ -57,7 +55,7 @@ .if !defined(WITHOUT_SUHOSIN) #PATCHFILES+= suhosin-patch-${PORTVERSION}-0.9.7.patch.gz:suhosin -PATCHFILES+= suhosin-patch-5.2.11-0.9.7.patch.gz:suhosin +PATCHFILES+= suhosin-patch-5.2.13-0.9.7.patch.gz:suhosin PATCH_SITES+= http://download.suhosin.org/:suhosin PLIST_SUB+= SUHOSIN="" .else diff -ruN /usr/ports/lang/php5/distinfo /usr/local/ports/lang/php5/distinfo --- /usr/ports/lang/php5/distinfo 2009-12-29 08:39:10.000000000 -0600 +++ /usr/local/ports/lang/php5/distinfo 2010-03-04 12:22:20.000000000 -0600 @@ -1,9 +1,9 @@ -MD5 (php-5.2.12.tar.bz2) = 5b7077e366c7eeab34da31dd860a1923 -SHA256 (php-5.2.12.tar.bz2) = e65756a8412726a491ca48da1e0693eaeb3f38f19fb6cbc8f53005cab1f2491a -SIZE (php-5.2.12.tar.bz2) = 9075161 -MD5 (suhosin-patch-5.2.11-0.9.7.patch.gz) = 8f9de4d97fae6eba163cf3699509a260 -SHA256 (suhosin-patch-5.2.11-0.9.7.patch.gz) = 392f10c9b7d9c47f30e989fb7775cc46d36153b933bf7ac9ccd8826b2954584b -SIZE (suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 +MD5 (php-5.2.13.tar.bz2) = eb4d0766dc4fb9667f05a68b6041e7d1 +SHA256 (php-5.2.13.tar.bz2) = 2b50a2535e3bb9a98cd4d1633f9452d877276c40b385915261f040d535c7eadb +SIZE (php-5.2.13.tar.bz2) = 9084518 +MD5 (suhosin-patch-5.2.13-0.9.7.patch.gz) = 8188e119ce7abce98b8f004de46fbac5 +SHA256 (suhosin-patch-5.2.13-0.9.7.patch.gz) = 787743e5d201ab2ce3fcc3f252eedd7f167470fa1f55af0646d7f03aab89d184 +SIZE (suhosin-patch-5.2.13-0.9.7.patch.gz) = 22989 MD5 (php-5.2.10-mail-header.patch) = 7f73682e78d32e22989c3fb3678d668b SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f SIZE (php-5.2.10-mail-header.patch) = 3383 --- lang-php5.2.13.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100304185843.24E56BFAEC>