Date: Tue, 8 May 2007 18:46:47 GMT From: Nick Barkas<snb@threerings.net> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/112527: [patch] Upgrade lang/php5 to 5.2.2 Message-ID: <200705081846.l48IklxK084021@www.freebsd.org> Resent-Message-ID: <200705081900.l48J0Gk4006597@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 112527 >Category: ports >Synopsis: [patch] Upgrade lang/php5 to 5.2.2 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue May 08 19:00:16 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Nick Barkas >Release: FreeBSD 6.1 >Organization: Three Rings Design >Environment: FreeBSD lab1.earth.threerings.net 6.1-RELEASE-p6 FreeBSD 6.1-RELEASE-p6 #5: Wed Sep 13 17:45:32 PDT 2006 root@lab1.earth.threerings.net:/usr/obj/usr/src/sys/SMP i386 >Description: PHP 5.2.2 has been released and fixes a number of security vulnerabilities shown here: http://www.vuxml.org/freebsd/f5e52bf5-fc77-11db-8163-000e0c2e438a.html Here is a patch that will upgrade the lang/php5 port to 5.2.2. If this is used, VuXML should be updated to indicate that 5.2.2 is not vulnerable to the problems listed in the above mentioned advisory. Until then, I could only build my patched port using DISABLE_VULNERABILITIES=yes. I've only compiled the ports for the following extensions with the new version of PHP: ctype, dom, gettext, iconv, ldap, mbstring, mcrypt, mysql, openssl, pcre, readline, session, simplexml, spl, tokenizer, xml, xmlreader, xmlwriter, and zlib. pcre, from devel/php5-pcre, needed to have the files/patch-pcre-7.0 patch removed to build, and can also probably have PORTREVISION removed from its Makefile. I have also tried the sqlite extension (databases/sqlite) and posix (sysutils/php5-posix), and was unable to build either due to failed patching. I have not yet had the time to find what changes need to be made to their patches to get them to build. >How-To-Repeat: >Fix: Patch attached with submission follows: diff -urN php5.orig/Makefile php5/Makefile --- php5.orig/Makefile Mon May 7 11:44:44 2007 +++ php5/Makefile Mon May 7 11:48:36 2007 @@ -6,8 +6,7 @@ # PORTNAME= php5 -PORTVERSION= 5.2.1 -PORTREVISION?= 3 +PORTVERSION= 5.2.2 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP:S,$,:release,} \ http://downloads.php.net/ilia/:rc \ diff -urN php5.orig/distinfo php5/distinfo --- php5.orig/distinfo Mon May 7 11:44:44 2007 +++ php5/distinfo Mon May 7 11:55:25 2007 @@ -1,9 +1,9 @@ -MD5 (php-5.2.1.tar.bz2) = 261218e3569a777dbd87c16a15f05c8d -SHA256 (php-5.2.1.tar.bz2) = 4b60fa70969644d193d58dd7cb9f2765e304c6368e98b1551e92e8d4e14d35ed -SIZE (php-5.2.1.tar.bz2) = 7163383 -MD5 (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 98cae8ee994df74e3ea1b25c955310e8 -SHA256 (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 78802a71c35ed2bed2e0e32cb8443f682451989ebe1ed5d5b384b7bb85b90c1b -SIZE (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 22679 -MD5 (php-5.2.1-mail-header.patch) = be00d628a43e650e98c45185485100c1 -SHA256 (php-5.2.1-mail-header.patch) = e72c3f0d8d905bf92513bbf858a450469b15ee3c7d4da33feb495100ac7b1cd2 -SIZE (php-5.2.1-mail-header.patch) = 3420 +MD5 (php-5.2.2.tar.bz2) = d084337867d70b50a10322577be0e44e +SHA256 (php-5.2.2.tar.bz2) = cd69e73c46e1d171ac0cf27b7ee492c3bf8f6b45a763a77fd0cb79d5afa9f407 +SIZE (php-5.2.2.tar.bz2) = 7310926 +MD5 (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 081fe08d584820a6ece1fe2e8629711f +SHA256 (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 932d8155028686b96d3ebf89215dab7cd9353ac72f9ea82c252d0999fb4bd864 +SIZE (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 22850 +MD5 (php-5.2.2-mail-header.patch) = 6b2562b5230b1f85a2ccb292e124a91a +SHA256 (php-5.2.2-mail-header.patch) = 5394732be1953c7eedc2de9529d10971d85959af6352c8a67b4561124ddc8df5 +SIZE (php-5.2.2-mail-header.patch) = 3420 diff -urN php5.orig/files/patch-ext_standard_string.c php5/files/patch-ext_standard_string.c --- php5.orig/files/patch-ext_standard_string.c Mon May 7 11:44:44 2007 +++ php5/files/patch-ext_standard_string.c Wed Dec 31 16:00:00 1969 @@ -1,11 +0,0 @@ ---- ext/standard/string.c.orig Thu Feb 15 07:50:09 2007 -+++ ext/standard/string.c Thu Feb 15 07:50:33 2007 -@@ -3148,7 +3148,7 @@ - } - - Z_STRLEN_P(result) = len + (char_count * (to_len - 1)); -- Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len); -+ Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len + 1); - Z_TYPE_P(result) = IS_STRING; - - if (case_sensitivity) { >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705081846.l48IklxK084021>