ports/116188: [patch] lang/php5 update to 5.2.4 to address security vulnerabilities

Nick Barkas snb at threerings.net
Fri Sep 7 21:30:03 UTC 2007 

>Number:         116188
>Category:       ports
>Synopsis:       [patch] lang/php5 update to 5.2.4 to address security vulnerabilities
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 07 21:30:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Nick Barkas
>Release:        FreeBSD 6.2-RELEASE-p4 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
PHP below 5.2.4 suffers from a number of recently announced security
vulnerabilities (see http://www.freebsd.org/cgi/query-pr.cgi?pr=116182). This is
an update to the lang/php5 port from 5.2.3 to 5.2.4. 

Note that there is not a Suhosin patch for php 5.2.4 yet that I could find, so I
have disabled Suhosin in the Makefile used in this patch for the time being. I
have not tested this update a great deal, but I have verified that this update
works at least with MediaWiki and SquirrelMail with PHP as an Apache module.

Maintainer has been CC'd.
>How-To-Repeat:
>Fix:
--- php5.patch begins here ---
diff -urN php5.orig/Makefile php5/Makefile
--- php5.orig/Makefile	Fri Jul 27 23:33:54 2007
+++ php5/Makefile	Fri Sep  7 13:03:13 2007
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	php5
-PORTVERSION=	5.2.3
-PORTREVISION?=	1
+PORTVERSION=	5.2.4
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
@@ -55,13 +54,14 @@
 
 PATCH_DIST_STRIP=	-p1
 
-.if !defined(WITHOUT_SUHOSIN)
-PATCHFILES+=	suhosin-patch-${PORTVERSION}-0.9.6.2.patch.gz:suhosin
-PATCH_SITES+=	http://www.hardened-php.net/suhosin/_media/:suhosin
-PLIST_SUB+=	SUHOSIN=""
-.else
+# XXX There is currently no suhosin patch for php 5.2.4
+#.if !defined(WITHOUT_SUHOSIN)
+#PATCHFILES+=	suhosin-patch-${PORTVERSION}-0.9.6.2.patch.gz:suhosin
+#PATCH_SITES+=	http://www.hardened-php.net/suhosin/_media/:suhosin
+#PLIST_SUB+=	SUHOSIN=""
+#.else
 PLIST_SUB+=	SUHOSIN="@comment "
-.endif
+#.endif
 
 .if defined(WITH_MAILHEAD)
 PATCHFILES+=	php-${PORTVERSION}-mail-header.patch:mail
diff -urN php5.orig/distinfo php5/distinfo
--- php5.orig/distinfo	Mon Jun  4 11:30:54 2007
+++ php5/distinfo	Fri Sep  7 12:04:03 2007
@@ -1,9 +1,6 @@
-MD5 (php-5.2.3.tar.bz2) = eb50b751c8e1ced05bd012d5a0e4dec3
-SHA256 (php-5.2.3.tar.bz2) = eedffda5069caa801a7fec217c77619657416a5fcaefb79ba4620432f0befe29
-SIZE (php-5.2.3.tar.bz2) = 7417635
-MD5 (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = f217d04f9513222e48cea6588ac65b89
-SHA256 (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = 214c43e4808483f0700f36ffa57aba909a669cb335c179d46c1e8f765d70bd1f
-SIZE (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = 22789
-MD5 (php-5.2.3-mail-header.patch) = c48ef565c02a2aeb6aadd3d12cea7bb8
-SHA256 (php-5.2.3-mail-header.patch) = dc80159705c2e2806fdab1632d573218383487dce3ad5aa700e92b909dcd03e5
-SIZE (php-5.2.3-mail-header.patch) = 3420
+MD5 (php-5.2.4.tar.bz2) = 55c97a671fdabf462cc7a82971a656d2
+SHA256 (php-5.2.4.tar.bz2) = 502f5259e4619ba3549cd9f9bdeb4152c7effa66672348f3b108fccc8e1ca1c0
+SIZE (php-5.2.4.tar.bz2) = 7608429
+MD5 (php-5.2.4-mail-header.patch) = d1b5bbfe95078a367821b74fbbd45e3f
+SHA256 (php-5.2.4-mail-header.patch) = c84ecc5619c900d3ec0c98fd5c09dbfb78afe572f298c00d68f9254596e6e708
+SIZE (php-5.2.4-mail-header.patch) = 3420
diff -urN php5.orig/files/patch-sapi_cgi_config9.m4 php5/files/patch-sapi_cgi_config9.m4
--- php5.orig/files/patch-sapi_cgi_config9.m4	Mon Jun  4 11:30:55 2007
+++ php5/files/patch-sapi_cgi_config9.m4	Fri Sep  7 12:54:38 2007
@@ -1,26 +1,26 @@
---- sapi/cgi/config9.m4.orig	Thu Feb  2 10:59:23 2006
-+++ sapi/cgi/config9.m4	Thu May  4 11:19:41 2006
-@@ -80,7 +80,6 @@
- ])
- 
- 
+--- sapi/cgi/config9.m4.orig	Wed Jul 11 16:20:36 2007
++++ sapi/cgi/config9.m4	Fri Sep  7 12:54:27 2007
+@@ -25,7 +25,6 @@
+ dnl
+ dnl CGI setup
+ dnl
 -if test "$PHP_SAPI" = "default"; then
-   AC_MSG_CHECKING(for CGI build)
-   if test "$PHP_SAPI_CGI" != "no"; then
+   AC_MSG_CHECKING(whether to build CGI binary)
+   if test "$PHP_CGI" != "no"; then
      AC_MSG_RESULT(yes)
-@@ -145,8 +144,9 @@
-     AC_DEFINE_UNQUOTED(PHP_FCGI_STATIC, $PHP_FCGI_STATIC, [ ])
-     AC_MSG_RESULT($PHP_ENABLE_FASTCGI)
+@@ -85,8 +84,9 @@
+     AC_MSG_RESULT($PHP_PATH_INFO_CHECK)
  
+     dnl Set install target and select SAPI
 -    INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
--    PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c, , '$(SAPI_CGI_PATH)')
+-    PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c,, '$(SAPI_CGI_PATH)')
 +    INSTALL_CGI="@echo \"Installing PHP CGI binary: $(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
 +    PHP_ADD_SOURCES(sapi/cgi, $PHP_FCGI_FILES cgi_main.c getopt.c,, cgi)
 +    PHP_ADD_SOURCES(/main, internal_functions.c,,cgi)
  
      case $host_alias in
        *aix*)
-@@ -156,17 +156,29 @@
+@@ -96,17 +96,29 @@
          BUILD_CGI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
        ;;
        *)
@@ -37,8 +37,12 @@
 +    PHP_SUBST(PHP_CGI_TARGET)
 +    PHP_SUBST(PHP_INSTALL_CGI_TARGET)
  
--  elif test "$PHP_SAPI_CLI" != "no"; then
+-  elif test "$PHP_CLI" != "no"; then
 -    AC_MSG_RESULT(no)
+-    OVERALL_TARGET=
+-    PHP_SAPI=cli   
+-  else
+-    AC_MSG_ERROR([No SAPIs selected.])  
 +    if test "$PHP_SAPI" = "default" ; then
 +      PHP_BUILD_PROGRAM($SAPI_CGI_PATH)
 +    fi
@@ -46,10 +50,10 @@
 +  AC_MSG_RESULT(no)
 +  if test "$PHP_SAPI" = "default" ; then
 +    if test "$PHP_SAPI_CLI" != "no" ; then
-     OVERALL_TARGET=
-     PHP_SAPI=cli   
-   else
-     AC_MSG_ERROR([No SAPIs selected.])  
++      OVERALL_TARGET=
++      PHP_SAPI=cli
++    else
++      AC_MSG_ERROR([No SAPIs selected.])
++    fi
    fi
-+ fi
  fi
--- php5.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list