ports/116188: [patch] lang/php5 update to 5.2.4 to address security vulnerabilities
Nick Barkas
snb at threerings.net
Fri Sep 7 21:30:03 UTC 2007
>Number: 116188
>Category: ports
>Synopsis: [patch] lang/php5 update to 5.2.4 to address security vulnerabilities
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 07 21:30:02 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Nick Barkas
>Release: FreeBSD 6.2-RELEASE-p4 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
PHP below 5.2.4 suffers from a number of recently announced security
vulnerabilities (see http://www.freebsd.org/cgi/query-pr.cgi?pr=116182). This is
an update to the lang/php5 port from 5.2.3 to 5.2.4.
Note that there is not a Suhosin patch for php 5.2.4 yet that I could find, so I
have disabled Suhosin in the Makefile used in this patch for the time being. I
have not tested this update a great deal, but I have verified that this update
works at least with MediaWiki and SquirrelMail with PHP as an Apache module.
Maintainer has been CC'd.
>How-To-Repeat:
>Fix:
--- php5.patch begins here ---
diff -urN php5.orig/Makefile php5/Makefile
--- php5.orig/Makefile Fri Jul 27 23:33:54 2007
+++ php5/Makefile Fri Sep 7 13:03:13 2007
@@ -6,8 +6,7 @@
#
PORTNAME= php5
-PORTVERSION= 5.2.3
-PORTREVISION?= 1
+PORTVERSION= 5.2.4
CATEGORIES?= lang devel www
MASTER_SITES= ${MASTER_SITE_PHP}
MASTER_SITE_SUBDIR= distributions
@@ -55,13 +54,14 @@
PATCH_DIST_STRIP= -p1
-.if !defined(WITHOUT_SUHOSIN)
-PATCHFILES+= suhosin-patch-${PORTVERSION}-0.9.6.2.patch.gz:suhosin
-PATCH_SITES+= http://www.hardened-php.net/suhosin/_media/:suhosin
-PLIST_SUB+= SUHOSIN=""
-.else
+# XXX There is currently no suhosin patch for php 5.2.4
+#.if !defined(WITHOUT_SUHOSIN)
+#PATCHFILES+= suhosin-patch-${PORTVERSION}-0.9.6.2.patch.gz:suhosin
+#PATCH_SITES+= http://www.hardened-php.net/suhosin/_media/:suhosin
+#PLIST_SUB+= SUHOSIN=""
+#.else
PLIST_SUB+= SUHOSIN="@comment "
-.endif
+#.endif
.if defined(WITH_MAILHEAD)
PATCHFILES+= php-${PORTVERSION}-mail-header.patch:mail
diff -urN php5.orig/distinfo php5/distinfo
--- php5.orig/distinfo Mon Jun 4 11:30:54 2007
+++ php5/distinfo Fri Sep 7 12:04:03 2007
@@ -1,9 +1,6 @@
-MD5 (php-5.2.3.tar.bz2) = eb50b751c8e1ced05bd012d5a0e4dec3
-SHA256 (php-5.2.3.tar.bz2) = eedffda5069caa801a7fec217c77619657416a5fcaefb79ba4620432f0befe29
-SIZE (php-5.2.3.tar.bz2) = 7417635
-MD5 (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = f217d04f9513222e48cea6588ac65b89
-SHA256 (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = 214c43e4808483f0700f36ffa57aba909a669cb335c179d46c1e8f765d70bd1f
-SIZE (suhosin-patch-5.2.3-0.9.6.2.patch.gz) = 22789
-MD5 (php-5.2.3-mail-header.patch) = c48ef565c02a2aeb6aadd3d12cea7bb8
-SHA256 (php-5.2.3-mail-header.patch) = dc80159705c2e2806fdab1632d573218383487dce3ad5aa700e92b909dcd03e5
-SIZE (php-5.2.3-mail-header.patch) = 3420
+MD5 (php-5.2.4.tar.bz2) = 55c97a671fdabf462cc7a82971a656d2
+SHA256 (php-5.2.4.tar.bz2) = 502f5259e4619ba3549cd9f9bdeb4152c7effa66672348f3b108fccc8e1ca1c0
+SIZE (php-5.2.4.tar.bz2) = 7608429
+MD5 (php-5.2.4-mail-header.patch) = d1b5bbfe95078a367821b74fbbd45e3f
+SHA256 (php-5.2.4-mail-header.patch) = c84ecc5619c900d3ec0c98fd5c09dbfb78afe572f298c00d68f9254596e6e708
+SIZE (php-5.2.4-mail-header.patch) = 3420
diff -urN php5.orig/files/patch-sapi_cgi_config9.m4 php5/files/patch-sapi_cgi_config9.m4
--- php5.orig/files/patch-sapi_cgi_config9.m4 Mon Jun 4 11:30:55 2007
+++ php5/files/patch-sapi_cgi_config9.m4 Fri Sep 7 12:54:38 2007
@@ -1,26 +1,26 @@
---- sapi/cgi/config9.m4.orig Thu Feb 2 10:59:23 2006
-+++ sapi/cgi/config9.m4 Thu May 4 11:19:41 2006
-@@ -80,7 +80,6 @@
- ])
-
-
+--- sapi/cgi/config9.m4.orig Wed Jul 11 16:20:36 2007
++++ sapi/cgi/config9.m4 Fri Sep 7 12:54:27 2007
+@@ -25,7 +25,6 @@
+ dnl
+ dnl CGI setup
+ dnl
-if test "$PHP_SAPI" = "default"; then
- AC_MSG_CHECKING(for CGI build)
- if test "$PHP_SAPI_CGI" != "no"; then
+ AC_MSG_CHECKING(whether to build CGI binary)
+ if test "$PHP_CGI" != "no"; then
AC_MSG_RESULT(yes)
-@@ -145,8 +144,9 @@
- AC_DEFINE_UNQUOTED(PHP_FCGI_STATIC, $PHP_FCGI_STATIC, [ ])
- AC_MSG_RESULT($PHP_ENABLE_FASTCGI)
+@@ -85,8 +84,9 @@
+ AC_MSG_RESULT($PHP_PATH_INFO_CHECK)
+ dnl Set install target and select SAPI
- INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
-- PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c, , '$(SAPI_CGI_PATH)')
+- PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c,, '$(SAPI_CGI_PATH)')
+ INSTALL_CGI="@echo \"Installing PHP CGI binary: $(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
+ PHP_ADD_SOURCES(sapi/cgi, $PHP_FCGI_FILES cgi_main.c getopt.c,, cgi)
+ PHP_ADD_SOURCES(/main, internal_functions.c,,cgi)
case $host_alias in
*aix*)
-@@ -156,17 +156,29 @@
+@@ -96,17 +96,29 @@
BUILD_CGI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
;;
*)
@@ -37,8 +37,12 @@
+ PHP_SUBST(PHP_CGI_TARGET)
+ PHP_SUBST(PHP_INSTALL_CGI_TARGET)
-- elif test "$PHP_SAPI_CLI" != "no"; then
+- elif test "$PHP_CLI" != "no"; then
- AC_MSG_RESULT(no)
+- OVERALL_TARGET=
+- PHP_SAPI=cli
+- else
+- AC_MSG_ERROR([No SAPIs selected.])
+ if test "$PHP_SAPI" = "default" ; then
+ PHP_BUILD_PROGRAM($SAPI_CGI_PATH)
+ fi
@@ -46,10 +50,10 @@
+ AC_MSG_RESULT(no)
+ if test "$PHP_SAPI" = "default" ; then
+ if test "$PHP_SAPI_CLI" != "no" ; then
- OVERALL_TARGET=
- PHP_SAPI=cli
- else
- AC_MSG_ERROR([No SAPIs selected.])
++ OVERALL_TARGET=
++ PHP_SAPI=cli
++ else
++ AC_MSG_ERROR([No SAPIs selected.])
++ fi
fi
-+ fi
fi
--- php5.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list