ports/162165: [update] lang/php52 update for new timezone set in timezonedb.h
Svyatoslav Lempert
svyatoslav.lempert at gmail.com
Sun Oct 30 09:50:09 UTC 2011
>Number: 162165
>Category: ports
>Synopsis: [update] lang/php52 update for new timezone set in timezonedb.h
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Sun Oct 30 09:50:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Svyatoslav Lempert
>Release: 8.2-STABLE
>Organization:
>Environment:
FreeBSD bsd8.ispsystem.info 8.2-STABLE FreeBSD 8.2-STABLE #2 r95: Wed Oct 5 11:31:11 IRKST 2011 root at freebsd8-amd64.ispsystem.net:/root/src/sys/amd64/compile/ISPSYSTEM amd64
>Description:
- Patch for new timezone set in timezonedb.h (actually especially for Russia and other countries have abolished the transition to winter time) from upstream PHP svn trunk
- One patchfile http://code.google.com/p/php52-backports/ from security branch instead of multiple files
- Bump portrevision to 4
>How-To-Repeat:
Run this code
bsd8# cat time.php
<?php
date_default_timezone_set('Europe/Moscow');
echo date("r");
?>
without new timezonedb.h
bsd8# php time.php
Sun, 30 Oct 2011 12:41:35 +0300
It's wrong. But PHP used "own" timzone file and do not check system localtime
Run code again with fixed zoneinfo in PHP compiled with new timezonedb.h
bsd8# ./php time.php
Sun, 30 Oct 2011 13:41:40 +0400
>Fix:
Apply patch to lang/php52 and rebuild and reinstall port
Patch attached with submission follows:
diff -Nru php52.old/Makefile php52/Makefile
--- php52.old/Makefile 2011-09-29 18:53:25.000000000 +0100
+++ php52/Makefile 2011-10-30 09:26:31.000000000 +0000
@@ -7,7 +7,7 @@
PORTNAME= php52
PORTVERSION= 5.2.17
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES?= lang devel www
MASTER_SITES= ${MASTER_SITE_PHP}
MASTER_SITE_SUBDIR= distributions
@@ -191,12 +191,7 @@
.endif
.if defined(WITH_BACKPORTS)
-PATCHFILES+= php-5.2.17-CVE-2011-0421.patch \
- php-5.2.17-CVE-2011-0708.patch \
- php-5.2.17-CVE-2011-1092.patch \
- php-5.2.17-CVE-2011-1148.patch \
- php-5.2.17-CVE-2011-1938.patch \
- php-5.2.17-CVE-2011-2202.patch
+PATCHFILES+= php52-backports-security-20111030.patch
PATCH_SITES+= http://php52-backports.googlecode.com/files/
.else
FORBIDDEN= Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html
diff -Nru php52.old/distinfo php52/distinfo
--- php52.old/distinfo 2011-09-29 18:53:25.000000000 +0100
+++ php52/distinfo 2011-10-30 09:27:36.000000000 +0000
@@ -6,15 +6,5 @@
SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069
SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f
SIZE (php-5.2.10-mail-header.patch) = 3383
-SHA256 (php-5.2.17-CVE-2011-0421.patch) = e31086a77a5c4ec1cb4e302d3c7107eadbfebc26cf9e1ca5a018407616a95e7a
-SIZE (php-5.2.17-CVE-2011-0421.patch) = 383
-SHA256 (php-5.2.17-CVE-2011-0708.patch) = e07d9cac035da6a53216600b17a6d0b4d524ccae1c48288dfdfb9ca965a0f70a
-SIZE (php-5.2.17-CVE-2011-0708.patch) = 1724
-SHA256 (php-5.2.17-CVE-2011-1092.patch) = 4e57151848f006258d9566605929d9121b754c8b5957c24d481d1d6390ecc518
-SIZE (php-5.2.17-CVE-2011-1092.patch) = 380
-SHA256 (php-5.2.17-CVE-2011-1148.patch) = ca9f77ad7d0350d6155b5aa7f2947b4ea3f20df436a2687f578bfde3f890b43d
-SIZE (php-5.2.17-CVE-2011-1148.patch) = 5115
-SHA256 (php-5.2.17-CVE-2011-1938.patch) = f6f6e8b0f6ec430c598eed17b5bb2bb4223591406920d578a1c5711c214988e4
-SIZE (php-5.2.17-CVE-2011-1938.patch) = 641
-SHA256 (php-5.2.17-CVE-2011-2202.patch) = b131428a79548c9164721a03fe33003f7b7631e26d50084308e140ed5dd9d995
-SIZE (php-5.2.17-CVE-2011-2202.patch) = 845
+SHA256 (php52-backports-security-20111030.patch) = 642c124f702310d584940608f1ebcaf5a5c44ca4e17c0adb5aa538d76a86ec1f
+SIZE (php52-backports-security-20111030.patch) = 280143
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list