ports/112527: [patch] Upgrade lang/php5 to 5.2.2
Nick Barkas
snb at threerings.net
Tue May 8 19:00:16 UTC 2007
>Number: 112527
>Category: ports
>Synopsis: [patch] Upgrade lang/php5 to 5.2.2
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Tue May 08 19:00:16 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Nick Barkas
>Release: FreeBSD 6.1
>Organization:
Three Rings Design
>Environment:
FreeBSD lab1.earth.threerings.net 6.1-RELEASE-p6 FreeBSD 6.1-RELEASE-p6 #5: Wed Sep 13 17:45:32 PDT 2006 root at lab1.earth.threerings.net:/usr/obj/usr/src/sys/SMP i386
>Description:
PHP 5.2.2 has been released and fixes a number of security vulnerabilities shown here:
http://www.vuxml.org/freebsd/f5e52bf5-fc77-11db-8163-000e0c2e438a.html
Here is a patch that will upgrade the lang/php5 port to 5.2.2. If this is used, VuXML should be updated to indicate that 5.2.2 is not vulnerable to the problems listed in the above mentioned advisory. Until then, I could only build my patched port using DISABLE_VULNERABILITIES=yes.
I've only compiled the ports for the following extensions with the new version of PHP: ctype, dom, gettext, iconv, ldap, mbstring, mcrypt, mysql, openssl, pcre, readline, session, simplexml, spl, tokenizer, xml, xmlreader, xmlwriter, and zlib. pcre, from devel/php5-pcre, needed to have the files/patch-pcre-7.0 patch removed to build, and can also probably have PORTREVISION removed from its Makefile. I have also tried the sqlite extension (databases/sqlite) and posix (sysutils/php5-posix), and was unable to build either due to failed patching. I have not yet had the time to find what changes need to be made to their patches to get them to build.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -urN php5.orig/Makefile php5/Makefile
--- php5.orig/Makefile Mon May 7 11:44:44 2007
+++ php5/Makefile Mon May 7 11:48:36 2007
@@ -6,8 +6,7 @@
#
PORTNAME= php5
-PORTVERSION= 5.2.1
-PORTREVISION?= 3
+PORTVERSION= 5.2.2
CATEGORIES?= lang devel www
MASTER_SITES= ${MASTER_SITE_PHP:S,$,:release,} \
http://downloads.php.net/ilia/:rc \
diff -urN php5.orig/distinfo php5/distinfo
--- php5.orig/distinfo Mon May 7 11:44:44 2007
+++ php5/distinfo Mon May 7 11:55:25 2007
@@ -1,9 +1,9 @@
-MD5 (php-5.2.1.tar.bz2) = 261218e3569a777dbd87c16a15f05c8d
-SHA256 (php-5.2.1.tar.bz2) = 4b60fa70969644d193d58dd7cb9f2765e304c6368e98b1551e92e8d4e14d35ed
-SIZE (php-5.2.1.tar.bz2) = 7163383
-MD5 (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 98cae8ee994df74e3ea1b25c955310e8
-SHA256 (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 78802a71c35ed2bed2e0e32cb8443f682451989ebe1ed5d5b384b7bb85b90c1b
-SIZE (suhosin-patch-5.2.1-0.9.6.2.patch.gz) = 22679
-MD5 (php-5.2.1-mail-header.patch) = be00d628a43e650e98c45185485100c1
-SHA256 (php-5.2.1-mail-header.patch) = e72c3f0d8d905bf92513bbf858a450469b15ee3c7d4da33feb495100ac7b1cd2
-SIZE (php-5.2.1-mail-header.patch) = 3420
+MD5 (php-5.2.2.tar.bz2) = d084337867d70b50a10322577be0e44e
+SHA256 (php-5.2.2.tar.bz2) = cd69e73c46e1d171ac0cf27b7ee492c3bf8f6b45a763a77fd0cb79d5afa9f407
+SIZE (php-5.2.2.tar.bz2) = 7310926
+MD5 (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 081fe08d584820a6ece1fe2e8629711f
+SHA256 (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 932d8155028686b96d3ebf89215dab7cd9353ac72f9ea82c252d0999fb4bd864
+SIZE (suhosin-patch-5.2.2-0.9.6.2.patch.gz) = 22850
+MD5 (php-5.2.2-mail-header.patch) = 6b2562b5230b1f85a2ccb292e124a91a
+SHA256 (php-5.2.2-mail-header.patch) = 5394732be1953c7eedc2de9529d10971d85959af6352c8a67b4561124ddc8df5
+SIZE (php-5.2.2-mail-header.patch) = 3420
diff -urN php5.orig/files/patch-ext_standard_string.c php5/files/patch-ext_standard_string.c
--- php5.orig/files/patch-ext_standard_string.c Mon May 7 11:44:44 2007
+++ php5/files/patch-ext_standard_string.c Wed Dec 31 16:00:00 1969
@@ -1,11 +0,0 @@
---- ext/standard/string.c.orig Thu Feb 15 07:50:09 2007
-+++ ext/standard/string.c Thu Feb 15 07:50:33 2007
-@@ -3148,7 +3148,7 @@
- }
-
- Z_STRLEN_P(result) = len + (char_count * (to_len - 1));
-- Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len);
-+ Z_STRVAL_P(result) = target = safe_emalloc(char_count, to_len, len + 1);
- Z_TYPE_P(result) = IS_STRING;
-
- if (case_sensitivity) {
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list