ports/171583: [update] lang/php52 to 5.2.17_11 (20120911)

Wed Sep 12 18:20:02 UTC 2012

>Number:         171583
>Category:       ports
>Synopsis:       [update] lang/php52 to 5.2.17_11 (20120911)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 12 18:20:01 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Svyatoslav Lempert
>Release:        9.0-STABLE
>Organization:
>Environment:
>Description:
- Update backports patch to 20120911
- Bump PORTREVISION


Changes:
- CVE-2011-1398 - The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 does not properly handle %0D sequences

- CVE-2012-0789 - Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.

- CVE-2012-3365 - The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors

- Timezone database updated to version 2012.5 (2012e) (from 2011.13 (2011m))

- Minor improvements (CVE-2012-2688, compilation issues with old GCC)


List VuXML http://www.freshports.org/vuxml.php?vid=918f38cd-f71e-11e1-8bd8-0022156e8794|bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89|3761df02-0f9c-11e0-becc-0022156e8794 also should be changed

918f38cd-f71e-11e1-8bd8-0022156e8794 - fixed 2012-09-11 http://code.google.com/p/php52-backports/ - remove this mark
bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89 - fixed 2012-06-21 - remove this mark
3761df02-0f9c-11e0-becc-0022156e8794 - it can't be fixed by PHP 5.2 design (most likely before the end of the support this will not be corrected) - leave this mark
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -Nru php52.old/Makefile php52/Makefile

--- php52.old/Makefile	2012-08-18 14:29:08.000000000 +0000
+++ php52/Makefile	2012-09-11 18:49:45.000000000 +0000
@@ -7,7 +7,7 @@
 
 PORTNAME=	php52
 PORTVERSION=	5.2.17
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
@@ -26,7 +26,7 @@
 MAKE_JOBS_SAFE=	yes
 
 # BACKPORTS patch for lang/php52 and all php52-extensions
-PATCHFILES=	php52-backports-security-20120721.patch
+PATCHFILES=	php52-backports-security-20120911.patch
 PATCH_SITES+=	http://php52-backports.googlecode.com/files/
 
 .if !defined(PKGNAMESUFFIX)
diff -Nru php52.old/distinfo php52/distinfo
--- php52.old/distinfo	2012-07-23 04:14:11.000000000 +0000
+++ php52/distinfo	2012-09-11 18:51:15.000000000 +0000
@@ -1,7 +1,7 @@
 SHA256 (php-5.2.17.tar.bz2) = e81beb13ec242ab700e56f366e9da52fd6cf18961d155b23304ca870e53f116c
 SIZE (php-5.2.17.tar.bz2) = 9092312
-SHA256 (php52-backports-security-20120721.patch) = a8ef22aaf2c7c1ff43d4154709a465f1ae6afaf1aeb1e6a39e274dcf36e33499
-SIZE (php52-backports-security-20120721.patch) = 306125
+SHA256 (php52-backports-security-20120911.patch) = 4911e2a5abb72d0558b2baf07ff64ca054d71219bde183e41b591894fb7cb1f6
+SIZE (php52-backports-security-20120911.patch) = 356599
 SHA256 (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 354ce451417d14ef47761ae55147e9cee30fa0ff6f59447da021194c539f4d7f
 SIZE (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 43550
 SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = aae115a318d80b3f32cedf876e7a8e4b932febb1b0c743c0b398003ebe122f91


>Release-Note:
>Audit-Trail:
>Unformatted:

