Bug 112527 - [patch] Upgrade lang/php5 to 5.2.2
Summary: [patch] Upgrade lang/php5 to 5.2.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-08 20:00 UTC by Nick Barkas
Modified: 2007-05-20 09:33 UTC (History)
0 users

See Also:

Attachments
file.diff (2.41 KB, patch)
2007-05-08 20:00 UTC, Nick Barkas 		no flags Details | Diff
php5-sqlite.patch (1.00 KB, patch)
2007-05-09 00:05 UTC, Nick Barkas 		no flags Details | Diff
php5-posix.patch (1.67 KB, patch)
2007-05-09 00:05 UTC, Nick Barkas 		no flags Details | Diff
php5-pcre.patch (356.15 KB, patch)
2007-05-09 00:05 UTC, Nick Barkas 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Barkas 2007-05-08 20:00:16 UTC 
PHP 5.2.2 has been released and fixes a number of security vulnerabilities shown here:
http://www.vuxml.org/freebsd/f5e52bf5-fc77-11db-8163-000e0c2e438a.html

Here is a patch that will upgrade the lang/php5 port to 5.2.2. If this is used, VuXML should be updated to indicate that 5.2.2 is not vulnerable to the problems listed in the above mentioned advisory. Until then, I could only build my patched port using DISABLE_VULNERABILITIES=yes.

I've only compiled the ports for the following extensions with the new version of PHP: ctype, dom, gettext, iconv, ldap, mbstring, mcrypt, mysql, openssl, pcre, readline, session, simplexml, spl, tokenizer, xml, xmlreader, xmlwriter, and zlib. pcre, from devel/php5-pcre, needed to have the files/patch-pcre-7.0 patch removed to build, and can also probably have PORTREVISION removed from its Makefile. I have also tried the sqlite extension (databases/sqlite) and posix (sysutils/php5-posix), and was unable to build either due to failed patching. I have not yet had the time to find what changes need to be made to their patches to get them to build.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2007-05-08 20:00:27 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer
Comment 2 Nick Barkas 2007-05-09 00:05:54 UTC 
Here are patches to databases/php5-sqlite, sysutils/php5-posix, and  
devel/php5-pcre. These make the patches included with the ports apply  
cleanly to PHP 5.2.2 (except php5-pcre, which just removes the patch  
provided by the port since it seems to be no longer needed). Note  
that removing the patches provided with the php5-sqlite and php5- 
posix ports currently also will make them build, but I instead  
updated them in case they are still needed.
Comment 3 Edwin Groothuis freebsd_committer freebsd_triage 2007-05-09 00:37:51 UTC 
Responsible Changed
From-To: ale->secteam

As suggested by Thierry Thomas: 

I think that it would be better to re-assign this PR to 
secteam, because 

1) ale@ is away from the net; 
2) the port is frozen; 
3) this upgrade would close several vulnerabilities in PHP.
Comment 4 Giovanni Venturi 2007-05-13 18:36:25 UTC 
I think that this port has to be updated against the ports freeze because it's 
a security fix not just PHP upgrade.

Giovanni
Comment 5 Giovanni Venturi 2007-05-13 18:43:23 UTC 
Also applying manually the patch, I get:

Stop in /usr/ports/lang/php5.
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade.83320.47 
env UPGRADE_TOOL=portupgrade UPGRADE_PORT=php5-5.2.1_2 
UPGRADE_PORT_VER=5.2.1_2 make
** Fix the problem and try again.
--->  Skipping 'archivers/php5-zlib' (php5-zlib-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'devel/php5-gettext' (php5-gettext-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'devel/php5-pcre' (php5-pcre-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'converters/php5-mbstring' (php5-mbstring-5.2.1_2) because a 
requisite package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'security/php5-mhash' (php5-mhash-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'security/php5-openssl' (php5-openssl-5.2.1_2) because a 
requisite package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'www/php5-session' (php5-session-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'databases/php5-mysql' (php5-mysql-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'textproc/php5-xml' (php5-xml-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'mail/squirrelmail' (squirrelmail-1.4.9a) because a requisite 
package 'php5-mbstring-5.2.1_2' (converters/php5-mbstring) failed (specify -k 
to force)
--->  Skipping 'graphics/php5-gd' (php5-gd-5.2.1_2) because a requisite 
package 'php5-5.2.1_2' (lang/php5) failed (specify -k to force)
--->  Skipping 'print/pecl-pdflib' (pecl-pdflib-2.1.2) because a requisite 
package 'php5-gd-5.2.1_2' (graphics/php5-gd) failed (specify -k to force)
--->  Skipping 'www/joomla' (joomla-1.0.12) because a requisite 
package 'php5-zlib-5.2.1_2' (archivers/php5-zlib) failed (specify -k to 
force)
** Listing the failed packages (*:skipped / !:failed)
        ! lang/php5 (php5-5.2.1_2)      (unknown build error)
        * archivers/php5-zlib (php5-zlib-5.2.1_2)
        * devel/php5-gettext (php5-gettext-5.2.1_2)
        * devel/php5-pcre (php5-pcre-5.2.1_2)
        * converters/php5-mbstring (php5-mbstring-5.2.1_2)
        * security/php5-mhash (php5-mhash-5.2.1_2)
        * security/php5-openssl (php5-openssl-5.2.1_2)
        * www/php5-session (php5-session-5.2.1_2)
        * databases/php5-mysql (php5-mysql-5.2.1_2)
        * textproc/php5-xml (php5-xml-5.2.1_2)
        * mail/squirrelmail (squirrelmail-1.4.9a)
        * graphics/php5-gd (php5-gd-5.2.1_2)
        * print/pecl-pdflib (pecl-pdflib-2.1.2)
        * www/joomla (joomla-1.0.12)

during the "portupgrade -a"

Giovanni
Comment 6 Nick Barkas 2007-05-16 19:22:46 UTC 
The errors you are getting from portupgrade look like it is trying to  
build php 5.2.1 rather than 5.2.2. Are you sure the patch applied  
correctly? I did not try installing the new version with portupgrade,  
only by running make; make install in /usr/ports/lang/php5, fwiw.
Comment 7 dfilter service freebsd_committer freebsd_triage 2007-05-20 09:27:35 UTC 
ale         2007-05-20 08:27:29 UTC

  FreeBSD ports repository

  Modified files:
    lang/php5            Makefile Makefile.ext distinfo 
    databases/php5-sqlite/files patch-config.m4 
    databases/php5-sybase_ct Makefile 
    devel/php5-pcre      Makefile 
    sysutils/php5-posix/files patch-posix.c 
  Removed files:
    lang/php5/files      patch-ext_standard_string.c 
    devel/php5-pcre/files patch-pcre-7.0 
  Log:
  Update to 5.2.2 release.
  
  PR:             ports/112527
  Submitted by:   Nick Barkas<snb@threerings.net>
  Approved by:    portmgr (linimon)
  
  Revision  Changes    Path
  1.3       +2 -2      ports/databases/php5-sqlite/files/patch-config.m4
  1.3       +0 -2      ports/databases/php5-sybase_ct/Makefile
  1.4       +0 -2      ports/devel/php5-pcre/Makefile
  1.2       +0 -10262  ports/devel/php5-pcre/files/patch-pcre-7.0 (dead)
  1.114     +2 -2      ports/lang/php5/Makefile
  1.44      +2 -1      ports/lang/php5/Makefile.ext
  1.34      +9 -9      ports/lang/php5/distinfo
  1.2       +0 -11     ports/lang/php5/files/patch-ext_standard_string.c (dead)
  1.2       +9 -10     ports/sysutils/php5-posix/files/patch-posix.c
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 8 Alex Dupre freebsd_committer freebsd_triage 2007-05-20 09:33:38 UTC 
State Changed
From-To: open->closed

Committed, thanks!