The port Makefile contains the line: DEFAULT_PHP_VER=5 Which makes it do the wrong thing (instead PHP 5.5 versions of the modules it depends on), when I have defined PHP 5.6 as the default version for my system.
(In reply to Allan Jude from comment #0) Sorry, that should read "Install the PHP 5.5 versions..."
A patch would be great.
Created attachment 161203 [details] www/codeigniter: security update 2.1.4 -> 2.2.4 Allan, do you actually use this? Can you see if this update meets the muster at runtime? Seeing this, https://github.com/bcit-ci/CodeIgniter/commit/69b02d0f0bc46e914bed1604cfbd9bf74286b2e3, make me think the PHP 5.4 specific issue may have been fixed since the 2.1.4 release. Looking at this port the incremental updates on Codeigniter have been a wide range of security issues and this port hasn't had a version bump in 2 years. I'm looking into the range of them for VuXML.
A commit references this bug: Author: junovitch Date: Mon Sep 28 01:14:09 UTC 2015 New revision: 398069 URL: https://svnweb.freebsd.org/changeset/ports/398069 Log: www/codeigniter: security update 2.1.4 -> 2.2.4 [1] - Add NO_ARCH - Add mcrypt to USE_PHP (2.2.0+ requirement) and sort USE_PHP - Remove hard coded PHP_DEFAULT= 5.4 [2] - Sort OPTIONS_DEFINE, fix malformed ODBC_DESC, fix sqlite3 dependency - Update pkg-descr text to match http://www.codeigniter.com/ - Update WWW to http://www.codeigniter.com/ PR: 203401 [1] PR: 200945 [2] Reported by: allanjude [2] Approved by: maintainer timeout (15 months since 2.2.0 security update) [1] Approved by: maintainer timeout (3 months) [2] Security: 5114cd11-6571-11e5-9909-002590263bf5 Security: 01bce4c6-6571-11e5-9909-002590263bf5 Security: c21f4e61-6570-11e5-9909-002590263bf5 Security: f838dcb4-656f-11e5-9909-002590263bf5 MFH: 2015Q3 Changes: head/www/codeigniter/Makefile head/www/codeigniter/distinfo head/www/codeigniter/pkg-descr head/www/codeigniter/pkg-plist
Allan, I had seen the following runtime error with PHP 5.6 and CodeIgniter 2.1.4. After the update to CodeIgniter 2.2.4 this error is fixed so I lumped the removal of the hard coded default into that PR. The upstream commit mentioned earlier seems to be the cause and I am not seeing any other issues at this time. A PHP Error was encountered Severity: Notice Message: Only variable references should be returned by reference Filename: core/Common.php Line Number: 257
A commit references this bug: Author: junovitch Date: Mon Sep 28 22:04:00 UTC 2015 New revision: 398149 URL: https://svnweb.freebsd.org/changeset/ports/398149 Log: MFH: r398069 www/codeigniter: security update 2.1.4 -> 2.2.4 [1] - Add NO_ARCH - Add mcrypt to USE_PHP (2.2.0+ requirement) and sort USE_PHP - Remove hard coded PHP_DEFAULT= 5.4 [2] - Sort OPTIONS_DEFINE, fix malformed ODBC_DESC, fix sqlite3 dependency - Update pkg-descr text to match http://www.codeigniter.com/ - Update WWW to http://www.codeigniter.com/ PR: 203401 [1] PR: 200945 [2] Reported by: allanjude [2] Approved by: maintainer timeout (15 months since 2.2.0 security update) [1] Approved by: maintainer timeout (3 months) [2] Approved by: ports-secteam (feld) Security: 5114cd11-6571-11e5-9909-002590263bf5 Security: 01bce4c6-6571-11e5-9909-002590263bf5 Security: c21f4e61-6570-11e5-9909-002590263bf5 Security: f838dcb4-656f-11e5-9909-002590263bf5 Changes: _U branches/2015Q3/ branches/2015Q3/www/codeigniter/Makefile branches/2015Q3/www/codeigniter/distinfo branches/2015Q3/www/codeigniter/pkg-descr branches/2015Q3/www/codeigniter/pkg-plist