Bug 144475

Summary: lang/php5 update from 5.2.12 to 5.2.13
Product: Ports & Packages Reporter: me
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
lang-php5.2.13.diff none

Description me 2010-03-04 19:20:01 UTC 
	PHP 5.2.12 has a known vulnerability in the wild. See:
		http://www.php.net/releases/5_2_13.php
	and
		http://samy.pl/phpwn/

	Patch to update php5.2.12 to 5.2.13. Also bumped suhosin patch
	which was at 5.2.11 for 5.2.12. Patch also avilable here:

		http://falz.net/static/lang-php5.2.13.diff

Fix: patch
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-03-04 19:20:11 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Alex Dupre freebsd_committer freebsd_triage 2010-03-17 16:56:04 UTC 
Have you run a tinderbox build of all php extensions to see if something
is broken?

-- 
Alex Dupre
Comment 3 me 2010-03-22 12:57:22 UTC 
On Wed, Mar 17, 2010 at 11:56 AM, Alex Dupre <ale@freebsd.org> wrote:
> Have you run a tinderbox build of all php extensions to see if something
> is broken?

I have not. In my case I made this patch and installed it locally but
not on extensions (yes, sort of ghetto) due to maintenance window
stuff. i did a few test builds and also checked the files included
with the distribution to see if there were any plist changes needed
but did not see any. I did this upgrade on 6 or so servers (no
extensions recompile) without issue.

I'm unsure how frequently PHP requires extensions to be an exact match
of versions but I tend to have some boxes have older extensions due to
poor maintenance and rarely run into an issue which is why I didn't do
extensive testing.

--Chris
Comment 4 Miroslav Lachman 2010-03-26 14:09:14 UTC 
I know this patch will not be committed, as 5.3.x is planned instead.
This information is for those how want to patch local ports tree.

I am running PHP 5.2.13 with 26 extensions without any problem (on 
7.2-RELEASE i386).

list of extensions:

# pkg_info -E php5\*
php5-5.2.13
php5-bz2-5.2.13
php5-ctype-5.2.13
php5-dom-5.2.13
php5-exif-5.2.13
php5-extensions-1.3
php5-ftp-5.2.13
php5-gd-5.2.13
php5-iconv-5.2.13
php5-imap-5.2.13
php5-mbstring-5.2.13
php5-mcrypt-5.2.13
php5-mysql-5.2.13
php5-mysqli-5.2.13
php5-openssl-5.2.13
php5-pcre-5.2.13
php5-posix-5.2.13
php5-session-5.2.13
php5-simplexml-5.2.13
php5-sockets-5.2.13
php5-spl-5.2.13
php5-sqlite-5.2.13
php5-tokenizer-5.2.13
php5-xml-5.2.13
php5-xmlreader-5.2.13
php5-xmlwriter-5.2.13
php5-zip-5.2.13
php5-zlib-5.2.13

I am planning to use 5.2.13 on another servers with even more 
extensions. I will submit followup to this PR if some errors occured.
Comment 5 Alex Dupre freebsd_committer freebsd_triage 2010-04-09 10:40:07 UTC 
State Changed
From-To: open->closed

PHP was updated to 5.3 release.