Bug 203541

Summary: lang/php*: security/vuxml: security update to PHP 5.5.30, 5.6.14
Product: Ports & Packages Reporter: Jason Unovitch <junovitch>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Many People CC: delphij, ports-secteam
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (ports-secteam)
junovitch: merge-quarterly?
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Update PHP ports none

Comment 1 commit-hook freebsd_committer freebsd_triage 2015-10-05 00:00:25 UTC 
A commit references this bug:

Author: junovitch
Date: Mon Oct  5 00:00:12 UTC 2015
New revision: 398626
URL: https://svnweb.freebsd.org/changeset/ports/398626

Log:
  Document PHP multiple security advisories in phar plugin

  PR:		203541
  Security:	c1da8b75-6aef-11e5-9909-002590263bf5

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Jason Unovitch freebsd_committer freebsd_triage 2015-10-05 00:03:08 UTC 
Created attachment 161713 [details]
Update PHP ports

- Update php55 to 5.5.30
- Update php56 to 5.6.14
- Drop PORTREVISION on php56-zip

PR:		203541
Security:	c1da8b75-6aef-11e5-9909-002590263bf5
Comment 3 Jason Unovitch freebsd_committer freebsd_triage 2015-10-05 00:04:28 UTC 
Fix assignee to ale@ and ports-secteam@ as CC.
Comment 4 Jason Unovitch freebsd_committer freebsd_triage 2015-10-05 00:08:30 UTC 
Note this doesn't cover any actions for PHP 5.4 being EOL (http://php.net/eol.php).  The commits fixed in 5.5 and 5.6 aren't in the PHP 5.4 branch and there is no release for 5.4.
Comment 5 commit-hook freebsd_committer freebsd_triage 2015-10-05 09:38:10 UTC 
A commit references this bug:

Author: ale
Date: Mon Oct  5 09:37:56 UTC 2015
New revision: 398632
URL: https://svnweb.freebsd.org/changeset/ports/398632

Log:
  Update PHP ports to versions 5.5.30 and 5.6.14.

  PR:		203541
  Submitted by:	Jason Unovitch

Changes:
  head/archivers/php56-zip/Makefile
  head/lang/php55/Makefile
  head/lang/php55/distinfo
  head/lang/php56/Makefile
  head/lang/php56/distinfo
Comment 6 Jason Unovitch freebsd_committer freebsd_triage 2015-10-05 22:21:45 UTC 
Set merge-quarterly?

ale@ can you request to MFH this?
Comment 7 Jason Unovitch freebsd_committer freebsd_triage 2015-10-05 22:24:38 UTC 
(In reply to Jason Unovitch from comment #4)
> Note this doesn't cover any actions for PHP 5.4 being EOL ...

Regarding this comment, bug 203552 has already been created to address deprecating 5.4.
Comment 8 commit-hook freebsd_committer freebsd_triage 2015-10-09 20:57:59 UTC 
A commit references this bug:

Author: delphij
Date: Fri Oct  9 20:57:07 UTC 2015
New revision: 398957
URL: https://svnweb.freebsd.org/changeset/ports/398957

Log:
  MFH: r398632

  Update PHP ports to versions 5.5.30 and 5.6.14.

  PR:		203541
  Submitted by:	Jason Unovitch
  Approved by:	ports-secteam

Changes:
_U  branches/2015Q4/
  branches/2015Q4/archivers/php56-zip/Makefile
  branches/2015Q4/lang/php55/Makefile
  branches/2015Q4/lang/php55/distinfo
  branches/2015Q4/lang/php56/Makefile
  branches/2015Q4/lang/php56/distinfo
Comment 9 commit-hook freebsd_committer freebsd_triage 2015-10-12 14:12:04 UTC 
A commit references this bug:

Author: junovitch
Date: Mon Oct 12 14:11:13 UTC 2015
New revision: 399129
URL: https://svnweb.freebsd.org/changeset/ports/399129

Log:
  Add CVE assignment to r398626 PHP entry

  PR:		203541
  Security:	CVE-2015-7804
  Security: 	CVE-2015-7803
  Security: 	https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml