Summary: | lang/php55 lang/php56: Update to latest versions (5.5.36, 5.6.22) fixes security vulnerabilities | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Fabiano Sidler <freebsd-bugs> |
Component: | Individual Port(s) | Assignee: | Alex Dupre <ale> |
Status: | Closed FIXED | ||
Severity: | Affects Many People | CC: | freebsd-bugs, junovitch, ports-secteam |
Priority: | --- | Keywords: | security |
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(ale) junovitch: merge-quarterly+ |
Hardware: | Any | ||
OS: | Any |
Description
Fabiano Sidler
2016-05-27 07:59:02 UTC
A commit references this bug: Author: junovitch Date: Sat May 28 01:40:53 UTC 2016 New revision: 415969 URL: https://svnweb.freebsd.org/changeset/ports/415969 Log: Document security issues fixed in PHP 7.0.7, 5.6.22, and 5.5.36 PR: 209779 Reported by: Fabiano Sidler <fabianosidler@swissonline.ch> Security: CVE-2013-7456 Security: CVE-2016-4343 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html Changes: head/security/vuxml/vuln.xml A commit references this bug: Author: junovitch Date: Sat May 28 01:41:36 UTC 2016 New revision: 415971 URL: https://svnweb.freebsd.org/changeset/ports/415971 Log: lang/php56: update 5.6.21 -> 5.6.22 [1] plus minor fixup - Fix MAILHEAD patch to match the new version of the patch. The distinfo currently matches the php-5.5.x-mail-header.patch.old patch. [2] PR: 209779 [1] PR: 208072 [2] Reported by: Fabiano Sidler <fabianosidler@swissonline.ch> [1] Reported by: Vladislav V. Prodan <admin@support.od.ua> [2] Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html MFH: 2016Q2 Changes: head/lang/php56/Makefile head/lang/php56/distinfo A commit references this bug: Author: junovitch Date: Sat May 28 01:42:05 UTC 2016 New revision: 415972 URL: https://svnweb.freebsd.org/changeset/ports/415972 Log: lang/php55: update 5.5.35 -> 5.5.36 [1] plus minor fixups - Fix MAILHEAD patch to match the new version of the patch. The distinfo currently matches the php-5.5.x-mail-header.patch.old patch. [2] - Fix regression from r415818's conversion to @sample by installing the default php-fpm.conf under ${LOCALBASE}/etc and not ${LOCALBASE} PR: 209779 [1] PR: 208073 [2] Reported by: Fabiano Sidler <fabianosidler@swissonline.ch> [1] Submitted by: Paulo Henrique <paulo.oliveira@protonmail.ch> [2] Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-4343 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html MFH: 2016Q2 Changes: head/lang/php55/Makefile head/lang/php55/distinfo head/lang/php55/pkg-plist A commit references this bug: Author: junovitch Date: Sat May 28 01:48:23 UTC 2016 New revision: 415973 URL: https://svnweb.freebsd.org/changeset/ports/415973 Log: MFH: r415304 r415818 r415970 r415971 r415972 - Really fix ZTS build with pthreads, required by threaded apache24 - Bump PORTREVISION due to dependency on thread library Approved by: miwi (mentor) Simplify plist by using @sample lang/php70: update 7.0.6 -> 7.0.7 Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-5093 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html lang/php56: update 5.6.21 -> 5.6.22 [1] plus minor fixup - Fix MAILHEAD patch to match the new version of the patch. The distinfo currently matches the php-5.5.x-mail-header.patch.old patch. [2] PR: 209779 [1] PR: 208072 [2] Reported by: Fabiano Sidler <fabianosidler@swissonline.ch> [1] Reported by: Vladislav V. Prodan <admin@support.od.ua> [2] Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html lang/php55: update 5.5.35 -> 5.5.36 [1] plus minor fixups - Fix MAILHEAD patch to match the new version of the patch. The distinfo currently matches the php-5.5.x-mail-header.patch.old patch. [2] - Fix regression from r415818's conversion to @sample by installing the default php-fpm.conf under ${LOCALBASE}/etc and not ${LOCALBASE} PR: 209779 [1] PR: 208073 [2] Reported by: Fabiano Sidler <fabianosidler@swissonline.ch> [1] Submitted by: Paulo Henrique <paulo.oliveira@protonmail.ch> [2] Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-4343 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html Changes: _U branches/2016Q2/ branches/2016Q2/lang/php55/Makefile branches/2016Q2/lang/php55/distinfo branches/2016Q2/lang/php55/pkg-plist branches/2016Q2/lang/php56/Makefile branches/2016Q2/lang/php56/distinfo branches/2016Q2/lang/php56/pkg-plist branches/2016Q2/lang/php70/Makefile branches/2016Q2/lang/php70/distinfo branches/2016Q2/lang/php70/pkg-plist A commit references this bug: Author: junovitch Date: Sat May 28 01:48:23 UTC 2016 New revision: 415973 URL: https://svnweb.freebsd.org/changeset/ports/415973 Log: MFH: r415304 r415818 r415970 r415971 r415972 - Really fix ZTS build with pthreads, required by threaded apache24 - Bump PORTREVISION due to dependency on thread library Approved by: miwi (mentor) Simplify plist by using @sample lang/php70: update 7.0.6 -> 7.0.7 Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-5093 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html lang/php56: update 5.6.21 -> 5.6.22 [1] plus minor fixup - Fix MAILHEAD patch to match the new version of the patch. The distinfo currently matches the php-5.5.x-mail-header.patch.old patch. [2] PR: 209779 [1] PR: 208072 [2] Reported by: Fabiano Sidler <fabianosidler@swissonline.ch> [1] Reported by: Vladislav V. Prodan <admin@support.od.ua> [2] Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html lang/php55: update 5.5.35 -> 5.5.36 [1] plus minor fixups - Fix MAILHEAD patch to match the new version of the patch. The distinfo currently matches the php-5.5.x-mail-header.patch.old patch. [2] - Fix regression from r415818's conversion to @sample by installing the default php-fpm.conf under ${LOCALBASE}/etc and not ${LOCALBASE} PR: 209779 [1] PR: 208073 [2] Reported by: Fabiano Sidler <fabianosidler@swissonline.ch> [1] Submitted by: Paulo Henrique <paulo.oliveira@protonmail.ch> [2] Approved by: ports-secteam (with hat) Security: CVE-2013-7456 Security: CVE-2016-4343 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html Changes: _U branches/2016Q2/ branches/2016Q2/lang/php55/Makefile branches/2016Q2/lang/php55/distinfo branches/2016Q2/lang/php55/pkg-plist branches/2016Q2/lang/php56/Makefile branches/2016Q2/lang/php56/distinfo branches/2016Q2/lang/php56/pkg-plist branches/2016Q2/lang/php70/Makefile branches/2016Q2/lang/php70/distinfo branches/2016Q2/lang/php70/pkg-plist Fabiano, Thanks for the report. The requested security update has been committed under ports-secteam approval. I also fixed the MAILHEAD option for both ports while here. - Set merge-quarterly+ as it's been merged. - Set 'security' keyword. - Drop 'patch' keyword as there was never a patch attached to the PR and 'needs-patch' is irrelevant now that it's fixed. - Close PR |