Bug 203541 - lang/php*: security/vuxml: security update to PHP 5.5.30, 5.6.14
Summary: lang/php*: security/vuxml: security update to PHP 5.5.30, 5.6.14
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Alex Dupre
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2015-10-04 23:57 UTC by Jason Unovitch
Modified: 2015-10-12 14:12 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)
junovitch: merge-quarterly?


Attachments
Update PHP ports (2.21 KB, patch)
2015-10-05 00:03 UTC, Jason Unovitch
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 commit-hook freebsd_committer 2015-10-05 00:00:25 UTC
A commit references this bug:

Author: junovitch
Date: Mon Oct  5 00:00:12 UTC 2015
New revision: 398626
URL: https://svnweb.freebsd.org/changeset/ports/398626

Log:
  Document PHP multiple security advisories in phar plugin

  PR:		203541
  Security:	c1da8b75-6aef-11e5-9909-002590263bf5

Changes:
  head/security/vuxml/vuln.xml
Comment 2 Jason Unovitch freebsd_committer 2015-10-05 00:03:08 UTC
Created attachment 161713 [details]
Update PHP ports

- Update php55 to 5.5.30
- Update php56 to 5.6.14
- Drop PORTREVISION on php56-zip

PR:		203541
Security:	c1da8b75-6aef-11e5-9909-002590263bf5
Comment 3 Jason Unovitch freebsd_committer 2015-10-05 00:04:28 UTC
Fix assignee to ale@ and ports-secteam@ as CC.
Comment 4 Jason Unovitch freebsd_committer 2015-10-05 00:08:30 UTC
Note this doesn't cover any actions for PHP 5.4 being EOL (http://php.net/eol.php).  The commits fixed in 5.5 and 5.6 aren't in the PHP 5.4 branch and there is no release for 5.4.
Comment 5 commit-hook freebsd_committer 2015-10-05 09:38:10 UTC
A commit references this bug:

Author: ale
Date: Mon Oct  5 09:37:56 UTC 2015
New revision: 398632
URL: https://svnweb.freebsd.org/changeset/ports/398632

Log:
  Update PHP ports to versions 5.5.30 and 5.6.14.

  PR:		203541
  Submitted by:	Jason Unovitch

Changes:
  head/archivers/php56-zip/Makefile
  head/lang/php55/Makefile
  head/lang/php55/distinfo
  head/lang/php56/Makefile
  head/lang/php56/distinfo
Comment 6 Jason Unovitch freebsd_committer 2015-10-05 22:21:45 UTC
Set merge-quarterly?

ale@ can you request to MFH this?
Comment 7 Jason Unovitch freebsd_committer 2015-10-05 22:24:38 UTC
(In reply to Jason Unovitch from comment #4)
> Note this doesn't cover any actions for PHP 5.4 being EOL ...

Regarding this comment, bug 203552 has already been created to address deprecating 5.4.
Comment 8 commit-hook freebsd_committer 2015-10-09 20:57:59 UTC
A commit references this bug:

Author: delphij
Date: Fri Oct  9 20:57:07 UTC 2015
New revision: 398957
URL: https://svnweb.freebsd.org/changeset/ports/398957

Log:
  MFH: r398632

  Update PHP ports to versions 5.5.30 and 5.6.14.

  PR:		203541
  Submitted by:	Jason Unovitch
  Approved by:	ports-secteam

Changes:
_U  branches/2015Q4/
  branches/2015Q4/archivers/php56-zip/Makefile
  branches/2015Q4/lang/php55/Makefile
  branches/2015Q4/lang/php55/distinfo
  branches/2015Q4/lang/php56/Makefile
  branches/2015Q4/lang/php56/distinfo
Comment 9 commit-hook freebsd_committer 2015-10-12 14:12:04 UTC
A commit references this bug:

Author: junovitch
Date: Mon Oct 12 14:11:13 UTC 2015
New revision: 399129
URL: https://svnweb.freebsd.org/changeset/ports/399129

Log:
  Add CVE assignment to r398626 PHP entry

  PR:		203541
  Security:	CVE-2015-7804
  Security: 	CVE-2015-7803
  Security: 	https://vuxml.FreeBSD.org/freebsd/c1da8b75-6aef-11e5-9909-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml