Bug 220532 - lang/php71: Update to 7.1.7
Summary: lang/php71: Update to 7.1.7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Torsten Zuehlsdorff
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-07 07:52 UTC by Fabiano Sidler
Modified: 2017-07-10 09:23 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (tz)
i.dani: maintainer-feedback? (secteam)
tz: merge-quarterly+


Attachments
patch (880 bytes, text/plain)
2017-07-07 07:52 UTC, Fabiano Sidler
no flags Details
Update to PHP 7.1.7 (2.70 KB, patch)
2017-07-07 09:17 UTC, Dani
i.dani: maintainer-approval? (tz)
Details | Diff
Small patch for Makefile.ext suggesting adding $FreeBSD$ and a possible switch to devel/oniguruma6 (1.60 KB, patch)
2017-07-09 13:38 UTC, Trond.Endrestol
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Fabiano Sidler 2017-07-07 07:52:57 UTC
Created attachment 184148 [details]
patch

Also, please don't forget to MTQ3! ;)
Comment 1 Torsten Zuehlsdorff freebsd_committer 2017-07-07 08:04:38 UTC
The patch isn't fully correct, because it misses to remove PORTREVISION at least from www/php71-opcache.

But i already have it done yesterday and will commit it today :)
Comment 2 Dani 2017-07-07 09:17:23 UTC
Created attachment 184150 [details]
Update to PHP 7.1.7

Update PHP 7.1 from 7.1.6 to 7.1.7
    - Remove PORTREVISION from: devel/php71-readline, www/php71-opcache
    - Fix distinfo (previous patch has wrong size
    - Remove patch "patch-main_php__ini.c", has been patched upstream

Changelog: http://www.php.net/ChangeLog-7.php#7.1.7
Comment 3 Dani 2017-07-07 09:37:35 UTC
Diff can be found here: review D11516
Comment 4 commit-hook freebsd_committer 2017-07-07 09:45:22 UTC
A commit references this bug:

Author: tz
Date: Fri Jul  7 09:44:32 UTC 2017
New revision: 445228
URL: https://svnweb.freebsd.org/changeset/ports/445228

Log:
  Update PHP 7.1 from 7.1.6 to 7.1.7

  Changelog: http://www.php.net/ChangeLog-7.php#7.1.7

  PR:          220532
  Reported by: Fabiano Sidler <fabianosidler@swissonline.ch>, Dani <i.dani@outlook.com>
  MFH:         2017Q3
  Security:    CVE-2017-9224
  Security:    CVE-2017-9226
  Security:    CVE-2017-9227
  Security:    CVE-2017-9228
  Security:    CVE-2017-9229

Changes:
  head/devel/php71-readline/Makefile
  head/lang/php71/Makefile
  head/lang/php71/distinfo
  head/lang/php71/files/patch-main_php__ini.c
  head/www/php71-opcache/Makefile
Comment 5 Torsten Zuehlsdorff freebsd_committer 2017-07-07 09:47:09 UTC
The second patch is correct; but as i wrote: i already created it yesterday :)
Its committed in HEAD.
Comment 6 Trond.Endrestol 2017-07-09 13:37:32 UTC
Pardon for intruding.

I suggest adding $FreeBSD$ to every Makefile.ext, i.e. lang/php{56,70,71}/Makefile.ext.

If devel/oniguruma5 won't be updated, then maybe phpNN-mbstring should switch to devel/oniguruma6, or start using oniguruma from the php distributions.

See attached patch.
Comment 7 Trond.Endrestol 2017-07-09 13:38:41 UTC
Created attachment 184201 [details]
Small patch for Makefile.ext suggesting adding $FreeBSD$ and a possible switch to devel/oniguruma6
Comment 8 commit-hook freebsd_committer 2017-07-10 08:47:24 UTC
A commit references this bug:

Author: tz
Date: Mon Jul 10 08:47:13 UTC 2017
New revision: 445419
URL: https://svnweb.freebsd.org/changeset/ports/445419

Log:
  MFH: r445228

  Update PHP 7.1 from 7.1.6 to 7.1.7

  Changelog: http://www.php.net/ChangeLog-7.php#7.1.7

  PR:          220532
  Reported by: Fabiano Sidler <fabianosidler@swissonline.ch>, Dani <i.dani@outlook.com>
  Security:    CVE-2017-9224
  Security:    CVE-2017-9226
  Security:    CVE-2017-9227
  Security:    CVE-2017-9228
  Security:    CVE-2017-9229

  Approved by: ports-secteam (junovitch)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/devel/php71-readline/Makefile
  branches/2017Q3/lang/php71/Makefile
  branches/2017Q3/lang/php71/distinfo
  branches/2017Q3/lang/php71/files/patch-main_php__ini.c
  branches/2017Q3/www/php71-opcache/Makefile
Comment 9 Dani 2017-07-10 09:15:10 UTC
Comment on attachment 184201 [details]
Small patch for Makefile.ext suggesting adding $FreeBSD$ and a possible switch to devel/oniguruma6

Built fine for me with devel/oniguruma6..
Since this is security related, it would be nice to see a fast fix.
Comment 10 Torsten Zuehlsdorff freebsd_committer 2017-07-10 09:21:46 UTC
This does need more than just a build-test. Also everything is already committed. 

Can you please open a new PR and repost the patch? I will handle it there to avoid confusions. :) Thanks!

Since the update is committed in head and quarterly i close this PR.
Comment 11 Torsten Zuehlsdorff freebsd_committer 2017-07-10 09:23:31 UTC
(Forgot to mention: it is very likely to be fine, since PHP itself bundles currently 6.3. But you could never be sure without any test)