From nobody@FreeBSD.org  Wed Jun 20 17:40:01 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 25682106566C
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Jun 2012 17:40:01 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id EAE5E8FC12
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Jun 2012 17:40:00 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q5KHe0J4052531
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 20 Jun 2012 17:40:00 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q5KHe06I052530;
	Wed, 20 Jun 2012 17:40:00 GMT
	(envelope-from nobody)
Message-Id: <201206201740.q5KHe06I052530@red.freebsd.org>
Date: Wed, 20 Jun 2012 17:40:00 GMT
From: Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [update] lang/php52 to 5.2.17_9 (20120526)
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: admin@lissyara.su

>Number:         169272
>Category:       ports
>Synopsis:       [update] lang/php52 to 5.2.17_9 (20120526)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    rm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 20 17:40:09 UTC 2012
>Closed-Date:    Wed Oct 17 18:05:10 UTC 2012
>Last-Modified:  Wed Oct 17 18:05:10 UTC 2012
>Originator:     Svyatoslav Lempert
>Release:        9.0-STABLE
>Organization:
>Environment:
>Description:
- update backports patch to latest version (20120526)
- magic_quotes_gpc fix for regression introduced by CVE-2012-0831 fix
- security 3761df02-0f9c-11e0-becc-0022156e8794 59b68b1e-9c78-11e1-b5e0-000c299b62e1


Please remove security vulnerabilities

http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html
CVE-2006-7243 : This is NOT vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=662707
We do not consider safe_mode / open_basedir restriction bypass issues to be
security sensitive.  For more details see
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1

http://www.vuxml.org/freebsd/59b68b1e-9c78-11e1-b5e0-000c299b62e1.html
CVE-2012-1823 : was fixed in 5.2.17_8
CVE-2012-2311 : fixed in the last patch
CVE-2012-2329 : this flaw only affects PHP 5.4.0 through 5.4.2 https://access.redhat.com/security/cve/CVE-2012-2329 https://bugzilla.redhat.com/show_bug.cgi?id=820000
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -Nru php52.old/Makefile php52/Makefile
--- php52.old/Makefile	2012-05-16 16:36:34.000000000 +0900
+++ php52/Makefile	2012-05-26 02:26:32.000000000 +0900
@@ -7,7 +7,7 @@
 
 PORTNAME=	php52
 PORTVERSION=	5.2.17
-PORTREVISION=	8
+PORTREVISION=	9
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
@@ -26,7 +26,7 @@
 MAKE_JOBS_SAFE=	yes
 
 # BACKPORTS patch for lang/php52 and all php52-extensions
-PATCHFILES=	php52-backports-security-20120504.patch
+PATCHFILES=	php52-backports-security-20120526.patch
 PATCH_SITES=	http://php52-backports.googlecode.com/files/
 
 .if !defined(PKGNAMESUFFIX)
diff -Nru php52.old/distinfo php52/distinfo
--- php52.old/distinfo	2012-05-06 00:21:14.000000000 +0900
+++ php52/distinfo	2012-05-26 03:00:13.000000000 +0900
@@ -1,10 +1,10 @@
 SHA256 (php-5.2.17.tar.bz2) = e81beb13ec242ab700e56f366e9da52fd6cf18961d155b23304ca870e53f116c
 SIZE (php-5.2.17.tar.bz2) = 9092312
+SHA256 (php52-backports-security-20120526.patch) = f5c62f44c2c040b89d14b55770aca7fae86d1f7c0f572f97d89550aec416d60d
+SIZE (php52-backports-security-20120526.patch) = 293532
 SHA256 (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 354ce451417d14ef47761ae55147e9cee30fa0ff6f59447da021194c539f4d7f
 SIZE (php-5.2.14-fpm-0.5.14-freebsd.patch.gz) = 43550
 SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = aae115a318d80b3f32cedf876e7a8e4b932febb1b0c743c0b398003ebe122f91
 SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069
 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f
 SIZE (php-5.2.10-mail-header.patch) = 3383
-SHA256 (php52-backports-security-20120504.patch) = 1ccf9faabccc2f682359076c15162b1acc972e01faeabd9fce6e8d69f5b12c89
-SIZE (php52-backports-security-20120504.patch) = 292077


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Wed Jun 20 17:40:34 UTC 2012 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169272 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: admin@lissyara.su
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/169272: [update] lang/php52 to 5.2.17_9 (20120526)
Date: Wed, 20 Jun 2012 17:40:31 UT

 Maintainer of lang/php52,
 
 Please note that PR ports/169272 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/169272
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Alex Keda <admin@lissyara.su>
To: bug-followup@FreeBSD.org, svyatoslav.lempert@gmail.com
Cc:  
Subject: Re: ports/169272: [update] lang/php52 to 5.2.17_9 (20120526)
Date: Wed, 27 Jun 2012 01:09:11 +0400

 please, commit this
State-Changed-From-To: feedback->open 
State-Changed-By: linimon 
State-Changed-When: Tue Jun 26 22:44:40 UTC 2012 
State-Changed-Why:  
Maintainer approved. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169272 
Responsible-Changed-From-To: freebsd-ports-bugs->rm 
Responsible-Changed-By: rm 
Responsible-Changed-When: Sat Jun 30 13:36:13 UTC 2012 
Responsible-Changed-Why:  
I will take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169272 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/169272: commit references a PR
Date: Sat, 30 Jun 2012 23:01:10 +0000 (UTC)

 rm          2012-06-30 23:00:58 UTC
 
   FreeBSD ports repository
 
   Modified files:
     lang/php52           Makefile distinfo 
   Log:
   - update backports patch to 20120526
   - bump PORTREVISION
   
   PR:             169272
   Submitted by:   Svyatoslav Lempert <svyatoslav.lempert at gmail dot com>
   Approved by:    Alex Keda <admin at lissyara dot su> (maintainer)
   
   Revision  Changes    Path
   1.31      +2 -2      ports/lang/php52/Makefile
   1.14      +2 -2      ports/lang/php52/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->patched 
State-Changed-By: rm 
State-Changed-When: Sun Jul 1 20:06:32 UTC 2012 
State-Changed-Why:  
Update had committed, thank you. Now checking the CVE stuff. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169272 
State-Changed-From-To: patched->closed 
State-Changed-By: rm 
State-Changed-When: Wed Oct 17 18:05:08 UTC 2012 
State-Changed-Why:  
First issue still wasn't fixed, as I understand, while second one was 
fixed in 5.2.17_9 and vuxml entry was already updated. So no changes is 
needed according to this pr. Safe to close. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=169272 
>Unformatted:
