Code
php52-backports
PHP 5.2.17 is no longer supported by PHP developers team and therefore in the repository we will add security patches and various fixes for it. Oldstable PHP version (5.2) is not compatible with new development version (5.3, 5.4), but it is need for many older applications, we use it on web hosting service for our customers, it is especially popular in Russia and CIS countries.
Patches and fixes was taken from various free sources. We were getting patches from centos.alt.ru repository, from Debian patches and from PHP svn trunk.
Make more secure your server with our security patch. Use our project for download the last version of PHP 5.2.17+ with security and bugfix patches.
Also we have added our patches into FreeBSD lang/php52 port.
Download the last version of the source code with all patches (maybe is not stable, please test this and write to Issues list if any problem exist):
svn checkout https://php52-backports.googlecode.com/svn/trunk/ php52-backports
Download security and critical patches only branch:
svn checkout https://php52-backports.googlecode.com/svn/security/ php52-backports-security
For create a patch diff-file from the original version 5.2.17 use command like this:
svn diff -r 2 ....
Downloads
- Last 20130717 full trunk patch (all bugfixes, maybe is not stable)
Last 20130717 security branch patch (critical security bugfixes / FreeBSD port / stable / recommended)
Deprecated downloads (for lang/php52 port only)
How to use
cd php-5.2.17
download patch
patch -p1 -i php52-backports-*.patch
configure && build && install as you want
Changelog
See also SVN repo changes
2013-07-17
trunk/security * - CVE-2013-4113 (issue 19), issue 16, issue 17, issue 18 fixes * - timezonedb 2013.4 (2013d) * - +PHP 5.2.17_15 FreeBSD port (security patch)
2013-03-20
trunk/security * - CVE-2013-1635, CVE-2013-1643, timezonedb 2013.2 (2013b) * - +PHP 5.2.17_14 FreeBSD port (security patch)
2012-11-14
trunk/security * - Timezone database updated to version 2012.9 (2012i) * - +PHP 5.2.17_12 FreeBSD port
2012-09-24
trunk/security: * - CVE-2006-7243 , CVE-2012-4388 fix
2012-09-11
trunk: * Issue 1, Issue 13 fix trunk/security: * - timezonedb.h updated to version 2012.5 (2012e) (from 2011.13 (2011m)) security: * - CVE-2011-1398 r73 (fixed in trunk as bug-60227 r30) The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 does not properly handle %0D sequences * - +PHP 5.2.17_11 FreeBSD port
2012-08-26
trunk: * - CVE-2012-0789 r67, bug-62763 r68, bug-62839 r69, bug-62499 r70, bug-62715 r71 security: * - CVE-2012-0789 r72
2012-08-08
trunk/security: * - Linux distros compilation issue 11 (r66 r65)
security: * - CVE-2012-3365 open_basedir bypass in sqlite r61 * - Improve overflow checks CVE-2012-2688 r64
trunk: * - bug-61546 r54, bug-61713 r55, bug-61730 r56, bug-61755 r57, bug-61764 r58, bug-61948 r59, bug-69161 r60
2012-06-23
trunk: * - bug-62432 r51, bug-62146 r49, bug-62064 r48, CVE-2012-3365 r47 * - Improve overflow checks CVE-2012-2688 r52
2012-06-21
security / trunk * - CVE-2012-2688 r44, fixes in php_variables.c r45 * - +PHP 5.2.17_10 FreeBSD port
2012-06-27
trunk: * - compilation issue Z_SET_ISREF_PP/Z_ADDREF_PP in ext/soap/php_encoding.c * - compilation issue zend_alter_ini_entry_ex on Linux systems fix in main/php_variables.c (now CVE-2012-0830 patched as in Debian Linux) * - CVE-2012-0057 security: * - compilation issue zend_alter_ini_entry_ex on Linux systems fix in main/php_variables.c (now CVE-2012-0830 patched as in Debian Linux) * - CVE-2012-0057, CVE-2011-1469 (was fixed in trunk as bug-54092), CVE-2011-1470 (trunk bug-53579)
2012-05-26
security / trunk * - CVE-2012-2311 fix (patch from v.a.popov) * - magic_quotes_gpc fix for regression introduced by CVE-2012-0831 fix * - CVE-2012-2336 (with fastcgi compilation issues in r35 r36) * - +PHP 5.2.17_9 FreeBSD port
2012-05-04
trunk * - CVE-2012-1172, CVE-2012-1823, bugfixes 61650, 61165, 61095, 61000, 60801, 60227, 60222
security * - CVE-2012-1172, CVE-2012-1823 * - +PHP 5.2.17_8 FreeBSD port
2012-02-16
security * - CVE-2012-0781 (bug-54682 in trunk), CVE-2011-4153, CVE-2012-0788, CVE-2012-0831
trunk * - CVE-2011-4153, CVE-2012-0788, CVE-2012-0831
2012-02-03
security / trunk * - CVE-2012-0830
2012-02-02
security branch * - CVE-2011-1466 (fixed in trunk 2011-09-17 as bug-53574), CVE-2011-1471 (fixed in trunk 2011-09-17 as bug-49072)
2012-01-17
trunk * - CVE-2011-4566, bugfixes 60206, 60138, 60120, 55674, 55509, 55504, 52461, 55366, 55273, 52624, 43200, 54682, 60455, 60183, 55478 from centos.alt.ru
security * - CVE-2011-4566 fix (Integer overflow during the parsing of invalid exif header) * - +PHP 5.2.17_6 FreeBSD port
2012-01-03
security / trunk * - Added php-5.2-max-input-vars patch max_input_vars directive to prevent attacks based on hash collisions - CVE-2011-4885 * - +PHP 5.2.17_5 FreeBSD port (security branch)
2011-10-30
security / trunk * - New timezonedb.h (abolition of winter time) * - +PHP 5.2.17_4 FreeBSD port (from security branch)
2011-09-17
trunk * - CVE-2011-2202, CVE-2011-1938, CVE-2011-1148, CVE-2011-0708, CVE-2011-1092, CVE-2011-0421 * - Fixes from https://bugs.php.net/ - bug-54055, bug-53577, bug-48484, bug-48607, bug-53574, bug-52290, bug-52063, bug-53924, bug-53150, bug-52209, bug-47435, bug-53377, bug-39847, bug-53630, bug-51336, bug-53515, bug-54092, bug-53903, bug-54089, bug-53603, bug-53854, bug-53579, bug-53568, bug-49072, bug-55399, bug-55082, bug-55014, bug-54180, bug-54137, bug-53848, bug-52935, bug-51997, bug-50363, bug-48465, bug-54529, bug-52496, bug-54242, bug-54121, bug-53037, bug-54269, bug-54601, bug-54440, bug-54494, bug-54221, bug-52104, bug-54329, bug-53782, bug-54318, bug-55323, bug-54312, bug-51958, bug-54946
Thanks to CentOS.alt.ru for great work http://centos.alt.ru/?p=571
2011-09-17
security * - CVE-2011-2202, CVE-2011-1938, CVE-2011-1148, CVE-2011-0708, CVE-2011-1092, CVE-2011-0421 * - +PHP 5.2.17_3 FreeBSD port (from security branch, splited patchfiles only)
2011-09-17 * Project started