Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 2 Jan 2012 16:18:49 GMT
From:      Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/163782: [update] lang/php52 to 5.2.17_5
Message-ID:  <201201021618.q02GInrc045842@red.freebsd.org>
Resent-Message-ID: <201201021620.q02GKB66098087@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         163782
>Category:       ports
>Synopsis:       [update] lang/php52 to 5.2.17_5
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 02 16:20:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Svyatoslav Lempert
>Release:        8.2-STABLE
>Organization:
>Environment:
>Description:
- Update to lastest security patchset 20120103 - added max_input_vars directive (default "1000") to prevent attacks based on hash collisions (from PHP 5.4 RC4)
>How-To-Repeat:

>Fix:
Apply patch to port. Please remove forbidden mark from port, port is secure, all security patches are applied, if you need you can enable security patches "by default" in Makefile outside of the dialog user choose.

Patch attached with submission follows:

diff -Nru php52.orig/Makefile php52/Makefile
--- php52.orig/Makefile	2012-01-03 00:57:20.000000000 +0900
+++ php52/Makefile	2012-01-03 00:58:29.000000000 +0900
@@ -7,7 +7,7 @@
 
 PORTNAME=	php52
 PORTVERSION=	5.2.17
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
@@ -191,7 +191,7 @@
 .endif
 
 .if defined(WITH_BACKPORTS)
-PATCHFILES+=	php52-backports-security-20111030.patch
+PATCHFILES+=	php52-backports-security-20120103.patch
 PATCH_SITES+=	http://php52-backports.googlecode.com/files/
 .else
 FORBIDDEN=	Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html
diff -Nru php52.orig/distinfo php52/distinfo
--- php52.orig/distinfo	2012-01-03 00:57:20.000000000 +0900
+++ php52/distinfo	2012-01-03 01:00:17.000000000 +0900
@@ -6,5 +6,5 @@
 SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069
 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f
 SIZE (php-5.2.10-mail-header.patch) = 3383
-SHA256 (php52-backports-security-20111030.patch) = 642c124f702310d584940608f1ebcaf5a5c44ca4e17c0adb5aa538d76a86ec1f
-SIZE (php52-backports-security-20111030.patch) = 280143
+SHA256 (php52-backports-security-20120103.patch) = d2821a7f2bbca3bde5b908652ce6fac4983f9e1373a2f9a0d6cf57d3df4c51c7
+SIZE (php52-backports-security-20120103.patch) = 283011


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201021618.q02GInrc045842>