Date: Mon, 2 Jan 2012 16:18:49 GMT From: Svyatoslav Lempert <svyatoslav.lempert@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/163782: [update] lang/php52 to 5.2.17_5 Message-ID: <201201021618.q02GInrc045842@red.freebsd.org> Resent-Message-ID: <201201021620.q02GKB66098087@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163782 >Category: ports >Synopsis: [update] lang/php52 to 5.2.17_5 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Jan 02 16:20:11 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Svyatoslav Lempert >Release: 8.2-STABLE >Organization: >Environment: >Description: - Update to lastest security patchset 20120103 - added max_input_vars directive (default "1000") to prevent attacks based on hash collisions (from PHP 5.4 RC4) >How-To-Repeat: >Fix: Apply patch to port. Please remove forbidden mark from port, port is secure, all security patches are applied, if you need you can enable security patches "by default" in Makefile outside of the dialog user choose. Patch attached with submission follows: diff -Nru php52.orig/Makefile php52/Makefile --- php52.orig/Makefile 2012-01-03 00:57:20.000000000 +0900 +++ php52/Makefile 2012-01-03 00:58:29.000000000 +0900 @@ -7,7 +7,7 @@ PORTNAME= php52 PORTVERSION= 5.2.17 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} MASTER_SITE_SUBDIR= distributions @@ -191,7 +191,7 @@ .endif .if defined(WITH_BACKPORTS) -PATCHFILES+= php52-backports-security-20111030.patch +PATCHFILES+= php52-backports-security-20120103.patch PATCH_SITES+= http://php52-backports.googlecode.com/files/ .else FORBIDDEN= Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html diff -Nru php52.orig/distinfo php52/distinfo --- php52.orig/distinfo 2012-01-03 00:57:20.000000000 +0900 +++ php52/distinfo 2012-01-03 01:00:17.000000000 +0900 @@ -6,5 +6,5 @@ SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f SIZE (php-5.2.10-mail-header.patch) = 3383 -SHA256 (php52-backports-security-20111030.patch) = 642c124f702310d584940608f1ebcaf5a5c44ca4e17c0adb5aa538d76a86ec1f -SIZE (php52-backports-security-20111030.patch) = 280143 +SHA256 (php52-backports-security-20120103.patch) = d2821a7f2bbca3bde5b908652ce6fac4983f9e1373a2f9a0d6cf57d3df4c51c7 +SIZE (php52-backports-security-20120103.patch) = 283011 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201021618.q02GInrc045842>