From nobody@FreeBSD.org  Mon Jan  2 16:18:50 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5EF361065676
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Jan 2012 16:18:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 33FEE8FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Jan 2012 16:18:50 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q02GIncL045843
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 2 Jan 2012 16:18:49 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q02GInrc045842;
	Mon, 2 Jan 2012 16:18:49 GMT
	(envelope-from nobody)
Message-Id: <201201021618.q02GInrc045842@red.freebsd.org>
Date: Mon, 2 Jan 2012 16:18:49 GMT
From: Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [update] lang/php52 to 5.2.17_5
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: admin@lissyara.su

>Number:         163782
>Category:       ports
>Synopsis:       [update] lang/php52 to 5.2.17_5
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    rm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 02 16:20:11 UTC 2012
>Closed-Date:    Mon Jan 02 18:32:34 UTC 2012
>Last-Modified:  Mon Jan  2 18:40:07 UTC 2012
>Originator:     Svyatoslav Lempert
>Release:        8.2-STABLE
>Organization:
>Environment:
>Description:
- Update to lastest security patchset 20120103 - added max_input_vars directive (default "1000") to prevent attacks based on hash collisions (from PHP 5.4 RC4)
>How-To-Repeat:

>Fix:
Apply patch to port. Please remove forbidden mark from port, port is secure, all security patches are applied, if you need you can enable security patches "by default" in Makefile outside of the dialog user choose.

Patch attached with submission follows:

diff -Nru php52.orig/Makefile php52/Makefile
--- php52.orig/Makefile	2012-01-03 00:57:20.000000000 +0900
+++ php52/Makefile	2012-01-03 00:58:29.000000000 +0900
@@ -7,7 +7,7 @@
 
 PORTNAME=	php52
 PORTVERSION=	5.2.17
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
@@ -191,7 +191,7 @@
 .endif
 
 .if defined(WITH_BACKPORTS)
-PATCHFILES+=	php52-backports-security-20111030.patch
+PATCHFILES+=	php52-backports-security-20120103.patch
 PATCH_SITES+=	http://php52-backports.googlecode.com/files/
 .else
 FORBIDDEN=	Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html
diff -Nru php52.orig/distinfo php52/distinfo
--- php52.orig/distinfo	2012-01-03 00:57:20.000000000 +0900
+++ php52/distinfo	2012-01-03 01:00:17.000000000 +0900
@@ -6,5 +6,5 @@
 SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069
 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f
 SIZE (php-5.2.10-mail-header.patch) = 3383
-SHA256 (php52-backports-security-20111030.patch) = 642c124f702310d584940608f1ebcaf5a5c44ca4e17c0adb5aa538d76a86ec1f
-SIZE (php52-backports-security-20111030.patch) = 280143
+SHA256 (php52-backports-security-20120103.patch) = d2821a7f2bbca3bde5b908652ce6fac4983f9e1373a2f9a0d6cf57d3df4c51c7
+SIZE (php52-backports-security-20120103.patch) = 283011


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Mon Jan 2 16:20:22 UTC 2012 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163782 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: admin@lissyara.su
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/163782: [update] lang/php52 to 5.2.17_5
Date: Mon, 2 Jan 2012 16:20:20 UT

 Maintainer of lang/php52,
 
 Please note that PR ports/163782 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163782
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: Alex Keda <admin@lissyara.su>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/163782: [update] lang/php52 to 5.2.17_5
Date: Mon, 02 Jan 2012 20:54:56 +0400

 please, commit this patch
Responsible-Changed-From-To: freebsd-ports-bugs->rm 
Responsible-Changed-By: rm 
Responsible-Changed-When: Mon Jan 2 18:02:20 UTC 2012 
Responsible-Changed-Why:  
I will take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163782 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/163782: commit references a PR
Date: Mon,  2 Jan 2012 18:26:40 +0000 (UTC)

 rm          2012-01-02 18:26:27 UTC
 
   FreeBSD ports repository
 
   Modified files:
     lang/php52           Makefile distinfo 
   Log:
   Update to lastest security patchset 20120103: added max_input_vars directive
   (default "1000") to prevent attacks based on hash collisions (from PHP 5.4 RC4)
   
   PR:             163782
   Submitted by:   Svyatoslav Lempert <svyatoslav.lempert at gmail dot com>
   Approved by:    maintainer
   
   Revision  Changes    Path
   1.25      +2 -2      ports/lang/php52/Makefile
   1.11      +2 -2      ports/lang/php52/distinfo
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: feedback->closed 
State-Changed-By: rm 
State-Changed-When: Mon Jan 2 18:32:32 UTC 2012 
State-Changed-Why:  
Committed, thank you! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=163782 

From: Ruslan Mahmatkhanov <cvs-src@yandex.ru>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/163782
Date: Mon, 02 Jan 2012 22:31:39 +0400

 This patches are already applied by default and FORBIDDEN will only 
 appear if WITH_BACKPORTS is set to off. So i see no problem.
 
 -- 
 Regards,
 Ruslan
 
 Tinderboxing kills... the drives.
>Unformatted:
