- Update to lastest security patchset 20120103 - added max_input_vars directive (default "1000") to prevent attacks based on hash collisions (from PHP 5.4 RC4) Fix: Apply patch to port. Please remove forbidden mark from port, port is secure, all security patches are applied, if you need you can enable security patches "by default" in Makefile outside of the dialog user choose. Patch attached with submission follows:
Maintainer of lang/php52, Please note that PR ports/163782 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/163782 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
please, commit this patch
Responsible Changed From-To: freebsd-ports-bugs->rm I will take it.
rm 2012-01-02 18:26:27 UTC FreeBSD ports repository Modified files: lang/php52 Makefile distinfo Log: Update to lastest security patchset 20120103: added max_input_vars directive (default "1000") to prevent attacks based on hash collisions (from PHP 5.4 RC4) PR: 163782 Submitted by: Svyatoslav Lempert <svyatoslav.lempert at gmail dot com> Approved by: maintainer Revision Changes Path 1.25 +2 -2 ports/lang/php52/Makefile 1.11 +2 -2 ports/lang/php52/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
This patches are already applied by default and FORBIDDEN will only appear if WITH_BACKPORTS is set to off. So i see no problem. -- Regards, Ruslan Tinderboxing kills... the drives.
State Changed From-To: feedback->closed Committed, thank you!