- security fixes for CVE-2011-2202, CVE-2011-1938, CVE-2011-1148,

   CVE-2011-0708, CVE-2011-1092, CVE-2011-0421 vulnerabilities
 - option BACKPORTS in port config for enable port patches (enabled
   by default)
 - bump PORTREVISION

Submitted by:	Svyatoslav Lempert <svyatoslav.lempert gmail.com>
PR:		ports/160805
Approved by:	maintainer

2 files changed, 28 insertions, 3 deletions

diff --git a/lang/php52/Makefile b/lang/php52/Makefile
index 725f02e2b047..9e4ac16a2239 100644
--- a/lang/php52/Makefile
+++ b/lang/php52/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	php52
 PORTVERSION=	5.2.17
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}
 MASTER_SITE_SUBDIR=	distributions
@@ -16,7 +16,7 @@ DISTNAME=	php-${PORTVERSION}
 MAINTAINER=	admin@lissyara.su
 COMMENT=	PHP Scripting Language
 
-FORBIDDEN=	Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html
+DEPRECATED=		PHP 5.2 series is not supported anymore, migrate now
 EXPIRATION_DATE=	2011-10-14
 
 LATEST_LINK=	${PKGNAMEPREFIX}${PORTNAME}${PKGNAMESUFFIX}
@@ -51,7 +51,8 @@ OPTIONS=	CLI "Build CLI version" on \
 		FASTCGI "Enable fastcgi support (CGI only)" on \
 		FPM "Enable fastcgi process manager (CGI only)" off \
 		PATHINFO "Enable path-info-check support (CGI only)" on \
-		LINKTHR "Link thread lib (for threaded extensions)" off
+		LINKTHR "Link thread lib (for threaded extensions)" off \
+		BACKPORTS "Enable backported security and bugfix patches" on
 
 CONFLICTS=	php4-4* php5-5.3*
 
@@ -189,6 +190,18 @@ CONFIGURE_ARGS+=--enable-zend-multibyte
 CONFIGURE_ARGS+=--disable-ipv6
 .endif
 
+.if defined(WITH_BACKPORTS)
+PATCHFILES+=	php-5.2.17-CVE-2011-0421.patch \
+		php-5.2.17-CVE-2011-0708.patch \
+		php-5.2.17-CVE-2011-1092.patch \
+		php-5.2.17-CVE-2011-1148.patch \
+		php-5.2.17-CVE-2011-1938.patch \
+		php-5.2.17-CVE-2011-2202.patch
+PATCH_SITES+=	http://php52-backports.googlecode.com/files/
+.else
+FORBIDDEN=	Vulnerable since 2011-01-13, http://portaudit.freebsd.org/3761df02-0f9c-11e0-becc-0022156e8794.html
+.endif
+
 post-patch:
 	@${TOUCH} ${WRKSRC}/ext/php_config.h
 	@${REINPLACE_CMD} "s|^\(extension_dir\)|; \1|" ${WRKSRC}/php.ini-*
diff --git a/lang/php52/distinfo b/lang/php52/distinfo
index ad33e08531dc..7fe37aed52ba 100644
--- a/lang/php52/distinfo
+++ b/lang/php52/distinfo
@@ -6,3 +6,15 @@ SHA256 (suhosin-patch-5.2.16-0.9.7.patch.gz) = aae115a318d80b3f32cedf876e7a8e4b9
 SIZE (suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069
 SHA256 (php-5.2.10-mail-header.patch) = a61d50540f4aae32390118453845c380fe935b6d1e46cef6819c8561946e942f
 SIZE (php-5.2.10-mail-header.patch) = 3383
+SHA256 (php-5.2.17-CVE-2011-0421.patch) = e31086a77a5c4ec1cb4e302d3c7107eadbfebc26cf9e1ca5a018407616a95e7a
+SIZE (php-5.2.17-CVE-2011-0421.patch) = 383
+SHA256 (php-5.2.17-CVE-2011-0708.patch) = e07d9cac035da6a53216600b17a6d0b4d524ccae1c48288dfdfb9ca965a0f70a
+SIZE (php-5.2.17-CVE-2011-0708.patch) = 1724
+SHA256 (php-5.2.17-CVE-2011-1092.patch) = 4e57151848f006258d9566605929d9121b754c8b5957c24d481d1d6390ecc518
+SIZE (php-5.2.17-CVE-2011-1092.patch) = 380
+SHA256 (php-5.2.17-CVE-2011-1148.patch) = ca9f77ad7d0350d6155b5aa7f2947b4ea3f20df436a2687f578bfde3f890b43d
+SIZE (php-5.2.17-CVE-2011-1148.patch) = 5115
+SHA256 (php-5.2.17-CVE-2011-1938.patch) = f6f6e8b0f6ec430c598eed17b5bb2bb4223591406920d578a1c5711c214988e4
+SIZE (php-5.2.17-CVE-2011-1938.patch) = 641
+SHA256 (php-5.2.17-CVE-2011-2202.patch) = b131428a79548c9164721a03fe33003f7b7631e26d50084308e140ed5dd9d995
+SIZE (php-5.2.17-CVE-2011-2202.patch) = 845