head	1.4;
access;
symbols
	pkgsrc-2013Q2:1.4.0.4
	pkgsrc-2013Q2-base:1.4
	pkgsrc-2012Q4:1.4.0.2
	pkgsrc-2012Q4-base:1.4
	pkgsrc-2012Q1:1.3.0.20
	pkgsrc-2012Q1-base:1.3
	pkgsrc-2011Q4:1.3.0.18
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q3:1.3.0.16
	pkgsrc-2011Q3-base:1.3
	pkgsrc-2011Q2:1.3.0.14
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2011Q1:1.3.0.12
	pkgsrc-2011Q1-base:1.3
	pkgsrc-2010Q4:1.3.0.10
	pkgsrc-2010Q4-base:1.3
	pkgsrc-2010Q3:1.3.0.8
	pkgsrc-2010Q3-base:1.3
	pkgsrc-2010Q2:1.3.0.6
	pkgsrc-2010Q2-base:1.3
	pkgsrc-2010Q1:1.3.0.4
	pkgsrc-2010Q1-base:1.3
	pkgsrc-2009Q4:1.3.0.2
	pkgsrc-2009Q4-base:1.3
	pkgsrc-2009Q3:1.1.0.36
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.34
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.32
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.30
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.28
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.26
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.24
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.22
	pkgsrc-2008Q1:1.1.0.20
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.18
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.16
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.14
	pkgsrc-2007Q2-base:1.1
	pkgsrc-2007Q1:1.1.0.12
	pkgsrc-2007Q1-base:1.1
	pkgsrc-2006Q4:1.1.0.10
	pkgsrc-2006Q4-base:1.1
	pkgsrc-2006Q3:1.1.0.8
	pkgsrc-2006Q3-base:1.1
	pkgsrc-2006Q2:1.1.0.6
	pkgsrc-2006Q2-base:1.1
	pkgsrc-2006Q1:1.1.0.4
	pkgsrc-2006Q1-base:1.1
	pkgsrc-2005Q4:1.1.0.2
	pkgsrc-2005Q4-base:1.1;
locks; strict;
comment	@# @;


1.4
date	2012.06.16.15.15.06;	author taca;	state dead;
branches;
next	1.3;

1.3
date	2009.12.23.07.07.34;	author taca;	state Exp;
branches;
next	1.2;

1.2
date	2009.11.30.06.14.08;	author taca;	state Exp;
branches;
next	1.1;

1.1
date	2005.12.06.08.32.22;	author jdolecek;	state Exp;
branches
	1.1.36.1;
next	;

1.1.36.1
date	2009.11.30.23.10.20;	author tron;	state Exp;
branches;
next	1.1.36.2;

1.1.36.2
date	2009.12.23.19.09.51;	author spz;	state Exp;
branches;
next	;


desc
@@


1.4
log
@Remove php5 (PHP 5.2.17), please migra to php53 or php54.
@
text
@$NetBSD: patch-ah,v 1.3 2009/12/23 07:07:34 taca Exp $

* Ajust for pkgsrc.

--- php.ini-recommended.orig	2009-11-05 13:29:34.000000000 +0000
+++ php.ini-recommended
@@@@ -522,7 +522,7 @@@@ default_mimetype = "text/html"
 ;;;;;;;;;;;;;;;;;;;;;;;;;
 
 ; UNIX: "/path1:/path2"
-;include_path = ".:/php/includes"
+include_path = ".:@@PREFIX@@/lib/php"
 ;
 ; Windows: "\path1;\path2"
 ;include_path = ".;c:\php\includes"
@@@@ -538,8 +538,9 @@@@ doc_root =
 ; if nonempty.
 user_dir =
 
-; Directory in which the loadable extensions (modules) reside.
-extension_dir = "./"
+; Directory in which the loadable extensions (modules) reside. If not
+; defined, then use the extension directory specified at compile-time.
+; extension_dir = "./"
 
 ; Whether or not to enable the dl() function.  The dl() function does NOT work
 ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
@@@@ -597,7 +598,7 @@@@ file_uploads = On
 
 ; Temporary directory for HTTP uploaded files (will use system default if not
 ; specified).
-;upload_tmp_dir =
+upload_tmp_dir = /tmp
 
 ; Maximum allowed size for uploaded files.
 upload_max_filesize = 2M
@


1.3
log
@Update lang/php5 to 5.2.12, security update.


Security Enhancements and Fixes in PHP 5.2.12:

* Fixed a safe_mode bypass in tempnam() identified by Grzegorz
  Stachowiak. (CVE-2009-3557, Rasmus)
* Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
  Stachowiak. (CVE-2009-3558, Rasmus)
* Added "max_file_uploads" INI directive, which can be set to limit the
  number of file uploads per-request to 20 by default, to prevent possible
  DOS via temporary file exhaustion, identified by Bogdan
  Calin. (CVE-2009-4017, Ilia)
* Added protection for $_SESSION from interrupt corruption and improved
  "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
  Stas)
* Fixed bug #49785 (insufficient input string validation of
  htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

Key enhancements in PHP 5.2.12 include:

* Fixed unnecessary invocation of setitimer when timeouts have been
  disabled. (Arvind Srinivasan)
* Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
* Fixed crash in SQLiteDatabase::ArrayQuery() and
  SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
* Fixed crash when instantiating PDORow and PDOStatement through
  Reflection. (Felipe)
* Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
* Fixed bug #50207 (segmentation fault when concatenating very large strings
  on 64bit linux). (Ilia)
* Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
  database). (Felipe)
* Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
* Fixed bug #50005 (Throwing through Reflection modified Exception object
  makes segmentation fault). (Felipe)
* Fixed bug #49174 (crash when extending PDOStatement and trying to set
  queryString property). (Felipe)
* Fixed bug #49098 (mysqli segfault on error). (Rasmus)
* Over 50 other bug fixes.
@
text
@d1 1
a1 1
$NetBSD: patch-ah,v 1.2 2009/11/30 06:14:08 taca Exp $
@


1.2
log
@Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry.

1. CVE-2009-3292 is already fixed in 5.2.11.

2. CVE-2009-3558

	http://svn.php.net/viewvc?view=revision&revision=288934

3. CVE-2009-3557

	http://svn.php.net/viewvc?view=revision&revision=288945
	http://svn.php.net/viewvc?view=revision&revision=288971

4. CVE-2009-4017

	http://svn.php.net/viewvc?view=revision&revision=289990
	http://svn.php.net/viewvc?view=revision&revision=290820
	http://svn.php.net/viewvc?view=revision&revision=290885

Other pkgsrc changes:

* Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended.
* Add comments to some of patch files.

Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD: patch-ah,v 1.1 2005/12/06 08:32:22 jdolecek Exp $
a3 2
* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
	http://svn.php.net/viewvc?view=revision&revision=289990
d5 1
a5 1
--- php.ini-recommended.orig	2009-03-02 13:44:35.000000000 +0900
d28 1
a28 1
@@@@ -597,11 +598,13 @@@@ file_uploads = On
a36 6
 
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 100
 
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
@


1.1
log
@patch php.ini-dist and php.ini-recommended to comment out extension_dir
and to uncomment and explicitly set upload_tmp_dir, so that this works
out of box (patches adapted from www/php4)

pointed out by Martti Kuparinen on tech-pkg@@
@
text
@d1 1
a1 1
$NetBSD$
d3 5
a7 1
--- php.ini-recommended.orig	2005-11-15 00:14:23.000000000 +0100
d9 10
a18 1
@@@@ -515,8 +515,9 @@@@ doc_root =
d30 1
a30 1
@@@@ -566,7 +567,7 @@@@ file_uploads = On
d39 6
@


1.1.36.1
log
@Pullup ticket #2939 - requested by taca
php5: security patch

Revisions pulled up:
- lang/php5/Makefile				1.73-1.74
- lang/php5/distinfo				1.69-1.70
- lang/php5/patches/patch-ag			1.3
- lang/php5/patches/patch-ah			1.2
- lang/php5/patches/patch-ay			1.2
- lang/php5/patches/patch-az			1.1-1.2
- lang/php5/patches/patch-ba			1.1
- lang/php5/patches/patch-bb			1.1
- lang/php5/patches/patch-bc			1.1
- lang/php5/patches/patch-bd			1.1
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Thu Oct 22 14:49:06 UTC 2009

Modified Files:
	pkgsrc/lang/php5: Makefile distinfo
Added Files:
	pkgsrc/lang/php5/patches: patch-az

Log Message:
Add patch to check byte sequence more strictly in htmlspecialchars().

	http://bugs.php.net/bug.php?id=49785

These are patch refrects r289411, r289554, r289565, r289567 and r289605
in PHP svn repositry.

Bump PKGREVISION.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Nov 30 06:14:08 UTC 2009

Modified Files:
	pkgsrc/lang/php5: Makefile distinfo
	pkgsrc/lang/php5/patches: patch-ag patch-ah patch-ay patch-az
Added Files:
	pkgsrc/lang/php5/patches: patch-ba patch-bb patch-bc patch-bd

Log Message:
Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry.

1. CVE-2009-3292 is already fixed in 5.2.11.

2. CVE-2009-3558

	http://svn.php.net/viewvc?view=revision&revision=288934

3. CVE-2009-3557

	http://svn.php.net/viewvc?view=revision&revision=288945
	http://svn.php.net/viewvc?view=revision&revision=288971

4. CVE-2009-4017

	http://svn.php.net/viewvc?view=revision&revision=289990
	http://svn.php.net/viewvc?view=revision&revision=290820
	http://svn.php.net/viewvc?view=revision&revision=290885

Other pkgsrc changes:

* Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended.
* Add comments to some of patch files.

Bump PKGREVISION.
@
text
@d3 1
a3 5
* Ajust for pkgsrc.
* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
	http://svn.php.net/viewvc?view=revision&revision=289990

--- php.ini-recommended.orig	2009-03-02 13:44:35.000000000 +0900
d5 1
a5 10
@@@@ -522,7 +522,7 @@@@ default_mimetype = "text/html"
 ;;;;;;;;;;;;;;;;;;;;;;;;;
 
 ; UNIX: "/path1:/path2"
-;include_path = ".:/php/includes"
+include_path = ".:@@PREFIX@@/lib/php"
 ;
 ; Windows: "\path1;\path2"
 ;include_path = ".;c:\php\includes"
@@@@ -538,8 +538,9 @@@@ doc_root =
d17 1
a17 1
@@@@ -597,11 +598,13 @@@@ file_uploads = On
a25 6
 
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 100
 
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
@


1.1.36.2
log
@Pullup ticket 2955 - requested by taca
security update

Revisions pulled up:
- pkgsrc/lang/php5/Makefile			1.75
- pkgsrc/lang/php5/Makefile.common		1.39
- pkgsrc/lang/php5/PLIST			1.25
- pkgsrc/lang/php5/distinfo			1.71
- pkgsrc/lang/php5/patches/patch-ag		1.4
- pkgsrc/lang/php5/patches/patch-ah		1.3
- pkgsrc/textproc/php5-xsl/Makefile		1.13

Files removed:
pkgsrc/lang/php5/patches/patch-ay
pkgsrc/lang/php5/patches/patch-az
pkgsrc/lang/php5/patches/patch-ba
pkgsrc/lang/php5/patches/patch-bb
pkgsrc/lang/php5/patches/patch-bc
pkgsrc/lang/php5/patches/patch-bd

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:07:35 UTC 2009

   Modified Files:
           pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
           pkgsrc/lang/php5/patches: patch-ag patch-ah
   Removed Files:
           pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb
               patch-bc patch-bd

   Log Message:
   Update lang/php5 to 5.2.12, security update.

   Security Enhancements and Fixes in PHP 5.2.12:

   * Fixed a safe_mode bypass in tempnam() identified by Grzegorz
     Stachowiak. (CVE-2009-3557, Rasmus)
   * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
     Stachowiak. (CVE-2009-3558, Rasmus)
   * Added "max_file_uploads" INI directive, which can be set to limit the
     number of file uploads per-request to 20 by default, to prevent possible
     DOS via temporary file exhaustion, identified by Bogdan
     Calin. (CVE-2009-4017, Ilia)
   * Added protection for $_SESSION from interrupt corruption and improved
     "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
     Stas)
   * Fixed bug #49785 (insufficient input string validation of
     htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

   Key enhancements in PHP 5.2.12 include:

   * Fixed unnecessary invocation of setitimer when timeouts have been
     disabled. (Arvind Srinivasan)
   * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
   * Fixed crash in SQLiteDatabase::ArrayQuery() and
     SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
   * Fixed crash when instantiating PDORow and PDOStatement through
     Reflection. (Felipe)
   * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
   * Fixed bug #50207 (segmentation fault when concatenating very large strings
     on 64bit linux). (Ilia)
   * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
     database). (Felipe)
   * Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
   * Fixed bug #50005 (Throwing through Reflection modified Exception object
     makes segmentation fault). (Felipe)
   * Fixed bug #49174 (crash when extending PDOStatement and trying to set
     queryString property). (Felipe)
   * Fixed bug #49098 (mysqli segfault on error). (Rasmus)
   * Over 50 other bug fixes.


   To generate a diff of this commit:
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
   cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
   cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
       pkgsrc/lang/php5/patches/patch-az
   cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
       pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
       pkgsrc/lang/php5/patches/patch-bd

   --------------------------------------------------------------------------

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:08:31 UTC 2009

   Modified Files:
           pkgsrc/textproc/php5-xsl: Makefile

   Log Message:
   Reset PKGREVISION by implicit update to 5.2.12.


   To generate a diff of this commit:
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile
@
text
@d1 1
a1 1
$NetBSD: patch-ah,v 1.3 2009/12/23 07:07:34 taca Exp $
d4 2
d7 1
a7 1
--- php.ini-recommended.orig	2009-11-05 13:29:34.000000000 +0000
d30 1
a30 1
@@@@ -597,7 +598,7 @@@@ file_uploads = On
d39 6
@