pkgsrc/lang/php5/patches/patch-ah

$NetBSD: patch-ah,v 1.3 2009/12/23 07:07:34 taca Exp $

* Ajust for pkgsrc.

--- php.ini-recommended.orig	2009-11-05 13:29:34.000000000 +0000
+++ php.ini-recommended
@@ -522,7 +522,7 @@ default_mimetype = "text/html"
 ;;;;;;;;;;;;;;;;;;;;;;;;;
 
 ; UNIX: "/path1:/path2"
-;include_path = ".:/php/includes"
+include_path = ".:@PREFIX@/lib/php"
 ;
 ; Windows: "\path1;\path2"
 ;include_path = ".;c:\php\includes"
@@ -538,8 +538,9 @@ doc_root =
 ; if nonempty.
 user_dir =
 
-; Directory in which the loadable extensions (modules) reside.
-extension_dir = "./"
+; Directory in which the loadable extensions (modules) reside. If not
+; defined, then use the extension directory specified at compile-time.
+; extension_dir = "./"
 
 ; Whether or not to enable the dl() function.  The dl() function does NOT work
 ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
@@ -597,7 +598,7 @@ file_uploads = On
 
 ; Temporary directory for HTTP uploaded files (will use system default if not
 ; specified).
-;upload_tmp_dir =
+upload_tmp_dir = /tmp
 
 ; Maximum allowed size for uploaded files.
 upload_max_filesize = 2M
Update lang/php5 to 5.2.12, security update. Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. 2009-12-23 08:07:34 +01:00			$NetBSD: patch-ah,v 1.3 2009/12/23 07:07:34 taca Exp $
patch php.ini-dist and php.ini-recommended to comment out extension_dir and to uncomment and explicitly set upload_tmp_dir, so that this works out of box (patches adapted from www/php4) pointed out by Martti Kuparinen on tech-pkg@ 2005-12-06 09:32:22 +01:00
Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry. 1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION. 2009-11-30 07:14:08 +01:00			`* Ajust for pkgsrc.`

Update lang/php5 to 5.2.12, security update. Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. 2009-12-23 08:07:34 +01:00			`--- php.ini-recommended.orig 2009-11-05 13:29:34.000000000 +0000`
patch php.ini-dist and php.ini-recommended to comment out extension_dir and to uncomment and explicitly set upload_tmp_dir, so that this works out of box (patches adapted from www/php4) pointed out by Martti Kuparinen on tech-pkg@ 2005-12-06 09:32:22 +01:00			`+++ php.ini-recommended`
Add fixes for http://secunia.com/advisories/37412/ from PHP's repositry. 1. CVE-2009-3292 is already fixed in 5.2.11. 2. CVE-2009-3558 http://svn.php.net/viewvc?view=revision&revision=288934 3. CVE-2009-3557 http://svn.php.net/viewvc?view=revision&revision=288945 http://svn.php.net/viewvc?view=revision&revision=288971 4. CVE-2009-4017 http://svn.php.net/viewvc?view=revision&revision=289990 http://svn.php.net/viewvc?view=revision&revision=290820 http://svn.php.net/viewvc?view=revision&revision=290885 Other pkgsrc changes: * Don't hardcord /usr/pkg in php.ini-dist and php.ini-recommended. * Add comments to some of patch files. Bump PKGREVISION. 2009-11-30 07:14:08 +01:00			`@@ -522,7 +522,7 @@ default_mimetype = "text/html"`
			`;;;;;;;;;;;;;;;;;;;;;;;;;`

			`; UNIX: "/path1:/path2"`
			`-;include_path = ".:/php/includes"`
			`+include_path = ".:@PREFIX@/lib/php"`
			`;`
			`; Windows: "\path1;\path2"`
			`;include_path = ".;c:\php\includes"`
			`@@ -538,8 +538,9 @@ doc_root =`
patch php.ini-dist and php.ini-recommended to comment out extension_dir and to uncomment and explicitly set upload_tmp_dir, so that this works out of box (patches adapted from www/php4) pointed out by Martti Kuparinen on tech-pkg@ 2005-12-06 09:32:22 +01:00			`; if nonempty.`
			`user_dir =`

			`-; Directory in which the loadable extensions (modules) reside.`
			`-extension_dir = "./"`
			`+; Directory in which the loadable extensions (modules) reside. If not`
			`+; defined, then use the extension directory specified at compile-time.`
			`+; extension_dir = "./"`

			`; Whether or not to enable the dl() function. The dl() function does NOT work`
			`; properly in multithreaded servers, such as IIS or Zeus, and is automatically`
Update lang/php5 to 5.2.12, security update. Security Enhancements and Fixes in PHP 5.2.12: * Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia) * Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143, Stas) * Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com) Key enhancements in PHP 5.2.12 include: * Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan) * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre) * Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe) * Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe) * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe) * Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia) * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe) * Fixed bug #50006 (Segfault caused by uksort()). (Felipe) * Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe) * Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe) * Fixed bug #49098 (mysqli segfault on error). (Rasmus) * Over 50 other bug fixes. 2009-12-23 08:07:34 +01:00			`@@ -597,7 +598,7 @@ file_uploads = On`
patch php.ini-dist and php.ini-recommended to comment out extension_dir and to uncomment and explicitly set upload_tmp_dir, so that this works out of box (patches adapted from www/php4) pointed out by Martti Kuparinen on tech-pkg@ 2005-12-06 09:32:22 +01:00
			`; Temporary directory for HTTP uploaded files (will use system default if not`
			`; specified).`
			`-;upload_tmp_dir =`
			`+upload_tmp_dir = /tmp`

			`; Maximum allowed size for uploaded files.`
			`upload_max_filesize = 2M`