Log message:
Update lang/php5 to 5.1.4.

Some of the key changes include:

* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
  tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
  function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bundled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises
  a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and
  Reflection extensions.
* Over 120 various bug fixes.

See release annoucement on:
	http://www.php.net/release_5_1_3.php

And ChangeLog:
	http://www.php.net/ChangeLog-5.php#5.1.3

Log message:
do not require -I${PREFIX}/include/php/ext/date/lib when building
extension using php_date.h

problem reported upstream as PHP Bug 37163

Log message:
patch-as as renamed to patch-at before commit, follow rename
also here

Log message:
add patch to actually compile the contents of PHP WDDX module; before
it produced empty *.so and the module couldn't be actually used

Log message:
The actual patches for PHP4/5.

Log message:
PHP4/5 security changes...  They're not critical issues;  secunia classes
them between "not critical" and "less critical".

Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.

See:
    http://secunia.com/advisories/19383/
    http://secunia.com/advisories/19599/

Patches were extracted from CVS.  I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why;  I can confirm it fixes the issue).

While here, add PATCHDIR to the list of variables php5's Makefile.php
defines.  That way, ap-php gets patched too...

Log message:
Over 1200 files touched but no revisions bumped :)

RECOMMENDED is removed. It becomes ABI_DEPENDS.

BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.

BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.

BUILDLINK_DEPENDS does not change.

IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".

Added to obsolete.mk checking for IGNORE_RECOMMENDED.

I did not manually go through and fix any aesthetic tab/spacing issues.

I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.

I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.

As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.

As discussed on tech-pkg.

I will commit to revbump, pkglint, pkg_install, createbuildlink separately.

Note that if you use wip, it will fail!  I will commit to pkgsrc-wip
later (within day).

Log message:
Install bin/pear with correct file permissions

Log message:
add fix to build php-xmlrpc and php5-dom successfully with 5.1.2

Log message:
Updated lang/php5 to 5.1.2

* HTTP Response Splitting has been addressed in ext/session and in
  the header() function.
* Fixed format string vulnerability in ext/mysqli.
* Fixed possible cross-site scripting problems in certain error conditions.
* Hash & XMLWriter extensions added and enabled by default.
* Upgraded OCI8 extension.
* Over 85 various bug fixes.

(I haven't heard anything from the MAINTAINER but since this works fine
on my servers and as this fixes security issues I checked in this)