Subject: CVS commit: [pkgsrc-2010Q3] pkgsrc
From: Steven Drake
Date: 2010-12-23 11:10:56
Message id: 20101223101056.343D6175DD@cvs.netbsd.org

Log Message:
Pullup ticket #3312 - requested by taca
pkgsrc/lang/{php5,php53} security fixes

Revisions pulled up:
- pkgsrc/databases/php-mysql/Makefile		1.14
- pkgsrc/databases/php-mysqli/Makefile		1.3
- pkgsrc/databases/php-pdo_mysql/Makefile	1.12
- pkgsrc/lang/php5/Makefile			1.80, 1.81
- pkgsrc/lang/php5/Makefile.common		1.43, 1.44
- pkgsrc/lang/php5/distinfo			1.80, 1.81, 1.82
- pkgsrc/lang/php5/patches/patch-ak		1.8, deleted
- pkgsrc/lang/php5/patches/patch-bf		1.1, deleted
- pkgsrc/lang/php5/patches/patch-bg		1.1, deleted
- pkgsrc/lang/php53/Makefile			1.5, 1.6
- pkgsrc/lang/php53/Makefile.common		1.3
- pkgsrc/lang/php53/distinfo			1.7, 1.8
- pkgsrc/lang/php53/patches/patch-ab		1.3
- pkgsrc/lang/php53/patches/patch-am		1.1, deleted
- pkgsrc/lang/php53/patches/patch-an		1.1, deleted
- pkgsrc/lang/php53/patches/patch-ao		1.1, deleted
- pkgsrc/lang/php53/patches/patch-ap		1.1, deleted
- pkgsrc/lang/php53/patches/patch-aq		1.1, deleted
- pkgsrc/mail/php-imap/Makefile			1.21, 1.22
- pkgsrc/www/ap-php/Makefile			1.24
- pkgsrc/www/php-eaccelerator/Makefile		1.13

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Nov 25 03:43:50 UTC 2010

   Modified Files:
   	pkgsrc/lang/php53: Makefile distinfo
   Added Files:
   	pkgsrc/lang/php53/patches: patch-am patch-an patch-ao patch-ap patch-aq

   Log Message:
   - GC bug fix: http://svn.php.net/viewvc?view=revision&revision=303016
   - CVE-2010-3710 (a part of SA41724)
   	http://svn.php.net/viewvc?view=revision&revision=303779
   - CVE-2010-3870 (a part of SA41724)
   	http://svn.php.net/viewvc?view=revision&revision=304959
   - CVE-2010-4150 (php-imap)
   	http://svn.php.net/viewvc?view=revision&revision=305032
   - CVE-2010-4156 (SA42135)
   	http://svn.php.net/viewvc?view=revision&revision=305214

   Bump PKGREVISION.

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Nov 25 03:44:16 UTC 2010

   Modified Files:
   	pkgsrc/lang/php5: Makefile distinfo
   Added Files:
   	pkgsrc/lang/php5/patches: patch-ak patch-bf patch-bg

   Log Message:
   - CVE-2010-4150 (php-imap)
   	http://svn.php.net/viewvc?view=revision&revision=305032
   - CVE-2010-3710 (a part of SA41724)
   	http://svn.php.net/viewvc?view=revision&revision=303885
   - CVE-2010-3870 (a part of SA41724)
   	http://svn.php.net/viewvc?view=revision&revision=305055

   Bump PKGREVISION.

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Nov 25 03:45:19 UTC 2010

   Modified Files:
   	pkgsrc/mail/php-imap: Makefile

   Log Message:
   Bump REVISION since CVE-2010-4150 fix was added.

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Dec 13 13:15:46 UTC 2010

   Modified Files:
   	pkgsrc/lang/php5: Makefile Makefile.common distinfo
   Removed Files:
   	pkgsrc/lang/php5/patches: patch-ak patch-bf patch-bg

   Log Message:
   Update php5 package to 5.2.15 (PHP 5.2.15):

   The PHP development team would like to announce the immediate
   availability of PHP 5.2.15. This release marks the end of support for
   PHP 5.2. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

   This release focuses on improving the security and stability of the
   PHP 5.2.x branch with a small number, of predominatly security fixes.

   Security Enhancements and Fixes in PHP 5.2.15:

   * Fixed extract() to do not overwrite $GLOBALS and $this when using
     EXTR_OVERWRITE.
   * Fixed crash in zip extract method (possible CWE-170).
   * Fixed a possible double free in imap extension.
   * Fixed possible flaw in open_basedir (CVE-2010-3436).
   * Fixed NULL pointer dereference in
     ZipArchive::getArchiveComment. (CVE-2010-3709).
   * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
     large amount of data).

   Key enhancements in PHP 5.2.15 include:

   * Fixed bug #47643 (array_diff() takes over 3000 times longer than php
     5.2.4).
   * Fixed bug #44248 (RFC2616 transgression while HTTPS request through proxy
     with SoapClient object).
   * To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
     migration guide available on http://php.net/migration53, details the changes
     between PHP 5.2 and PHP 5.3.

   For a full list of changes in PHP 5.2.15 see the ChangeLog at
   http://www.php.net/ChangeLog-5.php#5.2.15.

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Dec 13 13:16:37 UTC 2010

   Modified Files:
   	pkgsrc/lang/php53: Makefile Makefile.common distinfo
   	pkgsrc/lang/php53/patches: patch-ab
   Removed Files:
   	pkgsrc/lang/php53/patches: patch-am patch-an patch-ao patch-ap patch-aq

   Log Message:
   Update lang/php53 package to 5.3.4 (PHP 5.3.4).

   The PHP development team is proud to announce the immediate release of PHP
   5.3.4. This is a maintenance release in the 5.3 series, which includes a large
   number of bug fixes.

   Security Enhancements and Fixes in PHP 5.3.4:

   * Fixed crash in zip extract method (possible CWE-170).
   * Paths with NULL in them (foo\0bar.txt) are now considered as invalid
     (CVE-2006-7243).
   * Fixed a possible double free in imap extension (Identified by Mateusz
     Kocielski). (CVE-2010-4150).
   * Fixed NULL pointer dereference in
     ZipArchive::getArchiveComment. (CVE-2010-3709).
   * Fixed possible flaw in open_basedir (CVE-2010-3436).
   * Fixed MOPS-2010-24, fix string validation. (CVE-2010-2950).
   * Fixed symbolic resolution support when the target is a DFS share.
   * Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL with
     large amount of data) (CVE-2010-3710).

   Key Bug Fixes in PHP 5.3.4 include:

   * Added stat support for zip stream.
   * Added follow_location (enabled by default) option for the http stream
     support.
   * Added a 3rd parameter to get_html_translation_table. It now takes a charset
     hint, like htmlentities et al.
   * Implemented FR #52348, added new constant ZEND_MULTIBYTE to detect zend
     multibyte at runtime.
   * Multiple improvements to the FPM SAPI.
   * Over 100 other bug fixes.

   For users upgrading from PHP 5.2 there is a migration guide available here,
   detailing the changes between those releases and PHP 5.3.

   For a full list of changes in PHP 5.3.4, see the ChangeLog. For source
   downloads please visit our downloads page, Windows binaries can be found on
   windows.php.net/download/.

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Mon Dec 13 13:18:20 UTC 2010

   Modified Files:
   	pkgsrc/databases/php-mysql: Makefile
   	pkgsrc/databases/php-mysqli: Makefile
   	pkgsrc/databases/php-pdo_mysql: Makefile
   	pkgsrc/mail/php-imap: Makefile
   	pkgsrc/www/ap-php: Makefile
   	pkgsrc/www/php-eaccelerator: Makefile

   Log Message:
   Reset PKGREVISION by update of base PHP version.

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Dec 16 14:20:45 UTC 2010

   Modified Files:
   	pkgsrc/lang/php5: Makefile.common distinfo

   Log Message:
   Update php5 pacakge to 5.2.16:

   PHP 5.2.16 Released!

   The PHP development team would like to announce the immediate availability of
   PHP 5.2.16. This release marks the end of support for PHP 5.2. All users of
   PHP 5.2 are encouraged to upgrade to PHP 5.3.

   This release focuses on addressing a regression in open_basedir implementation
   introduced in 5.2.15 in addition to fixing a crash inside PDO::pgsql on data
   retrieval when the server is down. All users who have upgraded to 5.2.15 and
   are utilizing open_basedir are strongly encouraged to upgrade to 5.2.16 or
   5.3.4.

   To prepare for upgrading to PHP 5.3, now that PHP 5.2's support ended, a
   migration guide available on http://php.net/migration53, details the changes
   between PHP 5.2 and PHP 5.3.

   For a full list of changes in PHP 5.2.16 see the ChangeLog at
   http://www.php.net/ChangeLog-5.php#5.2.16.

   ChangeLog:

   Version 5.2.16

   16-Dec-2010

   * Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is
     down). (gyp at balabit dot hu)
   * Fixed bug #53516 (Regression in open_basedir handling). (Ilia)

Files:
RevisionActionfile
1.13.2.1modifypkgsrc/databases/php-mysql/Makefile
1.2.2.1modifypkgsrc/databases/php-mysqli/Makefile
1.11.2.1modifypkgsrc/databases/php-pdo_mysql/Makefile
1.42.2.1modifypkgsrc/lang/php5/Makefile.common
1.79.2.1modifypkgsrc/lang/php5/distinfo
1.2.2.1modifypkgsrc/lang/php53/Makefile.common
1.6.2.1modifypkgsrc/lang/php53/distinfo
1.2.2.1modifypkgsrc/lang/php53/patches/patch-ab
1.23.6.1modifypkgsrc/www/ap-php/Makefile
1.12.2.1modifypkgsrc/www/php-eaccelerator/Makefile