Pullup ticket 2955 - requested by taca

security update

Revisions pulled up:
- pkgsrc/lang/php5/Makefile			1.75
- pkgsrc/lang/php5/Makefile.common		1.39
- pkgsrc/lang/php5/PLIST			1.25
- pkgsrc/lang/php5/distinfo			1.71
- pkgsrc/lang/php5/patches/patch-ag		1.4
- pkgsrc/lang/php5/patches/patch-ah		1.3
- pkgsrc/textproc/php5-xsl/Makefile		1.13

Files removed:
pkgsrc/lang/php5/patches/patch-ay
pkgsrc/lang/php5/patches/patch-az
pkgsrc/lang/php5/patches/patch-ba
pkgsrc/lang/php5/patches/patch-bb
pkgsrc/lang/php5/patches/patch-bc
pkgsrc/lang/php5/patches/patch-bd

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:07:35 UTC 2009

   Modified Files:
           pkgsrc/lang/php5: Makefile Makefile.common PLIST distinfo
           pkgsrc/lang/php5/patches: patch-ag patch-ah
   Removed Files:
           pkgsrc/lang/php5/patches: patch-ay patch-az patch-ba patch-bb
               patch-bc patch-bd

   Log Message:
   Update lang/php5 to 5.2.12, security update.

   Security Enhancements and Fixes in PHP 5.2.12:

   * Fixed a safe_mode bypass in tempnam() identified by Grzegorz
     Stachowiak. (CVE-2009-3557, Rasmus)
   * Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
     Stachowiak. (CVE-2009-3558, Rasmus)
   * Added "max_file_uploads" INI directive, which can be set to limit the
     number of file uploads per-request to 20 by default, to prevent possible
     DOS via temporary file exhaustion, identified by Bogdan
     Calin. (CVE-2009-4017, Ilia)
   * Added protection for $_SESSION from interrupt corruption and improved
     "session.save_path" check, identified by Stefan Esser. (CVE-2009-4143,
     Stas)
   * Fixed bug #49785 (insufficient input string validation of
     htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

   Key enhancements in PHP 5.2.12 include:

   * Fixed unnecessary invocation of setitimer when timeouts have been
     disabled. (Arvind Srinivasan)
   * Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
   * Fixed crash in SQLiteDatabase::ArrayQuery() and
     SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
   * Fixed crash when instantiating PDORow and PDOStatement through
     Reflection. (Felipe)
   * Fixed memory leak in openssl_pkcs12_export_to_file(). (Felipe)
   * Fixed bug #50207 (segmentation fault when concatenating very large strings
     on 64bit linux). (Ilia)
   * Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle
     database). (Felipe)
   * Fixed bug #50006 (Segfault caused by uksort()). (Felipe)
   * Fixed bug #50005 (Throwing through Reflection modified Exception object
     makes segmentation fault). (Felipe)
   * Fixed bug #49174 (crash when extending PDOStatement and trying to set
     queryString property). (Felipe)
   * Fixed bug #49098 (mysqli segfault on error). (Rasmus)
   * Over 50 other bug fixes.


   To generate a diff of this commit:
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/lang/php5/Makefile
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php5/Makefile.common
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/lang/php5/PLIST
   cvs rdiff -u -r1.70 -r1.71 pkgsrc/lang/php5/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php5/patches/patch-ag
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php5/patches/patch-ah
   cvs rdiff -u -r1.2 -r0 pkgsrc/lang/php5/patches/patch-ay \
       pkgsrc/lang/php5/patches/patch-az
   cvs rdiff -u -r1.1 -r0 pkgsrc/lang/php5/patches/patch-ba \
       pkgsrc/lang/php5/patches/patch-bb pkgsrc/lang/php5/patches/patch-bc \
       pkgsrc/lang/php5/patches/patch-bd

   --------------------------------------------------------------------------

   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Dec 23 07:08:31 UTC 2009

   Modified Files:
           pkgsrc/textproc/php5-xsl: Makefile

   Log Message:
   Reset PKGREVISION by implicit update to 5.2.12.


   To generate a diff of this commit:
   cvs rdiff -u -r1.12 -r1.13 pkgsrc/textproc/php5-xsl/Makefile

13 files changed, 21 insertions, 532 deletions

diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index 3841ac04b04..7f4324acb9c 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.72.4.1 2009/11/30 23:10:19 tron Exp $
+# $NetBSD: Makefile,v 1.72.4.2 2009/12/23 19:09:51 spz Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		2
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
diff --git a/lang/php5/Makefile.common b/lang/php5/Makefile.common
index 513a571faa4..ac87caa3e45 100644
--- a/lang/php5/Makefile.common
+++ b/lang/php5/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.38 2009/10/09 03:53:06 taca Exp $
+# $NetBSD: Makefile.common,v 1.38.2.1 2009/12/23 19:09:51 spz Exp $
 # used by lang/php5/Makefile.php
 # used by lang/php/ext.mk
 
@@ -46,7 +46,7 @@ EXTRACT_SUFX?=		.tar.bz2
 MAINTAINER?=		jdolecek@NetBSD.org
 HOMEPAGE?=		http://www.php.net/
 
-PHP_BASE_VERS=		5.2.11
+PHP_BASE_VERS=		5.2.12
 
 PHP_EXTENSION_DIR=	lib/php/20040412
 PLIST_SUBST+=		PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff --git a/lang/php5/PLIST b/lang/php5/PLIST
index 465de671077..51247235555 100644
--- a/lang/php5/PLIST
+++ b/lang/php5/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2009/09/26 05:40:05 taca Exp $
+@comment $NetBSD: PLIST,v 1.24.2.1 2009/12/23 19:09:51 spz Exp $
 bin/php
 bin/php-config
 bin/phpize
@@ -197,10 +197,10 @@ include/php/main/streams/php_stream_plain_wrapper.h
 include/php/main/streams/php_stream_transport.h
 include/php/main/streams/php_stream_userspace.h
 include/php/main/streams/php_streams_int.h
-include/php/main/win95nt.h
 ${PLIST.suhosin}include/php/main/suhosin_globals.h
 ${PLIST.suhosin}include/php/main/suhosin_logo.h
 ${PLIST.suhosin}include/php/main/suhosin_patch.h
+include/php/main/win95nt.h
 include/php/regex/cclass.h
 include/php/regex/cname.h
 include/php/regex/regex.h
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index ef1b6e9fe46..dbaa8fbc50f 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.67.2.2 2009/11/30 23:10:20 tron Exp $
+$NetBSD: distinfo,v 1.67.2.3 2009/12/23 19:09:51 spz Exp $
 
-SHA1 (php-5.2.11/php-5.2.11.tar.bz2) = 819c853ce657ef260d4a73b5a21f961115b97eef
-RMD160 (php-5.2.11/php-5.2.11.tar.bz2) = 6aad53dee864ab89f794a9d3c2aa32d435ed5654
-Size (php-5.2.11/php-5.2.11.tar.bz2) = 9030787 bytes
-SHA1 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1
-RMD160 (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15
-Size (php-5.2.11/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes
+SHA1 (php-5.2.12/php-5.2.12.tar.bz2) = 6605f23b70e3db824047830f08d636e09ec10ff3
+RMD160 (php-5.2.12/php-5.2.12.tar.bz2) = 027f3597fd961d2a95682e2f0738415f8a911371
+Size (php-5.2.12/php-5.2.12.tar.bz2) = 9075161 bytes
+SHA1 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 248419332131efc53f3306c2a57a4b1a9dc92cc1
+RMD160 (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 0f6d442aace34c221f9fbff42a63e7f3b4489f15
+Size (php-5.2.12/suhosin-patch-5.2.11-0.9.7.patch.gz) = 23050 bytes
 SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
-SHA1 (patch-ag) = 901552355a3d57d9b8e23b31cd0edfd28db8b2bb
-SHA1 (patch-ah) = 7702da73f3a457ee381542b454d19b1f4b421e01
+SHA1 (patch-ag) = 5e3e822657925a77fbccaca63f283863a1cc6d94
+SHA1 (patch-ah) = a25cb7fa3d1f5b9fb99493a4348fdba69d3d4728
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
 SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
 SHA1 (patch-an) = 8f4174627b8cb5f8bfbc59413c95f71e26b9e602
@@ -16,9 +16,3 @@ SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
 SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df
 SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
 SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
-SHA1 (patch-ay) = 7ae502db6574a91fcbb487d37c14a5de644b01b6
-SHA1 (patch-az) = 04e69038e693cc72fb0f67ce04dd1778dacb1756
-SHA1 (patch-ba) = d9483f61b19c297eced12ae3d84d5163e33327b4
-SHA1 (patch-bb) = abbc8747e520d3665d3bcccf9c87741ecc6dc210
-SHA1 (patch-bc) = 9cb2e7fcd6f91d3382a69d68a80d72fdb8fbf2a7
-SHA1 (patch-bd) = 85c891ada42c062b365051b43a3b53c33fa39a92
diff --git a/lang/php5/patches/patch-ag b/lang/php5/patches/patch-ag
index d24403b2091..b725e2edfcb 100644
--- a/lang/php5/patches/patch-ag
+++ b/lang/php5/patches/patch-ag
@@ -1,10 +1,8 @@
-$NetBSD: patch-ag,v 1.2.34.1 2009/11/30 23:10:20 tron Exp $
+$NetBSD: patch-ag,v 1.2.34.2 2009/12/23 19:09:51 spz Exp $
 
 * Ajust for pkgsrc.
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
-	http://svn.php.net/viewvc?view=revision&revision=289990
 
---- php.ini-dist.orig	2009-02-14 01:55:18.000000000 +0900
+--- php.ini-dist.orig	2009-11-05 13:29:34.000000000 +0000
 +++ php.ini-dist
 @@ -471,7 +471,7 @@ default_mimetype = "text/html"
  ;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -27,7 +25,7 @@ $NetBSD: patch-ag,v 1.2.34.1 2009/11/30 23:10:20 tron Exp $
  
  ; Whether or not to enable the dl() function.  The dl() function does NOT work
  ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -546,11 +547,13 @@ file_uploads = On
+@@ -546,7 +547,7 @@ file_uploads = On
  
  ; Temporary directory for HTTP uploaded files (will use system default if not
  ; specified).
@@ -36,9 +34,3 @@ $NetBSD: patch-ag,v 1.2.34.1 2009/11/30 23:10:20 tron Exp $
  
  ; Maximum allowed size for uploaded files.
  upload_max_filesize = 2M
- 
-+; Maximum number of files that can be uploaded via a single request
-+max_file_uploads = 100
- 
- ;;;;;;;;;;;;;;;;;;
- ; Fopen wrappers ;
diff --git a/lang/php5/patches/patch-ah b/lang/php5/patches/patch-ah
index 5d4f73c3cec..5ec67f41188 100644
--- a/lang/php5/patches/patch-ah
+++ b/lang/php5/patches/patch-ah
@@ -1,10 +1,8 @@
-$NetBSD: patch-ah,v 1.1.36.1 2009/11/30 23:10:20 tron Exp $
+$NetBSD: patch-ah,v 1.1.36.2 2009/12/23 19:09:51 spz Exp $
 
 * Ajust for pkgsrc.
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
-	http://svn.php.net/viewvc?view=revision&revision=289990
 
---- php.ini-recommended.orig	2009-03-02 13:44:35.000000000 +0900
+--- php.ini-recommended.orig	2009-11-05 13:29:34.000000000 +0000
 +++ php.ini-recommended
 @@ -522,7 +522,7 @@ default_mimetype = "text/html"
  ;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -27,7 +25,7 @@ $NetBSD: patch-ah,v 1.1.36.1 2009/11/30 23:10:20 tron Exp $
  
  ; Whether or not to enable the dl() function.  The dl() function does NOT work
  ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -597,11 +598,13 @@ file_uploads = On
+@@ -597,7 +598,7 @@ file_uploads = On
  
  ; Temporary directory for HTTP uploaded files (will use system default if not
  ; specified).
@@ -36,9 +34,3 @@ $NetBSD: patch-ah,v 1.1.36.1 2009/11/30 23:10:20 tron Exp $
  
  ; Maximum allowed size for uploaded files.
  upload_max_filesize = 2M
- 
-+; Maximum number of files that can be uploaded via a single request
-+max_file_uploads = 100
- 
- ;;;;;;;;;;;;;;;;;;
- ; Fopen wrappers ;
diff --git a/lang/php5/patches/patch-ay b/lang/php5/patches/patch-ay
deleted file mode 100644
index 2d6c27d875f..00000000000
--- a/lang/php5/patches/patch-ay
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-ay,v 1.1.2.3 2009/11/30 23:10:20 tron Exp $
-
-* Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
-	http://svn.php.net/viewvc?view=revision&revision=289557
-
---- ext/gd/libgd/gd_gd.c.orig	2007-08-09 23:21:38.000000000 +0900
-+++ ext/gd/libgd/gd_gd.c
-@@ -39,6 +39,9 @@ int _gdGetColors (gdIOCtx * in, gdImageP
- 			if (!gdGetWord(&im->colorsTotal, in)) {
- 				goto fail1;
- 			}
-+			if (im->colorsTotal > gdMaxColors) {
-+				goto fail1;
-+			}
- 		}
- 		/* Int to accommodate truecolor single-color transparency */
- 		if (!gdGetInt(&im->transparent, in)) {
diff --git a/lang/php5/patches/patch-az b/lang/php5/patches/patch-az
deleted file mode 100644
index 184f591054b..00000000000
--- a/lang/php5/patches/patch-az
+++ /dev/null
@@ -1,373 +0,0 @@
-$NetBSD$
-
-* Fix for htmlspecialchars():
-	http://svn.php.net/viewvc?view=revision&revision=289411
-	http://svn.php.net/viewvc?view=revision&revision=289554
-	http://svn.php.net/viewvc?view=revision&revision=289565
-	http://svn.php.net/viewvc?view=revision&revision=289567
-	http://svn.php.net/viewvc?view=revision&revision=289605
-
---- ext/standard/html.c.orig	2008-12-31 20:17:49.000000000 +0900
-+++ ext/standard/html.c
-@@ -484,15 +484,31 @@ struct basic_entities_dec {
- 			}                        \
- 			mbseq[mbpos++] = (mbchar); }
- 
--#define CHECK_LEN(pos, chars_need)			\
--	if((str_len - (pos)) < chars_need) {	\
--		*status = FAILURE;					\
--		return 0;							\
-+/* skip one byte and return */
-+#define MB_FAILURE(pos) do {	\
-+		*newpos = pos + 1;		\
-+		*status = FAILURE;		\
-+		return 0;				\
-+	} while (0)
-+
-+#define CHECK_LEN(pos, chars_need)				\
-+	if (chars_need < 1) {						\
-+		if((str_len - (pos)) < chars_need) {	\
-+			*newpos = pos;						\
-+			*status = FAILURE;					\
-+			return 0;							\
-+		}										\
-+	} else {									\
-+		if((str_len - (pos)) < chars_need) {	\
-+			*newpos = pos + 1;					\
-+			*status = FAILURE;					\
-+			return 0;							\
-+		}										\
- 	}
- 
- /* {{{ get_next_char
-  */
--inline static unsigned short get_next_char(enum entity_charset charset,
-+inline static unsigned int get_next_char(enum entity_charset charset,
- 		unsigned char * str,
- 		int str_len,
- 		int * newpos,
-@@ -503,205 +519,189 @@ inline static unsigned short get_next_ch
- 	int pos = *newpos;
- 	int mbpos = 0;
- 	int mbspace = *mbseqlen;
--	unsigned short this_char = str[pos++];
-+	unsigned int this_char = 0;
- 	unsigned char next_char;
- 
- 	*status = SUCCESS;
--	
-+
- 	if (mbspace <= 0) {
- 		*mbseqlen = 0;
--		return this_char;
-+		CHECK_LEN(pos, 1);
-+		*newpos = pos + 1;
-+		*newpos = pos + 1;
- 	}
--	
--	MB_WRITE((unsigned char)this_char);
--	
-+
- 	switch (charset) {
- 		case cs_utf_8:
- 			{
--				unsigned long utf = 0;
--				int stat = 0;
--				int more = 1;
--
--				/* unpack utf-8 encoding into a wide char.
--				 * Code stolen from the mbstring extension */
--
--				do {
--					if (this_char < 0x80) {
--						more = 0;
--						if(stat) {
--							/* we didn't finish the UTF sequence correctly */
--							*status = FAILURE;
--						}
--						break;
--					} else if (this_char < 0xc0) {
--						switch (stat) {
--							case 0x10:	/* 2, 2nd */
--							case 0x21:	/* 3, 3rd */
--							case 0x32:	/* 4, 4th */
--							case 0x43:	/* 5, 5th */
--							case 0x54:	/* 6, 6th */
--								/* last byte in sequence */
--								more = 0;
--								utf |= (this_char & 0x3f);
--								this_char = (unsigned short)utf;
--								break;
--							case 0x20:	/* 3, 2nd */
--							case 0x31:	/* 4, 3rd */
--							case 0x42:	/* 5, 4th */
--							case 0x53:	/* 6, 5th */
--								/* penultimate char */
--								utf |= ((this_char & 0x3f) << 6);
--								stat++;
--								break;
--							case 0x30:	/* 4, 2nd */
--							case 0x41:	/* 5, 3rd */
--							case 0x52:	/* 6, 4th */
--								utf |= ((this_char & 0x3f) << 12);
--								stat++;
--								break;
--							case 0x40:	/* 5, 2nd */
--							case 0x51:
--								utf |= ((this_char & 0x3f) << 18);
--								stat++;
--								break;
--							case 0x50:	/* 6, 2nd */
--								utf |= ((this_char & 0x3f) << 24);
--								stat++;
--								break;
--							default:
--								/* invalid */
--								*status = FAILURE;
--								more = 0;
--						}
--					}
--					/* lead byte */
--					else if (this_char < 0xe0) {
--						stat = 0x10;	/* 2 byte */
--						utf = (this_char & 0x1f) << 6;
--						CHECK_LEN(pos, 1);
--					} else if (this_char < 0xf0) {
--						stat = 0x20;	/* 3 byte */
--						utf = (this_char & 0xf) << 12;
--						CHECK_LEN(pos, 2);
--					} else if (this_char < 0xf8) {
--						stat = 0x30;	/* 4 byte */
--						utf = (this_char & 0x7) << 18;
--						CHECK_LEN(pos, 3);
--					} else if (this_char < 0xfc) {
--						stat = 0x40;	/* 5 byte */
--						utf = (this_char & 0x3) << 24;
--						CHECK_LEN(pos, 4);
--					} else if (this_char < 0xfe) {
--						stat = 0x50;	/* 6 byte */
--						utf = (this_char & 0x1) << 30;
--						CHECK_LEN(pos, 5);
--					} else {
--						/* invalid; bail */
--						more = 0;
--						*status = FAILURE;
--						break;
-+				unsigned char c;
-+				CHECK_LEN(pos, 1);
-+				c = str[pos];
-+				if (c < 0x80) {
-+					MB_WRITE(c);
-+					this_char = c;
-+					pos++;
-+				} else if (c < 0xc0) {
-+					MB_FAILURE(pos);
-+				} else if (c < 0xe0) {
-+					CHECK_LEN(pos, 2);
-+					if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) {
-+						MB_FAILURE(pos);
- 					}
--
--					if (more) {
--						this_char = str[pos++];
--						MB_WRITE((unsigned char)this_char);
-+					this_char = ((c & 0x1f) << 6) | (str[pos + 1] & 0x3f);
-+					if (this_char < 0x80) {
-+						MB_FAILURE(pos);
- 					}
--				} while (more);
-+					MB_WRITE((unsigned char)c);
-+					MB_WRITE((unsigned char)str[pos + 1]);
-+					pos += 2;
-+				} else if (c < 0xf0) {
-+					CHECK_LEN(pos, 3);
-+					if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) {
-+						MB_FAILURE(pos);
-+					}
-+					if (str[pos + 2] < 0x80 || str[pos + 2] > 0xbf) {
-+						MB_FAILURE(pos);
-+					}
-+					this_char = ((c & 0x0f) << 12) | ((str[pos + 1] & 0x3f) << 6) | (str[pos + 2] & 0x3f);
-+					if (this_char < 0x800) {
-+						MB_FAILURE(pos);
-+					}
-+					MB_WRITE((unsigned char)c);
-+					MB_WRITE((unsigned char)str[pos + 1]);
-+					MB_WRITE((unsigned char)str[pos + 2]);
-+					pos += 3;
-+				} else if (c < 0xf8) {
-+					CHECK_LEN(pos, 4);
-+					if (str[pos + 1] < 0x80 || str[pos + 1] > 0xbf) {
-+						MB_FAILURE(pos);
-+					}
-+					if (str[pos + 2] < 0x80 || str[pos + 2] > 0xbf) {
-+						MB_FAILURE(pos);
-+					}
-+					if (str[pos + 3] < 0x80 || str[pos + 3] > 0xbf) {
-+						MB_FAILURE(pos);
-+					}
-+					this_char = ((c & 0x07) << 18) | ((str[pos + 1] & 0x3f) << 12) | ((str[pos + 2] & 0x3f) << 6) | (str[pos + 3] & 0x3f);
-+					if (this_char < 0x10000) {
-+						MB_FAILURE(pos);
-+					}
-+					MB_WRITE((unsigned char)c);
-+					MB_WRITE((unsigned char)str[pos + 1]);
-+					MB_WRITE((unsigned char)str[pos + 2]);
-+					MB_WRITE((unsigned char)str[pos + 3]);
-+					pos += 4;
-+				} else {
-+					MB_FAILURE(pos);
-+				}
- 			}
- 			break;
- 		case cs_big5:
- 		case cs_gb2312:
- 		case cs_big5hkscs:
- 			{
-+				CHECK_LEN(pos, 1);
-+				this_char = str[pos++];
- 				/* check if this is the first of a 2-byte sequence */
--				if (this_char >= 0xa1 && this_char <= 0xfe) {
-+				if (this_char >= 0x81 && this_char <= 0xfe) {
- 					/* peek at the next char */
- 					CHECK_LEN(pos, 1);
--					next_char = str[pos];
-+					next_char = str[pos++];
- 					if ((next_char >= 0x40 && next_char <= 0x7e) ||
- 							(next_char >= 0xa1 && next_char <= 0xfe)) {
- 						/* yes, this a wide char */
--						this_char <<= 8;
-+						MB_WRITE(this_char); 
- 						MB_WRITE(next_char);
--						this_char |= next_char;
--						pos++;
-+						this_char = (this_char << 8) | next_char;
-+					} else {
-+						MB_FAILURE(pos);
- 					}
--					
-+				} else {
-+					MB_WRITE(this_char);
- 				}
--				break;
- 			}
-+			break;
- 		case cs_sjis:
- 			{
-+				CHECK_LEN(pos, 1);
-+				this_char = str[pos++];
- 				/* check if this is the first of a 2-byte sequence */
--				if ( (this_char >= 0x81 && this_char <= 0x9f) ||
--					 (this_char >= 0xe0 && this_char <= 0xef)
--					) {
-+				if ((this_char >= 0x81 && this_char <= 0x9f) ||
-+					(this_char >= 0xe0 && this_char <= 0xfc)) {
- 					/* peek at the next char */
- 					CHECK_LEN(pos, 1);
--					next_char = str[pos];
-+					next_char = str[pos++];
- 					if ((next_char >= 0x40 && next_char <= 0x7e) ||
- 						(next_char >= 0x80 && next_char <= 0xfc))
- 					{
- 						/* yes, this a wide char */
--						this_char <<= 8;
-+						MB_WRITE(this_char);
- 						MB_WRITE(next_char);
--						this_char |= next_char;
--						pos++;
-+						this_char = (this_char << 8) | next_char;
-+					} else {
-+						MB_FAILURE(pos);
- 					}
--					
-+				} else {
-+					MB_WRITE(this_char);
- 				}
- 				break;
- 			}
- 		case cs_eucjp:
- 			{
-+				CHECK_LEN(pos, 1);
-+				this_char = str[pos++];
- 				/* check if this is the first of a multi-byte sequence */
- 				if (this_char >= 0xa1 && this_char <= 0xfe) {
- 					/* peek at the next char */
- 					CHECK_LEN(pos, 1);
--					next_char = str[pos];
-+					next_char = str[pos++];
- 					if (next_char >= 0xa1 && next_char <= 0xfe) {
- 						/* yes, this a jis kanji char */
--						this_char <<= 8;
-+						MB_WRITE(this_char);
- 						MB_WRITE(next_char);
--						this_char |= next_char;
--						pos++;
-+						this_char = (this_char << 8) | next_char;
-+					} else {
-+						MB_FAILURE(pos);
- 					}
--					
- 				} else if (this_char == 0x8e) {
- 					/* peek at the next char */
- 					CHECK_LEN(pos, 1);
--					next_char = str[pos];
-+					next_char = str[pos++];
- 					if (next_char >= 0xa1 && next_char <= 0xdf) {
- 						/* JIS X 0201 kana */
--						this_char <<= 8;
-+						MB_WRITE(this_char);
- 						MB_WRITE(next_char);
--						this_char |= next_char;
--						pos++;
-+						this_char = (this_char << 8) | next_char;
-+					} else {
-+						MB_FAILURE(pos);
- 					}
--					
- 				} else if (this_char == 0x8f) {
- 					/* peek at the next two char */
- 					unsigned char next2_char;
- 					CHECK_LEN(pos, 2);
- 					next_char = str[pos];
--					next2_char = str[pos+1];
-+					next2_char = str[pos + 1];
-+					pos += 2;
- 					if ((next_char >= 0xa1 && next_char <= 0xfe) &&
- 						(next2_char >= 0xa1 && next2_char <= 0xfe)) {
- 						/* JIS X 0212 hojo-kanji */
--						this_char <<= 8;
-+						MB_WRITE(this_char);
- 						MB_WRITE(next_char);
--						this_char |= next_char;
--						pos++;
--						this_char <<= 8;
- 						MB_WRITE(next2_char);
--						this_char |= next2_char;
--						pos++;
-+						this_char = (this_char << 16) | (next_char << 8) | next2_char;
-+					} else {
-+						MB_FAILURE(pos);
- 					}
--					
-+				} else {
-+					MB_WRITE(this_char);
- 				}
- 				break;
- 			}
- 		default:
-+			/* single-byte charsets */
-+			CHECK_LEN(pos, 1);
-+			this_char = str[pos++];
-+			MB_WRITE(this_char);
- 			break;
- 	}
- 	MB_RETURN;
-@@ -1132,7 +1132,7 @@ PHPAPI char *php_escape_html_entities_ex
- 		unsigned char mbsequence[16];	/* allow up to 15 characters in a multibyte sequence */
- 		int mbseqlen = sizeof(mbsequence);
- 		int status = SUCCESS;
--		unsigned short this_char = get_next_char(charset, old, oldlen, &i, mbsequence, &mbseqlen, &status);
-+		unsigned int this_char = get_next_char(charset, old, oldlen, &i, mbsequence, &mbseqlen, &status);
- 
- 		if(status == FAILURE) {
- 			/* invalid MB sequence */
diff --git a/lang/php5/patches/patch-ba b/lang/php5/patches/patch-ba
deleted file mode 100644
index 36f0ac78796..00000000000
--- a/lang/php5/patches/patch-ba
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD: patch-ba,v 1.1.2.2 2009/11/30 23:10:20 tron Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558:
-	http://svn.php.net/viewvc?view=revision&revision=288934
-
---- ext/posix/posix.c.orig	2009-08-06 20:11:15.000000000 +0900
-+++ ext/posix/posix.c
-@@ -679,7 +679,8 @@ PHP_FUNCTION(posix_mkfifo)
- 		RETURN_FALSE;
- 	}
- 
--	if (PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
-+	if (php_check_open_basedir_ex(path, 0 TSRMLS_CC) ||
-+		(PG(safe_mode) && (!php_checkuid(path, NULL, CHECKUID_ALLOW_ONLY_DIR))) {
- 		RETURN_FALSE;
- 	}
- 
diff --git a/lang/php5/patches/patch-bb b/lang/php5/patches/patch-bb
deleted file mode 100644
index 07c69816914..00000000000
--- a/lang/php5/patches/patch-bb
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-bb,v 1.1.2.2 2009/11/30 23:10:20 tron Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557:
-	http://svn.php.net/viewvc?view=revision&revision=288945
-	http://svn.php.net/viewvc?view=revision&revision=288971
-
---- ext/standard/file.c.orig	2009-11-30 10:04:51.000000000 +0900
-+++ ext/standard/file.c
-@@ -838,6 +838,10 @@ PHP_FUNCTION(tempnam)
- 	convert_to_string_ex(arg1);
- 	convert_to_string_ex(arg2);
- 
-+	if (PG(safe_mode) &&(!php_checkuid(Z_STRVAL_PP(arg1), NULL, CHECKUID_ALLOW_ONLY_DIR))) {
-+		RETURN_FALSE;
-+	}
-+
- 	if (php_check_open_basedir(Z_STRVAL_PP(arg1) TSRMLS_CC)) {
- 		RETURN_FALSE;
- 	}
diff --git a/lang/php5/patches/patch-bc b/lang/php5/patches/patch-bc
deleted file mode 100644
index 6377089a28a..00000000000
--- a/lang/php5/patches/patch-bc
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-bc,v 1.1.2.2 2009/11/30 23:10:20 tron Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
-	http://svn.php.net/viewvc?view=revision&revision=289990
-
---- main/main.c.orig	2009-11-30 10:04:51.000000000 +0900
-+++ main/main.c
-@@ -455,6 +455,7 @@ PHP_INI_BEGIN()
- 	PHP_INI_ENTRY("mail.force_extra_parameters",NULL,		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnChangeMailForceExtra)
- 	PHP_INI_ENTRY("disable_functions",			"",			PHP_INI_SYSTEM,		NULL)
- 	PHP_INI_ENTRY("disable_classes",			"",			PHP_INI_SYSTEM,		NULL)
-+	PHP_INI_ENTRY("max_file_uploads",			"100",		PHP_INI_SYSTEM,		NULL)
- 
- 	STD_PHP_INI_BOOLEAN("allow_url_fopen",		"1",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_fopen,		php_core_globals,	core_globals)
- 	STD_PHP_INI_BOOLEAN("allow_url_include",	"0",		PHP_INI_SYSTEM,		OnUpdateBool,		allow_url_include,		php_core_globals,	core_globals)
diff --git a/lang/php5/patches/patch-bd b/lang/php5/patches/patch-bd
deleted file mode 100644
index 7032c8ee22b..00000000000
--- a/lang/php5/patches/patch-bd
+++ /dev/null
@@ -1,46 +0,0 @@
-$NetBSD: patch-bd,v 1.1.2.2 2009/11/30 23:10:20 tron Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017:
-	http://svn.php.net/viewvc?view=revision&revision=289990
-	http://svn.php.net/viewvc?view=revision&revision=290820
-	http://svn.php.net/viewvc?view=revision&revision=290885
-
---- main/rfc1867.c.orig	2008-12-31 20:17:49.000000000 +0900
-+++ main/rfc1867.c
-@@ -32,6 +32,7 @@
- #include "php_globals.h"
- #include "php_variables.h"
- #include "rfc1867.h"
-+#include "php_ini.h"
- 
- #define DEBUG_FILE_UPLOAD ZEND_DEBUG
- 
-@@ -794,8 +795,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
- 	zend_llist header;
- 	void *event_extra_data = NULL;
- 	int llen = 0;
-+	int upload_cnt = INI_INT("max_file_uploads");
- 
--	if (SG(request_info).content_length > SG(post_max_size)) {
-+	if (SG(post_max_size) > 0 && SG(request_info).content_length > SG(post_max_size)) {
- 		sapi_module.sapi_error(E_WARNING, "POST Content-Length of %ld bytes exceeds the limit of %ld bytes", SG(request_info).content_length, SG(post_max_size));
- 		return;
- 	}
-@@ -972,6 +974,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
- 			/* If file_uploads=off, skip the file part */
- 			if (!PG(file_uploads)) {
- 				skip_upload = 1;
-+			} else if (upload_cnt <= 0) {
-+				skip_upload = 1;
-+				sapi_module.sapi_error(E_WARNING, "Maximum number of allowable file uploads has been exceeded");
- 			}
- 
- 			/* Return with an error if the posted data is garbled */
-@@ -1016,6 +1021,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_
- 			if (!skip_upload) {
- 				/* Handle file */
- 				fd = php_open_temporary_fd_ex(PG(upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC);
-+				upload_cnt--;
- 				if (fd==-1) {
- 					sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file");
- 					cancel_upload = UPLOAD_ERROR_E;
diff --git a/textproc/php5-xsl/Makefile b/textproc/php5-xsl/Makefile
index 0ecbc7bf9d5..968280b548d 100644
--- a/textproc/php5-xsl/Makefile
+++ b/textproc/php5-xsl/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.12 2009/10/09 03:06:51 taca Exp $
+# $NetBSD: Makefile,v 1.12.2.1 2009/12/23 19:09:51 spz Exp $
 
 MODNAME=		xsl
-PKGREVISION=		1
 CATEGORIES+=		textproc
 COMMENT=		PHP5 extension for XSLT functions