Pullup ticket #3362 - requested by taca

archivers/php-zip: security patch
graphics/php-exif: security patch
lang/php5: security patch
lang/php53: security patch

Revisions pulled up:
- archivers/php-zip/Makefile					1.12-1.13
- graphics/php-exif/Makefile					1.9-1.10
- lang/php5/Makefile						1.82-1.83
- lang/php5/Makefile.php					1.43-1.44
- lang/php5/distinfo						1.86-1.87
- lang/php5/patches/patch-ext_exif_exif.c			1.1
- lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c	1.1
- lang/php5/patches/patch-ext_zip_php__zip.c			1.1
- lang/php53/Makefile						1.7
- lang/php53/Makefile.php					1.5
- lang/php53/distinfo						1.12
- lang/php53/patches/patch-ext_exif_exif.c			1.1
- lang/php53/patches/patch-ext_zip_lib_zip__name__locate.c	1.1
- lang/php53/patches/patch-ext_zip_php__zip.c			1.1
---
Module Name:	pkgsrc
Committed By:	shattered
Date:		Tue Feb 15 20:52:24 UTC 2011

Modified Files:
	pkgsrc/lang/php5: Makefile Makefile.php

Log Message:
Re-enable DL_AUTO_VARS -- makes PHP CLI work again with extensions that
are linked to pthread (like mysql.so).
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 21 16:21:17 UTC 2011

Modified Files:
	pkgsrc/lang/php5: Makefile.php distinfo

Log Message:
Re-enable suhosin patch as php53.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 21 16:23:58 UTC 2011

Modified Files:
	pkgsrc/lang/php53: Makefile.php

Log Message:
Re-enable DL_AUTO_VARS as php5 package.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 21 16:25:33 UTC 2011

Modified Files:
	pkgsrc/lang/php5: Makefile
Added Files:
	pkgsrc/lang/php5/patches: patch-ext_exif_exif.c
	    patch-ext_zip_lib_zip__name__locate.c patch-ext_zip_php__zip.c

Log Message:
Add patches to fix SA43328.

Bump PKGREVISION.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 21 16:26:50 UTC 2011

Modified Files:
	pkgsrc/lang/php5: distinfo

Log Message:
Regen distinfo.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 21 16:29:15 UTC 2011

Modified Files:
	pkgsrc/lang/php53: Makefile

Log Message:
Bump PKGREVISION for DL_AUTO_VARS.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 21 16:30:44 UTC 2011

Modified Files:
	pkgsrc/archivers/php-zip: Makefile
	pkgsrc/graphics/php-exif: Makefile

Log Message:
Bump PKGREVISION reflects fix of SA43328.
---

Module Name:	pkgsrc
Committed By:	taca
Date:		Mon Feb 21 16:38:40 UTC 2011

Modified Files:
	pkgsrc/lang/php53: distinfo
Added Files:
	pkgsrc/lang/php53/patches: patch-ext_exif_exif.c
	    patch-ext_zip_lib_zip__name__locate.c patch-ext_zip_php__zip.c

Log Message:
Oops, it should be commit before CHANGE-2011 update.

Add Add patches to fix SA43328.
---
Module Name:	pkgsrc
Committed By:	taca
Date:		Tue Feb 22 07:36:08 UTC 2011

Modified Files:
	pkgsrc/archivers/php-zip: Makefile
	pkgsrc/graphics/php-exif: Makefile

Log Message:
Add missing USE_PHP_EXT_PATCHES to apply patches really.

14 files changed, 550 insertions, 10 deletions

diff --git a/archivers/php-zip/Makefile b/archivers/php-zip/Makefile
index 5fc9d21a5f2..71cb57a1b08 100644
--- a/archivers/php-zip/Makefile
+++ b/archivers/php-zip/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.11 2010/03/02 14:46:51 taca Exp $
+# $NetBSD: Makefile,v 1.11.8.1 2011/02/23 19:12:53 tron Exp $
 
 MODNAME=		zip
+PKGREVISION=		2
 CATEGORIES+=		archivers
 COMMENT=		PHP extension for ZIP archive handling
 
@@ -10,6 +11,7 @@ PKG_DESTDIR_SUPPORT=	user-destdir
 
 CONFIGURE_ARGS+=	--enable-zip
 CONFIGURE_ARGS+=	--with-zlib-dir=${BUILDLINK_PREFIX.zlib}
+USE_PHP_EXT_PATCHES=	yes
 
 # Remove these PKGNAME tweak after PHP 5.2.14 release
 .include "../../lang/php/phpversion.mk"
diff --git a/graphics/php-exif/Makefile b/graphics/php-exif/Makefile
index 59315fee724..9c77a8aa267 100644
--- a/graphics/php-exif/Makefile
+++ b/graphics/php-exif/Makefile
@@ -1,12 +1,14 @@
-# $NetBSD: Makefile,v 1.8 2010/02/27 03:35:12 taca Exp $
+# $NetBSD: Makefile,v 1.8.8.1 2011/02/23 19:12:53 tron Exp $
 
 MODNAME=		exif
+PKGREVISION=		2
 CATEGORIES+=		graphics
 COMMENT=		PHP extension to extract information from EXIF headers
 
 PKG_DESTDIR_SUPPORT=	user-destdir
 
 CONFIGURE_ARGS+=	--with-${MODNAME}=shared
+USE_PHP_EXT_PATCHES=	yes
 
 .include "../../lang/php/ext.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index 6af89b7142c..f70e47ecb2a 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.81 2010/12/13 13:15:45 taca Exp $
+# $NetBSD: Makefile,v 1.81.2.1 2011/02/23 19:12:53 tron Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		2
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
diff --git a/lang/php5/Makefile.php b/lang/php5/Makefile.php
index 9e1e3606ed2..9ae26a6324b 100644
--- a/lang/php5/Makefile.php
+++ b/lang/php5/Makefile.php
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.42 2010/07/24 22:23:15 tron Exp $
+# $NetBSD: Makefile.php,v 1.42.4.1 2011/02/23 19:12:53 tron Exp $
 #
 
 .include "../../lang/php5/Makefile.common"
@@ -56,8 +56,8 @@ SUBST_MESSAGE.ini=	Fixing default ini files.
 .include "../../mk/bsd.options.mk"
 
 .if !empty(PKG_OPTIONS:Msuhosin)
-SUHOSIN_PHPVER=		5.2.14
-. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS}
+SUHOSIN_PHPVER=		5.2.16
+. if ${SUHOSIN_PHPVER} != ${PHP_BASE_VERS} && (${SUHOSIN_PHPVER} != "5.2.16" || ${PHP_BASE_VERS} != "5.2.17")
 PKG_FAIL_REASON+=	"The suhosin patch is currently not available for"
 PKG_FAIL_REASON+=	"this version of PHP.  You may have to wait until"
 PKG_FAIL_REASON+=	"an updated patch is released or temporarily"
@@ -93,3 +93,6 @@ CONFIGURE_ARGS+=	--without-openssl
 .if !empty(PKG_OPTIONS:Mmaintainer-zts)
 CONFIGURE_ARGS+=	--enable-maintainer-zts
 .endif
+
+DL_AUTO_VARS=		yes
+.include "../../mk/dlopen.buildlink3.mk"
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 38d535c5ad8..f6697b4811f 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.84 2011/01/07 09:16:26 taca Exp $
+$NetBSD: distinfo,v 1.84.2.1 2011/02/23 19:12:53 tron Exp $
 
 SHA1 (php-5.2.17/php-5.2.17.tar.bz2) = d68f3b09f766990d815a3c4c63c157db8dab8095
 RMD160 (php-5.2.17/php-5.2.17.tar.bz2) = 567fa8d718b93fb83a89494c83a8bec224ac99e9
 Size (php-5.2.17/php-5.2.17.tar.bz2) = 9092312 bytes
+SHA1 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = fec10b2b81582d06bb0d0a96ea55c525afc8ab29
+RMD160 (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = b28b70faf136b3e04c5b483da0f4c2279378f43a
+Size (php-5.2.17/suhosin-patch-5.2.16-0.9.7.patch.gz) = 23069 bytes
 SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
 SHA1 (patch-ab) = feeb73834db284e8b3acabc11fb4c934837cb13f
 SHA1 (patch-af) = 68c5a31dccf1854ba1aff653e4c524767d6a64f6
@@ -15,3 +18,6 @@ SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
 SHA1 (patch-aq) = 0c9d48547da2fa80aa8357d23ad8505d1c0330df
 SHA1 (patch-ar) = 2d74ec926cc00bfbb67d16210af78c33ad9ac38d
 SHA1 (patch-as) = f7ce5caffe2acdd1f8e9fc8ae6c7ba1d8c6a25c1
+SHA1 (patch-ext_exif_exif.c) = 0a6ab268751e633510cb6b334b1bdb84a014b528
+SHA1 (patch-ext_zip_lib_zip__name__locate.c) = 4030e37ae4f93dbcb1a3a937a5407c2c406a49d6
+SHA1 (patch-ext_zip_php__zip.c) = 134fa566a689d72d63a2fa0aa5c96c4595619089
diff --git a/lang/php5/patches/patch-ext_exif_exif.c b/lang/php5/patches/patch-ext_exif_exif.c
new file mode 100644
index 00000000000..b44d9b40b0e
--- /dev/null
+++ b/lang/php5/patches/patch-ext_exif_exif.c
@@ -0,0 +1,63 @@
+$NetBSD: patch-ext_exif_exif.c,v 1.1.2.2 2011/02/23 19:12:54 tron Exp $
+
+Catch up to r308362 from PHP's repogitry for SA43328.
+
+--- ext/exif/exif.c.orig	2010-01-03 09:23:27.000000000 +0000
++++ ext/exif/exif.c
+@@ -40,6 +40,16 @@
+ #include "php.h"
+ #include "ext/standard/file.h"
+ 
++#ifdef HAVE_STDINT_H
++# include <stdint.h>
++#endif
++#ifdef HAVE_INTTYPES_H
++# include <inttypes.h>
++#endif
++#ifdef PHP_WIN32
++# include "win32/php_stdint.h"
++#endif
++
+ #if HAVE_EXIF
+ 
+ /* When EXIF_DEBUG is defined the module generates a lot of debug messages
+@@ -2826,6 +2836,7 @@ static int exif_process_IFD_TAG(image_in
+ 	int tag, format, components;
+ 	char *value_ptr, tagname[64], cbuf[32], *outside=NULL;
+ 	size_t byte_count, offset_val, fpos, fgot;
++	int64_t byte_count_signed;
+ 	xp_field_type *tmp_xp;
+ #ifdef EXIF_DEBUG
+ 	char *dump_data;
+@@ -2850,13 +2861,20 @@ static int exif_process_IFD_TAG(image_in
+ 		/*return TRUE;*/
+ 	}
+ 
+-	byte_count = components * php_tiff_bytes_per_format[format];
++	if (components < 0) {
++		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components);
++		return FALSE;
++	}
++
++	byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format];
+ 
+-	if ((ssize_t)byte_count < 0) {
+-		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
++	if (byte_count_signed < 0 || (byte_count_signed > INT32_MAX)) {
++		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC));
+ 		return FALSE;
+ 	}
+ 
++	byte_count = (size_t)byte_count_signed;
++
+ 	if (byte_count > 4) {
+ 		offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
+ 		/* If its bigger than 4 bytes, the dir entry contains an offset. */
+@@ -2921,6 +2939,7 @@ static int exif_process_IFD_TAG(image_in
+ 		efree(dump_data);
+ 	}
+ #endif
++
+ 	if (section_index==SECTION_THUMBNAIL) {
+ 		if (!ImageInfo->Thumbnail.data) {
+ 			switch(tag) {
diff --git a/lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c b/lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c
new file mode 100644
index 00000000000..f22391e294d
--- /dev/null
+++ b/lang/php5/patches/patch-ext_zip_lib_zip__name__locate.c
@@ -0,0 +1,17 @@
+$NetBSD: patch-ext_zip_lib_zip__name__locate.c,v 1.1.2.2 2011/02/23 19:12:54 tron Exp $
+
+Catch up to r307867 from PHP's repogitry for SA43328.
+
+--- ext/zip/lib/zip_name_locate.c.orig	2008-10-23 16:13:51.000000000 +0000
++++ ext/zip/lib/zip_name_locate.c
+@@ -60,6 +60,10 @@ _zip_name_locate(struct zip *za, const c
+ 	return -1;
+     }
+ 
++    if((flags & ZIP_FL_UNCHANGED)  && !za->cdir) {
++	return -1;
++    }
++
+     cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;
+ 
+     n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;
diff --git a/lang/php5/patches/patch-ext_zip_php__zip.c b/lang/php5/patches/patch-ext_zip_php__zip.c
new file mode 100644
index 00000000000..5024a161728
--- /dev/null
+++ b/lang/php5/patches/patch-ext_zip_php__zip.c
@@ -0,0 +1,92 @@
+$NetBSD: patch-ext_zip_php__zip.c,v 1.1.2.2 2011/02/23 19:12:54 tron Exp $
+
+Catch up to r308107 from PHP's repository.
+
+--- ext/zip/php_zip.c.orig	2010-11-30 11:04:06.000000000 +0000
++++ ext/zip/php_zip.c
+@@ -436,7 +436,7 @@ static int php_zip_extract_file(struct z
+ 			len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file_dirname);
+ 		}
+ 
+-		php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (unsigned int *)&file_basename_len TSRMLS_CC);
++		php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
+ 
+ 		if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
+ 			efree(file_dirname_fullpath);
+@@ -447,7 +447,7 @@ static int php_zip_extract_file(struct z
+ 	}
+ 
+ 	/* let see if the path already exists */
+-	if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
++	if (php_stream_stat_path_ex(file_dirname_fullpath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
+ 
+ #if defined(PHP_WIN32) && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 1)
+ 		char *e;
+@@ -483,9 +483,14 @@ static int php_zip_extract_file(struct z
+ 		efree(file_dirname_fullpath);
+ 		efree(file_basename);
+ 		free(new_state.cwd);
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot build full extract path");
+ 		return 0;
+ 	} else if (len > MAXPATHLEN) {
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++		efree(file_dirname_fullpath);
++		efree(file_basename);
++		free(new_state.cwd);
++		return 0;
+ 	}
+ 
+ 	/* check again the full path, not sure if it
+@@ -500,27 +505,42 @@ static int php_zip_extract_file(struct z
+ 		return 0;
+ 	}
+ 
++#if PHP_API_VERSION < 20100412
++	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
++#else
++	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
++#endif
++
++	if (stream == NULL) {
++		n = -1;
++		goto done;
++	}
++
+ 	zf = zip_fopen(za, file, 0);
+ 	if (zf == NULL) {
++		n = -1;
++		php_stream_close(stream);
++		goto done;
++	}
++
++	n = 0;
++	if (stream == NULL) {
++		int ret = zip_fclose(zf);
+ 		efree(fullpath);
+-		efree(file_dirname_fullpath);
+ 		efree(file_basename);
++		efree(file_dirname_fullpath);
+ 		free(new_state.cwd);
+ 		return 0;
+ 	}
+ 
+-#if (PHP_MAJOR_VERSION < 6)
+-	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+-#else
+-	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
+-#endif
+-	n = 0;
+-	if (stream) {
+-		while ((n=zip_fread(zf, b, sizeof(b))) > 0) php_stream_write(stream, b, n);
+-		php_stream_close(stream);
++	while ((n=zip_fread(zf, b, sizeof(b))) > 0) {
++		php_stream_write(stream, b, n);
+ 	}
++
++	php_stream_close(stream);
+ 	n = zip_fclose(zf);
+ 
++done:
+ 	efree(fullpath);
+ 	efree(file_basename);
+ 	efree(file_dirname_fullpath);
diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index e79c9c35af9..54391fef375 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.6 2010/12/13 13:16:37 taca Exp $
+# $NetBSD: Makefile,v 1.6.2.1 2011/02/23 19:12:54 tron Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		1
 CATEGORIES=		lang
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
diff --git a/lang/php53/Makefile.php b/lang/php53/Makefile.php
index cb5524d9579..1c9d4ee0ad1 100644
--- a/lang/php53/Makefile.php
+++ b/lang/php53/Makefile.php
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.3.4.1 2011/02/11 06:18:05 sbd Exp $
+# $NetBSD: Makefile.php,v 1.3.4.2 2011/02/23 19:12:54 tron Exp $
 # used by lang/php53/Makefile
 # used by www/ap-php/Makefile
 
@@ -96,3 +96,6 @@ CONFIGURE_ARGS+=	--without-openssl
 .if !empty(PKG_OPTIONS:Mmaintainer-zts)
 CONFIGURE_ARGS+=	--enable-maintainer-zts
 .endif
+
+DL_AUTO_VARS=		yes
+.include "../../mk/dlopen.buildlink3.mk"
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index 2114932ffc9..cbb60ed07da 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.9.2.1 2011/02/11 06:18:05 sbd Exp $
+$NetBSD: distinfo,v 1.9.2.2 2011/02/23 19:12:54 tron Exp $
 
 SHA1 (php-5.3.5/php-5.3.5.tar.bz2) = 355701b723fcb497581c368be4d6e572c150a5ea
 RMD160 (php-5.3.5/php-5.3.5.tar.bz2) = 831018429b87c46da7571397e0d463b81ded11eb
@@ -18,3 +18,6 @@ SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
 SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
 SHA1 (patch-ar) = edad3e866106cec502ccd93bacf722a771a6c1c0
+SHA1 (patch-ext_exif_exif.c) = 98884afa0a6122e2730e1626d63337e6e82c0c09
+SHA1 (patch-ext_zip_lib_zip__name__locate.c) = ffe336a383bd6a4c7328d4a3a5f2ef2038763b7a
+SHA1 (patch-ext_zip_php__zip.c) = fbff5185b1d8493409554bea8611cb4e9363e5f7
diff --git a/lang/php53/patches/patch-ext_exif_exif.c b/lang/php53/patches/patch-ext_exif_exif.c
new file mode 100644
index 00000000000..d9a03aabb22
--- /dev/null
+++ b/lang/php53/patches/patch-ext_exif_exif.c
@@ -0,0 +1,63 @@
+$NetBSD: patch-ext_exif_exif.c,v 1.1.2.2 2011/02/23 19:12:54 tron Exp $
+
+Catch up to r308362 from PHP's repogitry for SA43328.
+
+--- ext/exif/exif.c.orig	2010-01-03 09:23:27.000000000 +0000
++++ ext/exif/exif.c
+@@ -40,6 +40,16 @@
+ #include "php.h"
+ #include "ext/standard/file.h"
+ 
++#ifdef HAVE_STDINT_H
++# include <stdint.h>
++#endif
++#ifdef HAVE_INTTYPES_H
++# include <inttypes.h>
++#endif
++#ifdef PHP_WIN32
++# include "win32/php_stdint.h"
++#endif
++
+ #if HAVE_EXIF
+ 
+ /* When EXIF_DEBUG is defined the module generates a lot of debug messages
+@@ -2821,6 +2831,7 @@ static int exif_process_IFD_TAG(image_in
+ 	int tag, format, components;
+ 	char *value_ptr, tagname[64], cbuf[32], *outside=NULL;
+ 	size_t byte_count, offset_val, fpos, fgot;
++	int64_t byte_count_signed;
+ 	xp_field_type *tmp_xp;
+ #ifdef EXIF_DEBUG
+ 	char *dump_data;
+@@ -2845,13 +2856,20 @@ static int exif_process_IFD_TAG(image_in
+ 		/*return TRUE;*/
+ 	}
+ 
+-	byte_count = components * php_tiff_bytes_per_format[format];
++	if (components < 0) {
++		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal components(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), components);
++		return FALSE;
++	}
++
++	byte_count_signed = (int64_t)components * php_tiff_bytes_per_format[format];
+ 
+-	if ((ssize_t)byte_count < 0) {
+-		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count(%ld)", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC), byte_count);
++	if (byte_count_signed < 0 || (byte_count_signed > INT32_MAX)) {
++		exif_error_docref("exif_read_data#error_ifd" EXIFERR_CC, ImageInfo, E_WARNING, "Process tag(x%04X=%s): Illegal byte_count", tag, exif_get_tagname(tag, tagname, -12, tag_table TSRMLS_CC));
+ 		return FALSE;
+ 	}
+ 
++	byte_count = (size_t)byte_count_signed;
++
+ 	if (byte_count > 4) {
+ 		offset_val = php_ifd_get32u(dir_entry+8, ImageInfo->motorola_intel);
+ 		/* If its bigger than 4 bytes, the dir entry contains an offset. */
+@@ -2916,6 +2934,7 @@ static int exif_process_IFD_TAG(image_in
+ 		efree(dump_data);
+ 	}
+ #endif
++
+ 	if (section_index==SECTION_THUMBNAIL) {
+ 		if (!ImageInfo->Thumbnail.data) {
+ 			switch(tag) {
diff --git a/lang/php53/patches/patch-ext_zip_lib_zip__name__locate.c b/lang/php53/patches/patch-ext_zip_lib_zip__name__locate.c
new file mode 100644
index 00000000000..caddcfafbe8
--- /dev/null
+++ b/lang/php53/patches/patch-ext_zip_lib_zip__name__locate.c
@@ -0,0 +1,17 @@
+$NetBSD: patch-ext_zip_lib_zip__name__locate.c,v 1.1.2.2 2011/02/23 19:12:54 tron Exp $
+
+Catch up to r307867 from PHP's repogitry for SA43328.
+
+--- ext/zip/lib/zip_name_locate.c.orig	2008-05-21 09:27:41.000000000 +0000
++++ ext/zip/lib/zip_name_locate.c
+@@ -60,6 +60,10 @@ _zip_name_locate(struct zip *za, const c
+ 	return -1;
+     }
+ 
++    if((flags & ZIP_FL_UNCHANGED)  && !za->cdir) {
++	return -1;
++    }
++
+     cmp = (flags & ZIP_FL_NOCASE) ? strcmpi : strcmp;
+ 
+     n = (flags & ZIP_FL_UNCHANGED) ? za->cdir->nentry : za->nentry;
diff --git a/lang/php53/patches/patch-ext_zip_php__zip.c b/lang/php53/patches/patch-ext_zip_php__zip.c
new file mode 100644
index 00000000000..47a01af0553
--- /dev/null
+++ b/lang/php53/patches/patch-ext_zip_php__zip.c
@@ -0,0 +1,267 @@
+$NetBSD: patch-ext_zip_php__zip.c,v 1.1.2.2 2011/02/23 19:12:54 tron Exp $
+
+Catch up to r308107 from PHP's repository.
+
+--- ext/zip/php_zip.c.orig	2010-11-30 11:04:06.000000000 +0000
++++ ext/zip/php_zip.c
+@@ -196,7 +196,7 @@ static int php_zip_extract_file(struct z
+ 	}
+ 
+ 	/* let see if the path already exists */
+-	if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
++	if (php_stream_stat_path_ex(file_dirname_fullpath, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
+ 
+ #if defined(PHP_WIN32) && (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION == 1)
+ 		char *e;
+@@ -232,9 +232,14 @@ static int php_zip_extract_file(struct z
+ 		efree(file_dirname_fullpath);
+ 		efree(file_basename);
+ 		free(new_state.cwd);
++		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot build full extract path");
+ 		return 0;
+ 	} else if (len > MAXPATHLEN) {
+ 		php_error_docref(NULL TSRMLS_CC, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
++		efree(file_dirname_fullpath);
++		efree(file_basename);
++		free(new_state.cwd);
++		return 0;
+ 	}
+ 
+ 	/* check again the full path, not sure if it
+@@ -249,27 +254,42 @@ static int php_zip_extract_file(struct z
+ 		return 0;
+ 	}
+ 
++#if PHP_API_VERSION < 20100412
++	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
++#else
++	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
++#endif
++
++	if (stream == NULL) {
++		n = -1;
++		goto done;
++	}
++
+ 	zf = zip_fopen(za, file, 0);
+ 	if (zf == NULL) {
++		n = -1;
++		php_stream_close(stream);
++		goto done;
++	}
++
++	n = 0;
++	if (stream == NULL) {
++		int ret = zip_fclose(zf);
+ 		efree(fullpath);
+-		efree(file_dirname_fullpath);
+ 		efree(file_basename);
++		efree(file_dirname_fullpath);
+ 		free(new_state.cwd);
+ 		return 0;
+ 	}
+ 
+-#if PHP_API_VERSION < 20100412
+-	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS|ENFORCE_SAFE_MODE, NULL);
+-#else
+-	stream = php_stream_open_wrapper(fullpath, "w+b", REPORT_ERRORS, NULL);
+-#endif
+-	n = 0;
+-	if (stream) {
+-		while ((n=zip_fread(zf, b, sizeof(b))) > 0) php_stream_write(stream, b, n);
+-		php_stream_close(stream);
++	while ((n=zip_fread(zf, b, sizeof(b))) > 0) {
++		php_stream_write(stream, b, n);
+ 	}
++
++	php_stream_close(stream);
+ 	n = zip_fclose(zf);
+ 
++done:
+ 	efree(fullpath);
+ 	efree(file_basename);
+ 	efree(file_dirname_fullpath);
+@@ -473,10 +493,12 @@ static char * php_zipobj_get_zip_comment
+ #define GLOB_FLAGMASK (~GLOB_ONLYDIR)
+ #else
+ #define GLOB_FLAGMASK (~0)
++#endif
+ #endif /* }}} */
+ 
+ int php_zip_glob(char *pattern, int pattern_len, long flags, zval *return_value TSRMLS_DC) /* {{{ */
+ {
++#ifdef HAVE_GLOB
+ 	char cwd[MAXPATHLEN];
+ 	int cwd_skip = 0;
+ #ifdef ZTS
+@@ -563,6 +585,10 @@ int php_zip_glob(char *pattern, int patt
+ 
+ 	globfree(&globbuf);
+ 	return globbuf.gl_pathc;
++#else
++	php_error_docref(NULL TSRMLS_CC, E_ERROR, "Glob support is not available");
++	return 0;
++#endif  /* HAVE_GLOB */
+ }
+ /* }}} */
+ 
+@@ -664,7 +690,6 @@ int php_zip_pcre(char *regexp, int regex
+ 	return files_cnt;
+ }
+ /* }}} */
+-#endif 
+ 
+ #endif
+ 
+@@ -1688,7 +1713,7 @@ static void php_zip_add_from_pattern(INT
+ }
+ /* }}} */
+ 
+-/* {{{ proto bool addGlob(string pattern[,int flags [, array options]])
++/* {{{ proto bool ZipArchive::addGlob(string pattern[,int flags [, array options]])
+ Add files matching the glob pattern. See php's glob for the pattern syntax. */
+ static ZIPARCHIVE_METHOD(addGlob)
+ {
+@@ -1696,7 +1721,7 @@ static ZIPARCHIVE_METHOD(addGlob)
+ }
+ /* }}} */
+ 
+-/* {{{ proto bool addPattern(string pattern[, string path [, array options]])
++/* {{{ proto bool ZipArchive::addPattern(string pattern[, string path [, array options]])
+ Add files matching the pcre pattern. See php's pcre for the pattern syntax. */
+ static ZIPARCHIVE_METHOD(addPattern)
+ {
+@@ -1925,7 +1950,7 @@ static ZIPARCHIVE_METHOD(getNameIndex)
+ }
+ /* }}} */
+ 
+-/* {{{ proto bool ZipArchive::setArchiveComment(string name, string comment)
++/* {{{ proto bool ZipArchive::setArchiveComment(string comment)
+ Set or remove (NULL/'') the comment of the archive */
+ static ZIPARCHIVE_METHOD(setArchiveComment)
+ {
+@@ -1951,7 +1976,7 @@ static ZIPARCHIVE_METHOD(setArchiveComme
+ }
+ /* }}} */
+ 
+-/* {{{ proto string ZipArchive::getArchiveComment()
++/* {{{ proto string ZipArchive::getArchiveComment([int flags])
+ Returns the comment of an entry using its index */
+ static ZIPARCHIVE_METHOD(getArchiveComment)
+ {
+@@ -2039,7 +2064,7 @@ static ZIPARCHIVE_METHOD(setCommentIndex
+ }
+ /* }}} */
+ 
+-/* {{{ proto string ZipArchive::getCommentName(string name)
++/* {{{ proto string ZipArchive::getCommentName(string name[, int flags])
+ Returns the comment of an entry using its name */
+ static ZIPARCHIVE_METHOD(getCommentName)
+ {
+@@ -2076,7 +2101,7 @@ static ZIPARCHIVE_METHOD(getCommentName)
+ }
+ /* }}} */
+ 
+-/* {{{ proto string ZipArchive::getCommentIndex(int index)
++/* {{{ proto string ZipArchive::getCommentIndex(int index[, int flags])
+ Returns the comment of an entry using its index */
+ static ZIPARCHIVE_METHOD(getCommentIndex)
+ {
+@@ -2378,7 +2403,7 @@ static ZIPARCHIVE_METHOD(extractTo)
+ 		RETURN_FALSE;
+ 	}
+ 
+-	if (php_stream_stat_path(pathto, &ssb) < 0) {
++	if (php_stream_stat_path_ex(pathto, PHP_STREAM_URL_STAT_QUIET, &ssb, NULL) < 0) {
+ 		ret = php_stream_mkdir(pathto, 0777,  PHP_STREAM_MKDIR_RECURSIVE, NULL);
+ 		if (!ret) {
+ 			RETURN_FALSE;
+@@ -2559,7 +2584,7 @@ static ZIPARCHIVE_METHOD(getStream)
+ 
+ /* {{{ arginfo */
+ ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_open, 0, 0, 1)
+-	ZEND_ARG_INFO(0, source)
++	ZEND_ARG_INFO(0, filename)
+ 	ZEND_ARG_INFO(0, flags)
+ ZEND_END_ARG_INFO()
+ 
+@@ -2604,8 +2629,7 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchiv
+ 	ZEND_ARG_INFO(0, flags)
+ ZEND_END_ARG_INFO()
+ 
+-ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_setarchivecomment, 0, 0, 2)
+-	ZEND_ARG_INFO(0, name)
++ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_setarchivecomment, 0, 0, 1)
+ 	ZEND_ARG_INFO(0, comment)
+ ZEND_END_ARG_INFO()
+ 
+@@ -2616,10 +2640,12 @@ ZEND_END_ARG_INFO()
+ 
+ ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_getcommentname, 0, 0, 1)
+ 	ZEND_ARG_INFO(0, name)
++	ZEND_ARG_INFO(0, flags)
+ ZEND_END_ARG_INFO()
+ 
+ ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_getcommentindex, 0, 0, 1)
+ 	ZEND_ARG_INFO(0, index)
++	ZEND_ARG_INFO(0, flags)
+ ZEND_END_ARG_INFO()
+ 
+ ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_renameindex, 0, 0, 2)
+@@ -2657,6 +2683,15 @@ ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchiv
+ 	ZEND_ARG_INFO(0, flags)
+ ZEND_END_ARG_INFO()
+ 
++ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_getarchivecomment, 0, 0, 0)
++	ZEND_ARG_INFO(0, flags)
++ZEND_END_ARG_INFO()
++
++ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_setcommentname, 0, 0, 2)
++	ZEND_ARG_INFO(0, name)
++	ZEND_ARG_INFO(0, comment)
++ZEND_END_ARG_INFO()
++
+ ZEND_BEGIN_ARG_INFO_EX(arginfo_ziparchive_getstream, 0, 0, 1)
+ 	ZEND_ARG_INFO(0, entryname)
+ ZEND_END_ARG_INFO()
+@@ -2675,21 +2710,21 @@ static const zend_function_entry zip_cla
+ 	ZIPARCHIVE_ME(renameIndex,			arginfo_ziparchive_renameindex, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(renameName,			arginfo_ziparchive_renamename, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(setArchiveComment,	arginfo_ziparchive_setarchivecomment, ZEND_ACC_PUBLIC)
+-	ZIPARCHIVE_ME(getArchiveComment,	arginfo_ziparchive__void, ZEND_ACC_PUBLIC)
++	ZIPARCHIVE_ME(getArchiveComment,	arginfo_ziparchive_getarchivecomment, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(setCommentIndex,		arginfo_ziparchive_setcommentindex, ZEND_ACC_PUBLIC)
+-	ZIPARCHIVE_ME(setCommentName,		arginfo_ziparchive_setarchivecomment, ZEND_ACC_PUBLIC)
++	ZIPARCHIVE_ME(setCommentName,		arginfo_ziparchive_setcommentname, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(getCommentIndex,		arginfo_ziparchive_getcommentindex, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(getCommentName,		arginfo_ziparchive_getcommentname, ZEND_ACC_PUBLIC)
+-	ZIPARCHIVE_ME(deleteIndex,			arginfo_ziparchive_getcommentindex, ZEND_ACC_PUBLIC)
+-	ZIPARCHIVE_ME(deleteName,			arginfo_ziparchive_getcommentname, ZEND_ACC_PUBLIC)
++	ZIPARCHIVE_ME(deleteIndex,			arginfo_ziparchive_unchangeindex, ZEND_ACC_PUBLIC)
++	ZIPARCHIVE_ME(deleteName,			arginfo_ziparchive_unchangename, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(statName,				arginfo_ziparchive_statname, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(statIndex,			arginfo_ziparchive_statindex, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(locateName,			arginfo_ziparchive_statname, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(getNameIndex,			arginfo_ziparchive_statindex, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(unchangeArchive,		arginfo_ziparchive__void, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(unchangeAll,			arginfo_ziparchive__void, ZEND_ACC_PUBLIC)
+-	ZIPARCHIVE_ME(unchangeIndex,		arginfo_ziparchive_getcommentindex, ZEND_ACC_PUBLIC)
+-	ZIPARCHIVE_ME(unchangeName,			arginfo_ziparchive_getcommentname, ZEND_ACC_PUBLIC)
++	ZIPARCHIVE_ME(unchangeIndex,		arginfo_ziparchive_unchangeindex, ZEND_ACC_PUBLIC)
++	ZIPARCHIVE_ME(unchangeName,			arginfo_ziparchive_unchangename, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(extractTo,			arginfo_ziparchive_extractto, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(getFromName,			arginfo_ziparchive_getfromname, ZEND_ACC_PUBLIC)
+ 	ZIPARCHIVE_ME(getFromIndex,			arginfo_ziparchive_getfromindex, ZEND_ACC_PUBLIC)
+@@ -2744,6 +2779,12 @@ static PHP_MINIT_FUNCTION(zip)
+ 	REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE", ZIP_CM_DEFLATE);
+ 	REGISTER_ZIP_CLASS_CONST_LONG("CM_DEFLATE64", ZIP_CM_DEFLATE64);
+ 	REGISTER_ZIP_CLASS_CONST_LONG("CM_PKWARE_IMPLODE", ZIP_CM_PKWARE_IMPLODE);
++	REGISTER_ZIP_CLASS_CONST_LONG("CM_BZIP2", ZIP_CM_BZIP2);
++	REGISTER_ZIP_CLASS_CONST_LONG("CM_LZMA", ZIP_CM_LZMA);
++	REGISTER_ZIP_CLASS_CONST_LONG("CM_TERSE", ZIP_CM_TERSE);
++	REGISTER_ZIP_CLASS_CONST_LONG("CM_LZ77", ZIP_CM_LZ77);
++	REGISTER_ZIP_CLASS_CONST_LONG("CM_WAVPACK", ZIP_CM_WAVPACK);
++	REGISTER_ZIP_CLASS_CONST_LONG("CM_PPMD", ZIP_CM_PPMD);
+ 
+ 	/* Error code */
+ 	REGISTER_ZIP_CLASS_CONST_LONG("ER_OK",			ZIP_ER_OK);			/* N No error */