Pullup ticket #4422 - requested by taca

graphics/php-gd: version bump
lang/php: version bump
lang/php53: security update
lang/php54: security update
lang/php55: security update

Revisions pulled up:
- graphics/php-gd/Makefile                                      1.36
- lang/php/phpversion.mk                                        1.59-1.62
- lang/php53/distinfo                                           1.73
- lang/php53/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
- lang/php54/Makefile                                           1.21
- lang/php54/Makefile.php                                       1.7
- lang/php54/distinfo                                           1.37-1.39
- lang/php54/patches/patch-configure                            1.7
- lang/php54/patches/patch-ext_fileinfo_data__file.c            deleted
- lang/php54/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
- lang/php54/patches/patch-php.ini-development                  1.3
- lang/php54/patches/patch-php.ini-production                   1.3
- lang/php55/Makefile                                           1.12
- lang/php55/distinfo                                           1.18-1.21
- lang/php55/patches/patch-configure                            1.6
- lang/php55/patches/patch-ext_fileinfo_data__file.c            deleted
- lang/php55/patches/patch-ext_gd_libgd_gdxpm.c                 1.1
- lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c      1.2
- lang/php55/patches/patch-php.ini-development                  1.4
- lang/php55/patches/patch-php.ini-production                   1.4

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Apr  4 03:05:00 UTC 2014

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php55: Makefile distinfo
   	pkgsrc/lang/php55/patches: patch-php.ini-development
   	    patch-php.ini-production
   Removed Files:
   	pkgsrc/lang/php55/patches: patch-ext_fileinfo_data__file.c

   Log Message:
   Update php55 to 5.5.11.
   CVE-2013-7345 is already fixed in 5.5.10nb2.

   03 Apr 2014, PHP 5.5.11

   - Core:
     . Allow zero length comparison in substr_compare() (Tjerk)
     . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)

   - SPL:
     . Added feature #65545 (SplFileObject::fread()) (Tjerk)

   - cURL:
     . Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
     . Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
       (Adam)

   - FPM:
     . Added clear_env configuration directive to disable clearenv() call.
     (Github PR# 598, Paul Annesley)

   - Fileinfo:
     . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
       expression). (CVE-2013-7345) (Remi)

   - GD:
     . Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
     . Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
     . Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi)
     . Fixed bug #66890 (imagescale segfault). (Remi)
     . Fixed bug #66893 (imagescale ignore method argument). (Remi)

   - Hash:
     . hash_pbkdf2() now works correctly if the $length argument is not specified.
       (Nikita)

   - Intl:
     . Fixed bug #66873 (A reproductible crash in UConverter when given invalid
       encoding) (Stas)

   - Mail:
     . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)

   - MySQLi:
     . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
     (Remi)

   - OPCache
     . Added function opcache_is_script_cached(). (Danack)
     . Added information about interned strings usage. (Terry, Julien, Dmitry)

   - Openssl:
     . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)

   - GMP
     . Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)

   - SQLite:
     . Updated bundled libsqlite to 3.8.3.1 (Anatol)


   To generate a diff of this commit:
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.11 -r1.12 pkgsrc/lang/php55/Makefile
   cvs rdiff -u -r1.17 -r1.18 pkgsrc/lang/php55/distinfo
   cvs rdiff -u -r1.1 -r0 \
       pkgsrc/lang/php55/patches/patch-ext_fileinfo_data__file.c
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/lang/php55/patches/patch-php.ini-development \
       pkgsrc/lang/php55/patches/patch-php.ini-production

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Apr  5 03:43:40 UTC 2014

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php54: Makefile Makefile.php distinfo
   	pkgsrc/lang/php54/patches: patch-php.ini-development
   	    patch-php.ini-production
   Removed Files:
   	pkgsrc/lang/php54/patches: patch-ext_fileinfo_data__file.c

   Log Message:
   Update php54 to 5.4.27.  CVE-2013-7345 is already fixed in 5.4.26nb2.

   03 Apr 2014, PHP 5.4.27

   - Core:
     . Fixed bug #60602 (proc_open() changes environment array) (Tjerk)

   - Fileinfo:
     . Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular
       expression). (CVE-2013-7345) (Remi)

   - FPM:
     . Added clear_env configuration directive to disable clearenv() call.
     (Github PR# 598, Paul Annesley)

   - GMP
     . fixed bug#66872 (invalid argument crashes gmp_testbit) (Pierre)

   - Mail:
     . Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)

   - MySQLi:
     . Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed)
     (Remi)

   - Openssl:
     . Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)


   To generate a diff of this commit:
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php54/Makefile
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/Makefile.php
   cvs rdiff -u -r1.36 -r1.37 pkgsrc/lang/php54/distinfo
   cvs rdiff -u -r1.1 -r0 \
       pkgsrc/lang/php54/patches/patch-ext_fileinfo_data__file.c
   cvs rdiff -u -r1.2 -r1.3 pkgsrc/lang/php54/patches/patch-php.ini-development \
       pkgsrc/lang/php54/patches/patch-php.ini-production

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	jperkin
   Date:		Mon Apr 14 10:17:19 UTC 2014

   Modified Files:
   	pkgsrc/lang/php55: distinfo
   Added Files:
   	pkgsrc/lang/php55/patches: patch-ext_sqlite3_libsqlite_sqlite3.c

   Log Message:
   Don't define _XOPEN_SOURCE on SunOS, it conflicts with the environment
   from the PHP build.


   To generate a diff of this commit:
   cvs rdiff -u -r1.18 -r1.19 pkgsrc/lang/php55/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu May  1 15:52:33 UTC 2014

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php55: distinfo
   	pkgsrc/lang/php55/patches: patch-configure
   	    patch-ext_sqlite3_libsqlite_sqlite3.c

   Log Message:
   Update php55 to 5.5.12.

   01 May 2014, PHP 5.5.12
   - Core:
     . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
     . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
       UNIX sockets). (Mike)
     . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
     . Fixed bug #66736 (fpassthru broken). (Mike)
     . Fixed bug #67024 (getimagesize should recognize BMP files with negative
       height). (Gabor Buella)
     . Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)

   - cURL:
     . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
       (Freek Lijten)

   - Date:
     . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
       supplied). (Boro Sitnikovski)

   - Embed:
     . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).

   - Fileinfo:
     . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
       (Remi)

   - FPM:
     . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
     . Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)

   - JSON:
     . Fixed bug #66021 (Blank line inside empty array/object when
       JSON_PRETTY_PRINT is set). (Kevin Israel)

   - LDAP:
     . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)

   - mysqli:
     . Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter
       (extra comma) and third parameters (lack of escaping). (Andrey)

   - OpenSSL:
     . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
     . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)

   - SimpleXML:
     . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
       (Anatol)

   - SQLite:
     . Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)

   - XSL:
     . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
       when loaded with "file://"). (Anatol)

   - Apache2 Handler SAPI:
     . Fixed Apache log issue caused by APR's lack of support for %zu
       (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
       (Jeff Trawick)


   To generate a diff of this commit:
   cvs rdiff -u -r1.60 -r1.61 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.19 -r1.20 pkgsrc/lang/php55/distinfo
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/lang/php55/patches/patch-configure
   cvs rdiff -u -r1.1 -r1.2 pkgsrc/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri May  2 13:04:12 UTC 2014

   Modified Files:
   	pkgsrc/lang/php: phpversion.mk
   	pkgsrc/lang/php54: distinfo
   	pkgsrc/lang/php54/patches: patch-configure

   Log Message:
   Update php54 to 5.4.28.

   01 May 2014, PHP 5.4.28

   - Core:
     . Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
     . Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace
       UNIX sockets). (Mike)
     . Fixed bug #66171 (Symlinks and session handler allow open_basedir bypass).
       (Jann Horn, Stas)
     . Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
     . Fixed bug #66736 (fpassthru broken). (Mike)
     . Fixed bug #67024 (getimagesize should recognize BMP files with negative
       height). (Gabor Buella)

   - cURL:
     . Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
       (Freek Lijten)

   - Date:
     . Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is
       supplied). (Boro Sitnikovski)

   - Embed:
     . Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol)

   - Fileinfo:
     . Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
       (Remi)

   - FPM:
     . Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
     . Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure
       default configuration) (CVE-2014-0185). (Stas)

   - JSON:
     . Fixed bug #66021 (Blank line inside empty array/object when
       JSON_PRETTY_PRINT is set). (Kevin Israel)

   - LDAP:
     . Fixed issue with null bytes in LDAP bindings. (Matthew Daley)

   - OpenSSL:
     . Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
     . Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)

   - SimpleXML:
     . Fixed bug #66084 (simplexml_load_string() mangles empty node name)
       (Anatol)

   - XSL:
     . Fixed bug #53965 (<xsl:include> cannot find files with relative paths
       when loaded with "file://"). (Anatol)

   - Apache2 Handler SAPI:
     . Fixed Apache log issue caused by APR's lack of support for %zu
       (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
       (Jeff Trawick)


   To generate a diff of this commit:
   cvs rdiff -u -r1.61 -r1.62 pkgsrc/lang/php/phpversion.mk
   cvs rdiff -u -r1.37 -r1.38 pkgsrc/lang/php54/distinfo
   cvs rdiff -u -r1.6 -r1.7 pkgsrc/lang/php54/patches/patch-configure

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Sun May 11 11:20:48 UTC 2014

   Modified Files:
   	pkgsrc/graphics/php-gd: Makefile
   	pkgsrc/lang/php53: distinfo
   	pkgsrc/lang/php54: distinfo
   	pkgsrc/lang/php55: distinfo
   Added Files:
   	pkgsrc/lang/php53/patches: patch-ext_gd_libgd_gdxpm.c
   	pkgsrc/lang/php54/patches: patch-ext_gd_libgd_gdxpm.c
   	pkgsrc/lang/php55/patches: patch-ext_gd_libgd_gdxpm.c

   Log Message:
   Apply a patch to fix CVE-2014-2497, taken from
   https://bugs.php.net/patch-display.php?bug_id=66901
   Bump PKGREVISION for php-gd correspondingly.


   To generate a diff of this commit:
   cvs rdiff -u -r1.35 -r1.36 pkgsrc/graphics/php-gd/Makefile
   cvs rdiff -u -r1.72 -r1.73 pkgsrc/lang/php53/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php53/patches/patch-ext_gd_libgd_gdxpm.c
   cvs rdiff -u -r1.38 -r1.39 pkgsrc/lang/php54/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php54/patches/patch-ext_gd_libgd_gdxpm.c
   cvs rdiff -u -r1.20 -r1.21 pkgsrc/lang/php55/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/lang/php55/patches/patch-ext_gd_libgd_gdxpm.c

1 files changed, 15 insertions, 0 deletions

diff --git a/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c b/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
new file mode 100644
index 00000000000..fb880bc79e8
--- /dev/null
+++ b/lang/php55/patches/patch-ext_sqlite3_libsqlite_sqlite3.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-ext_sqlite3_libsqlite_sqlite3.c,v 1.2.2.2 2014/06/01 13:20:22 spz Exp $
+
+Don't redefine _XOPEN_SOURCE, it is already set from php.
+
+--- ext/sqlite3/libsqlite/sqlite3.c.orig	2014-04-29 08:04:30.000000000 +0000
++++ ext/sqlite3/libsqlite/sqlite3.c
+@@ -7867,7 +7867,7 @@ struct sqlite3_rtree_geometry {
+ ** But _XOPEN_SOURCE define causes problems for Mac OS X, so omit
+ ** it.
+ */
+-#if !defined(_XOPEN_SOURCE) && !defined(__DARWIN__) && !defined(__APPLE__)
++#if !defined(_XOPEN_SOURCE) && !defined(__DARWIN__) && !defined(__APPLE__) && !defined(__sun)
+ #  define _XOPEN_SOURCE 600
+ #endif
+