Update php53 pacakge to 5.3.9; PHP 5.3.9.

suhosin-patch is provided as modified one; only copyright year.


PHP 5.3.9 Released!

[10-Jan-2012] The PHP development team would like to announce the immediate
availability of PHP 5.3.9. This release focuses on improving the stability of
the PHP 5.3.x branch with over 90 bug fixes, some of which are security
related.

Security Enhancements and Fixes in PHP 5.3.9:

	* Added max_input_vars directive to prevent attacks based on hash
	  collisions. (CVE-2011-4885)
	* Fixed bug #60150 (Integer overflow during the parsing of invalid
          exif header). (CVE-2011-4566)

Key enhancements in PHP 5.3.9 include:

	* Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd
          argument to is_a and is_subclass_of).
	* Fixed bug #55609 (mysqlnd cannot be built shared)
	* Many changes to the FPM SAPI module

For a full list of changes in PHP 5.3.9, see the ChangeLog. For source
downloads please visit our downloads page, Windows binaries can be found on
windows.php.net/download/.

All users are strongly encouraged to upgrade to PHP 5.3.9.

9 files changed, 16 insertions, 120 deletions

diff --git a/lang/php53/Makefile b/lang/php53/Makefile
index e0a0bff4fab..00c0da264a3 100644
--- a/lang/php53/Makefile
+++ b/lang/php53/Makefile
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.19 2012/01/03 16:23:14 taca Exp $
+# $NetBSD: Makefile,v 1.20 2012/01/11 14:53:35 taca Exp $
 
 #
 # We can't omit PKGNAME here to handle PKG_OPTIONS.
 #
 PKGNAME=		php-${PHP_BASE_VERS}
-PKGREVISION=		2
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php53/Makefile.common b/lang/php53/Makefile.common
index 0787e7693ba..c301b3438d9 100644
--- a/lang/php53/Makefile.common
+++ b/lang/php53/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.8 2011/08/23 22:22:27 taca Exp $
+# $NetBSD: Makefile.common,v 1.9 2012/01/11 14:53:35 taca Exp $
 # used by lang/php53/Makefile.php
 # used by lang/php/ext.mk
 # used by meta-pkgs/php53-extensions/Makefile
@@ -39,7 +39,7 @@ EXTRACT_SUFX?=		.tar.bz2
 MAINTAINER?=		pkgsrc-users@NetBSD.org
 HOMEPAGE?=		http://www.php.net/
 
-PHP_BASE_VERS=		5.3.8
+PHP_BASE_VERS=		5.3.9
 
 PHP_EXTENSION_DIR=	lib/php/20090630
 PLIST_SUBST+=		PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR}
diff --git a/lang/php53/Makefile.php b/lang/php53/Makefile.php
index 87728aec58f..79bab651a2c 100644
--- a/lang/php53/Makefile.php
+++ b/lang/php53/Makefile.php
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.php,v 1.10 2011/10/20 12:39:33 taca Exp $
+# $NetBSD: Makefile.php,v 1.11 2012/01/11 14:53:35 taca Exp $
 # used by lang/php53/Makefile
 # used by www/ap-php/Makefile
 
@@ -39,6 +39,7 @@ CONFIGURE_ARGS+=	--disable-dom
 CONFIGURE_ARGS+=	--disable-pdo
 CONFIGURE_ARGS+=	--disable-json
 
+CONFIGURE_ARGS+=	--enable-cgi
 CONFIGURE_ARGS+=	--enable-xml
 CONFIGURE_ARGS+=	--with-libxml-dir=${PREFIX}
 .include "../../textproc/libxml2/buildlink3.mk"
@@ -66,8 +67,10 @@ PKG_FAIL_REASON+=	"this version of PHP.  You may have to wait until"
 PKG_FAIL_REASON+=	"an updated patch is released or temporarily"
 PKG_FAIL_REASON+=	"build this package without the suhosin option."
 .  else
-PATCH_SITES=		http://download.suhosin.org/
-PATCHFILES+=		suhosin-patch-${SUHOSIN_PHPVER}-0.9.10.patch.gz
+#PATCH_SITES=		http://download.suhosin.org/
+#PATCHFILES+=		suhosin-patch-${SUHOSIN_PHPVER}-0.9.10.patch.gz
+PATCH_SITES=		${MASTER_SITE_LOCAL}
+PATCHFILES+=		suhosin-patch-${SUHOSIN_PHPVER}-0.9.10-local.patch.gz
 PATCH_DIST_STRIP=	-p1
 PLIST.suhosin=		yes
 MESSAGE_SRC=		${.CURDIR}/../../lang/php53/MESSAGE
diff --git a/lang/php53/distinfo b/lang/php53/distinfo
index b863ea93c50..a3677fc8e9c 100644
--- a/lang/php53/distinfo
+++ b/lang/php53/distinfo
@@ -1,12 +1,11 @@
-$NetBSD: distinfo,v 1.28 2012/01/04 02:31:47 taca Exp $
+$NetBSD: distinfo,v 1.29 2012/01/11 14:53:35 taca Exp $
 
-SHA1 (php-5.3.8/php-5.3.8.tar.bz2) = 8f29029e092f262876bfdd2ce56f6867e2b74b85
-RMD160 (php-5.3.8/php-5.3.8.tar.bz2) = f18a18e2dfd7ea7885760eec2a05b3c4a15ad9db
-Size (php-5.3.8/php-5.3.8.tar.bz2) = 11190060 bytes
-SHA1 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 3c38e873584b8f9e325a813cc9b197a342595099
-RMD160 (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 19f789bf49a5fed2cd88b199fd8ac5d1ffa9bdc8
-Size (php-5.3.8/suhosin-patch-5.3.7-0.9.10.patch.gz) = 41175 bytes
-SHA1 (patch-Zend_zend__builtin__functions.c) = 3d734b2137cd0b31ed54725f18059aba67f0de5b
+SHA1 (php-5.3.9/php-5.3.9.tar.bz2) = fe0626735c3d9dd370cef9bdcfe9506629449f51
+RMD160 (php-5.3.9/php-5.3.9.tar.bz2) = 428ed51982637f092c43369cf5cfb284d58da3f6
+Size (php-5.3.9/php-5.3.9.tar.bz2) = 11704944 bytes
+SHA1 (php-5.3.9/suhosin-patch-5.3.7-0.9.10-local.patch.gz) = 29ca7a59dc829c6e50ffb18d74330e5f2a515cbd
+RMD160 (php-5.3.9/suhosin-patch-5.3.7-0.9.10-local.patch.gz) = 0617b31095e693f1a7471ce40f0e8e83b4ac1c8a
+Size (php-5.3.9/suhosin-patch-5.3.7-0.9.10-local.patch.gz) = 40541 bytes
 SHA1 (patch-aa) = b0dc6cd0b2103d5858280202506b33322a98496e
 SHA1 (patch-ab) = d08bb50cf074a6065ef0d1d67a713b7573cb2f5b
 SHA1 (patch-ac) = 1720f154232241c19d0c6e08a824e33252f1b690
@@ -18,9 +17,5 @@ SHA1 (patch-ah) = b20c29c64b3099f77855a5ec28960dc1c4f65c83
 SHA1 (patch-ai) = d4766893a2c47a4e4a744248dda265b0a9a66a1f
 SHA1 (patch-aj) = d611d13fcc28c5d2b9e9586832ce4b8ae5707b48
 SHA1 (patch-al) = fbbee5502e0cd1c47c6e7c15e0d54746414ec32e
-SHA1 (patch-as) = 5faa039f0ab7663e82787973e937aea685ba2dac
-SHA1 (patch-main_main.c) = f99875ecd8a74db8454af36a840c8a7f24a58c7a
-SHA1 (patch-main_php__globals.h) = 0bf4b91293ef61649b3259ae5b2d9f4d921058d7
-SHA1 (patch-main_php__variables.c) = 36956e69bfa3fcb87cd851b5e1d1a13cf470ef32
 SHA1 (patch-php__mssql.c) = b46c688ff2d8da33ca2f9beb0eb9182b6edf7e23
 SHA1 (patch-php__mssql.h) = fa9e349127121cf478691c108ac611563e445c40
diff --git a/lang/php53/patches/patch-Zend_zend__builtin__functions.c b/lang/php53/patches/patch-Zend_zend__builtin__functions.c
deleted file mode 100644
index ea337b2115a..00000000000
--- a/lang/php53/patches/patch-Zend_zend__builtin__functions.c
+++ /dev/null
@@ -1,29 +0,0 @@
-$NetBSD: patch-Zend_zend__builtin__functions.c,v 1.2 2011/10/20 14:30:55 taca Exp $
-
-* Fix for CVE-2011-3379 from r317183 from PHP's repository.
-
---- Zend/zend_builtin_functions.c.orig	2011-08-08 14:54:50.000000000 +0000
-+++ Zend/zend_builtin_functions.c
-@@ -816,13 +816,19 @@ static void is_a_impl(INTERNAL_FUNCTION_
- 	int class_name_len;
- 	zend_class_entry *instance_ce;
- 	zend_class_entry **ce;
-+	zend_bool allow_string = only_subclass;
- 	zend_bool retval;
- 
--	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs", &obj, &class_name, &class_name_len) == FAILURE) {
-+	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zs|b", &obj, &class_name, &class_name_len, &allow_string) == FAILURE) {
- 		return;
- 	}
--	
--	if (Z_TYPE_P(obj) == IS_STRING) {
-+	/*
-+	   allow_string - is_a default is no, is_subclass_of is yes. 
-+	   if it's allowed, then the autoloader will be called if the class does not exist.
-+	   default behaviour is different, as 'is_a' usage is normally to test mixed return values 
-+	*/
-+
-+	if (allow_string && Z_TYPE_P(obj) == IS_STRING) {
- 		zend_class_entry **the_ce;
- 		if (zend_lookup_class(Z_STRVAL_P(obj), Z_STRLEN_P(obj), &the_ce TSRMLS_CC) == FAILURE) {
- 			RETURN_FALSE;
diff --git a/lang/php53/patches/patch-as b/lang/php53/patches/patch-as
deleted file mode 100644
index c037a728a70..00000000000
--- a/lang/php53/patches/patch-as
+++ /dev/null
@@ -1,14 +0,0 @@
-$NetBSD: patch-as,v 1.1 2011/10/06 05:34:00 jklos Exp $
-
---- ext/standard/php_crypt_r.c.orig	2011-10-06 05:25:16.000000000 +0000
-+++ ext/standard/php_crypt_r.c
-@@ -94,7 +94,8 @@ void _crypt_extended_init_r(void)
- 	if (!initialized) {
- #ifdef PHP_WIN32
- 		InterlockedIncrement(&initialized);
--#elif (defined(__GNUC__) && !defined(__hpux) && (__GNUC__ > 4 || \
-+#elif (defined(__GNUC__) && (defined(__amd64__) || defined(__alpha__) || \
-+    defined(__i386__) || defined(__powerpc__)) && (__GNUC__ > 4 || \
-     (__GNUC__ == 4 && (__GNUC_MINOR__ > 1 || (__GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ > 1)))))
- 		__sync_fetch_and_add(&initialized, 1);
- #elif defined(HAVE_ATOMIC_H) /* Solaris 10 defines atomic API within */
diff --git a/lang/php53/patches/patch-main_main.c b/lang/php53/patches/patch-main_main.c
deleted file mode 100644
index 75ed38ee3c2..00000000000
--- a/lang/php53/patches/patch-main_main.c
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-main_main.c,v 1.1 2012/01/03 16:23:14 taca Exp $
-
-* Fix for http://www.ocert.org/advisories/ocert-2011-003.html
-  from r321038 from PHP's repository.
-
---- main/main.c.orig	2012-01-03 02:28:53.000000000 +0000
-+++ main/main.c
-@@ -504,6 +504,7 @@ PHP_INI_BEGIN()
- 	STD_PHP_INI_ENTRY("post_max_size",			"8M",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLong,			post_max_size,			sapi_globals_struct,sapi_globals)
- 	STD_PHP_INI_ENTRY("upload_tmp_dir",			NULL,		PHP_INI_SYSTEM,		OnUpdateStringUnempty,	upload_tmp_dir,			php_core_globals,	core_globals)
- 	STD_PHP_INI_ENTRY("max_input_nesting_level", "64",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_nesting_level,			php_core_globals,	core_globals)
-+	STD_PHP_INI_ENTRY("max_input_vars",			"1000",		PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateLongGEZero,	max_input_vars,						php_core_globals,	core_globals)
- 
- 	STD_PHP_INI_ENTRY("user_dir",				NULL,		PHP_INI_SYSTEM,		OnUpdateString,			user_dir,				php_core_globals,	core_globals)
- 	STD_PHP_INI_ENTRY("variables_order",		"EGPCS",	PHP_INI_SYSTEM|PHP_INI_PERDIR,		OnUpdateStringUnempty,	variables_order,		php_core_globals,	core_globals)
diff --git a/lang/php53/patches/patch-main_php__globals.h b/lang/php53/patches/patch-main_php__globals.h
deleted file mode 100644
index 9950417c1ef..00000000000
--- a/lang/php53/patches/patch-main_php__globals.h
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-main_php__globals.h,v 1.1 2012/01/03 16:23:14 taca Exp $
-
-* Fix for http://www.ocert.org/advisories/ocert-2011-003.html
-  from r321038 from PHP's repository.
-
---- main/php_globals.h.orig	2011-01-01 02:19:59.000000000 +0000
-+++ main/php_globals.h
-@@ -170,6 +170,8 @@ struct _php_core_globals {
- 	char *mail_log;
- 
- 	zend_bool in_error_log;
-+
-+	long max_input_vars;
- };
- 
- 
diff --git a/lang/php53/patches/patch-main_php__variables.c b/lang/php53/patches/patch-main_php__variables.c
deleted file mode 100644
index d970b8a202d..00000000000
--- a/lang/php53/patches/patch-main_php__variables.c
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-main_php__variables.c,v 1.1 2012/01/03 16:23:14 taca Exp $
-
-* Fix for http://www.ocert.org/advisories/ocert-2011-003.html
-  from r321038 from PHP's repository.
-
---- main/php_variables.c.orig	2011-01-01 02:19:59.000000000 +0000
-+++ main/php_variables.c
-@@ -191,6 +191,9 @@ PHPAPI void php_register_variable_ex(cha
- 				}
- 				if (zend_symtable_find(symtable1, escaped_index, index_len + 1, (void **) &gpc_element_p) == FAILURE
- 					|| Z_TYPE_PP(gpc_element_p) != IS_ARRAY) {
-+					if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
-+						php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-+					}
- 					MAKE_STD_ZVAL(gpc_element);
- 					array_init(gpc_element);
- 					zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
-@@ -236,6 +239,9 @@ plain_var:
- 				zend_symtable_exists(symtable1, escaped_index, index_len + 1)) {
- 				zval_ptr_dtor(&gpc_element);
- 			} else {
-+				if (zend_hash_num_elements(symtable1) >= PG(max_input_vars)) {
-+					php_error_docref(NULL TSRMLS_CC, E_ERROR, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars));
-+				}
- 				zend_symtable_update(symtable1, escaped_index, index_len + 1, &gpc_element, sizeof(zval *), (void **) &gpc_element_p);
- 			}
- 			if (escaped_index != index) {