Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Mediawiki-CVS

SVN: [56258] trunk/debs/php5

 

 

Wikipedia mediawiki-cvs RSS feed   Index | Next | Previous | View Threaded


midom at svn

Sep 13, 2009, 5:54 AM

Post #1 of 1 (14058 views)
Permalink
SVN: [56258] trunk/debs/php5

http://www.mediawiki.org/wiki/Special:Code/MediaWiki/56258

Revision: 56258
Author: midom
Date: 2009-09-13 12:54:44 +0000 (Sun, 13 Sep 2009)

Log Message:
-----------
import hardy php5 package

Added Paths:
-----------
trunk/debs/php5/debian/
trunk/debs/php5/debian/NEWS
trunk/debs/php5/debian/README.Debian.security
trunk/debs/php5/debian/changelog
trunk/debs/php5/debian/compat
trunk/debs/php5/debian/control
trunk/debs/php5/debian/copyright.header
trunk/debs/php5/debian/extramodulelist
trunk/debs/php5/debian/libapache2-mod-php5.conf
trunk/debs/php5/debian/libapache2-mod-php5.dirs
trunk/debs/php5/debian/libapache2-mod-php5.load
trunk/debs/php5/debian/libapache2-mod-php5.postinst
trunk/debs/php5/debian/libapache2-mod-php5.prerm
trunk/debs/php5/debian/maxlifetime
trunk/debs/php5/debian/modulelist
trunk/debs/php5/debian/patches/
trunk/debs/php5/debian/patches/001-libtool_fixes.patch
trunk/debs/php5/debian/patches/002-static_openssl.patch
trunk/debs/php5/debian/patches/004-ldap_fix.patch
trunk/debs/php5/debian/patches/006-debian_quirks.patch
trunk/debs/php5/debian/patches/013-force_getaddrinfo.patch
trunk/debs/php5/debian/patches/017-pread_pwrite_disable.patch
trunk/debs/php5/debian/patches/019-z_off_t_as_long.patch
trunk/debs/php5/debian/patches/027-readline_is_editline.patch
trunk/debs/php5/debian/patches/029-php.ini_paranoid.patch
trunk/debs/php5/debian/patches/033-we_WANT_libtool.patch
trunk/debs/php5/debian/patches/034-apache2_umask_fix.patch
trunk/debs/php5/debian/patches/036-fd_setsize_fix.patch
trunk/debs/php5/debian/patches/043-recode_size_t.patch
trunk/debs/php5/debian/patches/044-strtod_arm_fix.patch
trunk/debs/php5/debian/patches/045-exif_nesting_level.patch
trunk/debs/php5/debian/patches/047-zts_with_dl.patch
trunk/debs/php5/debian/patches/052-phpinfo_no_configure.patch
trunk/debs/php5/debian/patches/053-extension_api.patch
trunk/debs/php5/debian/patches/056-mime_magic_liberal.patch
trunk/debs/php5/debian/patches/057-no_apache_installed.patch
trunk/debs/php5/debian/patches/100-recode_is_shared.patch
trunk/debs/php5/debian/patches/101-sqlite_is_shared.patch
trunk/debs/php5/debian/patches/107-reflection_is_ext.patch
trunk/debs/php5/debian/patches/108-64_bit_datetime.patch
trunk/debs/php5/debian/patches/112-proc_open.patch
trunk/debs/php5/debian/patches/113-php.ini_securitynotes.patch
trunk/debs/php5/debian/patches/118-simplexml-segv.patch
trunk/debs/php5/debian/patches/119-sybase-alias.patch
trunk/debs/php5/debian/patches/120_SECURITY_CVE-2007-5900.patch
trunk/debs/php5/debian/patches/121_SECURITY_CVE-2008-3658.patch
trunk/debs/php5/debian/patches/122_SECURITY_CVE-2008-3659.patch
trunk/debs/php5/debian/patches/123_SECURITY_CVE-2008-3660.patch
trunk/debs/php5/debian/patches/124_SECURITY_CVE-2008-5557.patch
trunk/debs/php5/debian/patches/125_SECURITY_CVE-2008-5624.patch
trunk/debs/php5/debian/patches/126_SECURITY_CVE-2008-5625.patch
trunk/debs/php5/debian/patches/127_SECURITY_CVE-2008-5658.patch
trunk/debs/php5/debian/patches/128_SECURITY_CVE-2008-5814.patch
trunk/debs/php5/debian/patches/129_SECURITY_CVE-2009-0754.patch
trunk/debs/php5/debian/patches/130_SECURITY_CVE-2009-1271.patch
trunk/debs/php5/debian/patches/131_SECURITY_CVE-2009-2687.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4782.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4850.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5898.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5899.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2008-0599.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2008-1384.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2050.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2051.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2107+2108.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2371.patch
trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2829.patch
trunk/debs/php5/debian/patches/disable_dl_by_default.patch
trunk/debs/php5/debian/patches/fix-xmlrpc-datetime.patch
trunk/debs/php5/debian/patches/fix_64bit_time.patch
trunk/debs/php5/debian/patches/fix_broken_upstream_tests.patch
trunk/debs/php5/debian/patches/security526-pcre_compile.patch
trunk/debs/php5/debian/patches/series
trunk/debs/php5/debian/patches/suhosin.patch
trunk/debs/php5/debian/patches/use-specific-libdb-version.patch
trunk/debs/php5/debian/patches/use_embedded_timezonedb.patch
trunk/debs/php5/debian/php5-cgi.dirs
trunk/debs/php5/debian/php5-cgi.postinst
trunk/debs/php5/debian/php5-cgi.prerm
trunk/debs/php5/debian/php5-cli.dirs
trunk/debs/php5/debian/php5-cli.postinst
trunk/debs/php5/debian/php5-cli.prerm
trunk/debs/php5/debian/php5-common.README.Debian
trunk/debs/php5/debian/php5-common.TODO
trunk/debs/php5/debian/php5-common.dirs
trunk/debs/php5/debian/php5-common.docs
trunk/debs/php5/debian/php5-common.php5.cron.d
trunk/debs/php5/debian/php5-common.postrm
trunk/debs/php5/debian/php5-dev.dirs
trunk/debs/php5/debian/php5-dev.files
trunk/debs/php5/debian/php5-dev.postinst
trunk/debs/php5/debian/php5-dev.prerm
trunk/debs/php5/debian/php5-module.ini
trunk/debs/php5/debian/php5-module.postinst
trunk/debs/php5/debian/php5-sapi.links
trunk/debs/php5/debian/php5-sapi.postrm
trunk/debs/php5/debian/php5-sybase.postinst.extra
trunk/debs/php5/debian/php5-sybase.postrm
trunk/debs/php5/debian/php5-sybase.preinst
trunk/debs/php5/debian/php5-sybase.prerm
trunk/debs/php5/debian/php5.lintian-overrides
trunk/debs/php5/debian/rules
trunk/debs/php5/debian/watch

Added: trunk/debs/php5/debian/NEWS
===================================================================
--- trunk/debs/php5/debian/NEWS (rev 0)
+++ trunk/debs/php5/debian/NEWS 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,18 @@
+php5 (5.2.3-2) unstable; urgency=low
+
+ The suhosin patch is now enabled by default!
+
+ For more information, see
+ <http://www.hardened-php.net/suhosin/index.html>.
+
+ Special thanks to Blars Blarson for providing a sparc machine for testing
+ that the patch seems to work okay on that architecture. If you experience
+ otherwise let us know!
+
+ Suggestions are welcome for default configuration options, examples,
+ documentation, etc.
+
+ In any event please report successes and/or failures to us at
+ pkg-php-maint [at] lists
+
+ -- sean finney <seanius [at] debian> Thu, 12 Jul 2007 23:38:43 +0200

Added: trunk/debs/php5/debian/README.Debian.security
===================================================================
--- trunk/debs/php5/debian/README.Debian.security (rev 0)
+++ trunk/debs/php5/debian/README.Debian.security 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,22 @@
+the Debian stable security team does not provide security support
+for certain configurations known to be inherently insecure. Most
+specifically, the security team will not provide support for flaws in:
+
+- problems which are not flaws in the design of php but can be problematic
+ when used by sloppy developers (for example, not checking the contents
+ of a tar file before extracting it).
+
+- vulnerabilities involving register_globals being activated, unless
+ specifically the vulnerability activates this setting when it was
+ configured as deactivated.
+
+- vulnerabilities involving any kind of safe_mode or open_basedir
+ violation, as these are security models flawed by design and no longer
+ have upstream support either.
+
+- any "works as expected" vulnerabilities, such as "user can cause php
+ to crash by writing a malcious php script", unless such vulnerabilities
+ involve some kind of higher-level DoS or privilege escalation that would
+ not otherwise be available.
+
+ -- sean finney <seanius [at] debian> Tue, 10 Oct 2006 12:42:06 +0200

Added: trunk/debs/php5/debian/changelog
===================================================================
--- trunk/debs/php5/debian/changelog (rev 0)
+++ trunk/debs/php5/debian/changelog 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,2964 @@
+php5 (5.2.4-2ubuntu5.7) hardy-security; urgency=low
+
+ * SECURITY UPDATE: denial of service via malformed JPEG image with
+ invalid offset fields
+ - debian/patches/131_SECURITY_CVE-2009-2687.patch: validate
+ offset_of_ifd in ext/exif/exif.c.
+ - CVE-2009-2687
+
+ -- Marc Deslauriers <marc.deslauriers [at] ubuntu> Fri, 21 Aug 2009 10:44:33 -0400
+
+php5 (5.2.4-2ubuntu5.6) hardy-security; urgency=low
+
+ * SECURITY UPDATE: cross-site scripting vulnerability when display_errors
+ is enabled.
+ - debian/patches/128_SECURITY_CVE-2008-5814.patch: don't print back
+ cookie names or values in ext/standard/head.c.
+ - CVE-2008-5814
+ * SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
+ other virtual hosts.
+ - debian/patches/129_SECURITY_CVE-2009-0754.patch: don't terminate on
+ the first function that is not overloaded in ext/mbstring/mbstring.c.
+ - CVE-2009-0754
+ * SECURITY UPDATE: denial of service via malformed string to the
+ json_decode API function.
+ - debian/patches/130_SECURITY_CVE-2009-1271.patch: add extra mode
+ checks in ext/json/JSON_parser.c. Add test to ext/json/tests/001.phpt.
+ - CVE-2009-1271
+
+ -- Marc Deslauriers <marc.deslauriers [at] ubuntu> Fri, 17 Apr 2009 08:13:48 -0400
+
+php5 (5.2.4-2ubuntu5.5) hardy-security; urgency=low
+
+ * SECURITY UPDATE: php_admin_value and php_admin_flag restrictions bypass via
+ ini_set. (LP: #228095)
+ - debian/patches/120_SECURITY_CVE-2007-5900.patch: add new
+ zend_alter_ini_entry_ex() function that extends zend_alter_ini_entry() by
+ making sure the entry can be modified in Zend/zend_ini.{c,h},
+ Zend/zend_vm_def.h, and Zend/zend_vm_execute.h.
+ - CVE-2007-5900
+ * SECURITY UPDATE: denial of service and possible arbitrary code execution
+ via crafted font file. (LP: #286851)
+ - debian/patches/121_SECURITY_CVE-2008-3658.patch: make sure font->nchars,
+ font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add
+ test script ext/gd/tests/imageloadfont_invalid.phpt.
+ - CVE-2008-3658
+ * SECURITY UPDATE: denial of service and possible arbitrary code execution
+ via the delimiter argument to the explode function. (LP: #286851)
+ - debian/patches/122_SECURITY_CVE-2008-3659.patch: make sure needle_length
+ is sane in ext/standard/tests/strings/explode_bug.phpt. Also, add test
+ script ext/standard/tests/strings/explode_bug.phpt.
+ - CVE-2008-3659
+ * SECURITY UPDATE: denial of service via a request with multiple dots
+ preceding the extension. (ex: foo..php) (LP: #286851)
+ - debian/patches/123_SECURITY_CVE-2008-3660.patch: improve .. cleaning with
+ a new is_valid_path() function in sapi/cgi/cgi_main.c.
+ - CVE-2008-3660
+ * SECURITY UPDATE: mbstring extension arbitrary code execution via crafted
+ string containing HTML entity. (LP: #317672)
+ - debian/patches/124_SECURITY_CVE-2008-5557.patch: improve
+ mbfl_filt_conv_html_dec_flush() error handling in
+ ext/mbstring/libmbfl/filters/mbfilter_htmlent.c.
+ - CVE-2008-5557
+ * SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable
+ settings.
+ - debian/patches/125_SECURITY_CVE-2008-5624.patch: make sure the page_uid
+ and page_gid get initialized properly in ext/standard/basic_functions.c.
+ Also, init server_context before processing config variables in
+ sapi/apache/mod_php5.c.
+ - CVE-2008-5624
+ * SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
+ entry in a .htaccess file.
+ - debian/patches/126_SECURITY_CVE-2008-5625.patch: enforce restrictions
+ when merging in dir entry in sapi/apache/mod_php5.c and
+ sapi/apache2handler/apache_config.c.
+ - CVE-2008-5625
+ * SECURITY UPDATE: arbitrary file overwrite from directory traversal via zip
+ file with dot-dot filenames.
+ - debian/patches/127_SECURITY_CVE-2008-5658.patch: clean up filename paths
+ in ext/zip/php_zip.c with new php_zip_realpath_r(),
+ php_zip_virtual_file_ex() and php_zip_make_relative_path() functions.
+ - CVE-2008-5658
+
+ -- Marc Deslauriers <marc.deslauriers [at] ubuntu> Tue, 27 Jan 2009 14:22:51 -0500
+
+php5 (5.2.4-2ubuntu5.4) hardy-proposed; urgency=low
+
+ * debian/rules:
+ - Use system tzdata.
+ * debian/patches/use_embedded_timezonedb.patch
+ - Patch taken from intrepid, allows us to default to using the system
+ provided timezone database insteam of the one bundled with PHP.
+ (LP: #279980)
+ * debian/patches/fix-xmlrpc-datetime.diff
+ - Patch taken from php CVS, prevents stack smashing when using xmlrpc and datetime.
+ (LP: #239513)
+
+ -- Chuck Short <zulcss [at] ubuntu> Wed, 22 Oct 2008 13:08:33 +0000
+
+php5 (5.2.4-2ubuntu5.3) hardy-security; urgency=low
+
+ [ Tormod Volden ]
+ * Backport security fixes from 5.2.6: (LP: #227464)
+ - debian/patches/SECURITY_CVE-2008-2050.patch
+ + Fixed possible stack buffer overflow in FastCGI SAPI
+ + Fixed sending of uninitialized paddings which may contain some
+ information
+ - debian/patches/SECURITY_CVE-2008-0599.patch
+ + Fixed security issue detailed in CVE-2008-0599
+ - debian/patches/SECURITY_CVE-2007-4850.patch
+ + Fixed a safe_mode bypass in cURL identified by Maksymilian
+ Arciemowicz
+ - debian/patches/security526-pcre_compile.patch:
+ + avoid stack overflow (fix from pcre 7.6)
+
+ [ Jamie Strandboge ]
+ * debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete
+ multibyte chars inside escapeshellcmd() (thanks Tormod Volden)
+ * Add debian/patches/SECURITY_CVE-2007-5898.patch: don't accept partial utf8
+ sequences. Backported upstream fixes.
+ * Add debian/patches/SECURITY_CVE-2007-5899.patch: don't send session id to
+ remote forms. Backported upstream fixes.
+ * Add debian/patches/SECURITY_CVE-2008-2829.patch: unsafe usage of
+ deprecated imap functions (patch from Debian)
+ * Add debian/patches/SECURITY_CVE-2008-1384.patch: integer overflow in
+ printf() (patch from Debian)
+ * Add debian/patches/SECURITY_CVE-2008-2107+2108.patch: weak random number
+ seed. Backported upstream patches.
+ * Add debian/patches/SECURITY_CVE-2007-4782.patch: DoS via long string in
+ the fnmatch functions
+ * Add debian/patches/SECURITY_CVE-2008-2371.patch: buffer overflow.
+ Backported upstream patches.
+ * References
+ CVE-2008-2050
+ CVE-2008-2051
+ CVE-2008-0599
+ CVE-2007-4850
+ CVE-2007-5898
+ CVE-2007-5899
+ CVE-2008-2829
+ CVE-2008-1384
+ CVE-2008-2107
+ CVE-2008-2108
+ CVE-2007-4782
+ CVE-2008-2371
+
+ -- Jamie Strandboge <jamie [at] ubuntu> Fri, 18 Jul 2008 11:50:38 -0400
+
+php5 (5.2.4-2ubuntu5.2) hardy-proposed; urgency=low
+
+ * debian/patches/119-sybase-alias.patch.
+ - Fixes missing sybase support. (LP: #240519)
+
+ -- Chuck Short <zulcss [at] ubuntu> Thu, 19 Jun 2008 13:51:19 -0400
+
+php5 (5.2.4-2ubuntu5.1) hardy-proposed; urgency=low
+
+ * debian/patches/043-recode_size_t.patch.
+ - Fix php-recode segfaulting on amd64. (LP: #219528).
+
+ -- Chuck Short <zulcss [at] ubuntu> Wed, 30 Apr 2008 13:37:19 -0400
+
+php5 (5.2.4-2ubuntu5) hardy; urgency=low
+
+ * fixes strtotime support for 64 bit timestamps (LP: #194318)
+ - Upstream: http://bugs.php.net/bug.php?id=44209
+ * Update tests to account for newly working timestamps
+ - Upstream: http://bugs.php.net/?id=44219
+
+ -- Dustin Kirkland <kirkland [at] canonical> Wed, 27 Feb 2008 13:00:18 -0500
+
+php5 (5.2.4-2ubuntu4) hardy; urgency=low
+
+ * No-change rebuild against libldap-2.4-2.
+
+ -- Steve Langasek <steve.langasek [at] ubuntu> Fri, 25 Jan 2008 14:19:57 +0000
+
+php5 (5.2.4-2ubuntu3) hardy; urgency=low
+
+ * Rebuild again, some build dependency still pulled in db4.5 last time.
+
+ -- Martin Pitt <martin.pitt [at] ubuntu> Fri, 04 Jan 2008 08:45:05 +0100
+
+php5 (5.2.4-2ubuntu2) hardy; urgency=low
+
+ * debian/patches/use-specific-libdb-version.patch: Support db4.6, too.
+ * debian/control: Build against db4.6.
+
+ -- Martin Pitt <martin.pitt [at] ubuntu> Thu, 03 Jan 2008 11:13:25 +0100
+
+php5 (5.2.4-2ubuntu1) hardy; urgency=low
+
+ * Merge from Debian unstable (LP: #176011). Remaining Ubuntu changes:
+ - debian/control, debian/rules: Disable a few build dependencies and
+ accompanying binary packages which we do not want to support in main:
+ + firebird2-dev/php5-interbase (we have a separate php-interbase source)
+ + libc-client-dev/php5-imap (we have a separate php-imap source)
+ + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
+ - debian/rules: Correctly mangle PHP5_* macros for lpia
+ - debian/control: DebianMaintainerField
+ * Builds php5-gmp (LP: #176013)
+ * Fixes sybase_ct for MS SQL (LP: #21995)
+ * New Ubuntu changes:
+ - debian/rules: use 32M memory_limit for CLI and 16M for cgi/libapache
+ (LP: #148871)
+ - debian/control, debian/rules: Configure CLI with --with-libedit for
+ readline support again, now that the libedit issue is fixed.
+ Extended debian/patches/027-readline_is_editline.patch (LP: #124846)
+ - Force build against db4.4 (by ignoring db4.5 if it is installed),
+ debian/patches/use-specific-libdb-version.patch (LP: #165247)
+
+ -- dAniel hAhler <ubuntu [at] thequod> Wed, 19 Dec 2007 10:48:04 +0100
+
+php5 (5.2.4-2) unstable; urgency=low
+
+ [ sean finney ]
+ * for posterity revised previous changelog to reference the CVE id's
+ of security issues resolved by the latest upstream release.
+ * lintian: use debian/compat instead of DH_COMPAT in debian/rules.
+ * lintian: use source:Version and binary:Version where appropriate,
+ instead of Source-Version
+ * lintian: remove a couple pieces of cruft in the changelog that were causing
+ false-postive wrong-bug-number-in-closes, but were generally useless
+ anyway.
+
+ [ Raphael Geissert ]
+ * Using test-results.txt as a target
+ * cronjob now checks for existance of /usr/lib/php5/maxlifetime (Closes: #439286)
+ * Fixed memory limit of 1232M in php.ini for cli (Closes: #440624)
+ * Build the interbase extension using firebird2.0-dev (Closes: #433736)
+ * Unapply patches with debian/rules clean
+
+ [ Steve Langasek ]
+ * Don't patch configure or php_config.h.in in suhosin.patch, as these are
+ auto-generated and including them in the patch results in a race
+ condition for the necessary build-time regeneration. Thanks to Daniel
+ Schepler for reporting, and to Damyan Ivanov for helping to sort out the
+ fix. Closes: #443637.
+ * Also remove the modified auto-generated files in the clean target,
+ which triggers a warning about disappearing files when building the
+ source package but avoids carrying irrelevant diffs to these files
+ in the Debian diff.
+ * Now that the testsuite is being run at build time, test failures cause
+ a bunch of junk files to be left around in the Debian diff. So clean up
+ several false-positive failures:
+ - 052-phpinfo_no_configure.patch: we're patching the output of phpinfo(),
+ so patch the test as well
+ - fix_broken_upstream_tests.patch: use a local directory for tests that
+ use sessions, skip the phpinfo test after all because it doesn't appear
+ to be compatible with current testsuite behavior, and disable the
+ moneyformat test if en_US locale is not available.
+ There are still several other failing tests, but these are not false
+ positives and remain enabled pending investigation.
+
+ -- sean finney <seanius [at] debian> Wed, 24 Oct 2007 21:51:14 +0200
+
+php5 (5.2.4-1) unstable; urgency=low
+
+ * New upstream release.
+ * Security issues resolved in the latest release:
+ - CVE-2007-2519 - Directory traversal vulnerability in PEAR
+
+
+ [ sean finney ]
+ * patch from Jan Wagner to be able to conditionally disable any
+ patches that break binary-compatibility with official php
+ binary-only extensions. see debian/rules for more information.
+ * now incorporate the php unit tests into the build process. for
+ those interested the output is stored in the file
+ /usr/share/doc/php5-common/test-results.txt .
+ * by default we now ship with enable_dl = Off, as there are some
+ fairly significant ramifications security-wise to having it on.
+ * we shipping with the suhosin patch enabled by default.
+ special thanks to Blars Blarson for providing a sparc machine for
+ testing purposes with 5.2.3 (closes: #397179).
+ * new binary package php5-gmp, with the newly enabled gmp extension,
+ since whatever reason for not doing so either never existed or no
+ no longer exists (closes: #344137). Build-Depends added for libgmp3-dev.
+
+ [ Steve Langasek ]
+ * php5-module.postinst: don't assume that the postinst is only relevant
+ when called with 'configure' as an argument, some future debhelper code
+ could apply in the case of other methods of invocation.
+ * Clean up build dependencies for recent library transitions:
+ - libsnmp-dev is now the real package name, and is supported as a virtual
+ package for backports.
+ - re-add firebird2-dev as an alternative to firebird1.5-dev, to support
+ backports.
+ - the curl -dev package name has changed from libcurl3-openssl-dev to
+ libcurl4-openssl-dev; update to the proper name, with libcurl-dev as
+ an alternative.
+ * Switch php5-sybase to use the mssql extension instead of the sybase_ct
+ extension. Closes: #418734, #329065.
+
+ -- sean finney <seanius [at] debian> Sun, 16 Sep 2007 14:46:06 +0200
+
+php5 (5.2.3-1ubuntu7) hardy; urgency=low
+
+ * Rebuild for libsnmp10 -> libsnmp15 transition.
+
+ -- Steve Kowalik <stevenk [at] ubuntu> Mon, 10 Dec 2007 20:33:11 +1100
+
+php5 (5.2.3-1ubuntu6) gutsy; urgency=low
+
+ * Trigger rebuild for hppa
+
+ -- LaMont Jones <lamont [at] ubuntu> Thu, 04 Oct 2007 12:18:16 -0600
+
+php5 (5.2.3-1ubuntu5) gutsy; urgency=low
+
+ * debian/rules:
+ - Fix broken memory_limit mangling for php5-cli. (LP: #109079)
+ - Don't clean out debian/copyright. (iz soyuz bug..)
+ * debian/php5-cli.postinst, debian/rules:
+ - Use same php.ini-dist for all flavours. The only difference used to be
+ cli having a higher memory_limit value, but upstream has changed this to
+ 128MB, which is higher than both of the previous values.
+
+ -- Soren Hansen <soren [at] ubuntu> Mon, 03 Sep 2007 08:51:34 +0200
+
+php5 (5.2.3-1ubuntu4) gutsy; urgency=low
+
+ * debian/rules: Correctly mangle PHP5_* macros for lpia.
+
+ -- Matthias Klose <doko [at] ubuntu> Fri, 10 Aug 2007 08:20:08 +0000
+
+php5 (5.2.3-1ubuntu2) gutsy; urgency=low
+
+ * Rebuild for the libcurl transition mess.
+
+ -- Steve Kowalik <stevenk [at] ubuntu> Thu, 5 Jul 2007 00:12:51 +1000
+
+php5 (5.2.3-1ubuntu1) gutsy; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/changelog: Add some missing CVEs.
+ - debian/control: DebianMaintainerField
+ - debian/control, debian/rules: Disable a few build dependencies and
+ accompanying binary packages which we do not want to support in main:
+ + firebird2-dev/php5-interbase (we have a separate php-interbase source)
+ + libc-client-dev/php5-imap (we have a separate php-imap source)
+ + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
+
+ -- Soren Hansen <soren [at] ubuntu> Mon, 11 Jun 2007 20:32:54 +0200
+
+php5 (5.2.3-1) unstable; urgency=low
+
+ * new upstream release.
+ * upstream has incorporated the last of the recent CVE fixes, so
+ the patches have been removed.
+ * change build dependencies for firebird2-dev -> firebird1.5-dev,
+ as the firebird maintainer has changed names in order to provide
+ more clarity since there's also a firebird2.0 now (closes: #427181).
+ * now include, but do not apply by default, the suhosin patch. see
+ NEWS.Debian for more information.
+
+ -- sean finney <seanius [at] debian> Mon, 04 Jun 2007 22:02:10 +0200
+
+php5 (5.2.2-2) unstable; urgency=low
+
+ [sean finney]
+ - build with --with-ldap-sasl and modify build-depends to include
+ libsasl2-dev in order to get the ldap_sasl_bind function (closes: #422490).
+ - the json extension is now on by default in php builds, so there's
+ no need for the php5-json package. added a Provides/Conflicts to
+ help set an upgrade path.
+ - apache 1.x support is soon disappearing. as a consequence we are
+ no longer building the libapache-mod-php5 module. the php5 metapackage
+ should as a result bring in libapache2-mod-php5 by default for those who
+ already have it installed.
+
+ -- sean finney <seanius [at] debian> Sun, 20 May 2007 21:59:56 +0200
+
+php5 (5.2.2-1ubuntu1) gutsy; urgency=low
+
+ * Merge to Debian unstable; remaining Ubuntu changes:
+ - debian/changelog: Add some missing CVEs.
+ - debian/control, debian/rules: Disable a few build dependencies and
+ accompanying binary packages which we do not want to support in main:
+ + apache-dev/libapache-mod-php5 (die, Apache 1, die!)
+ + firebird2-dev/php5-interbase (we have a separate php-interbase source)
+ + libc-client-dev/php5-imap (we have a separate php-imap source)
+ + libmcrypt-dev/php5-mcrypt (separate php-mcrypt source)
+ - Add missing libsqlite3-dev build dependency.
+
+ -- Martin Pitt <martin.pitt [at] ubuntu> Tue, 15 May 2007 16:15:43 +0200
+
+php5 (5.2.2-1) unstable; urgency=low
+
+ [ sean finney ]
+ * new upstream release (closes: #422405).
+ * /most/ of the previous CVE patches have been committed upstream, though:
+ - the patch for MOPB-41 was fixed in a different way and we'll be keeping
+ our fix for the time being.
+ - it doesn't seem like MOPB-45 has been fixed yet.
+ * remove build-dependency option on libmysqlclient12-dev, since the mysqli
+ option requires it, and 15 is in stable now anyway. thanks to
+ Henk van de kamer for finding this (closes: #422224).
+ * now includes requested fix for mysql row counts (closes: #418471).
+ * needle/haystack issues are reported fixed (closes: #399924).
+ * oh yeah, because we're using quilt now: (closes: #338315).
+ * update build-deps to libdb4.5-dev | libdb4.4-dev (closes: #421929).
+ note that the resulting php packages won't actually build against
+ libdb4.5 until all of our build-dependant packages do too.
+
+ -- sean finney <seanius [at] debian> Sat, 05 May 2007 19:56:30 +0200
+
+php5 (5.2.0-12) unstable; urgency=high
+
+ [ sean finney ]
+ * modify the build-depends to play more nicely when the net-snmp
+ maintainers decide to change their package names (closes: #421061).
+
+ -- sean finney <seanius [at] debian> Tue, 01 May 2007 14:24:01 +0200
+
+php5 (5.2.0-11) unstable; urgency=high
+
+ [ sean finney ]
+ * The following security issues are addressed with this update:
+ - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability
+ * note that this is an update to the previous version of the upstream
+ fix for CVE-2007-0910, which introduced a seperate exploit path.
+ - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow
+ - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak
+ - CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability
+ - CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability
+ - CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability
+ - CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln.
+ - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability
+ - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln.
+ - CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability
+ - CVE-2007-1718/MOPB-34 mail() Header Injection
+ - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability
+ - CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow
+ - CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity
+ - CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability
+ - CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability
+ * The other security issues resulting from the "Month of PHP bugs" either
+ did not affect the version of php5 shipped in unstable, or did not merit
+ a security update according to the established security policy for php
+ in debian. You are encouraged to verify that your configuration is not
+ affected by any of the other vulnerabilities by visiting:
+ http://www.php-security.org/
+ * other, less interesting changes:
+ - now use quilt for managing local patches.
+ - massage all of the patches, eliminating fuzz and offsets.
+
+ -- sean finney <seanius [at] debian> Mon, 23 Apr 2007 19:02:51 +0200
+
+php5 (5.2.0-10) unstable; urgency=high
+
+ [ sean finney ]
+ * The php security update contained a regression in the streams
+ module. this version contains an updated version of the patch
+ for CVE-2007-0906 (116-CVE-2007-0906_streams.patch), which should
+ fix the regression. Thanks to Martin Pitt for noticing this.
+ * Fix the patch names in the previous changelog entry, and fix a factual
+ inaccuracy that was accidentally pasted from the php4 changelog.
+ * The previous update was missing two fixes from CVE-2007-0906:
+ * interbase: (116-CVE-2007-0906_interbase.patch)
+ * zip: (116-CVE-2007-0906_zip.patch)
+
+ -- sean finney <seanius [at] debian> Wed, 07 Mar 2007 23:11:29 +0100
+
+php5 (5.2.0-9) unstable; urgency=high
+
+ [ sean finney ]
+ * The following security issues are addressed with this update:
+ - CVE-2007-0906: Multiple buffer overflows in various code:
+ * session (116-CVE-2007-0906_session.patch)
+ * imap (116-CVE-2007-0906_imap.patch)
+ * str_replace: (116-CVE-2007-0906_string.patch)
+ * the sqlite and mail related vulnerabilities in this CVE do not
+ affect the php5 source packages.
+ - CVE-2007-0907: sapi_header_op buffer underflow (116-CVE-2007-0907.patch)
+ - CVE-2007-0908: wddx information disclosure (116-CVE-2007-0908.patch)
+ - CVE-2007-0909: More buffer overflows:
+ * the odbc_result_all function (116-CVE-2007-0909_odbc.patch)
+ * various formatted print functions (116-CVE-2007-0909_print.patch)
+ - CVE-2007-0910: Clobbering of super-globals (116-CVE-2007-0910.patch)
+ - CVE-2007-0988: 64bit unserialize DoS (116-CVE-2007-0988.patch)
+ Closes: #410995.
+ * The package maintainers would like to thank Joe Orton from redhat and
+ Martin Pitt from ubuntu for their help in preparation of this update.
+ * backport upstream fix for AUTH PLAIN support in imap extension
+ Closes: #401712.
+
+ -- sean finney <seanius [at] debian> Sat, 03 Mar 2007 11:13:33 +0100
+
+php5 (5.2.0-8) unstable; urgency=high
+
+ [ sean finney ]
+ * Update package information to say simply "Apache 2" instead
+ of "Apache 2.0" (ref: #400306).
+ * Update package description for php-pear to mention needing
+ phpN-dev for building PECL extensions (closes: #401825).
+ * Add mention of Freetype fonts to php5-gd package description,
+ thanks to Ole Laursen for the suggestion (closes: #387881).
+ * Include a backported version of upstream's fix for
+ alignment calculatations which cause FTBFS problems for
+ some arches. Thanks to Roman Zippel for finding this (closes: #401129).
+ patch: 114-zend_alloc.c_m68k_alignment.patch
+ * Remove --enable-yp, as it's no longer used and seperately
+ packaged. Thanks to Martijn Grendelman for mentioning this
+ (closes: #402161).
+ * Add mention to README.Debian of needing to restart apache when
+ installing modules (closes: #392249).
+ * Don't strip the DSO modules if building with DEB_BUILD_OPTIONS
+ containing nostrip
+ * Backported a patch from upstream CVS to fix a rather nasty
+ memory leak in zend_alloc (closes: #402506).
+ patch: 115-zend_alloc.c_memleak.patch
+ * The memleak and FTBFS are targeted at etch, and there aren't
+ any other significant changes, so priority=high.
+
+ -- sean finney <seanius [at] debian> Sun, 17 Dec 2006 16:49:35 +0100
+
+php5 (5.2.0-7ubuntu2) feisty; urgency=low
+
+ * debian/control: Add missing build dependency libsqlite3-dev to fix FTBFS.
+
+ -- Martin Pitt <martin.pitt [at] ubuntu> Wed, 6 Dec 2006 16:27:03 +0100
+
+php5 (5.2.0-7ubuntu1) feisty; urgency=low
+
+ * Merge to Debian unstable; remaining Ubuntu changes:
+ - debian/control, debian/rules: Disable apache-dev build dependency and
+ remove libapache-mod-php5 package, since we do not support apache 1.3.
+ - debian/control: Build with db4.3, as long as our apache needs it.
+ - debian/changelog: Add some missing CVEs.
+ * debian/control:
+ - Remove firebird2-dev build dependency and php5-interbase package, since
+ we don't support Firebird and keep the separate php-interbase source.
+ - Remove libc-client-dev build dependency and php5-imap package, since
+ uw-imapd is in universe and we keep the separate php-imap source.
+ - Remove libmcrypt-dev build dependency and php5-mcrypt package, since
+ it is in universe and we keep the separate php-mcrypt source.
+ - libapr1-dev -> libapr0-dev, as long as we still have Apache 2.0.
+ * debian/rules: Disable above modules, and fix up dependency generation for
+ Apache 2.0 instead of 2.2.
+
+ -- Martin Pitt <martin.pitt [at] ubuntu> Wed, 6 Dec 2006 12:55:44 +0100
+
+php5 (5.2.0-7) unstable; urgency=high
+
+ [ Steve Langasek ]
+ * Also disable firebird in the PDO config for archs other than
+ i386/amd64.
+
+ -- sean finney <seanius [at] debian> Fri, 24 Nov 2006 15:20:53 +0100
+
+php5 (5.2.0-6) unstable; urgency=high
+
+ [ sean finney ]
+ * firebird2-dev (and thus php5-interbase) is only available on
+ i386/amd64, so update the control/rules information accordingly.
+ thanks to Bastian Blank for reporting this (closes: #399558).
+
+ -- sean finney <seanius [at] debian> Wed, 22 Nov 2006 19:04:04 +0100
+
+php5 (5.2.0-5) unstable; urgency=high
+
+ [ sean finney ]
+ * bring some of the mainline php4 modules back into the php source
+ package instead of distributing them in independant source packages:
+ - php5-imap
+ - php5-interbase
+ - php5-mcrypt
+ - php5-pspell
+ - php5-tidy
+ these modules are still provided in the same binary packages as
+ before, but will now be built in tandem with the core php packages.
+ * fix for pdo.so duplicate loading warnings, thanks to Jan Wagner
+ (closes: #398367, #399248).
+
+ -- sean finney <seanius [at] debian> Mon, 20 Nov 2006 12:41:37 +0100
+
+php5 (5.2.0-4) unstable; urgency=high
+
+ * Re-re-enable LFS support, forward-porting vorlon's fixes in
+ the php4 tree.
+ * Add a bit of support in upgrade scripts to avoid unnecessary
+ ucf prompting during upgrades (closes: #398363).
+ * Update build-dependencies to reflect that libpcre3-dev >= 6.6
+ is required. Thanks to Jan Wagner for pointing this out.
+ * loosen dependencys for libapache2-mod-php5 to allow usage with
+ apache2-mpm-itk as an alternative to prefork.
+ Closes: #398580, #398481.
+
+ -- sean finney <seanius [at] debian> Wed, 15 Nov 2006 08:33:28 +0100
+
+php5 (5.2.0-3) unstable; urgency=high
+
+ * Unify PHP options for pear binaries to:
+ -d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"
+ (Closes: #397625)
+ * [debian/rules]: Enable PDO building only in apache2 build.
+
+ -- Ondřej Surý <ondrej [at] debian> Fri, 10 Nov 2006 14:09:00 +0100
+
+php5 (5.2.0-2) unstable; urgency=high
+
+ [ Ondřej Surý ]
+ * Revert Large File Support for this moment. We will try to found
+ root of the problem for etch, but we do not promise anything.
+ (Closes: #397465)
+
+ -- Ondřej Surý <ondrej [at] debian> Wed, 8 Nov 2006 01:13:48 +0100
+
+php5 (5.2.0-1) unstable; urgency=high
+
+ [ sean finney ]
+ * new upstream release. since this means the 5.1 series is deadware
+ in the eyes of its developers, we better get on this train before
+ it's too late. Note: this also fixes the htmlentities() exploit.
+ Reference: CVE-2006-5465.
+ Closes: #396766.
+ * s/postinst/postrm/ on one critical line in debian/rules. whoops.
+ Thanks to Bart Martens for finding this (closes: #396873).
+ * as a pennance i've enabled LFS support (closes: #359686).
+ * new version now includes all mbstring headers (closes: #391368).
+ * enable new built-in zip support.
+ * enable pdo support for currently supported db types, and place the
+ extensions in the respective extension packages. future db
+ types will be added, but probably post-etch as they will probably
+ introduce new packages/dependencies (closes: #348882).
+ * move the mysqli module into the mysql module's package, and remove
+ the no longer necessary mysqli package.
+ * massaging/removal of various patches to upstream changes:
+ D patches/106-strptime_xopen.patch
+ D patches/110-CVE-2006-4812_zend_alloc.patch
+ M patches/006-debian_quirks.patch
+ D patches/111-mbstring-headers.patch
+ M patches/053-extension_api.patch
+
+ [ Ondřej Surý ]
+ * Package checked, upload to unstable.
+
+ -- Ondřej Surý <ondrej [at] debian> Tue, 7 Nov 2006 09:26:51 +0100
+
+php5 (5.1.6-6) unstable; urgency=high
+
+ [ sean finney ]
+ * add notes to php.ini(-dist) about "unsupported" security features.
+ patch: 113-php.ini_securitynotes.patch
+
+ [ Ondřej Surý ]
+ * SECURITY: include patch for html buffer overflows in ext/standard/html.c
+ Reference: CVE-2006-5465
+ Patch: 114-CVE-2006-5465_htmlentities.patch
+ Closes: #396766
+
+ -- Ondřej Surý <ondrej [at] debian> Fri, 3 Nov 2006 12:32:50 +0100
+
+php5 (5.1.6-5) unstable; urgency=high
+
+ [sean finney]
+ * add a README.Debian.security to clarify how we handle/respond
+ to security problems in stable releases.
+ * SECURITY: include patch for integer overflow in zend_alloc.c.
+ Reference: CVE-2006-04812 (closes: #391586).
+ patch: 110-CVE-2006-4812_zend_alloc.patch
+ * bump the debhelper compatibility level to 4.
+ * remove cyclic depends for mysql/mysqli.
+ * the long overdue rework of configuration file handling. this also
+ removes the need for debconf and template translations
+ (closes: #361211, #393788, #388697).
+ * start using ucf to manage the the various SAPI php.ini files.
+ * cleanup and consolidation of a few things in the ./debian dir
+ * bump the memory limit to 32M for the cli API (closes: #375070, #340586).
+ * include a fix for missing mbstring headers reported by Jan Wagner
+ (closes: #391368).
+ patch: 111-mbstring-headers.patch.
+ * include support for PTY's in proc_open, as reported by Eike Dehling.
+ according to php's BTS (http://bugs.php.net/bug.php?id=39224) the
+ feature was disabled only because the configure script couldn't
+ accurately determine whether the feature was available, and we know
+ it is :) (closes: #381438).
+ patch: 112-proc_open.patch.
+ * update standards-version to 3.7.2
+
+ -- sean finney <seanius [at] debian> Sat, 28 Oct 2006 14:29:44 +0200
+
+php5 (5.1.6-4) unstable; urgency=high
+
+ [sean finney]
+ * no longer build against GPL'd gdbm library (closes: #390452).
+ * updated apache2 module dependencies to build against and coexist
+ with apache2.2 (closes: #390455).
+
+ -- sean finney <seanius [at] debian> Sat, 07 Oct 2006 12:06:09 +0200
+
+php5 (5.1.6-3) unstable; urgency=low
+
+ [ sean finney ]
+ * php5 was building against db4.3 even though db4.4 headers were
+ installed. fix applied to ./ext/dba/config.m4 while we wait
+ for a real fix from upstream (closes: #388601).
+
+ -- sean finney <seanius [at] debian> Mon, 02 Oct 2006 17:42:50 +0200
+
+php5 (5.1.6-2) unstable; urgency=low
+
+ [ sean finney ]
+ * enable the mysqli extension (closes: #320835).
+
+ -- sean finney <seanius [at] debian> Tue, 19 Sep 2006 19:31:27 +0200
+
+php5 (5.1.6-1ubuntu3) feisty; urgency=low
+
+ * Rebuild for ldbl128 change on powerpc and sparc.
+
+ -- Matthias Klose <doko [at] ubuntu> Thu, 2 Nov 2006 10:00:32 +0000
+
+php5 (5.1.6-1ubuntu2) edgy; urgency=low
+
+ * SECURITY UPDATE: Safe mode bypass, remote arbitrary code execution.
+ * Fix/add CVE numbers in/to 5.1.4-0.1 and 5.1.6-1 changelogs.
+ * Add debian/patches/CVE-2006-4625.patch:
+ - Fix open_basedir/safe_mode bypass with ini_restore().
+ - Ported from upstream CVS:
+ http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.39.2.2&r2=1.39.2.3
+ * Add debian/patches/CVE-2006-4812.patch:
+ - Fix integer overflow in Zend's ecalloc().
+ - Ported from upstream CVS:
+ http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162
+
+ -- Martin Pitt <martin.pitt [at] ubuntu> Tue, 10 Oct 2006 18:25:01 +0200
+
+php5 (5.1.6-1ubuntu1) edgy; urgency=low
+
+ * Merge from Debian unstable, bringing in a myriad of security fixes.
+ * Revert libdb4.3->libdb4.4 migration until we're ready to do this.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Wed, 13 Sep 2006 23:11:09 +1000
+
+php5 (5.1.6-1) unstable; urgency=high
+
+ [ Adam Conrad ]
+ * Drop 041-shut_up_snmp.patch, which was no longer needed as of 5.1.0.
+
+ [ Ondřej Surý ]
+ * Acknowledge NMU.
+ * New upstream release (Closes: #383596)
+ - Added missing safe_mode/open_basedir checks inside the error_log(),
+ file_exists(), imap_open() and imap_reopen() functions.
+ - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
+ systems.
+ - Fixed possible open_basedir/safe_mode bypass in cURL extension and
+ with realpath cache. (CVE-2006-2563) (Closes: #370165)
+ - Fixed overflow in GD extension on invalid GIF images.
+ - Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020)
+ (Closes: #382256)
+ - Fixed an out of bounds read inside stripos() function.
+ - Fixed memory_limit restriction on 64 bit system (really with 5.1.6).
+ * Bump libdb build-dep from libdb4.3 to libdb4.4, to match with apache.
+
+ -- Ondřej Surý <ondrej [at] debian> Sat, 19 Aug 2006 14:41:43 +0200
+
+php5 (5.1.4-0.1ubuntu1) edgy; urgency=low
+
+ * Merge from debian unstable.
+
+ -- Fabio M. Di Nitto <fabbione [at] ubuntu> Wed, 12 Jul 2006 17:06:38 +0200
+
+php5 (5.1.4-0.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * New upstream release. (Closes: #366109)
+ * Fixes information leak in html_entity_decode() (CVE-2006-1490).
+ (Closes: #359907)
+ * Fixes phpinfo() XSS (CVE-2006-0996). (Closes: #361914)
+ * Fixes copy() safe mode bypass (CVE-2006-1608). (Closes: #361915)
+ * Fixes tempnam() open_basedir bypass (CVE-2006-1494). (Closes: #361916)
+ * Fixes wordwrap() buffer overflow (CVE-2006-1990). (Closes: #365312)
+ * Fixes substr_compare() DoS condition (CVE-2006-1991).
+ * Fixes crash during too deep recursion (CVE-2006-1549). (Closes: #361917)
+ * Fixes injection in mb_send_mail() (CVE-2006-1014, CVE-2006-1015); not
+ mentioned in upstream changelog. (Closes: #368595)
+ * 044-strtod_arm_fix.patch: Adapted for new upstream; pulled in from
+ Piotr Roszatycki's packages.
+ * 108-64bit_datetime.patch: Patch to fix possible segfault on systems where
+ sizeof(void*) > sizeof(int); patch from David Mosberger-Tang.
+
+ -- Steinar H. Gunderson <sesse [at] debian> Tue, 13 Jun 2006 22:38:33 +0200
+
+php5 (5.1.2-1ubuntu3) dapper; urgency=low
+
+ * Enable the mysqli extension, which is required for full functionality
+ of the ubuntu-server LAMP stack for dapper (launchpad.net/27904)
+ * Make php5-{mysql,mysqli} depend on each other to ease the pain of the
+ planned transition for Etch/Edgy where both will be packaged together.
+ * Comment out the EXTRA_VERSION hack, since it served its purpose when
+ we were providing CVS snapshots, but is now just a cause of complaints.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Thu, 18 May 2006 12:12:27 +1000
+
+php5 (5.1.2-1ubuntu2) dapper; urgency=low
+
+ * Rebuild against the new libmysqlclient15off with correct symbols.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Thu, 6 Apr 2006 12:48:51 +1000
+
+php5 (5.1.2-1ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian, bringing in security fixes and PEAR fix.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Wed, 18 Jan 2006 18:09:55 +1100
+
+php5 (5.1.2-1) unstable; urgency=low
+
+ * New upstream bugfix and security update release (closes: #347894)
+ - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208
+ - Resolves multiple HTTP response splitting vulnerabilities, allowing
+ arbitrary header injection via Set-Cookie headers; see CVE-2006-0207
+ - While we don't currently build it, this release also fixes a format
+ string vulnerability in the mysqli extension; see CVE-2006-0200
+ - Includes a new version of the PEAR installer that seems to have a
+ slightly better clue about the difference between INSTALL_ROOT and
+ PHP_PEAR_INSTALL_DIR, fixing pear.conf (closes: #346479, #346501)
+ * While the above is partially true, the PEAR installer is still a bit
+ broken (it won't install correctly under fakeroot anymore, YAY), so
+ shuffle debian/rules to have a build-pear-stamp target, as a stopgap.
+ * Add 106-strptime_xopen.patch, moving the _XOPEN_SOURCE definition down
+ in ext/standard/datetime.c, below the php.h include (closes: #346550)
+ * Add 107-reflection_is_ext.patch, munging ext/reflection/config.m4 to
+ properly call the PHP_ARG_ENABLE macro for an extension, not built-in.
+ * Stop php-pear from Replacing and Conflicting with php-html-template-it,
+ as we only now ship the bare essential to make the pear installer go.
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 16 Jan 2006 16:12:31 +1100
+
+php5 (5.1.1-1ubuntu1) dapper; urgency=low
+
+ * Resynchronise with Debian, bringing in a myriad of security fixes.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Sun, 8 Jan 2006 02:07:20 +1100
+
+php5 (5.1.1-1) unstable; urgency=low
+
+ * New upstream bugfix release, skipping the problematic 5.1.0 release:
+ - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374)
+ - Remove libtool patch from acinclude.m4, now integrated upstream.
+ - Remove 038-round_test_fix.patch, now integrated upstream.
+ - Remove 049-exported-headers.patch, as upstream's build system has
+ gotten more clever about what they should and shouldn't export.
+ - Remove 054-open_basedir_slash.patch, now integrated upstream.
+ - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
+ - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes.
+ - Remove 104-64_bit_serialize.patch, now integrated upstream.
+ - Remove 105-64_bit_imagettftext.patch, now integrated upstream.
+ * Many security vulnerabilities fixed (closes: #341368, #336005, #336654):
+ - Resolves a local denial of service in the apache2 SAPI, which can
+ be triggered by using session.save_path in .htaccess; CVE-2005-3319
+ - Resolves an infinite loop in the exif_read_data function which can
+ be triggered with a specially-crafted JPEG image; CVE-2005-3353
+ - Resolves a vulnerability in the parse_str function whereby a remote
+ attacker can fool PHP into turning on register_globals, thus making
+ applications vulnerable to global variable injections; CVE-2005-3389
+ - Resolves a vulnerability in the RFC1867 file upload feature where, if
+ register_globals is enabled, a remote attacker can modify the GLOBALS
+ array with a multipart/form-data POST request; see CVE-2005-3390
+ - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
+ - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
+ and open_basedir bypasses between virtual hosts; CVE-2005-3392
+ - Resolves a CRLF injection vulnerability in the mb_send_mail function,
+ allowing injection of arbitrary mail headers; see CVE-2005-3883
+ - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer
+ which could lead to arbitrary code execution; see CVE-2005-4154
+ * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache.
+ * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793)
+ * Automate the process of getting the list of built-in modules into the
+ package descriptions, so it stays fresh in the future (closes: #341867)
+ * Intentionally disable PDO support until I've sorted out the best way to
+ deal with shipping this shiny new feature that won't break the world.
+ * The new PEAR happens to fix the Command.php greedy match bug filed in
+ Debian as part of the fix for the wider security issue (closes: #334969)
+ * Create 056-mime_magic_strings.patch, making the mime_magic extension
+ more liberal about what mime-types is accepts, as well as making it skip
+ over ones it dislikes, rather than disabling itself (closes: #335674)
+ * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
+ configure because we don't have the apache binaries in the build chroot.
+ * Fix small typo in the php5-xsl package description (closes: #344816)
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 15 Dec 2005 14:46:56 +1100
+
+php5 (5.0.5-3) unstable; urgency=low
+
+ * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away
+ soon. Keep libcurl3-dev as an alternate for backporting (see: #334367)
+ * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the
+ *other* side of the line regarding which combinations of DSOs cause
+ segfaults, so hopefully the others catch up with us soon (closes: #332453)
+ * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file,
+ as the path has been changed to comply with the FHS (see: #334510)
+ * Make the above backportable as well, by searching for both files, and
+ picking the one that's currently installed on the user's system.
+ * Include swedish debconf translation from Daniel Nylander (closes: #330763)
+ * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't
+ get some random binary on $PATH that won't work right (closes: #329415)
+ * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg
+
+ -- Adam Conrad <adconrad [at] 0c3> Fri, 21 Oct 2005 02:30:19 +1000
+
+php5 (5.0.5-2ubuntu1) breezy; urgency=low
+
+ * Resync with Debian, bringing in two security fixes, a file conflict fix,
+ and two 64-bit memory corruption and segfault fixes (no other changes).
+
+ -- Adam Conrad <adconrad [at] ubuntu> Sun, 9 Oct 2005 03:14:32 +1000
+
+php5 (5.0.5-2) unstable; urgency=medium
+
+ * Remove Andres Salomon from the Uploaders field, at his request. Thanks
+ for all your work on the PHP packages, Andres, now fix our kernel bugs.
+ * Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir
+ is set to "/foo/", users can access files in "/foobar/", which is not the
+ documented behaviour; this addresses CAN-2005-3054 (see: #323585)
+ * Add 104-64_bit_serialize.patch from Joe Orton, resolving a segfault when
+ serializing objects on all 64-bit architectures (closes: #329768)
+ * Add 105-64_bit_imagettftext.patch, fixing a type mismatch in the GD
+ extension, causing memory corruption on 64-bit arches (closes: #331001)
+ * Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode
+ checks to the _php_image_output and _php_image_output_ctx GD functions.
+ * Make php-pear Provide, Replace, and Conflict php-html-template-it, which
+ we appear to have absorbed into the main PEAR packaging (closes: #332393)
+
+ -- Adam Conrad <adconrad [at] 0c3> Tue, 27 Sep 2005 16:09:29 +1000
+
+php5 (5.0.5-1ubuntu1) breezy; urgency=low
+
+ * Resync with Debian, lowering libsnmp-dev build-dep to libsnmp5-dev.
+ * This new upstream includes a fixed XML_RPC class in php-pear, which
+ addresses CAN-2005-2498 and closes Ubuntu bug #13701.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Tue, 13 Sep 2005 14:52:10 +1000
+
+php5 (5.0.5-1) unstable; urgency=low
+
+ * New upstream release, adjust patch offsets and fuzz, and drop patches:
+ - Drop 009-snmp-int-sizes.patch, finally fixed upstream.
+ - Drop 051-gcc-4.0.patch, fixed differently upstream.
+ - Drop 102-php_streams.patch, fixed upstream.
+ - Drop 103-catch_segv.patch, also fixed upstream.
+ - Includes PEAR XML_RPC fix for CAN-2005-2498.
+ - Includes phpinfo() XSS fix for CVE-2005-3388.
+ * Distribute the shiny new manpages for php-config and phpize.
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 12 Sep 2005 02:29:24 +1000
+
+php5 (5.0.4-4) unstable; urgency=low
+
+ * Ondřej Surý <ondrej [at] sury>:
+ - Add patch from CVS to fix regression in PHP 5.0.4, where file related
+ functions all stop reading at 2,000,000 bytes (closes: #321930)
+ * Adam Conrad <adconrad [at] 0c3>:
+ - Enable support for gdbm files in the dba handler; half the base system
+ already appears to depend on libgdm, so we can't make things worse.
+ - Add another patch from CVS to fix a segfault in the catch/throw
+ handler under interesting nesting cases (closes: #322507)
+ - Rebuild against libsnmp9-dev for new libsnmp SOVER (closes: #327107)
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 8 Sep 2005 00:36:36 +1000
+
+php5 (5.0.4-3ubuntu1) breezy; urgency=low
+
+ * Resync with Debian, bringing in important changes to php5-dev and the
+ dependency relationships between php5 SAPIs and php5 extensions, as
+ well as making sure that php5 is backportable to hoary without changes.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Mon, 1 Aug 2005 09:54:24 +1000
+
+php5 (5.0.4-3) unstable; urgency=low
+
+ * And fix the module/extension API situation one last time, this time
+ we read ZEND_EXTENSION_API_NO, ZEND_MODULE_API_NO, and PHP_API_VERSION,
+ pick the most recent of the three, assume things broke in ways we're
+ not willing to cope with, and both change the extension directory to
+ use that value, as well as setting it to the provides/depends for the
+ various SAPI and extension packages.
+ * Add a new option to php-config, 'php-config --phpapi', which extension
+ packagers should now be using to get the current phpapi they're building
+ against and set their dependencies accordingly.
+ * Strip the -gnu off the end of the DEB_*_* variables and drop the
+ versioned dpkg-dev build-dep to ease backporting to sarge and hoary;
+ doing so in such a way as to still allow for easy cross-compiling.
+ * Add postgresql-dev build-dep alternate for easy hoary/sarge backports.
+ * Make libapache2-mod-php5 the default alternate dependency for the php5
+ metapackage, since we really do want to encourage the apache upgrade.
+ * Make php5-dev stop shipping copies of files from autotools-dev, shtool,
+ and libtool, and instead symlink to them and depend on those packages,
+ thus avoiding the shtool issues from CAN-2005-1751 and CAN-2005-1759.
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 31 Jul 2005 03:05:08 +1000
+
+php5 (5.0.4-2) unstable; urgency=low
+
+ * We now have a mailing list. Set the maintainer to the list, and move
+ myself to Uploaders where, apparently, I belong.
+ * Use ZEND_MODULE_API_NO rather than PHP_API_VERSION for extension deps,
+ as recent upstream ABI breakage in 4.4.0 leads me to believe this is
+ the only constant they actually bother to update on ABI changes.
+ * Bring back some concflicts that went missing (libapache-mod-php5 needs
+ to conflict with libapache-mod-php4 and older versions of php4, while
+ the two libapache2-mod-php[45] modules also need to conflict).
+ * Adjust debian/watch to not match on upstream's alpha/beta/rc releases.
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 27 Jul 2005 22:30:42 +1000
+
+php5 (5.0.4-1ubuntu2) breezy; urgency=low
+
+ * libapache2-mod-php5 needs to conflict with libapache2-mod-php4 to
+ prevent people from shooting their own feet and breaking apache2.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Wed, 27 Jul 2005 22:29:14 +1000
+
+php5 (5.0.4-1ubuntu1) breezy; urgency=low
+
+ * Upload to breezy, disabling the libapache-mod-php5 build.
+
+ -- Adam Conrad <adconrad [at] ubuntu> Wed, 27 Jul 2005 02:22:23 +1000
+
+php5 (5.0.4-1) unstable; urgency=low
+
+ * Initial PHP5 release; packaging forked from php4 4:4.3.11-1.
+ - Closes: #262977, #293832
+ * Ondrej Sury <ondrej [at] sury>:
+ - Removed some obsolete cruft, since there wasn't any previous php5
+ packages there is no need, to check /usr/share/doc/*, etc.
+ - Removed apache2 IfModule hack, it's been fixed in php5.
+ - Updated patches to php5, removing those which are obsolete.
+ - Changes xslt extension to xsl (using libxslt).
+ - Updated debian/* including changelog.
+ - Raised update-alternatives priority to 50.
+ * Adam Conrad <adconrad [at] 0c3>:
+ - Merged with php4 4:4.4.0-1 packaging.
+ - Re-roll upstream tarball to include PEAR::XML_RPC 1.3.3, which
+ includes a security fix for CVE CAN-2005-1921.
+ - Bump to Standards-Version 3.6.2, with no source changes.
+ - Stop distributing the phpextdist binary, as upstream has stopped.
+ - Drop the ext_skel binary and skeleton dir from php5-dev, as it has
+ been deemed obsolete upstream and the version in the tarball is not
+ considered useful anymore. PEAR::PECL_Gen upstream will replace it.
+ - Fix longstanding broken shebang lines in debconf config scripts.
+ - Remove lintian overrides for modules; lintian no longer complains
+ about missing shlibs for libraries outside the linker path.
+ - Add a linda override for the non-standard directory permissions on
+ /var/lib/php5 in php5-common.
+ - Rename php5-pear to php-pear, have it replace php4-pear, and depend
+ on php5-cli OR php4-cli; make sure it works with both.
+ - Compile in SOAP extension (closes: #307580)
+ - Enable SQLite extension as shared, make the xmlrpc extension shared.
+ - Enabled the pgsql extension, and disabled the imap extension (which
+ will be moving to another source package and become the example
+ package for out-of-tree builds).
+
+ -- Adam Conrad <adconrad [at] 0c3> Sat, 16 Jul 2005 23:42:36 +1000
+
+php4 (4:4.3.11-1) unstable; urgency=low
+
+ * New upstream release (closes: #304052)
+ - Drop CVS patches, we're back in step with upstream versions.
+ - Remove 048-x509_multiple_orgUnits.patch, incorporated in 4.3.11.
+ - Remove 050-4.3.11_file_copy_fix.patch, incorporated in 4.3.11.
+ - Remove 040-curl_open_basedir.patch, as upstream has solved this
+ in a different fashion.
+ - Adjust patches for offset and fuzz.
+ - Remove bits from debian/rules dealing with the DB PEAR extension,
+ since it's no longer shipped in the php4-pear package.
+ * Rebuild against newer version of freetds library (closes: #317369)
+ * Add 052-phpinfo_no_configure.patch, which disables the display of our
+ "Configure Command" in phpinfo(), which was the source of many bogus
+ bug reports over the years, due to people misinterpreting its meaning.
+ * New translations to Vietnamese and Russian (closes: #316821, #310199)
+ - vi.po contributed by Clytie Siddall <clytie [at] riverland>
+ - ru.po contributed by Yuriy Talakan' <yt [at] amur>
+ * Mention FastCGI in the description of php4-cgi (closes: #310810)
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 4 Jul 2005 17:47:32 +1000
+
+php4 (4:4.3.10-15) unstable; urgency=low
+
+ * Bring back the shipping of /usr/share/doc symlinks in our packages,
+ as this, in concert with moving the migration detection from preinst
+ to postinst (which was done in the last upload), seems to give us the
+ sanest upgrade path. Thanks to Steve Langasek for smacking me around
+ with unpack/upgrade scenarios for a while to convince me of this.
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 9 May 2005 02:13:19 -0600
+
+php4 (4:4.3.10-14) unstable; urgency=high
+
+ * Revert the directory->symlink magic to work how it used to, since the
+ new behaviour broke hideously on upgrades from Woody, causing certain
+ files (like the changelog) to mysteriously go missing (closes: #307591)
+ * Move our template php.ini to /usr/share/php4, so we stop violating
+ policy by using files from /usr/share/doc (as seen in #307591)
+ * Remove 'readline' from the php4-cli package description, since we don't
+ actually build with readline support enabled anymore (closes: #306571)
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 4 May 2005 01:48:19 -0600
+
+php4 (4:4.3.10-13) unstable; urgency=low
+
+ * Update email address for Andres Salomon <dilinger [at] debian>
+ * Add Portuguese translation from Miguel Figueiredo (closes: #305038)
+ * Include 051-gcc-4.0.patch, which resolves a build failure in
+ libxmlrpc (from the xmlrpc extension) with gcc-4.0 (closes: #287956)
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 18 Apr 2005 00:29:54 -0600
+
+php4 (4:4.3.10-12) unstable; urgency=low
+
+ * Add 050-4.3.11_file_copy_fix.patch, which reverts a broken 'fix'
+ made to the copy() function, causing it to fail in particularly
+ spectacular ways when used on remote files (closes: #304601)
+ * Use -g instead of -gstabs on powerpc64-linux (closes: #301571)
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 14 Apr 2005 03:53:27 -0600
+
+php4 (4:4.3.10-11) unstable; urgency=medium
+
+ * Address an FTBFS waiting to happen in the php4-dev package:
+ - Remove Win32 and Netware specific headers.
+ - Stop shipping php4-pgsql headers.
+ - Stop shipping the expat headers, since we don't even
+ use the bundled expat library.
+ - Make php4-dev depend on libssl-dev, since it wants to include
+ ssl.h when you use it to build network-using extensions.
+ * Stop building extensions twice; we don't need two copies.
+
+ -- Adam Conrad <adconrad [at] 0c3> Tue, 12 Apr 2005 03:14:03 -0600
+
+php4 (4:4.3.10-10) unstable; urgency=low
+
+ * Update to 200503131325 CVS (AKA: 4.3.11RC1), fixing several bugs
+ including a segfault in mysql_fetch_field() (closes: #299608)
+ * Remove 042-remove_windows_paths.patch, incorporated upstream.
+ * Add 048-x509_multiple_orgUnits.patch to bring the openssl extension
+ in line with the upcoming 4.3.11 behaviour of listing multiple
+ Organisational Units in an x509 cert as an array, rather than only
+ listing the last in the list.
+ * After much talk with upstream, revert the ZTS changes. We are no
+ longer building a thread-safe PHP. (closes: #299820, #297223, #297679)
+ * ZTS was breaking file search paths, leading to errors loading files
+ from the cwd (closes: #298282, #298518, #299089, #299356)
+ * Stop building caudium-php4 (closes: #294718, #297702, #295100)
+ - We can't link against the GPL pike7.2, which we've been doing. Oops.
+ - Even if the above weren't true, upstream has insisted that ZTS is a
+ horribly broken solution, slated for eventual removal, and should
+ never, ever be used. In light of that, caudium users should instead
+ use php4-cgi, either as a plain CGI, or as a FastCGI backend.
+ - Not even attempting to provide an upgrade path, as it would be
+ needlessly complex, and caudium-php4 in previous stable releases
+ was nothing more than a useless toy, given that it had nearly no
+ useful extensions built-in or supported.
+ * Rewrite 041-shut_up_snmp.patch to take a different approach, this time
+ regrettably reverting a fix for a memory leak, in the name of making
+ things work properly, including squashing the putenv() intecaction
+ bug between PHP and other apache modules (closes: #298511, #300628)
+ * On sidegrades from distributions where different modules may be built
+ from their own source, and thus have their own doc directories, bad
+ things happen when we try to replace those with symlinks, so now we
+ check for this in preinst, and fix stuff up magically to Just Work.
+ * Add Jeroen van Wolffelaar <jeroen [at] wolffelaar> to Uploaders.
+ * Fix up modules regexes to use "\.so" instead of ".so" (cf: #300998)
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 16 Mar 2005 22:46:05 -0700
+
+php4 (4:4.3.10-9) unstable; urgency=low
+
+ * Update 040-curl_open_basedir.patch once more to make sure it doesn't
+ segfault when fed a null or uninitialised URL (closes: #295447)
+ * Add 047-zts_with_dl.patch, courtesy of Steve Langasek to re-enable the
+ dl() function in our builds, despite upstream's claim that it "might
+ not be threadsafe on all platforms"; it is on ours (closes: #297839)
+ * Make the php4-dev binaries versioned with alternatives (closes: #295903)
+ * Update build-deps to libmysqlclient12-dev (closes: #290989, #227549)
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 6 Mar 2005 07:30:35 -0700
+
+php4 (4:4.3.10-8) unstable; urgency=high
+
+ * Add 046-zend_plist_buggery.patch which unrolls the changes made to
+ zend.c in CVS post-4.3.10. The memory leaks fixed by these changes
+ seem to not have been hurting us terribly so far, while the "fix"
+ (breaking persistent lists) was, uhm, bad (closes: #295998, #296694)
+ * Revise 041-shut_up_snmp.patch to call init_snmp with 'snmpapp' as the
+ appname, rather than 'php', to maintain backward compatibility, and to
+ wrap our setenv/unsetenv magic only around snmp_shutdown, which seems to
+ solve a segfault when php4-snmp is loaded with mod_perl (closes: #296282)
+ * Fix 042-remove_windows_paths.patch to catch both cases where windows
+ path stripping should occur (closes: #296406)
+
+ -- Adam Conrad <adconrad [at] 0c3> Tue, 22 Feb 2005 07:49:32 -0700
+
+php4 (4:4.3.10-7) unstable; urgency=high
+
+ * Rewrite 040-curl_open_basedir.patch, so it now does what it's supposed
+ to (addressing CAN-2004-1392) and no longer segfaults (closes: #295447)
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 17 Feb 2005 00:06:36 -0700
+
+php4 (4:4.3.10-6) unstable; urgency=high
+
+ * Add 044-strtod_arm_fix.patch to fix the FPU confusion FTBFS on arm.
+ * Add 045-exif_nesting_level.patch to bump the exif header parsing max
+ nesting level to something that actually works with most JPEG images.
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 14 Feb 2005 16:04:28 -0700
+
+php4 (4:4.3.10-5) unstable; urgency=low
+
+ * Add 043-recode_size_t.patch to fix 32/64-bit issues causing the recode
+ extension to segfault on alpha/amd64/ia64 (closes: #294986)
+ * Move the ./buildconf stuff in the unpatch target inside the test
+ for patch-stamp, as it's uselss unless we're unpatching.
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 13 Feb 2005 19:09:39 -0700
+
+php4 (4:4.3.10-4) unstable; urgency=medium
+
+ * Make php4-dev arch:any, as it contains some arch-specific defines.
+ * Add 042-remove_windows_paths.patch, a patch to rfc1867.c to strip Windows
+ paths from uploaded filenames, like it used to. (closes: #294305)
+ * Fix up caudium description to reflect the fact that caudium it is no
+ longer restricted from sharing extensions with other SAPIs.
+ * Build-dep on apache2-threaded-dev (>= 2.0.53-3) to make sure we
+ get a version with non-broken headers.
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 9 Feb 2005 11:52:10 -0700
+
+php4 (4:4.3.10-3) unstable; urgency=medium
+
+ * Update to CVS, as of 200502060530 (closes: #288672)
+ - Fixes two vulnerabilities in exif.c, CAN-2005-1042 and CAN-2005-1043
+ - Fixes two vulnerabilities in image.c, CAN-2005-0524 and CAN-2005-0525
+ - File uploads with "'" in them aren't cut off anymore (closes: #288679)
+ - unserialize() is no longer ridiculously slow (closes: #291392)
+ - Add 000-200502060530_CVS.patch
+ - Adapt debian/rules to the realities of upstream's new buildconf
+ - Add 033-we_WANT_libtool.patch, to force relibtoolizing with Debian's
+ libtool, rather than using upstream's broken bundled libtool
+ - Drop 031_zend_strtod_1.1.2.10.patch and 032_zend_strtod_debian.patch
+ - Adjust patches for offsets and fuzz
+ - Force --with-pic, as policy demands it, and the build system doesn't
+ * Added several patches, yanked from the Fedora PHP sources:
+ - 034-apache2_umask_fix.patch, fixes umask not being properly reset
+ after each request (closes: #286225)
+ - 036-fd_setsize_fix.patch, fixes misuse of FD_SET()
+ - 038-round_test_fix.patch, makes the rounding test work on gcc-3.3
+ * Removed --with-libedit, as being able to background php is more useful,
+ in my opinion, than using readline functions (see #286356)
+ * Include zip support in all SAPIs (closes: #288534, #288909)
+ * Enable Zend Thread Safety for all SAPIs, meaning that our modules
+ are now compiled for ZTS APIs as well. (closes: #278212, #264015)
+ - Make sure caudium-php4 now provides phpapi-$(ver), and modules can
+ be configured with the caudium SAPI.
+ - Add 039-reentrant_libs.patch to link to the reentrant versions of
+ libldap and libmysqlclient
+ * Stop suggesting phpdoc, as it's undistributable anyway.
+ * Add 040-curl_open_basedir.patch, to make php4-curl respect the value
+ of open_basedir, thanks to Martin Pitt (closes: #291410)
+ * Add 041-shut_up_snmp.patch, to prevent libsnmp5 from attempting (and
+ failing) to write persistent data every time it shuts down. Ugh.
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 6 Feb 2005 05:32:11 -0700
+
+php4 (4:4.3.10-2) unstable; urgency=high
+
+ * Patch Zend/zend_strtod.c twice:
+ - Patch from upstream CVS to fix FTBFS on Sparc/Linux systems
+ - Patch from me to fix FTBFS on __mc68000__, __ia64__, and __s390__
+
+ -- Adam Conrad <adconrad [at] 0c3> Sat, 18 Dec 2004 19:35:30 -0700
+
+php4 (4:4.3.10-1) unstable; urgency=high
+
+ * New upstream release, including the following security fixes:
+ - CAN-2004-1018 - shmop_write() out of bounds memory write access.
+ - CAN-2004-1018 - integer overflow/underflow in pack() and unpack()
+ functions.
+ - CAN-2004-1019 - possible information disclosure, double free and
+ negative reference index array underflow in deserialization code.
+ - CAN-2004-1020 - addslashes() not escaping \0 correctly.
+ - CAN-2004-1063 - safe_mode execution directory bypass.
+ - CAN-2004-1064 - arbitrary file access through path truncation.
+ - CAN-2004-1065 - exif_read_data() overflow on long sectionname.
+ - magic_quotes_gpc could lead to one level directory traversal with
+ file uploads.
+ * Adjust patch offsets for new upstream, fix 013-force_getaddrinfo.patch
+ to match with new configure.in and drop 026-4.3.10_session_fixes.patch
+ which is included in 4.3.10.
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 15 Dec 2004 17:17:40 -0700
+
+php4 (4:4.3.9-2) unstable; urgency=low
+
+ * Adam Conrad <adconrad [at] 0c3>:
+ - Add -fno-strict-aliasing to CFLAGS, as the (several thousand)
+ warnings I'm getting from GCC are frightening me a tad.
+ - Remove the php-cgi alternative in php4-cgi's prerm, to avoid
+ leaving dangling symlinks (closes: #275962, #282315)
+ - Include 030-imap_getacl.patch, adding the imap_getacl() function
+ required by the GOsa project (closes: #282484)
+ - Include php.ini-paranoid in doc/examples, provided and maintained
+ by Javier Fernández-Sanguino Peña (closes: #274374)
+ - Make /cgi-bin/php4 an alternative for /cgi-bin/php (closes: #282464)
+ - Remove obsolete info from README.Debian relating to session_mm,
+ since we stopped building with libmm a while back.
+ - Reintroduce /usr/lib/php4/libexec that went missing in a previous
+ upload, since the build uses it as the default safe_mode exec dir.
+ * Andres Salomon <dilinger [at] voxel>:
+ - Add patch to include gd headers in php4-dev, as some PECL modules
+ (notably, pdflib) expect it; 028-export_gd_headers.patch.
+ - Lintian fix: Add missing #DEBHELPER# token to php4-common.postrm.
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 01 Dec 2004 18:48:13 -0700
+
+php4 (4:4.3.9-1) unstable; urgency=high
+
+ * New upstream release, removed the following patches fixed upstream:
+ 014-apache2handler_CVS_fixes.patch, 015-gdNewDynamicCtx_Add_Ex.patch,
+ 018-unix_socket_fd_leak.patch, 020-4.3.9_overflow_fixes.patch,
+ 021-4.3.9_sybase_ct_fixes.patch, 022-4.3.9_sprintf_fixes.patch,
+ 023-4.3.9_array_fixes.patch, 024-4.3.9_glob_fix.patch,
+ and 025-4.3.9_domxml_segfaults.patch
+ * Resolves undiscolsed vulnerabilities in GPC processing and rfc1867
+ handling of file uploads via the $_FILES array; these have since
+ been assigned CVE CAN-2004-0958 and CAN-2004-0959 (closes: #274206)
+ * After some fairly heavy testing from several users and developers,
+ finally update php4-snmp to use libsnmp5 (closes: #195929)
+ * Add 026-4.3.10_session_fixes.patch from CVS, which prevents PHP
+ from segfaulting when a nonexistant or unsupported save_handler or
+ serialize_handler is specified in php.ini.
+ * Add /etc/apache/conf.d/php4.conf, setting up our mime-types, on the
+ off chance that the user's /etc/mime.types is broken (closes: #271171)
+ * Reintroduce a CGI binary at /usr/bin/php4-cgi, so people who can't
+ make use of the --force-cgi-redirect CGI binary in /usr/lib/cgi-bin
+ can instead use #!/usr/bin/php4-cgi scripts (closes: #273143)
+ * Enable FastCGI for both CGI binaries, now that it no longer conflicts
+ with, but rather complements, the CGI SAPI (closes: #233849)
+ * Bump libgd2 build-dep a notch to make sure we build against a version
+ that actually has XPM support built in (closes: #270435)
+ * Finally drop the bogus libapache-mod-ssl dependency from the apache1.3
+ php4 module, as glibc (>= 2.3.2.ds1-17) has fixed the dlopen refcount
+ bug that we were hacking around (closes: #205553, #230956, #271000)
+ * Remove the mm session handler from the apache1.3 build. Since the
+ files handler now works on all arches, and is configured to be secure
+ by default, mm seems to have outlived its usefulness.
+ (closes: #119902, #149430, #166811, #272463, #232840)
+ * Rename sapi/apache2handler/sapi_apache2.c to mod_php4.c so that
+ <IfModule> directives aren't ambiguous between php4 and php5.
+ * Add Czech translation, thanks to Miroslav Kure (closes: #274038)
+ * Configure CLI with --with-libedit for readline support, and add
+ 027-readline_is_editline.patch, since Debian's libedit headers are
+ not installed in /usr/include/readline (closes: #274031)
+ * libcurl grew a new SONAME somewhere along the way, and upgrading
+ doesn't seem to cause regressions in php4-curl, so upgrade we shall,
+ changing build-deps accordingly (closes: #260389)
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 4 Oct 2004 22:57:37 -0600
+
+php4 (4:4.3.8-12) unstable; urgency=high
+
+ * On new php4-cli installations, if php4-cgi is installed, we copy its
+ php.ini as a starting reference, so that command line scripts that
+ used to work don't start mysteriously failing (closes: #270153)
+ * php4-common has grown a postrm script to make sure we completely
+ clean out and remove /var/lib/php4 during the purge phase.
+ * Optimize garbage collection cronjob to use 'xargs -r -0 rm', so we
+ aren't forking for every session file we delete (closes: #268918)
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 5 Sep 2004 19:17:42 -0600
+
+php4 (4:4.3.8-11) unstable; urgency=high
+
+ * Andres Salomon <dilinger [at] voxel>:
+ - Fix bashism in maxlifetime script (closes: #270015)
+ * Adam Conrad <adconrad [at] 0c3>:
+ - Clarify setup instructions in README.Debian for using php4-cgi
+ with the apache and apache2 packages (closes: #228342, #228343)
+
+ -- Adam Conrad <adconrad [at] 0c3> Sat, 04 Sep 2004 23:21:21 -0600
+
+php4 (4:4.3.8-10) unstable; urgency=high
+
+ * Andres Salomon <dilinger [at] voxel>:
+ - Change frequency of session file cleansing, based on the maximum value
+ of session.gc_maxlifetime from all php.ini files (closes: #269688).
+ - Update README.Debian to mention session cleaning cron job.
+ * Adam Conrad <adconrad [at] 0c3>:
+ - Drop php4-cgi from the list of alternate dependencies for the php4
+ metpackage to smooth upgrades for woody users who have both php4 and
+ php4-cgi installed (closes: #269628, #269348, #269377)
+ - Fix cut-n-paste issue in php4-cli postinst (closes: #269466)
+ - Add 023-4.3.9_array_fixes.patch, which fixes problems with the
+ extract() function misbehaving with multiple element references.
+ - Add 024-4.3.9_glob_fix.patch to fix broken return values from glob()
+ when it succeeds with no matches (closes: #269287)
+ - Add 025-4.3.9_domxml_segfaults.patch, fixing segfaults in the domxml
+ extension when it shares memory space with other libxml2-using libs.
+ - Update the comments in php.ini to point out that, due to dilinger's
+ changes above, session.gc_maxlifetime is honoured by the gc cronjob.
+
+ -- Adam Conrad <adconrad [at] 0c3> Fri, 03 Sep 2004 20:42:56 -0600
+
+php4 (4:4.3.8-9) unstable; urgency=high
+
+ * Re-introduce the changelog.Debian that went missing in the last
+ upload due to the php4-common move from arch:all to arch:any
+ * Clean up lintian warnings regarding scripts that weren't executable
+ and executables that weren't scripts.
+ * Add a lintian override for the non-standard-dir-perm of /var/lib/php4
+ * Update to Standards-Version 3.6.1 (no changes, other than the above)
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 26 Aug 2004 21:53:27 -0600
+
+php4 (4:4.3.8-8) unstable; urgency=low
+
+ * Default session.save_path is now compiled in to php4, allowing
+ us to, again, comment out the value in php.ini.
+ * Comment out session.gc_probability in the default php.ini, as we've
+ now compiled in a default of 0, allowing the cronjob to do the
+ garbage collection for us instead. (closes: #267720)
+ * Make the 5 SAPI postinsts smarter, allowing them to poke around in
+ people's configs and make sure that sessions won't be broken
+ after we upgraded them from a perfectly functional system.
+ * Add 022-4.3.9_sprintf_fixes.patch, fixing incorrect formatting of
+ floats with padding by sprintf().
+ * Make php4-common arch:any, and loosen up some of the other any->all
+ package dependencies to make sure binNMUs won't break.
+
+ -- Adam Conrad <adconrad [at] 0c3> Tue, 24 Aug 2004 03:09:43 -0600
+
+php4 (4:4.3.8-7) unstable; urgency=high
+
+ * Back out LFS support AGAIN, as we're disabling LFS in apache2 for
+ the Sarge release. (closes: #266869)
+ * Add 021-4.3.9_sybase_ct_fixes.patch, backporting several fixes
+ for the sybase_ct extension from 4.3.9rc1.
+ * Tidy up descriptions a fair bit:
+ - Disambiguate short descriptions of SAPIs. (closes: #244571)
+ - Refresh the (now much longer) lists of built-in modules for each SAPI.
+ - Explain why caudium-php4 can't use any loadable extensions.
+ - Remove silly advertising blurb for Zend, since very few people are
+ still using php3, and those who are can't be convinced to upgrade
+ just by telling them "Hey, it's faster!".
+ - Add Homepage URI to each SAPI description.
+ - Fix typo in php4-domxml description. (closes: #146124)
+ * Make caudium-php4 provide php4-mysql and php4-pgsql, so it can be used
+ with packages that depend on something like "php4, php4-mysql".
+ * Enable --with-mime-magic and make sure all SAPIs depend on libmagic1
+ to pull in /usr/share/misc/file/magic.mime (closes: #175136)
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 19 Aug 2004 18:27:17 -0600
+
+php4 (4:4.3.8-6) unstable; urgency=high
+
+ * Add libgcrypt11-dev to the build-depends, as something seems to be
+ pulling it in and causing an FTBFS (closes: #265952)
+ * Add 020-4.3.9_overflow_fixes, backporting fix for integer overflows
+ in array_slice(), array_splice(), substr(), substr_replace(),
+ strspn() and strcspn().
+ * Bump the apache2 build-dep to (>= 2.0.50-9) to ensure we're building
+ against the new ABI-incompatble libapr0, which brings in proper
+ large file support. Bump the apache2 binary dependency as well.
+ (closes: #266210, #266192)
+ * Enable large file support on all SAPIs except for caudium, as I'm not
+ sure how caudium will react to the change, and I don't want to
+ destabilise anything just before release. This change has been
+ heavily tested with apache2/apache/cgi/cli, and all is well there.
+ * Re-enable 019-z_off_t_as_long.patch, which is needed to make sure
+ that LFS-enabled SAPIs can still use zlib file functions correctly.
+ * Rework the apache2 restarting logic to only restart apache2 if
+ apache2ctl configtest succeeds, otherwise kick out a warning to
+ the user. Even then, we run force-reload with ||true, in case
+ apache2 fails to start for other reasons (closes: #264958)
+ * Make php4-gd Provide php4-gd2, so packages which still depend on
+ php4-gd2 are installable (and so packaging frontends can take the
+ provides/conflicts/replaces hint and DTRT with it)
+ * Split php4-cgi to php4-cgi and php4-cli (closes: #227915)
+ - Add php4-cli to debian/control, replaces older php4-cgi versions
+ - php4-cgi depends on php4-cli for smooth transitions
+ - php4-pear now depends on php4-cli (closes: #243214, #221434)
+ - Add php4-cli to list of SAPIs configurable for modules
+ - Munge php.1 manpage to include -cli info
+ - Enable pcntl and ncurses in -cli (closes: #135861, #190947, #241806)
+ * Move all of php4's files to libapache-mod-php4, and make php4 a
+ metapackage that depends on libapache-mod-php4 | libapache2-mod-php4 |
+ php4-cgi | caudium-php4 (closes: #244573, #246654, #244571, #266517)
+ * Include skeleton directory in php4-dev (closes: #95832, #211338)
+ * Include php.ini-recommended in php4-common's examples (closes: #181396)
+ * Move /var/lib/php4 to php4-common and install a cronjob that cleans
+ out old sessions every 30 minutes (closes: #256831, #257111)
+ * Move the libapache-mod-ssl dependency from php4-imap to
+ libapache-mod-php4 to stop irritating users of other SAPIs
+ (closes: #240003, #246887, #263381)
+ * Compile pgsql and mysql support into the caudium SAPI, so it's
+ slightly less useless (closes: #181175)
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 15 Aug 2004 19:56:14 -0600
+
+php4 (4:4.3.8-5) unstable; urgency=low
+
+ * Build-depend on chrpath and use it to nuke rpath from modules
+ during the install target of debian/rules.
+ * Add 018-unix_socket_fd_leak.patch to get rid of UNIX socket file
+ descriptor leak on failed fsockopen() calls. (closes: #257269)
+ * It would seem that if we want LFS support, all SAPIs and all extensions
+ that do file access need to be built with LFS support, and since
+ apache2 currently doesn't have LFS, this presents a problem. As
+ such, I'm disabling LFS accross the board until apache2 supports it.
+ (closes: #263962)
+ * Add 019-z_off_t_as_long.patch, including local headers for zlib,
+ forcing off_t = long for gzip file functions, however disable it
+ for now, as we'll only need it if we reenable LFS (closes: #208608)
+ * Add the Debian package revision as EXTRAVERSION to PHP, so one can
+ more easily tell what version is currently running (for instance,
+ if a user fails to restart Apache after an upgrade of php4, this
+ would become obvious to them in the version banner and in phpinfo()
+ * Fixed up debian/patches, adjusting offsets and adding newlines,
+ so patch stops complaining and applies them cleanly.
+ * libapache2-mod-php4 postinst now forces a reload of apache2, which
+ should get the module properly working in all cases where people
+ previously thought 'apachectl graceful' would cut it.
+ (closes: #241352, #263424, #228343)
+ * debian/rules explicitly sets PROG_SENDMAIL during configure so
+ that builds on buildds with no sendmail installed don't get the
+ mail() function disabled. (closes: #180734)
+ * Enable XMLRPC-EPI support for all SAPIs (closes: #228825, #249368)
+ * Enable sysvmsg support for all SAPIs (closes: #236190)
+ * Enable dbx support for all SAPIs (closes: #229508, #249797)
+ * Nuke aclocal.m4 before we run ./buildconf to ensure we get it
+ regenerated correctly, and we get an up-to-date libtoolization.
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 9 Aug 2004 07:47:46 -0600
+
+php4 (4:4.3.8-4) unstable; urgency=low
+
+ * Drop 016-pread_pwrite_XOPEN_SOURCE_500.patch, as it didn't seem to
+ solve anything, really, and add 017-pread_pwrite_disable.patch,
+ wich completely disables pread/pwrite usage, fixing session support
+ on sparc, and pread/pwrite usage on amd64. (closes: #261311)
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 26 Jul 2004 06:15:59 -0600
+
+php4 (4:4.3.8-3) unstable; urgency=low
+
+ * Steve Langasek <vorlon [at] debian>:
+ - Give php4-pear a versioned dependency on php4-cgi, due to
+ backwards-compatibility issues (closes: #260924).
+
+ * Adam Conrad <adconrad [at] 0c3>:
+ - Added a debian/watch file for the curious, or people running
+ automated uscan scripts over the entire archive.
+ - Bump libgd2 build-dep to 2.0.28 to buy us guaranteed GIF
+ support in php4-gd (closes: #66293)
+ - Add 015-gdNewDynamicCtx_Add_Ex.patch, which fixes three double-free
+ errors in php4-gd. This, in concert with the librrd0 update
+ (see #261323) should clear up all known segfaults in php4-gd
+ (closes: #220196, #234571, #241270, #246833, #251220, #260790)
+ Thanks to Klaus Reimer <k [at] ailis> for the tip.
+ - Add 016-pread_pwrite_XOPEN_SOURCE_500.patch, which fixes use of
+ pread/pwrite in conjunction with LFS64. This should fix the files
+ session handler on sparc, as well as the amd64 build failure.
+ (closes: #234766, #239420, #261311, #248765)
+ - Clean up debian/rules to remove a bunch of obsolete cruft, as well
+ as introducing an LFSFLAGS, allowing us to easily turn LFS support
+ on and off for each SAPI.
+ - Re-enable LFS for apache 1.3, as it was enable in Woody and we should
+ remain backward compatible.
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 25 Jul 2004 18:49:31 -0600
+
+php4 (4:4.3.8-2) unstable; urgency=high
+
+ * Urgency "high" to make up for the last upload which contained
+ security fixes but was uploaded urgency "low".
+
+ * Adam Conrad <adconrad [at] 0c3>:
+ - Bump debhelper build-dep to >= 3, as we were using DH_COMPAT=3
+ in debian/rules. Not sure how this was missed for so long.
+ - Add 014-apache2handler_CVS_fixes.patch, which fixes a memory
+ leak in the apache2handler SAPI, as well as a logical mishandling
+ of fatal errors during activation.
+
+ * Steve Langasek <vorlon [at] debian>:
+ - Revert large file support, which appears to cause
+ ABI-incompatibilities (and therefore segfaults) for apache2
+ (closes: #259659).
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 19 Jul 2004 20:44:00 -0600
+
+php4 (4:4.3.8-1) unstable; urgency=low
+
+ * Adam Conrad <adconrad [at] 0c3>:
+ - New upstream release (4.3.8). Fixes several security issues:
+ + Fixed strip_tags() to correctly handle '\0' characters.
+ + Improved stability during startup when memory_limit is used.
+ + Replace alloca() with emalloc() for better stack protection.
+ + Added missing safe_mode checks inside ftok and itpc.
+ + Fixed address allocation routine in IMAP extension.
+ + Prevent open_basedir bypass via MySQL's LOAD DATA LOCAL.
+ + Fixes DoS in readfile() function, see CAN-2005-0596.
+ - php4-pear now includes PEAR::Mail 1.1.3 (closes: #257688)
+ - debian/control: change libpng3-dev build-dep to libpng12-dev
+ - Add Turkish debconf translation, thanks to Osman Yuksel.
+ (closes: #252940)
+
+ * Andres Salomon <dilinger [at] voxel>:
+ - New upstream release (4.3.7). The following patches are dropped:
+ 007-dba_fix.patch
+ 008-xbithack.patch
+ 011-curl_api_update.patch
+ 012-curl_deprecated_opts.patch.
+ - Add 013-force_getaddrinfo.patch, so that getaddrinfo support is
+ always enabled (instead of doing check during build).
+
+ * Steve Langasek <vorlon [at] debian>:
+ - Enumerate supported SAPIs in both the module postinst and the module
+ config script, to avoid "question not found" errors from debconf.
+ This doesn't give us automatic support for new SAPIs as they're
+ added, but it avoids trying to configure SAPIs that we don't support
+ (e.g., caudium), and it also sidesteps shell syntax errors caused by
+ strangely-named subdirectories.
+ - Remove apache2 from the TODO list, because it's done
+ (closes: #243793).
+ - Add /var/lib/php4 to the list of directories for the apache2 module,
+ so we don't end up with a missing session dir (closes: #240962).
+ - s/modules-config/apache-modconf/, now that the canonical name of the
+ apache-common tool has changed
+ - Drop references to php3 in README.Debian, and document the
+ simplified process for enabling php4 in apache 1.3 (closes: #244564).
+ - Enable large files support for all SAPIs (closes: #249500).
+ - Fix commented-out default include path in php.ini (closes: #250274).
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 14 Jul 2004 18:06:42 -0600
+
+php4 (4:4.3.4-4) unstable; urgency=low
+
+ * Drop apache2 work-around patch and add build-dep on apache2 2.0.48-8,
+ now that #228840 is fixed.
+ * Fix FTBFS problem caused by curl api changes, adding patches 011 and
+ 012 (closes: #239159).
+ * Add phpapi Provides for libapache2-mod-php4 (closes: #240386).
+ * Add versioned build-dep for pcre, as apache2 has proven that pcre-3.9
+ and older won't work (closes: #215069).
+ * Tighten build-dep versions to match upstream's autoconf version checks
+ (closes: #214060).
+
+ -- Andres Salomon <dilinger [at] voxel> Fri, 26 Mar 2004 23:27:27 -0500
+
+php4 (4:4.3.4-3) unstable; urgency=low
+
+ * Andres Salomon <dilinger [at] voxel>:
+ - Fix incorrect php.ini path in CLI manpage (closes: #233757).
+ - Add libapache2-mod-php4 module (closes: #214611).
+ * Updated Japanese debconf translation; thanks to Kenshi Muto
+ <kmuto [at] debian> (closes: #222424).
+ * Build php4-gd against libgd2-xpm, removing the need for a separate
+ php4-gd2 package (closes: #235390, #206045, #135664).
+ * Add new Catalan debconf translation; thanks to Aleix Badia i Bosch
+ <abadia [at] ica> (closes: #236630).
+ * Add new Spanish debconf translation; thanks to Carlos Valdivia
+ Yagüe <valyag [at] dat> (closes: #235052).
+
+ -- Steve Langasek <vorlon [at] debian> Sat, 28 Feb 2004 12:11:57 -0600
+
+php4 (4:4.3.4-2) unstable; urgency=low
+
+ * Add build-depends on autoconf, missed earlier (closes: #235012).
+ * Minor updates to README.Debian list of supported extensions.
+ * Fix integer size mismatch in snmp extension affecting 64-bit
+ platforms
+
+ -- Steve Langasek <vorlon [at] debian> Thu, 26 Feb 2004 22:25:27 -0600
+
+php4 (4:4.3.4-1) unstable; urgency=low
+
+ * New upstream version. Update local patch set accordingly, with help
+ from Andres Salomon <dilinger [at] voxel>.
+ - includes fix for snmpget() not closing its socket
+ (closes: #207363).
+ * Update build-depends to libdb4.2-dev, to match apache-dev
+ (closes: #231692).
+ * Drop translations of stale templates, and add new German debconf
+ translation; thanks to Alwin Meschede <ameschede [at] gmx>
+ (closes: #232270).
+ * Add new Danish debconf translation; thanks to Claus Hindsgaul
+ <claus_h [at] image> (closes: #233887).
+ * Move local patches into debian/patches/ for easier management, and
+ add debian/rules targets for build-time application of patches.
+ * Fix a problem with PHP "xbithack" causing ini scope leakage
+ (closes: #230047).
+ * Re-enable the openssl extension statically, since we now know for
+ sure that the php4-imap problems are a glibc bug (closes: #197450).
+ * Fix pear to set /usr/bin/php4 instead of /usr/bin/php for the value
+ of php_bin, so PEAR-managed scripts work correctly
+ (closes: #228381). In addition, use alternatives for /usr/bin/php
+ for the benefit of user scripts (closes: #185283).
+ * Set the default session save_path to /var/lib/php4 instead of to
+ /tmp, and create this directory such that all users (for php4-cgi)
+ can create files there and access their own files once created, but
+ not see the names of other files in the directory (closes: #139810).
+ * Drop our override of upstream's register_globals default
+ (closes: #230878).
+
+ -- Steve Langasek <vorlon [at] debian> Sat, 14 Feb 2004 10:23:24 -0600
+
+php4 (4:4.3.3-5) unstable; urgency=low
+
+ * Have php4-pear Suggest: php4-dev, for PECL extensions
+ (closes: #225969).
+ * Recompiled against the new version of libxslt, to get rid of the
+ dependency on libxsltbreakpoint (closes: #224806).
+ * Also recompiled against the new version of libc-client (closes: #227347).
+ * Fix pear to not expect to be able to twiddle locks when running as
+ non-root, which also seems to fix a memory utilization problem
+ (closes: #225026).
+ * Make php4-imap depend on libapache-mod-ssl, since this seems to be
+ the only reliable way of getting apache to stop segfaulting.
+ * Build-depend on libt1-dev, which replaces t1lib-dev.
+
+ -- Steve Langasek <vorlon [at] debian> Mon, 5 Jan 2004 22:53:18 -0600
+
+php4 (4:4.3.3-4) unstable; urgency=low
+
+ * Fix prerm script to remove mod_php4, *not* mod_perl, from the
+ config (Closes: #216889).
+ * Use /etc/$i/httpd.conf instead of /etc/$i to decide whether to
+ call modules-config.
+ * Don't invoke debconf unless we have to in the postinst, to reduce
+ the risk of interactions between modules-config and our questions.
+ * Add Dutch debconf translation; thanks to Tim Dijkstra
+ <tim [at] famdijkstra> (closes: #221439).
+ * Sync dba lock handling against upstream CVS HEAD, to fix a bug with
+ truncating db4 files when opening with 'c' (create).
+ (Closes: #221559).
+
+ -- Steve Langasek <vorlon [at] debian> Tue, 21 Oct 2003 16:49:03 -0500
+
+php4 (4:4.3.3-3) unstable; urgency=low
+
+ * Disable -gstabs on ia64, since this debugging symbol type is
+ apparently unknown there; we should now have clean builds (with
+ appropriate debugging symbols) on all archs.
+
+ -- Steve Langasek <vorlon [at] debian> Mon, 20 Oct 2003 19:07:40 -0500
+
+php4 (4:4.3.3-2) unstable; urgency=low
+
+ * Don't call db_stop in the postinst, as this seems to cause problems
+ for modules-config (closes: #215663, #215584).
+ * Remove duplicate -prefer-pic flag on caudium build, in hope of
+ making libtool do something sensible on ia64,hppa (closes: #216020).
+ * Always build with debugging symbols, per current policy.
+ * Unconditionally call dh_strip, which knows about DEB_BUILD_OPTIONS;
+ and call install -s when installing shared extensions by hand.
+ * Fix upstream build rules to not call libtool --silent.
+
+ -- Steve Langasek <vorlon [at] debian> Wed, 15 Oct 2003 23:19:55 -0500
+
+php4 (4:4.3.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * Add Japanese debconf translation; thanks to Kenshi Muto
+ <kmuto [at] debian> (closes: #211961).
+ * Fix caudium handling to always grab the current pike version from
+ dpkg when constructing include paths (closes: #212585).
+ * Bump the c-client build dependencies to use the new -dev package
+ name.
+ * Convert php4 postinst/prerm scripts to use the new apache
+ modules-config interface.
+
+ -- Steve Langasek <vorlon [at] debian> Sun, 21 Sep 2003 17:26:31 -0500
+
+php4 (4:4.3.2+rc3-6) unstable; urgency=low
+
+ * Add Brazilian Portuguese debconf translation; thanks to André Luís
+ Lopes <andrelop [at] debian> (closes: #207078).
+ * Catch debian/control up with debian/rules for the zendapi -> phpapi
+ transition.
+
+ -- Steve Langasek <vorlon [at] debian> Sun, 31 Aug 2003 20:35:57 -0500
+
+php4 (4:4.3.2+rc3-5) unstable; urgency=low
+
+ * Kill the lintian warning on the grammar in the copyright file.
+ * Redirect apacheconfig I/O to /dev/tty, to work around debconf
+ behavior (for real this time). Closes: #207468, #206404.
+ * Replace 'zendapi' with 'phpapi', since the former does not
+ accurately describe the ABI changes that affect modules and can
+ leave some packages installable but broken (closes: #208020). Also,
+ remove the versioned conflicts with php4-{mysql,pgsql}, since this
+ now supersedes.
+ * Add French debconf translation; thanks to Michel Grentzinger
+ <mic.grentz [at] online> (closes: #207662).
+
+ -- Steve Langasek <vorlon [at] debian> Sat, 23 Aug 2003 21:43:24 -0500
+
+php4 (4:4.3.2+rc3-4) unstable; urgency=low
+
+ * Have all php extensions automatically detect and configure for any
+ installed SAPIs (closes: #143436).
+ * Remove spurious dependencies from php4-dev, and replace autoconf2.13
+ with autoconf (closes: #180497).
+ * Conflict with old php4-pgsql as we do with php4-mysql, as it
+ manifests the same bug.
+ * Add preliminary rules for building apache2 SAPI, but don't enable.
+ * Call db_stop before trying to run apacheconfig (closes: #206404).
+ * Check for the existence of /etc/php4 before trying to rmdir it,
+ since there are apparently those who remove such directories
+ prematurely (closes: #206120).
+
+ -- Steve Langasek <vorlon [at] debian> Sun, 17 Aug 2003 00:19:38 -0500
+
+php4 (4:4.3.2+rc3-3) unstable; urgency=low
+
+ * Fixes for spurious package dependencies
+ * Fix the paths emitted by php-config, so we can build php4-pgsql et al.
+
+ -- Steve Langasek <vorlon [at] debian> Fri, 15 Aug 2003 23:44:55 -0500
+
+php4 (4:4.3.2+rc3-2) unstable; urgency=low
+
+ * Make sure pear.conf is properly marked as a conffile, by bumping
+ DH_COMPAT to 3.
+ * Generate all per-extension postinsts/prerms at build time, instead
+ of managing them by hand.
+ * Get rid of bogus, non-FHS directories from the caudium build.
+ * Install the upstream php manpage in the php4-cgi package
+ (closes: #175836).
+ * Prevent null dereferencing in ldap_explode_dn() (closes: #205405).
+ * Hard-code /usr/share/pear at the end of the include path, for
+ backwards compatibility.
+ * Debconf support for PHP extension registration, including
+ po-debconf support (closes: #122353).
+ * Fix interpreter path in /usr/bin/pear.
+ * Make php4-pear depends: php4-cgi (closes: #182393).
+
+ -- Steve Langasek <vorlon [at] debian> Wed, 13 Aug 2003 22:39:08 -0500
+
+php4 (4:4.3.2+rc3-1) unstable; urgency=low
+
+ * New upstream version.
+ - includes fix for buffer overflow crashes in imap module
+ (closes: #191640)
+ - includes fix for dysfunctional open_basedir directive
+ (closes: #197803)
+ - include fix for various XSS vulnerabilities (closes: #200736)
+ * Recompile against newest libc-client libs, following another soname
+ change (closes: #199049)
+ * Replace db2 with db4.
+ * Trim down the cgi sapi rules, since it will now build both cli and
+ cgi for us by default.
+ * Kludge the caudium sapi, by hard-coding the include path we need for
+ pike headers.
+ * Copy the lex/yacc-generated .c and .h files into the build
+ directories, since generating them at build time gives wildly
+ different, and undisputably broken, results.
+ * Update the install rules so they're compatible with current upstream
+ handling of pear and the various SAPIs.
+ * Add '=shared' to the --enable-xslt option, to get the right results
+ for that extension.
+ * Move PEAR extensions from /usr/share/pear to /usr/share/php.
+ * Conflict with php4-mysql=4:4.2.3-14, due to bizarre Zend errors.
+
+ -- Steve Langasek <vorlon [at] debian> Wed, 6 Aug 2003 22:43:28 -0500
+
+php4 (4:4.2.3-14) unstable; urgency=low
+
+ * Disable openssl extensions AGAIN. It appears that this double-linking mess
+ is still causing nasty segfaults.
+ (closes: #188014, #188025, #188058, #189202, #189653)
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 20 Apr 2003 17:31:59 -0600
+
+php4 (4:4.2.3-13) unstable; urgency=low
+
+ * Revert NET-SNMP patch and build php4-snmp against UCD-SNMP again
+ (closes: #185534)
+ * Build against libmm13, as libmm12 no longer exists (closes: #187401)
+ * Rebuild caudium-php4 against latest caudium-dev
+ * Re-enable openssl linking and functions, now that our glibc 2.3
+ problems appear to be ironed out.
+ * Enable xslt and exslt support in php4-domxml (closes: #172881)
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 3 Apr 2003 05:53:24 -0700
+
+php4 (4:4.2.3-12) unstable; urgency=low
+
+ * Rebuild php4-sybase against libct1 (closes: #184461)
+
+ -- Steve Langasek <vorlon [at] debian> Sat, 8 Mar 2003 20:03:33 -0600
+
+php4 (4:4.2.3-11) unstable; urgency=low
+
+ * Remove pike header location detection from debian/rules and do it
+ properly in sapi/caudium/config.m4, using pike7.2-config --version
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 3 Mar 2003 23:33:26 -0700
+
+php4 (4:4.2.3-10) unstable; urgency=low
+
+ * Added patch to build with NET-SNMP 5.x
+ * Updated build-dep for libc-client to 2003debian
+ (closes: #181565, #182854, #169886)
+ * Updated build-dep for libcurl to libcurl2-dev (closes: #179722)
+ * Added -mieee to alpha build to solve FPE errors (closes: #180656)
+ * Removed arch-specific logic to build with gcc-3.2 on arm, since gcc-3.2
+ is now the default compiler on all architectures.
+ * Add libwrap0-dev to the end of the build-depends to work around #183041.
+ Someone remember to remove this later when the bug is fixed. :)
+ * Build against newer libsablot0-dev (closes: #179886, #181550)
+ * Introduce ugly hack in debian/rules to get the pike includes
+ directory right for the caudium SAPI.
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 2 Mar 2003 12:49:07 -0700
+
+php4 (4:4.2.3-9) unstable; urgency=low
+
+ * Fix caudium-php4 to not conflict with php4-pear (closes: #175415).
+
+ -- Steve Langasek <vorlon [at] debian> Sun, 5 Jan 2003 16:40:20 -0600
+
+php4 (4:4.2.3-8) unstable; urgency=low
+
+ * Fix typo in debian/rules
+ * Rebuild to bring in sync with latest caudium packages
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 25 Dec 2002 20:00:59 -0700
+
+php4 (4:4.2.3-7) unstable; urgency=low
+
+ * Set a sane default for safe_mode_exec_dir (closes: #122920).
+ * Rebuild against libmm-dev on i386, instead of against the
+ no-longer-available libmm11-dev which Provides: the same
+ (closes: #173509).
+
+ -- Steve Langasek <vorlon [at] debian> Mon, 16 Dec 2002 22:48:40 -0600
+
+php4 (4:4.2.3-6) unstable; urgency=low
+
+ * Build with PEAR for all SAPIs, so that the built-in include_path is
+ set correctly (overkill?). Closes: #169786, #172321
+ * Change section of php4-dev package to devel.
+ * Add libkrb5-dev to build-depends, since libc-client2002-dev doesn't
+ pull it in (closes: #173313).
+ * Depend on coreutils instead of fileutils, since the latter is now an
+ empty package (closes: #171265).
+
+ -- Steve Langasek <vorlon [at] debian> Sun, 15 Dec 2002 23:20:30 -0600
+
+php4 (4:4.2.3-5) unstable; urgency=low
+
+ * Fix (snip, snip) the upstream build scripts, so that libphp4.so
+ isn't worthlessly linked against the problematic openssl libs
+ (closes: #165699, #165718, #165719, #166414).
+ * Update config.{sub,guess} so that the package builds on mips
+ platforms (closes #173218)
+ * Replace libc-client-ssl2001-dev with libc-client2002-dev in build
+ dependencies, fixing various php4-imap segfaults (closes: #169610,
+ #169769).
+
+ -- Steve Langasek <vorlon [at] debian> Sun, 15 Dec 2002 19:42:43 -0600
+
+php4 (4:4.2.3-4) unstable; urgency=low
+
+ * Remove build dependency on non-extant libmagick5-dev, which is no
+ longer used anyway (closes: #169829, #172402).
+ * Add myself to the Uploaders: field of the control file.
+
+ -- Steve Langasek <vorlon [at] debian> Sat, 14 Dec 2002 12:52:06 -0600
+
+php4 (4:4.2.3-3) unstable; urgency=low
+
+ * Backport a patch from CVS to sanitize control characters in php_url_parse()
+ to prevent ASCII control injection in fopen() calls.
+
+ -- Adam Conrad <adconrad [at] 0c3> Thu, 12 Sep 2002 16:29:46 -0600
+
+php4 (4:4.2.3-2) unstable; urgency=low
+
+ * I'm a moron (thanks to James Troup for pointing this out).
+ * Change gcc-3.1 references in debian/rules to gcc-3.2.
+ * Change GD build-dep to libgd-xpm-dev until GD package mess is worked out.
+
+ -- Adam Conrad <adconrad [at] 0c3> Tue, 10 Sep 2002 12:18:21 -0600
+
+php4 (4:4.2.3-1) unstable; urgency=low
+
+ * New upstream version
+ * Added a patch from Ginger Alliance to eliminate warnings in xslt compile
+ * Messed with the php4-imap build:
+ - compiling with SSL support (closes: #122700)
+ - commented out the static-on-i386 hack, libc-client is now linked dynamically
+ * Sessions should finally be fixed, however I won't tag the bugs "woody"
+ until I know for sure. (if you were affected, please test and send
+ followups to me)
+ * Updated arm build-dep to use gcc-3.2 since gcc-3.1 is gone now.
+
+ -- Adam Conrad <adconrad [at] 0c3> Tue, 10 Sep 2002 09:02:51 -0600
+
+php4 (4:4.2.2-3) unstable; urgency=low
+
+ * Fix typo resulting in php4-odbc not having a postinst
+ (closes: #157116, #157927)
+ * Build against latest caudium-dev to made caudium-php4 installable
+ again. (closes: #158247)
+ * Update build-deps to swap libpng3 for libpng2. (closes: #158908)
+
+ -- Adam Conrad <adconrad [at] 0c3> Sat, 7 Sep 2002 01:22:57 -0600
+
+php4 (4:4.2.2-2) unstable; urgency=low
+
+ * Pulled --with-ndbm out of ./configure, as libc6 no longer ships with
+ headers or the library for db1 (closes: #156141, #155889)
+ * Update build deps to build against libmm12 (closes: #155042)
+ * php4-curl no longer depends on libcurl2-ssl (closes: #155015)
+
+ -- Adam Conrad <adconrad [at] 0c3> Sat, 10 Aug 2002 01:12:47 -0600
+
+php4 (4:4.2.2-1) unstable; urgency=medium
+
+ * New upstream
+ * Fixes input validation vulnerability in rfc1867.c (closes: #153850)
+ * Added missing prerm/postinst for php4-xslt (oops)
+
+ -- Adam Conrad <adconrad [at] 0c3> Mon, 22 Jul 2002 11:58:53 -0600
+
+php4 (4:4.2.1-3) unstable; urgency=low
+
+ * Yet more build fixes. This time, bump the arm build-dep from gcc-3.0 to
+ gcc-3.1 to avoid compiler errors. I love the arm toolchain. No, really.
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 29 May 2002 17:40:30 -0600
+
+php4 (4:4.2.1-2) unstable; urgency=low
+
+ * Applied small patch to fix building on non-32-bit architectures
+ (closes: #148231)
+ * Added still /more/ documentation about the unserializer, sessions,
+ and the session.save_handler php.ini option.
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 26 May 2002 14:43:55 -0600
+
+php4 (4:4.2.1-1) unstable; urgency=low
+
+ * The "When is Debian going to have new software like XF^H^HPHP 4.2?" release.
+ * Probably the last update (barring huge packaging bugs or plain broken
+ binaries) before starting on a complete reorg of the PHP packages.
+ * Deserializer now works on big-endian architectures (addresses bug #121391
+ and probably others)
+ * This release probably fixes a whole bunch of bugs. Will be going through
+ the bug list and playing the reproducibility game after the upload.
+ * Default include_path in php.ini now set to include pear.
+ * Upstream default for register_globals HAS CHANGED. In the Debian php.ini
+ we are still using "register_globals = On" for compatibility reasons,
+ however our packages will change too. This is a warning for anyone
+ packaging PHP scripts and applications to make sure you'll be compatible
+ with the new default once it's set.
+
+ -- Adam Conrad <adconrad [at] 0c3> Sun, 26 May 2002 06:24:21 -0600
+
+php4 (4:4.1.2-4) unstable; urgency=high
+
+ * No binaries were harmed in the making up this upload.
+ * Updated README.Debian and changelog. All other files untouched,
+ as the binaries were merely unpacked and repacked.
+ - Added a note to README.Debian about how to properly set up
+ Apache for use with php4, if the installation didn't (and it usually
+ doesn't <sigh>) get it right.
+ - Added a note to README.Debian about the unserializer (and sessions)
+ being messed up on big endian architectures. It's too late to try
+ to get a proper fix in for this, so we're just going to have to cope.
+
+ -- Adam Conrad <adconrad [at] 0c3> Fri, 26 Apr 2002 12:27:40 -0600
+
+php4 (4:4.1.2-3.1) unstable; urgency=low
+
+ * The 'I broke it, I have to take credit for it' release.
+ * Rebuild the package to get proper binary dependencies on alpha.
+
+ -- Steve Langasek <vorlon [at] debian> Sun, 31 Mar 2002 17:13:09 -0600
+
+php4 (4:4.1.2-3) unstable; urgency=low
+
+ * Switched to --with-regex=php (from =system). This fixes all the
+ problems with eregi/parse_url/fopen/etc on Alpha.
+ * Cleaned up long descriptions (closes: #130977, #130954)
+
+ -- Adam Conrad <adconrad [at] 0c3> Wed, 27 Mar 2002 15:11:43 -0700
+
+php4 (4:4.1.2-2) unstable; urgency=low
+
+ * New maintainer (closes: #132980)
+ * Enabling unixodbc support (closes: #107201)
+ * Changed the install-modules target in build/rules_pear.mk so that
+ it will error out in the case of an empty modules directory or
+ failure to install modules (closes: #135304)
+
+ -- Adam Conrad <adconrad [at] 0c3> Tue, 12 Mar 2002 00:25:41 -0700
+
+php4 (4:4.1.2-1) unstable; urgency=high
+
+ * New upstream version with a security fix. This
+ supercedes 4.1.1-2.2 from Steve Langasek:
+ * Fix an error in the handling of MIME file upload headers, which left
+ open a potential security hole. (Closes: #136063)
+ * Fixed gcc-3.0 fix :-)
+ * Thanks for fixing apache-common fix
+ * This version should fix session bugs with upstream fix (closes: #133877)
+ * With a brutal change to main/SAPI.c try to fix(?) authorize bugs
+
+ -- Petr Cech <cech [at] debian> Thu, 28 Feb 2002 11:14:26 +0100
+
+php4 (4:4.1.1-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * loosen apache-common dependency to make us forwards-compatible, as
+ recommended by the apache maintainer.
+ * use gcc-3.0 when building on arm, because the default toolchain on
+ that arch has Issues (closes: #135906, #135913).
+
+ -- Steve Langasek <vorlon [at] debian> Tue, 26 Feb 2002 09:59:49 -0600
+
+php4 (4:4.1.1-2) unstable; urgency=medium
+
+ * Rebuild with apache 1.3.23.
+ * This package is in maintainer change mode. Though I orphaned it I'm not
+ going to change maintainer to QA, because we already have fresh blood.
+ * ext/gd/gd.c: s/HAVE_GD_GIF/HAVE_GD_GIF_CREATE/ to build correctly with
+ libgd which has GIF support (fixed included upstream)
+ * debian/control:
+ - Build-Depends: s/libgd1g-dev/libgd-dev/
+ also libc-client at least version 4:2001adebian-6 to fix some segfaults
+ * ext/standard/head.c: make the setcookie() thingie test more simple
+
+ -- Petr Cech <cech [at] debian> Mon, 11 Feb 2002 20:07:22 +0100
+
+php4 (4:4.1.1-1) unstable; urgency=high
+
+ * New upstream bugfix release.
+ * debian/control: php4-gd - Conflicts/Replaces: php4-gd2 if I ever get
+ to upload it
+ * debian/rules: Correctly supply modified CFLAGS to build process
+
+ -- Petr Cech <cech [at] debian> Fri, 28 Dec 2001 23:23:47 +0100
+
+php4 (4:4.1.0-2) unstable; urgency=low
+
+ * debian/php4-cgi.README.Debian: fix typo (closes: #123866)
+ * debian/rules: remove --enable-mbstr-enc-trans as it breaks parametr
+ parsing (closes: #121403)
+ * debian/README.Debian: document shmmax increase (closes: #119688)
+
+ -- Petr Cech <cech [at] debian> Fri, 14 Dec 2001 09:59:59 +0100
+
+php4 (4:4.1.0-1) unstable; urgency=high
+
+ * Finally final 4.1.0
+ * Urgency to reflect previous version
+ * debian/control: php4-pear depends on php4-cgi
+
+ -- Petr Cech <cech [at] debian> Thu, 13 Dec 2001 23:09:54 +0100
+
+php4 (3:4.1-2) unstable; urgency=high
+
+ * FIxes from CSV 4.1.0RC5. Looks like it was not the release after all.
+ * ext/exif/exif.c: MFH
+ * ext/ldap/ldap.c: small crash fix from HEAD
+ * and misc tiny changes. Really :-)
+ * ext/imap/php_imap.c: HIGH. fix from CVS (imap_rfc822_parse_adrlist) changing
+ the argument
+
+ -- Petr Cech <cech [at] debian> Sun, 9 Dec 2001 00:01:37 +0100
+
+php4 (3:4.1-1) unstable; urgency=medium
+
+ * Final 4.1.0 (not released)
+ * NEWS: s/4.0/4.1/
+ * Build with GD1. It should fix some GD bugs, as gd 2.0.1 is supposed to be
+ a beta version with known bugs. How should I know.
+ * sablot extension removed upstream. So use XSLT (C/R in place)
+ * Apply fix for file_exists() from tilo (closes: #114409)
+ * "Cannot redeclare" were fixed in previous RCs (closes: #112341)
+ * previous version is build in hppa and ia64, so I assume it
+ (closes: #115391)
+ * Add note to sybase_ct, that it conflicts with mod_gzip folowing a user
+ report.
+ * This should fix the "final HTML> stripped" bug that was introduced
+ in 4.0.6-3. (closes: #110415).
+ * add --enable-ucd-snmp-hack to try to fix segfaults with ucd-snmp
+
+ -- Petr Cech <cech [at] debian> Mon, 26 Nov 2001 14:56:50 +0100
+
+php4 (3:4.0.100-1) unstable; urgency=low
+
+ * Really a 4.1.0RC2
+ * Remove hack for apache 1.3.14, as we build-depends on 1.3.22 anyway
+ * Build-depends: libexpat1 (>= 1.95.2-2.1) for the .1
+ * Added Provides: zendapi-$version to php4 and php4-cgi
+ * Made modules depend on zendapi-$version instead of php4|php4-cgi.
+ Please use this in your php4-$module packages
+ * Apply c-client hack only to i386 most architectures don't support linking
+ both PIC and non-PIC code. I'm still affrai to do this on i386, as it
+ crashes a lot more :(
+ * Apply some CVS patches
+
+ -- Petr Cech <cech [at] debian> Wed, 14 Nov 2001 20:50:19 +0100
+
+php4 (3:4.0.99-4) unstable; urgency=medium
+
+ * Recompile because of new version of caudium.
+ (I really hope this gets into testing soon as php in testing
+ now doesn't do apache 1.3.22)
+
+ -- Petr Cech <cech [at] debian> Fri, 9 Nov 2001 11:11:46 +0100
+
+php4 (3:4.0.99-3) unstable; urgency=medium
+
+ * Recompile for new libexpat1 (closes: #116623 and others)
+ * upstream: ext/gd/gd.c, ext/iconv/iconv.c
+ * crypt(): defalt to using DES crypt() (closes: #117092)
+ * debian/rules: disable libmm in -cgi build. Will lesser the impact
+ of the infamous /tmp/session_mm.reg
+ * apply patch to Zend, which should fix the "cannot redeclare" error.
+ It's still a bug in your code though (use include_once). More changes
+ to this are comming (upstream).
+ * Add some documentation to sybase
+
+ -- Petr Cech <cech [at] debian> Mon, 22 Oct 2001 11:20:46 +0200
+
+php4 (3:4.0.99-2) unstable; urgency=low
+
+ * "Some days are just no good" release.
+ * Recompile with apache 1.3.22 from Incoming
+ * Deal with automake going to 1:1.4 and automake1.5
+
+ -- Petr Cech <cech [at] debian> Fri, 19 Oct 2001 15:02:00 +0200
+
+php4 (3:4.0.99-1) unstable; urgency=low
+
+ * This is really 4.1.0RC1, but ...
+ * Applied setcookie(), which is not in upstream yet
+
+ -- Petr Cech <cech [at] debian> Fri, 19 Oct 2001 12:05:20 +0200
+
+php4 (3:4.0.6.7rc3-3) unstable; urgency=medium
+
+ * Fix dependency in caudium-php4. Sorry for this
+
+ -- Petr Cech <cech [at] debian> Fri, 19 Oct 2001 11:28:07 +0200
+
+php4 (3:4.0.6.7rc3-2) unstable; urgency=medium
+
+ * Recompile with recent caudium/pike. Please, no new version so it can get
+ into testing :)
+ * debian/control: move php4-pear to suggests
+ * Fix setcookie() again. I really hate this bug
+ * Build-Depends: re2c - it's usually not needed, but if you make some
+ strange changes to the parser ...
+ * FIx automake 1.5 build problems (I hope)
+
+ -- Petr Cech <cech [at] debian> Thu, 18 Oct 2001 12:03:39 +0200
+
+php4 (3:4.0.6.7rc3-1) unstable; urgency=low
+
+ * New upstream test release.
+
+ -- Petr Cech <cech [at] debian> Fri, 5 Oct 2001 09:23:35 +0000
+
+php4 (3:4.0.6.7rc2-3) unstable; urgency=low
+
+ * "Let's try to fix some bugs" release.
+ * Add some patches: ldap (does this fix things?), pgsql,
+ domxml
+ * Build-Conflicts: automake (>= 1.5) for now
+
+ -- Petr Cech <cech [at] debian> Tue, 2 Oct 2001 10:55:23 +0200
+
+php4 (3:4.0.6.7rc2-2) unstable; urgency=low
+
+ * Enable recode extension (the library is LGPL) - shared
+ * Enable iconv extension - in main php4. Experimental
+ * Build-Depends: s/libgd-dev/libgd2-dev/
+ * Build-Depends: libxml2-dev (>= 2.4.2) (Closes: #112304)
+ and fix autoconf macros (Closes: #113980)
+ * Improve?? description of PEAR (Closes: #112432)
+
+ -- Petr Cech <cech [at] debian> Sat, 22 Sep 2001 10:37:42 +0200
+
+php4 (3:4.0.6.7rc2-1) unstable; urgency=medium
+
+ * 2nd release candidate
+ * ext/mbstring: fix compile (cp1252)
+ * ext/standard/url_scanner_ex: off by one
+ * WARNING: caudium builds with Zend Threading enabled, but other
+ modules don't. So you cannot safely use DSO with caudium
+ * Added some Build-Conflicts - with broken libmysqlclient
+ - with libtool 1.4b
+
+ -- Petr Cech <cech [at] debian> Mon, 10 Sep 2001 18:04:27 +0200
+
+php4 (3:4.0.6-6) unstable; urgency=medium
+
+ * The "Paul Hampson fixes release".
+ * Closed those atexit() bugs. Now to find out, how to make libtool link with
+ gcc instead of ld :((
+ * ext/standard/head.c: Fix setcookie("bla) (closes: #109524, #109697)
+ Thanks to Paul Hampson for finding the cause, though I've used another
+ fix - fixed changes in CVS made in -3 I think. Silly me to think, that
+ all "small" changes are fixes.
+ * libc-client2001 was fixed in -5, so add a (closes: #109202) here
+ * Conflicts: only with libtool 1.4b-{1,2,3}. libtool 1.4.1 is OK
+
+ -- Petr Cech <cech [at] debian> Sat, 1 Sep 2001 20:59:40 +0200
+
+php4 (3:4.0.6-5) unstable; urgency=low
+
+ * Recompile for libc-client2001 (I hope it doesn't break anything else)
+ And many other libraries.
+ * ATTENTION. php4 still doesn't work with autoconf 2.52 and thus libtool 1.4b!!
+ You have to get libtool 1.4 to be able to use phpize.
+
+ -- Petr Cech <cech [at] debian> Wed, 22 Aug 2001 23:26:08 +0200
+
+php4 (3:4.0.6-4) unstable; urgency=high
+
+ * Add pear/CODING_STANDARDS into php4-pear (fixes 105574. closed too early. sorry)
+ * Fix the nasty segfaults with mail(). That'll teach me taking upstream
+ changes without looking. Thanks Cvetan Ivanov for the correct fix (also upstream now)
+ (closes: #105686, #105878).
+
+ -- Petr Cech <cech [at] debian> Fri, 20 Jul 2001 23:07:30 +0200
+
+php4 (3:4.0.6-3) unstable; urgency=high
+
+ * ext/standard/mail.c: security fix
+ * debian/control: Build-Depends: libtool (>= 1.4)
+ * ext/curl/curl.c: fix typo
+ * ext/gd/config.m4: fix typo
+ * ext/mcrypt/mcrypt.c: upstream buffer overflow fix
+ * ext/mhash/mhash.c: upstream buffer overflow fix
+ * ext/pgsql/pgsql.c: fix
+ * ext/posix/config.m4: check for getpgid
+ * ext/sablot/sablot.c: fix leaks
+ * ext/standard/url* : fixes
+ * ext/sysvshm/sysvshm.c: fixes
+ * Zend/*: small fixes
+
+ -- Petr Cech <cech [at] debian> Fri, 13 Jul 2001 16:21:04 +0200
+
+php4 (3:4.0.6-2) unstable; urgency=low
+
+ * pear/Makefile.in: add IT_Error.php to installed files (closes: #103087)
+ * debian/control: - allow also libcurl-ssl-dev as Build-Depends (closes: #103618)
+ - libfreetype6-dev to Build-Depends
+ - add auto* suite to php4-dev depends (closes: #104199)
+ * debian/rules: - build gd module with freetype2 support
+ - move common ./configure flags to COMMON_CONFIG
+ - build with mbstring support
+
+ -- Petr Cech <cech [at] debian> Fri, 13 Jul 2001 08:22:02 +0200
+
+php4 (3:4.0.6-1) unstable; urgency=medium
+
+ * New upstream release.
+ * NOTE: new extension will probably be in another upload, to get this
+ into testing ...
+
+ -- Petr Cech <cech [at] debian> Mon, 25 Jun 2001 20:43:24 +0200
+
+php4 (3:4.0.5.6rc3-3) unstable; urgency=low
+
+ * The "I hate sablot release". Recompile with 0.60
+ * debian/php4-domxml.postrm: also fix the :: (closes: #101306)
+ * debian/rules: --enable-ctype - still EXPERIMENTAL!!! Bug upstream
+
+ -- Petr Cech <cech [at] debian> Mon, 18 Jun 2001 09:46:17 +0200
+
+php4 (3:4.0.5.6rc3-2) unstable; urgency=low
+
+ * ext/sablot/config.m4: link sablot.so with -lsablot, not main php4
+ * build/ ... : upstream fix for building with automake 1.4-pX
+ * don't fail, when libssl-dev is not installed. sigh
+
+ -- Petr Cech <cech [at] debian> Thu, 14 Jun 2001 23:36:34 +0200
+
+php4 (3:4.0.5.6rc3-1) unstable; urgency=low
+
+ * New upstream test release.
+ * Recompile with apache 1.3.20
+ * debian/control:
+ - php4-dev: Depends: bison, flex (closes: #100634)
+ - Build-Depends: libcurl-dev (>=7.8)
+ * debian/rules:
+ - add --enable-bcmath to all rules (closes: #100491)
+ * Zend/zend.c: apply upstream fix to allow building of caudium
+
+ -- Petr Cech <cech [at] debian> Tue, 12 Jun 2001 22:27:26 +0200
+
+php4 (3:4.0.5.6rc2-1) unstable; urgency=low
+
+ * New upstream test release.
+ * FIx regex/regex.h (int regoff_t)
+ * fix php4-cgi build with pcre - don't use supplied pcre
+ * Fix wddx support (closes: #99468)
+ * Add missing $(INSTALL_ROOT) to sapi/caudium/config.m4
+
+ -- Petr Cech <cech [at] debian> Fri, 8 Jun 2001 11:37:07 +0200
+
+php4 (3:4.0.5.6rc1-1) unstable; urgency=low
+
+ * New upstream test release with new bugs :))
+ * moved pear from /usr/lib/php4 to /usr/share/php4
+ * Whups. Sorry about the epoch 3: . It somehow slipped in, so I'll
+ have to live with it
+
+ -- Petr Cech <cech [at] debian> Wed, 16 May 2001 14:14:04 +0200
+
+php4 (3:4.0.5-2) unstable; urgency=low
+
+ * Build-Depend on newer libmhash-dev, as it supposedly doesn't
+ compile on current woody (closes: #96555)
+ * Build-Depends: s/freetype2/libttf-dev/
+ * Stop building php4-pgsql - move to non-US
+ * Build-Deps on new libsablot0
+
+ -- Petr Cech <cech [at] debian> Thu, 10 May 2001 10:43:02 +0200
+
+php4 (3:4.0.5-1) unstable; urgency=medium
+
+ * New upstream release.
+ * recompile with new sablot - how I hate this (closes: #95401)
+ * Merge XML into main php4
+ * Reword README.Debian (closes: #89667)
+ * Enable wddx
+ * debian/*.postinst: * only ask upon first install, not upgrade (closes: #93452)
+ * fix typos (closes: #94118)
+ * Added support for Sybase/MS SQL Server (using FreeTDS)
+ using patch from:
+ http://rpms.arvin.dk/php/source/patches/php-sybase_ct.patch
+ thanks to Bradley Bell <btb [at] debian> for the patch
+ * ext/pcre : two upstream fixes
+ * ext/sablot/sablot.c: small upstream fix
+ * build/buildcheck.sh : fixes to allow compile with libtool 1.4
+ * ext/standard/exec.c: upstream fixes
+ * sapi/apache/mod_php4.c: off by one fix
+ * sapi/cgi/cgi_main.c: fix POST bug
+ * main/snprintf.c: upstream fix
+
+ -- Petr Cech <cech [at] debian> Wed, 3 May 2001 22:17:10 +0200
+
+php4 (4.0.4.5rc6-2) unstable; urgency=low
+
+ * Build-depends: libcurl-dev will pull libcurl2 (closes: #92994)
+ * TSRM/TSRM.c: upstream fix
+ * ext/pgsql: upstream fix
+
+ -- Petr Cech <cech [at] debian> Thu, 5 Apr 2001 17:51:09 +0200
+
+php4 (4.0.4.5rc6-1) unstable; urgency=low
+
+ * New upstream test release.
+ * Don't mention CGI support, as it's not so for a long time.
+
+ -- Petr Cech <cech [at] debian> Wed, 4 Apr 2001 13:47:45 +0200
+
+php4 (4.0.4.5rc5-1) unstable; urgency=low
+
+ * New upstream test release.
+ * ask about /etc/php4/cgi/php.ini also
+ * It's really recompiled for 1.3.19 (closes: #91901, #91822)
+ * problems with modules documented (closes: #81141, #82611)
+
+ -- Petr Cech <cech [at] debian> Mon, 2 Apr 2001 09:38:16 +0200
+
+php4 (4.0.4.5rc3-1) unstable; urgency=low
+
+ * New upstream RC release
+ * debian/rules: s/with-yp/enable-yp/ to really enable YP support. Discovered
+ on broken potato upload. -0potato2 is fixed
+ * Looks like there was a bug in latest build, this should fix it (closes: #92018)
+ * remove libmcal0 workaround
+
+ -- Petr Cech <cech [at] debian> Wed, 28 Mar 2001 21:15:36 +0200
+
+php4 (4.0.4.5rc2-1) unstable; urgency=low
+
+ * New upstream release test release 4.0.5RC2.
+ * debian/rules: Add lintian overrides
+ * debian/control: * add libexpat1-dev to Build-Depends
+ * add libmcal0 to Build-Depends since libmcal0-dev is
+ missing this dependancy :(( Bug filled
+ * ext/socket/socket.c: minor upstream patch
+
+ -- Petr Cech <cech [at] debian> Mon, 26 Mar 2001 20:43:49 +0200
+
+php4 (4.0.4pl1-6) unstable; urgency=low
+
+ * NEVER RELEASED
+ * Build-depends on libcurl1-dev (>= 7.6.1-5), which fixes the libcurl1 or
+ libcurl1-ssl problem.
+ * remove dh_testversion and use versioned Build-depends instead
+
+ -- Petr Cech <cech [at] debian> Tue, 13 Mar 2001 23:20:58 +0100
+
+php4 (4.0.4pl1-5) unstable; urgency=low
+
+ * Add lintian overrides
+ * Rebuild with correct libgd-dev installed. Sorry
+ (closes: #88490, #88255, #88371, #88619, #88635)
+ * Closed by fixed libjpeg (closes: #85865, #88141)
+
+ -- Petr Cech <cech [at] debian> Tue, 6 Mar 2001 17:26:41 +0100
+
+php4 (4.0.4pl1-4) unstable; urgency=low
+
+ * The "Enable what you can" release.
+ * Enable sablot extension (many files) (closes: #84073)
+ * Enable mcal extension (finaly closes: #65688, #85925)
+ * Build-Conflicts: bind-dev - this supposedly causes unresolved symbols.
+ Why?
+ * ext/pgsql/pgsql.c: apply tiny patch, which should fix postgres
+ problems. There is a better patch in CVS, but it needs changes to Zend
+ * pear/pear.in: binary is php4 no php (closes: #87848)
+ * ext/domxml/config.m4: link with -lxml2 (closes: #87457)
+ * debian/README.Debian: add notes about ldap, imap and mhash extensions
+ * debian/{control,rules}: activate bz2 extension
+ * php4.ini-dist: comment out include_path so php will use compiled in
+ path (closes 2nd part of 87848)
+
+ -- Petr Cech <cech [at] debian> Wed, 28 Feb 2001 10:18:11 +0100
+
+php4 (4.0.4pl1-3) unstable; urgency=medium
+
+ * Fixed postrm issues. Sorry
+
+ -- Petr Cech <cech [at] debian> Sun, 4 Feb 2001 06:13:00 +0100
+
+php4 (4.0.4pl1-2) unstable; urgency=medium
+
+ * debian/control: Build-depends: xlibs-dev (seems it's missing and causes
+ failed builds for arm, m68k and powerpc)
+ s/libsnmp4.1/libsnmp4.2/ (closes: #84139)
+ * debian/php4.*: make LoadModule matching case insensitive (fixes 83641
+ for unstable)
+
+ -- Petr Cech <cech [at] debian> Wed, 31 Jan 2001 10:14:29 +0100
+
+php4 (4.0.4pl1-1) unstable; urgency=high
+
+ * New upstream version.
+ * This release fixes some security problems.
+ * Some patches from previous versions are not here.
+ * debian/control: Build-depends on newer libcurl1-dev, remove librecode-dev
+ * debian/control: add libjpeg62-dev to build-depends from powerpc buildlog
+ (hmm. Where ir Roman?)
+ * debian/php4{,-cgi}.postinst: don't mark php.ini as conffile and install it
+ when it doesn't already exist. I should find a way to check, that the default
+ php.ini changed and user should update it.
+ * debian/php4{,-cgi}.postrm: cleanup the /etc/php4 dir after purge
+ * fix xml.so not working with php4-cgi
+
+ -- Petr Cech <cech [at] debian> Thu, 23 Jan 2001 11:12:59 +0100
+
+php4 (4.0.4final-6) unstable; urgency=medium
+
+ * OK. Now also fix the prerm issues (closes: #81418) and to ease
+ that thanks for submiting bugs (closes: #81818, #81819)
+ * some upstream updates: browsercap, php-config
+
+ -- Petr Cech <cech [at] debian> Wed, 10 Jan 2001 14:04:19 +0100
+
+php4 (4.0.4final-5) unstable; urgency=medium
+
+ * OK. Take a deep breath and fix those bloody postinst
+ bugs - fix it and rewrite from ed -> sed, because ed is not essential :(
+ closes: #80801.
+ * apply some upstream fixes.
+ * disable ctype extension - not yet ready
+
+ -- Petr Cech <cech [at] debian> Tue, 2 Jan 2001 13:40:35 +0100
+
+php4 (4.0.4final-4) unstable; urgency=low
+
+ * debian/libc-client.la: add -lpam -ldl -lcrypt
+ * fix php4-cgi.postinst bugs (closes: #80817, #80805, #80801)
+
+ -- Petr Cech <cech [at] debian> Fri, 29 Dec 2000 11:40:43 +0100
+
+php4 (4.0.4final-3) unstable; urgency=low
+
+ * Brown Xmas Sock Release
+ * Grr. correctly fix the php4 postinst error
+ (closes: #80303, #80324, #80326, #80359)
+ NMU by Wichert Akkerman (closes: #80381)
+ * also fix php4-cgi. NMU by Marcelo E. Magallon
+ (closes: #80406).
+ * fix fix for php4-cgi postinst s/apache/cgi/
+ * apply some upstream fixes to ext/session/
+ * domxml/config.m4: fix my -Lshared,/usr/lib error
+ * debian/rules:
+ * add --enable-ctype to both targets
+ * --diable-pear to CGI target
+ * generate Depends: php4 (=ver) | php4-cgi (=ver)
+
+ -- Petr Cech <cech [at] debian> Wed, 27 Dec 2000 15:29:56 +0100
+
+php4 (4.0.4final-2) unstable; urgency=low
+
+ * Run apacheconfig with --force-modules.
+ * Fix stupid bug in php4 and php4-cgi postinst.
+ * ext/sysvshm/sysvshm.c : upstream fix
+
+ -- Petr Cech <cech [at] debian> Thu, 21 Dec 2000 22:58:27 +0100
+
+php4 (4.0.4final-1) unstable; urgency=low
+
+ * New upstream version.
+ * Sorry for the version, but da-katie doesn't allow overwriting of files, notably
+ .orig.tar.gz. It's my fault I know, but it worked till now.
+
+ -- Petr Cech <cech [at] debian> Wed, 20 Dec 2000 01:32:34 +0100
+
+php4 (4.0.4-0RC6.1) unstable; urgency=low
+
+ * OK. Final final RC for 4.0.4.
+ * Build-depends on libxml2-dev (>= 2.2.7) because php needs this.
+ * Activate ndbm dba driver.
+
+ -- Petr Cech <cech [at] debian> Sun, 17 Dec 2000 19:43:51 +0100
+
+php4 (4.0.4-0RC5.1) unstable; urgency=low
+
+ * UNRELEASED.
+ * Final RC for 4.0.4.
+ * Some mods to README.Debian and TODO
+
+ -- Petr Cech <cech [at] debian> Wed, 13 Dec 2000 00:01:08 +0100
+
+php4 (4.0.4-0RC4.1) unstable; urgency=low
+
+ * New upstream beta release. Let's stabilize things now and add new
+ modules after final release of 4.0.4.
+
+ -- Petr Cech <cech [at] debian> Thu, 7 Dec 2000 10:12:11 +0100
+
+php4 (4.0.4-0RC3.2) unstable; urgency=low
+
+ * recompile with new libc-client200-dev.
+ * fix source recompile
+ * depend on fixed apache 1.3.14-2
+
+ -- Petr Cech <cech [at] debian> Thu, 7 Dec 2000 00:49:14 +0100
+
+php4 (4.0.4-0RC3.1) unstable; urgency=low
+
+ * New upstream beta release.
+ * Add libxml2-dev to build-depends (closes: #78479).
+ * implement DEB_BUILD_OPTIONS
+ * fix apache build wrt. apxs
+ * fix typo in description of curl modules (closes: #78828)
+
+ -- Petr Cech <cech [at] debian> Tue, 5 Dec 2000 14:22:30 +0100
+
+php4 (4.0.3pl1-7) unstable; urgency=low
+
+ * Rebuild with apache 1.3.14-1
+
+ -- Petr Cech <cech [at] debian> Fri, 1 Dec 2000 01:41:41 +0100
+
+php4 (4.0.3pl1-6) unstable; urgency=low
+
+ * add --enable-memory-limit
+ * add --enable-exif per request from William Ono.
+ * Add Suggests: phpdoc (yes. it's here).
+ * ext/standard/crypt.c - fix from CVS.
+ * ext/ftp/ftp.{c,h} - fix mkdir() and RETR, STOR
+ * ext/gd/gd.c - add format string
+ - add XBM to phpinfo()
+ * ext/imap/php_imap.{c,h} - CVS fixes
+ * main/main.c - fix CGI crash
+ - add HTTP_SERVER_VARS in CGI mode
+ * and many more. Taken from php4.srpm (thanks :))
+ * recompile with apache 1.3.12-2.2
+ * and hack large files support into DSO module. php4 doesn't use it now :((
+
+ -- Petr Cech <cech [at] debian> Thu, 30 Nov 2000 00:01:39 +0100
+
+php4 (4.0.3pl1-5) unstable; urgency=low
+
+ * Back out changes about --enable-versioning
+ * ext/domxml/php_domxml.c : fix compilation with recent libxml2 (>=2.2.7)
+
+ -- Petr Cech <cech [at] debian> Tue, 21 Nov 2000 18:03:56 +0100
+
+php4 (4.0.3pl1-4) unstable; urgency=low
+
+ * Clarify README.Debian about the DB change a bit (dbm_ -> dba_*)
+ * Remove aliasing hack - deprecated upstream. (closes: #76558)
+ * Compile with libgd-dev again (Write 100x always reinstall libgd-dev).
+ * --enable-versioning and tweak debian/control a bit, let's see, what breaks
+
+ -- Petr Cech <cech [at] debian> Tue, 14 Nov 2000 10:00:54 +0100
+
+php4 (4.0.3pl1-3) unstable; urgency=low
+
+ * Activate curl module.
+ * Really enable shmop module.
+ * Fix include paths in phpize. Now everyone should be able to easilly build
+ php4 extension modules (php4-dbase anyone?).
+
+ -- Petr Cech <cech [at] debian> Mon, 6 Nov 2000 23:17:41 +0100
+
+php4 (4.0.3pl1-2) unstable; urgency=low
+
+ * Build with libgd-dev installed (NOT libgd-gif).
+
+ -- Petr Cech <cech [at] debian> Tue, 17 Oct 2000 02:08:36 +0200
+
+php4 (4.0.3pl1-1) unstable; urgency=medium
+
+ * New upstream bugfix release.
+ * Depend on libopenldap1 as with the newer ldap module crashes php&apache.
+
+ -- Petr Cech <cech [at] debian> Mon, 16 Oct 2000 15:30:55 +0200
+
+php4 (4.0.3-2) unstable; urgency=high
+
+ * Urgency=high because last upload didn't have it ad it fixes some
+ security holes.
+ * ext/domxml/config.m4: don't try to build then --without-domxml
+
+ -- Petr Cech <cech [at] debian> Thu, 12 Oct 2000 12:50:17 +0200
+
+php4 (4.0.3-1) unstable; urgency=low
+
+ * New upstream release.
+ - fixes also some string format bugs
+ * Build with fixed libmysqlclient10-dev.
+
+ -- Petr Cech <cech [at] debian> Thu, 12 Oct 2000 00:00:07 +0200
+
+php4 (4.0.2-7) unstable; urgency=low
+
+ * Really, really install libldap2-dev.
+ * Workaround broken libmysqlclient9-dev. It has broken (again) .so symlink.
+
+ -- Petr Cech <cech [at] debian> Tue, 10 Oct 2000 22:28:48 +0200
+
+php4 (4.0.2-6) unstable; urgency=low
+
+ * Again fix description a little bit.
+ * Correct build-depends.
+ * Sic. Recompile, because I've busted (libopenldap-dev instead of
+ libldap2-dev was installed).
+ * While at it install also new apache glibc NMU and recompile with it.
+ * Move PEAR from php4-dev to php4 and install ALL of PEAR.
+ * add --prefix=/usr
+ * debhelper v2
+ * prepare for CURL module
+ * Updated README.Debian
+ * updated XML module from php4 CVS to close: #72360
+
+ -- Petr Cech <cech [at] debian> Mon, 2 Oct 2000 14:36:35 +0200
+
+php4 (4.0.2-5) unstable; urgency=low
+
+ * Correct build-depends (libgd1-dev -> libgd-dev). Where is Roman? :)
+ * Add libdb2-dev (>= 2:2.7.7-2.1) to build-depends for glibc 2.1.94.
+ * and recompile with glibc 2.1.94 to fix it.
+
+ -- Petr Cech <cech [at] debian> Wed, 27 Sep 2000 09:00:27 +0200
+
+php4 (4.0.2-4) unstable; urgency=low
+
+ * Tweak description a little bit more.
+
+ -- Petr Cech <cech [at] debian> Sun, 24 Sep 2000 23:58:15 +0200
+
+php4 (4.0.2-3) unstable; urgency=low
+
+ * Add info about what modules and why are enabled/disabled
+ into README.Debian.
+ * Install not so many docs (only in -dev now).
+ * Enable calendar and sockets modules.
+ * Rearange package descriptions so module-specific comments
+ go first.
+ * Create domxml module aka xmlv2.
+ * Fix spelling wan't -> want (closes: #70544).
+ * Add libraries for gd module only when linking this one
+ and not globaly (closes: #71623).
+ * Say that we wait for ENTER (closes: #71769).
+ * Fix logic in prerm script (closes: #71770).
+
+ -- Petr Cech <cech [at] debian> Sun, 24 Sep 2000 17:54:52 +0000
+
+php4 (4.0.2-2) unstable; urgency=low
+
+ * Add info about what modules and why are enabled/disabled
+ into README.Debian.
+ * Install not so many docs (only in -dev now).
+ * Enable calendar and sockets modules.
+ * Rearange package descriptions so module-specific comments
+ go first.
+ * Create domxml module aka xmlv2.
+ * Fix building (small typo).
+ * Compile with libmysqlclient9-dev installed.
+
+ -- Petr Cech <cech [at] debian> Mon, 18 Sep 2000 23:46:40 +0200
+
+php4 (4.0.2-1) unstable; urgency=low
+
+ * The "Back from vacation" release.
+ * New upstream fixed (and bugs).
+ * Correct postm script (only cosmetic) closes: #67350, #68541
+ * build with libpcre3, libldap2
+ * Use modified patch from -3 (remove #define XML_... php_XML_...)
+
+ -- Petr Cech <cech [at] debian> Thu, 7 Sep 2000 23:17:59 +0200
+
+php4 (4.0.1pl2-3) unstable; urgency=low
+
+ * UNRELEASED
+ * Fixed the XML packages.
+
+ -- Norman Jordan <njordan [at] home> Thu, 10 Aug 2000 21:45:15 +0000
+
+php4 (4.0.1pl2-2) unstable; urgency=low
+
+ * Fix source archive.
+
+ -- Petr Cech <cech [at] debian> Tue, 11 Jul 2000 11:04:48 +0000
+
+php4 (4.0.1pl2-1) unstable; urgency=low
+
+ * New upstream bug fix release (variation of the patches in -2)
+ * Build with new libgd1 library (maybe still in Incoming)
+ * Move PEAR stuff to php4 package (closes: #66897).
+
+ -- Petr Cech <cech [at] debian> Sun, 9 Jul 2000 09:01:06 +0000
+
+php4 (4.0.1-2) unstable; urgency=low
+
+ * Apply some CVS diffs in an attempt to fix opendir() problems.
+
+ -- Petr Cech <cech [at] debian> Fri, 30 Jun 2000 09:04:24 +0000
+
+php4 (4.0.1-1) unstable; urgency=low
+
+ * New upstream release (taken from CVS tag php_4_0_1).
+ * --with-regex=system else it plays havoc. Dunno why ...
+ * remove autoconf,automake,aclocal from configure rules.
+ * Fix description of XML --help message (no, it's not MySQL).
+
+ -- Petr Cech <cech [at] debian> Wed, 28 Jun 2000 22:55:16 +0200
+
+php4 (4.0.0-4) unstable; urgency=low
+
+ * Add -dev package (closes: #65907).
+ * Add -cgi and -cgi-* packages (closes: #51097, #52855).
+ * --enable-filepro
+ * Tweak copyright file a bit.
+ * Generate mhash module (closes part of 63186).
+ * Ask to remove libphp4 from httpd.conf upon remove/purge.
+ * Fixed build-depends, thanks to Roman Hodek (closes: #65938).
+ (I told you the first time it won't work :))
+ * Mark /etc/php4/cgi/php.ini as conffile.
+ * Every module now ask if it should be enabled on install
+ (if it's not already) and disabled on remove/purge.
+
+ -- Petr Cech <cech [at] debian> Tue, 20 Jun 2000 14:29:01 +0200
+
+php4 (4.0.0-3) unstable; urgency=low
+
+ * Ship correct php.ini (extension_dir=/usr/lib/php4/apache).
+ * Don't use included libmysqlclient and use system one (fixes
+ wrong location of mysqld.sock)
+ * link XML module dynamicly with system xmlparse and xmltok.
+
+ -- Petr Cech <cech [at] debian> Wed, 14 Jun 2000 22:30:07 +0000
+
+php4 (4.0.0-2) unstable; urgency=low
+
+ * fix the IS_SLASH bug (closes: #65625 and probably others as well).
+ * Really change the maintainer field.
+
+ -- Petr Cech <cech [at] debian> Wed, 14 Jun 2000 07:44:05 +0000
+
+php4 (4.0.0-1) unstable; urgency=low
+
+ * New maintainer.
+ * New upstream release.
+ * Fix dynamic module loading.
+ * Added Build-Depends (I wonder, if I got them right)
+ * Standards-Version: 3.1.1
+
+ -- Petr Cech <cech [at] debian> Tue, 13 Jun 2000 13:40:56 +0000
+
+php4 (4.0rc1-2) unstable; urgency=low
+
+ * Compile with latest apache and libraries from woody
+ (Closes: #62631, #62640)
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Wed, 19 Apr 2000 14:39:25 +0200
+
+php4 (4.0rc1-1) unstable; urgency=low
+
+ * New upstream version
+ * Fix db2 support (Closes: #61709)
+ * Fix gd support (Closes: #61708)
+ * Remove ucd-snmp-hack from config options
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Sun, 16 Apr 2000 17:04:05 +0200
+
+php4 (4.0b4pl1-2) unstable; urgency=low
+
+ * Build with --disable-debug so it should work with the zend
+ optimizer (Closes: #60265)
+ * Build with --enable-trans-sid (Closes: #60430)
+ * Write some more about php4/php3 differences in the description
+ (Closes: #60155)
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Fri, 17 Mar 2000 17:35:29 +0100
+
+php4 (4.0b4pl1-1) unstable; urgency=low
+
+ * New upstream version
+ * Upstream reorganized the build system quite a bit, lots of patches
+ removed
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Wed, 23 Feb 2000 17:16:00 +0100
+
+php4 (4.0b3-4) unstable; urgency=low
+
+ * Add /etc/php4/apache/php.ini to conffiles (Closes: #54194)
+ * Add info file for apacheconfig
+ * Offer to run apacheconfig and/or apache-sslconfig in postinst
+ * Comment out sendmail_path from php.ini so the default sendmail path
+ should work (Closes: #51355)
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Thu, 6 Jan 2000 14:38:20 +0100
+
+php4 (4.0b3-3) unstable; urgency=low
+
+ * Compile with libgd instead of libgd-gif
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Tue, 4 Jan 2000 18:07:56 +0100
+
+php4 (4.0b3-2) unstable; urgency=low
+
+ * Build imap and ldap modules
+ * Fix rm -f in rules file (Closes: #51623)
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Mon, 3 Jan 2000 16:54:19 +0100
+
+php4 (4.0b3-1) unstable; urgency=low
+
+ * Initial Release.
+
+ -- Gergely Madarasz <gorgo [at] sztaki> Tue, 16 Nov 1999 19:33:42 +0100
+

Added: trunk/debs/php5/debian/compat
===================================================================
--- trunk/debs/php5/debian/compat (rev 0)
+++ trunk/debs/php5/debian/compat 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1 @@
+4

Added: trunk/debs/php5/debian/control
===================================================================
--- trunk/debs/php5/debian/control (rev 0)
+++ trunk/debs/php5/debian/control 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,333 @@
+Source: php5
+Section: web
+Priority: optional
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss [at] lists>
+XSBC-Original-Maintainer: Debian PHP Maintainers <pkg-php-maint [at] lists>
+Uploaders: Adam Conrad <adconrad [at] 0c3>, Steve Langasek <vorlon [at] debian>, Jeroen van Wolffelaar <jeroen [at] wolffelaar>, Ondřej Surý <ondrej [at] debian>, sean finney <seanius [at] debian>
+Build-Depends: apache2-prefork-dev (>= 2.0.53-3), autoconf, automake1.4, bison, chrpath, debhelper (>= 3), flex (>= 2.5.4), freetds-dev, libapr1-dev (>= 1.2.7-8), libbz2-dev (>= 1.0.0), libcurl4-openssl-dev | libcurl-dev, libdb-dev, libedit-dev (>= 2.9.cvs.20050518-1), libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd2-xpm-dev (>= 2.0.28-3), libgmp3-dev, libjpeg62-dev, libkrb5-dev, libldap2-dev, libmhash-dev (>= 0.8.8), libmysqlclient15-dev, libncurses5-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng12-dev, libpq-dev | postgresql-dev, libpspell-dev, librecode-dev, libsasl2-dev, libsnmp-dev, libsqlite0-dev, libssl-dev (>= 0.9.6), libt1-dev, libtidy-dev, libtool (>= 1.4.2-4), libwrap0-dev, libxmltok1-dev, libxml2-dev (>= 2.4.14), libxslt1-dev (>= 1.0.18), quilt, re2c, unixodbc-dev, zlib1g-dev (>= 1.0.9)
+Build-Conflicts: bind-dev
+Standards-Version: 3.7.2
+
+Package: php5
+Architecture: all
+Depends: libapache2-mod-php5 (>= ${source:Version}) | php5-cgi (>= ${source:Version}), php5-common (>= ${source:Version})
+Description: server-side, HTML-embedded scripting language (meta-package)
+ This package is a meta-package that, when installed, guarantees that you
+ have at least one of the four server-side versions of the PHP5 interpreter
+ installed. Removing this package won't remove PHP5 from your system, however
+ it may remove other packages that depend on this one.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write dynamically
+ generated pages quickly.
+ .
+ Homepage: http://www.php.net/
+
+Package: php5-common
+Architecture: any
+Depends: sed (>= 4.1.1-1)
+Provides: php5-json
+Conflicts: php5-json
+Description: Common files for packages built from the php5 source
+ This package contains the documentation and example files relevant to all
+ the other packages built from the php5 source.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write dynamically
+ generated pages quickly.
+ .
+ Homepage: http://www.php.net/
+
+Package: libapache2-mod-php5
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support (>= 2.03-1), ${apache2:Depends}, php5-common (= ${binary:Version}), libmagic1, ucf
+Conflicts: libapache2-mod-php4
+Provides: ${php:Provides}
+Suggests: php-pear
+Description: server-side, HTML-embedded scripting language (apache 2 module)
+ This package provides the PHP5 module for the Apache 2 webserver (as
+ found in the apache2-mpm-prefork package). Please note that this package
+ ONLY works with Apache's prefork MPM, as it is not compiled thread-safe.
+ .
+ ${php:Extensions}
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write dynamically
+ generated pages quickly.
+ .
+ Homepage: http://www.php.net/
+
+Package: php5-cgi
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support (>= 2.03-1), php5-common (= ${binary:Version}), libmagic1, ucf
+Provides: ${php:Provides}
+Conflicts: php3 (<= 3.0.18-1)
+Suggests: php-pear
+Description: server-side, HTML-embedded scripting language (CGI binary)
+ This package provides the /usr/lib/cgi-bin/php5 CGI interpreter built
+ for use in apache 2 with mod_actions, or any other CGI httpd that
+ supports a similar mechanism. Note that MOST apache users probably
+ want the libapache2-mod-php5 package.
+ .
+ ${php:Extensions}
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write dynamically
+ generated pages quickly.
+ .
+ Homepage: http://www.php.net/
+
+Package: php5-cli
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, mime-support (>= 2.03-1), php5-common (= ${binary:Version}), libmagic1, ucf
+Provides: ${php:Provides}
+Conflicts: php3 (<= 3.0.18-1)
+Suggests: php-pear
+Description: command-line interpreter for the php5 scripting language
+ This package provides the /usr/bin/php5 command interpreter, useful for
+ testing PHP scripts from a shell, or perhaps even performing general
+ shell scripting tasks, if you're frightened of perl and python.
+ .
+ ${php:Extensions}
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write dynamically
+ generated pages quickly.
+ .
+ Homepage: http://www.php.net/
+
+Package: php5-dev
+Depends: autoconf, automake1.4, libssl-dev, libtool, shtool, php5-common (>= ${binary:Version})
+Section: devel
+Architecture: any
+Description: Files for PHP5 module development
+ This package provides the files from the PHP5 source needed for compiling
+ additional modules.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php-pear
+Architecture: all
+Depends: php5-cli | php4-cli, php5-common (>= ${source:Version})
+Recommends: gnupg
+Suggests: php5-dev | php4-dev
+Replaces: php4-pear (<< 4:4.4.0-0)
+Description: PEAR - PHP Extension and Application Repository
+ This package contains the base PEAR classes for PHP, as well as the PEAR
+ installer. Many PEAR classes are already packaged for Debian, and can be
+ easily identified by names beginning with "php-", such as php-db and
+ php-auth. Note: to build and install precompiled PECL extensions, you
+ will need one of the php development packages installed.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-curl
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: CURL module for php5
+ CURL is a library for getting files from FTP, GOPHER, HTTP server.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-gd
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: GD module for php5
+ This package provides a module for handling graphics directly from PHP
+ scripts. It supports the PNG, JPEG, XPM formats as well as Freetype/ttf fonts.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-gmp
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: GMP module for php5
+ This package provides a module for arbitrary precision arithmetic via the
+ GNU Multiple Precision (GMP) Arithmetic Library.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-ldap
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: LDAP module for php5
+ This package provides a module for LDAP functions in PHP scripts.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-mhash
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: MHASH module for php5
+ This package provides a module for mhash functions in PHP scripts.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-mysql
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Conflicts: php5-mysqli
+Replaces: php5-mysqli
+Description: MySQL module for php5
+ This package provides modules for MySQL database connections directly from
+ PHP scripts. It includes the generic "mysql" module which can be used
+ to connect to all versions of MySQL, an improved "mysqli" module for
+ MySQL version 4.1 or later, and the pdo_mysql module for use with
+ the PHP Data Object extension.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-odbc
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: ODBC module for php5
+ This package provides a module for database access through ODBC drivers.
+ It uses the unixODBC library as an ODBC provider. It also contains the
+ pdo_odbc module, for use with the PHP Data Object extension.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-pgsql
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: PostgreSQL module for php5
+ This package provides a module for PostgreSQL database connections
+ directly from PHP scripts. It also includes the pdo_pgsql module for
+ use with the PHP Data Object extension.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-pspell
+Architecture: any
+Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version})
+Description: pspell module for php5
+ This package provides a module for pspell functions in PHP scripts.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-recode
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: recode module for php5
+ This package provides a module for recode - character set recoding.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-snmp
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: SNMP module for php5
+ This package provides a module for SNMP functions in PHP scripts.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-sqlite
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: SQLite module for php5
+ This package provides a module allowing you to use the SQLite self-contained
+ database engine from within your PHP scripts, eliminating the need for a full
+ SQL server installation like MySQL or PostgreSQL. It also includes the
+ pdo_sqlite module, for use with the PHP Data Object extension.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-sybase
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Provides: php5-mssql
+Description: Sybase / MS SQL Server module for php5
+ This package provides a module for Sybase and Microsoft SQL Server
+ database connections directly from PHP scripts. It also includes the
+ pdo_dblib module for use with the PHP Data Object extension.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-tidy
+Architecture: any
+Depends: ${shlibs:Depends}, ${php:Depends}, ${misc:Depends}, php5-common (= ${binary:Version})
+Description: tidy module for php5
+ This package provides a module for tidy functions in PHP scripts.
+ .
+ Tidy is an extension based on Libtidy (http://tidy.sf.net/) and allows
+ a PHP developer to clean, repair, and traverse HTML, XHTML, and XML
+ documents -- including ones with embedded scripting languages such as PHP
+ or ASP within them using OO constructs.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-xmlrpc
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: XML-RPC module for php5
+ This package provides a module for XML-RPC functions in PHP scripts.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+
+Package: php5-xsl
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${php:Depends}, php5-common (= ${binary:Version})
+Description: XSL module for php5
+ This package provides a module for XSL using the libxslt XSL parser.
+ .
+ PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
+ from C, Java and Perl with a couple of unique PHP-specific features thrown
+ in. The goal of the language is to allow web developers to write
+ dynamically generated pages quickly.
+

Added: trunk/debs/php5/debian/copyright.header
===================================================================
--- trunk/debs/php5/debian/copyright.header (rev 0)
+++ trunk/debs/php5/debian/copyright.header 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,20 @@
+This package was debianized by Gergely Madarasz <gorgo [at] sztaki> on
+Tue, 16 Nov 1999 19:33:42 +0100.
+
+The last maintainer was Petr Cech <cech [at] debian>, who did a LOT of
+work on these packages.
+
+The current maintainer is Adam Conrad <adconrad [at] 0c3>, who gets a
+significant chunk of input and help from Steve Langasek <vorlon [at] debian>
+and Andres Salomon <dilinger [at] debian>.
+
+It was downloaded from www.php.net/version5/downloads
+Changes: removed ext/dbase dir (non-free)
+
+Upstream Authors: The PHP group for PHP5, Andi Gutmans and Zeev Suraski
+for libzend
+
+Two different licences apply to this package, one for PHP5, the other for
+libzend. Both licences are shown here below.
+
+

Added: trunk/debs/php5/debian/extramodulelist
===================================================================
--- trunk/debs/php5/debian/extramodulelist (rev 0)
+++ trunk/debs/php5/debian/extramodulelist 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,8 @@
+mysql MySQL mysqli
+mysql MySQL pdo_mysql
+interbase InterBase/Firebird pdo_firebird
+common PDO pdo
+odbc ODBC pdo_odbc
+pgsql PostgreSQL pdo_pgsql
+sqlite SQLite pdo_sqlite
+sybase Sybase pdo_dblib

Added: trunk/debs/php5/debian/libapache2-mod-php5.conf
===================================================================
--- trunk/debs/php5/debian/libapache2-mod-php5.conf (rev 0)
+++ trunk/debs/php5/debian/libapache2-mod-php5.conf 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,4 @@
+<IfModule mod_php5.c>
+ AddType application/x-httpd-php .php .phtml .php3
+ AddType application/x-httpd-php-source .phps
+</IfModule>

Added: trunk/debs/php5/debian/libapache2-mod-php5.dirs
===================================================================
--- trunk/debs/php5/debian/libapache2-mod-php5.dirs (rev 0)
+++ trunk/debs/php5/debian/libapache2-mod-php5.dirs 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,3 @@
+/etc/apache2/mods-available
+/etc/php5/apache2
+/usr/lib/apache2/modules

Added: trunk/debs/php5/debian/libapache2-mod-php5.load
===================================================================
--- trunk/debs/php5/debian/libapache2-mod-php5.load (rev 0)
+++ trunk/debs/php5/debian/libapache2-mod-php5.load 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1 @@
+LoadModule php5_module /usr/lib/apache2/modules/libphp5.so

Added: trunk/debs/php5/debian/libapache2-mod-php5.postinst
===================================================================
--- trunk/debs/php5/debian/libapache2-mod-php5.postinst (rev 0)
+++ trunk/debs/php5/debian/libapache2-mod-php5.postinst 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/apache2/php.ini"
+
+# LEGACY SUPPORT
+# previous versions of php did not ship $phpini as a conffile nor did
+# they use anything like ucf. as a result, we need to help transition
+# those files into ucf a little more easily by updating unmodified
+# ini files before registering them
+#
+# if we're upgrading from a pre-ucf version of php:
+if dpkg --compare-versions "$2" le-nl "5.1.6-4"; then
+ # if the SAPI config file already exists and is unmodified
+ if [ -f "$phpini" ]; then
+ oldmd5=`md5sum $phpini | cut -d' ' -f1`
+ if [ "$oldmd5" = "c85605baab79fbcd3c289e442eb3caa2" ]; then
+ # then silently update it before registering via ucf
+ cp /usr/share/php5/php.ini-dist $phpini
+ fi
+ fi
+fi
+# END LEGACY SUPPORT
+
+ucf /usr/share/php5/php.ini-dist $phpini
+
+reload_apache()
+{
+ if apache2ctl configtest 2>/dev/null; then
+ invoke-rc.d apache2 force-reload || true
+ else
+ echo "Your apache2 configuration is broken, so we're not restarting it for you."
+ fi
+}
+
+if [ -n "$2" ]; then
+# we're upgrading. test if we're enabled, and if so, restart to reload the module.
+ if [ -e /etc/apache2/mods-enabled/php5.load ]; then
+ reload_apache
+ fi
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+# Enable the module, but hide a2enmod's misleading message about apachectl
+# and force-reload the thing ourselves.
+ a2enmod php5 >/dev/null || true
+ reload_apache
+fi
+
+exit 0

Added: trunk/debs/php5/debian/libapache2-mod-php5.prerm
===================================================================
--- trunk/debs/php5/debian/libapache2-mod-php5.prerm (rev 0)
+++ trunk/debs/php5/debian/libapache2-mod-php5.prerm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+if [ -e /etc/apache2/apache2.conf ]; then
+ a2dismod php5 || true
+fi
+
+exit 0

Added: trunk/debs/php5/debian/maxlifetime
===================================================================
--- trunk/debs/php5/debian/maxlifetime (rev 0)
+++ trunk/debs/php5/debian/maxlifetime 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+#!/bin/sh -e
+
+max=1440
+
+for ini in /etc/php5/*/php.ini; do
+ cur=$(sed -n -e 's/^[[:space:]]*session.gc_maxlifetime[[:space:]]*=[[:space:]]*\([0-9]\+\).*$/\1/p' $ini 2>/dev/null || true);
+ [ -z "$cur" ] && cur=0
+ [ "$cur" -gt "$max" ] && max=$cur
+done
+
+echo $(($max/60))
+
+exit 0

Added: trunk/debs/php5/debian/modulelist
===================================================================
--- trunk/debs/php5/debian/modulelist (rev 0)
+++ trunk/debs/php5/debian/modulelist 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,19 @@
+curl CURL
+gd GD
+gmp GMP
+imap IMAP
+interbase Interbase
+ldap LDAP
+mcrypt MCrypt
+mhash MHASH
+mysql MySQL
+odbc ODBC
+pgsql PostgreSQL
+pspell pspell
+recode recode
+snmp SNMP
+sqlite SQLite
+sybase Sybase mssql
+tidy tidy
+xmlrpc XML-RPC
+xsl XSL

Added: trunk/debs/php5/debian/patches/001-libtool_fixes.patch
===================================================================
--- trunk/debs/php5/debian/patches/001-libtool_fixes.patch (rev 0)
+++ trunk/debs/php5/debian/patches/001-libtool_fixes.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,28 @@
+Index: php5-5.2.4/TSRM/configure.in
+===================================================================
+--- php5-5.2.4.orig/TSRM/configure.in 2007-09-10 20:45:24.000000000 +0200
++++ php5-5.2.4/TSRM/configure.in 2007-09-10 20:45:26.000000000 +0200
+@@ -13,9 +13,6 @@
+ TSRM_THREADS_CHECKS
+
+ AM_PROG_LIBTOOL
+-if test "$enable_debug" != "yes"; then
+- AM_SET_LIBTOOL_VARIABLE([--silent])
+-fi
+
+ dnl TSRM_PTHREAD
+
+Index: php5-5.2.4/configure.in
+===================================================================
+--- php5-5.2.4.orig/configure.in 2007-09-10 20:45:24.000000000 +0200
++++ php5-5.2.4/configure.in 2007-09-10 20:45:26.000000000 +0200
+@@ -1256,9 +1256,6 @@
+ AC_DEFUN([AC_PROG_CXX], [])])
+ AC_PROG_LIBTOOL
+
+-if test "$enable_debug" != "yes"; then
+- PHP_SET_LIBTOOL_VARIABLE([--silent])
+-fi
+
+ dnl libtool 1.4.3 needs this.
+ PHP_SET_LIBTOOL_VARIABLE([--preserve-dup-deps])

Added: trunk/debs/php5/debian/patches/002-static_openssl.patch
===================================================================
--- trunk/debs/php5/debian/patches/002-static_openssl.patch (rev 0)
+++ trunk/debs/php5/debian/patches/002-static_openssl.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,15 @@
+Index: php5-5.2.4/acinclude.m4
+===================================================================
+--- php5-5.2.4.orig/acinclude.m4 2007-09-10 20:45:23.000000000 +0200
++++ php5-5.2.4/acinclude.m4 2007-09-10 20:45:32.000000000 +0200
+@@ -2364,9 +2364,7 @@
+
+ PHP_ADD_INCLUDE($OPENSSL_INCDIR)
+
+- PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [
+- PHP_ADD_LIBRARY(crypto,,$1)
+- ],[
++ PHP_CHECK_LIBRARY(crypto, CRYPTO_free, [:],[
+ AC_MSG_ERROR([libcrypto not found!])
+ ],[
+ -L$OPENSSL_LIBDIR

Added: trunk/debs/php5/debian/patches/004-ldap_fix.patch
===================================================================
--- trunk/debs/php5/debian/patches/004-ldap_fix.patch (rev 0)
+++ trunk/debs/php5/debian/patches/004-ldap_fix.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,23 @@
+Index: php5-5.2.4/ext/ldap/ldap.c
+===================================================================
+--- php5-5.2.4.orig/ext/ldap/ldap.c 2007-09-10 20:45:23.000000000 +0200
++++ php5-5.2.4/ext/ldap/ldap.c 2007-09-10 20:45:39.000000000 +0200
+@@ -1334,7 +1334,7 @@
+ }
+
+ i=0;
+- while (ldap_value[i] != NULL) i++;
++ while (ldap_value && ldap_value[i] != NULL) i++;
+ count = i;
+
+ array_init(return_value);
+@@ -1344,7 +1344,8 @@
+ add_index_string(return_value, i, ldap_value[i], 1);
+ }
+
+- ldap_value_free(ldap_value);
++ if (ldap_value)
++ ldap_value_free(ldap_value);
+ }
+ /* }}} */
+

Added: trunk/debs/php5/debian/patches/006-debian_quirks.patch
===================================================================
--- trunk/debs/php5/debian/patches/006-debian_quirks.patch (rev 0)
+++ trunk/debs/php5/debian/patches/006-debian_quirks.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,376 @@
+Index: php5-5.2.4/configure.in
+===================================================================
+--- php5-5.2.4.orig/configure.in 2007-09-10 20:45:26.000000000 +0200
++++ php5-5.2.4/configure.in 2007-09-11 00:23:54.000000000 +0200
+@@ -934,7 +934,7 @@
+ fi
+
+ PHP_ARG_WITH(pear, [whether to install PEAR],
+-[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php]
++[ --with-pear=DIR Install PEAR in DIR [PREFIX/lib/php5]
+ --without-pear Do not install PEAR], DEFAULT, yes)
+
+ if test "$PHP_PEAR" != "no"; then
+@@ -968,7 +968,7 @@
+ if test "$PHP_PEAR" = "DEFAULT" || test "$PHP_PEAR" = "yes"; then
+ case $PHP_LAYOUT in
+ GNU) PEAR_INSTALLDIR=$datadir/pear;;
+- *) PEAR_INSTALLDIR=$libdir/php;;
++ *) PEAR_INSTALLDIR=$libdir/php5;;
+ esac
+ fi
+
+@@ -1023,12 +1023,12 @@
+
+ case $libdir in
+ '${exec_prefix}/lib')
+- libdir=$libdir/php
++ libdir=$libdir/php5
+ ;;
+ esac
+ case $datadir in
+ '${prefix}/share')
+- datadir=$datadir/php
++ datadir=$datadir/php5
+ ;;
+ *) ;;
+ esac
+@@ -1094,7 +1094,7 @@
+ EXPANDED_DATADIR=$datadir
+ EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"`
+ EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"`
+-INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR
++INCLUDE_PATH=.:$EXPANDED_PEAR_INSTALLDIR:/usr/share/pear
+
+ exec_prefix=$old_exec_prefix
+ libdir=$old_libdir
+Index: php5-5.2.4/ext/ext_skel
+===================================================================
+--- php5-5.2.4.orig/ext/ext_skel 2004-05-16 14:10:35.000000000 +0200
++++ php5-5.2.4/ext/ext_skel 2007-09-11 00:23:54.000000000 +0200
+@@ -70,7 +70,7 @@
+ fi
+
+ if test -z "$skel_dir"; then
+- skel_dir="skeleton"
++ skel_dir="/usr/lib/php5/skeleton"
+ fi
+
+ ## convert skel_dir to full path
+Index: php5-5.2.4/ext/session/session.c
+===================================================================
+--- php5-5.2.4.orig/ext/session/session.c 2007-08-03 03:16:40.000000000 +0200
++++ php5-5.2.4/ext/session/session.c 2007-09-11 00:23:54.000000000 +0200
+@@ -181,11 +181,11 @@
+ PHP_INI_BEGIN()
+ STD_PHP_INI_BOOLEAN("session.bug_compat_42", "1", PHP_INI_ALL, OnUpdateBool, bug_compat, php_ps_globals, ps_globals)
+ STD_PHP_INI_BOOLEAN("session.bug_compat_warn", "1", PHP_INI_ALL, OnUpdateBool, bug_compat_warn, php_ps_globals, ps_globals)
+- STD_PHP_INI_ENTRY("session.save_path", "", PHP_INI_ALL, OnUpdateSaveDir,save_path, php_ps_globals, ps_globals)
++ STD_PHP_INI_ENTRY("session.save_path", "/var/lib/php5", PHP_INI_ALL, OnUpdateString, save_path, php_ps_globals, ps_globals)
+ STD_PHP_INI_ENTRY("session.name", "PHPSESSID", PHP_INI_ALL, OnUpdateString, session_name, php_ps_globals, ps_globals)
+ PHP_INI_ENTRY("session.save_handler", "files", PHP_INI_ALL, OnUpdateSaveHandler)
+ STD_PHP_INI_BOOLEAN("session.auto_start", "0", PHP_INI_ALL, OnUpdateBool, auto_start, php_ps_globals, ps_globals)
+- STD_PHP_INI_ENTRY("session.gc_probability", "1", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals)
++ STD_PHP_INI_ENTRY("session.gc_probability", "0", PHP_INI_ALL, OnUpdateLong, gc_probability, php_ps_globals, ps_globals)
+ STD_PHP_INI_ENTRY("session.gc_divisor", "100", PHP_INI_ALL, OnUpdateLong, gc_divisor, php_ps_globals, ps_globals)
+ STD_PHP_INI_ENTRY("session.gc_maxlifetime", "1440", PHP_INI_ALL, OnUpdateLong, gc_maxlifetime, php_ps_globals, ps_globals)
+ PHP_INI_ENTRY("session.serialize_handler", "php", PHP_INI_ALL, OnUpdateSerializer)
+Index: php5-5.2.4/php.ini-dist
+===================================================================
+--- php5-5.2.4.orig/php.ini-dist 2007-08-22 01:24:18.000000000 +0200
++++ php5-5.2.4/php.ini-dist 2007-09-11 00:23:54.000000000 +0200
+@@ -466,7 +466,7 @@
+ ;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ ; UNIX: "/path1:/path2"
+-;include_path = ".:/php/includes"
++;include_path = ".:/usr/share/php"
+ ;
+ ; Windows: "\path1;\path2"
+ ;include_path = ".;c:\php\includes"
+@@ -483,7 +483,7 @@
+ user_dir =
+
+ ; Directory in which the loadable extensions (modules) reside.
+-extension_dir = "./"
++; extension_dir = "./"
+
+ ; Whether or not to enable the dl() function. The dl() function does NOT work
+ ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+@@ -596,58 +596,6 @@
+ ; extension_dir directive above.
+
+
+-; Windows Extensions
+-; Note that ODBC support is built in, so no dll is needed for it.
+-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
+-; extension folders as well as the separate PECL DLL download (PHP 5).
+-; Be sure to appropriately set the extension_dir directive.
+-
+-;extension=php_bz2.dll
+-;extension=php_curl.dll
+-;extension=php_dba.dll
+-;extension=php_dbase.dll
+-;extension=php_exif.dll
+-;extension=php_fdf.dll
+-;extension=php_gd2.dll
+-;extension=php_gettext.dll
+-;extension=php_gmp.dll
+-;extension=php_ifx.dll
+-;extension=php_imap.dll
+-;extension=php_interbase.dll
+-;extension=php_ldap.dll
+-;extension=php_mbstring.dll
+-;extension=php_mcrypt.dll
+-;extension=php_mhash.dll
+-;extension=php_mime_magic.dll
+-;extension=php_ming.dll
+-;extension=php_msql.dll
+-;extension=php_mssql.dll
+-;extension=php_mysql.dll
+-;extension=php_mysqli.dll
+-;extension=php_oci8.dll
+-;extension=php_openssl.dll
+-;extension=php_pdo.dll
+-;extension=php_pdo_firebird.dll
+-;extension=php_pdo_mssql.dll
+-;extension=php_pdo_mysql.dll
+-;extension=php_pdo_oci.dll
+-;extension=php_pdo_oci8.dll
+-;extension=php_pdo_odbc.dll
+-;extension=php_pdo_pgsql.dll
+-;extension=php_pdo_sqlite.dll
+-;extension=php_pgsql.dll
+-;extension=php_pspell.dll
+-;extension=php_shmop.dll
+-;extension=php_snmp.dll
+-;extension=php_soap.dll
+-;extension=php_sockets.dll
+-;extension=php_sqlite.dll
+-;extension=php_sybase_ct.dll
+-;extension=php_tidy.dll
+-;extension=php_xmlrpc.dll
+-;extension=php_xsl.dll
+-;extension=php_zip.dll
+-
+ ;;;;;;;;;;;;;;;;;;;
+ ; Module Settings ;
+ ;;;;;;;;;;;;;;;;;;;
+@@ -988,7 +936,7 @@
+ ;
+ ; where MODE is the octal representation of the mode. Note that this
+ ; does not overwrite the process's umask.
+-;session.save_path = "/tmp"
++;session.save_path = /var/lib/php5
+
+ ; Whether to use cookies.
+ session.use_cookies = 1
+@@ -1026,7 +974,10 @@
+ ; e.g. 1/100 means there is a 1% chance that the GC process starts
+ ; on each request.
+
+-session.gc_probability = 1
++; This is disabled in the Debian packages, due to the strict permissions
++; on /var/lib/php5. Instead of setting this here, see the cronjob at
++; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below
++;session.gc_probability = 0
+ session.gc_divisor = 100
+
+ ; After this number of seconds, stored data will be seen as 'garbage' and
+Index: php5-5.2.4/php.ini-recommended
+===================================================================
+--- php5-5.2.4.orig/php.ini-recommended 2007-08-22 01:24:18.000000000 +0200
++++ php5-5.2.4/php.ini-recommended 2007-09-11 00:23:54.000000000 +0200
+@@ -516,7 +516,7 @@
+ ;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ ; UNIX: "/path1:/path2"
+-;include_path = ".:/php/includes"
++;include_path = ".:/usr/share/php"
+ ;
+ ; Windows: "\path1;\path2"
+ ;include_path = ".;c:\php\includes"
+@@ -533,7 +533,7 @@
+ user_dir =
+
+ ; Directory in which the loadable extensions (modules) reside.
+-extension_dir = "./"
++;extension_dir = "./"
+
+ ; Whether or not to enable the dl() function. The dl() function does NOT work
+ ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+@@ -646,58 +646,6 @@
+ ; extension_dir directive above.
+
+
+-; Windows Extensions
+-; Note that ODBC support is built in, so no dll is needed for it.
+-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
+-; extension folders as well as the separate PECL DLL download (PHP 5).
+-; Be sure to appropriately set the extension_dir directive.
+-
+-;extension=php_bz2.dll
+-;extension=php_curl.dll
+-;extension=php_dba.dll
+-;extension=php_dbase.dll
+-;extension=php_exif.dll
+-;extension=php_fdf.dll
+-;extension=php_gd2.dll
+-;extension=php_gettext.dll
+-;extension=php_gmp.dll
+-;extension=php_ifx.dll
+-;extension=php_imap.dll
+-;extension=php_interbase.dll
+-;extension=php_ldap.dll
+-;extension=php_mbstring.dll
+-;extension=php_mcrypt.dll
+-;extension=php_mhash.dll
+-;extension=php_mime_magic.dll
+-;extension=php_ming.dll
+-;extension=php_msql.dll
+-;extension=php_mssql.dll
+-;extension=php_mysql.dll
+-;extension=php_mysqli.dll
+-;extension=php_oci8.dll
+-;extension=php_openssl.dll
+-;extension=php_pdo.dll
+-;extension=php_pdo_firebird.dll
+-;extension=php_pdo_mssql.dll
+-;extension=php_pdo_mysql.dll
+-;extension=php_pdo_oci.dll
+-;extension=php_pdo_oci8.dll
+-;extension=php_pdo_odbc.dll
+-;extension=php_pdo_pgsql.dll
+-;extension=php_pdo_sqlite.dll
+-;extension=php_pgsql.dll
+-;extension=php_pspell.dll
+-;extension=php_shmop.dll
+-;extension=php_snmp.dll
+-;extension=php_soap.dll
+-;extension=php_sockets.dll
+-;extension=php_sqlite.dll
+-;extension=php_sybase_ct.dll
+-;extension=php_tidy.dll
+-;extension=php_xmlrpc.dll
+-;extension=php_xsl.dll
+-;extension=php_zip.dll
+-
+ ;;;;;;;;;;;;;;;;;;;
+ ; Module Settings ;
+ ;;;;;;;;;;;;;;;;;;;
+@@ -1038,7 +986,7 @@
+ ;
+ ; where MODE is the octal representation of the mode. Note that this
+ ; does not overwrite the process's umask.
+-;session.save_path = "/tmp"
++;session.save_path = /var/lib/php5
+
+ ; Whether to use cookies.
+ session.use_cookies = 1
+@@ -1076,7 +1024,10 @@
+ ; e.g. 1/100 means there is a 1% chance that the GC process starts
+ ; on each request.
+
+-session.gc_probability = 1
++; This is disabled in the Debian packages, due to the strict permissions
++; on /var/lib/php5. Instead of setting this here, see the cronjob at
++; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below
++;session.gc_probability = 0
+ session.gc_divisor = 1000
+
+ ; After this number of seconds, stored data will be seen as 'garbage' and
+Index: php5-5.2.4/sapi/caudium/config.m4
+===================================================================
+--- php5-5.2.4.orig/sapi/caudium/config.m4 2007-07-12 01:20:36.000000000 +0200
++++ php5-5.2.4/sapi/caudium/config.m4 2007-09-11 00:23:54.000000000 +0200
+@@ -26,8 +26,8 @@
+ AC_MSG_ERROR([Could not find a pike in $PHP_CAUDIUM/bin/])
+ fi
+ if $PIKE -e 'float v; int rel;sscanf(version(), "Pike v%f release %d", v, rel);v += rel/10000.0; if(v < 7.0268) exit(1); exit(0);'; then
+- PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Module' | sed -e 's/.*: //'`
+- PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/pike/modules,include/pike,' -e 's,lib/modules,include/pike,' `
++ PIKE_MODULE_DIR=`$PIKE --show-paths 2>&1| grep '^Master file' | sed -e 's/.*: //' -e 's/master.pike/modules/'`
++ PIKE_INCLUDE_DIR=`echo $PIKE_MODULE_DIR | sed -e 's,lib/modules,,' -e 's,modules,include,' `
+ if test -z "$PIKE_INCLUDE_DIR" || test -z "$PIKE_MODULE_DIR"; then
+ AC_MSG_ERROR(Failed to figure out Pike module and include directories)
+ fi
+@@ -84,7 +84,9 @@
+ PIKE_VERSION=`$PIKE -e 'string v; int rel;sscanf(version(), "Pike v%s release %d", v, rel); write(v+"."+rel);'`
+ AC_DEFINE(HAVE_CAUDIUM,1,[Whether to compile with Caudium support])
+ PHP_SELECT_SAPI(caudium, shared, caudium.c)
+- INSTALL_IT="\$(INSTALL) -m 0755 $SAPI_SHARED $PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so"
++ dnl FIXME: This is the ugliest hack in the world!
++ dnl INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 $SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/php5.so"
++ INSTALL_IT="\$(mkinstalldirs) \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/ && \$(INSTALL) -m 0755 .$SAPI_SHARED \$(INSTALL_ROOT)$PHP_CAUDIUM/lib/$PIKE_VERSION/PHP5.so"
+ RESULT=" *** Pike binary used: $PIKE
+ *** Pike include dir(s) used: $PIKE_INCLUDE_DIR
+ *** Pike version: $PIKE_VERSION"
+Index: php5-5.2.4/sapi/cli/php.1.in
+===================================================================
+--- php5-5.2.4.orig/sapi/cli/php.1.in 2007-04-23 22:54:22.000000000 +0200
++++ php5-5.2.4/sapi/cli/php.1.in 2007-09-11 00:23:54.000000000 +0200
+@@ -306,13 +306,14 @@
+ .B name
+ .SH FILES
+ .TP 15
+-.B php\-cli.ini
++.B /etc/php5/cli/php.ini
+ The configuration file for the CLI version of PHP.
+ .TP
+-.B php.ini
+-The standard configuration file will only be used when
+-.B php\-cli.ini
+-cannot be found.
++.B /etc/php5/cgi/php.ini
++The configuration file for the CGI version of PHP.
++.TP
++.B /etc/php5/apache2/php.ini
++The configuration file for the version of PHP that apache2 uses.
+ .SH EXAMPLES
+ .TP 5
+ \fIphp -r 'echo "Hello World\\n";'\fP
+Index: php5-5.2.4/scripts/Makefile.frag
+===================================================================
+--- php5-5.2.4.orig/scripts/Makefile.frag 2005-11-22 00:08:02.000000000 +0100
++++ php5-5.2.4/scripts/Makefile.frag 2007-09-11 00:23:54.000000000 +0200
+@@ -3,8 +3,8 @@
+ # Build environment install
+ #
+
+-phpincludedir = $(includedir)/php
+-phpbuilddir = $(libdir)/build
++phpincludedir = $(includedir)/php5
++phpbuilddir = $(prefix)/lib/php5/build
+
+ BUILD_FILES = \
+ scripts/phpize.m4 \
+Index: php5-5.2.4/scripts/php-config.in
+===================================================================
+--- php5-5.2.4.orig/scripts/php-config.in 2007-08-24 13:44:10.000000000 +0200
++++ php5-5.2.4/scripts/php-config.in 2007-09-11 00:23:54.000000000 +0200
+@@ -5,8 +5,8 @@
+ exec_prefix="@exec_prefix@"
+ version="@PHP_VERSION@"
+ vernum="@PHP_VERSION_ID@"
+-include_dir="@includedir@/php"
+-includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib"
++include_dir="@includedir@/php5"
++includes="-I$include_dir -I$include_dir/main -I$include_dir/TSRM -I$include_dir/Zend -I$include_dir/ext -I$include_dir/ext/date/lib $(getconf LFS_CFLAGS)"
+ ldflags="@PHP_LDFLAGS@"
+ libs="@EXTRA_LIBS@"
+ extension_dir='@EXTENSION_DIR@'
+Index: php5-5.2.4/scripts/phpize.in
+===================================================================
+--- php5-5.2.4.orig/scripts/phpize.in 2007-06-29 03:10:35.000000000 +0200
++++ php5-5.2.4/scripts/phpize.in 2007-09-11 00:23:54.000000000 +0200
+@@ -3,8 +3,8 @@
+ # Variable declaration
+ prefix='@prefix@'
+ exec_prefix="`eval echo @exec_prefix@`"
+-phpdir="`eval echo @libdir@`/build"
+-includedir="`eval echo @includedir@`/php"
++phpdir="$prefix/lib/php5/build"
++includedir="$prefix/include/php5"
+ builddir="`pwd`"
+ SED="@SED@"
+

Added: trunk/debs/php5/debian/patches/013-force_getaddrinfo.patch
===================================================================
--- trunk/debs/php5/debian/patches/013-force_getaddrinfo.patch (rev 0)
+++ trunk/debs/php5/debian/patches/013-force_getaddrinfo.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,98 @@
+Index: php5-5.2.4/configure.in
+===================================================================
+--- php5-5.2.4.orig/configure.in 2007-09-11 00:23:54.000000000 +0200
++++ php5-5.2.4/configure.in 2007-09-11 00:24:00.000000000 +0200
+@@ -557,50 +557,50 @@
+
+ dnl Check for getaddrinfo, should be a better way, but...
+ dnl Also check for working getaddrinfo
+-AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo,
+-[AC_TRY_LINK([#include <netdb.h>],
+- [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);],
+- AC_TRY_RUN([.
+-#include <netdb.h>
+-#include <sys/types.h>
+-#ifndef AF_INET
+-# include <sys/socket.h>
+-#endif
+-int main(void) {
+- struct addrinfo *ai, *pai, hints;
+-
+- memset(&hints, 0, sizeof(hints));
+- hints.ai_flags = AI_NUMERICHOST;
+-
+- if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) {
+- exit(1);
+- }
+-
+- if (ai == 0) {
+- exit(1);
+- }
+-
+- pai = ai;
+-
+- while (pai) {
+- if (pai->ai_family != AF_INET) {
+- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */
+- exit(1);
+- }
+- if (pai->ai_addr->sa_family != AF_INET) {
+- /* 127.0.0.1/NUMERICHOST should only resolve ONE way */
+- exit(1);
+- }
+- pai = pai->ai_next;
+- }
+- freeaddrinfo(ai);
+- exit(0);
+-}
+- ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no),
+-ac_cv_func_getaddrinfo=no)])
+-if test "$ac_cv_func_getaddrinfo" = yes; then
++dnl AC_CACHE_CHECK([for getaddrinfo], ac_cv_func_getaddrinfo,
++dnl [AC_TRY_LINK([#include <netdb.h>],
++dnl [struct addrinfo *g,h;g=&h;getaddrinfo("","",g,&g);],
++dnl AC_TRY_RUN([.
++dnl #include <netdb.h>
++dnl #include <sys/types.h>
++dnl #ifndef AF_INET
++dnl # include <sys/socket.h>
++dnl #endif
++dnl int main(void) {
++dnl struct addrinfo *ai, *pai, hints;
++dnl
++dnl memset(&hints, 0, sizeof(hints));
++dnl hints.ai_flags = AI_NUMERICHOST;
++dnl
++dnl if (getaddrinfo("127.0.0.1", 0, &hints, &ai) < 0) {
++dnl exit(1);
++dnl }
++dnl
++dnl if (ai == 0) {
++dnl exit(1);
++dnl }
++dnl
++dnl pai = ai;
++dnl
++dnl while (pai) {
++dnl if (pai->ai_family != AF_INET) {
++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */
++dnl exit(1);
++dnl }
++dnl if (pai->ai_addr->sa_family != AF_INET) {
++dnl /* 127.0.0.1/NUMERICHOST should only resolve ONE way */
++dnl exit(1);
++dnl }
++dnl pai = pai->ai_next;
++dnl }
++dnl freeaddrinfo(ai);
++dnl exit(0);
++dnl }
++dnl ],ac_cv_func_getaddrinfo=yes, ac_cv_func_getaddrinfo=no, ac_cv_func_getaddrinfo=no),
++dnl ac_cv_func_getaddrinfo=no)])
++dnl if test "$ac_cv_func_getaddrinfo" = yes; then
+ AC_DEFINE(HAVE_GETADDRINFO,1,[Define if you have the getaddrinfo function])
+-fi
++dnl fi
+
+ AC_REPLACE_FUNCS(strlcat strlcpy getopt)
+ AC_FUNC_UTIME_NULL

Added: trunk/debs/php5/debian/patches/017-pread_pwrite_disable.patch
===================================================================
--- trunk/debs/php5/debian/patches/017-pread_pwrite_disable.patch (rev 0)
+++ trunk/debs/php5/debian/patches/017-pread_pwrite_disable.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,22 @@
+Index: php5-5.2.4/acinclude.m4
+===================================================================
+--- php5-5.2.4.orig/acinclude.m4 2007-09-10 20:45:32.000000000 +0200
++++ php5-5.2.4/acinclude.m4 2007-09-11 00:24:05.000000000 +0200
+@@ -1210,7 +1210,7 @@
+ }
+
+ ],[
+- ac_cv_pwrite=yes
++ ac_cv_pwrite=no
+ ],[
+ ac_cv_pwrite=no
+ ],[
+@@ -1239,7 +1239,7 @@
+ exit(0);
+ }
+ ],[
+- ac_cv_pread=yes
++ ac_cv_pread=no
+ ],[
+ ac_cv_pread=no
+ ],[

Added: trunk/debs/php5/debian/patches/019-z_off_t_as_long.patch
===================================================================
--- trunk/debs/php5/debian/patches/019-z_off_t_as_long.patch (rev 0)
+++ trunk/debs/php5/debian/patches/019-z_off_t_as_long.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,1536 @@
+Index: php5-5.2.0/ext/zlib/zconf.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.0/ext/zlib/zconf.h 2007-03-18 22:58:40.000000000 +0100
+@@ -0,0 +1,326 @@
++/* zconf.h -- configuration of the zlib compression library
++ * Copyright (C) 1995-2003 Jean-loup Gailly.
++ * For conditions of distribution and use, see copyright notice in zlib.h
++ */
++
++/* @(#) $Id: 019-z_off_t_as_long.patch.disabled,v 1.3 2004/08/23 07:48:56 adconrad Exp $ */
++
++#ifndef ZCONF_H
++#define ZCONF_H
++
++#warning Including local zconf.h instead of system zconf.h
++
++/*
++ * If you *really* need a unique prefix for all types and library functions,
++ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
++ */
++#ifdef Z_PREFIX
++# define deflateInit_ z_deflateInit_
++# define deflate z_deflate
++# define deflateEnd z_deflateEnd
++# define inflateInit_ z_inflateInit_
++# define inflate z_inflate
++# define inflateEnd z_inflateEnd
++# define deflateInit2_ z_deflateInit2_
++# define deflateSetDictionary z_deflateSetDictionary
++# define deflateCopy z_deflateCopy
++# define deflateReset z_deflateReset
++# define deflatePrime z_deflatePrime
++# define deflateParams z_deflateParams
++# define deflateBound z_deflateBound
++# define inflateInit2_ z_inflateInit2_
++# define inflateSetDictionary z_inflateSetDictionary
++# define inflateSync z_inflateSync
++# define inflateSyncPoint z_inflateSyncPoint
++# define inflateCopy z_inflateCopy
++# define inflateReset z_inflateReset
++# define compress z_compress
++# define compress2 z_compress2
++# define compressBound z_compressBound
++# define uncompress z_uncompress
++# define adler32 z_adler32
++# define crc32 z_crc32
++# define get_crc_table z_get_crc_table
++
++# define Byte z_Byte
++# define uInt z_uInt
++# define uLong z_uLong
++# define Bytef z_Bytef
++# define charf z_charf
++# define intf z_intf
++# define uIntf z_uIntf
++# define uLongf z_uLongf
++# define voidpf z_voidpf
++# define voidp z_voidp
++#endif
++
++#if defined(__MSDOS__) && !defined(MSDOS)
++# define MSDOS
++#endif
++#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2)
++# define OS2
++#endif
++#if defined(_WINDOWS) && !defined(WINDOWS)
++# define WINDOWS
++#endif
++#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
++# define WIN32
++#endif
++#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32)
++# if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__)
++# ifndef SYS16BIT
++# define SYS16BIT
++# endif
++# endif
++#endif
++
++/*
++ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
++ * than 64k bytes at a time (needed on systems with 16-bit int).
++ */
++#ifdef SYS16BIT
++# define MAXSEG_64K
++#endif
++#ifdef MSDOS
++# define UNALIGNED_OK
++#endif
++
++#ifdef __STDC_VERSION__
++# ifndef STDC
++# define STDC
++# endif
++# if __STDC_VERSION__ >= 199901L
++# ifndef STDC99
++# define STDC99
++# endif
++# endif
++#endif
++#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus))
++# define STDC
++#endif
++#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__))
++# define STDC
++#endif
++#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32))
++# define STDC
++#endif
++#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__))
++# define STDC
++#endif
++
++#if defined(__OS400__) && !defined(STDC) /* iSeries (formerly AS/400). */
++# define STDC
++#endif
++
++#ifndef STDC
++# ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
++# define const /* note: need a more gentle solution here */
++# endif
++#endif
++
++/* Some Mac compilers merge all .h files incorrectly: */
++#if defined(__MWERKS__)||defined(applec)||defined(THINK_C)||defined(__SC__)
++# define NO_DUMMY_DECL
++#endif
++
++/* Maximum value for memLevel in deflateInit2 */
++#ifndef MAX_MEM_LEVEL
++# ifdef MAXSEG_64K
++# define MAX_MEM_LEVEL 8
++# else
++# define MAX_MEM_LEVEL 9
++# endif
++#endif
++
++/* Maximum value for windowBits in deflateInit2 and inflateInit2.
++ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
++ * created by gzip. (Files created by minigzip can still be extracted by
++ * gzip.)
++ */
++#ifndef MAX_WBITS
++# define MAX_WBITS 15 /* 32K LZ77 window */
++#endif
++
++/* The memory requirements for deflate are (in bytes):
++ (1 << (windowBits+2)) + (1 << (memLevel+9))
++ that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
++ plus a few kilobytes for small objects. For example, if you want to reduce
++ the default memory requirements from 256K to 128K, compile with
++ make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
++ Of course this will generally degrade compression (there's no free lunch).
++
++ The memory requirements for inflate are (in bytes) 1 << windowBits
++ that is, 32K for windowBits=15 (default value) plus a few kilobytes
++ for small objects.
++*/
++
++ /* Type declarations */
++
++#ifndef OF /* function prototypes */
++# ifdef STDC
++# define OF(args) args
++# else
++# define OF(args) ()
++# endif
++#endif
++
++/* The following definitions for FAR are needed only for MSDOS mixed
++ * model programming (small or medium model with some far allocations).
++ * This was tested only with MSC; for other MSDOS compilers you may have
++ * to define NO_MEMCPY in zutil.h. If you don't need the mixed model,
++ * just define FAR to be empty.
++ */
++#ifdef SYS16BIT
++# if defined(M_I86SM) || defined(M_I86MM)
++ /* MSC small or medium model */
++# define SMALL_MEDIUM
++# ifdef _MSC_VER
++# define FAR _far
++# else
++# define FAR far
++# endif
++# endif
++# if (defined(__SMALL__) || defined(__MEDIUM__))
++ /* Turbo C small or medium model */
++# define SMALL_MEDIUM
++# ifdef __BORLANDC__
++# define FAR _far
++# else
++# define FAR far
++# endif
++# endif
++#endif
++
++#if defined(WINDOWS) || defined(WIN32)
++ /* If building or using zlib as a DLL, define ZLIB_DLL.
++ * This is not mandatory, but it offers a little performance increase.
++ */
++# ifdef ZLIB_DLL
++# if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500))
++# ifdef ZLIB_INTERNAL
++# define ZEXTERN extern __declspec(dllexport)
++# else
++# define ZEXTERN extern __declspec(dllimport)
++# endif
++# endif
++# endif /* ZLIB_DLL */
++ /* If building or using zlib with the WINAPI/WINAPIV calling convention,
++ * define ZLIB_WINAPI.
++ * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI.
++ */
++# ifdef ZLIB_WINAPI
++# ifdef FAR
++# undef FAR
++# endif
++# include <windows.h>
++ /* No need for _export, use ZLIB.DEF instead. */
++ /* For complete Windows compatibility, use WINAPI, not __stdcall. */
++# define ZEXPORT WINAPI
++# ifdef WIN32
++# define ZEXPORTVA WINAPIV
++# else
++# define ZEXPORTVA FAR CDECL
++# endif
++# endif
++#endif
++
++#if defined (__BEOS__)
++# ifdef ZLIB_DLL
++# ifdef ZLIB_INTERNAL
++# define ZEXPORT __declspec(dllexport)
++# define ZEXPORTVA __declspec(dllexport)
++# else
++# define ZEXPORT __declspec(dllimport)
++# define ZEXPORTVA __declspec(dllimport)
++# endif
++# endif
++#endif
++
++#ifndef ZEXTERN
++# define ZEXTERN extern
++#endif
++#ifndef ZEXPORT
++# define ZEXPORT
++#endif
++#ifndef ZEXPORTVA
++# define ZEXPORTVA
++#endif
++
++#ifndef FAR
++# define FAR
++#endif
++
++#if !defined(__MACTYPES__)
++typedef unsigned char Byte; /* 8 bits */
++#endif
++typedef unsigned int uInt; /* 16 bits or more */
++typedef unsigned long uLong; /* 32 bits or more */
++
++#ifdef SMALL_MEDIUM
++ /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
++# define Bytef Byte FAR
++#else
++ typedef Byte FAR Bytef;
++#endif
++typedef char FAR charf;
++typedef int FAR intf;
++typedef uInt FAR uIntf;
++typedef uLong FAR uLongf;
++
++#ifdef STDC
++ typedef void const *voidpc;
++ typedef void FAR *voidpf;
++ typedef void *voidp;
++#else
++ typedef Byte const *voidpc;
++ typedef Byte FAR *voidpf;
++ typedef Byte *voidp;
++#endif
++
++#if 1 /* HAVE_UNISTD_H -- this line is updated by ./configure */
++# include <sys/types.h> /* for off_t */
++# include <unistd.h> /* for SEEK_* and off_t */
++# ifdef VMS
++# include <unixio.h> /* for off_t */
++# endif
++/* # define z_off_t off_t */
++#endif
++#ifndef SEEK_SET
++# define SEEK_SET 0 /* Seek from beginning of file. */
++# define SEEK_CUR 1 /* Seek from current position. */
++# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */
++#endif
++#ifndef z_off_t
++# warning Defining z_off_t as 'long' rather than 'off_t'
++# define z_off_t long
++#endif
++
++#if defined(__OS400__)
++#define NO_vsnprintf
++#endif
++
++#if defined(__MVS__)
++# define NO_vsnprintf
++# ifdef FAR
++# undef FAR
++# endif
++#endif
++
++/* MVS linker does not support external names larger than 8 bytes */
++#if defined(__MVS__)
++# pragma map(deflateInit_,"DEIN")
++# pragma map(deflateInit2_,"DEIN2")
++# pragma map(deflateEnd,"DEEND")
++# pragma map(deflateBound,"DEBND")
++# pragma map(inflateInit_,"ININ")
++# pragma map(inflateInit2_,"ININ2")
++# pragma map(inflateEnd,"INEND")
++# pragma map(inflateSync,"INSY")
++# pragma map(inflateSetDictionary,"INSEDI")
++# pragma map(compressBound,"CMBND")
++# pragma map(inflate_table,"INTABL")
++# pragma map(inflate_fast,"INFA")
++# pragma map(inflate_copyright,"INCOPY")
++#endif
++
++#endif /* ZCONF_H */
+Index: php5-5.2.0/ext/zlib/zlib.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.0/ext/zlib/zlib.h 2007-03-18 22:58:40.000000000 +0100
+@@ -0,0 +1,1200 @@
++/* zlib.h -- interface of the 'zlib' general purpose compression library
++ version 1.2.1.1, January 9th, 2004
++
++ Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler
++
++ This software is provided 'as-is', without any express or implied
++ warranty. In no event will the authors be held liable for any damages
++ arising from the use of this software.
++
++ Permission is granted to anyone to use this software for any purpose,
++ including commercial applications, and to alter it and redistribute it
++ freely, subject to the following restrictions:
++
++ 1. The origin of this software must not be misrepresented; you must not
++ claim that you wrote the original software. If you use this software
++ in a product, an acknowledgment in the product documentation would be
++ appreciated but is not required.
++ 2. Altered source versions must be plainly marked as such, and must not be
++ misrepresented as being the original software.
++ 3. This notice may not be removed or altered from any source distribution.
++
++ Jean-loup Gailly Mark Adler
++ jloup [at] gzip madler [at] alumni
++
++
++ The data format used by the zlib library is described by RFCs (Request for
++ Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt
++ (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format).
++*/
++
++#ifndef ZLIB_H
++#define ZLIB_H
++
++#include "zconf.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#define ZLIB_VERSION "1.2.1.1"
++#define ZLIB_VERNUM 0x1211
++
++/*
++ The 'zlib' compression library provides in-memory compression and
++ decompression functions, including integrity checks of the uncompressed
++ data. This version of the library supports only one compression method
++ (deflation) but other algorithms will be added later and will have the same
++ stream interface.
++
++ Compression can be done in a single step if the buffers are large
++ enough (for example if an input file is mmap'ed), or can be done by
++ repeated calls of the compression function. In the latter case, the
++ application must provide more input and/or consume the output
++ (providing more output space) before each call.
++
++ The compressed data format used by the in-memory functions is the zlib
++ format, which is a zlib wrapper documented in RFC 1950, wrapped around a
++ deflate stream, which is itself documented in RFC 1951.
++
++ The library also supports reading and writing files in gzip (.gz) format
++ with an interface similar to that of stdio using the functions that start
++ with "gz". The gzip format is different from the zlib format. gzip is a
++ gzip wrapper, documented in RFC 1952, wrapped around a deflate stream.
++
++ The zlib format was designed to be compact and fast for use in memory
++ and on communications channels. The gzip format was designed for single-
++ file compression on file systems, has a larger header than zlib to maintain
++ directory information, and uses a different, slower check method than zlib.
++
++ This library does not provide any functions to write gzip files in memory.
++ However such functions could be easily written using zlib's deflate function,
++ the documentation in the gzip RFC, and the examples in gzio.c.
++
++ The library does not install any signal handler. The decoder checks
++ the consistency of the compressed data, so the library should never
++ crash even in case of corrupted input.
++*/
++
++typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
++typedef void (*free_func) OF((voidpf opaque, voidpf address));
++
++struct internal_state;
++
++typedef struct z_stream_s {
++ Bytef *next_in; /* next input byte */
++ uInt avail_in; /* number of bytes available at next_in */
++ uLong total_in; /* total nb of input bytes read so far */
++
++ Bytef *next_out; /* next output byte should be put there */
++ uInt avail_out; /* remaining free space at next_out */
++ uLong total_out; /* total nb of bytes output so far */
++
++ char *msg; /* last error message, NULL if no error */
++ struct internal_state FAR *state; /* not visible by applications */
++
++ alloc_func zalloc; /* used to allocate the internal state */
++ free_func zfree; /* used to free the internal state */
++ voidpf opaque; /* private data object passed to zalloc and zfree */
++
++ int data_type; /* best guess about the data type: ascii or binary */
++ uLong adler; /* adler32 value of the uncompressed data */
++ uLong reserved; /* reserved for future use */
++} z_stream;
++
++typedef z_stream FAR *z_streamp;
++
++/*
++ The application must update next_in and avail_in when avail_in has
++ dropped to zero. It must update next_out and avail_out when avail_out
++ has dropped to zero. The application must initialize zalloc, zfree and
++ opaque before calling the init function. All other fields are set by the
++ compression library and must not be updated by the application.
++
++ The opaque value provided by the application will be passed as the first
++ parameter for calls of zalloc and zfree. This can be useful for custom
++ memory management. The compression library attaches no meaning to the
++ opaque value.
++
++ zalloc must return Z_NULL if there is not enough memory for the object.
++ If zlib is used in a multi-threaded application, zalloc and zfree must be
++ thread safe.
++
++ On 16-bit systems, the functions zalloc and zfree must be able to allocate
++ exactly 65536 bytes, but will not be required to allocate more than this
++ if the symbol MAXSEG_64K is defined (see zconf.h). WARNING: On MSDOS,
++ pointers returned by zalloc for objects of exactly 65536 bytes *must*
++ have their offset normalized to zero. The default allocation function
++ provided by this library ensures this (see zutil.c). To reduce memory
++ requirements and avoid any allocation of 64K objects, at the expense of
++ compression ratio, compile the library with -DMAX_WBITS=14 (see zconf.h).
++
++ The fields total_in and total_out can be used for statistics or
++ progress reports. After compression, total_in holds the total size of
++ the uncompressed data and may be saved for use in the decompressor
++ (particularly if the decompressor wants to decompress everything in
++ a single step).
++*/
++
++ /* constants */
++
++#define Z_NO_FLUSH 0
++#define Z_PARTIAL_FLUSH 1 /* will be removed, use Z_SYNC_FLUSH instead */
++#define Z_SYNC_FLUSH 2
++#define Z_FULL_FLUSH 3
++#define Z_FINISH 4
++#define Z_BLOCK 5
++/* Allowed flush values; see deflate() and inflate() below for details */
++
++#define Z_OK 0
++#define Z_STREAM_END 1
++#define Z_NEED_DICT 2
++#define Z_ERRNO (-1)
++#define Z_STREAM_ERROR (-2)
++#define Z_DATA_ERROR (-3)
++#define Z_MEM_ERROR (-4)
++#define Z_BUF_ERROR (-5)
++#define Z_VERSION_ERROR (-6)
++/* Return codes for the compression/decompression functions. Negative
++ * values are errors, positive values are used for special but normal events.
++ */
++
++#define Z_NO_COMPRESSION 0
++#define Z_BEST_SPEED 1
++#define Z_BEST_COMPRESSION 9
++#define Z_DEFAULT_COMPRESSION (-1)
++/* compression levels */
++
++#define Z_FILTERED 1
++#define Z_HUFFMAN_ONLY 2
++#define Z_RLE 3
++#define Z_DEFAULT_STRATEGY 0
++/* compression strategy; see deflateInit2() below for details */
++
++#define Z_BINARY 0
++#define Z_ASCII 1
++#define Z_UNKNOWN 2
++/* Possible values of the data_type field (though see inflate()) */
++
++#define Z_DEFLATED 8
++/* The deflate compression method (the only one supported in this version) */
++
++#define Z_NULL 0 /* for initializing zalloc, zfree, opaque */
++
++#define zlib_version zlibVersion()
++/* for compatibility with versions < 1.0.2 */
++
++ /* basic functions */
++
++ZEXTERN const char * ZEXPORT zlibVersion OF((void));
++/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
++ If the first character differs, the library code actually used is
++ not compatible with the zlib.h header file used by the application.
++ This check is automatically made by deflateInit and inflateInit.
++ */
++
++/*
++ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
++
++ Initializes the internal stream state for compression. The fields
++ zalloc, zfree and opaque must be initialized before by the caller.
++ If zalloc and zfree are set to Z_NULL, deflateInit updates them to
++ use default allocation functions.
++
++ The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
++ 1 gives best speed, 9 gives best compression, 0 gives no compression at
++ all (the input data is simply copied a block at a time).
++ Z_DEFAULT_COMPRESSION requests a default compromise between speed and
++ compression (currently equivalent to level 6).
++
++ deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_STREAM_ERROR if level is not a valid compression level,
++ Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
++ with the version assumed by the caller (ZLIB_VERSION).
++ msg is set to null if there is no error message. deflateInit does not
++ perform any compression: this will be done by deflate().
++*/
++
++
++ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
++/*
++ deflate compresses as much data as possible, and stops when the input
++ buffer becomes empty or the output buffer becomes full. It may introduce some
++ output latency (reading input without producing any output) except when
++ forced to flush.
++
++ The detailed semantics are as follows. deflate performs one or both of the
++ following actions:
++
++ - Compress more input starting at next_in and update next_in and avail_in
++ accordingly. If not all input can be processed (because there is not
++ enough room in the output buffer), next_in and avail_in are updated and
++ processing will resume at this point for the next call of deflate().
++
++ - Provide more output starting at next_out and update next_out and avail_out
++ accordingly. This action is forced if the parameter flush is non zero.
++ Forcing flush frequently degrades the compression ratio, so this parameter
++ should be set only when necessary (in interactive applications).
++ Some output may be provided even if flush is not set.
++
++ Before the call of deflate(), the application should ensure that at least
++ one of the actions is possible, by providing more input and/or consuming
++ more output, and updating avail_in or avail_out accordingly; avail_out
++ should never be zero before the call. The application can consume the
++ compressed output when it wants, for example when the output buffer is full
++ (avail_out == 0), or after each call of deflate(). If deflate returns Z_OK
++ and with zero avail_out, it must be called again after making room in the
++ output buffer because there might be more output pending.
++
++ If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
++ flushed to the output buffer and the output is aligned on a byte boundary, so
++ that the decompressor can get all input data available so far. (In particular
++ avail_in is zero after the call if enough output space has been provided
++ before the call.) Flushing may degrade compression for some compression
++ algorithms and so it should be used only when necessary.
++
++ If flush is set to Z_FULL_FLUSH, all output is flushed as with
++ Z_SYNC_FLUSH, and the compression state is reset so that decompression can
++ restart from this point if previous compressed data has been damaged or if
++ random access is desired. Using Z_FULL_FLUSH too often can seriously degrade
++ the compression.
++
++ If deflate returns with avail_out == 0, this function must be called again
++ with the same value of the flush parameter and more output space (updated
++ avail_out), until the flush is complete (deflate returns with non-zero
++ avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that
++ avail_out is greater than six to avoid repeated flush markers due to
++ avail_out == 0 on return.
++
++ If the parameter flush is set to Z_FINISH, pending input is processed,
++ pending output is flushed and deflate returns with Z_STREAM_END if there
++ was enough output space; if deflate returns with Z_OK, this function must be
++ called again with Z_FINISH and more output space (updated avail_out) but no
++ more input data, until it returns with Z_STREAM_END or an error. After
++ deflate has returned Z_STREAM_END, the only possible operations on the
++ stream are deflateReset or deflateEnd.
++
++ Z_FINISH can be used immediately after deflateInit if all the compression
++ is to be done in a single step. In this case, avail_out must be at least
++ the value returned by deflateBound (see below). If deflate does not return
++ Z_STREAM_END, then it must be called again as described above.
++
++ deflate() sets strm->adler to the adler32 checksum of all input read
++ so far (that is, total_in bytes).
++
++ deflate() may update data_type if it can make a good guess about
++ the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
++ binary. This field is only for information purposes and does not affect
++ the compression algorithm in any manner.
++
++ deflate() returns Z_OK if some progress has been made (more input
++ processed or more output produced), Z_STREAM_END if all input has been
++ consumed and all output has been produced (only when flush is set to
++ Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
++ if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible
++ (for example avail_in or avail_out was zero). Note that Z_BUF_ERROR is not
++ fatal, and deflate() can be called again with more input and more output
++ space to continue compressing.
++*/
++
++
++ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
++/*
++ All dynamically allocated data structures for this stream are freed.
++ This function discards any unprocessed input and does not flush any
++ pending output.
++
++ deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
++ stream state was inconsistent, Z_DATA_ERROR if the stream was freed
++ prematurely (some input or output was discarded). In the error case,
++ msg may be set but then points to a static string (which must not be
++ deallocated).
++*/
++
++
++/*
++ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
++
++ Initializes the internal stream state for decompression. The fields
++ next_in, avail_in, zalloc, zfree and opaque must be initialized before by
++ the caller. If next_in is not Z_NULL and avail_in is large enough (the exact
++ value depends on the compression method), inflateInit determines the
++ compression method from the zlib header and allocates all data structures
++ accordingly; otherwise the allocation will be deferred to the first call of
++ inflate. If zalloc and zfree are set to Z_NULL, inflateInit updates them to
++ use default allocation functions.
++
++ inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
++ version assumed by the caller. msg is set to null if there is no error
++ message. inflateInit does not perform any decompression apart from reading
++ the zlib header if present: this will be done by inflate(). (So next_in and
++ avail_in may be modified, but next_out and avail_out are unchanged.)
++*/
++
++
++ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
++/*
++ inflate decompresses as much data as possible, and stops when the input
++ buffer becomes empty or the output buffer becomes full. It may introduce
++ some output latency (reading input without producing any output) except when
++ forced to flush.
++
++ The detailed semantics are as follows. inflate performs one or both of the
++ following actions:
++
++ - Decompress more input starting at next_in and update next_in and avail_in
++ accordingly. If not all input can be processed (because there is not
++ enough room in the output buffer), next_in is updated and processing
++ will resume at this point for the next call of inflate().
++
++ - Provide more output starting at next_out and update next_out and avail_out
++ accordingly. inflate() provides as much output as possible, until there
++ is no more input data or no more space in the output buffer (see below
++ about the flush parameter).
++
++ Before the call of inflate(), the application should ensure that at least
++ one of the actions is possible, by providing more input and/or consuming
++ more output, and updating the next_* and avail_* values accordingly.
++ The application can consume the uncompressed output when it wants, for
++ example when the output buffer is full (avail_out == 0), or after each
++ call of inflate(). If inflate returns Z_OK and with zero avail_out, it
++ must be called again after making room in the output buffer because there
++ might be more output pending.
++
++ The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH,
++ Z_FINISH, or Z_BLOCK. Z_SYNC_FLUSH requests that inflate() flush as much
++ output as possible to the output buffer. Z_BLOCK requests that inflate() stop
++ if and when it get to the next deflate block boundary. When decoding the zlib
++ or gzip format, this will cause inflate() to return immediately after the
++ header and before the first block. When doing a raw inflate, inflate() will
++ go ahead and process the first block, and will return when it gets to the end
++ of that block, or when it runs out of data.
++
++ The Z_BLOCK option assists in appending to or combining deflate streams.
++ Also to assist in this, on return inflate() will set strm->data_type to the
++ number of unused bits in the last byte taken from strm->next_in, plus 64
++ if inflate() is currently decoding the last block in the deflate stream,
++ plus 128 if inflate() returned immediately after decoding an end-of-block
++ code or decoding the complete header up to just before the first byte of the
++ deflate stream. The end-of-block will not be indicated until all of the
++ uncompressed data from that block has been written to strm->next_out. The
++ number of unused bits may in general be greater than seven, except when
++ bit 7 of data_type is set, in which case the number of unused bits will be
++ less than eight.
++
++ inflate() should normally be called until it returns Z_STREAM_END or an
++ error. However if all decompression is to be performed in a single step
++ (a single call of inflate), the parameter flush should be set to
++ Z_FINISH. In this case all pending input is processed and all pending
++ output is flushed; avail_out must be large enough to hold all the
++ uncompressed data. (The size of the uncompressed data may have been saved
++ by the compressor for this purpose.) The next operation on this stream must
++ be inflateEnd to deallocate the decompression state. The use of Z_FINISH
++ is never required, but can be used to inform inflate that a faster approach
++ may be used for the single inflate() call.
++
++ In this implementation, inflate() always flushes as much output as
++ possible to the output buffer, and always uses the faster approach on the
++ first call. So the only effect of the flush parameter in this implementation
++ is on the return value of inflate(), as noted below, or when it returns early
++ because Z_BLOCK is used.
++
++ If a preset dictionary is needed after this call (see inflateSetDictionary
++ below), inflate sets strm-adler to the adler32 checksum of the dictionary
++ chosen by the compressor and returns Z_NEED_DICT; otherwise it sets
++ strm->adler to the adler32 checksum of all output produced so far (that is,
++ total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described
++ below. At the end of the stream, inflate() checks that its computed adler32
++ checksum is equal to that saved by the compressor and returns Z_STREAM_END
++ only if the checksum is correct.
++
++ inflate() will decompress and check either zlib-wrapped or gzip-wrapped
++ deflate data. The header type is detected automatically. Any information
++ contained in the gzip header is not retained, so applications that need that
++ information should instead use raw inflate, see inflateInit2() below, or
++ inflateBack() and perform their own processing of the gzip header and
++ trailer.
++
++ inflate() returns Z_OK if some progress has been made (more input processed
++ or more output produced), Z_STREAM_END if the end of the compressed data has
++ been reached and all uncompressed output has been produced, Z_NEED_DICT if a
++ preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
++ corrupted (input stream not conforming to the zlib format or incorrect check
++ value), Z_STREAM_ERROR if the stream structure was inconsistent (for example
++ if next_in or next_out was NULL), Z_MEM_ERROR if there was not enough memory,
++ Z_BUF_ERROR if no progress is possible or if there was not enough room in the
++ output buffer when Z_FINISH is used. Note that Z_BUF_ERROR is not fatal, and
++ inflate() can be called again with more input and more output space to
++ continue decompressing. If Z_DATA_ERROR is returned, the application may then
++ call inflateSync() to look for a good compression block if a partial recovery
++ of the data is desired.
++*/
++
++
++ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
++/*
++ All dynamically allocated data structures for this stream are freed.
++ This function discards any unprocessed input and does not flush any
++ pending output.
++
++ inflateEnd returns Z_OK if success, Z_STREAM_ERROR if the stream state
++ was inconsistent. In the error case, msg may be set but then points to a
++ static string (which must not be deallocated).
++*/
++
++ /* Advanced functions */
++
++/*
++ The following functions are needed only in some special applications.
++*/
++
++/*
++ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
++ int level,
++ int method,
++ int windowBits,
++ int memLevel,
++ int strategy));
++
++ This is another version of deflateInit with more compression options. The
++ fields next_in, zalloc, zfree and opaque must be initialized before by
++ the caller.
++
++ The method parameter is the compression method. It must be Z_DEFLATED in
++ this version of the library.
++
++ The windowBits parameter is the base two logarithm of the window size
++ (the size of the history buffer). It should be in the range 8..15 for this
++ version of the library. Larger values of this parameter result in better
++ compression at the expense of memory usage. The default value is 15 if
++ deflateInit is used instead.
++
++ windowBits can also be -8..-15 for raw deflate. In this case, -windowBits
++ determines the window size. deflate() will then generate raw deflate data
++ with no zlib header or trailer, and will not compute an adler32 check value.
++
++ windowBits can also be greater than 15 for optional gzip encoding. Add
++ 16 to windowBits to write a simple gzip header and trailer around the
++ compressed data instead of a zlib wrapper. The gzip header will have no
++ file name, no extra data, no comment, no modification time (set to zero),
++ no header crc, and the operating system will be set to 255 (unknown).
++
++ The memLevel parameter specifies how much memory should be allocated
++ for the internal compression state. memLevel=1 uses minimum memory but
++ is slow and reduces compression ratio; memLevel=9 uses maximum memory
++ for optimal speed. The default value is 8. See zconf.h for total memory
++ usage as a function of windowBits and memLevel.
++
++ The strategy parameter is used to tune the compression algorithm. Use the
++ value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
++ filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no
++ string match), or Z_RLE to limit match distances to one (run-length
++ encoding). Filtered data consists mostly of small values with a somewhat
++ random distribution. In this case, the compression algorithm is tuned to
++ compress them better. The effect of Z_FILTERED is to force more Huffman
++ coding and less string matching; it is somewhat intermediate between
++ Z_DEFAULT and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as fast as
++ Z_HUFFMAN_ONLY, but give better compression for PNG image data. The strategy
++ parameter only affects the compression ratio but not the correctness of the
++ compressed output even if it is not set appropriately.
++
++ deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_STREAM_ERROR if a parameter is invalid (such as an invalid
++ method). msg is set to null if there is no error message. deflateInit2 does
++ not perform any compression: this will be done by deflate().
++*/
++
++ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
++ const Bytef *dictionary,
++ uInt dictLength));
++/*
++ Initializes the compression dictionary from the given byte sequence
++ without producing any compressed output. This function must be called
++ immediately after deflateInit, deflateInit2 or deflateReset, before any
++ call of deflate. The compressor and decompressor must use exactly the same
++ dictionary (see inflateSetDictionary).
++
++ The dictionary should consist of strings (byte sequences) that are likely
++ to be encountered later in the data to be compressed, with the most commonly
++ used strings preferably put towards the end of the dictionary. Using a
++ dictionary is most useful when the data to be compressed is short and can be
++ predicted with good accuracy; the data can then be compressed better than
++ with the default empty dictionary.
++
++ Depending on the size of the compression data structures selected by
++ deflateInit or deflateInit2, a part of the dictionary may in effect be
++ discarded, for example if the dictionary is larger than the window size in
++ deflate or deflate2. Thus the strings most likely to be useful should be
++ put at the end of the dictionary, not at the front.
++
++ Upon return of this function, strm->adler is set to the adler32 value
++ of the dictionary; the decompressor may later use this value to determine
++ which dictionary has been used by the compressor. (The adler32 value
++ applies to the whole dictionary even if only a subset of the dictionary is
++ actually used by the compressor.) If a raw deflate was requested, then the
++ adler32 value is not computed and strm->adler is not set.
++
++ deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
++ parameter is invalid (such as NULL dictionary) or the stream state is
++ inconsistent (for example if deflate has already been called for this stream
++ or if the compression method is bsort). deflateSetDictionary does not
++ perform any compression: this will be done by deflate().
++*/
++
++ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
++ z_streamp source));
++/*
++ Sets the destination stream as a complete copy of the source stream.
++
++ This function can be useful when several compression strategies will be
++ tried, for example when there are several ways of pre-processing the input
++ data with a filter. The streams that will be discarded should then be freed
++ by calling deflateEnd. Note that deflateCopy duplicates the internal
++ compression state which can be quite large, so this strategy is slow and
++ can consume lots of memory.
++
++ deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
++ (such as zalloc being NULL). msg is left unchanged in both source and
++ destination.
++*/
++
++ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
++/*
++ This function is equivalent to deflateEnd followed by deflateInit,
++ but does not free and reallocate all the internal compression state.
++ The stream will keep the same compression level and any other attributes
++ that may have been set by deflateInit2.
++
++ deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
++ stream state was inconsistent (such as zalloc or state being NULL).
++*/
++
++ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
++ int level,
++ int strategy));
++/*
++ Dynamically update the compression level and compression strategy. The
++ interpretation of level and strategy is as in deflateInit2. This can be
++ used to switch between compression and straight copy of the input data, or
++ to switch to a different kind of input data requiring a different
++ strategy. If the compression level is changed, the input available so far
++ is compressed with the old level (and may be flushed); the new level will
++ take effect only at the next call of deflate().
++
++ Before the call of deflateParams, the stream state must be set as for
++ a call of deflate(), since the currently available input may have to
++ be compressed and flushed. In particular, strm->avail_out must be non-zero.
++
++ deflateParams returns Z_OK if success, Z_STREAM_ERROR if the source
++ stream state was inconsistent or if a parameter was invalid, Z_BUF_ERROR
++ if strm->avail_out was zero.
++*/
++
++ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm,
++ uLong sourceLen));
++/*
++ deflateBound() returns an upper bound on the compressed size after
++ deflation of sourceLen bytes. It must be called after deflateInit()
++ or deflateInit2(). This would be used to allocate an output buffer
++ for deflation in a single pass, and so would be called before deflate().
++*/
++
++ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm,
++ int bits,
++ int value));
++/*
++ deflatePrime() inserts bits in the deflate output stream. The intent
++ is that this function is used to start off the deflate output with the
++ bits leftover from a previous deflate stream when appending to it. As such,
++ this function can only be used for raw deflate, and must be used before the
++ first deflate() call after a deflateInit2() or deflateReset(). bits must be
++ less than or equal to 16, and that many of the least significant bits of
++ value will be inserted in the output.
++
++ deflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source
++ stream state was inconsistent.
++*/
++
++/*
++ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
++ int windowBits));
++
++ This is another version of inflateInit with an extra parameter. The
++ fields next_in, avail_in, zalloc, zfree and opaque must be initialized
++ before by the caller.
++
++ The windowBits parameter is the base two logarithm of the maximum window
++ size (the size of the history buffer). It should be in the range 8..15 for
++ this version of the library. The default value is 15 if inflateInit is used
++ instead. windowBits must be greater than or equal to the windowBits value
++ provided to deflateInit2() while compressing, or it must be equal to 15 if
++ deflateInit2() was not used. If a compressed stream with a larger window
++ size is given as input, inflate() will return with the error code
++ Z_DATA_ERROR instead of trying to allocate a larger window.
++
++ windowBits can also be -8..-15 for raw inflate. In this case, -windowBits
++ determines the window size. inflate() will then process raw deflate data,
++ not looking for a zlib or gzip header, not generating a check value, and not
++ looking for any check values for comparison at the end of the stream. This
++ is for use with other formats that use the deflate compressed data format
++ such as zip. Those formats provide their own check values. If a custom
++ format is developed using the raw deflate format for compressed data, it is
++ recommended that a check value such as an adler32 or a crc32 be applied to
++ the uncompressed data as is done in the zlib, gzip, and zip formats. For
++ most applications, the zlib format should be used as is. Note that comments
++ above on the use in deflateInit2() applies to the magnitude of windowBits.
++
++ windowBits can also be greater than 15 for optional gzip decoding. Add
++ 32 to windowBits to enable zlib and gzip decoding with automatic header
++ detection, or add 16 to decode only the gzip format (the zlib format will
++ return a Z_DATA_ERROR).
++
++ inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_STREAM_ERROR if a parameter is invalid (such as a negative
++ memLevel). msg is set to null if there is no error message. inflateInit2
++ does not perform any decompression apart from reading the zlib header if
++ present: this will be done by inflate(). (So next_in and avail_in may be
++ modified, but next_out and avail_out are unchanged.)
++*/
++
++ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
++ const Bytef *dictionary,
++ uInt dictLength));
++/*
++ Initializes the decompression dictionary from the given uncompressed byte
++ sequence. This function must be called immediately after a call of inflate
++ if this call returned Z_NEED_DICT. The dictionary chosen by the compressor
++ can be determined from the adler32 value returned by this call of
++ inflate. The compressor and decompressor must use exactly the same
++ dictionary (see deflateSetDictionary).
++
++ inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
++ parameter is invalid (such as NULL dictionary) or the stream state is
++ inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
++ expected one (incorrect adler32 value). inflateSetDictionary does not
++ perform any decompression: this will be done by subsequent calls of
++ inflate().
++*/
++
++ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
++/*
++ Skips invalid compressed data until a full flush point (see above the
++ description of deflate with Z_FULL_FLUSH) can be found, or until all
++ available input is skipped. No output is provided.
++
++ inflateSync returns Z_OK if a full flush point has been found, Z_BUF_ERROR
++ if no more input was provided, Z_DATA_ERROR if no flush point has been found,
++ or Z_STREAM_ERROR if the stream structure was inconsistent. In the success
++ case, the application may save the current current value of total_in which
++ indicates where valid compressed data was found. In the error case, the
++ application may repeatedly call inflateSync, providing more input each time,
++ until success or end of the input data.
++*/
++
++ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest,
++ z_streamp source));
++/*
++ Sets the destination stream as a complete copy of the source stream.
++
++ This function can be useful when randomly accessing a large stream. The
++ first pass through the stream can periodically record the inflate state,
++ allowing restarting inflate at those points when randomly accessing the
++ stream.
++
++ inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
++ (such as zalloc being NULL). msg is left unchanged in both source and
++ destination.
++*/
++
++ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
++/*
++ This function is equivalent to inflateEnd followed by inflateInit,
++ but does not free and reallocate all the internal decompression state.
++ The stream will keep attributes that may have been set by inflateInit2.
++
++ inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
++ stream state was inconsistent (such as zalloc or state being NULL).
++*/
++
++/*
++ZEXTERN int ZEXPORT inflateBackInit OF((z_stream FAR *strm, int windowBits,
++ unsigned char FAR *window));
++
++ Initialize the internal stream state for decompression using inflateBack()
++ calls. The fields zalloc, zfree and opaque in strm must be initialized
++ before the call. If zalloc and zfree are Z_NULL, then the default library-
++ derived memory allocation routines are used. windowBits is the base two
++ logarithm of the window size, in the range 8..15. window is a caller
++ supplied buffer of that size. Except for special applications where it is
++ assured that deflate was used with small window sizes, windowBits must be 15
++ and a 32K byte window must be supplied to be able to decompress general
++ deflate streams.
++
++ See inflateBack() for the usage of these routines.
++
++ inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of
++ the paramaters are invalid, Z_MEM_ERROR if the internal state could not
++ be allocated, or Z_VERSION_ERROR if the version of the library does not
++ match the version of the header file.
++*/
++
++typedef unsigned (*in_func) OF((void FAR *, unsigned char FAR * FAR *));
++typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned));
++
++ZEXTERN int ZEXPORT inflateBack OF((z_stream FAR *strm,
++ in_func in, void FAR *in_desc,
++ out_func out, void FAR *out_desc));
++/*
++ inflateBack() does a raw inflate with a single call using a call-back
++ interface for input and output. This is more efficient than inflate() for
++ file i/o applications in that it avoids copying between the output and the
++ sliding window by simply making the window itself the output buffer. This
++ function trusts the application to not change the output buffer passed by
++ the output function, at least until inflateBack() returns.
++
++ inflateBackInit() must be called first to allocate the internal state
++ and to initialize the state with the user-provided window buffer.
++ inflateBack() may then be used multiple times to inflate a complete, raw
++ deflate stream with each call. inflateBackEnd() is then called to free
++ the allocated state.
++
++ A raw deflate stream is one with no zlib or gzip header or trailer.
++ This routine would normally be used in a utility that reads zip or gzip
++ files and writes out uncompressed files. The utility would decode the
++ header and process the trailer on its own, hence this routine expects
++ only the raw deflate stream to decompress. This is different from the
++ normal behavior of inflate(), which expects either a zlib or gzip header and
++ trailer around the deflate stream.
++
++ inflateBack() uses two subroutines supplied by the caller that are then
++ called by inflateBack() for input and output. inflateBack() calls those
++ routines until it reads a complete deflate stream and writes out all of the
++ uncompressed data, or until it encounters an error. The function's
++ parameters and return types are defined above in the in_func and out_func
++ typedefs. inflateBack() will call in(in_desc, &buf) which should return the
++ number of bytes of provided input, and a pointer to that input in buf. If
++ there is no input available, in() must return zero--buf is ignored in that
++ case--and inflateBack() will return a buffer error. inflateBack() will call
++ out(out_desc, buf, len) to write the uncompressed data buf[0..len-1]. out()
++ should return zero on success, or non-zero on failure. If out() returns
++ non-zero, inflateBack() will return with an error. Neither in() nor out()
++ are permitted to change the contents of the window provided to
++ inflateBackInit(), which is also the buffer that out() uses to write from.
++ The length written by out() will be at most the window size. Any non-zero
++ amount of input may be provided by in().
++
++ For convenience, inflateBack() can be provided input on the first call by
++ setting strm->next_in and strm->avail_in. If that input is exhausted, then
++ in() will be called. Therefore strm->next_in must be initialized before
++ calling inflateBack(). If strm->next_in is Z_NULL, then in() will be called
++ immediately for input. If strm->next_in is not Z_NULL, then strm->avail_in
++ must also be initialized, and then if strm->avail_in is not zero, input will
++ initially be taken from strm->next_in[0 .. strm->avail_in - 1].
++
++ The in_desc and out_desc parameters of inflateBack() is passed as the
++ first parameter of in() and out() respectively when they are called. These
++ descriptors can be optionally used to pass any information that the caller-
++ supplied in() and out() functions need to do their job.
++
++ On return, inflateBack() will set strm->next_in and strm->avail_in to
++ pass back any unused input that was provided by the last in() call. The
++ return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR
++ if in() or out() returned an error, Z_DATA_ERROR if there was a format
++ error in the deflate stream (in which case strm->msg is set to indicate the
++ nature of the error), or Z_STREAM_ERROR if the stream was not properly
++ initialized. In the case of Z_BUF_ERROR, an input or output error can be
++ distinguished using strm->next_in which will be Z_NULL only if in() returned
++ an error. If strm->next is not Z_NULL, then the Z_BUF_ERROR was due to
++ out() returning non-zero. (in() will always be called before out(), so
++ strm->next_in is assured to be defined if out() returns non-zero.) Note
++ that inflateBack() cannot return Z_OK.
++*/
++
++ZEXTERN int ZEXPORT inflateBackEnd OF((z_stream FAR *strm));
++/*
++ All memory allocated by inflateBackInit() is freed.
++
++ inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream
++ state was inconsistent.
++*/
++
++ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void));
++/* Return flags indicating compile-time options.
++
++ Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other:
++ 1.0: size of uInt
++ 3.2: size of uLong
++ 5.4: size of voidpf (pointer)
++ 7.6: size of z_off_t
++
++ Compiler, assembler, and debug options:
++ 8: DEBUG
++ 9: ASMV or ASMINF -- use ASM code
++ 10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention
++ 11: 0 (reserved)
++
++ One-time table building (smaller code, but not thread-safe if true):
++ 12: BUILDFIXED -- build static block decoding tables when needed
++ 13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed
++ 14,15: 0 (reserved)
++
++ Library content (indicates missing functionality):
++ 16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking
++ deflate code when not needed)
++ 17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect
++ and decode gzip streams (to avoid linking crc code)
++ 18-19: 0 (reserved)
++
++ Operation variations (changes in library functionality):
++ 20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate
++ 21: FASTEST -- deflate algorithm with only one, lowest compression level
++ 22,23: 0 (reserved)
++
++ The sprintf variant used by gzprintf (zero is best):
++ 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format
++ 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure!
++ 26: 0 = returns value, 1 = void -- 1 means inferred string length returned
++
++ Remainder:
++ 27-31: 0 (reserved)
++ */
++
++
++ /* utility functions */
++
++/*
++ The following utility functions are implemented on top of the
++ basic stream-oriented functions. To simplify the interface, some
++ default options are assumed (compression level and memory usage,
++ standard memory allocation functions). The source code of these
++ utility functions can easily be modified if you need special options.
++*/
++
++ZEXTERN int ZEXPORT compress OF((Bytef *dest, uLongf *destLen,
++ const Bytef *source, uLong sourceLen));
++/*
++ Compresses the source buffer into the destination buffer. sourceLen is
++ the byte length of the source buffer. Upon entry, destLen is the total
++ size of the destination buffer, which must be at least the value returned
++ by compressBound(sourceLen). Upon exit, destLen is the actual size of the
++ compressed buffer.
++ This function can be used to compress a whole file at once if the
++ input file is mmap'ed.
++ compress returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_BUF_ERROR if there was not enough room in the output
++ buffer.
++*/
++
++ZEXTERN int ZEXPORT compress2 OF((Bytef *dest, uLongf *destLen,
++ const Bytef *source, uLong sourceLen,
++ int level));
++/*
++ Compresses the source buffer into the destination buffer. The level
++ parameter has the same meaning as in deflateInit. sourceLen is the byte
++ length of the source buffer. Upon entry, destLen is the total size of the
++ destination buffer, which must be at least the value returned by
++ compressBound(sourceLen). Upon exit, destLen is the actual size of the
++ compressed buffer.
++
++ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
++ memory, Z_BUF_ERROR if there was not enough room in the output buffer,
++ Z_STREAM_ERROR if the level parameter is invalid.
++*/
++
++ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen));
++/*
++ compressBound() returns an upper bound on the compressed size after
++ compress() or compress2() on sourceLen bytes. It would be used before
++ a compress() or compress2() call to allocate the destination buffer.
++*/
++
++ZEXTERN int ZEXPORT uncompress OF((Bytef *dest, uLongf *destLen,
++ const Bytef *source, uLong sourceLen));
++/*
++ Decompresses the source buffer into the destination buffer. sourceLen is
++ the byte length of the source buffer. Upon entry, destLen is the total
++ size of the destination buffer, which must be large enough to hold the
++ entire uncompressed data. (The size of the uncompressed data must have
++ been saved previously by the compressor and transmitted to the decompressor
++ by some mechanism outside the scope of this compression library.)
++ Upon exit, destLen is the actual size of the compressed buffer.
++ This function can be used to decompress a whole file at once if the
++ input file is mmap'ed.
++
++ uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
++ enough memory, Z_BUF_ERROR if there was not enough room in the output
++ buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete.
++*/
++
++
++typedef voidp gzFile;
++
++ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
++/*
++ Opens a gzip (.gz) file for reading or writing. The mode parameter
++ is as in fopen ("rb" or "wb") but can also include a compression level
++ ("wb9") or a strategy: 'f' for filtered data as in "wb6f", 'h' for
++ Huffman only compression as in "wb1h", or 'R' for run-length encoding
++ as in "wb1R". (See the description of deflateInit2 for more information
++ about the strategy parameter.)
++
++ gzopen can be used to read a file which is not in gzip format; in this
++ case gzread will directly read from the file without decompression.
++
++ gzopen returns NULL if the file could not be opened or if there was
++ insufficient memory to allocate the (de)compression state; errno
++ can be checked to distinguish the two cases (if errno is zero, the
++ zlib error is Z_MEM_ERROR). */
++
++ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
++/*
++ gzdopen() associates a gzFile with the file descriptor fd. File
++ descriptors are obtained from calls like open, dup, creat, pipe or
++ fileno (in the file has been previously opened with fopen).
++ The mode parameter is as in gzopen.
++ The next call of gzclose on the returned gzFile will also close the
++ file descriptor fd, just like fclose(fdopen(fd), mode) closes the file
++ descriptor fd. If you want to keep fd open, use gzdopen(dup(fd), mode).
++ gzdopen returns NULL if there was insufficient memory to allocate
++ the (de)compression state.
++*/
++
++ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
++/*
++ Dynamically update the compression level or strategy. See the description
++ of deflateInit2 for the meaning of these parameters.
++ gzsetparams returns Z_OK if success, or Z_STREAM_ERROR if the file was not
++ opened for writing.
++*/
++
++ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
++/*
++ Reads the given number of uncompressed bytes from the compressed file.
++ If the input file was not in gzip format, gzread copies the given number
++ of bytes into the buffer.
++ gzread returns the number of uncompressed bytes actually read (0 for
++ end of file, -1 for error). */
++
++ZEXTERN int ZEXPORT gzwrite OF((gzFile file,
++ voidpc buf, unsigned len));
++/*
++ Writes the given number of uncompressed bytes into the compressed file.
++ gzwrite returns the number of uncompressed bytes actually written
++ (0 in case of error).
++*/
++
++ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...));
++/*
++ Converts, formats, and writes the args to the compressed file under
++ control of the format string, as in fprintf. gzprintf returns the number of
++ uncompressed bytes actually written (0 in case of error). The number of
++ uncompressed bytes written is limited to 4095. The caller should assure that
++ this limit is not exceeded. If it is exceeded, then gzprintf() will return
++ return an error (0) with nothing written. In this case, there may also be a
++ buffer overflow with unpredictable consequences, which is possible only if
++ zlib was compiled with the insecure functions sprintf() or vsprintf()
++ because the secure snprintf() or vsnprintf() functions were not available.
++*/
++
++ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
++/*
++ Writes the given null-terminated string to the compressed file, excluding
++ the terminating null character.
++ gzputs returns the number of characters written, or -1 in case of error.
++*/
++
++ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
++/*
++ Reads bytes from the compressed file until len-1 characters are read, or
++ a newline character is read and transferred to buf, or an end-of-file
++ condition is encountered. The string is then terminated with a null
++ character.
++ gzgets returns buf, or Z_NULL in case of error.
++*/
++
++ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
++/*
++ Writes c, converted to an unsigned char, into the compressed file.
++ gzputc returns the value that was written, or -1 in case of error.
++*/
++
++ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
++/*
++ Reads one byte from the compressed file. gzgetc returns this byte
++ or -1 in case of end of file or error.
++*/
++
++ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file));
++/*
++ Push one character back onto the stream to be read again later.
++ Only one character of push-back is allowed. gzungetc() returns the
++ character pushed, or -1 on failure. gzungetc() will fail if a
++ character has been pushed but not read yet, or if c is -1. The pushed
++ character will be discarded if the stream is repositioned with gzseek()
++ or gzrewind().
++*/
++
++ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
++/*
++ Flushes all pending output into the compressed file. The parameter
++ flush is as in the deflate() function. The return value is the zlib
++ error number (see function gzerror below). gzflush returns Z_OK if
++ the flush parameter is Z_FINISH and all output could be flushed.
++ gzflush should be called only when strictly necessary because it can
++ degrade compression.
++*/
++
++ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
++ z_off_t offset, int whence));
++/*
++ Sets the starting position for the next gzread or gzwrite on the
++ given compressed file. The offset represents a number of bytes in the
++ uncompressed data stream. The whence parameter is defined as in lseek(2);
++ the value SEEK_END is not supported.
++ If the file is opened for reading, this function is emulated but can be
++ extremely slow. If the file is opened for writing, only forward seeks are
++ supported; gzseek then compresses a sequence of zeroes up to the new
++ starting position.
++
++ gzseek returns the resulting offset location as measured in bytes from
++ the beginning of the uncompressed stream, or -1 in case of error, in
++ particular if the file is opened for writing and the new starting position
++ would be before the current position.
++*/
++
++ZEXTERN int ZEXPORT gzrewind OF((gzFile file));
++/*
++ Rewinds the given file. This function is supported only for reading.
++
++ gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET)
++*/
++
++ZEXTERN z_off_t ZEXPORT gztell OF((gzFile file));
++/*
++ Returns the starting position for the next gzread or gzwrite on the
++ given compressed file. This position represents a number of bytes in the
++ uncompressed data stream.
++
++ gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
++*/
++
++ZEXTERN int ZEXPORT gzeof OF((gzFile file));
++/*
++ Returns 1 when EOF has previously been detected reading the given
++ input stream, otherwise zero.
++*/
++
++ZEXTERN int ZEXPORT gzclose OF((gzFile file));
++/*
++ Flushes all pending output if necessary, closes the compressed file
++ and deallocates all the (de)compression state. The return value is the zlib
++ error number (see function gzerror below).
++*/
++
++ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
++/*
++ Returns the error message for the last error which occurred on the
++ given compressed file. errnum is set to zlib error number. If an
++ error occurred in the file system and not in the compression library,
++ errnum is set to Z_ERRNO and the application may consult errno
++ to get the exact error code.
++*/
++
++ZEXTERN void ZEXPORT gzclearerr OF((gzFile file));
++/*
++ Clears the error and end-of-file flags for file. This is analogous to the
++ clearerr() function in stdio. This is useful for continuing to read a gzip
++ file that is being written concurrently.
++*/
++
++ /* checksum functions */
++
++/*
++ These functions are not related to compression but are exported
++ anyway because they might be useful in applications using the
++ compression library.
++*/
++
++ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
++
++/*
++ Update a running Adler-32 checksum with the bytes buf[0..len-1] and
++ return the updated checksum. If buf is NULL, this function returns
++ the required initial value for the checksum.
++ An Adler-32 checksum is almost as reliable as a CRC32 but can be computed
++ much faster. Usage example:
++
++ uLong adler = adler32(0L, Z_NULL, 0);
++
++ while (read_buffer(buffer, length) != EOF) {
++ adler = adler32(adler, buffer, length);
++ }
++ if (adler != original_adler) error();
++*/
++
++ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
++/*
++ Update a running crc with the bytes buf[0..len-1] and return the updated
++ crc. If buf is NULL, this function returns the required initial value
++ for the crc. Pre- and post-conditioning (one's complement) is performed
++ within this function so it shouldn't be done by the application.
++ Usage example:
++
++ uLong crc = crc32(0L, Z_NULL, 0);
++
++ while (read_buffer(buffer, length) != EOF) {
++ crc = crc32(crc, buffer, length);
++ }
++ if (crc != original_crc) error();
++*/
++
++
++ /* various hacks, don't look :) */
++
++/* deflateInit and inflateInit are macros to allow checking the zlib version
++ * and the compiler's view of z_stream:
++ */
++ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
++ const char *version, int stream_size));
++ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
++ const char *version, int stream_size));
++ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int level, int method,
++ int windowBits, int memLevel,
++ int strategy, const char *version,
++ int stream_size));
++ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int windowBits,
++ const char *version, int stream_size));
++ZEXTERN int ZEXPORT inflateBackInit_ OF((z_stream FAR *strm, int windowBits,
++ unsigned char FAR *window,
++ const char *version,
++ int stream_size));
++#define deflateInit(strm, level) \
++ deflateInit_((strm), (level), ZLIB_VERSION, sizeof(z_stream))
++#define inflateInit(strm) \
++ inflateInit_((strm), ZLIB_VERSION, sizeof(z_stream))
++#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
++ deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
++ (strategy), ZLIB_VERSION, sizeof(z_stream))
++#define inflateInit2(strm, windowBits) \
++ inflateInit2_((strm), (windowBits), ZLIB_VERSION, sizeof(z_stream))
++#define inflateBackInit(strm, windowBits, window) \
++ inflateBackInit_((strm), (windowBits), (window), \
++ ZLIB_VERSION, sizeof(z_stream))
++
++
++#if !defined(ZUTIL_H) && !defined(NO_DUMMY_DECL)
++ struct internal_state {int dummy;}; /* hack for buggy compilers */
++#endif
++
++ZEXTERN const char * ZEXPORT zError OF((int err));
++ZEXTERN int ZEXPORT inflateSyncPoint OF((z_streamp z));
++ZEXTERN const uLongf * ZEXPORT get_crc_table OF((void));
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* ZLIB_H */

Added: trunk/debs/php5/debian/patches/027-readline_is_editline.patch
===================================================================
--- trunk/debs/php5/debian/patches/027-readline_is_editline.patch (rev 0)
+++ trunk/debs/php5/debian/patches/027-readline_is_editline.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,61 @@
+Index: php5-5.2.4/ext/readline/config.m4
+===================================================================
+--- php5-5.2.4.orig/ext/readline/config.m4 2005-11-29 00:04:01.000000000 +0100
++++ php5-5.2.4/ext/readline/config.m4 2007-12-21 12:21:51.623149790 +0100
+@@ -12,7 +12,7 @@
+
+ if test "$PHP_READLINE" && test "$PHP_READLINE" != "no"; then
+ for i in $PHP_READLINE /usr/local /usr; do
+- test -f $i/include/readline/readline.h && READLINE_DIR=$i && break
++ test -f $i/include/editline/readline.h && READLINE_DIR=$i && break
+ done
+
+ if test -z "$READLINE_DIR"; then
+@@ -64,7 +64,7 @@
+ elif test "$PHP_LIBEDIT" != "no"; then
+
+ for i in $PHP_LIBEDIT /usr/local /usr; do
+- test -f $i/include/readline/readline.h && LIBEDIT_DIR=$i && break
++ test -f $i/include/editline/readline.h && LIBEDIT_DIR=$i && break
+ done
+
+ if test -z "$LIBEDIT_DIR"; then
+Index: php5-5.2.4/ext/readline/readline.c
+===================================================================
+--- php5-5.2.4.orig/ext/readline/readline.c 2007-02-12 02:23:17.000000000 +0100
++++ php5-5.2.4/ext/readline/readline.c 2007-12-21 12:23:25.336380666 +0100
+@@ -33,7 +33,7 @@
+ #define rl_completion_matches completion_matches
+ #endif
+
+-#include <readline/readline.h>
++#include <editline/history.h>
+ #ifndef HAVE_LIBEDIT
+ #include <readline/history.h>
+ #endif
+Index: php5-5.2.4/sapi/cli/php_cli.c
+===================================================================
+--- php5-5.2.4.orig/sapi/cli/php_cli.c 2007-08-09 01:51:24.000000000 +0200
++++ php5-5.2.4/sapi/cli/php_cli.c 2007-12-21 12:21:51.627149842 +0100
+@@ -76,7 +76,7 @@
+ #endif
+
+ #if (HAVE_LIBREADLINE || HAVE_LIBEDIT) && !defined(COMPILE_DL_READLINE)
+-#include <readline/readline.h>
++#include <editline/readline.h>
+ #if !HAVE_LIBEDIT
+ #include <readline/history.h>
+ #endif
+Index: php5-5.2.4/sapi/cli/php_cli_readline.c
+===================================================================
+--- php5-5.2.4.orig/sapi/cli/php_cli_readline.c 2007-06-04 11:47:54.000000000 +0200
++++ php5-5.2.4/sapi/cli/php_cli_readline.c 2007-12-21 12:21:51.627149842 +0100
+@@ -49,7 +49,7 @@
+ #include <unixlib/local.h>
+ #endif
+
+-#include <readline/readline.h>
++#include <editline/readline.h>
+ #if !HAVE_LIBEDIT
+ #include <readline/history.h>
+ #endif

Added: trunk/debs/php5/debian/patches/029-php.ini_paranoid.patch
===================================================================
--- trunk/debs/php5/debian/patches/029-php.ini_paranoid.patch (rev 0)
+++ trunk/debs/php5/debian/patches/029-php.ini_paranoid.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,1200 @@
+Index: php5-5.2.0/php.ini-paranoid
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.0/php.ini-paranoid 2007-03-18 22:58:41.000000000 +0100
+@@ -0,0 +1,1195 @@
++[PHP]
++
++;;;;;;;;;;;;;;;;;;;
++; About this file ;
++;;;;;;;;;;;;;;;;;;;
++;
++; This is the paranoid, PHP 4-style version of the php.ini-dist file. It
++; sets some non standard settings, that make PHP more efficient, more secure
++; in a very paranoid way. Note that these security settings will make some
++; applications not work properly.
++;
++; The price is that with these settings, PHP may be incompatible with some
++; applications, and sometimes, more difficult to develop with. Using this
++; file is recommended for production sites which want a high degree of
++; security. As all of the changes from the standard settings are thoroughly
++; documented, you can go over each one,
++; and decide whether you want to use it or not.
++;
++; For general information about the php.ini file, please consult the
++; php.ini-dist file, included in your PHP distribution.
++;
++; For further information see
++; http://www.php.net/features.safe-mode
++; http://www.phpsecure.info/
++;
++; This file is different from the php.ini-dist file in the fact that it features
++; different values for several directives, in order to improve performance, while
++; possibly breaking compatibility with the standard out-of-the-box behavior of
++; PHP 3. Please make sure you read what's different, and modify your scripts
++; accordingly, if you decide to use this file instead.
++;
++; - safe_mode = On [Security, Performance loss]
++; Do UID checks when opening files. Enabling safe_mode also enables
++; other functions related to this mode. For more information read:
++; http://www.php.net/features.safe-mode
++; Worthwhile reading, however, is also
++; http://ilia.ws/archives/18_PHPs_safe_mode_or_how_not_to_implement_security.html
++; Bottomline: Do not trust that safe_mode will drive all your security vulnerabilities
++; away.
++;
++; - safe_mode_protected_env_vars = LD_LIBRARY_PATH PATH [Security]
++; Environment variables that users will not be able to modify through
++; putenv()
++;
++; - open_basedir = /var/www/:/usr/lib/php4/ [Security, Performance loss]
++; Limits the files that PHP can access to the directories specified.
++; This includes the webroot and the usual location of PHP libraries
++; (e.g. PEAR). Since all file locations are checked against this list
++; before any access is allowed, this impacts in the performance of all
++; file operations.
++;
++; - disable_functions = dl, phpinfo, system, .... [Security]
++; Some functions can be used by attackers and can be malversed by
++; applications, the list (not complete) of functions disabled includes
++; functions which might have a severe impact to the system if wrongly used
++; in scripts or subverted remotely by attackers.
++;
++; - expose_php = Off [?Security?]
++; Not exposing that PHP is used in the site (nor its version) can affect
++; how some dumb worms attempt to attack the site. Many might
++; not check this and attempt to compromise the server nevertheless,
++; however. This setting is just 'security by obscurity' so no real
++; security at all (save vs. the dumbest attackers)
++;
++; - error_log = syslog [Security, Performance log]
++; All errors are reported to syslog so that the errors can be easily
++; sent outsite the site to a syslog server. This prevents an intruder
++; from tampering with them in an attempt to hide his tracks since the
++; logs are stored in a different location. It also helps in forensic
++; investigation or when using automatic tools to produce reports or
++; generate alarms based on the syslog information.
++;
++; - register_globals = Off [Security, Performance]
++; Global variables are no longer registered for input data (POST, GET, cookies,
++; environment and other server variables). Instead of using $foo, you must use
++; you can use $_REQUEST["foo"] (includes any variable that arrives through the
++; request, namely, POST, GET and cookie variables), or use one of the specific
++; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending
++; on where the input originates. Also, you can look at the
++; import_request_variables() function.
++; Note that register_globals is going to be depracated (i.e., turned off by
++; default) in the next version of PHP, because it often leads to security bugs.
++; Read http://php.net/manual/en/security.registerglobals.php for further
++; information.
++; - display_errors = Off [Security]
++; With this directive set to off, errors that occur during the execution of
++; scripts will no longer be displayed as a part of the script output, and thus,
++; will no longer be exposed to remote users. With some errors, the error message
++; content may expose information about your script, web server, or database
++; server that may be exploitable for hacking. Production sites should have this
++; directive set to off.
++; - log_errors = On [Security]
++; This directive complements the above one. Any errors that occur during the
++; execution of your script will be logged (typically, to your server's error log,
++; but can be configured in several ways). Along with setting display_errors to off,
++; this setup gives you the ability to fully understand what may have gone wrong,
++; without exposing any sensitive information to remote users.
++; - output_buffering = 4096 [Performance]
++; Set a 4KB output buffer. Enabling output buffering typically results in less
++; writes, and sometimes less packets sent on the wire, which can often lead to
++; better performance. The gain this directive actually yields greatly depends
++; on which Web server you're working with, and what kind of scripts you're using.
++; - register_argc_argv = Off [Performance]
++; Disables registration of the somewhat redundant $argv and $argc global
++; variables.
++; - magic_quotes_gpc = On [Security]
++; Input data is escaped with slashes so that applications that do
++; not use addslashes() are not so easily subjected to SQL injection
++; when talking to SQL databases.
++;
++; - variables_order = "GPCS" [Performance]
++; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access
++; environment variables, you can use getenv() instead.
++; - error_reporting = E_ALL [Code Cleanliness, Security(?)]
++; By default, PHP surpresses errors of type E_NOTICE. These error messages
++; are emitted for non-critical errors, but that could be a symptom of a bigger
++; problem. Most notably, this will cause error messages about the use
++; of uninitialized variables to be displayed.
++; - allow_call_time_pass_reference = Off [Code cleanliness]
++; It's not possible to decide to force a variable to be passed by reference
++; when calling a function. The PHP 4 style to do this is by making the
++; function require the relevant argument by reference.
++;
++; - enable_dl = Off [Security]
++; The dl() function is not needed in most environments and does introduce
++; a number of security issues.
++; - file_uploads = Off [Security]
++; File uploads should not be allowed to the server.
++; - allow_url_fopen = Off [Security]
++; File calls should not transparently retrieve files from the network
++; since this could be subverted by attackers in poorly coded scripts
++; by forcing them to download (and execute) malicious remote content
++; from compromised hosts. This behaviour has been observed in automatic
++; worms/tools that use it to scan and propagate through badly written
++; applications (in conjuntion with other unsafe features)
++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php
++
++
++;;;;;;;;;;;;;;;;;;;;
++; Language Options ;
++;;;;;;;;;;;;;;;;;;;;
++
++; Enable the PHP scripting language engine under Apache.
++engine = On
++
++; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized.
++; NOTE: Using short tags should be avoided when developing applications or
++; libraries that are meant for redistribution, or deployment on PHP
++; servers which are not under your control, because short tags may not
++; be supported on the target server. For portable, redistributable code,
++; be sure not to use short tags.
++short_open_tag = On
++
++; Allow ASP-style <% %> tags.
++asp_tags = Off
++
++; The number of significant digits displayed in floating point numbers.
++precision = 14
++
++; Enforce year 2000 compliance (will cause problems with non-compliant browsers)
++y2k_compliance = On
++
++; Output buffering allows you to send header lines (including cookies) even
++; after you send body content, at the price of slowing PHP's output layer a
++; bit. You can enable output buffering during runtime by calling the output
++; buffering functions. You can also enable output buffering for all files by
++; setting this directive to On. If you wish to limit the size of the buffer
++; to a certain size - you can use a maximum number of bytes instead of 'On', as
++; a value for this directive (e.g., output_buffering=4096).
++output_buffering = 4096
++
++; You can redirect all of the output of your scripts to a function. For
++; example, if you set output_handler to "mb_output_handler", character
++; encoding will be transparently converted to the specified encoding.
++; Setting any output handler automatically turns on output buffering.
++; Note: People who wrote portable scripts should not depend on this ini
++; directive. Instead, explicitly set the output handler using ob_start().
++; Using this ini directive may cause problems unless you know what script
++; is doing.
++; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
++; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
++;output_handler =
++
++; Transparent output compression using the zlib library
++; Valid values for this option are 'off', 'on', or a specific buffer size
++; to be used for compression (default is 4KB)
++; Note: Resulting chunk size may vary due to nature of compression. PHP
++; outputs chunks that are few handreds bytes each as a result of compression.
++; If you want larger chunk size for better performence, enable output_buffering
++; also.
++; Note: output_handler must be empty if this is set 'On' !!!!
++; Instead you must use zlib.output_handler.
++zlib.output_compression = Off
++
++; You cannot specify additional output handlers if zlib.output_compression
++; is activated here. This setting does the same as output_handler but in
++; a different order.
++;zlib.output_handler =
++
++; Implicit flush tells PHP to tell the output layer to flush itself
++; automatically after every output block. This is equivalent to calling the
++; PHP function flush() after each and every call to print() or echo() and each
++; and every HTML block. Turning this option on has serious performance
++; implications and is generally recommended for debugging purposes only.
++implicit_flush = Off
++
++; The unserialize callback function will be called (with the undefined class'
++; name as parameter), if the unserializer finds an undefined class
++; which should be instanciated.
++; A warning appears if the specified function is not defined, or if the
++; function doesn't include/implement the missing class.
++; So only set this entry, if you really want to implement such a
++; callback-function.
++unserialize_callback_func=
++
++; When floats & doubles are serialized store serialize_precision significant
++; digits after the floating point. The default value ensures that when floats
++; are decoded with unserialize, the data will remain the same.
++serialize_precision = 100
++
++; Whether to enable the ability to force arguments to be passed by reference
++; at function call time. This method is deprecated and is likely to be
++; unsupported in future versions of PHP/Zend. The encouraged method of
++; specifying which arguments should be passed by reference is in the function
++; declaration. You're encouraged to try and turn this option Off and make
++; sure your scripts work properly with it in order to ensure they will work
++; with future versions of the language (you will receive a warning each time
++; you use this feature, and the argument will be passed by value instead of by
++; reference).
++allow_call_time_pass_reference = Off
++
++;
++; Safe Mode
++;
++safe_mode = On
++
++; By default, Safe Mode does a UID compare check when
++; opening files. If you want to relax this to a GID compare,
++; then turn on safe_mode_gid.
++safe_mode_gid = Off
++
++; When safe_mode is on, UID/GID checks are bypassed when
++; including files from this directory and its subdirectories.
++; (directory must also be in include_path or full path must
++; be used when including)
++safe_mode_include_dir =
++
++; When safe_mode is on, only executables located in the safe_mode_exec_dir
++; will be allowed to be executed via the exec family of functions.
++;
++; Note: This should be customised per site (if exec is permitted)
++safe_mode_exec_dir =
++
++; Setting certain environment variables may be a potential security breach.
++; This directive contains a comma-delimited list of prefixes. In Safe Mode,
++; the user may only alter environment variables whose names begin with the
++; prefixes supplied here. By default, users will only be able to set
++; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
++;
++; Note: If this directive is empty, PHP will let the user modify ANY
++; environment variable!
++safe_mode_allowed_env_vars = PHP_
++
++; This directive contains a comma-delimited list of environment variables that
++; the end user won't be able to change using putenv(). These variables will be
++; protected even if safe_mode_allowed_env_vars is set to allow to change them.
++safe_mode_protected_env_vars = LD_LIBRARY_PATH,PATH
++
++; open_basedir, if set, limits all file operations to the defined directory
++; and below. This directive makes most sense if used in a per-directory
++; or per-virtualhost web server configuration file. This directive is
++; *NOT* affected by whether Safe Mode is turned On or Off.
++;
++; In Debian, the WebRoot is /var/www/ so we limit file operations to it.
++open_basedir = /var/www/:/usr/lib/php4/
++
++; This directive allows you to disable certain functions for security reasons.
++; It receives a comma-delimited list of function names. This directive is
++; *NOT* affected by whether Safe Mode is turned On or Off.
++;
++; Note: The list of functions disabled here might break some applications
++; however, they are considered dangerous and often subverted by attackers
++; remotely
++disable_functions = dl, phpinfo, system, mail, include, shell_exec, exec, escapeshellarg, escapeshellcmd, passthru, proc_close, proc_open, proc_get_status, proc_nice, proc_open, proc_terminate, popen, pclose, chown, disk_free_space, disk_total_space, diskfreespace, fileinode, max_execution_time, set_time_limit,highlight_file, show_source
++
++; This directive allows you to disable certain classes for security reasons.
++; It receives a comma-delimited list of class names. This directive is
++; *NOT* affected by whether Safe Mode is turned On or Off.
++disable_classes =
++
++; Colors for Syntax Highlighting mode. Anything that's acceptable in
++; <font color="??????"> would work.
++;highlight.string = #DD0000
++;highlight.comment = #FF9900
++;highlight.keyword = #007700
++;highlight.bg = #FFFFFF
++;highlight.default = #0000BB
++;highlight.html = #000000
++
++
++;
++; Misc
++;
++; Decides whether PHP may expose the fact that it is installed on the server
++; (e.g. by adding its signature to the Web server header). It is no security
++; threat in any way, but it makes it possible to determine whether you use PHP
++; on your server or not.
++expose_php = Off
++
++
++;;;;;;;;;;;;;;;;;;;
++; Resource Limits ;
++;;;;;;;;;;;;;;;;;;;
++
++max_execution_time = 30 ; Maximum execution time of each script, in seconds
++max_input_time = 60 ; Maximum amount of time each script may spend parsing request data
++memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)
++
++
++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
++; Error handling and logging ;
++;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
++
++; error_reporting is a bit-field. Or each number up to get desired error
++; reporting level
++; E_ALL - All errors and warnings
++; E_ERROR - fatal run-time errors
++; E_WARNING - run-time warnings (non-fatal errors)
++; E_PARSE - compile-time parse errors
++; E_NOTICE - run-time notices (these are warnings which often result
++; from a bug in your code, but it's possible that it was
++; intentional (e.g., using an uninitialized variable and
++; relying on the fact it's automatically initialized to an
++; empty string)
++; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
++; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
++; initial startup
++; E_COMPILE_ERROR - fatal compile-time errors
++; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
++; E_USER_ERROR - user-generated error message
++; E_USER_WARNING - user-generated warning message
++; E_USER_NOTICE - user-generated notice message
++;
++; Examples:
++;
++; - Show all errors, except for notices
++;
++;error_reporting = E_ALL & ~E_NOTICE
++;
++; - Show only errors
++;
++;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR
++;
++; - Show all errors
++;
++error_reporting = E_ALL
++
++; Print out errors (as a part of the output). For production web sites,
++; you're strongly encouraged to turn this feature off, and use error logging
++; instead (see below). Keeping display_errors enabled on a production web site
++; may reveal security information to end users, such as file paths on your Web
++; server, your database schema or other information.
++display_errors = Off
++
++; Even when display_errors is on, errors that occur during PHP's startup
++; sequence are not displayed. It's strongly recommended to keep
++; display_startup_errors off, except for when debugging.
++display_startup_errors = Off
++
++; Log errors into a log file (server-specific log, stderr, or error_log (below))
++; As stated above, you're strongly advised to use error logging in place of
++; error displaying on production web sites.
++log_errors = On
++
++; Set maximum length of log_errors. In error_log information about the source is
++; added. The default is 1024 and 0 allows to not apply any maximum length at all.
++log_errors_max_len = 1024
++
++; Do not log repeated messages. Repeated errors must occur in same file on same
++; line until ignore_repeated_source is set true.
++ignore_repeated_errors = Off
++
++; Ignore source of message when ignoring repeated messages. When this setting
++; is On you will not log errors with repeated messages from different files or
++; sourcelines.
++ignore_repeated_source = Off
++
++; If this parameter is set to Off, then memory leaks will not be shown (on
++; stdout or in the log). This has only effect in a debug compile, and if
++; error reporting includes E_WARNING in the allowed list
++report_memleaks = On
++
++; Store the last error/warning message in $php_errormsg (boolean).
++track_errors = Off
++
++; Disable the inclusion of HTML tags in error messages.
++html_errors = Off
++
++; If html_errors is set On PHP produces clickable error messages that direct
++; to a page describing the error or function causing the error in detail.
++; You can download a copy of the PHP manual from http://www.php.net/docs.php
++; and change docref_root to the base URL of your local copy including the
++; leading '/'. You must also specify the file extension being used including
++; the dot.
++;docref_root = "/phpmanual/"
++;docref_ext = .html
++
++; String to output before an error message.
++;error_prepend_string = "<font color=ff0000>"
++
++; String to output after an error message.
++;error_append_string = "</font>"
++
++; Log errors to specified file.
++;error_log = filename
++
++; Log errors to syslog (Event Log on NT, not valid in Windows 95).
++error_log = syslog
++
++
++;;;;;;;;;;;;;;;;;
++; Data Handling ;
++;;;;;;;;;;;;;;;;;
++;
++; Note - track_vars is ALWAYS enabled as of PHP 4.0.3
++
++; The separator used in PHP generated URLs to separate arguments.
++; Default is "&".
++;arg_separator.output = "&amp;"
++
++; List of separator(s) used by PHP to parse input URLs into variables.
++; Default is "&".
++; NOTE: Every character in this directive is considered as separator!
++;arg_separator.input = ";&"
++
++; This directive describes the order in which PHP registers GET, POST, Cookie,
++; Environment and Built-in variables (G, P, C, E & S respectively, often
++; referred to as EGPCS or GPC). Registration is done from left to right, newer
++; values override older values.
++variables_order = "GPCS"
++
++; Whether or not to register the EGPCS variables as global variables. You may
++; want to turn this off if you don't want to clutter your scripts' global scope
++; with user data. This makes most sense when coupled with track_vars - in which
++; case you can access all of the GPC variables through the $HTTP_*_VARS[],
++; variables.
++;
++; You should do your best to write your scripts so that they do not require
++; register_globals to be on; Using form variables as globals can easily lead
++; to possible security problems, if the code is not very well thought of.
++register_globals = Off
++
++; This directive tells PHP whether to declare the argv&argc variables (that
++; would contain the GET information). If you don't use these variables, you
++; should turn it off for increased performance.
++register_argc_argv = Off
++
++; Maximum size of POST data that PHP will accept.
++post_max_size = 8M
++
++; This directive is deprecated. Use variables_order instead.
++gpc_order = "GPC"
++
++; Magic quotes
++;
++
++; Magic quotes for incoming GET/POST/Cookie data.
++magic_quotes_gpc = On
++
++; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
++magic_quotes_runtime = Off
++
++; Use Sybase-style magic quotes (escape ' with '' instead of \').
++magic_quotes_sybase = Off
++
++; Automatically add files before or after any PHP document.
++auto_prepend_file =
++auto_append_file =
++
++; As of 4.0b4, PHP always outputs a character encoding by default in
++; the Content-type: header. To disable sending of the charset, simply
++; set it to be empty.
++;
++; PHP's built-in default is text/html
++default_mimetype = "text/html"
++;default_charset = "iso-8859-1"
++
++; Always populate the $HTTP_RAW_POST_DATA variable.
++;always_populate_raw_post_data = On
++
++
++;;;;;;;;;;;;;;;;;;;;;;;;;
++; Paths and Directories ;
++;;;;;;;;;;;;;;;;;;;;;;;;;
++
++; UNIX: "/path1:/path2"
++;include_path = ".:/php/includes"
++;
++; Windows: "\path1;\path2"
++;include_path = ".;c:\php\includes"
++
++; The root of the PHP pages, used only if nonempty.
++; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
++; if you are running php as a CGI under any web server (other than IIS)
++; see documentation for security issues. The alternate is to use the
++; cgi.force_redirect configuration below
++doc_root =
++
++; The directory under which PHP opens the script using /~usernamem used only
++; if nonempty.
++user_dir =
++
++; Directory in which the loadable extensions (modules) reside.
++extension_dir = "./"
++
++; Whether or not to enable the dl() function. The dl() function does NOT work
++; properly in multithreaded servers, such as IIS or Zeus, and is automatically
++; disabled on them.
++;
++; The dl function also introduces security issues.
++enable_dl = Off
++
++; cgi.force_redirect is necessary to provide security running PHP as a CGI under
++; most web servers. Left undefined, PHP turns this on by default. You can
++; turn it off here AT YOUR OWN RISK
++; **You CAN safely turn this off for IIS, in fact, you MUST.**
++; cgi.force_redirect = 1
++
++; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
++; every request.
++; cgi.nph = 1
++
++; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
++; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
++; will look for to know it is OK to continue execution. Setting this variable MAY
++; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
++; cgi.redirect_status_env = ;
++
++; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
++; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
++; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
++; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting
++; of zero causes PHP to behave as before. Default is zero. You should fix your scripts
++; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
++; cgi.fix_pathinfo=1
++
++; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
++; security tokens of the calling client. This allows IIS to define the
++; security context that the request runs under. mod_fastcgi under Apache
++; does not currently support this feature (03/17/2002)
++; Set to 1 if running under IIS. Default is zero.
++; fastcgi.impersonate = 1;
++
++; cgi.rfc2616_headers configuration option tells PHP what type of headers to
++; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
++; is supported by Apache. When this option is set to 1 PHP will send
++; RFC2616 compliant header.
++; Default is zero.
++;cgi.rfc2616_headers = 0
++
++
++;;;;;;;;;;;;;;;;
++; File Uploads ;
++;;;;;;;;;;;;;;;;
++
++; Whether to allow HTTP file uploads.
++file_uploads = Off
++
++; Temporary directory for HTTP uploaded files (will use system default if not
++; specified).
++;upload_tmp_dir =
++
++; Maximum allowed size for uploaded files.
++upload_max_filesize = 2M
++
++
++;;;;;;;;;;;;;;;;;;
++; Fopen wrappers ;
++;;;;;;;;;;;;;;;;;;
++
++; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
++;
++; This is turned off to avoid variable redefinition by remote attacker
++; that attempts to have the server download (and execute) a remote file
++; from a compromised host. This behaviour has been observed in automatic
++; scanning against badly written applications:
++; http://myhost/myapplication.php?include=http://roguesever/rogueapp.php
++allow_url_fopen = Off
++
++; Define the anonymous ftp password (your email address)
++;from="john [at] doe"
++
++; Define the user agent for php to send
++;user_agent="PHP"
++
++; Default timeout for socket based streams (seconds)
++default_socket_timeout = 60
++
++; If your scripts have to deal with files from Macintosh systems,
++; or you are running on a Mac and need to deal with files from
++; unix or win32 systems, setting this flag will cause PHP to
++; automatically detect the EOL character in those files so that
++; fgets() and file() will work regardless of the source of the file.
++; auto_detect_line_endings = Off
++
++
++;;;;;;;;;;;;;;;;;;;;;;
++; Dynamic Extensions ;
++;;;;;;;;;;;;;;;;;;;;;;
++;
++; If you wish to have an extension loaded automatically, use the following
++; syntax:
++;
++; extension=modulename.extension
++;
++; For example, on Windows:
++;
++; extension=msql.dll
++;
++; ... or under UNIX:
++;
++; extension=msql.so
++;
++; Note that it should be the name of the module only; no directory information
++; needs to go here. Specify the location of the extension with the
++; extension_dir directive above.
++
++
++;Windows Extensions
++;Note that MySQL and ODBC support is now built in, so no dll is needed for it.
++;
++;extension=php_bz2.dll
++;extension=php_cpdf.dll
++;extension=php_crack.dll
++;extension=php_curl.dll
++;extension=php_db.dll
++;extension=php_dba.dll
++;extension=php_dbase.dll
++;extension=php_dbx.dll
++;extension=php_domxml.dll
++;extension=php_exif.dll
++;extension=php_fdf.dll
++;extension=php_filepro.dll
++;extension=php_gd2.dll
++;extension=php_gettext.dll
++;extension=php_hyperwave.dll
++;extension=php_iconv.dll
++;extension=php_ifx.dll
++;extension=php_iisfunc.dll
++;extension=php_imap.dll
++;extension=php_interbase.dll
++;extension=php_java.dll
++;extension=php_ldap.dll
++;extension=php_mbstring.dll
++;extension=php_mcrypt.dll
++;extension=php_mhash.dll
++;extension=php_mime_magic.dll
++;extension=php_ming.dll
++;extension=php_mssql.dll
++;extension=php_msql.dll
++;extension=php_oci8.dll
++;extension=php_openssl.dll
++;extension=php_oracle.dll
++;extension=php_pdf.dll
++;extension=php_pgsql.dll
++;extension=php_printer.dll
++;extension=php_shmop.dll
++;extension=php_snmp.dll
++;extension=php_sockets.dll
++;extension=php_sybase_ct.dll
++;extension=php_w32api.dll
++;extension=php_xmlrpc.dll
++;extension=php_xslt.dll
++;extension=php_yaz.dll
++;extension=php_zip.dll
++
++
++;;;;;;;;;;;;;;;;;;;
++; Module Settings ;
++;;;;;;;;;;;;;;;;;;;
++
++[Syslog]
++; Whether or not to define the various syslog variables (e.g. $LOG_PID,
++; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In
++; runtime, you can define these variables by calling define_syslog_variables().
++define_syslog_variables = Off
++
++[mail function]
++; For Win32 only.
++SMTP = localhost
++smtp_port = 25
++
++; For Win32 only.
++;sendmail_from = me [at] example
++
++; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
++;sendmail_path =
++
++[Java]
++;java.class.path = .\php_java.jar
++;java.home = c:\jdk
++;java.library = c:\jdk\jre\bin\hotspot\jvm.dll
++;java.library.path = .\
++
++[SQL]
++sql.safe_mode = On
++
++[ODBC]
++;odbc.default_db = Not yet implemented
++;odbc.default_user = Not yet implemented
++;odbc.default_pw = Not yet implemented
++
++; Allow or prevent persistent links.
++odbc.allow_persistent = On
++
++; Check that a connection is still valid before reuse.
++odbc.check_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++odbc.max_persistent = -1
++
++; Maximum number of links (persistent + non-persistent). -1 means no limit.
++odbc.max_links = -1
++
++; Handling of LONG fields. Returns number of bytes to variables. 0 means
++; passthru.
++odbc.defaultlrl = 4096
++
++; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
++; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
++; of uodbc.defaultlrl and uodbc.defaultbinmode
++odbc.defaultbinmode = 1
++
++[MySQL]
++; Allow or prevent persistent links.
++mysql.allow_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++mysql.max_persistent = -1
++
++; Maximum number of links (persistent + non-persistent). -1 means no limit.
++mysql.max_links = -1
++
++; Default port number for mysql_connect(). If unset, mysql_connect() will use
++; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
++; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
++; at MYSQL_PORT.
++mysql.default_port =
++
++; Default socket name for local MySQL connects. If empty, uses the built-in
++; MySQL defaults.
++mysql.default_socket =
++
++; Default host for mysql_connect() (doesn't apply in safe mode).
++mysql.default_host =
++
++; Default user for mysql_connect() (doesn't apply in safe mode).
++mysql.default_user =
++
++; Default password for mysql_connect() (doesn't apply in safe mode).
++; Note that this is generally a *bad* idea to store passwords in this file.
++; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
++; and reveal this password! And of course, any users with read access to this
++; file will be able to reveal the password as well.
++mysql.default_password =
++
++; Maximum time (in seconds) for connect timeout. -1 means no limit
++mysql.connect_timeout = 60
++
++; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
++; SQL-Errors will be displayed.
++mysql.trace_mode = Off
++
++[mSQL]
++; Allow or prevent persistent links.
++msql.allow_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++msql.max_persistent = -1
++
++; Maximum number of links (persistent+non persistent). -1 means no limit.
++msql.max_links = -1
++
++[PostgresSQL]
++; Allow or prevent persistent links.
++pgsql.allow_persistent = On
++
++; Detect broken persistent links always with pg_pconnect().
++; Auto reset feature requires a little overheads.
++pgsql.auto_reset_persistent = Off
++
++; Maximum number of persistent links. -1 means no limit.
++pgsql.max_persistent = -1
++
++; Maximum number of links (persistent+non persistent). -1 means no limit.
++pgsql.max_links = -1
++
++; Ignore PostgreSQL backends Notice message or not.
++; Notice message logging require a little overheads.
++pgsql.ignore_notice = 0
++
++; Log PostgreSQL backends Noitce message or not.
++; Unless pgsql.ignore_notice=0, module cannot log notice message.
++pgsql.log_notice = 0
++
++[Sybase]
++; Allow or prevent persistent links.
++sybase.allow_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++sybase.max_persistent = -1
++
++; Maximum number of links (persistent + non-persistent). -1 means no limit.
++sybase.max_links = -1
++
++;sybase.interface_file = "/usr/sybase/interfaces"
++
++; Minimum error severity to display.
++sybase.min_error_severity = 10
++
++; Minimum message severity to display.
++sybase.min_message_severity = 10
++
++; Compatability mode with old versions of PHP 3.0.
++; If on, this will cause PHP to automatically assign types to results according
++; to their Sybase type, instead of treating them all as strings. This
++; compatibility mode will probably not stay around forever, so try applying
++; whatever necessary changes to your code, and turn it off.
++sybase.compatability_mode = Off
++
++[Sybase-CT]
++; Allow or prevent persistent links.
++sybct.allow_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++sybct.max_persistent = -1
++
++; Maximum number of links (persistent + non-persistent). -1 means no limit.
++sybct.max_links = -1
++
++; Minimum server message severity to display.
++sybct.min_server_severity = 10
++
++; Minimum client message severity to display.
++sybct.min_client_severity = 10
++
++[dbx]
++; returned column names can be converted for compatibility reasons
++; possible values for dbx.colnames_case are
++; "unchanged" (default, if not set)
++; "lowercase"
++; "uppercase"
++; the recommended default is either upper- or lowercase, but
++; unchanged is currently set for backwards compatibility
++dbx.colnames_case = "lowercase"
++
++[bcmath]
++; Number of decimal digits for all bcmath functions.
++bcmath.scale = 0
++
++[browscap]
++;browscap = extra/browscap.ini
++
++[Informix]
++; Default host for ifx_connect() (doesn't apply in safe mode).
++ifx.default_host =
++
++; Default user for ifx_connect() (doesn't apply in safe mode).
++ifx.default_user =
++
++; Default password for ifx_connect() (doesn't apply in safe mode).
++ifx.default_password =
++
++; Allow or prevent persistent links.
++ifx.allow_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++ifx.max_persistent = -1
++
++; Maximum number of links (persistent + non-persistent). -1 means no limit.
++ifx.max_links = -1
++
++; If on, select statements return the contents of a text blob instead of its id.
++ifx.textasvarchar = 0
++
++; If on, select statements return the contents of a byte blob instead of its id.
++ifx.byteasvarchar = 0
++
++; Trailing blanks are stripped from fixed-length char columns. May help the
++; life of Informix SE users.
++ifx.charasvarchar = 0
++
++; If on, the contents of text and byte blobs are dumped to a file instead of
++; keeping them in memory.
++ifx.blobinfile = 0
++
++; NULL's are returned as empty strings, unless this is set to 1. In that case,
++; NULL's are returned as string 'NULL'.
++ifx.nullformat = 0
++
++[Session]
++; Handler used to store/retrieve data.
++session.save_handler = files
++
++; Argument passed to save_handler. In the case of files, this is the path
++; where data files are stored. Note: Windows users have to change this
++; variable in order to use PHP's session functions.
++;session.save_path = /tmp
++
++; Whether to use cookies.
++session.use_cookies = 1
++
++; This option enables administrators to make their users invulnerable to
++; attacks which involve passing session ids in URLs; defaults to 0.
++; session.use_only_cookies = 1
++
++; Name of the session (used as cookie name).
++session.name = PHPSESSID
++
++; Initialize session on request startup.
++session.auto_start = 0
++
++; Lifetime in seconds of cookie or, if 0, until browser is restarted.
++session.cookie_lifetime = 0
++
++; The path for which the cookie is valid.
++session.cookie_path = /
++
++; The domain for which the cookie is valid.
++session.cookie_domain =
++
++; Handler used to serialize data. php is the standard serializer of PHP.
++session.serialize_handler = php
++
++; Define the probability that the 'garbage collection' process is started
++; on every session initialization.
++; The probability is calculated by using gc_probability/gc_divisor,
++; e.g. 1/100 means there is a 1% chance that the GC process starts
++; on each request.
++
++session.gc_probability = 1
++session.gc_divisor = 1000
++
++; After this number of seconds, stored data will be seen as 'garbage' and
++; cleaned up by the garbage collection process.
++session.gc_maxlifetime = 1440
++
++; PHP 4.2 and less have an undocumented feature/bug that allows you to
++; to initialize a session variable in the global scope, albeit register_globals
++; is disabled. PHP 4.3 and later will warn you, if this feature is used.
++; You can disable the feature and the warning separately. At this time,
++; the warning is only displayed, if bug_compat_42 is enabled.
++
++session.bug_compat_42 = 0
++session.bug_compat_warn = 1
++
++; Check HTTP Referer to invalidate externally stored URLs containing ids.
++; HTTP_REFERER has to contain this substring for the session to be
++; considered as valid.
++session.referer_check =
++
++; How many bytes to read from the file.
++session.entropy_length = 0
++
++; Specified here to create the session id.
++session.entropy_file =
++
++;session.entropy_length = 16
++
++;session.entropy_file = /dev/urandom
++
++; Set to {nocache,private,public,} to determine HTTP caching aspects.
++; or leave this empty to avoid sending anti-caching headers.
++session.cache_limiter = nocache
++
++; Document expires after n minutes.
++session.cache_expire = 180
++
++; trans sid support is disabled by default.
++; Use of trans sid may risk your users security.
++; Use this option with caution.
++; - User may send URL contains active session ID
++; to other person via. email/irc/etc.
++; - URL that contains active session ID may be stored
++; in publically accessible computer.
++; - User may access your site with the same session ID
++; always using URL stored in browser's history or bookmarks.
++session.use_trans_sid = 0
++
++; The URL rewriter will look for URLs in a defined set of HTML tags.
++; form/fieldset are special; if you include them here, the rewriter will
++; add a hidden <input> field with the info which is otherwise appended
++; to URLs. If you want XHTML conformity, remove the form entry.
++; Note that all valid entries require a "=", even if no value follows.
++url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
++
++[MSSQL]
++; Allow or prevent persistent links.
++mssql.allow_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++mssql.max_persistent = -1
++
++; Maximum number of links (persistent+non persistent). -1 means no limit.
++mssql.max_links = -1
++
++; Minimum error severity to display.
++mssql.min_error_severity = 10
++
++; Minimum message severity to display.
++mssql.min_message_severity = 10
++
++; Compatability mode with old versions of PHP 3.0.
++mssql.compatability_mode = Off
++
++; Connect timeout
++;mssql.connect_timeout = 5
++
++; Query timeout
++;mssql.timeout = 60
++
++; Valid range 0 - 2147483647. Default = 4096.
++;mssql.textlimit = 4096
++
++; Valid range 0 - 2147483647. Default = 4096.
++;mssql.textsize = 4096
++
++; Limits the number of records in each batch. 0 = all records in one batch.
++;mssql.batchsize = 0
++
++; Specify how datetime and datetim4 columns are returned
++; On => Returns data converted to SQL server settings
++; Off => Returns values as YYYY-MM-DD hh:mm:ss
++;mssql.datetimeconvert = On
++
++; Use NT authentication when connecting to the server
++mssql.secure_connection = On
++
++; Specify max number of processes. Default = 25
++;mssql.max_procs = 25
++
++[Assertion]
++; Assert(expr); active by default.
++;assert.active = On
++
++; Issue a PHP warning for each failed assertion.
++;assert.warning = On
++
++; Don't bail out by default.
++;assert.bail = Off
++
++; User-function to be called if an assertion fails.
++;assert.callback = 0
++
++; Eval the expression with current error_reporting(). Set to true if you want
++; error_reporting(0) around the eval().
++;assert.quiet_eval = 0
++
++[Ingres II]
++; Allow or prevent persistent links.
++ingres.allow_persistent = On
++
++; Maximum number of persistent links. -1 means no limit.
++ingres.max_persistent = -1
++
++; Maximum number of links, including persistents. -1 means no limit.
++ingres.max_links = -1
++
++; Default database (format: [node_id::]dbname[/srv_class]).
++ingres.default_database =
++
++; Default user.
++ingres.default_user =
++
++; Default password.
++ingres.default_password =
++
++[Verisign Payflow Pro]
++; Default Payflow Pro server.
++pfpro.defaulthost = "test-payflow.verisign.com"
++
++; Default port to connect to.
++pfpro.defaultport = 443
++
++; Default timeout in seconds.
++pfpro.defaulttimeout = 30
++
++; Default proxy IP address (if required).
++;pfpro.proxyaddress =
++
++; Default proxy port.
++;pfpro.proxyport =
++
++; Default proxy logon.
++;pfpro.proxylogon =
++
++; Default proxy password.
++;pfpro.proxypassword =
++
++[Sockets]
++; Use the system read() function instead of the php_read() wrapper.
++sockets.use_system_read = On
++
++[com]
++; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
++;com.typelib_file =
++; allow Distributed-COM calls
++;com.allow_dcom = true
++; autoregister constants of a components typlib on com_load()
++;com.autoregister_typelib = true
++; register constants casesensitive
++;com.autoregister_casesensitive = false
++; show warnings on duplicate constat registrations
++;com.autoregister_verbose = true
++
++[Printer]
++;printer.default_printer = ""
++
++[mbstring]
++; language for internal character representation.
++;mbstring.language = Japanese
++
++; internal/script encoding.
++; Some encoding cannot work as internal encoding.
++; (e.g. SJIS, BIG5, ISO-2022-*)
++;mbstring.internal_encoding = EUC-JP
++
++; http input encoding.
++;mbstring.http_input = auto
++
++; http output encoding. mb_output_handler must be
++; registered as output buffer to function
++;mbstring.http_output = SJIS
++
++; enable automatic encoding translation accoding to
++; mbstring.internal_encoding setting. Input chars are
++; converted to internal encoding by setting this to On.
++; Note: Do _not_ use automatic encoding translation for
++; portable libs/applications.
++;mbstring.encoding_translation = Off
++
++; automatic encoding detection order.
++; auto means
++;mbstring.detect_order = auto
++
++; substitute_character used when character cannot be converted
++; one from another
++;mbstring.substitute_character = none;
++
++; overload(replace) single byte functions by mbstring functions.
++; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
++; etc. Possible values are 0,1,2,4 or combination of them.
++; For example, 7 for overload everything.
++; 0: No overload
++; 1: Overload mail() function
++; 2: Overload str*() functions
++; 4: Overload ereg*() functions
++;mbstring.func_overload = 0
++
++[FrontBase]
++;fbsql.allow_persistent = On
++;fbsql.autocommit = On
++;fbsql.default_database =
++;fbsql.default_database_password =
++;fbsql.default_host =
++;fbsql.default_password =
++;fbsql.default_user = "_SYSTEM"
++;fbsql.generate_warnings = Off
++;fbsql.max_connections = 128
++;fbsql.max_links = 128
++;fbsql.max_persistent = -1
++;fbsql.max_results = 128
++;fbsql.batchSize = 1000
++
++[Crack]
++; Modify the setting below to match the directory location of the cracklib
++; dictionary files. Include the base filename, but not the file extension.
++; crack.default_dictionary = "c:\php\lib\cracklib_dict"
++
++[exif]
++; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
++; With mbstring support this will automatically be converted into the encoding
++; given by corresponding encode setting. When empty mbstring.internal_encoding
++; is used. For the decode settings you can distinguish between motorola and
++; intel byte order. A decode setting cannot be empty.
++;exif.encode_unicode = ISO-8859-15
++;exif.decode_unicode_motorola = UCS-2BE
++;exif.decode_unicode_intel = UCS-2LE
++;exif.encode_jis =
++;exif.decode_jis_motorola = JIS
++;exif.decode_jis_intel = JIS
++
++; Local Variables:
++; tab-width: 4
++; End:

Added: trunk/debs/php5/debian/patches/033-we_WANT_libtool.patch
===================================================================
--- trunk/debs/php5/debian/patches/033-we_WANT_libtool.patch (rev 0)
+++ trunk/debs/php5/debian/patches/033-we_WANT_libtool.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,16 @@
+Index: php5-5.2.0/build/build2.mk
+===================================================================
+--- php5-5.2.0.orig/build/build2.mk 2007-03-18 22:57:00.000000000 +0100
++++ php5-5.2.0/build/build2.mk 2007-03-18 22:58:41.000000000 +0100
+@@ -52,6 +52,11 @@
+
+ aclocal.m4: configure.in acinclude.m4
+ @echo rebuilding $@
++ @libtoolize=`./build/shtool path glibtoolize libtoolize`; \
++ $$libtoolize --copy --automake --force; \
++ ltpath=`dirname $$libtoolize`; \
++ ltfile=`cd $$ltpath/../share/aclocal; pwd`/libtool.m4; \
++ cp $$ltfile ./build/libtool.m4
+ cat acinclude.m4 ./build/libtool.m4 > $@
+
+ configure: aclocal.m4 configure.in $(config_m4_files)

Added: trunk/debs/php5/debian/patches/034-apache2_umask_fix.patch
===================================================================
--- trunk/debs/php5/debian/patches/034-apache2_umask_fix.patch (rev 0)
+++ trunk/debs/php5/debian/patches/034-apache2_umask_fix.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,46 @@
+
+Save and restore umask across requests correctly.
+
+Index: php5-5.2.4/sapi/apache2handler/sapi_apache2.c
+===================================================================
+--- php5-5.2.4.orig/sapi/apache2handler/sapi_apache2.c 2007-06-28 19:23:07.000000000 +0200
++++ php5-5.2.4/sapi/apache2handler/sapi_apache2.c 2007-09-11 00:24:16.000000000 +0200
+@@ -434,6 +434,19 @@
+ return APR_SUCCESS;
+ }
+
++static int saved_umask;
++
++static void php_save_umask(void)
++{
++ saved_umask = umask(077);
++ umask(saved_umask);
++}
++
++static void php_restore_umask(void)
++{
++ umask(saved_umask);
++}
++
+ static int php_apache_request_ctor(request_rec *r, php_struct *ctx TSRMLS_DC)
+ {
+ char *content_length;
+@@ -622,6 +635,8 @@
+ } else {
+ zend_file_handle zfd;
+
++ php_save_umask();
++
+ zfd.type = ZEND_HANDLE_FILENAME;
+ zfd.filename = (char *) r->filename;
+ zfd.free_filename = 0;
+@@ -633,6 +648,9 @@
+ zend_execute_scripts(ZEND_INCLUDE TSRMLS_CC, NULL, 1, &zfd);
+ }
+
++ php_restore_umask();
++
++
+ apr_table_set(r->notes, "mod_php_memory_usage",
+ apr_psprintf(ctx->r->pool, "%u", zend_memory_peak_usage(1 TSRMLS_CC)));
+ }

Added: trunk/debs/php5/debian/patches/036-fd_setsize_fix.patch
===================================================================
--- trunk/debs/php5/debian/patches/036-fd_setsize_fix.patch (rev 0)
+++ trunk/debs/php5/debian/patches/036-fd_setsize_fix.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,26 @@
+Index: php5-5.2.4/ext/sockets/sockets.c
+===================================================================
+--- php5-5.2.4.orig/ext/sockets/sockets.c 2007-07-24 13:35:08.000000000 +0200
++++ php5-5.2.4/ext/sockets/sockets.c 2007-09-11 00:24:23.000000000 +0200
+@@ -566,6 +566,7 @@
+
+ php_sock = (php_socket*) zend_fetch_resource(element TSRMLS_CC, -1, le_socket_name, NULL, 1, le_socket);
+ if (!php_sock) continue; /* If element is not a resource, skip it */
++ if (php_sock->bsd_socket > FD_SETSIZE) continue; /* must ignore it */
+
+ PHP_SAFE_FD_SET(php_sock->bsd_socket, fds);
+ if (php_sock->bsd_socket > *max_fd) {
+Index: php5-5.2.4/ext/standard/streamsfuncs.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/streamsfuncs.c 2007-07-09 19:27:24.000000000 +0200
++++ php5-5.2.4/ext/standard/streamsfuncs.c 2007-09-11 00:24:23.000000000 +0200
+@@ -592,6 +592,9 @@
+ * is not displayed.
+ * */
+ if (SUCCESS == php_stream_cast(stream, PHP_STREAM_AS_FD_FOR_SELECT | PHP_STREAM_CAST_INTERNAL, (void*)&this_fd, 1) && this_fd >= 0) {
++ if (this_fd > FD_SETSIZE)
++ continue;
++
+
+ PHP_SAFE_FD_SET(this_fd, fds);
+

Added: trunk/debs/php5/debian/patches/043-recode_size_t.patch
===================================================================
--- trunk/debs/php5/debian/patches/043-recode_size_t.patch (rev 0)
+++ trunk/debs/php5/debian/patches/043-recode_size_t.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.5/ext/recode/recode.c
+===================================================================
+--- php5-5.2.5.orig/ext/recode/recode.c 2007-06-22 02:02:15.000000000 +0200
++++ php5-5.2.5/ext/recode/recode.c 2008-02-21 00:46:54.000000000 +0100
+@@ -136,7 +136,7 @@
+ int req_len, str_len;
+ char *req, *str;
+
+- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE) {
++ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &req, &req_len, &str, &str_len) == FAILURE || str_len < 0) {
+ return;
+ }
+

Added: trunk/debs/php5/debian/patches/044-strtod_arm_fix.patch
===================================================================
--- trunk/debs/php5/debian/patches/044-strtod_arm_fix.patch (rev 0)
+++ trunk/debs/php5/debian/patches/044-strtod_arm_fix.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,56 @@
+Index: php5-5.2.4/Zend/zend_strtod.c
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_strtod.c 2007-07-23 18:17:10.000000000 +0200
++++ php5-5.2.4/Zend/zend_strtod.c 2007-09-11 00:26:29.000000000 +0200
+@@ -142,14 +142,25 @@
+ #define IEEE_LITTLE_ENDIAN
+ #endif
+
+-#if defined(__arm__) && !defined(__VFP_FP__)
+-/*
+- * * Although the CPU is little endian the FP has different
+- * * byte and word endianness. The byte order is still little endian
+- * * but the word order is big endian.
+- * */
+-#define IEEE_BIG_ENDIAN
++#if defined(__arm__) || defined(__thumb__)
++/* ARM traditionally used big-endian words; and within those words the
++ byte ordering was big or little endian depending upon the target.
++ Modern floating-point formats are naturally ordered; in this case
++ __VFP_FP__ will be defined, even if soft-float. */
+ #undef IEEE_LITTLE_ENDIAN
++#undef IEEE_BIG_ENDIAN
++#if defined(__VFP_FP__) || defined(__MAVERICK__)
++# ifdef __ARMEL__
++# define IEEE_LITTLE_ENDIAN
++# else
++# define IEEE_BIG_ENDIAN
++# endif
++#else
++# define IEEE_BIG_ENDIAN
++# ifdef __ARMEL__
++# define IEEE_BYTES_LITTLE_ENDIAN
++# endif
++#endif
+ #endif
+
+ #ifdef __vax__
+@@ -256,8 +267,7 @@
+
+ #if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) + defined(VAX) + \
+ defined(IBM) != 1
+- Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or
+- IBM should be defined.
++#error "Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or IBM should be defined."
+ #endif
+
+ typedef union {
+@@ -277,7 +287,7 @@
+ * An alternative that might be better on some machines is
+ * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff)
+ */
+-#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm__)
++#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(IEEE_BYTES_LITTLE_ENDIAN)
+ #define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \
+ ((unsigned short *)a)[0] = (unsigned short)c, a++)
+ #else

Added: trunk/debs/php5/debian/patches/045-exif_nesting_level.patch
===================================================================
--- trunk/debs/php5/debian/patches/045-exif_nesting_level.patch (rev 0)
+++ trunk/debs/php5/debian/patches/045-exif_nesting_level.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.2/ext/exif/exif.c
+===================================================================
+--- php5-5.2.2.orig/ext/exif/exif.c 2007-02-27 04:04:40.000000000 +0100
++++ php5-5.2.2/ext/exif/exif.c 2007-05-04 17:42:23.000000000 +0200
+@@ -99,7 +99,7 @@
+
+ #define EFREE_IF(ptr) if (ptr) efree(ptr)
+
+-#define MAX_IFD_NESTING_LEVEL 100
++#define MAX_IFD_NESTING_LEVEL 250
+
+ /* {{{ arginfo */
+ static

Added: trunk/debs/php5/debian/patches/047-zts_with_dl.patch
===================================================================
--- trunk/debs/php5/debian/patches/047-zts_with_dl.patch (rev 0)
+++ trunk/debs/php5/debian/patches/047-zts_with_dl.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,17 @@
+Index: php5-5.2.2/ext/standard/dl.c
+===================================================================
+--- php5-5.2.2.orig/ext/standard/dl.c 2007-02-23 01:37:35.000000000 +0100
++++ php5-5.2.2/ext/standard/dl.c 2007-05-04 17:42:34.000000000 +0200
+@@ -76,12 +76,7 @@
+ if ((strncmp(sapi_module.name, "cgi", 3)!=0) &&
+ (strcmp(sapi_module.name, "cli")!=0) &&
+ (strncmp(sapi_module.name, "embed", 5)!=0)) {
+-#ifdef ZTS
+- php_error_docref(NULL TSRMLS_CC, E_WARNING, "Not supported in multithreaded Web servers - use extension=%s in your php.ini", Z_STRVAL_PP(file));
+- RETURN_FALSE;
+-#else
+ php_error_docref(NULL TSRMLS_CC, E_STRICT, "dl() is deprecated - use extension=%s in your php.ini", Z_STRVAL_PP(file));
+-#endif
+ }
+
+ php_dl(*file, MODULE_TEMPORARY, return_value, 0 TSRMLS_CC);

Added: trunk/debs/php5/debian/patches/052-phpinfo_no_configure.patch
===================================================================
--- trunk/debs/php5/debian/patches/052-phpinfo_no_configure.patch (rev 0)
+++ trunk/debs/php5/debian/patches/052-phpinfo_no_configure.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,25 @@
+Index: php-5.2.4/ext/standard/info.c
+===================================================================
+--- php-5.2.4.orig/ext/standard/info.c
++++ php-5.2.4/ext/standard/info.c
+@@ -461,7 +461,7 @@
+ php_info_print_table_start();
+ php_info_print_table_row(2, "System", php_uname );
+ php_info_print_table_row(2, "Build Date", __DATE__ " " __TIME__ );
+-#ifdef CONFIGURE_COMMAND
++#if 0
+ php_info_print_table_row(2, "Configure Command", CONFIGURE_COMMAND );
+ #endif
+ if (sapi_module.pretty_name) {
+Index: php-5.2.4/ext/standard/tests/general_functions/phpinfo.phpt
+===================================================================
+--- php-5.2.4.orig/ext/standard/tests/general_functions/phpinfo.phpt
++++ php-5.2.4/ext/standard/tests/general_functions/phpinfo.phpt
+@@ -20,7 +20,6 @@
+
+ System => %s
+ Build Date => %s
+-Configure Command => %s
+ Server API => Command Line Interface
+ Virtual Directory Support => %s
+ Configuration File (php.ini) Path => %s

Added: trunk/debs/php5/debian/patches/053-extension_api.patch
===================================================================
--- trunk/debs/php5/debian/patches/053-extension_api.patch (rev 0)
+++ trunk/debs/php5/debian/patches/053-extension_api.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,56 @@
+Index: php5-5.2.4/configure.in
+===================================================================
+--- php5-5.2.4.orig/configure.in 2007-09-11 00:24:00.000000000 +0200
++++ php5-5.2.4/configure.in 2007-09-11 00:40:32.000000000 +0200
+@@ -1048,8 +1048,13 @@
+
+ ZEND_MODULE_API_NO=`$EGREP '#define ZEND_MODULE_API_NO ' $srcdir/Zend/zend_modules.h|$SED 's/#define ZEND_MODULE_API_NO //'`
+
++DEBIAN_PHP_API=`egrep -h '^#define ZEND_EXTENSION_API_NO|^#define ZEND_MODULE_API_NO|#define PHP_API_VERSION' $srcdir/Zend/zend_extensions.h $srcdir/Zend/zend_modules.h $srcdir/main/php.h | awk '{print $3}' | sed -e 's/^2200/200/' | sort -n | tail -n 1`
++if echo "$CPPFLAGS $CFLAGS" | grep -q -- -D_FILE_OFFSET_BITS=64; then
++ DEBIAN_PHP_API="${DEBIAN_PHP_API}+lfs"
++fi
++
+ if test -z "$EXTENSION_DIR"; then
+- extbasedir=$ZEND_MODULE_API_NO
++ extbasedir=$DEBIAN_PHP_API
+ if test "$oldstyleextdir" = "yes"; then
+ if test "$PHP_DEBUG" = "1"; then
+ part1=debug
+@@ -1193,6 +1198,7 @@
+ PHP_SUBST(CXXFLAGS)
+ PHP_SUBST(CXXFLAGS_CLEAN)
+ PHP_SUBST_OLD(DEBUG_CFLAGS)
++PHP_SUBST_OLD(DEBIAN_PHP_API)
+ PHP_SUBST_OLD(EXTENSION_DIR)
+ PHP_SUBST_OLD(EXTRA_LDFLAGS)
+ PHP_SUBST_OLD(EXTRA_LDFLAGS_PROGRAM)
+Index: php5-5.2.4/scripts/php-config.in
+===================================================================
+--- php5-5.2.4.orig/scripts/php-config.in 2007-09-11 00:23:54.000000000 +0200
++++ php5-5.2.4/scripts/php-config.in 2007-09-11 00:41:21.000000000 +0200
+@@ -17,6 +17,7 @@
+ php_cgi_binary=NONE
+ configure_options="@CONFIGURE_OPTIONS@"
+ php_sapis="@PHP_INSTALLED_SAPIS@"
++phpapi="@DEBIAN_PHP_API@"
+
+ # Set php_cli_binary and php_cgi_binary if available
+ for sapi in $php_sapis; do
+@@ -55,6 +56,8 @@
+ echo $include_dir;;
+ --php-binary)
+ echo $php_binary;;
++--phpapi)
++ echo $phpapi;;
+ --php-sapis)
+ echo $php_sapis;;
+ --configure-options)
+@@ -75,6 +78,7 @@
+ --include-dir [$include_dir]
+ --php-binary [$php_binary]
+ --php-sapis [$php_sapis]
++ --phpapi [$phpapi]
+ --configure-options [$configure_options]
+ --version [$version]
+ --vernum [$vernum]

Added: trunk/debs/php5/debian/patches/056-mime_magic_liberal.patch
===================================================================
--- trunk/debs/php5/debian/patches/056-mime_magic_liberal.patch (rev 0)
+++ trunk/debs/php5/debian/patches/056-mime_magic_liberal.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,38 @@
+Index: php5-5.2.2/ext/mime_magic/mime_magic.c
+===================================================================
+--- php5-5.2.2.orig/ext/mime_magic/mime_magic.c 2007-02-15 01:05:42.000000000 +0100
++++ php5-5.2.2/ext/mime_magic/mime_magic.c 2007-05-04 17:42:41.000000000 +0200
+@@ -501,7 +501,7 @@
+ } while (*(++p) != '/');
+ ++p;
+ do {
+- if (!isalnum(*p) && (*p != '-') && (*p != '.') && !isspace(*p)) {
++ if (!isalnum(*p) && (*p != '-') && (*p != '.') && (*p != '+') && !isspace(*p)) {
+ return 0;
+ }
+ } while (*(++p));
+@@ -634,6 +634,15 @@
+ else if (strncmp(l, "string", NSTRING) == 0) {
+ m->type = STRING;
+ l += NSTRING;
++ if (*l == '/') {
++ ++l;
++ if ((*l == 'B') || (*l == 'b') || (*l == 'c')) {
++ ++l;
++ if ((*l == 'B') || (*l == 'b') || (*l == 'c')) {
++ ++l;
++ }
++ }
++ }
+ }
+ else if (strncmp(l, "date", NDATE) == 0) {
+ m->type = DATE;
+@@ -727,7 +736,7 @@
+ if (!is_valid_mimetype(l, strlen(l))) {
+ if(MIME_MAGIC_G(debug))
+ php_error_docref("http://www.php.net/mime_magic" TSRMLS_CC, E_WARNING, ": (%s:%d) '%s' is not a valid mimetype, entry skipped", MIME_MAGIC_G(magicfile), lineno, l);
+- return -1;
++ return 0;
+ }
+
+ strlcpy(m->desc, l, sizeof(m->desc));

Added: trunk/debs/php5/debian/patches/057-no_apache_installed.patch
===================================================================
--- trunk/debs/php5/debian/patches/057-no_apache_installed.patch (rev 0)
+++ trunk/debs/php5/debian/patches/057-no_apache_installed.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,92 @@
+Index: php5-5.2.4/sapi/apache2handler/config.m4
+===================================================================
+--- php5-5.2.4.orig/sapi/apache2handler/config.m4 2007-07-12 01:20:36.000000000 +0200
++++ php5-5.2.4/sapi/apache2handler/config.m4 2007-09-11 00:41:45.000000000 +0200
+@@ -59,13 +59,13 @@
+
+ APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS"
+
+- # Test that we're trying to configure with apache 2.x
+- PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
+- if test "$APACHE_VERSION" -le 2000000; then
+- AC_MSG_ERROR([.You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)])
+- elif test "$APACHE_VERSION" -lt 2000044; then
+- AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required])
+- fi
++dnl # Test that we're trying to configure with apache 2.x
++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
++dnl if test "$APACHE_VERSION" -le 2000000; then
++dnl AC_MSG_ERROR([.You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)])
++dnl elif test "$APACHE_VERSION" -lt 2000044; then
++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.44 is required])
++dnl fi
+
+ APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR`
+ if test -z `$APXS -q SYSCONFDIR`; then
+Index: php5-5.2.4/sapi/apache/config.m4
+===================================================================
+--- php5-5.2.4.orig/sapi/apache/config.m4 2007-07-12 01:20:36.000000000 +0200
++++ php5-5.2.4/sapi/apache/config.m4 2007-09-11 00:41:45.000000000 +0200
+@@ -56,11 +56,11 @@
+ APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET`
+ APACHE_INCLUDE=-I$APXS_INCLUDEDIR
+
+- # Test that we're trying to configure with apache 1.x
+- PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
+- if test "$APACHE_VERSION" -ge 2000000; then
+- AC_MSG_ERROR([.You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2])
+- fi
++dnl # Test that we're trying to configure with apache 1.x
++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
++dnl if test "$APACHE_VERSION" -ge 2000000; then
++dnl AC_MSG_ERROR([.You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2])
++dnl fi
+
+ for flag in $APXS_CFLAGS; do
+ case $flag in
+Index: php5-5.2.4/sapi/apache2filter/config.m4
+===================================================================
+--- php5-5.2.4.orig/sapi/apache2filter/config.m4 2007-07-12 01:20:36.000000000 +0200
++++ php5-5.2.4/sapi/apache2filter/config.m4 2007-09-11 00:41:45.000000000 +0200
+@@ -60,13 +60,13 @@
+
+ APACHE_CFLAGS="$APACHE_CPPFLAGS -I$APXS_INCLUDEDIR $APR_CFLAGS $APU_CFLAGS"
+
+- # Test that we're trying to configure with apache 2.x
+- PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
+- if test "$APACHE_VERSION" -le 2000000; then
+- AC_MSG_ERROR([.You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)])
+- elif test "$APACHE_VERSION" -lt 2000040; then
+- AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required])
+- fi
++dnl # Test that we're trying to configure with apache 2.x
++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
++dnl if test "$APACHE_VERSION" -le 2000000; then
++dnl AC_MSG_ERROR([.You have enabled Apache 2 support while your server is Apache 1.3. Please use the appropiate switch --with-apxs (without the 2)])
++dnl elif test "$APACHE_VERSION" -lt 2000040; then
++dnl AC_MSG_ERROR([Please note that Apache version >= 2.0.40 is required])
++dnl fi
+
+ APXS_LIBEXECDIR='$(INSTALL_ROOT)'`$APXS -q LIBEXECDIR`
+ if test -z `$APXS -q SYSCONFDIR`; then
+Index: php5-5.2.4/sapi/apache_hooks/config.m4
+===================================================================
+--- php5-5.2.4.orig/sapi/apache_hooks/config.m4 2007-07-12 01:20:36.000000000 +0200
++++ php5-5.2.4/sapi/apache_hooks/config.m4 2007-09-11 00:41:45.000000000 +0200
+@@ -57,11 +57,11 @@
+ APXS_HTTPD=`$APXS -q SBINDIR`/`$APXS -q TARGET`
+ APACHE_INCLUDE=-I$APXS_INCLUDEDIR
+
+- # Test that we're trying to configure with apache 1.x
+- PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
+- if test "$APACHE_VERSION" -ge 2000000; then
+- AC_MSG_ERROR([.You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2])
+- fi
++dnl # Test that we're trying to configure with apache 1.x
++dnl PHP_AP_EXTRACT_VERSION($APXS_HTTPD)
++dnl if test "$APACHE_VERSION" -ge 2000000; then
++dnl AC_MSG_ERROR([.You have enabled Apache 1.3 support while your server is Apache 2. Please use the appropiate switch --with-apxs2])
++dnl fi
+
+ for flag in $APXS_CFLAGS; do
+ case $flag in

Added: trunk/debs/php5/debian/patches/100-recode_is_shared.patch
===================================================================
--- trunk/debs/php5/debian/patches/100-recode_is_shared.patch (rev 0)
+++ trunk/debs/php5/debian/patches/100-recode_is_shared.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,12 @@
+Index: php5-5.2.0/ext/recode/config9.m4
+===================================================================
+--- php5-5.2.0.orig/ext/recode/config9.m4 2007-03-18 22:56:59.000000000 +0100
++++ php5-5.2.0/ext/recode/config9.m4 2007-03-18 22:58:44.000000000 +0100
+@@ -8,6 +8,6 @@
+ test "$PHP_MYSQL" != "no" && recode_conflict="$recode_conflict mysql"
+
+ if test -n "$recode_conflict"; then
+- AC_MSG_ERROR([recode extension can not be configured together with:$recode_conflict])
++ AC_MSG_WARN([recode extension can not be used together with:$recode_conflict])
+ fi
+ fi

Added: trunk/debs/php5/debian/patches/101-sqlite_is_shared.patch
===================================================================
--- trunk/debs/php5/debian/patches/101-sqlite_is_shared.patch (rev 0)
+++ trunk/debs/php5/debian/patches/101-sqlite_is_shared.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.4/ext/sqlite/config.m4
+===================================================================
+--- php5-5.2.4.orig/ext/sqlite/config.m4 2007-07-03 19:25:35.000000000 +0200
++++ php5-5.2.4/ext/sqlite/config.m4 2007-09-11 00:41:52.000000000 +0200
+@@ -84,7 +84,7 @@
+ ])
+ SQLITE_MODULE_TYPE=external
+ PHP_SQLITE_CFLAGS=$pdo_inc_path
+- sqlite_extra_sources="libsqlite/src/encode.c"
++ sqlite_extra_sources=""
+ else
+ # use bundled library
+ PHP_PROG_LEMON

Added: trunk/debs/php5/debian/patches/107-reflection_is_ext.patch
===================================================================
--- trunk/debs/php5/debian/patches/107-reflection_is_ext.patch (rev 0)
+++ trunk/debs/php5/debian/patches/107-reflection_is_ext.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.0/ext/reflection/config.m4
+===================================================================
+--- php5-5.2.0.orig/ext/reflection/config.m4 2007-03-18 22:56:59.000000000 +0100
++++ php5-5.2.0/ext/reflection/config.m4 2007-03-18 22:58:44.000000000 +0100
+@@ -2,7 +2,7 @@
+ dnl config.m4 for extension reflection
+
+ PHP_ARG_ENABLE(reflection, whether to enable reflection support,
+-[ --disable-reflection Disable reflection support], yes, no)
++[ --disable-reflection Disable reflection support], yes)
+
+ if test "$PHP_REFLECTION" != "no"; then
+ AC_DEFINE(HAVE_REFLECTION, 1, [Whether Reflection is enabled])

Added: trunk/debs/php5/debian/patches/108-64_bit_datetime.patch
===================================================================
--- trunk/debs/php5/debian/patches/108-64_bit_datetime.patch (rev 0)
+++ trunk/debs/php5/debian/patches/108-64_bit_datetime.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,14 @@
+Index: php5-5.2.4/ext/standard/datetime.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/datetime.c 2007-06-07 10:59:00.000000000 +0200
++++ php5-5.2.4/ext/standard/datetime.c 2007-09-11 00:41:58.000000000 +0200
+@@ -20,6 +20,9 @@
+
+ /* $Id: datetime.c,v 1.134.2.2.2.4 2007/06/07 08:59:00 tony2001 Exp $ */
+
++#define _XOPEN_SOURCE /* needed to get strptime() declared */
++#define _BSD_SOURCE /* needed to get ulong declared */
++
+ #include "php.h"
+ #include "zend_operators.h"
+ #include "datetime.h"

Added: trunk/debs/php5/debian/patches/112-proc_open.patch
===================================================================
--- trunk/debs/php5/debian/patches/112-proc_open.patch (rev 0)
+++ trunk/debs/php5/debian/patches/112-proc_open.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.0/ext/standard/proc_open.c
+===================================================================
+--- php5-5.2.0.orig/ext/standard/proc_open.c 2007-03-18 22:56:59.000000000 +0100
++++ php5-5.2.0/ext/standard/proc_open.c 2007-03-18 22:58:45.000000000 +0100
+@@ -61,7 +61,7 @@
+ * */
+ #ifdef PHP_CAN_SUPPORT_PROC_OPEN
+
+-#if 0 && HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H
++#if HAVE_PTSNAME && HAVE_GRANTPT && HAVE_UNLOCKPT && HAVE_SYS_IOCTL_H && HAVE_TERMIOS_H
+ # include <sys/ioctl.h>
+ # include <termios.h>
+ # define PHP_CAN_DO_PTS 1

Added: trunk/debs/php5/debian/patches/113-php.ini_securitynotes.patch
===================================================================
--- trunk/debs/php5/debian/patches/113-php.ini_securitynotes.patch (rev 0)
+++ trunk/debs/php5/debian/patches/113-php.ini_securitynotes.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,42 @@
+Index: php5-5.2.4/php.ini-dist
+===================================================================
+--- php5-5.2.4.orig/php.ini-dist 2007-09-11 00:23:54.000000000 +0200
++++ php5-5.2.4/php.ini-dist 2007-09-11 00:42:09.000000000 +0200
+@@ -166,6 +166,11 @@
+ ;
+ ; Safe Mode
+ ;
++; NOTE: this is considered a "broken" security measure.
++; Applications relying on this feature will not recieve full
++; support by the security team. For more information please
++; see /usr/share/doc/php5-common/README.Debian.security
++;
+ safe_mode = Off
+
+ ; By default, Safe Mode does a UID compare check when
+@@ -202,6 +207,13 @@
+ ; and below. This directive makes most sense if used in a per-directory
+ ; or per-virtualhost web server configuration file. This directive is
+ ; *NOT* affected by whether Safe Mode is turned On or Off.
++
++; NOTE: this is considered a "broken" security measure.
++; Applications relying on this feature will not recieve full
++; support by the security team. For more information please
++; see /usr/share/doc/php5-common/README.Debian.security
++;
++
+ ;open_basedir =
+
+ ; This directive allows you to disable certain functions for security reasons.
+@@ -411,6 +423,11 @@
+ ; You should do your best to write your scripts so that they do not require
+ ; register_globals to be on; Using form variables as globals can easily lead
+ ; to possible security problems, if the code is not very well thought of.
++
++; NOTE: applications relying on this feature will not recieve full
++; support by the security team. For more information please
++; see /usr/share/doc/php5-common/README.Debian.security
++;
+ register_globals = Off
+
+ ; Whether or not to register the old-style input arrays, HTTP_GET_VARS

Added: trunk/debs/php5/debian/patches/118-simplexml-segv.patch
===================================================================
--- trunk/debs/php5/debian/patches/118-simplexml-segv.patch (rev 0)
+++ trunk/debs/php5/debian/patches/118-simplexml-segv.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,51 @@
+Index: ext/simplexml/simplexml.c
+===================================================================
+RCS file: /repository/php-src/ext/simplexml/simplexml.c,v
+retrieving revision 1.151.2.22.2.21
+diff -u -p -d -r1.151.2.22.2.21 simplexml.c
+--- old/ext/simplexml/simplexml.c 12 Feb 2007 21:06:29 -0000 1.151.2.22.2.21
++++ new/ext/simplexml/simplexml.c 20 Feb 2007 12:47:46 -0000
+@@ -56,6 +56,7 @@ static php_sxe_object* php_sxe_object_ne
+ static zend_object_value php_sxe_register_object(php_sxe_object * TSRMLS_DC);
+ static xmlNodePtr php_sxe_reset_iterator(php_sxe_object *sxe, int use_data TSRMLS_DC);
+ static xmlNodePtr php_sxe_iterator_fetch(php_sxe_object *sxe, xmlNodePtr node, int use_data TSRMLS_DC);
++static zval *sxe_get_value(zval *z TSRMLS_DC);
+
+ /* {{{ _node_as_zval()
+ */
+@@ -427,6 +428,7 @@ static void sxe_prop_dim_write(zval *obj
+ int is_attr = 0;
+ int nodendx = 0;
+ int test = 0;
++ int new_value = 0;
+ long cnt;
+ zval tmp_zv, trim_zv, value_copy;
+
+@@ -504,8 +506,17 @@ static void sxe_prop_dim_write(zval *obj
+ break;
+ case IS_STRING:
+ break;
++ case IS_OBJECT:
++ if (Z_OBJCE_P(value) == sxe_class_entry) {
++ value = sxe_get_value(value TSRMLS_CC);
++ INIT_PZVAL(value);
++ new_value = 1;
++ break;
++ }
++ /* break is missing intentionally */
+ default:
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "It is not yet possible to assign complex types to %s", attribs ? "attributes" : "properties");
++ return;
+ }
+ }
+
+@@ -594,6 +605,9 @@ next_iter:
+ if (value && value == &value_copy) {
+ zval_dtor(value);
+ }
++ if (new_value) {
++ zval_ptr_dtor(&value);
++ }
+ }
+ /* }}} */
+

Added: trunk/debs/php5/debian/patches/119-sybase-alias.patch
===================================================================
--- trunk/debs/php5/debian/patches/119-sybase-alias.patch (rev 0)
+++ trunk/debs/php5/debian/patches/119-sybase-alias.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,42 @@
+diff -Naur php-5.2.4.orig/ext/mssql/php_mssql.c php-5.2.4/ext/mssql/php_mssql.c
+--- php-5.2.4.orig/ext/mssql/php_mssql.c 2007-02-23 21:17:25.000000000 -0500
++++ php-5.2.4/ext/mssql/php_mssql.c 2008-06-20 08:58:56.000000000 -0400
+@@ -78,6 +78,38 @@
+ PHP_FE(mssql_execute, NULL)
+ PHP_FE(mssql_free_statement, NULL)
+ PHP_FE(mssql_guid_string, NULL)
++#if !defined(PHP_WIN32) && !defined(HAVE_SYBASE_CT)
++ PHP_FALIAS(sybase_connect, mssql_connect, NULL)
++ PHP_FALIAS(sybase_pconnect, mssql_pconnect, NULL)
++ PHP_FALIAS(sybase_close, mssql_close, NULL)
++ PHP_FALIAS(sybase_select_db, mssql_select_db, NULL)
++ PHP_FALIAS(sybase_query, mssql_query, NULL)
++ PHP_FALIAS(sybase_fetch_batch, mssql_fetch_batch, NULL)
++ PHP_FALIAS(sybase_rows_affected, mssql_rows_affected, NULL)
++ PHP_FALIAS(sybase_free_result, mssql_free_result, NULL)
++ PHP_FALIAS(sybase_get_last_message, mssql_get_last_message, NULL)
++ PHP_FALIAS(sybase_num_rows, mssql_num_rows, NULL)
++ PHP_FALIAS(sybase_num_fields, mssql_num_fields, NULL)
++ PHP_FALIAS(sybase_fetch_field, mssql_fetch_field, NULL)
++ PHP_FALIAS(sybase_fetch_row, mssql_fetch_row, NULL)
++ PHP_FALIAS(sybase_fetch_array, mssql_fetch_array, NULL)
++ PHP_FALIAS(sybase_fetch_assoc, mssql_fetch_assoc, NULL)
++ PHP_FALIAS(sybase_fetch_object, mssql_fetch_object, NULL)
++ PHP_FALIAS(sybase_field_length, mssql_field_length, NULL)
++ PHP_FALIAS(sybase_field_name, mssql_field_name, NULL)
++ PHP_FALIAS(sybase_field_type, mssql_field_type, NULL)
++ PHP_FALIAS(sybase_data_seek, mssql_data_seek, NULL)
++ PHP_FALIAS(sybase_field_seek, mssql_field_seek, NULL)
++ PHP_FALIAS(sybase_result, mssql_result, NULL)
++ PHP_FALIAS(sybase_next_result, mssql_next_result, NULL)
++ PHP_FALIAS(sybase_min_error_severity, mssql_min_error_severity, NULL)
++ PHP_FALIAS(sybase_min_message_severity, mssql_min_message_severity, NULL)
++ PHP_FALIAS(sybase_init, mssql_init, NULL)
++ PHP_FALIAS(sybase_bind, mssql_bind, third_arg_force_ref)
++ PHP_FALIAS(sybase_execute, mssql_execute, NULL)
++ PHP_FALIAS(sybase_free_statement, mssql_free_statement, NULL)
++ PHP_FALIAS(sybase_guid_string, mssql_guid_string, NULL)
++#endif
+ {NULL, NULL, NULL}
+ };
+

Added: trunk/debs/php5/debian/patches/120_SECURITY_CVE-2007-5900.patch
===================================================================
--- trunk/debs/php5/debian/patches/120_SECURITY_CVE-2007-5900.patch (rev 0)
+++ trunk/debs/php5/debian/patches/120_SECURITY_CVE-2007-5900.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,145 @@
+#
+# Description: fix php_admin_value and php_admin_flag restrictions bypass via ini_set
+# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/228095
+# Upstream: http://bugs.php.net/bug.php?id=41561
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.8&r2=1.39.2.2.2.9
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.9&r2=1.39.2.2.2.10
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.13&r2=1.39.2.2.2.14
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.14&r2=1.39.2.2.2.15
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?hideattic=1&r1=1.34.2.1.2.4&r2=1.34.2.1.2.5
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.h?hideattic=1&r1=1.34.2.1.2.5&r2=1.34.2.1.2.6
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_def.h?hideattic=1&r1=1.59.2.29.2.47&r2=1.59.2.29.2.48
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_vm_execute.h?hideattic=1&r1=1.62.2.30.2.48&r2=1.62.2.30.2.49
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?hideattic=1&r1=1.39.2.2.2.26&r2=1.39.2.2.2.27
+#
+diff -Nur php5-5.2.4/Zend/zend_ini.c php5-5.2.4.new/Zend/zend_ini.c
+--- php5-5.2.4/Zend/zend_ini.c 2007-08-23 14:42:42.000000000 -0400
++++ php5-5.2.4.new/Zend/zend_ini.c 2009-01-27 14:10:46.000000000 -0500
+@@ -63,6 +63,9 @@
+ ini_entry->modified = 0;
+ ini_entry->orig_value = NULL;
+ ini_entry->orig_value_length = 0;
++ if (ini_entry->modifiable >= (1 << 3)) {
++ ini_entry->modifiable >>= 3;
++ }
+ }
+ return 0;
+ }
+@@ -234,8 +237,14 @@
+
+ ZEND_API int zend_alter_ini_entry(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage)
+ {
++ return zend_alter_ini_entry_ex(name, name_length, new_value, new_value_length, modify_type, stage, 0);
++}
++
++ZEND_API int zend_alter_ini_entry_ex(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage, int force_change) /* {{{ */
++{
+ zend_ini_entry *ini_entry;
+ char *duplicate;
++ zend_bool modifiable;
+ zend_bool modified;
+ TSRMLS_FETCH();
+
+@@ -243,11 +252,19 @@
+ return FAILURE;
+ }
+
+- if (!(ini_entry->modifiable & modify_type)) {
+- return FAILURE;
++ modifiable = ini_entry->modifiable;
++ modified = ini_entry->modified;
++
++ if (stage == ZEND_INI_STAGE_ACTIVATE && modify_type == ZEND_INI_SYSTEM) {
++ /* only touch lower bits */
++ ini_entry->modifiable = (ini_entry->modifiable & (ZEND_INI_ALL << 3)) | ZEND_INI_SYSTEM;
+ }
+
+- modified = ini_entry->modified;
++ if (!force_change) {
++ if (!(ini_entry->modifiable & modify_type)) {
++ return FAILURE;
++ }
++ }
+
+ if (!EG(modified_ini_directives)) {
+ ALLOC_HASHTABLE(EG(modified_ini_directives));
+@@ -256,6 +273,8 @@
+ if (!modified) {
+ ini_entry->orig_value = ini_entry->value;
+ ini_entry->orig_value_length = ini_entry->value_length;
++ /* store orginial value in the upper bits */
++ ini_entry->modifiable = (modifiable << 3) | ini_entry->modifiable;
+ ini_entry->modified = 1;
+ zend_hash_add(EG(modified_ini_directives), name, name_length, &ini_entry, sizeof(zend_ini_entry*), NULL);
+ }
+diff -Nur php5-5.2.4/Zend/zend_ini.h php5-5.2.4.new/Zend/zend_ini.h
+--- php5-5.2.4/Zend/zend_ini.h 2007-08-02 19:57:21.000000000 -0400
++++ php5-5.2.4.new/Zend/zend_ini.h 2009-01-27 14:10:40.000000000 -0500
+@@ -96,6 +96,7 @@
+ ZEND_API void zend_unregister_ini_entries(int module_number TSRMLS_DC);
+ ZEND_API void zend_ini_refresh_caches(int stage TSRMLS_DC);
+ ZEND_API int zend_alter_ini_entry(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage);
++ZEND_API int zend_alter_ini_entry_ex(char *name, uint name_length, char *new_value, uint new_value_length, int modify_type, int stage, int force_change);
+ ZEND_API int zend_restore_ini_entry(char *name, uint name_length, int stage);
+ ZEND_API void display_ini_entries(zend_module_entry *module);
+
+diff -Nur php5-5.2.4/Zend/zend_vm_def.h php5-5.2.4.new/Zend/zend_vm_def.h
+--- php5-5.2.4/Zend/zend_vm_def.h 2007-07-24 15:24:39.000000000 -0400
++++ php5-5.2.4.new/Zend/zend_vm_def.h 2009-01-27 14:10:42.000000000 -0500
+@@ -3599,7 +3599,7 @@
+ }
+
+ if (EG(error_reporting)) {
+- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1);
+ }
+ ZEND_VM_NEXT_OPCODE();
+ }
+@@ -3619,7 +3619,7 @@
+ Z_TYPE(restored_error_reporting) = IS_LONG;
+ Z_LVAL(restored_error_reporting) = Z_LVAL(EX_T(opline->op1.u.var).tmp_var);
+ convert_to_string(&restored_error_reporting);
+- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1);
+ zendi_zval_dtor(restored_error_reporting);
+ }
+ if (EX(old_error_reporting) == &EX_T(opline->op1.u.var).tmp_var) {
+@@ -3811,7 +3811,7 @@
+ Z_TYPE(restored_error_reporting) = IS_LONG;
+ Z_LVAL(restored_error_reporting) = Z_LVAL_P(EX(old_error_reporting));
+ convert_to_string(&restored_error_reporting);
+- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1);
+ zendi_zval_dtor(restored_error_reporting);
+ }
+ EX(old_error_reporting) = NULL;
+diff -Nur php5-5.2.4/Zend/zend_vm_execute.h php5-5.2.4.new/Zend/zend_vm_execute.h
+--- php5-5.2.4/Zend/zend_vm_execute.h 2007-07-24 15:24:39.000000000 -0400
++++ php5-5.2.4.new/Zend/zend_vm_execute.h 2009-01-27 14:10:44.000000000 -0500
+@@ -442,7 +442,7 @@
+ }
+
+ if (EG(error_reporting)) {
+- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), "0", 1, ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1);
+ }
+ ZEND_VM_NEXT_OPCODE();
+ }
+@@ -592,7 +592,7 @@
+ Z_TYPE(restored_error_reporting) = IS_LONG;
+ Z_LVAL(restored_error_reporting) = Z_LVAL_P(EX(old_error_reporting));
+ convert_to_string(&restored_error_reporting);
+- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1);
+ zendi_zval_dtor(restored_error_reporting);
+ }
+ EX(old_error_reporting) = NULL;
+@@ -4922,7 +4922,7 @@
+ Z_TYPE(restored_error_reporting) = IS_LONG;
+ Z_LVAL(restored_error_reporting) = Z_LVAL(EX_T(opline->op1.u.var).tmp_var);
+ convert_to_string(&restored_error_reporting);
+- zend_alter_ini_entry("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME);
++ zend_alter_ini_entry_ex("error_reporting", sizeof("error_reporting"), Z_STRVAL(restored_error_reporting), Z_STRLEN(restored_error_reporting), ZEND_INI_USER, ZEND_INI_STAGE_RUNTIME, 1);
+ zendi_zval_dtor(restored_error_reporting);
+ }
+ if (EX(old_error_reporting) == &EX_T(opline->op1.u.var).tmp_var) {

Added: trunk/debs/php5/debian/patches/121_SECURITY_CVE-2008-3658.patch
===================================================================
--- trunk/debs/php5/debian/patches/121_SECURITY_CVE-2008-3658.patch (rev 0)
+++ trunk/debs/php5/debian/patches/121_SECURITY_CVE-2008-3658.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,64 @@
+#
+# Description: fix denial of service and possible arbitrary code execution via crafted font file
+# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/286851
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499989
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?hideattic=1&r1=1.312.2.20.2.35&r2=1.312.2.20.2.36
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/imageloadfont_invalid.phpt?hideattic=1&r1=1.1.4.1&r2=1.1.4.2
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/gd/tests/imageloadfont_invalid.phpt?hideattic=1&r1=1.1.4.2&r2=1.1.4.3
+#
+diff -Nur php5-5.2.4/ext/gd/gd.c php5-5.2.4.new/ext/gd/gd.c
+--- php5-5.2.4/ext/gd/gd.c 2007-08-29 02:26:30.000000000 -0400
++++ php5-5.2.4.new/ext/gd/gd.c 2009-01-27 14:13:22.000000000 -0500
+@@ -1636,6 +1636,22 @@
+ font->nchars = FLIPWORD(font->nchars);
+ body_size = font->w * font->h * font->nchars;
+ }
++
++ if (overflow2(font->nchars, font->h)) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
++ efree(font);
++ php_stream_close(stream);
++ RETURN_FALSE;
++ }
++ if (overflow2(font->nchars * font->h, font->w )) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
++ efree(font);
++ php_stream_close(stream);
++ RETURN_FALSE;
++ }
++
++
++
+
+ if (body_size != body_size_check) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font");
+diff -Nur php5-5.2.4/ext/gd/tests/imageloadfont_invalid.phpt php5-5.2.4.new/ext/gd/tests/imageloadfont_invalid.phpt
+--- php5-5.2.4/ext/gd/tests/imageloadfont_invalid.phpt 1969-12-31 19:00:00.000000000 -0500
++++ php5-5.2.4.new/ext/gd/tests/imageloadfont_invalid.phpt 2009-01-27 14:13:22.000000000 -0500
+@@ -0,0 +1,26 @@
++--TEST--
++imageloadfont() function crashes
++--SKIPIF--
++<?php
++ if (!extension_loaded('gd')) die("skip gd extension not available\n");
++ if (!GD_BUNDLED) die('skip external GD libraries always fail');
++?>
++--FILE--
++<?php
++$filename = dirname(__FILE__) . '/font.gdf';
++$bin = "\x41\x41\x41\x41\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00";
++$fp = fopen($filename, 'wb');
++fwrite($fp, $bin);
++fclose($fp);
++
++$image = imagecreatetruecolor(50, 20);
++$font = imageloadfont($filename);
++$black = imagecolorallocate($image, 0, 0, 0);
++imagestring($image, $font, 0, 0, "Hello", $black);
++unlink($filename);
++?>
++--EXPECTF--
++Warning: imageloadfont(): gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully
++ in %simageloadfont_invalid.php on line %d
++
++Warning: imageloadfont(): Error reading font, invalid font header in %simageloadfont_invalid.php on line %d

Added: trunk/debs/php5/debian/patches/122_SECURITY_CVE-2008-3659.patch
===================================================================
--- trunk/debs/php5/debian/patches/122_SECURITY_CVE-2008-3659.patch (rev 0)
+++ trunk/debs/php5/debian/patches/122_SECURITY_CVE-2008-3659.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,40 @@
+#
+# Description: fix denial of service and possible arbitrary code execution
+# via the delimiter argument to the explode function
+# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/286851
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499988
+# Patch: http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?r1=1.94.2.4.2.11&r2=1.94.2.4.2.12&view=patch
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/tests/strings/explode_bug.phpt?hideattic=1&r1=1.1&r2=1.1.2.1
+#
+diff -Nur php5-5.2.4/ext/standard/tests/strings/explode_bug.phpt php5-5.2.4.new/ext/standard/tests/strings/explode_bug.phpt
+--- php5-5.2.4/ext/standard/tests/strings/explode_bug.phpt 1969-12-31 19:00:00.000000000 -0500
++++ php5-5.2.4.new/ext/standard/tests/strings/explode_bug.phpt 2009-01-27 14:13:40.000000000 -0500
+@@ -0,0 +1,15 @@
++--TEST--
++Explode/memnstr bug
++--INI--
++error_reporting=2047
++memory_limit=256M
++--FILE--
++<?php
++$res = explode(str_repeat("A",145999999),1);
++var_dump($res);
++?>
++--EXPECTF--
++array(1) {
++ [0]=>
++ string(1) "1"
++}
+diff -Nur php5-5.2.4/Zend/zend_operators.h php5-5.2.4.new/Zend/zend_operators.h
+--- php5-5.2.4/Zend/zend_operators.h 2007-07-20 20:35:14.000000000 -0400
++++ php5-5.2.4.new/Zend/zend_operators.h 2009-01-27 14:13:40.000000000 -0500
+@@ -220,6 +220,9 @@
+ char *p = haystack;
+ char ne = needle[needle_len-1];
+
++ if(needle_len > end-haystack) {
++ return NULL;
++ }
+ end -= needle_len;
+
+ while (p <= end) {

Added: trunk/debs/php5/debian/patches/123_SECURITY_CVE-2008-3660.patch
===================================================================
--- trunk/debs/php5/debian/patches/123_SECURITY_CVE-2008-3660.patch (rev 0)
+++ trunk/debs/php5/debian/patches/123_SECURITY_CVE-2008-3660.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,83 @@
+#
+# Description: fix denial of service via a request with multiple dots
+# preceding the extension (ex: foo..php)
+# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/286851
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499987
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
+#
+diff -Nur php5-5.2.4/sapi/cgi/cgi_main.c php5-5.2.4.new/sapi/cgi/cgi_main.c
+--- php5-5.2.4/sapi/cgi/cgi_main.c 2009-01-27 14:15:19.000000000 -0500
++++ php5-5.2.4.new/sapi/cgi/cgi_main.c 2009-01-27 14:17:48.000000000 -0500
+@@ -672,6 +672,39 @@
+ }
+ /* }}} */
+
++/* {{{ is_valid_path
++ *
++ * some server configurations allow '..' to slip through in the
++ * translated path. We'll just refuse to handle such a path.
++ */
++static int is_valid_path(const char *path)
++{
++ const char *p;
++
++ if (!path) {
++ return 0;
++ }
++ p = strstr(path, "..");
++ if (p) {
++ if ((p == path || IS_SLASH(*(p-1))) &&
++ (*(p+2) == 0 || IS_SLASH(*(p+2)))) {
++ return 0;
++ }
++ while (1) {
++ p = strstr(p+1, "..");
++ if (!p) {
++ break;
++ }
++ if (IS_SLASH(*(p-1)) &&
++ (*(p+2) == 0 || IS_SLASH(*(p+2)))) {
++ return 0;
++ }
++ }
++ }
++ return 1;
++}
++/* }}} */
++
+ /* {{{ init_request_info
+
+ initializes request_info structure
+@@ -950,9 +983,7 @@
+ if (pt) {
+ efree(pt);
+ }
+- /* some server configurations allow '..' to slip through in the
+- translated path. We'll just refuse to handle such a path. */
+- if (script_path_translated && !strstr(script_path_translated, "..")) {
++ if (is_valid_path(script_path_translated)) {
+ SG(request_info).path_translated = estrdup(script_path_translated);
+ }
+ } else {
+@@ -986,9 +1017,7 @@
+ } else {
+ SG(request_info).request_uri = env_script_name;
+ }
+- /* some server configurations allow '..' to slip through in the
+- translated path. We'll just refuse to handle such a path. */
+- if (script_path_translated && !strstr(script_path_translated, "..")) {
++ if (is_valid_path(script_path_translated)) {
+ SG(request_info).path_translated = estrdup(script_path_translated);
+ }
+ if (real_path) {
+@@ -1008,9 +1037,7 @@
+ script_path_translated = env_path_translated;
+ }
+ #endif
+- /* some server configurations allow '..' to slip through in the
+- translated path. We'll just refuse to handle such a path. */
+- if (script_path_translated && !strstr(script_path_translated, "..")) {
++ if (is_valid_path(script_path_translated)) {
+ SG(request_info).path_translated = estrdup(script_path_translated);
+ }
+ #if ENABLE_PATHINFO_CHECK

Added: trunk/debs/php5/debian/patches/124_SECURITY_CVE-2008-5557.patch
===================================================================
--- trunk/debs/php5/debian/patches/124_SECURITY_CVE-2008-5557.patch (rev 0)
+++ trunk/debs/php5/debian/patches/124_SECURITY_CVE-2008-5557.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,47 @@
+#
+# Description: fix mbstring extension arbitrary code execution via crafted
+# string containing HTML entity.
+# Ubuntu: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/317672
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511493
+# Upstream: http://bugs.php.net/bug.php?id=45722
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c?hideattic=0&r1=1.7&r2=1.8
+#
+diff -Nur php5-5.2.4/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c php5-5.2.4.new/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c
+--- php5-5.2.4/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c 2005-02-21 05:12:43.000000000 -0500
++++ php5-5.2.4.new/ext/mbstring/libmbfl/filters/mbfilter_htmlent.c 2009-01-27 14:18:42.000000000 -0500
+@@ -232,8 +232,7 @@
+ mbfl_filt_conv_html_dec_flush(filter);
+ if (c=='&')
+ {
+- filter->status = 1;
+- buffer[0] = '&';
++ buffer[filter->status++] = '&';
+ }
+ }
+ }
+@@ -244,17 +243,19 @@
+ int mbfl_filt_conv_html_dec_flush(mbfl_convert_filter *filter)
+ {
+ int status, pos = 0;
+- char *buffer;
++ unsigned char *buffer;
++ int err = 0;
+
+- buffer = (char*)filter->opaque;
++ buffer = (unsigned char*)filter->opaque;
+ status = filter->status;
++ filter->status = 0;
+ /* flush fragments */
+ while (status--) {
+- CK((*filter->output_function)(buffer[pos++], filter->data));
++ int e = (*filter->output_function)(buffer[pos++], filter->data);
++ if (e != 0)
++ err = e;
+ }
+- filter->status = 0;
+- /*filter->buffer = 0; of cause NOT*/
+- return 0;
++ return err;
+ }
+
+

Added: trunk/debs/php5/debian/patches/125_SECURITY_CVE-2008-5624.patch
===================================================================
--- trunk/debs/php5/debian/patches/125_SECURITY_CVE-2008-5624.patch (rev 0)
+++ trunk/debs/php5/debian/patches/125_SECURITY_CVE-2008-5624.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,48 @@
+#
+# Description: fix safe_mode restriction bypass via unrestricted variable settings.
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508021
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u
+#
+diff -Nur php5-5.2.4/ext/standard/basic_functions.c php5-5.2.4.new/ext/standard/basic_functions.c
+--- php5-5.2.4/ext/standard/basic_functions.c 2009-01-27 14:18:59.000000000 -0500
++++ php5-5.2.4.new/ext/standard/basic_functions.c 2009-01-27 14:19:05.000000000 -0500
+@@ -3914,6 +3914,8 @@
+ memset(&BG(mblen_state), 0, sizeof(BG(mblen_state)));
+ #endif
+ BG(incomplete_class) = incomplete_class_entry;
++ BG(page_uid) = -1;
++ BG(page_gid) = -1;
+ }
+
+
+@@ -4216,6 +4218,8 @@
+
+ PHP_RSHUTDOWN(user_filters)(SHUTDOWN_FUNC_ARGS_PASSTHRU);
+
++ BG(page_uid) = -1;
++ BG(page_gid) = -1;
+ return SUCCESS;
+ }
+
+diff -Nur php5-5.2.4/sapi/apache/mod_php5.c php5-5.2.4.new/sapi/apache/mod_php5.c
+--- php5-5.2.4/sapi/apache/mod_php5.c 2009-01-27 14:18:59.000000000 -0500
++++ php5-5.2.4.new/sapi/apache/mod_php5.c 2009-01-27 14:19:05.000000000 -0500
+@@ -597,6 +597,8 @@
+ return OK;
+ }
+
++ SG(server_context) = r;
++
+ zend_first_try {
+
+ /* Make sure file exists */
+@@ -654,8 +656,6 @@
+ /* Init timeout */
+ hard_timeout("send", r);
+
+- SG(server_context) = r;
+-
+ php_save_umask();
+ add_common_vars(r);
+ add_cgi_vars(r);

Added: trunk/debs/php5/debian/patches/126_SECURITY_CVE-2008-5625.patch
===================================================================
--- trunk/debs/php5/debian/patches/126_SECURITY_CVE-2008-5625.patch (rev 0)
+++ trunk/debs/php5/debian/patches/126_SECURITY_CVE-2008-5625.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,92 @@
+#
+# Description: fix arbitrary file write by placing a "php_value error_log"
+# entry in a .htaccess file.
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?hideattic=0&r1=1.19.2.7.2.14&r2=1.19.2.7.2.15
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/apache_config.c?hideattic=0&r1=1.7.2.1.2.5&r2=1.7.2.1.2.6
+#
+diff -Nur php5-5.2.4/sapi/apache/mod_php5.c php5-5.2.4.new/sapi/apache/mod_php5.c
+--- php5-5.2.4/sapi/apache/mod_php5.c 2009-01-27 14:19:37.000000000 -0500
++++ php5-5.2.4.new/sapi/apache/mod_php5.c 2009-01-27 14:19:44.000000000 -0500
+@@ -729,11 +729,11 @@
+ return 1; /* does not exist in dest, copy from source */
+ }
+
+- if (new_per_dir_entry->type==PHP_INI_SYSTEM
+- && orig_per_dir_entry->type!=PHP_INI_SYSTEM) {
+- return 1;
+- } else {
++ if (orig_per_dir_entry->type==PHP_INI_SYSTEM
++ && new_per_dir_entry->type!=PHP_INI_SYSTEM) {
+ return 0;
++ } else {
++ return 1;
+ }
+ }
+ /* }}} */
+@@ -770,9 +770,9 @@
+
+ /* need a copy of addv to merge */
+ new = php_create_dir(p, "php_merge_dir");
+- zend_hash_copy(new, (HashTable *) addv, (copy_ctor_func_t) copy_per_dir_entry, NULL, sizeof(php_per_dir_entry));
++ zend_hash_copy(new, (HashTable *) basev, (copy_ctor_func_t) copy_per_dir_entry, NULL, sizeof(php_per_dir_entry));
+
+- zend_hash_merge_ex(new, (HashTable *) basev, (copy_ctor_func_t) copy_per_dir_entry, sizeof(php_per_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL);
++ zend_hash_merge_ex(new, (HashTable *) addv, (copy_ctor_func_t) copy_per_dir_entry, sizeof(php_per_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL);
+ return new;
+ }
+ /* }}} */
+diff -Nur php5-5.2.4/sapi/apache2handler/apache_config.c php5-5.2.4.new/sapi/apache2handler/apache_config.c
+--- php5-5.2.4/sapi/apache2handler/apache_config.c 2007-08-03 05:33:17.000000000 -0400
++++ php5-5.2.4.new/sapi/apache2handler/apache_config.c 2009-01-27 14:19:44.000000000 -0500
+@@ -117,6 +117,23 @@
+ return NULL;
+ }
+
++static zend_bool should_overwrite_per_dir_entry(HashTable *target_ht, php_dir_entry *new_per_dir_entry, zend_hash_key *hash_key, void *pData)
++{
++ php_dir_entry *orig_per_dir_entry;
++
++ if (zend_hash_find(target_ht, hash_key->arKey, hash_key->nKeyLength, (void **) &orig_per_dir_entry)==FAILURE) {
++ return 1; /* does not exist in dest, copy from source */
++ }
++
++ if (new_per_dir_entry->status >= orig_per_dir_entry->status) {
++ /* use new entry */
++ phpapdebug((stderr, "ADDING/OVERWRITING %s (%d vs. %d)\n", hash_key->arKey, new_per_dir_entry->status, orig_per_dir_entry->status));
++ return 1;
++ } else {
++ return 0;
++ }
++}
++
+
+ void *merge_php_config(apr_pool_t *p, void *base_conf, void *new_conf)
+ {
+@@ -128,9 +145,12 @@
+ ulong num_index;
+
+ n = create_php_config(p, "merge_php_config");
+- zend_hash_copy(&n->config, &e->config, NULL, NULL, sizeof(php_dir_entry));
+-
++ /* copy old config */
++ zend_hash_copy(&n->config, &d->config, NULL, NULL, sizeof(php_dir_entry));
++ /* merge new config */
+ phpapdebug((stderr, "Merge dir (%p)+(%p)=(%p)\n", base_conf, new_conf, n));
++ zend_hash_merge_ex(&n->config, &e->config, NULL, sizeof(php_dir_entry), (merge_checker_func_t) should_overwrite_per_dir_entry, NULL);
++#if STAS_0
+ for (zend_hash_internal_pointer_reset(&d->config);
+ zend_hash_get_current_key_ex(&d->config, &str, &str_len,
+ &num_index, 0, NULL) == HASH_KEY_IS_STRING;
+@@ -140,10 +160,10 @@
+ if (zend_hash_find(&n->config, str, str_len, (void **) &pe) == SUCCESS) {
+ if (pe->status >= data->status) continue;
+ }
+- zend_hash_update(&n->config, str, str_len, data, sizeof(*data), NULL);
+ phpapdebug((stderr, "ADDING/OVERWRITING %s (%d vs. %d)\n", str, data->status, pe?pe->status:-1));
++ zend_hash_update(&n->config, str, str_len, data, sizeof(*data), NULL);
+ }
+-
++#endif
+ return n;
+ }
+

Added: trunk/debs/php5/debian/patches/127_SECURITY_CVE-2008-5658.patch
===================================================================
--- trunk/debs/php5/debian/patches/127_SECURITY_CVE-2008-5658.patch (rev 0)
+++ trunk/debs/php5/debian/patches/127_SECURITY_CVE-2008-5658.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,360 @@
+#
+# Description: fix arbitrary file overwrite from directory traversal via zip
+# file with dot-dot filenames.
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507857
+# Patch: http://patch-tracking.debian.net/patch/series/view/php5/5.2.6.dfsg.1-3/CVE-2008-5658.patch
+#
+diff -Nur php5-5.2.4/ext/zip/php_zip.c php5-5.2.4.new/ext/zip/php_zip.c
+--- php5-5.2.4/ext/zip/php_zip.c 2007-08-06 18:02:32.000000000 -0400
++++ php5-5.2.4.new/ext/zip/php_zip.c 2009-01-27 14:20:03.000000000 -0500
+@@ -81,6 +81,231 @@
+
+ /* }}} */
+
++static int php_zip_realpath_r(char *path, int start, int len, int *ll, time_t *t, int use_realpath, int is_dir, int *link_is_dir TSRMLS_DC) /* {{{ */
++{
++ int i, j;
++ int directory = 0;
++ struct stat st;
++ realpath_cache_bucket *bucket;
++ char *tmp;
++
++ while (1) {
++ if (len <= start) {
++ return start;
++ }
++
++ i = len;
++ while (i > start && !IS_SLASH(path[i-1])) {
++ i--;
++ }
++
++ if (i == len ||
++ (i == len - 1 && path[i] == '.')) {
++ /* remove double slashes and '.' */
++ len = i - 1;
++ is_dir = 1;
++ continue;
++ } else if (i == len - 2 && path[i] == '.' && path[i+1] == '.') {
++ /* remove '..' and previous directory */
++ if (i - 1 <= start) {
++ return start ? start : len;
++ }
++ j = php_zip_realpath_r(path, start, i-1, ll, t, use_realpath, 1, NULL TSRMLS_CC);
++ if (j > start) {
++ j--;
++ while (j > start && !IS_SLASH(path[j])) {
++ j--;
++ }
++ if (!start) {
++ /* leading '..' must not be removed in case of relative path */
++ if (j == 0 && path[0] == '.' && path[1] == '.' &&
++ IS_SLASH(path[2])) {
++ path[3] = '.';
++ path[4] = '.';
++ path[5] = DEFAULT_SLASH;
++ j = 5;
++ } else if (j > 0 &&
++ path[j+1] == '.' && path[j+2] == '.' &&
++ IS_SLASH(path[j+3])) {
++ j += 4;
++ path[j++] = '.';
++ path[j++] = '.';
++ path[j] = DEFAULT_SLASH;
++ }
++ }
++ } else if (!start && !j) {
++ /* leading '..' must not be removed in case of relative path */
++ path[0] = '.';
++ path[1] = '.';
++ path[2] = DEFAULT_SLASH;
++ j = 2;
++ }
++ return j;
++ }
++
++ path[len] = 0;
++
++ tmp = tsrm_do_alloca(len+1);
++ memcpy(tmp, path, len+1);
++
++ {
++ if (i - 1 <= start) {
++ j = start;
++ } else {
++ /* some leading directories may be unaccessable */
++ j = php_zip_realpath_r(path, start, i-1, ll, t, use_realpath, 1, NULL TSRMLS_CC);
++ if (j > start) {
++ path[j++] = DEFAULT_SLASH;
++ }
++ }
++ if (j < 0 || j + len - i >= MAXPATHLEN-1) {
++ tsrm_free_alloca(tmp);
++ return -1;
++ }
++ memcpy(path+j, tmp+i, len-i+1);
++ j += (len-i);
++ }
++
++ tsrm_free_alloca(tmp);
++ return j;
++ }
++}
++/* }}} */
++
++#define CWD_STATE_FREE(s) \
++ free((s)->cwd);
++
++
++#define CWD_STATE_COPY(d, s) \
++ (d)->cwd_length = (s)->cwd_length; \
++ (d)->cwd = (char *) malloc((s)->cwd_length+1); \
++ memcpy((d)->cwd, (s)->cwd, (s)->cwd_length+1);
++
++/* Resolve path relatively to state and put the real path into state */
++/* returns 0 for ok, 1 for error */
++int php_zip_virtual_file_ex(cwd_state *state, const char *path, verify_path_func verify_path, int use_realpath) /* {{{ */
++{
++ int path_length = strlen(path);
++ char resolved_path[MAXPATHLEN];
++ int start = 1;
++ int ll = 0;
++ time_t t;
++ int ret;
++ int add_slash;
++ TSRMLS_FETCH();
++
++ if (path_length == 0 || path_length >= MAXPATHLEN-1) {
++ return 1;
++ }
++
++ /* cwd_length can be 0 when getcwd() fails.
++ * This can happen under solaris when a dir does not have read permissions
++ * but *does* have execute permissions */
++ if (!IS_ABSOLUTE_PATH(path, path_length)) {
++ if (state->cwd_length == 0) {
++ /* resolve relative path */
++ start = 0;
++ memcpy(resolved_path , path, path_length + 1);
++ } else {
++ int state_cwd_length = state->cwd_length;
++
++ if (path_length + state_cwd_length + 1 >= MAXPATHLEN-1) {
++ return 1;
++ }
++ memcpy(resolved_path, state->cwd, state_cwd_length);
++ resolved_path[state_cwd_length] = DEFAULT_SLASH;
++ memcpy(resolved_path + state_cwd_length + 1, path, path_length + 1);
++ path_length += state_cwd_length + 1;
++ }
++ } else {
++ memcpy(resolved_path, path, path_length + 1);
++ }
++
++ add_slash = (use_realpath != CWD_REALPATH) && path_length > 0 && IS_SLASH(resolved_path[path_length-1]);
++ t = CWDG(realpath_cache_ttl) ? 0 : -1;
++ path_length = php_zip_realpath_r(resolved_path, start, path_length, &ll, &t, use_realpath, 0, NULL TSRMLS_CC);
++
++ if (path_length < 0) {
++ errno = ENOENT;
++ return 1;
++ }
++
++ if (!start && !path_length) {
++ resolved_path[path_length++] = '.';
++ }
++ if (add_slash && path_length && !IS_SLASH(resolved_path[path_length-1])) {
++ if (path_length >= MAXPATHLEN-1) {
++ return -1;
++ }
++ resolved_path[path_length++] = DEFAULT_SLASH;
++ }
++ resolved_path[path_length] = 0;
++
++ if (verify_path) {
++ cwd_state old_state;
++
++ CWD_STATE_COPY(&old_state, state);
++ state->cwd_length = path_length;
++ state->cwd = (char *) realloc(state->cwd, state->cwd_length+1);
++ memcpy(state->cwd, resolved_path, state->cwd_length+1);
++ if (verify_path(state)) {
++ CWD_STATE_FREE(state);
++ *state = old_state;
++ ret = 1;
++ } else {
++ CWD_STATE_FREE(&old_state);
++ ret = 0;
++ }
++ } else {
++ state->cwd_length = path_length;
++ state->cwd = (char *) realloc(state->cwd, state->cwd_length+1);
++ memcpy(state->cwd, resolved_path, state->cwd_length+1);
++ ret = 0;
++ }
++ return (ret);
++}
++/* }}} */
++
++/* Flatten a path by creating a relative path (to .) */
++static char * php_zip_make_relative_path(char *path, int path_len) /* {{{ */
++{
++ char *path_begin = path;
++ int prev_is_slash = 0;
++ char *e = path + path_len - 1;
++ size_t pos = path_len - 1;
++ size_t i;
++
++ if (IS_SLASH(path[0])) {
++ return path + 1;
++ }
++
++ if (path_len < 1 || path == NULL) {
++ return NULL;
++ }
++
++ i = path_len;
++
++ while (1) {
++ while (i > 0 && !IS_SLASH(path[i])) {
++ i--;
++ }
++
++ if (!i) {
++ return path;
++ }
++
++ if (i >= 2 && (path[i -1] == '.' || path[i -1] == ':')) {
++ /* i is the position of . or :, add 1 for / */
++ path_begin = path + i + 1;
++ break;
++ }
++ i--;
++ }
++
++ return path_begin;
++}
++/* }}} */
++
+ /* {{{ php_zip_extract_file */
+ /* TODO: Simplify it */
+ static int php_zip_extract_file(struct zip * za, char *dest, char *file, int file_len TSRMLS_DC)
+@@ -102,57 +327,80 @@
+ char *file_basename;
+ size_t file_basename_len;
+ int is_dir_only = 0;
++ char *path_cleaned;
++ size_t path_cleaned_len;
++ cwd_state new_state;
++
++ new_state.cwd = (char*)malloc(1);
++ new_state.cwd[0] = '\0';
++ new_state.cwd_length = 0;
++
++ /* Clean/normlize the path and then transform any path (absolute or relative)
++ to a path relative to cwd (../../mydir/foo.txt > mydir/foo.txt)
++ */
++ if (php_zip_virtual_file_ex(&new_state, file, NULL, CWD_EXPAND) == 1) {
++ return 0;
++ }
++ path_cleaned = php_zip_make_relative_path(new_state.cwd, new_state.cwd_length);
++ path_cleaned_len = strlen(path_cleaned);
+
+- if (file_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
++ if (path_cleaned_len >= MAXPATHLEN || zip_stat(za, file, 0, &sb) != 0) {
+ return 0;
+ }
+
+- if (file_len > 1 && file[file_len - 1] == '/') {
++ /* it is a directory only, see #40228 */
++ if (path_cleaned_len > 1 && IS_SLASH(path_cleaned[path_cleaned_len - 1])) {
+ len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file);
+ is_dir_only = 1;
+ } else {
+- memcpy(file_dirname, file, file_len);
+- dir_len = php_dirname(file_dirname, file_len);
++ memcpy(file_dirname, path_cleaned, path_cleaned_len);
++ dir_len = php_dirname(file_dirname, path_cleaned_len);
+
+- if (dir_len > 0) {
+- len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file_dirname);
+- } else {
++ if (dir_len <= 0 || (dir_len == 1 && file_dirname[0] == '.')) {
+ len = spprintf(&file_dirname_fullpath, 0, "%s", dest);
++ } else {
++ len = spprintf(&file_dirname_fullpath, 0, "%s/%s", dest, file_dirname);
+ }
+
+- php_basename(file, file_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
++ php_basename(path_cleaned, path_cleaned_len, NULL, 0, &file_basename, (size_t *)&file_basename_len TSRMLS_CC);
+
+ if (OPENBASEDIR_CHECKPATH(file_dirname_fullpath)) {
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
+ }
+ }
+
+ /* let see if the path already exists */
+ if (php_stream_stat_path(file_dirname_fullpath, &ssb) < 0) {
+- ret = php_stream_mkdir(file_dirname_fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL);
++
++ ret = php_stream_mkdir(file_dirname_fullpath, 0777, PHP_STREAM_MKDIR_RECURSIVE|REPORT_ERRORS, NULL);
+ if (!ret) {
+ efree(file_dirname_fullpath);
++ if (!is_dir_only) {
+ efree(file_basename);
++ free(new_state.cwd);
++ }
+ return 0;
+ }
+ }
+
+ /* it is a standalone directory, job done */
+- if (file[file_len - 1] == '/') {
++ if (is_dir_only) {
+ efree(file_dirname_fullpath);
+- if (!is_dir_only) {
+- efree(file_basename);
+- }
++ free(new_state.cwd);
+ return 1;
+ }
+
+- len = spprintf(&fullpath, 0, "%s/%s/%s", dest, file_dirname, file_basename);
++ len = spprintf(&fullpath, 0, "%s/%s", file_dirname_fullpath, file_basename);
+ if (!len) {
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
++ } else if (len > MAXPATHLEN) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Full extraction path exceed MAXPATHLEN (%i)", MAXPATHLEN);
+ }
+
+ /* check again the full path, not sure if it
+@@ -163,6 +411,7 @@
+ efree(fullpath);
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
+ }
+
+@@ -171,6 +420,7 @@
+ efree(fullpath);
+ efree(file_dirname_fullpath);
+ efree(file_basename);
++ free(new_state.cwd);
+ return 0;
+ }
+
+@@ -185,6 +435,7 @@
+ efree(fullpath);
+ efree(file_basename);
+ efree(file_dirname_fullpath);
++ free(new_state.cwd);
+
+ if (n<0) {
+ return 0;

Added: trunk/debs/php5/debian/patches/128_SECURITY_CVE-2008-5814.patch
===================================================================
--- trunk/debs/php5/debian/patches/128_SECURITY_CVE-2008-5814.patch (rev 0)
+++ trunk/debs/php5/debian/patches/128_SECURITY_CVE-2008-5814.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,22 @@
+#
+# Description: fix cross-site scripting vulnerability when display_errors is enabled.
+# Patch: http://viewcvs.php.net/viewvc.cgi/php-src/ext/standard/head.c?r1=1.84.2.1.2.8&r2=1.84.2.1.2.9&pathrev=PHP_5_2
+#
+diff -Nur php5-5.2.4/ext/standard/head.c php5-5.2.4.new/ext/standard/head.c
+--- php5-5.2.4/ext/standard/head.c 2007-02-25 21:12:36.000000000 -0500
++++ php5-5.2.4.new/ext/standard/head.c 2009-04-15 13:31:00.000000000 -0400
+@@ -69,12 +69,12 @@
+ int result;
+
+ if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
+- zend_error( E_WARNING, "Cookie names can not contain any of the folllowing '=,; \\t\\r\\n\\013\\014' (%s)", name );
++ zend_error( E_WARNING, "Cookie names can not contain any of the folllowing '=,; \\t\\r\\n\\013\\014'" );
+ return FAILURE;
+ }
+
+ if (!url_encode && value && strpbrk(value, ",; \t\r\n\013\014") != NULL) { /* man isspace for \013 and \014 */
+- zend_error( E_WARNING, "Cookie values can not contain any of the folllowing ',; \\t\\r\\n\\013\\014' (%s)", value );
++ zend_error( E_WARNING, "Cookie values can not contain any of the folllowing ',; \\t\\r\\n\\013\\014'" );
+ return FAILURE;
+ }
+

Added: trunk/debs/php5/debian/patches/129_SECURITY_CVE-2009-0754.patch
===================================================================
--- trunk/debs/php5/debian/patches/129_SECURITY_CVE-2009-0754.patch (rev 0)
+++ trunk/debs/php5/debian/patches/129_SECURITY_CVE-2009-0754.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,27 @@
+#
+# Description: fix mbstring.func_overload setting in .htaccess affects
+# other virtual hosts.
+# Patch: http://cvsweb.php.net/viewvc.cgi/php-src/ext/mbstring/mbstring.c?r1=1.276&r2=1.277
+# Upstream: http://bugs.php.net/bug.php?id=27421
+#
+diff -Nur php5-5.2.4/ext/mbstring/mbstring.c php5-5.2.4.new/ext/mbstring/mbstring.c
+--- php5-5.2.4/ext/mbstring/mbstring.c 2007-07-12 11:31:54.000000000 -0400
++++ php5-5.2.4.new/ext/mbstring/mbstring.c 2009-04-15 13:31:19.000000000 -0400
+@@ -1020,9 +1020,14 @@
+ /* clear overloaded function. */
+ if (MBSTRG(func_overload)){
+ p = &(mb_ovld[0]);
+- while (p->type > 0 && zend_hash_find(EG(function_table), p->save_func, strlen(p->save_func)+1 , (void **)&orig) == SUCCESS) {
+- zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL);
+- zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1);
++ while (p->type > 0) {
++ if ((MBSTRG(func_overload) & p->type) == p->type &&
++ zend_hash_find(EG(function_table), p->save_func,
++ strlen(p->save_func)+1, (void **)&orig) == SUCCESS) {
++
++ zend_hash_update(EG(function_table), p->orig_func, strlen(p->orig_func)+1, orig, sizeof(zend_function), NULL);
++ zend_hash_del(EG(function_table), p->save_func, strlen(p->save_func)+1);
++ }
+ p++;
+ }
+ }

Added: trunk/debs/php5/debian/patches/130_SECURITY_CVE-2009-1271.patch
===================================================================
--- trunk/debs/php5/debian/patches/130_SECURITY_CVE-2009-1271.patch (rev 0)
+++ trunk/debs/php5/debian/patches/130_SECURITY_CVE-2009-1271.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,50 @@
+#
+# Description: fix denial of service via malformed string to the json_decode API function.
+# Patch: http://cvs.php.net/viewvc.cgi/php-src/ext/json/JSON_parser.c?r1=1.1.2.14&r2=1.1.2.15
+#
+Index: php5-5.2.4/ext/json/JSON_parser.c
+===================================================================
+--- php5-5.2.4.orig/ext/json/JSON_parser.c 2007-06-13 13:56:41.000000000 -0400
++++ php5-5.2.4/ext/json/JSON_parser.c 2009-04-17 08:12:58.000000000 -0400
+@@ -494,9 +494,7 @@
+ }
+ */
+ case -7:
+- if (type != -1 &&
+- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_OBJECT)
+ {
+ zval *mval;
+ smart_str_0(&buf);
+@@ -566,9 +564,7 @@
+ */
+ case -5:
+ {
+- if (type != -1 &&
+- (JSON(the_stack)[JSON(the_top)] == MODE_OBJECT ||
+- JSON(the_stack)[JSON(the_top)] == MODE_ARRAY))
++ if (type != -1 && JSON(the_stack)[JSON(the_top)] == MODE_ARRAY)
+ {
+ zval *mval;
+ smart_str_0(&buf);
+Index: php5-5.2.4/ext/json/tests/001.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/json/tests/001.phpt 2009-04-17 08:13:05.000000000 -0400
++++ php5-5.2.4/ext/json/tests/001.phpt 2009-04-17 08:13:30.000000000 -0400
+@@ -16,6 +16,7 @@
+ var_dump(json_decode("руссиш"));
+ var_dump(json_decode("blah"));
+ var_dump(json_decode(NULL));
++var_dump(json_decode('[.1}'));
+ var_dump(json_decode('{ "test": { "foo": "bar" } }'));
+ var_dump(json_decode('{ "test": { "foo": "" } }'));
+ var_dump(json_decode('{ "": { "foo": "" } }'));
+@@ -38,6 +39,7 @@
+ string(12) "руссиш"
+ string(4) "blah"
+ NULL
++NULL
+ object(stdClass)#1 (1) {
+ ["test"]=>
+ object(stdClass)#2 (1) {

Added: trunk/debs/php5/debian/patches/131_SECURITY_CVE-2009-2687.patch
===================================================================
--- trunk/debs/php5/debian/patches/131_SECURITY_CVE-2009-2687.patch (rev 0)
+++ trunk/debs/php5/debian/patches/131_SECURITY_CVE-2009-2687.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,20 @@
+#
+# Description: fix denial of service via malformed JPEG image with invalid offset fields
+# Patch: http://svn.php.net/viewvc?view=revision&revision=281314
+# Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535888
+# Upstream: http://bugs.php.net/bug.php?id=48378
+#
+diff -Nur php5-5.2.4/ext/exif/exif.c php5-5.2.4.new/ext/exif/exif.c
+--- php5-5.2.4/ext/exif/exif.c 2009-08-21 10:44:17.000000000 -0400
++++ php5-5.2.4.new/ext/exif/exif.c 2009-08-21 10:44:27.000000000 -0400
+@@ -3210,6 +3210,10 @@
+ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid TIFF start (1)");
+ return;
+ }
++ if (offset_of_ifd > length) {
++ exif_error_docref(NULL EXIFERR_CC, ImageInfo, E_WARNING, "Invalid IFD start");
++ return;
++ }
+
+ ImageInfo->sections_found |= FOUND_IFD0;
+ /* First directory starts at offset 8. Offsets starts at 0. */

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4782.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4782.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4782.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,15 @@
+diff -Nur php5-5.2.4/ext/standard/file.c php5-5.2.4.new/ext/standard/file.c
+--- php5-5.2.4/ext/standard/file.c 2008-07-16 09:56:05.000000000 -0400
++++ php5-5.2.4.new/ext/standard/file.c 2008-07-16 09:56:18.000000000 -0400
+@@ -2518,6 +2518,11 @@
+ == FAILURE)
+ return;
+
++ if (filename_len >= MAXPATHLEN) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Filename exceeds the maximum allowed length of %d characters", MAXPATHLEN);
++ RETURN_FALSE;
++ }
++
+ RETURN_BOOL( ! fnmatch( pattern, filename, flags ));
+ }
+ /* }}} */

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4850.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4850.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2007-4850.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.4/ext/curl/interface.c
+===================================================================
+--- php5-5.2.4.orig/ext/curl/interface.c 2008-06-05 22:27:48.000000000 +0200
++++ php5-5.2.4/ext/curl/interface.c 2008-06-05 22:33:14.000000000 +0200
+@@ -173,7 +173,7 @@
+ php_curl_ret(__ret); \
+ } \
+ \
+- if (!php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \
++ if (tmp_url->host || !php_memnstr(str, tmp_url->path, strlen(tmp_url->path), str + len)) { \
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "URL '%s' contains unencoded control characters.", str); \
+ php_url_free(tmp_url); \
+ php_curl_ret(__ret); \

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5898.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5898.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5898.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,155 @@
+Index: php5-5.2.4/ext/standard/html.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/html.c 2007-05-27 11:57:11.000000000 -0400
++++ php5-5.2.4/ext/standard/html.c 2008-07-22 23:22:20.000000000 -0400
+@@ -484,18 +484,29 @@
+ } \
+ mbseq[mbpos++] = (mbchar); }
+
++#define CHECK_LEN(pos, chars_need) \
++ if((str_len - (pos)) < chars_need) { \
++ *status = FAILURE; \
++ return 0; \
++ }
++
+ /* {{{ get_next_char
+ */
+ inline static unsigned short get_next_char(enum entity_charset charset,
+ unsigned char * str,
++ int str_len,
+ int * newpos,
+ unsigned char * mbseq,
+- int * mbseqlen)
++ int * mbseqlen,
++ int *status)
+ {
+ int pos = *newpos;
+ int mbpos = 0;
+ int mbspace = *mbseqlen;
+ unsigned short this_char = str[pos++];
++ unsigned char next_char;
++
++ *status = SUCCESS;
+
+ if (mbspace <= 0) {
+ *mbseqlen = 0;
+@@ -517,6 +528,10 @@
+ do {
+ if (this_char < 0x80) {
+ more = 0;
++ if(stat) {
++ /* we didn't finish the UTF sequence correctly */
++ *status = FAILURE;
++ }
+ break;
+ } else if (this_char < 0xc0) {
+ switch (stat) {
+@@ -555,6 +570,7 @@
+ break;
+ default:
+ /* invalid */
++ *status = FAILURE;
+ more = 0;
+ }
+ }
+@@ -562,21 +578,27 @@
+ else if (this_char < 0xe0) {
+ stat = 0x10; /* 2 byte */
+ utf = (this_char & 0x1f) << 6;
++ CHECK_LEN(pos, 1);
+ } else if (this_char < 0xf0) {
+ stat = 0x20; /* 3 byte */
+ utf = (this_char & 0xf) << 12;
++ CHECK_LEN(pos, 2);
+ } else if (this_char < 0xf8) {
+ stat = 0x30; /* 4 byte */
+ utf = (this_char & 0x7) << 18;
++ CHECK_LEN(pos, 3);
+ } else if (this_char < 0xfc) {
+ stat = 0x40; /* 5 byte */
+ utf = (this_char & 0x3) << 24;
++ CHECK_LEN(pos, 4);
+ } else if (this_char < 0xfe) {
+ stat = 0x50; /* 6 byte */
+ utf = (this_char & 0x1) << 30;
++ CHECK_LEN(pos, 5);
+ } else {
+ /* invalid; bail */
+ more = 0;
++ *status = FAILURE;
+ break;
+ }
+
+@@ -594,7 +616,8 @@
+ /* check if this is the first of a 2-byte sequence */
+ if (this_char >= 0xa1 && this_char <= 0xfe) {
+ /* peek at the next char */
+- unsigned char next_char = str[pos];
++ CHECK_LEN(pos, 1);
++ next_char = str[pos];
+ if ((next_char >= 0x40 && next_char <= 0x7e) ||
+ (next_char >= 0xa1 && next_char <= 0xfe)) {
+ /* yes, this a wide char */
+@@ -614,7 +637,8 @@
+ (this_char >= 0xe0 && this_char <= 0xef)
+ ) {
+ /* peek at the next char */
+- unsigned char next_char = str[pos];
++ CHECK_LEN(pos, 1);
++ next_char = str[pos];
+ if ((next_char >= 0x40 && next_char <= 0x7e) ||
+ (next_char >= 0x80 && next_char <= 0xfc))
+ {
+@@ -633,7 +657,8 @@
+ /* check if this is the first of a multi-byte sequence */
+ if (this_char >= 0xa1 && this_char <= 0xfe) {
+ /* peek at the next char */
+- unsigned char next_char = str[pos];
++ CHECK_LEN(pos, 1);
++ next_char = str[pos];
+ if (next_char >= 0xa1 && next_char <= 0xfe) {
+ /* yes, this a jis kanji char */
+ this_char <<= 8;
+@@ -644,7 +669,8 @@
+
+ } else if (this_char == 0x8e) {
+ /* peek at the next char */
+- unsigned char next_char = str[pos];
++ CHECK_LEN(pos, 1);
++ next_char = str[pos];
+ if (next_char >= 0xa1 && next_char <= 0xdf) {
+ /* JIS X 0201 kana */
+ this_char <<= 8;
+@@ -655,8 +681,10 @@
+
+ } else if (this_char == 0x8f) {
+ /* peek at the next two char */
+- unsigned char next_char = str[pos];
+- unsigned char next2_char = str[pos+1];
++ unsigned char next2_char;
++ CHECK_LEN(pos, 2);
++ next_char = str[pos];
++ next2_char = str[pos+1];
+ if ((next_char >= 0xa1 && next_char <= 0xfe) &&
+ (next2_char >= 0xa1 && next2_char <= 0xfe)) {
+ /* JIS X 0212 hojo-kanji */
+@@ -1103,8 +1131,18 @@
+ while (i < oldlen) {
+ unsigned char mbsequence[16]; /* allow up to 15 characters in a multibyte sequence */
+ int mbseqlen = sizeof(mbsequence);
+- unsigned short this_char = get_next_char(charset, old, &i, mbsequence, &mbseqlen);
++ int status = SUCCESS;
++ unsigned short this_char = get_next_char(charset, old, oldlen, &i, mbsequence, &mbseqlen, &status);
+
++ if(status == FAILURE) {
++ /* invalid MB sequence */
++ efree(replaced);
++ if(!PG(display_errors)) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Invalid multibyte sequence in argument");
++ }
++ *newlen = 0;
++ return STR_EMPTY_ALLOC();
++ }
+ matches_map = 0;
+
+ if (len + 16 > maxlen)

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5899.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5899.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2007-5899.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,104 @@
+diff -Nur php5-5.2.4/ext/standard/url_scanner_ex.c php5-5.2.4.new/ext/standard/url_scanner_ex.c
+--- php5-5.2.4/ext/standard/url_scanner_ex.c 2007-08-29 19:39:22.000000000 -0400
++++ php5-5.2.4.new/ext/standard/url_scanner_ex.c 2008-07-10 16:28:59.000000000 -0400
+@@ -259,16 +259,29 @@
+
+ if (ctx->form_app.len > 0) {
+ switch (ctx->tag.len) {
+-
+-#define RECOGNIZE(x) do { \
+- case sizeof(x)-1: \
+- if (strncasecmp(ctx->tag.c, x, sizeof(x)-1) == 0) \
+- doit = 1; \
+- break; \
+-} while (0)
+-
+- RECOGNIZE("form");
+- RECOGNIZE("fieldset");
++ case sizeof("form") - 1:
++ if (!strncasecmp(ctx->tag.c, "form", sizeof("form") - 1)) {
++ doit = 1;
++ }
++ if (doit && ctx->val.c && ctx->lookup_data && *ctx->lookup_data) {
++ char *e, *p = zend_memnstr(ctx->val.c, "://", sizeof("://") - 1, ctx->val.c + ctx->val.len);
++ if (p) {
++ e = memchr(p, '/', (ctx->val.c + ctx->val.len) - p);
++ if (!e) {
++ e = ctx->val.c + ctx->val.len;
++ }
++ if ((e - p) && strncasecmp(p, ctx->lookup_data, (e - p))) {
++ doit = 0;
++ }
++ }
++ }
++ break;
++
++ case sizeof("fieldset") - 1:
++ if (!strncasecmp(ctx->tag.c, "fieldset", sizeof("fieldset") - 1)) {
++ doit = 1;
++ }
++ break;
+ }
+
+ if (doit)
+@@ -276,8 +289,6 @@
+ }
+ }
+
+-
+-
+ /*
+ * HANDLE_TAG copies the HTML Tag and checks whether we
+ * have that tag in our table. If we might modify it,
+diff -Nur php5-5.2.4/ext/standard/url_scanner_ex.re php5-5.2.4.new/ext/standard/url_scanner_ex.re
+--- php5-5.2.4/ext/standard/url_scanner_ex.re 2007-06-05 20:00:27.000000000 -0400
++++ php5-5.2.4.new/ext/standard/url_scanner_ex.re 2008-07-10 16:28:59.000000000 -0400
+@@ -205,16 +205,29 @@
+
+ if (ctx->form_app.len > 0) {
+ switch (ctx->tag.len) {
+-
+-#define RECOGNIZE(x) do { \
+- case sizeof(x)-1: \
+- if (strncasecmp(ctx->tag.c, x, sizeof(x)-1) == 0) \
+- doit = 1; \
+- break; \
+-} while (0)
+-
+- RECOGNIZE("form");
+- RECOGNIZE("fieldset");
++ case sizeof("form") - 1:
++ if (!strncasecmp(ctx->tag.c, "form", sizeof("form") - 1)) {
++ doit = 1;
++ }
++ if (doit && ctx->val.c && ctx->lookup_data && *ctx->lookup_data) {
++ char *e, *p = zend_memnstr(ctx->val.c, "://", sizeof("://") - 1, ctx->val.c + ctx->val.len);
++ if (p) {
++ e = memchr(p, '/', (ctx->val.c + ctx->val.len) - p);
++ if (!e) {
++ e = ctx->val.c + ctx->val.len;
++ }
++ if ((e - p) && strncasecmp(p, ctx->lookup_data, (e - p))) {
++ doit = 0;
++ }
++ }
++ }
++ break;
++
++ case sizeof("fieldset") - 1:
++ if (!strncasecmp(ctx->tag.c, "fieldset", sizeof("fieldset") - 1)) {
++ doit = 1;
++ }
++ break;
+ }
+
+ if (doit)
+@@ -222,8 +235,6 @@
+ }
+ }
+
+-
+-
+ /*
+ * HANDLE_TAG copies the HTML Tag and checks whether we
+ * have that tag in our table. If we might modify it,

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2008-0599.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2008-0599.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2008-0599.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.4/sapi/cgi/cgi_main.c
+===================================================================
+--- php5-5.2.4.orig/sapi/cgi/cgi_main.c 2008-06-05 22:25:39.000000000 +0200
++++ php5-5.2.4/sapi/cgi/cgi_main.c 2008-06-05 22:26:24.000000000 +0200
+@@ -906,7 +906,7 @@
+ ) {
+ /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
+ int ptlen = strlen(pt) - strlen(env_script_name);
+- int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
++ int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
+ char *path_translated = NULL;
+
+ path_translated = (char *) emalloc(path_translated_len + 1);

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2008-1384.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2008-1384.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2008-1384.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,32 @@
+diff -Nur php5-5.2.4/ext/standard/formatted_print.c php5-5.2.4.new/ext/standard/formatted_print.c
+--- php5-5.2.4/ext/standard/formatted_print.c 2007-06-03 05:12:04.000000000 -0400
++++ php5-5.2.4.new/ext/standard/formatted_print.c 2008-07-10 17:05:41.000000000 -0400
+@@ -76,6 +76,7 @@
+ register int npad;
+ int req_size;
+ int copy_len;
++ int m_width;
+
+ copy_len = (expprec ? MIN(max_width, len) : len);
+ npad = min_width - copy_len;
+@@ -86,11 +87,19 @@
+
+ PRINTF_DEBUG(("sprintf: appendstring(%x, %d, %d, \"%s\", %d, '%c', %d)\n",
+ *buffer, *pos, *size, add, min_width, padding, alignment));
++ m_width = MAX(min_width, copy_len);
+
+- req_size = *pos + MAX(min_width, copy_len) + 1;
++ if(m_width > INT_MAX - *pos - 1) {
++ zend_error_noreturn(E_ERROR, "Field width %d is too long", m_width);
++ }
++
++ req_size = *pos + m_width + 1;
+
+ if (req_size > *size) {
+ while (req_size > *size) {
++ if(*size > INT_MAX/2) {
++ zend_error_noreturn(E_ERROR, "Field width %d is too long", req_size);
++ }
+ *size <<= 1;
+ }
+ PRINTF_DEBUG(("sprintf ereallocing buffer to %d bytes\n", *size));

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2050.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2050.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2050.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,23 @@
+Index: php5-5.2.4/sapi/cgi/fastcgi.c
+===================================================================
+--- php5-5.2.4.orig/sapi/cgi/fastcgi.c 2007-07-09 07:48:39.000000000 -0400
++++ php5-5.2.4/sapi/cgi/fastcgi.c 2008-07-15 13:56:25.000000000 -0400
+@@ -593,6 +593,9 @@
+ hdr->reserved = 0;
+ hdr->type = type;
+ hdr->version = FCGI_VERSION_1;
++ if (pad) {
++ memset(((unsigned char*)hdr) + sizeof(fcgi_header) + len, 0, pad);
++ }
+ return pad;
+ }
+
+@@ -768,7 +771,7 @@
+ {
+ int ret, n, rest;
+ fcgi_header hdr;
+- unsigned char buf[8];
++ unsigned char buf[255];
+
+ n = 0;
+ rest = len;

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2051.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2051.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2051.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,65 @@
+Index: php5-5.2.4/ext/standard/exec.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/exec.c 2007-01-01 04:36:08.000000000 -0500
++++ php5-5.2.4/ext/standard/exec.c 2008-07-16 14:26:47.000000000 -0400
+@@ -25,6 +25,7 @@
+ #include "safe_mode.h"
+ #include "ext/standard/head.h"
+ #include "ext/standard/file.h"
++#include "basic_functions.h"
+ #include "exec.h"
+ #include "php_globals.h"
+ #include "SAPI.h"
+@@ -265,11 +266,25 @@
+ register int x, y, l;
+ char *cmd;
+ char *p = NULL;
++
++ TSRMLS_FETCH();
+
+ l = strlen(str);
+ cmd = safe_emalloc(2, l, 1);
+
+ for (x = 0, y = 0; x < l; x++) {
++ int mb_len = php_mblen(str + x, (l - x));
++
++ /* skip non-valid multibyte characters */
++ if (mb_len < 0) {
++ continue;
++ } else if (mb_len > 1) {
++ memcpy(cmd + y, str + x, mb_len);
++ y += mb_len;
++ x += mb_len - 1;
++ continue;
++ }
++
+ switch (str[x]) {
+ case '"':
+ case '\'':
+@@ -328,6 +343,7 @@
+ char *php_escape_shell_arg(char *str) {
+ int x, y, l;
+ char *cmd;
++ TSRMLS_FETCH();
+
+ y = 0;
+ l = strlen(str);
+@@ -341,6 +357,18 @@
+ #endif
+
+ for (x = 0; x < l; x++) {
++ int mb_len = php_mblen(str + x, (l - x));
++
++ /* skip non-valid multibyte characters */
++ if (mb_len < 0) {
++ continue;
++ } else if (mb_len > 1) {
++ memcpy(cmd + y, str + x, mb_len);
++ y += mb_len;
++ x += mb_len - 1;
++ continue;
++ }
++
+ switch (str[x]) {
+ #ifdef PHP_WIN32
+ case '"':

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2107+2108.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2107+2108.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2107+2108.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,12 @@
+diff -Nur php5-5.2.4/ext/standard/php_rand.h php5-5.2.4.new/ext/standard/php_rand.h
+--- php5-5.2.4/ext/standard/php_rand.h 2007-01-01 04:36:08.000000000 -0500
++++ php5-5.2.4.new/ext/standard/php_rand.h 2008-07-15 17:06:07.000000000 -0400
+@@ -49,7 +49,7 @@
+ #ifdef PHP_WIN32
+ #define GENERATE_SEED() ((long) (time(0) * GetCurrentProcessId() * 1000000 * php_combined_lcg(TSRMLS_C)))
+ #else
+-#define GENERATE_SEED() ((long) (time(0) * getpid() * 1000000 * php_combined_lcg(TSRMLS_C)))
++#define GENERATE_SEED() (((long) (time(0) * getpid())) ^ ((long) (1000000.0 * php_combined_lcg(TSRMLS_C))))
+ #endif
+
+ PHPAPI void php_srand(long seed TSRMLS_DC);

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2371.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2371.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2371.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,12 @@
+diff -Nur php5-5.2.4/ext/pcre/pcrelib/pcre_compile.c php5-5.2.4.new/ext/pcre/pcrelib/pcre_compile.c
+--- php5-5.2.4/ext/pcre/pcrelib/pcre_compile.c 2008-07-23 00:23:55.000000000 -0400
++++ php5-5.2.4.new/ext/pcre/pcrelib/pcre_compile.c 2008-07-23 00:26:08.000000000 -0400
+@@ -4490,7 +4490,7 @@
+ (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
+ {
+ cd->external_options = newoptions;
+- options = newoptions;
++ options = *optionsptr = newoptions;
+ }
+ else
+ {

Added: trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2829.patch
===================================================================
--- trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2829.patch (rev 0)
+++ trunk/debs/php5/debian/patches/SECURITY_CVE-2008-2829.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,80 @@
+diff -Nur php5-5.2.4/ext/imap/php_imap.c php5-5.2.4.new/ext/imap/php_imap.c
+--- php5-5.2.4/ext/imap/php_imap.c 2007-07-30 20:31:10.000000000 -0400
++++ php5-5.2.4.new/ext/imap/php_imap.c 2008-07-10 16:38:44.000000000 -0400
+@@ -70,6 +70,7 @@
+ static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
+ static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC);
+ static int _php_imap_address_size(ADDRESS *addresslist);
++static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len);
+
+ /* the gets we use */
+ static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md);
+@@ -2137,7 +2138,7 @@
+ }
+
+ string[0]='\0';
+- rfc822_write_address(string, addr);
++ _php_rfc822_write_address_len(string, addr, sizeof(string));
+ RETVAL_STRING(string, 1);
+ }
+ /* }}} */
+@@ -2906,13 +2907,13 @@
+ if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) {
+ env->from->next=NULL;
+ address[0] = '\0';
+- rfc822_write_address(address, env->from);
++ _php_rfc822_write_address_len(address, env->from, sizeof(address));
+ add_property_string(myoverview, "from", address, 1);
+ }
+ if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) {
+ env->to->next = NULL;
+ address[0] = '\0';
+- rfc822_write_address(address, env->to);
++ _php_rfc822_write_address_len(address, env->to, sizeof(address));
+ add_property_string(myoverview, "to", address, 1);
+ }
+ if (env->date) {
+@@ -3883,6 +3884,34 @@
+ /* }}} */
+
+
++/* {{{ _php_rfc822_soutr
++ */
++static long _php_rfc822_soutr (void *stream,char *string)
++{
++ return NIL;
++}
++
++/* }}} */
++
++
++/* {{{ _php_rfc822_write_address_len
++ */
++static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len)
++{
++ RFC822BUFFER buf;
++
++ buf.beg = dest;
++ buf.cur = buf.beg;
++ buf.end = buf.beg + len - 1;
++ buf.s = NIL;
++ buf.f = _php_rfc822_soutr;
++ rfc822_output_address_list (&buf, adr, 0, NIL);
++ *buf.cur = '\0';
++}
++
++/* }}} */
++
++
+ /* {{{ _php_imap_parse_address
+ */
+ static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC)
+@@ -3897,7 +3926,7 @@
+ if ((len = _php_imap_address_size(addresstmp))) {
+ tmpstr = (char *) pemalloc(len + 1, 1);
+ tmpstr[0] = '\0';
+- rfc822_write_address(tmpstr, addresstmp);
++ _php_rfc822_write_address_len(tmpstr, addresstmp, len);
+ *fulladdress = tmpstr;
+ } else {
+ *fulladdress = NULL;

Added: trunk/debs/php5/debian/patches/disable_dl_by_default.patch
===================================================================
--- trunk/debs/php5/debian/patches/disable_dl_by_default.patch (rev 0)
+++ trunk/debs/php5/debian/patches/disable_dl_by_default.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,29 @@
+Index: php5-5.2.4/php.ini-dist
+===================================================================
+--- php5-5.2.4.orig/php.ini-dist 2007-09-11 00:42:09.000000000 +0200
++++ php5-5.2.4/php.ini-dist 2007-09-11 00:42:13.000000000 +0200
+@@ -505,7 +505,8 @@
+ ; Whether or not to enable the dl() function. The dl() function does NOT work
+ ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+ ; disabled on them.
+-enable_dl = On
++; NOTE: this is a potential security hole and is disabled by default in debian
++enable_dl = Off
+
+ ; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+ ; most web servers. Left undefined, PHP turns this on by default. You can
+Index: php5-5.2.4/php.ini-recommended
+===================================================================
+--- php5-5.2.4.orig/php.ini-recommended 2007-09-11 00:23:54.000000000 +0200
++++ php5-5.2.4/php.ini-recommended 2007-09-11 00:42:13.000000000 +0200
+@@ -538,7 +538,9 @@
+ ; Whether or not to enable the dl() function. The dl() function does NOT work
+ ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+ ; disabled on them.
+-enable_dl = On
++; NOTE: this is a potential security hole and is disabled by default in debian
++enable_dl = Off
++
+
+ ; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+ ; most web servers. Left undefined, PHP turns this on by default. You can

Added: trunk/debs/php5/debian/patches/fix-xmlrpc-datetime.patch
===================================================================
--- trunk/debs/php5/debian/patches/fix-xmlrpc-datetime.patch (rev 0)
+++ trunk/debs/php5/debian/patches/fix-xmlrpc-datetime.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,78 @@
+diff -Naur php-5.2.4.orig/ext/xmlrpc/libxmlrpc/xmlrpc.c php-5.2.4/ext/xmlrpc/libxmlrpc/xmlrpc.c
+--- php-5.2.4.orig/ext/xmlrpc/libxmlrpc/xmlrpc.c 2007-06-07 05:07:36.000000000 -0400
++++ php-5.2.4/ext/xmlrpc/libxmlrpc/xmlrpc.c 2008-11-13 14:14:11.000000000 -0500
+@@ -161,11 +161,20 @@
+ * Begin Time Functions *
+ ***********************/
+
++static time_t mkgmtime(struct tm *tm)
++{
++ static const int mdays[12] = {0,31,59,90,120,151,181,212,243,273,304,334};
++
++ return ((((((tm->tm_year - 70) * 365) + mdays[tm->tm_mon] + tm->tm_mday-1 +
++ (tm->tm_year-68-1+(tm->tm_mon>=2))/4) * 24) + tm->tm_hour) * 60 +
++ tm->tm_min) * 60 + tm->tm_sec;
++}
++
+ static int date_from_ISO8601 (const char *text, time_t * value) {
+ struct tm tm;
+ int n;
+ int i;
+- char buf[18];
++ char buf[30];
+
+ if (strchr (text, '-')) {
+ char *p = (char *) text, *p2 = buf;
+@@ -175,6 +184,9 @@
+ p2++;
+ }
+ p++;
++ if (p2-buf >= sizeof(buf)) {
++ return -1;
++ }
+ }
+ text = buf;
+ }
+@@ -182,10 +194,6 @@
+
+ tm.tm_isdst = -1;
+
+- if(strlen(text) < 17) {
+- return -1;
+- }
+-
+ n = 1000;
+ tm.tm_year = 0;
+ for(i = 0; i < 4; i++) {
+@@ -238,7 +246,7 @@
+
+ static int date_to_ISO8601 (time_t value, char *buf, int length) {
+ struct tm *tm, tmbuf;
+- tm = php_localtime_r(&value, &tmbuf);
++ tm = php_gmtime_r(&value, &tmbuf);
+ if (!tm) {
+ return 0;
+ }
+@@ -1516,8 +1524,7 @@
+ date_to_ISO8601(time, timeBuf, sizeof(timeBuf));
+
+ if(timeBuf[0]) {
+- simplestring_clear(&value->str);
+- simplestring_add(&value->str, timeBuf);
++ XMLRPC_SetValueDateTime_ISO8601 (value, timeBuf);
+ }
+ }
+ }
+@@ -1693,8 +1700,11 @@
+ if(value) {
+ time_t time_val = 0;
+ if(s) {
++ value->type = xmlrpc_datetime;
+ date_from_ISO8601(s, &time_val);
+- XMLRPC_SetValueDateTime(value, time_val);
++ value->i = time_val;
++ simplestring_clear(&value->str);
++ simplestring_add(&value->str, s);
+ }
+ }
+ }

Added: trunk/debs/php5/debian/patches/fix_64bit_time.patch
===================================================================
--- trunk/debs/php5/debian/patches/fix_64bit_time.patch (rev 0)
+++ trunk/debs/php5/debian/patches/fix_64bit_time.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,106 @@
+Index: php5-5.2.4/ext/date/lib/parse_date.c
+===================================================================
+--- php5-5.2.4.orig/ext/date/lib/parse_date.c 2008-02-27 12:58:25.768431881 -0500
++++ php5-5.2.4/ext/date/lib/parse_date.c 2008-02-27 12:58:58.973467615 -0500
+@@ -668,7 +668,7 @@
+ long value = 0;
+ const timelib_tz_lookup_table *tp;
+
+- while (**ptr != '\0' && **ptr != ')') {
++ while (**ptr != '\0' && **ptr != ')' && **ptr != ' ') {
+ ++*ptr;
+ }
+ end = *ptr;
+Index: php5-5.2.4/ext/date/lib/parse_date.re
+===================================================================
+--- php5-5.2.4.orig/ext/date/lib/parse_date.re 2008-02-27 12:58:25.800458866 -0500
++++ php5-5.2.4/ext/date/lib/parse_date.re 2008-02-27 12:58:58.981470555 -0500
+@@ -667,7 +667,7 @@
+ long value = 0;
+ const timelib_tz_lookup_table *tp;
+
+- while (**ptr != '\0' && **ptr != ')') {
++ while (**ptr != '\0' && **ptr != ')' && **ptr != ' ') {
+ ++*ptr;
+ }
+ end = *ptr;
+Index: php5-5.2.4/ext/date/lib/timelib.h
+===================================================================
+--- php5-5.2.4.orig/ext/date/lib/timelib.h 2008-02-27 12:58:25.868430735 -0500
++++ php5-5.2.4/ext/date/lib/timelib.h 2008-02-27 12:58:58.905465712 -0500
+@@ -22,6 +22,9 @@
+ #define __TIMELIB_H__
+
+ #include "timelib_structs.h"
++#if HAVE_LIMITS_H
++#include <limits.h>
++#endif
+
+ #define TIMELIB_NONE 0x00
+ #define TIMELIB_OVERRIDE_TIME 0x01
+Index: php5-5.2.4/ext/date/tests/bug41523.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/date/tests/bug41523.phpt 2008-02-27 12:58:25.936460995 -0500
++++ php5-5.2.4/ext/date/tests/bug41523.phpt 2008-02-27 12:58:58.925463597 -0500
+@@ -1,5 +1,7 @@
+ --TEST--
+-Bug #41523 (strtotime('0000-00-00 00:00:00') is parsed as 1999-11-30)
++Bug #41523 (strtotime('0000-00-00 00:00:00') is parsed as 1999-11-30) (32 bit)
++--SKIPIF--
++<?php echo PHP_INT_SIZE == 8 ? "skip 32-bit only" : "OK"; ?>
+ --FILE--
+ <?php
+ date_default_timezone_set("UTC");
+Index: php5-5.2.4/ext/date/tests/mktime-3.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/date/tests/mktime-3.phpt 2008-02-27 12:58:25.996432789 -0500
++++ php5-5.2.4/ext/date/tests/mktime-3.phpt 2008-02-27 12:58:58.937465946 -0500
+@@ -1,5 +1,7 @@
+ --TEST--
+-mktime() [3]
++mktime() [3] (32-bit)
++--SKIPIF--
++<?php echo PHP_INT_SIZE == 8 ? "skip 32-bit only" : "OK" ?>
+ --INI--
+ error_reporting=2047
+ --FILE--
+Index: php5-5.2.4/ext/date/tests/strtotime-mysql.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/date/tests/strtotime-mysql.phpt 2008-02-27 12:58:26.060432838 -0500
++++ php5-5.2.4/ext/date/tests/strtotime-mysql.phpt 2008-02-27 12:58:58.949459635 -0500
+@@ -1,5 +1,7 @@
+ --TEST--
+-strtotime() and mysql timestamps
++strtotime() and mysql timestamps (32 bit)
++--SKIPIF--
++<?php echo PHP_INT_SIZE == 8 ? "skip 32-bit only" : "OK"; ?>
+ --FILE--
+ <?php
+ date_default_timezone_set('UTC');
+Index: php5-5.2.4/ext/date/tests/strtotime3.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/date/tests/strtotime3.phpt 2008-02-27 12:58:26.148431648 -0500
++++ php5-5.2.4/ext/date/tests/strtotime3.phpt 2008-02-27 12:58:58.961433836 -0500
+@@ -1,5 +1,7 @@
+ --TEST--
+-strtotime() function
++strtotime() function (32 bit)
++--SKIPIF--
++<?php echo PHP_INT_SIZE == 8 ? "skip 32-bit only" : "OK"; ?>
+ --FILE--
+ <?php
+ date_default_timezone_set('Europe/Lisbon');
+Index: php5-5.2.4/ext/wddx/tests/001.phpt
+===================================================================
+--- php5-5.2.4.orig/ext/wddx/tests/001.phpt 2008-02-27 12:58:26.240432312 -0500
++++ php5-5.2.4/ext/wddx/tests/001.phpt 2008-02-27 12:58:58.913434707 -0500
+@@ -1,7 +1,8 @@
+ --TEST--
+-wddx deserialization test
++wddx deserialization test (32-bit)
+ --SKIPIF--
+ <?php if (!extension_loaded("wddx")) print "skip"; ?>
++<?php echo PHP_INT_SIZE == 8 ? "skip 32-bit only" : "OK" ?>
+ --INI--
+ precision=14
+ --FILE--

Added: trunk/debs/php5/debian/patches/fix_broken_upstream_tests.patch
===================================================================
--- trunk/debs/php5/debian/patches/fix_broken_upstream_tests.patch (rev 0)
+++ trunk/debs/php5/debian/patches/fix_broken_upstream_tests.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,61 @@
+Index: php-5.2.4/tests/basic/bug20539.phpt
+===================================================================
+--- php-5.2.4.orig/tests/basic/bug20539.phpt
++++ php-5.2.4/tests/basic/bug20539.phpt
+@@ -3,6 +3,7 @@
+ --INI--
+ session.auto_start=1
+ session.save_handler=files
++session.save_path=temp_session_store
+ --FILE--
+ <?php
+ print "good :)\n";
+Index: php-5.2.4/ext/soap/tests/server009.phpt
+===================================================================
+--- php-5.2.4.orig/ext/soap/tests/server009.phpt
++++ php-5.2.4/ext/soap/tests/server009.phpt
+@@ -7,6 +7,10 @@
+ die('skip this test needs session extension');
+ }
+ ?>
++--INI--
++session.auto_start=1
++session.save_handler=files
++session.save_path=temp_session_store
+ --FILE--
+ <?php
+ class foo {
+Index: php-5.2.4/ext/standard/tests/general_functions/phpinfo.phpt
+===================================================================
+--- php-5.2.4.orig/ext/standard/tests/general_functions/phpinfo.phpt
++++ php-5.2.4/ext/standard/tests/general_functions/phpinfo.phpt
+@@ -1,5 +1,7 @@
+ --TEST--
+ phpinfo()
++--SKIPIF--
++<?php die("SKIP phpinfo - test suite's handling of "%s" is incompatible with this test"); ?>
+ --FILE--
+ <?php
+ var_dump(phpinfo());
+@@ -23,6 +25,8 @@
+ Server API => Command Line Interface
+ Virtual Directory Support => %s
+ Configuration File (php.ini) Path => %s
++Loaded Configuration File => %s
++Scan this dir for additional .ini files => %s
+ PHP API => %d
+ PHP Extension => %d
+ Zend Extension => %d
+Index: php-5.2.4/ext/standard/tests/strings/moneyformat.phpt
+===================================================================
+--- php-5.2.4.orig/ext/standard/tests/strings/moneyformat.phpt
++++ php-5.2.4/ext/standard/tests/strings/moneyformat.phpt
+@@ -5,6 +5,8 @@
+ if (!function_exists('money_format') || !function_exists('setlocale')) {
+ die("SKIP money_format - not supported\n");
+ }
++ if (!setlocale(LC_MONETARY, 'en_US'))
++ die("SKIP money_format - en_US locale not available\n");
+ ?>
+ --FILE--
+ <?php

Added: trunk/debs/php5/debian/patches/security526-pcre_compile.patch
===================================================================
--- trunk/debs/php5/debian/patches/security526-pcre_compile.patch (rev 0)
+++ trunk/debs/php5/debian/patches/security526-pcre_compile.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,39 @@
+Index: php5-5.2.4/ext/pcre/pcrelib/pcre_compile.c
+===================================================================
+--- php5-5.2.4.orig/ext/pcre/pcrelib/pcre_compile.c 2008-06-05 22:37:12.000000000 +0200
++++ php5-5.2.4/ext/pcre/pcrelib/pcre_compile.c 2008-06-05 22:37:44.000000000 +0200
+@@ -2175,6 +2175,7 @@
+ BOOL class_utf8;
+ BOOL utf8 = (options & PCRE_UTF8) != 0;
+ uschar *class_utf8data;
++uschar *class_utf8data_base;
+ uschar utf8_char[6];
+ #else
+ BOOL utf8 = FALSE;
+@@ -2458,6 +2459,7 @@
+ #ifdef SUPPORT_UTF8
+ class_utf8 = FALSE; /* No chars >= 256 */
+ class_utf8data = code + LINK_SIZE + 2; /* For UTF-8 items */
++ class_utf8data_base = class_utf8data; /* For resetting in pass 1 */
+ #endif
+
+ /* Process characters until ] is reached. By writing this as a "do" it
+@@ -2473,6 +2475,18 @@
+ { /* Braces are required because the */
+ GETCHARLEN(c, ptr, ptr); /* macro generates multiple statements */
+ }
++
++ /* In the pre-compile phase, accumulate the length of any UTF-8 extra
++ data and reset the pointer. This is so that very large classes that
++ contain a zillion UTF-8 characters no longer overwrite the work space
++ (which is on the stack). */
++
++ if (lengthptr != NULL)
++ {
++ *lengthptr += class_utf8data - class_utf8data_base;
++ class_utf8data = class_utf8data_base;
++ }
++
+ #endif
+
+ /* Inside \Q...\E everything is literal except \E */

Added: trunk/debs/php5/debian/patches/series
===================================================================
--- trunk/debs/php5/debian/patches/series (rev 0)
+++ trunk/debs/php5/debian/patches/series 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,58 @@
+001-libtool_fixes.patch
+002-static_openssl.patch
+004-ldap_fix.patch
+006-debian_quirks.patch
+013-force_getaddrinfo.patch
+017-pread_pwrite_disable.patch
+019-z_off_t_as_long.patch
+027-readline_is_editline.patch
+029-php.ini_paranoid.patch
+033-we_WANT_libtool.patch
+034-apache2_umask_fix.patch
+036-fd_setsize_fix.patch
+043-recode_size_t.patch
+044-strtod_arm_fix.patch
+045-exif_nesting_level.patch
+047-zts_with_dl.patch
+052-phpinfo_no_configure.patch
+053-extension_api.patch
+056-mime_magic_liberal.patch
+057-no_apache_installed.patch
+100-recode_is_shared.patch
+101-sqlite_is_shared.patch
+107-reflection_is_ext.patch
+108-64_bit_datetime.patch
+112-proc_open.patch
+113-php.ini_securitynotes.patch
+disable_dl_by_default.patch
+suhosin.patch
+fix_broken_upstream_tests.patch
+use-specific-libdb-version.patch
+fix_64bit_time.patch
+SECURITY_CVE-2008-2050.patch
+SECURITY_CVE-2008-2051.patch
+SECURITY_CVE-2008-0599.patch
+SECURITY_CVE-2007-4850.patch
+security526-pcre_compile.patch
+SECURITY_CVE-2007-5898.patch
+SECURITY_CVE-2007-5899.patch
+SECURITY_CVE-2008-2829.patch
+SECURITY_CVE-2008-1384.patch
+SECURITY_CVE-2008-2107+2108.patch
+SECURITY_CVE-2007-4782.patch
+119-sybase-alias.patch
+SECURITY_CVE-2008-2371.patch
+use_embedded_timezonedb.patch
+fix-xmlrpc-datetime.patch
+120_SECURITY_CVE-2007-5900.patch
+121_SECURITY_CVE-2008-3658.patch
+122_SECURITY_CVE-2008-3659.patch
+123_SECURITY_CVE-2008-3660.patch
+124_SECURITY_CVE-2008-5557.patch
+125_SECURITY_CVE-2008-5624.patch
+126_SECURITY_CVE-2008-5625.patch
+127_SECURITY_CVE-2008-5658.patch
+128_SECURITY_CVE-2008-5814.patch
+129_SECURITY_CVE-2009-0754.patch
+130_SECURITY_CVE-2009-1271.patch
+131_SECURITY_CVE-2009-2687.patch

Added: trunk/debs/php5/debian/patches/suhosin.patch
===================================================================
--- trunk/debs/php5/debian/patches/suhosin.patch (rev 0)
+++ trunk/debs/php5/debian/patches/suhosin.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,2622 @@
+Index: php5-5.2.4/configure.in
+===================================================================
+--- php5-5.2.4.orig/configure.in 2007-09-16 14:45:15.000000000 +0200
++++ php5-5.2.4/configure.in 2007-09-16 14:45:15.000000000 +0200
+@@ -227,6 +227,7 @@
+ sinclude(TSRM/threads.m4)
+ sinclude(TSRM/tsrm.m4)
+
++sinclude(main/suhosin_patch.m4)
+
+ divert(2)
+
+@@ -1304,7 +1305,7 @@
+ php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
+ strlcat.c mergesort.c reentrancy.c php_variables.c php_ticks.c \
+ network.c php_open_temporary_file.c php_logos.c \
+- output.c )
++ output.c suhosin_patch.c )
+
+ PHP_ADD_SOURCES(main/streams, streams.c cast.c memory.c filter.c \
+ plain_wrapper.c userspace.c transports.c xp_socket.c mmap.c)
+@@ -1330,7 +1331,7 @@
+ zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \
+ zend_list.c zend_indent.c zend_builtin_functions.c zend_sprintf.c \
+ zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c zend_stream.c \
+- zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c)
++ zend_iterators.c zend_interfaces.c zend_exceptions.c zend_strtod.c zend_canary.c )
+
+ if test -r "$abs_srcdir/Zend/zend_objects.c"; then
+ PHP_ADD_SOURCES(Zend, zend_objects.c zend_object_handlers.c zend_objects_API.c \
+Index: php5-5.2.4/ext/standard/basic_functions.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/basic_functions.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/ext/standard/basic_functions.c 2007-09-16 14:45:15.000000000 +0200
+@@ -3570,7 +3570,9 @@
+ PHP_FALIAS(socket_get_status, stream_get_meta_data, arginfo_stream_get_meta_data)
+
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+- PHP_FE(realpath, arginfo_realpath)
++#undef realpath
++ PHP_NAMED_FE(realpath, PHP_FN(real_path), arginfo_realpath)
++#define realpath real_path
+ #endif
+
+ #ifdef HAVE_FNMATCH
+Index: php5-5.2.4/ext/standard/dl.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/dl.c 2007-09-16 14:45:15.000000000 +0200
++++ php5-5.2.4/ext/standard/dl.c 2007-09-16 14:45:15.000000000 +0200
+@@ -228,6 +228,19 @@
+ RETURN_FALSE;
+ }
+ }
++#if SUHOSIN_PATCH
++ if (strncmp("suhosin", module_entry->name, sizeof("suhosin")-1) == 0) {
++ void *log_func;
++ /* sucessfully loaded suhosin extension, now check for logging function replacement */
++ log_func = (void *) DL_FETCH_SYMBOL(handle, "suhosin_log");
++ if (log_func == NULL) {
++ log_func = (void *) DL_FETCH_SYMBOL(handle, "_suhosin_log");
++ }
++ if (log_func != NULL) {
++ zend_suhosin_log = log_func;
++ }
++ }
++#endif
+ RETURN_TRUE;
+ }
+ /* }}} */
+Index: php5-5.2.4/ext/standard/file.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/file.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/ext/standard/file.c 2007-09-16 14:45:15.000000000 +0200
+@@ -2361,7 +2361,7 @@
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+ /* {{{ proto string realpath(string path)
+ Return the resolved path */
+-PHP_FUNCTION(realpath)
++PHP_FUNCTION(real_path)
+ {
+ zval **path;
+ char resolved_path_buff[MAXPATHLEN];
+Index: php5-5.2.4/ext/standard/file.h
+===================================================================
+--- php5-5.2.4.orig/ext/standard/file.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/ext/standard/file.h 2007-09-16 14:45:15.000000000 +0200
+@@ -61,7 +61,7 @@
+ PHP_FUNCTION(fd_set);
+ PHP_FUNCTION(fd_isset);
+ #if (!defined(__BEOS__) && !defined(NETWARE) && HAVE_REALPATH) || defined(ZTS)
+-PHP_FUNCTION(realpath);
++PHP_FUNCTION(real_path);
+ #endif
+ #ifdef HAVE_FNMATCH
+ PHP_FUNCTION(fnmatch);
+Index: php5-5.2.4/ext/standard/info.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/info.c 2007-09-16 14:45:15.000000000 +0200
++++ php5-5.2.4/ext/standard/info.c 2007-09-16 14:45:15.000000000 +0200
+@@ -627,6 +627,31 @@
+
+ php_info_print_table_end();
+
++ /* Suhosin Patch */
++ php_info_print_box_start(0);
++ if (expose_php && !sapi_module.phpinfo_as_text) {
++ PUTS("<a href=\"http://www.hardened-php.net/suhosin/index.html\"><img border=\"0\" src=\"");
++ if (SG(request_info).request_uri) {
++ char *elem_esc = php_info_html_esc(SG(request_info).request_uri TSRMLS_CC);
++ PUTS(elem_esc);
++ efree(elem_esc);
++ }
++ PUTS("?="SUHOSIN_LOGO_GUID"\" alt=\"Suhosin logo\" /></a>\n");
++ }
++ PUTS("This server is protected with the Suhosin Patch ");
++ if (sapi_module.phpinfo_as_text) {
++ PUTS(SUHOSIN_PATCH_VERSION);
++ } else {
++ zend_html_puts(SUHOSIN_PATCH_VERSION, strlen(SUHOSIN_PATCH_VERSION) TSRMLS_CC);
++ }
++ PUTS(!sapi_module.phpinfo_as_text?"<br />":"\n");
++ if (sapi_module.phpinfo_as_text) {
++ PUTS("Copyright (c) 2006 Hardened-PHP Project\n");
++ } else {
++ PUTS("Copyright (c) 2006 <a href=\"http://www.hardened-php.net/\">Hardened-PHP Project</a>\n");
++ }
++ php_info_print_box_end();
++
+ /* Zend Engine */
+ php_info_print_box_start(0);
+ if (expose_php && !sapi_module.phpinfo_as_text) {
+Index: php5-5.2.4/ext/standard/syslog.c
+===================================================================
+--- php5-5.2.4.orig/ext/standard/syslog.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/ext/standard/syslog.c 2007-09-16 14:45:15.000000000 +0200
+@@ -42,6 +42,7 @@
+ */
+ PHP_MINIT_FUNCTION(syslog)
+ {
++#if !SUHOSIN_PATCH
+ /* error levels */
+ REGISTER_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
+ REGISTER_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
+@@ -97,6 +98,7 @@
+ /* AIX doesn't have LOG_PERROR */
+ REGISTER_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
+ #endif
++#endif
+ BG(syslog_device)=NULL;
+
+ return SUCCESS;
+Index: php5-5.2.4/main/fopen_wrappers.c
+===================================================================
+--- php5-5.2.4.orig/main/fopen_wrappers.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/main/fopen_wrappers.c 2007-09-16 14:45:15.000000000 +0200
+@@ -111,7 +111,7 @@
+
+ /* normalize and expand path */
+ if (expand_filepath(path, resolved_name TSRMLS_CC) == NULL) {
+- return -1;
++ return -2;
+ }
+
+ path_len = strlen(resolved_name);
+@@ -180,6 +180,12 @@
+ }
+ }
+
++ if (resolved_name_len == resolved_basedir_len - 1) {
++ if (resolved_basedir[resolved_basedir_len - 1] == PHP_DIR_SEPARATOR) {
++ resolved_basedir_len--;
++ }
++ }
++
+ /* Check the path */
+ #if defined(PHP_WIN32) || defined(NETWARE)
+ if (strncasecmp(resolved_basedir, resolved_name, resolved_basedir_len) == 0) {
+@@ -203,7 +209,7 @@
+ }
+ } else {
+ /* Unable to resolve the real path, return -1 */
+- return -1;
++ return -3;
+ }
+ }
+ /* }}} */
+@@ -222,22 +228,44 @@
+ char *pathbuf;
+ char *ptr;
+ char *end;
++ char path_copy[MAXPATHLEN];
++ int path_len;
++
++ /* Special case path ends with a trailing slash */
++ path_len = strlen(path);
++ if (path_len >= MAXPATHLEN) {
++ errno = EPERM; /* we deny permission to open it */
++ return -1;
++ }
++ if (path_len > 0 && path[path_len-1] == PHP_DIR_SEPARATOR) {
++ memcpy(path_copy, path, path_len+1);
++ while (path_len > 1 && path_copy[path_len-1] == PHP_DIR_SEPARATOR) path_len--;
++ path_copy[path_len] = '\0';
++ path = (const char *)&path_copy;
++ }
+
+ pathbuf = estrdup(PG(open_basedir));
+
+ ptr = pathbuf;
+
+ while (ptr && *ptr) {
++ int res;
+ end = strchr(ptr, DEFAULT_DIR_SEPARATOR);
+ if (end != NULL) {
+ *end = '\0';
+ end++;
+ }
+
+- if (php_check_specific_open_basedir(ptr, path TSRMLS_CC) == 0) {
++ res = php_check_specific_open_basedir(ptr, path TSRMLS_CC);
++ if (res == 0) {
+ efree(pathbuf);
+ return 0;
+ }
++ if (res == -2) {
++ efree(pathbuf);
++ errno = EPERM;
++ return -1;
++ }
+
+ ptr = end;
+ }
+Index: php5-5.2.4/main/main.c
+===================================================================
+--- php5-5.2.4.orig/main/main.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/main/main.c 2007-09-16 14:45:15.000000000 +0200
+@@ -88,6 +88,9 @@
+
+ #include "SAPI.h"
+ #include "rfc1867.h"
++#if SUHOSIN_PATCH
++#include "suhosin_globals.h"
++#endif
+ /* }}} */
+
+ #ifndef ZTS
+@@ -1347,7 +1350,7 @@
+
+ /* used to close fd's in the 3..255 range here, but it's problematic
+ */
+- shutdown_memory_manager(1, 1 TSRMLS_CC);
++ shutdown_memory_manager(1, 1 TSRMLS_CC);
+ }
+ /* }}} */
+
+@@ -1388,6 +1391,9 @@
+
+ zend_try {
+ shutdown_memory_manager(CG(unclean_shutdown), 0 TSRMLS_CC);
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ } zend_end_try();
+
+ zend_try {
+@@ -1480,6 +1486,9 @@
+ /* 11. Free Willy (here be crashes) */
+ zend_try {
+ shutdown_memory_manager(CG(unclean_shutdown) || !report_memleaks, 0 TSRMLS_CC);
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ } zend_end_try();
+
+ /* 12. Reset max_execution_time */
+@@ -1639,6 +1648,9 @@
+ #ifdef ZTS
+ tsrm_ls = ts_resource(0);
+ #endif
++#if SUHOSIN_PATCH
++ suhosin_startup();
++#endif
+
+ module_shutdown = 0;
+ module_startup = 1;
+@@ -1768,6 +1780,10 @@
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_PATH", PHP_CONFIG_FILE_PATH, strlen(PHP_CONFIG_FILE_PATH), CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_CONFIG_FILE_SCAN_DIR", PHP_CONFIG_FILE_SCAN_DIR, sizeof(PHP_CONFIG_FILE_SCAN_DIR)-1, CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_SHLIB_SUFFIX", PHP_SHLIB_SUFFIX, sizeof(PHP_SHLIB_SUFFIX)-1, CONST_PERSISTENT | CONST_CS);
++#if SUHOSIN_PATCH
++ REGISTER_MAIN_LONG_CONSTANT("SUHOSIN_PATCH", 1, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_STRINGL_CONSTANT("SUHOSIN_PATCH_VERSION", SUHOSIN_PATCH_VERSION, sizeof(SUHOSIN_PATCH_VERSION)-1, CONST_PERSISTENT | CONST_CS);
++#endif
+ REGISTER_MAIN_STRINGL_CONSTANT("PHP_EOL", PHP_EOL, sizeof(PHP_EOL)-1, CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_LONG_CONSTANT("PHP_INT_MAX", LONG_MAX, CONST_PERSISTENT | CONST_CS);
+ REGISTER_MAIN_LONG_CONSTANT("PHP_INT_SIZE", sizeof(long), CONST_PERSISTENT | CONST_CS);
+@@ -1817,7 +1833,9 @@
+ module_startup = 0;
+
+ shutdown_memory_manager(1, 0 TSRMLS_CC);
+-
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ /* we're done */
+ return SUCCESS;
+ }
+@@ -1876,6 +1894,9 @@
+ #ifndef ZTS
+ zend_ini_shutdown(TSRMLS_C);
+ shutdown_memory_manager(CG(unclean_shutdown), 1 TSRMLS_CC);
++#if SUHOSIN_PATCH
++ suhosin_clear_mm_canaries(TSRMLS_C);
++#endif
+ core_globals_dtor(&core_globals TSRMLS_CC);
+ #else
+ zend_ini_global_shutdown(TSRMLS_C);
+Index: php5-5.2.4/main/php.h
+===================================================================
+--- php5-5.2.4.orig/main/php.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/main/php.h 2007-09-16 14:45:15.000000000 +0200
+@@ -40,6 +40,13 @@
+ #undef sprintf
+ #define sprintf php_sprintf
+
++#if SUHOSIN_PATCH
++#if HAVE_REALPATH
++#undef realpath
++#define realpath php_realpath
++#endif
++#endif
++
+ /* PHP's DEBUG value must match Zend's ZEND_DEBUG value */
+ #undef PHP_DEBUG
+ #define PHP_DEBUG ZEND_DEBUG
+@@ -452,6 +459,10 @@
+ #endif
+ #endif /* !XtOffsetOf */
+
++#if SUHOSIN_PATCH
++#include "suhosin_patch.h"
++#endif
++
+ #endif
+
+ /*
+Index: php5-5.2.4/main/php_logos.c
+===================================================================
+--- php5-5.2.4.orig/main/php_logos.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/main/php_logos.c 2007-09-16 14:45:15.000000000 +0200
+@@ -50,6 +50,10 @@
+ return zend_hash_del(&phpinfo_logo_hash, logo_string, strlen(logo_string));
+ }
+
++#if SUHOSIN_PATCH
++#include "suhosin_logo.h"
++#endif
++
+ int php_init_info_logos(void)
+ {
+ if(zend_hash_init(&phpinfo_logo_hash, 0, NULL, NULL, 1)==FAILURE)
+@@ -58,6 +62,9 @@
+ php_register_info_logo(PHP_LOGO_GUID , "image/gif", php_logo , sizeof(php_logo));
+ php_register_info_logo(PHP_EGG_LOGO_GUID, "image/gif", php_egg_logo, sizeof(php_egg_logo));
+ php_register_info_logo(ZEND_LOGO_GUID , "image/gif", zend_logo , sizeof(zend_logo));
++#if SUHOSIN_PATCH
++ php_register_info_logo(SUHOSIN_LOGO_GUID, "image/jpeg", suhosin_logo, sizeof(suhosin_logo));
++#endif
+
+ return SUCCESS;
+ }
+Index: php5-5.2.4/main/snprintf.c
+===================================================================
+--- php5-5.2.4.orig/main/snprintf.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/main/snprintf.c 2007-09-16 14:45:15.000000000 +0200
+@@ -1079,7 +1079,11 @@
+
+
+ case 'n':
++#if SUHOSIN_PATCH
++ zend_suhosin_log(S_MISC, "'n' specifier within format string");
++#else
+ *(va_arg(ap, int *)) = cc;
++#endif
+ goto skip_output;
+
+ /*
+Index: php5-5.2.4/main/spprintf.c
+===================================================================
+--- php5-5.2.4.orig/main/spprintf.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/main/spprintf.c 2007-09-16 14:45:15.000000000 +0200
+@@ -672,7 +672,11 @@
+
+
+ case 'n':
++#if SUHOSIN_PATCH
++ zend_suhosin_log(S_MISC, "'n' specifier within format string");
++#else
+ *(va_arg(ap, int *)) = xbuf->len;
++#endif
+ goto skip_output;
+
+ /*
+Index: php5-5.2.4/main/suhosin_globals.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.4/main/suhosin_globals.h 2007-09-16 14:45:15.000000000 +0200
+@@ -0,0 +1,61 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin-Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license [at] php so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser [at] hardened-php> |
++ +----------------------------------------------------------------------+
++ */
++
++#ifndef SUHOSIN_GLOBALS_H
++#define SUHOSIN_GLOBALS_H
++
++typedef struct _suhosin_patch_globals suhosin_patch_globals_struct;
++
++#ifdef ZTS
++# define SPG(v) TSRMG(suhosin_patch_globals_id, suhosin_patch_globals_struct *, v)
++extern int suhosin_patch_globals_id;
++#else
++# define SPG(v) (suhosin_patch_globals.v)
++extern struct _suhosin_patch_globals suhosin_patch_globals;
++#endif
++
++
++struct _suhosin_patch_globals {
++ /* logging */
++ int log_syslog;
++ int log_syslog_facility;
++ int log_syslog_priority;
++ int log_sapi;
++ int log_script;
++ int log_phpscript;
++ char *log_scriptname;
++ char *log_phpscriptname;
++ zend_bool log_phpscript_is_safe;
++ zend_bool log_use_x_forwarded_for;
++
++ /* memory manager canary protection */
++ unsigned int canary_1;
++ unsigned int canary_2;
++ unsigned int canary_3;
++ unsigned int dummy;
++};
++
++
++#endif /* SUHOSIN_GLOBALS_H */
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ */
+Index: php5-5.2.4/main/suhosin_logo.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.4/main/suhosin_logo.h 2007-09-16 14:45:15.000000000 +0200
+@@ -0,0 +1,178 @@
++static unsigned char suhosin_logo[] =
++ "\xff\xd8\xff\xe0\x00\x10\x4a\x46\x49\x46\x00\x01\x01\x01\x00\x48"
++ "\x00\x48\x00\x00\xff\xe1\x00\x16\x45\x78\x69\x66\x00\x00\x4d\x4d"
++ "\x00\x2a\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\xff\xdb\x00\x43"
++ "\x00\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01\x01"
++ "\x01\xff\xc0\x00\x0b\x08\x00\x27\x00\x71\x01\x01\x22\x00\xff\xc4"
++ "\x00\x1e\x00\x00\x02\x02\x02\x03\x01\x01\x00\x00\x00\x00\x00\x00"
++ "\x00\x00\x00\x00\x09\x06\x08\x05\x07\x02\x03\x0a\x01\x04\xff\xc4"
++ "\x00\x32\x10\x00\x01\x04\x03\x00\x02\x00\x05\x01\x05\x09\x01\x00"
++ "\x00\x00\x00\x05\x02\x03\x04\x06\x01\x07\x08\x00\x09\x11\x12\x13"
++ "\x14\x21\x15\x0a\x16\x31\x56\x96\x17\x18\x19\x23\x32\x41\x58\x98"
++ "\xd4\xd6\xff\xda\x00\x08\x01\x01\x00\x00\x3f\x00\xf4\xc1\xe1\xe5"
++ "\x69\xe9\x3e\xb9\xd1\x7c\x8a\x2e\x9d\x66\xe8\x3b\x29\x4d\x7f\x46"
++ "\xba\x58\x55\x54\x8d\xb1\x5f\xaa\xd9\x8d\x51\x2b\xb6\x27\x5a\x69"
++ "\xd1\x43\xaf\x16\x1a\xf0\xb2\xb1\xe9\x6d\x9f\xc2\xa4\x36\x18\xb5"
++ "\x85\x10\x41\xbe\xfc\x09\xac\x49\x29\x11\xd4\x32\x97\xec\x08\x13"
++ "\xc1\x2d\x20\xc3\x59\xeb\x26\x05\xd8\x6b\x76\x31\x43\x8f\x57\xcf"
++ "\x84\x9f\x14\xa8\x53\x81\x0b\xc3\x64\x80\xa3\x02\x0a\x41\x75\xf8"
++ "\x44\x85\x93\x81\x22\x3c\xd8\x13\xe1\xbe\xf4\x59\x91\x1f\x6a\x44"
++ "\x77\x5c\x69\xc4\x2f\x39\x5f\x0f\x2a\x8d\xeb\xba\xf8\xc3\x56\x6c"
++ "\x3b\x36\xa7\xda\xbd\x4d\xa1\xb5\x4e\xc6\xa7\xa4\x3a\xec\x15\x2d"
++ "\xa5\xb3\xea\x5a\xdc\xac\x46\xac\x01\x60\xd8\x43\xc8\x8e\x8b\xb1"
++ "\x40\x4c\x95\x8b\x34\x41\x28\x52\x91\x28\x43\xd3\xa3\xb6\xa7\x55"
++ "\x15\xe7\x5a\x96\xcb\xf1\xda\xe5\x55\xee\xfe\x1e\xbd\xd9\x41\xd3"
++ "\x28\xfd\x97\xca\x57\x2b\x85\x9c\xa4\x30\x95\xaa\xa5\x57\xa2\x35"
++ "\x15\x86\xcb\x61\x34\x41\xe4\xc7\x80\x20\x18\x21\x17\x09\x85\x0b"
++ "\x14\x9d\x21\x68\x62\x1c\x08\x11\x64\x4b\x92\xf2\xd2\xd3\x2d\x2d"
++ "\x6a\xc2\x73\x6b\x3c\x3c\x8b\x9e\xbc\x52\xaa\xa4\xab\x81\x6c\xf6"
++ "\xfa\xbd\x70\xc5\xc6\x7b\xc2\xaa\x22\x4f\x58\x04\x87\x25\x6a\x27"
++ "\x1d\xa4\x3d\x20\x75\x72\x01\x09\x71\xe5\x1c\x9e\xc3\x2e\x36\xf3"
++ "\xd0\xc6\x35\x2a\x43\x4d\x2d\x0e\x2d\xb4\xa1\x49\xce\x65\x1e\x52"
++ "\x9e\xa1\xf6\x09\xcc\xdc\x63\x66\xa8\x01\xe9\x3b\x0d\xd7\x5a\x85"
++ "\xbb\xc5\x65\xc0\x7b\x2e\x46\xa9\xd9\x56\x1d\x4c\x92\x72\x26\x4e"
++ "\x86\xd5\x68\xae\xc4\xaa\x55\xce\xd7\x83\x59\xb3\x81\xee\xce\x74"
++ "\x39\x39\x31\x9f\x8a\x25\xe8\xa5\xa5\xe5\x81\xf2\x11\x23\xcb\xa1"
++ "\x1e\x43\x12\xe3\xb1\x2a\x2b\xcd\xc8\x8d\x25\x96\xa4\x47\x7d\x95"
++ "\xa5\xc6\x9f\x61\xe4\x25\xc6\x5e\x69\xc4\xe7\x29\x5b\x6e\xb6\xa4"
++ "\xad\x0b\x4e\x72\x95\x25\x58\x56\x33\x9c\x67\xce\xef\x0f\x17\xbf"
++ "\x4c\x7b\x2d\xe6\xfe\x76\x35\x27\x5a\x07\x97\x67\xe8\xae\x8d\x71"
++ "\x0f\xb2\x13\x99\xb9\xbc\x14\xad\xb3\xb7\xe6\x11\x6f\xe0\xda\x58"
++ "\xb1\x08\xac\xa6\x6c\x2d\x7f\x05\xb7\x56\xd2\xe6\xcf\xbb\x4d\x0c"
++ "\xe3\x50\xb2\xec\x91\xf0\x4a\xb8\xd6\x22\xb8\xa7\xf6\x67\xaf\xcf"
++ "\x63\x7e\xd7\xe7\x42\xd8\xbd\xc3\x71\xa1\xf2\x7e\x9b\xa8\x97\x83"
++ "\x6e\xd1\xdc\x4b\x06\x11\x2d\xae\x26\x61\x98\x72\x10\xf4\x42\x5d"
++ "\x20\x4a\xa3\x73\xd7\xf2\xcd\x3c\x48\x32\xe4\x03\x9f\x80\x37\x08"
++ "\x36\x11\xd0\xcb\x97\x6c\x08\xed\x6d\x33\x24\xa2\x1b\xb4\x77\xdf"
++ "\x61\x5d\x5f\xc1\x43\xc2\x82\xeb\x0f\x5d\x84\x08\x68\xaa\xa4\x01"
++ "\xe1\x19\xdf\xbc\x31\x65\xfe\xd1\xf5\x7d\x7a\xb2\x2a\x33\x50\x21"
++ "\x2a\x56\x9d\xb1\x81\xab\xdb\x35\x78\x30\x83\xd9\x89\x1d\x31\xac"
++ "\x96\x14\x07\x61\xbc\x20\x68\x42\x85\x33\x19\xac\xbe\xdb\x34\x56"
++ "\xf1\xd5\xfd\x29\xa9\x28\xdb\xcb\x4c\x5a\x23\xdc\xf5\x96\xc5\x10"
++ "\xa3\x35\x5b\x14\x68\xd3\x61\x62\x64\x76\x26\xcb\x17\x3e\x34\x98"
++ "\x04\xa3\xc4\x20\x38\x90\x92\xe3\xc8\x07\x2c\x36\x74\x66\x26\x0e"
++ "\x29\x02\x64\x29\x2d\x21\xe6\x16\x9c\x6b\xce\xa3\x89\xd9\x4f\xd3"
++ "\xc4\xbd\xc5\x87\x79\x9c\x65\xf6\x39\x45\x60\xe8\xce\x9e\xab\x6d"
++ "\x13\x15\x22\xe1\x5e\x4b\x38\x42\xc4\x1e\xd5\x76\xe0\xc5\xeb\x85"
++ "\x07\x2d\x0f\xb8\xb6\xa6\xd6\x6d\x71\x0d\xa2\x43\x4c\x25\xea\xfa"
++ "\xa1\xae\x4c\xe4\x7d\xbd\x76\xa9\xfb\x06\xc2\x83\x42\xeb\xad\xe7"
++ "\xe9\x5f\x68\x6f\xba\xfb\x2f\x07\xce\xb8\x13\xc1\x9b\xeb\xb0\x76"
++ "\x45\x57\x28\x7b\xea\xbe\x0f\xf4\x30\x7b\xa0\xed\xe4\x22\x93\x21"
++ "\xfc\xbc\xe0\xb9\x75\xc1\x4f\xfc\xef\xb6\xfa\xa1\xfc\x64\xa1\x4a"
++ "\x82\xc7\x33\xad\x75\xed\x82\xbd\x3d\xdb\xf7\xa8\xbe\x5e\xbb\x36"
++ "\x62\x04\x9a\x2e\xc5\xd9\x9e\x9c\x3a\x0b\x98\x0b\x57\xac\xf1\x24"
++ "\x62\x58\x83\x15\x5b\xa6\xf2\xda\x34\x70\x03\xce\x0f\x93\x1b\x12"
++ "\xc7\xce\x54\x87\x33\x15\xd6\x53\x25\x1f\x2a\x90\x87\x12\xe3\x78"
++ "\xef\x55\x77\x4d\x4a\xd8\x7e\xef\xd2\xfd\xd1\xaf\x3a\xaf\x55\xdb"
++ "\x6a\x2d\x3d\x42\xac\x51\x79\xee\x91\xab\xe1\x05\x2d\x3c\x80\xa2"
++ "\x43\xad\x22\x2e\xd5\x33\x13\xa4\x9e\x00\xe0\x04\x10\x84\xc8\xf2"
++ "\x19\x30\x92\x1f\xaa\xc3\x28\xc9\x76\x30\x3f\xe9\x10\x61\x5e\x79"
++ "\xd5\xf7\xdf\xd0\x54\xdb\xae\xb6\xae\xfa\xe8\xa3\x57\xe0\x6c\x2d"
++ "\xf7\xbd\x49\xd6\x6e\x76\x79\xcc\x54\x0c\x5f\xff\x00\xbb\x06\x98"
++ "\xa6\x9e\x89\x61\xb4\x6f\xc3\xe3\x6a\xc2\x4f\x59\x03\xc9\x80\x2c"
++ "\x59\x24\x44\x70\x38\xd5\x96\x6a\x9e\x8b\x81\x64\xe5\xbc\xa0\x3c"
++ "\x33\xaf\x17\x9d\xff\x00\x71\x1a\xd1\x3a\x80\x66\xb3\xd9\x31\x77"
++ "\x0d\x12\xbd\xae\x29\xb5\x6a\xd6\xcf\x8d\x68\x87\x75\xcd\xe8\x65"
++ "\x5a\xbe\x3c\x04\x7b\x34\xdb\x54\x19\xa4\x63\x9c\x2a\x5d\x23\xbe"
++ "\xf4\xb1\x1c\x4d\x90\xec\x92\x2f\x49\x71\xf7\x14\xf2\x97\x9f\x15"
++ "\x57\xed\x13\x21\x2a\xf5\x33\xd1\x2a\x52\x52\xac\xb7\x62\xd1\xcb"
++ "\x46\x73\x8c\x67\x28\x56\x77\x86\xbf\x6f\x2a\x4e\x73\xfe\x95\x65"
++ "\x0b\x5a\x3e\x38\xfc\xfc\xaa\x56\x3f\x86\x73\xe3\xb9\x4a\x52\x84"
++ "\xa5\x08\x4e\x12\x94\x27\x09\x4a\x53\x8c\x61\x29\x4a\x71\xf0\x4a"
++ "\x53\x8c\x7e\x31\x8c\x63\x18\xc6\x31\x8f\xc6\x31\xf8\xc7\x9f\x7c"
++ "\xd5\xbb\xae\x5e\xe2\x1f\xab\x6e\x24\x34\x00\x8a\x25\x83\x70\x40"
++ "\x1c\xcc\xda\x45\x7f\x66\x4e\x30\x2e\x94\x7e\x74\x49\xf0\xe4\x4e"
++ "\x06\x5c\xa8\x2f\x89\x21\x2e\x98\x0e\xd9\x21\xc2\x0b\x21\x0f\xc4"
++ "\x16\x6e\x48\xd9\xe4\xe3\x4a\x19\x1e\x64\x67\x54\xff\x00\x3a\x6d"
++ "\x4f\x62\xb5\x00\x4a\xaa\x51\xfd\x2d\xe8\x0e\x6c\xaf\xc6\x7d\x6d"
++ "\xc8\x88\xc7\x67\xea\x8a\x58\x02\x73\xe3\x65\x4d\xc9\x24\xc0\x3d"
++ "\x57\xa3\x2e\x53\x16\x99\x4f\xe5\xe7\x19\x97\x3e\x3b\xcf\xc9\x4b"
++ "\x99\x7f\x33\x25\xa5\xdf\xba\x77\x2b\xd3\x3e\xc2\x7b\x8b\x94\x07"
++ "\xe9\x52\x5b\x43\x87\x34\x14\x86\x37\xcf\x41\x6b\x8e\x6a\xa5\x22"
++ "\xab\xdb\x96\xa2\xcf\x46\xd8\x9b\x45\x93\xef\xd6\xdf\x3e\x99\x9c"
++ "\x7e\x29\x10\x6b\x6c\xa2\xb8\x43\x05\x09\x44\x70\x8c\xb8\xaa\x54"
++ "\x7c\x30\x36\x5e\x1c\x5e\x5b\x9f\x6c\x0d\x81\xee\xa0\x93\x8d\x67"
++ "\x55\xf3\x87\xaf\xaa\x6b\x58\xf9\xbe\xb2\x36\x07\x42\x6e\xbd\x96"
++ "\xe3\x9f\x1f\x8f\xc9\xf4\x9d\xae\x6a\x7d\x4c\x96\xbe\x5f\xc7\xcd"
++ "\xf3\xb2\xf7\xcd\xf0\xcf\xc3\xe4\xf8\xfe\x37\x4f\x1c\x4d\xf6\x40"
++ "\xf1\x6b\x7c\x4e\xe0\xa6\x71\xad\x56\xa7\x1c\x5c\x15\x6b\xfc\xf3"
++ "\x01\x5d\xac\xf1\x75\x9a\x72\x6b\xaa\x28\xc5\x88\x6d\xfb\x33\x85"
++ "\xe0\x4e\x61\xab\xeb\x31\x2c\x71\x08\x73\x11\x3b\xfc\xb5\xc0\x96"
++ "\xcc\x87\x24\x44\xb5\x9b\x9e\xb3\x71\xba\xe9\xed\xb1\x4e\xd7\x76"
++ "\x6c\xd2\xb6\x05\xb7\x5a\xde\xeb\x34\x5b\x96\x16\xfb\x59\xa9\x5c"
++ "\x4f\x55\xca\x8a\xac\x59\xb0\xe4\x54\x39\x25\xbc\x81\x37\x2a\x09"
++ "\x5f\x9e\x3b\x6b\x7d\x1f\x69\xf3\x34\x85\x39\x84\xa7\x28\x0b\xd3"
++ "\xfd\xfb\x4b\x7a\xea\xe7\xd2\x3c\xd3\xda\x15\x68\xbc\x73\xd3\x22"
++ "\x6f\xd7\x72\x5b\x2b\x66\xee\xa8\x0d\x54\xe8\x5b\xf9\x92\x96\x92"
++ "\x93\xea\x97\x4a\xc7\x43\x10\x46\x35\xc5\xc0\x60\x8a\xe4\xc1\xb5"
++ "\x36\xc6\xae\xed\xf7\x70\xa5\x86\x99\x3d\x91\xf8\xfd\x4e\x53\xeb"
++ "\xbb\xbd\x6d\xec\x8f\xd7\x89\x3d\x31\x7f\xd7\x78\xba\x50\xbb\x74"
++ "\x9d\xf6\xac\x4e\xb9\x03\x9c\x79\xd5\xe1\xbd\x17\x68\xd9\x13\x0b"
++ "\x45\x75\x88\x00\x1d\x1f\xae\x73\x6a\x1d\x5c\x6e\x44\x9f\xa6\xfa"
++ "\x4e\xd8\x25\x8b\xc0\xbc\xb2\x99\xe3\x17\x24\xb3\x23\xe2\x48\x8b"
++ "\xfa\x22\xe7\x7e\x8f\xe6\x3f\x5f\x55\x0d\x75\xd3\x51\x0b\xd7\xed"
++ "\xd3\x6f\x97\x3b\x85\x42\x80\x7e\x5f\xdc\x1b\xd6\xba\xee\xc4\x80"
++ "\xce\x06\xa9\x15\x8c\x97\x5f\x40\x69\xb2\x4d\xc5\xb2\x5c\x1e\x01"
++ "\x87\x7e\xe0\x36\x6d\x78\x80\x4e\x3c\x02\xec\x90\x1d\x11\x81\x74"
++ "\xa5\x8b\xa4\xa0\x56\x06\xd5\x79\x72\x85\x57\x3b\xb2\x2e\xae\x90"
++ "\x18\x8d\x91\xb2\x0e\x44\x19\xaa\xb4\xcc\x08\xed\x46\xfa\xd7\x2b"
++ "\x78\x58\x72\x5d\xbb\x5e\x49\xe7\xee\xf3\x8a\x9d\x22\xa4\x19\xc8"
++ "\xe7\x08\xc3\x90\x9b\x35\x9a\xa4\x25\x8c\x4b\x9b\xa7\xf8\xbf\x81"
++ "\xf5\xdf\x22\x66\xf1\x7e\x9f\x66\x3d\xbb\xfa\x73\x73\x4d\xfd\x67"
++ "\x7b\xf4\xce\xc3\x62\x2e\x6f\xbb\x0c\xa2\xdc\x69\xfc\x8a\x17\x0e"
++ "\x3a\x9e\x83\x46\xd7\xe3\x5e\x65\x86\xc0\x51\x00\xbb\x91\xe3\xe1"
++ "\xc1\x16\xc4\xe9\x65\x5c\x14\x3e\x44\x6a\x6b\xd1\x1e\xb0\x36\xdd"
++ "\x0b\x7d\x8a\xeb\xaf\x58\x5b\x64\x3f\x38\xed\x52\x76\xe8\x46\xf7"
++ "\x86\x84\xb3\x93\xb1\x0b\xe5\xfd\xfd\x0d\xe9\x6d\xe4\xf1\x1b\x1d"
++ "\x56\xb4\x34\xe4\x6a\xf5\xa4\x9c\x2c\xc9\x64\x94\xc1\xf5\x79\x6d"
++ "\x12\x96\xf3\x47\xc5\x48\xa8\xdb\xd8\x95\x64\x29\xcf\xf6\x88\xf1"
++ "\x95\x7a\x98\xe8\xbc\x27\x19\xce\x73\x61\xd1\xb8\xc6\x31\x8c\xe7"
++ "\x39\xce\x77\x9e\xbc\xc6\x31\x8c\x63\xf3\x9c\xe7\x39\xc6\x31\x8f"
++ "\xf7\xce\x7e\x1e\x3b\x7f\x0f\x0f\x0f\x13\x57\xb9\x0a\xe1\x0b\x64"
++ "\x5f\x58\x40\xc6\xc7\x7a\x4b\xf2\x3d\xbc\x71\xf4\xa7\xd2\xca\x14"
++ "\xe2\x98\x1a\x30\x1e\xe0\x26\x5a\x6a\xf0\x9c\x67\x38\x66\x00\xb8"
++ "\x72\xe6\xbe\xac\xfe\x12\xd3\x0b\x56\x73\x8c\x63\xc7\x2b\xe1\xe2"
++ "\xe8\xdd\x7b\xff\x00\xd8\xe5\x23\x6c\xce\xa8\x69\xcf\x5e\x3a\xef"
++ "\x77\xea\xe5\xab\x0e\x82\xdb\xd9\xed\x7a\x9e\xb8\x6d\x51\x32\xdb"
++ "\x79\xc3\x36\x9a\x2d\xa3\x50\x39\x65\x0a\x63\x0e\xe5\xd4\x39\x12"
++ "\xbf\x8b\x98\xa4\xa1\x2d\xad\xb3\xcf\x65\x6a\x43\x78\xb3\x3b\x07"
++ "\xd8\xd5\xea\xae\x76\xad\x6f\xf5\xff\x00\xca\x93\xab\x96\xb0\x64"
++ "\xeb\xd6\x4a\xd5\x87\xba\xec\x24\x60\x97\x06\x76\x03\xe3\x4c\x07"
++ "\x29\x11\x8e\x34\x25\x02\x64\x29\xf0\x25\x48\x85\x3a\x33\x8b\x7a"
++ "\x3c\x86\x1e\x75\xa5\x61\xc6\x97\x9f\x8d\x25\xf5\xc9\xcd\xde\xc9"
++ "\x7d\x77\xf2\xc8\x7e\x70\xaf\x73\x5f\x2d\xec\xa2\x51\x2d\x96\xfb"
++ "\x89\xad\x80\x57\xb2\x36\x1d\x7d\x83\x45\xac\xf3\xdb\xcc\x6c\x31"
++ "\x4f\xcf\x30\x58\xd0\x12\x28\x90\x50\x42\x86\xfb\x48\x16\x3c\xc5"
++ "\x9c\xf8\xe7\xcc\x29\x88\xb3\x4a\x4b\x4e\x6c\xbc\xdb\xc7\xbb\xe9"
++ "\xb6\xa0\x8b\x11\xa1\x7d\x73\xd7\xe9\xbf\x7e\xc2\x6c\x10\x8d\xee"
++ "\x9d\xef\x63\x3a\xe0\xf5\xbe\x8c\x3e\xa1\xc7\xc5\xd1\x00\x44\x1e"
++ "\xf3\x51\xf2\xe2\xb0\xe3\xb5\x13\x7f\x32\xf1\x8c\xa6\x22\xfe\x1f"
++ "\x49\x4d\xbb\xcf\x3a\x5d\xed\x4c\xd2\xfc\x85\xed\x23\xd6\xc7\x50"
++ "\xb6\x5b\x3a\x16\x83\xb8\x6f\xfd\x32\x3f\xaa\x36\x34\xbb\xf5\x96"
++ "\xa9\xab\xcf\x9f\x8f\xac\xc3\xca\xd5\x8b\xd8\x48\x9e\x79\xaa\x30"
++ "\x87\xca\x58\x4d\x59\x96\xb9\x4f\xc5\x1b\x1c\xd2\xda\x5b\xe6\x57"
++ "\x29\xa1\x28\x7a\x2b\x5b\xff\x00\x12\x2f\x5e\x3f\xf3\xbb\x8e\x7f"
++ "\xec\xc6\x98\xff\x00\xed\x3c\xa6\xdd\xa9\xdc\x7e\xa0\xf7\xd6\x99"
++ "\x31\xa2\xf7\xaf\x6b\xe9\x82\x74\x4b\x3d\x8f\x5e\x58\x0b\x33\xab"
++ "\xef\xc3\xaf\x84\x64\xb9\xae\xb6\x25\x5f\x62\x8f\x1c\xe3\xf4\x51"
++ "\xb7\x96\xe3\x0e\x30\x42\xa9\x18\x39\xbf\x9e\x2a\x1f\x74\x19\x02"
++ "\x2d\x43\x93\x06\x63\xb1\xa7\x47\x6a\xfa\x9b\x6c\xeb\xbd\xe9\xae"
++ "\x6a\x7b\x6f\x53\x5a\x60\x5d\xb5\xcd\xe8\x67\xeb\x35\x3b\x48\xc6"
++ "\xa6\xb3\x04\xc8\xdf\xb8\x7e\x26\x64\xb0\xc9\x18\xb0\xa7\x33\xf2"
++ "\x4a\x8b\x22\x3b\x8d\x4b\x89\x1d\xf6\x9d\x65\xc4\x38\xd2\x54\x9c"
++ "\xe3\xcd\x89\xe1\xe1\xe6\x3e\x70\x81\x45\x1d\x18\xf9\x31\x83\xc8"
++ "\xbe\x14\x82\x4b\x87\x7a\x74\x28\xd2\xdd\x12\x55\x30\xe6\x0e\x49"
++ "\x31\x8e\x48\x69\xc5\xc0\x20\x91\xe4\x48\x41\x4c\xd8\xb9\x6a\x4e"
++ "\x21\xce\x99\x1b\x0e\xfd\x09\x4f\xa1\x79\x0f\x0f\x0f\x0f\x0f\x0f"
++ "\x0f\x3f\x3c\xb8\x71\x27\xc7\x72\x24\xe8\xb1\xa6\xc5\x7b\x18\xc3"
++ "\xb1\xa5\xb0\xd4\x98\xee\xe3\x19\xc6\x71\x87\x19\x79\x2b\x6d\x78"
++ "\xc6\x71\x8c\xe3\x0a\x4e\x71\x8c\xe3\x19\xfe\x38\xf2\x3b\xfb\x8b"
++ "\x48\xfe\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe1\xfb\x8b\x48\xfe"
++ "\x4e\xaa\xff\x00\x4f\x08\xff\x00\xc7\xe4\x95\x86\x18\x8a\xcb\x31"
++ "\xa3\x32\xd4\x78\xf1\xdb\x43\x2c\x47\x61\xb4\x32\xcb\x2c\xb4\x9c"
++ "\x21\xb6\x99\x69\xbc\x25\xb6\xdb\x6d\x18\xc2\x10\xda\x12\x94\xa1"
++ "\x38\xc2\x53\x8c\x63\x18\xc7\x9d\xbe\x7f\xff\xd9"
++ ;
+Index: php5-5.2.4/main/suhosin_patch.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.4/main/suhosin_patch.c 2007-09-16 14:45:15.000000000 +0200
+@@ -0,0 +1,380 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license [at] php so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser [at] hardened-php> |
++ +----------------------------------------------------------------------+
++ */
++/* $Id: suhosin_patch.c,v 1.2 2004/11/21 09:38:52 ionic Exp $ */
++
++#include "php.h"
++
++#include <stdio.h>
++#include <stdlib.h>
++
++#if HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++#include "SAPI.h"
++#include "php_globals.h"
++
++#if SUHOSIN_PATCH
++
++#ifdef HAVE_SYS_SOCKET_H
++#include <sys/socket.h>
++#endif
++
++#if defined(PHP_WIN32) || defined(__riscos__) || defined(NETWARE)
++#undef AF_UNIX
++#endif
++
++#if defined(AF_UNIX)
++#include <sys/un.h>
++#endif
++
++#define SYSLOG_PATH "/dev/log"
++
++#ifdef PHP_WIN32
++static HANDLE log_source = 0;
++#endif
++
++#include "snprintf.h"
++
++#include "suhosin_patch.h"
++
++#ifdef ZTS
++#include "suhosin_globals.h"
++int suhosin_patch_globals_id;
++#else
++struct _suhosin_patch_globals suhosin_patch_globals;
++#endif
++
++static void php_security_log(int loglevel, char *fmt, ...);
++
++static void suhosin_patch_globals_ctor(suhosin_patch_globals_struct *suhosin_patch_globals TSRMLS_DC)
++{
++ memset(suhosin_patch_globals, 0, sizeof(*suhosin_patch_globals));
++}
++
++PHPAPI void suhosin_startup()
++{
++#ifdef ZTS
++ ts_allocate_id(&suhosin_patch_globals_id, sizeof(suhosin_patch_globals_struct), (ts_allocate_ctor) suhosin_patch_globals_ctor, NULL);
++#else
++ suhosin_patch_globals_ctor(&suhosin_patch_globals TSRMLS_CC);
++#endif
++ zend_suhosin_log = php_security_log;
++}
++
++/*PHPAPI void suhosin_clear_mm_canaries(TSRMLS_D)
++{
++ zend_alloc_clear_mm_canaries(AG(heap));
++ SPG(canary_1) = zend_canary();
++ SPG(canary_2) = zend_canary();
++ SPG(canary_3) = zend_canary();
++}*/
++
++static char *loglevel2string(int loglevel)
++{
++ switch (loglevel) {
++ case S_FILES:
++ return "FILES";
++ case S_INCLUDE:
++ return "INCLUDE";
++ case S_MEMORY:
++ return "MEMORY";
++ case S_MISC:
++ return "MISC";
++ case S_SESSION:
++ return "SESSION";
++ case S_SQL:
++ return "SQL";
++ case S_EXECUTOR:
++ return "EXECUTOR";
++ case S_VARS:
++ return "VARS";
++ default:
++ return "UNKNOWN";
++ }
++}
++
++static void php_security_log(int loglevel, char *fmt, ...)
++{
++ int s, r, i=0;
++#if defined(AF_UNIX)
++ struct sockaddr_un saun;
++#endif
++#ifdef PHP_WIN32
++ LPTSTR strs[2];
++ unsigned short etype;
++ DWORD evid;
++#endif
++ char buf[4096+64];
++ char error[4096+100];
++ char *ip_address;
++ char *fname;
++ char *alertstring;
++ int lineno;
++ va_list ap;
++ TSRMLS_FETCH();
++
++ /*SDEBUG("(suhosin_log) loglevel: %d log_syslog: %u - log_sapi: %u - log_script: %u", loglevel, SPG(log_syslog), SPG(log_sapi), SPG(log_script));*/
++
++ if (SPG(log_use_x_forwarded_for)) {
++ ip_address = sapi_getenv("HTTP_X_FORWARDED_FOR", 20 TSRMLS_CC);
++ if (ip_address == NULL) {
++ ip_address = "X-FORWARDED-FOR not set";
++ }
++ } else {
++ ip_address = sapi_getenv("REMOTE_ADDR", 11 TSRMLS_CC);
++ if (ip_address == NULL) {
++ ip_address = "REMOTE_ADDR not set";
++ }
++ }
++
++
++ va_start(ap, fmt);
++ ap_php_vsnprintf(error, sizeof(error), fmt, ap);
++ va_end(ap);
++ while (error[i]) {
++ if (error[i] < 32) error[i] = '.';
++ i++;
++ }
++
++/* if (SPG(simulation)) {
++ alertstring = "ALERT-SIMULATION";
++ } else { */
++ alertstring = "ALERT";
++/* }*/
++
++ if (zend_is_executing(TSRMLS_C)) {
++ if (EG(current_execute_data)) {
++ lineno = EG(current_execute_data)->opline->lineno;
++ fname = EG(current_execute_data)->op_array->filename;
++ } else {
++ lineno = zend_get_executed_lineno(TSRMLS_C);
++ fname = zend_get_executed_filename(TSRMLS_C);
++ }
++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s', line %u)", alertstring, error, ip_address, fname, lineno);
++ } else {
++ fname = sapi_getenv("SCRIPT_FILENAME", 15 TSRMLS_CC);
++ if (fname==NULL) {
++ fname = "unknown";
++ }
++ ap_php_snprintf(buf, sizeof(buf), "%s - %s (attacker '%s', file '%s')", alertstring, error, ip_address, fname);
++ }
++
++ /* Syslog-Logging disabled? */
++ if (((SPG(log_syslog)|S_INTERNAL) & loglevel)==0) {
++ goto log_sapi;
++ }
++
++#if defined(AF_UNIX)
++ ap_php_snprintf(error, sizeof(error), "<%u>suhosin[%u]: %s\n", (unsigned int)(SPG(log_syslog_facility)|SPG(log_syslog_priority)),getpid(),buf);
++
++ s = socket(AF_UNIX, SOCK_DGRAM, 0);
++ if (s == -1) {
++ goto log_sapi;
++ }
++
++ memset(&saun, 0, sizeof(saun));
++ saun.sun_family = AF_UNIX;
++ strcpy(saun.sun_path, SYSLOG_PATH);
++ /*saun.sun_len = sizeof(saun);*/
++
++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
++ if (r) {
++ close(s);
++ s = socket(AF_UNIX, SOCK_STREAM, 0);
++ if (s == -1) {
++ goto log_sapi;
++ }
++
++ memset(&saun, 0, sizeof(saun));
++ saun.sun_family = AF_UNIX;
++ strcpy(saun.sun_path, SYSLOG_PATH);
++ /*saun.sun_len = sizeof(saun);*/
++
++ r = connect(s, (struct sockaddr *)&saun, sizeof(saun));
++ if (r) {
++ close(s);
++ goto log_sapi;
++ }
++ }
++ send(s, error, strlen(error), 0);
++
++ close(s);
++#endif
++#ifdef PHP_WIN32
++ ap_php_snprintf(error, sizeof(error), "suhosin[%u]: %s", getpid(),buf);
++
++ switch (SPG(log_syslog_priority)) { /* translate UNIX type into NT type */
++ case 1: /*LOG_ALERT:*/
++ etype = EVENTLOG_ERROR_TYPE;
++ break;
++ case 6: /*LOG_INFO:*/
++ etype = EVENTLOG_INFORMATION_TYPE;
++ break;
++ default:
++ etype = EVENTLOG_WARNING_TYPE;
++ }
++ evid = loglevel;
++ strs[0] = error;
++ /* report the event */
++ if (log_source == NULL) {
++ log_source = RegisterEventSource(NULL, "Suhosin-Patch-" SUHOSIN_PATCH_VERSION);
++ }
++ ReportEvent(log_source, etype, (unsigned short) SPG(log_syslog_priority), evid, NULL, 1, 0, strs, NULL);
++
++#endif
++log_sapi:
++ /* SAPI Logging activated? */
++ /*SDEBUG("(suhosin_log) log_syslog: %u - log_sapi: %u - log_script: %u - log_phpscript: %u", SPG(log_syslog), SPG(log_sapi), SPG(log_script), SPG(log_phpscript));*/
++ if (((SPG(log_sapi)|S_INTERNAL) & loglevel)!=0) {
++ sapi_module.log_message(buf);
++ }
++
++/*log_script:*/
++ /* script logging activaed? */
++ if (((SPG(log_script) & loglevel)!=0) && SPG(log_scriptname)!=NULL) {
++ char cmd[8192], *cmdpos, *bufpos;
++ FILE *in;
++ int space;
++
++ ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", SPG(log_scriptname), loglevel2string(loglevel));
++ space = sizeof(cmd) - strlen(cmd);
++ cmdpos = cmd + strlen(cmd);
++ bufpos = buf;
++ if (space <= 1) return;
++ while (space > 2 && *bufpos) {
++ if (*bufpos == '\'') {
++ if (space<=5) break;
++ *cmdpos++ = '\'';
++ *cmdpos++ = '\\';
++ *cmdpos++ = '\'';
++ *cmdpos++ = '\'';
++ bufpos++;
++ space-=4;
++ } else {
++ *cmdpos++ = *bufpos++;
++ space--;
++ }
++ }
++ *cmdpos++ = '\'';
++ *cmdpos = 0;
++
++ if ((in=VCWD_POPEN(cmd, "r"))==NULL) {
++ php_security_log(S_INTERNAL, "Unable to execute logging shell script: %s", SPG(log_scriptname));
++ return;
++ }
++ /* read and forget the result */
++ while (1) {
++ int readbytes = fread(cmd, 1, sizeof(cmd), in);
++ if (readbytes<=0) {
++ break;
++ }
++ }
++ pclose(in);
++ }
++/*log_phpscript:*/
++ if ((SPG(log_phpscript) & loglevel)!=0 && EG(in_execution) && SPG(log_phpscriptname) && SPG(log_phpscriptname)[0]) {
++ zend_file_handle file_handle;
++ zend_op_array *new_op_array;
++ zval *result = NULL;
++
++ /*long orig_execution_depth = SPG(execution_depth);*/
++ zend_bool orig_safe_mode = PG(safe_mode);
++ char *orig_basedir = PG(open_basedir);
++
++ char *phpscript = SPG(log_phpscriptname);
++/*SDEBUG("scriptname %s", SPG(log_phpscriptname));`*/
++#ifdef ZEND_ENGINE_2
++ if (zend_stream_open(phpscript, &file_handle TSRMLS_CC) == SUCCESS) {
++#else
++ if (zend_open(phpscript, &file_handle) == SUCCESS && ZEND_IS_VALID_FILE_HANDLE(&file_handle)) {
++ file_handle.filename = phpscript;
++ file_handle.free_filename = 0;
++#endif
++ if (!file_handle.opened_path) {
++ file_handle.opened_path = estrndup(phpscript, strlen(phpscript));
++ }
++ new_op_array = zend_compile_file(&file_handle, ZEND_REQUIRE TSRMLS_CC);
++ zend_destroy_file_handle(&file_handle TSRMLS_CC);
++ if (new_op_array) {
++ HashTable *active_symbol_table = EG(active_symbol_table);
++ zval *zerror, *zerror_class;
++
++ if (active_symbol_table == NULL) {
++ active_symbol_table = &EG(symbol_table);
++ }
++ EG(return_value_ptr_ptr) = &result;
++ EG(active_op_array) = new_op_array;
++
++ MAKE_STD_ZVAL(zerror);
++ MAKE_STD_ZVAL(zerror_class);
++ ZVAL_STRING(zerror, buf, 1);
++ ZVAL_LONG(zerror_class, loglevel);
++
++ zend_hash_update(active_symbol_table, "SUHOSIN_ERROR", sizeof("SUHOSIN_ERROR"), (void **)&zerror, sizeof(zval *), NULL);
++ zend_hash_update(active_symbol_table, "SUHOSIN_ERRORCLASS", sizeof("SUHOSIN_ERRORCLASS"), (void **)&zerror_class, sizeof(zval *), NULL);
++
++ /*SPG(execution_depth) = 0;*/
++ if (SPG(log_phpscript_is_safe)) {
++ PG(safe_mode) = 0;
++ PG(open_basedir) = NULL;
++ }
++
++ zend_execute(new_op_array TSRMLS_CC);
++
++ /*SPG(execution_depth) = orig_execution_depth;*/
++ PG(safe_mode) = orig_safe_mode;
++ PG(open_basedir) = orig_basedir;
++
++#ifdef ZEND_ENGINE_2
++ destroy_op_array(new_op_array TSRMLS_CC);
++#else
++ destroy_op_array(new_op_array);
++#endif
++ efree(new_op_array);
++#ifdef ZEND_ENGINE_2
++ if (!EG(exception))
++#endif
++ {
++ if (EG(return_value_ptr_ptr)) {
++ zval_ptr_dtor(EG(return_value_ptr_ptr));
++ EG(return_value_ptr_ptr) = NULL;
++ }
++ }
++ } else {
++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname));
++ return;
++ }
++ } else {
++ php_security_log(S_INTERNAL, "Unable to execute logging PHP script: %s", SPG(log_phpscriptname));
++ return;
++ }
++ }
++
++}
++
++
++#endif
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ * vim600: sw=4 ts=4 fdm=marker
++ * vim<600: sw=4 ts=4
++ */
+Index: php5-5.2.4/main/suhosin_patch.h
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.4/main/suhosin_patch.h 2007-09-16 14:45:15.000000000 +0200
+@@ -0,0 +1,40 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license [at] php so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser [at] hardened-php> |
++ +----------------------------------------------------------------------+
++ */
++
++#ifndef SUHOSIN_PATCH_H
++#define SUHOSIN_PATCH_H
++
++#if SUHOSIN_PATCH
++
++#include "zend.h"
++
++PHPAPI void suhosin_startup();
++#define SUHOSIN_PATCH_VERSION "0.9.6.2"
++
++#define SUHOSIN_LOGO_GUID "SUHO8567F54-D428-14d2-A769-00DA302A5F18"
++
++#endif
++
++#endif /* SUHOSIN_PATCH_H */
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ */
+Index: php5-5.2.4/main/suhosin_patch.m4
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.4/main/suhosin_patch.m4 2007-09-16 14:45:15.000000000 +0200
+@@ -0,0 +1,8 @@
++dnl
++dnl $Id: suhosin_patch.m4,v 1.1 2004/11/14 13:24:24 ionic Exp $
++dnl
++dnl This file contains Suhosin Patch for PHP specific autoconf functions.
++dnl
++
++AC_DEFINE(SUHOSIN_PATCH, 1, [Suhosin Patch])
++
+Index: php5-5.2.4/sapi/apache/mod_php5.c
+===================================================================
+--- php5-5.2.4.orig/sapi/apache/mod_php5.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/sapi/apache/mod_php5.c 2007-09-16 14:45:15.000000000 +0200
+@@ -951,7 +951,11 @@
+ {
+ TSRMLS_FETCH();
+ if (PG(expose_php)) {
++#if SUHOSIN_PATCH
++ ap_add_version_component("PHP/" PHP_VERSION " with Suhosin-Patch");
++#else
+ ap_add_version_component("PHP/" PHP_VERSION);
++#endif
+ }
+ }
+ #endif
+Index: php5-5.2.4/sapi/apache2filter/sapi_apache2.c
+===================================================================
+--- php5-5.2.4.orig/sapi/apache2filter/sapi_apache2.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/sapi/apache2filter/sapi_apache2.c 2007-09-16 14:45:15.000000000 +0200
+@@ -562,7 +562,11 @@
+ {
+ TSRMLS_FETCH();
+ if (PG(expose_php)) {
++#if SUHOSIN_PATCH
++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch");
++#else
+ ap_add_version_component(p, "PHP/" PHP_VERSION);
++#endif
+ }
+ }
+
+Index: php5-5.2.4/sapi/apache2handler/sapi_apache2.c
+===================================================================
+--- php5-5.2.4.orig/sapi/apache2handler/sapi_apache2.c 2007-09-16 14:45:14.000000000 +0200
++++ php5-5.2.4/sapi/apache2handler/sapi_apache2.c 2007-09-16 14:45:15.000000000 +0200
+@@ -372,7 +372,11 @@
+ {
+ TSRMLS_FETCH();
+ if (PG(expose_php)) {
++#if SUHOSIN_PATCH
++ ap_add_version_component(p, "PHP/" PHP_VERSION " with Suhosin-Patch");
++#else
+ ap_add_version_component(p, "PHP/" PHP_VERSION);
++#endif
+ }
+ }
+
+Index: php5-5.2.4/sapi/cgi/cgi_main.c
+===================================================================
+--- php5-5.2.4.orig/sapi/cgi/cgi_main.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/sapi/cgi/cgi_main.c 2007-09-16 14:45:15.000000000 +0200
+@@ -1595,11 +1595,19 @@
+ SG(headers_sent) = 1;
+ SG(request_info).no_headers = 1;
+ }
++#if SUHOSIN_PATCH
++#if ZEND_DEBUG
++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, SUHOSIN_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++#else
++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, SUHOSIN_PATCH_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
++#endif
++#else
+ #if ZEND_DEBUG
+ php_printf("PHP %s (%s) (built: %s %s) (DEBUG)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #else
+ php_printf("PHP %s (%s) (built: %s %s)\nCopyright (c) 1997-2007 The PHP Group\n%s", PHP_VERSION, sapi_module.name, __DATE__, __TIME__, get_zend_version());
+ #endif
++#endif
+ php_end_ob_buffers(1 TSRMLS_CC);
+ exit(0);
+ break;
+Index: php5-5.2.4/sapi/cli/php_cli.c
+===================================================================
+--- php5-5.2.4.orig/sapi/cli/php_cli.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/sapi/cli/php_cli.c 2007-09-16 14:45:15.000000000 +0200
+@@ -779,8 +779,14 @@
+ }
+
+ request_started = 1;
+- php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2007 The PHP Group\n%s",
+- PHP_VERSION, sapi_module.name, __DATE__, __TIME__,
++#if SUHOSIN_PATCH
++ php_printf("PHP %s with Suhosin-Patch %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2007 The PHP Group\n%s",
++ PHP_VERSION, SUHOSIN_PATCH_VERSION,
++#else
++ php_printf("PHP %s (%s) (built: %s %s) %s\nCopyright (c) 1997-2007 The PHP Group\n%s",
++ PHP_VERSION,
++#endif
++ sapi_module.name, __DATE__, __TIME__,
+ #if ZEND_DEBUG && defined(HAVE_GCOV)
+ "(DEBUG GCOV)",
+ #elif ZEND_DEBUG
+Index: php5-5.2.4/TSRM/TSRM.h
+===================================================================
+--- php5-5.2.4.orig/TSRM/TSRM.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/TSRM/TSRM.h 2007-09-16 14:45:15.000000000 +0200
+@@ -38,6 +38,13 @@
+ typedef unsigned long tsrm_uintptr_t;
+ #endif
+
++#if SUHOSIN_PATCH
++# if HAVE_REALPATH
++# undef realpath
++# define realpath php_realpath
++# endif
++#endif
++
+ /* Only compile multi-threading functions if we're in ZTS mode */
+ #ifdef ZTS
+
+@@ -93,6 +100,7 @@
+
+ #define THREAD_HASH_OF(thr,ts) (unsigned long)thr%(unsigned long)ts
+
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+Index: php5-5.2.4/TSRM/tsrm_virtual_cwd.c
+===================================================================
+--- php5-5.2.4.orig/TSRM/tsrm_virtual_cwd.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/TSRM/tsrm_virtual_cwd.c 2007-09-16 14:45:15.000000000 +0200
+@@ -273,6 +273,177 @@
+ }
+ /* }}} */
+
++#if SUHOSIN_PATCH
++CWD_API char *php_realpath(const char *path, char *resolved)
++{
++ struct stat sb;
++ char *p, *q, *s;
++ size_t left_len, resolved_len;
++ unsigned symlinks;
++ int serrno, slen;
++ int is_dir = 1;
++ char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
++
++ serrno = errno;
++ symlinks = 0;
++ if (path[0] == '/') {
++ resolved[0] = '/';
++ resolved[1] = '\0';
++ if (path[1] == '\0')
++ return (resolved);
++ resolved_len = 1;
++ left_len = strlcpy(left, path + 1, sizeof(left));
++ } else {
++ if (getcwd(resolved, PATH_MAX) == NULL) {
++ strlcpy(resolved, ".", PATH_MAX);
++ return (NULL);
++ }
++ resolved_len = strlen(resolved);
++ left_len = strlcpy(left, path, sizeof(left));
++ }
++ if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++
++ /*
++ * Iterate over path components in `left'.
++ */
++ while (left_len != 0) {
++ /*
++ * Extract the next path component and adjust `left'
++ * and its length.
++ */
++ p = strchr(left, '/');
++ s = p ? p : left + left_len;
++ if (s - left >= sizeof(next_token)) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ memcpy(next_token, left, s - left);
++ next_token[s - left] = '\0';
++ left_len -= s - left;
++ if (p != NULL)
++ memmove(left, s + 1, left_len + 1);
++ if (resolved[resolved_len - 1] != '/') {
++ if (resolved_len + 1 >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ resolved[resolved_len++] = '/';
++ resolved[resolved_len] = '\0';
++ }
++ if (next_token[0] == '\0')
++ continue;
++ else if (strcmp(next_token, ".") == 0)
++ continue;
++ else if (strcmp(next_token, "..") == 0) {
++ /*
++ * Strip the last path component except when we have
++ * single "/"
++ */
++ if (!is_dir) {
++ errno = ENOENT;
++ return (NULL);
++ }
++ if (resolved_len > 1) {
++ resolved[resolved_len - 1] = '\0';
++ q = strrchr(resolved, '/');
++ *q = '\0';
++ resolved_len = q - resolved;
++ }
++ continue;
++ }
++
++ /*
++ * Append the next path component and lstat() it. If
++ * lstat() fails we still can return successfully if
++ * there are no more path components left.
++ */
++ resolved_len = strlcat(resolved, next_token, PATH_MAX);
++ if (resolved_len >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ if (lstat(resolved, &sb) != 0) {
++ if (errno == ENOENT) {
++ if (p == NULL) {
++ errno = serrno;
++ return (resolved);
++ } else if (strstr(left, "/.") == NULL && strstr(left, "./") == NULL) {
++ resolved_len = strlcat(resolved, "/", PATH_MAX);
++ resolved_len = strlcat(resolved, left, PATH_MAX);
++ if (resolved_len >= PATH_MAX) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ errno = serrno;
++ return (resolved);
++ }
++ }
++ return (NULL);
++ }
++ if (S_ISLNK(sb.st_mode)) {
++ if (symlinks++ > MAXSYMLINKS) {
++ errno = ELOOP;
++ return (NULL);
++ }
++ slen = readlink(resolved, symlink, sizeof(symlink) - 1);
++ if (slen < 0)
++ return (NULL);
++ symlink[slen] = '\0';
++ if (symlink[0] == '/') {
++ resolved[1] = 0;
++ resolved_len = 1;
++ } else if (resolved_len > 1) {
++ /* Strip the last path component. */
++ resolved[resolved_len - 1] = '\0';
++ q = strrchr(resolved, '/');
++ *q = '\0';
++ resolved_len = q - resolved;
++ }
++
++ /*
++ * If there are any path components left, then
++ * append them to symlink. The result is placed
++ * in `left'.
++ */
++ if (p != NULL) {
++ if (symlink[slen - 1] != '/') {
++ if (slen + 1 >= sizeof(symlink)) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ symlink[slen] = '/';
++ symlink[slen + 1] = 0;
++ }
++ left_len = strlcat(symlink, left, sizeof(left));
++ if (left_len >= sizeof(left)) {
++ errno = ENAMETOOLONG;
++ return (NULL);
++ }
++ }
++ left_len = strlcpy(left, symlink, sizeof(left));
++ } else {
++ if (S_ISDIR(sb.st_mode)) {
++ is_dir = 1;
++ } else {
++ is_dir = 0;
++ }
++ }
++ }
++
++ /*
++ * Remove trailing slash except when the resolved pathname
++ * is a single "/".
++ */
++ if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
++ resolved[resolved_len - 1] = '\0';
++ return (resolved);
++}
++#endif
++
++
+ CWD_API void virtual_cwd_startup(void) /* {{{ */
+ {
+ char cwd[MAXPATHLEN];
+Index: php5-5.2.4/TSRM/tsrm_virtual_cwd.h
+===================================================================
+--- php5-5.2.4.orig/TSRM/tsrm_virtual_cwd.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/TSRM/tsrm_virtual_cwd.h 2007-09-16 14:45:15.000000000 +0200
+@@ -139,6 +139,22 @@
+
+ typedef int (*verify_path_func)(const cwd_state *);
+
++#ifndef HAVE_STRLCPY
++CWD_API size_t php_strlcpy(char *dst, const char *src, size_t siz);
++#undef strlcpy
++#define strlcpy php_strlcpy
++#endif
++
++#ifndef HAVE_STRLCAT
++CWD_API size_t php_strlcat(char *dst, const char *src, size_t siz);
++#undef strlcat
++#define strlcat php_strlcat
++#endif
++
++
++#if SUHOSIN_PATCH
++CWD_API char *php_realpath(const char *path, char *resolved);
++#endif
+ CWD_API void virtual_cwd_startup(void);
+ CWD_API void virtual_cwd_shutdown(void);
+ CWD_API char *virtual_getcwd_ex(size_t *length TSRMLS_DC);
+Index: php5-5.2.4/win32/build/config.w32
+===================================================================
+--- php5-5.2.4.orig/win32/build/config.w32 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/win32/build/config.w32 2007-09-16 14:45:15.000000000 +0200
+@@ -299,7 +299,7 @@
+ zend_sprintf.c zend_ini.c zend_qsort.c zend_multibyte.c zend_ts_hash.c \
+ zend_stream.c zend_iterators.c zend_interfaces.c zend_objects.c \
+ zend_object_handlers.c zend_objects_API.c \
+- zend_default_classes.c zend_execute.c zend_strtod.c");
++ zend_default_classes.c zend_execute.c zend_strtod.c zend_canary.c");
+
+ ADD_SOURCES("main", "main.c snprintf.c spprintf.c safe_mode.c fopen_wrappers.c \
+ php_scandir.c php_ini.c SAPI.c rfc1867.c php_content_types.c strlcpy.c \
+@@ -344,6 +344,8 @@
+ AC_DEFINE('HAVE_USLEEP', 1);
+ AC_DEFINE('HAVE_STRCOLL', 1);
+
++AC_DEFINE('SUHOSIN_PATCH', 1);
++
+ /* For snapshot builders, where can we find the additional
+ * files that make up the snapshot template? */
+ ARG_WITH("snapshot-template", "Path to snapshot builder template dir", "no");
+Index: php5-5.2.4/Zend/Makefile.am
+===================================================================
+--- php5-5.2.4.orig/Zend/Makefile.am 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/Makefile.am 2007-09-16 14:45:15.000000000 +0200
+@@ -17,7 +17,7 @@
+ zend_objects_API.c zend_ts_hash.c zend_stream.c \
+ zend_default_classes.c \
+ zend_iterators.c zend_interfaces.c zend_exceptions.c \
+- zend_strtod.c zend_multibyte.c
++ zend_strtod.c zend_multibyte.c zend_canary.c
+
+ libZend_la_LDFLAGS =
+ libZend_la_LIBADD = @ZEND_EXTRA_LIBS@
+Index: php5-5.2.4/Zend/zend_alloc.c
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_alloc.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_alloc.c 2007-09-16 14:45:15.000000000 +0200
+@@ -311,13 +311,26 @@
+ #define MEM_BLOCK_GUARD 0x2A8FCC84
+ #define MEM_BLOCK_LEAK 0x6C5E8F2D
+
++#if SUHOSIN_PATCH
++# define CANARY_SIZE sizeof(size_t)
++#else
++# define CANARY_SIZE 0
++#endif
++
+ /* mm block type */
+ typedef struct _zend_mm_block_info {
+ #if ZEND_MM_COOKIES
+ size_t _cookie;
+ #endif
+- size_t _size;
+- size_t _prev;
++#if SUHOSIN_PATCH
++ size_t canary_1;
++#endif
++ size_t _size;
++ size_t _prev;
++#if SUHOSIN_PATCH
++ size_t size;
++ size_t canary_2;
++#endif
+ } zend_mm_block_info;
+
+ #if ZEND_DEBUG
+@@ -422,6 +435,9 @@
+ int miss;
+ } cache_stat[ZEND_MM_NUM_BUCKETS+1];
+ #endif
++#if SUHOSIN_PATCH
++ size_t canary_1,canary_2,canary_3;
++#endif
+ };
+
+ #define ZEND_MM_SMALL_FREE_BUCKET(heap, index) \
+@@ -511,15 +527,15 @@
+ #define ZEND_MM_ALIGNED_SIZE(size) ((size + ZEND_MM_ALIGNMENT - 1) & ZEND_MM_ALIGNMENT_MASK)
+ #define ZEND_MM_ALIGNED_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_block))
+ #define ZEND_MM_ALIGNED_FREE_HEADER_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_small_free_block))
+-#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE)
++#define ZEND_MM_MIN_ALLOC_BLOCK_SIZE ZEND_MM_ALIGNED_SIZE(ZEND_MM_ALIGNED_HEADER_SIZE + END_MAGIC_SIZE + CANARY_SIZE)
+ #define ZEND_MM_ALIGNED_MIN_HEADER_SIZE (ZEND_MM_MIN_ALLOC_BLOCK_SIZE>ZEND_MM_ALIGNED_FREE_HEADER_SIZE?ZEND_MM_MIN_ALLOC_BLOCK_SIZE:ZEND_MM_ALIGNED_FREE_HEADER_SIZE)
+ #define ZEND_MM_ALIGNED_SEGMENT_SIZE ZEND_MM_ALIGNED_SIZE(sizeof(zend_mm_segment))
+
+-#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)):0)
++#define ZEND_MM_MIN_SIZE ((ZEND_MM_ALIGNED_MIN_HEADER_SIZE>(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE))?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE-(ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)):0)
+
+ #define ZEND_MM_MAX_SMALL_SIZE ((ZEND_MM_NUM_BUCKETS<<ZEND_MM_ALIGNMENT_LOG2)+ZEND_MM_ALIGNED_MIN_HEADER_SIZE)
+
+-#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE)))
++#define ZEND_MM_TRUE_SIZE(size) ((size<ZEND_MM_MIN_SIZE)?(ZEND_MM_ALIGNED_MIN_HEADER_SIZE):(ZEND_MM_ALIGNED_SIZE(size+ZEND_MM_ALIGNED_HEADER_SIZE+END_MAGIC_SIZE+CANARY_SIZE)))
+
+ #define ZEND_MM_BUCKET_INDEX(true_size) ((true_size>>ZEND_MM_ALIGNMENT_LOG2)-(ZEND_MM_ALIGNED_MIN_HEADER_SIZE>>ZEND_MM_ALIGNMENT_LOG2))
+
+@@ -581,6 +597,48 @@
+
+ #endif
+
++#if SUHOSIN_PATCH
++
++# define SUHOSIN_MM_CHECK_CANARIES(block, MFUNCTION) do { \
++ size_t *p = SUHOSIN_MM_END_CANARY_PTR(block), check; \
++ if (((block)->info.canary_1 != heap->canary_1) || ((block)->info.canary_2 != heap->canary_2)) { \
++ canary_mismatch: \
++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected"); \
++ exit(1); \
++ } \
++ memcpy(&check, p, CANARY_SIZE); \
++ if (check != heap->canary_3) { \
++ zend_suhosin_log(S_MEMORY, "canary mismatch on " MFUNCTION " - heap overflow detected"); \
++ exit(1); \
++ goto canary_mismatch; \
++ } \
++ } while (0)
++
++# define SUHOSIN_MM_SET_CANARIES(block) do { \
++ (block)->info.canary_1 = heap->canary_1; \
++ (block)->info.canary_2 = heap->canary_2; \
++ } while (0)
++
++# define SUHOSIN_MM_END_CANARY_PTR(block) \
++ (size_t*)(((char*)(ZEND_MM_DATA_OF(block))) + ((zend_mm_block*)(block))->info.size + END_MAGIC_SIZE)
++
++# define SUHOSIN_MM_SET_END_CANARY(block) do { \
++ size_t *p = SUHOSIN_MM_END_CANARY_PTR(block); \
++ memcpy(p, &heap->canary_3, CANARY_SIZE); \
++ } while (0)
++
++#else
++
++# define SUHOSIN_MM_CHECK_CANARIES(block)
++
++# define SUHOSIN_MM_SET_CANARIES(block)
++
++# define SUHOSIN_MM_END_CANARY_PTR(block)
++
++# define SUHOSIN_MM_SET_END_CANARY(block)
++
++#endif
++
+
+ #if ZEND_MM_HEAP_PROTECTION
+
+@@ -779,6 +837,12 @@
+ if (EXPECTED(prev == mm_block)) {
+ zend_mm_free_block **rp, **cp;
+
++#if SUHOSIN_PATCH
++ if (next != mm_block) {
++ zend_suhosin_log(S_MEMORY, "heap corrupt on efree() - heap corruption detected");
++ exit(1);
++ }
++#endif
+ #if ZEND_MM_SAFE_UNLINKING
+ if (UNEXPECTED(next != mm_block)) {
+ zend_mm_panic("zend_mm_heap corrupted");
+@@ -817,6 +881,12 @@
+ }
+ } else {
+
++#if SUHOSIN_PATCH
++ if (prev->next_free_block != mm_block || next->prev_free_block != mm_block) {
++ zend_suhosin_log(S_MEMORY, "linked list corrupt on efree() - heap corruption detected");
++ exit(1);
++ }
++#endif
+ #if ZEND_MM_SAFE_UNLINKING
+ if (UNEXPECTED(prev->next_free_block != mm_block) || UNEXPECTED(next->prev_free_block != mm_block)) {
+ zend_mm_panic("zend_mm_heap corrupted");
+@@ -864,6 +934,11 @@
+ heap->large_free_buckets[i] = NULL;
+ }
+ heap->rest_buckets[0] = heap->rest_buckets[1] = ZEND_MM_REST_BUCKET(heap);
++#if SUHOSIN_PATCH
++ heap->canary_1 = zend_canary();
++ heap->canary_2 = zend_canary();
++ heap->canary_3 = zend_canary();
++#endif
+ }
+
+ static void zend_mm_del_segment(zend_mm_heap *heap, zend_mm_segment *segment)
+@@ -1741,6 +1816,11 @@
+ best_fit = heap->cache[index];
+ heap->cache[index] = best_fit->prev_free_block;
+ heap->cached -= true_size;
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
+ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
+ return ZEND_MM_DATA_OF(best_fit);
+@@ -1875,6 +1955,12 @@
+
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 1);
+
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
++
+ heap->size += true_size;
+ if (heap->peak < heap->size) {
+ heap->peak = heap->size;
+@@ -1898,6 +1984,9 @@
+
+ mm_block = ZEND_MM_HEADER_OF(p);
+ size = ZEND_MM_BLOCK_SIZE(mm_block);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "efree()");
++#endif
+ ZEND_MM_CHECK_PROTECTION(mm_block);
+
+ #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+@@ -1960,6 +2049,9 @@
+ mm_block = ZEND_MM_HEADER_OF(p);
+ true_size = ZEND_MM_TRUE_SIZE(size);
+ orig_size = ZEND_MM_BLOCK_SIZE(mm_block);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_CHECK_CANARIES(mm_block, "erealloc()");
++#endif
+ ZEND_MM_CHECK_PROTECTION(mm_block);
+
+ if (UNEXPECTED(true_size < size)) {
+@@ -1991,6 +2083,11 @@
+ HANDLE_UNBLOCK_INTERRUPTIONS();
+ }
+ ZEND_MM_SET_DEBUG_INFO(mm_block, size, 0, 0);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(mm_block);
++ ((zend_mm_block*)mm_block)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(mm_block);
++#endif
+ return p;
+ }
+
+@@ -2010,13 +2107,18 @@
+ heap->cache[index] = best_fit->prev_free_block;
+ ZEND_MM_CHECK_MAGIC(best_fit, MEM_BLOCK_CACHED);
+ ZEND_MM_SET_DEBUG_INFO(best_fit, size, 1, 0);
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(best_fit);
++ ((zend_mm_block*)best_fit)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(best_fit);
++#endif
+
+ ptr = ZEND_MM_DATA_OF(best_fit);
+
+ #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+ memcpy(ptr, p, mm_block->debug.size);
+ #else
+- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE);
++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
+ #endif
+
+ heap->cached -= true_size - orig_size;
+@@ -2074,6 +2176,11 @@
+ if (heap->peak < heap->size) {
+ heap->peak = heap->size;
+ }
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(mm_block);
++ ((zend_mm_block*)mm_block)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(mm_block);
++#endif
+ HANDLE_UNBLOCK_INTERRUPTIONS();
+ return p;
+ } else if (ZEND_MM_IS_FIRST_BLOCK(mm_block) &&
+@@ -2177,6 +2284,11 @@
+ }
+
+ HANDLE_UNBLOCK_INTERRUPTIONS();
++#if SUHOSIN_PATCH
++ SUHOSIN_MM_SET_CANARIES(mm_block);
++ ((zend_mm_block*)mm_block)->info.size = size;
++ SUHOSIN_MM_SET_END_CANARY(mm_block);
++#endif
+ return ZEND_MM_DATA_OF(mm_block);
+ }
+
+@@ -2184,7 +2296,7 @@
+ #if ZEND_DEBUG || ZEND_MM_HEAP_PROTECTION
+ memcpy(ptr, p, mm_block->debug.size);
+ #else
+- memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE);
++ memcpy(ptr, p, orig_size - ZEND_MM_ALIGNED_HEADER_SIZE - CANARY_SIZE);
+ #endif
+ _zend_mm_free_int(heap, p ZEND_FILE_LINE_RELAY_CC ZEND_FILE_LINE_ORIG_RELAY_CC);
+ return ptr;
+@@ -2427,6 +2539,17 @@
+ zend_mm_shutdown(AG(mm_heap), full_shutdown, silent);
+ }
+
++#if SUHOSIN_PATCH
++ZEND_API void suhosin_clear_mm_canaries(TSRMLS_D)
++{
++/* NOT HERE
++
++ AG(mm_heap)->canary_1 = zend_canary();
++ AG(mm_heap)->canary_2 = zend_canary();
++ AG(mm_heap)->canary_3 = zend_canary(); */
++}
++#endif
++
+ static void alloc_globals_ctor(zend_alloc_globals *alloc_globals TSRMLS_DC)
+ {
+ char *tmp;
+Index: php5-5.2.4/Zend/zend_alloc.h
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_alloc.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_alloc.h 2007-09-16 14:45:15.000000000 +0200
+@@ -128,6 +128,9 @@
+
+ ZEND_API void start_memory_manager(TSRMLS_D);
+ ZEND_API void shutdown_memory_manager(int silent, int full_shutdown TSRMLS_DC);
++#if SUHOSIN_PATCH
++ZEND_API void suhosin_clear_mm_canaries(TSRMLS_D);
++#endif
+ ZEND_API int is_zend_mm(TSRMLS_D);
+
+ #if ZEND_DEBUG
+Index: php5-5.2.4/Zend/zend.c
+===================================================================
+--- php5-5.2.4.orig/Zend/zend.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend.c 2007-09-16 14:45:15.000000000 +0200
+@@ -57,7 +57,9 @@
+ ZEND_API void (*zend_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args);
+ int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap);
+ ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
+-
++#if SUHOSIN_PATCH
++ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
++#endif
+ void (*zend_on_timeout)(int seconds TSRMLS_DC);
+
+ static void (*zend_message_dispatcher_p)(long message, void *data);
+@@ -74,9 +76,88 @@
+ return SUCCESS;
+ }
+
++#if SUHOSIN_PATCH
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog)
++{
++ if (!new_value) {
++ SPG(log_syslog) = S_ALL & ~S_SQL | S_MEMORY;
++ } else {
++ SPG(log_syslog) = atoi(new_value) | S_MEMORY;
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_facility)
++{
++ if (!new_value) {
++ SPG(log_syslog_facility) = LOG_USER;
++ } else {
++ SPG(log_syslog_facility) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_syslog_priority)
++{
++ if (!new_value) {
++ SPG(log_syslog_priority) = LOG_ALERT;
++ } else {
++ SPG(log_syslog_priority) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_sapi)
++{
++ if (!new_value) {
++ SPG(log_sapi) = S_ALL & ~S_SQL;
++ } else {
++ SPG(log_sapi) = atoi(new_value);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_script)
++{
++ if (!new_value) {
++ SPG(log_script) = S_ALL & ~S_MEMORY;
++ } else {
++ SPG(log_script) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_scriptname)
++{
++ if (SPG(log_scriptname)) {
++ pefree(SPG(log_scriptname),1);
++ }
++ SPG(log_scriptname) = NULL;
++ if (new_value) {
++ SPG(log_scriptname) = pestrdup(new_value,1);
++ }
++ return SUCCESS;
++}
++static ZEND_INI_MH(OnUpdateSuhosin_log_phpscript)
++{
++ if (!new_value) {
++ SPG(log_phpscript) = S_ALL & ~S_MEMORY;
++ } else {
++ SPG(log_phpscript) = atoi(new_value) & (~S_MEMORY) & (~S_INTERNAL);
++ }
++ return SUCCESS;
++}
++#endif
+
+ ZEND_INI_BEGIN()
+ ZEND_INI_ENTRY("error_reporting", NULL, ZEND_INI_ALL, OnUpdateErrorReporting)
++#if SUHOSIN_PATCH
++ ZEND_INI_ENTRY("suhosin.log.syslog", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog)
++ ZEND_INI_ENTRY("suhosin.log.syslog.facility", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog_facility)
++ ZEND_INI_ENTRY("suhosin.log.syslog.priority", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_syslog_priority)
++ ZEND_INI_ENTRY("suhosin.log.sapi", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_sapi)
++ ZEND_INI_ENTRY("suhosin.log.script", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_script)
++ ZEND_INI_ENTRY("suhosin.log.script.name", NULL, ZEND_INI_SYSTEM, OnUpdateSuhosin_log_scriptname)
++ STD_ZEND_INI_BOOLEAN("suhosin.log.use-x-forwarded-for", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateBool, log_use_x_forwarded_for, suhosin_patch_globals_struct, suhosin_patch_globals)
++ ZEND_INI_ENTRY("suhosin.log.phpscript", "0", ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateSuhosin_log_phpscript)
++ STD_ZEND_INI_ENTRY("suhosin.log.phpscript.name", NULL, ZEND_INI_PERDIR|ZEND_INI_SYSTEM, OnUpdateString, log_phpscriptname, suhosin_patch_globals_struct, suhosin_patch_globals)
++ STD_ZEND_INI_BOOLEAN("suhosin.log.phpscript.is_safe", "0", ZEND_INI_SYSTEM, OnUpdateBool, log_phpscript_is_safe, suhosin_patch_globals_struct, suhosin_patch_globals)
++#endif
+ STD_ZEND_INI_BOOLEAN("zend.ze1_compatibility_mode", "0", ZEND_INI_ALL, OnUpdateBool, ze1_compatibility_mode, zend_executor_globals, executor_globals)
+ #ifdef ZEND_MULTIBYTE
+ STD_ZEND_INI_BOOLEAN("detect_unicode", "1", ZEND_INI_ALL, OnUpdateBool, detect_unicode, zend_compiler_globals, compiler_globals)
+Index: php5-5.2.4/Zend/zend_canary.c
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ php5-5.2.4/Zend/zend_canary.c 2007-09-16 14:45:15.000000000 +0200
+@@ -0,0 +1,64 @@
++/*
++ +----------------------------------------------------------------------+
++ | Suhosin-Patch for PHP |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 2004-2006 Stefan Esser |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 2.02 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available at through the world-wide-web at |
++ | http://www.php.net/license/2_02.txt. |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license [at] php so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Author: Stefan Esser <sesser [at] hardened-php> |
++ +----------------------------------------------------------------------+
++ */
++/* $Id: zend_canary.c,v 1.1 2004/11/26 12:45:41 ionic Exp $ */
++
++#include "zend.h"
++
++#include <stdio.h>
++#include <stdlib.h>
++
++
++#if SUHOSIN_PATCH
++
++static size_t last_canary = 0x73625123;
++
++/* will be replaced later with more compatible method */
++ZEND_API size_t zend_canary()
++{
++ time_t t;
++ size_t canary;
++ int fd;
++
++#ifndef PHP_WIN32
++ fd = open("/dev/urandom", 0);
++ if (fd != -1) {
++ int r = read(fd, &canary, sizeof(canary));
++ close(fd);
++ if (r == sizeof(canary)) {
++ return (canary);
++ }
++ }
++#endif
++ /* not good but we never want to do this */
++ time(&t);
++ canary = *(unsigned int *)&t + getpid() << 16 + last_canary;
++ last_canary ^= (canary << 5) | (canary >> (32-5));
++ return (canary);
++}
++
++#endif
++
++
++/*
++ * Local variables:
++ * tab-width: 4
++ * c-basic-offset: 4
++ * End:
++ * vim600: sw=4 ts=4 fdm=marker
++ * vim<600: sw=4 ts=4
++ */
+Index: php5-5.2.4/Zend/zend_compile.c
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_compile.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_compile.c 2007-09-16 14:45:15.000000000 +0200
+@@ -54,7 +54,6 @@
+ property_info->name = zend_strndup(property_info->name, property_info->name_length);
+ }
+
+-
+ static void zend_destroy_property_info(zend_property_info *property_info)
+ {
+ efree(property_info->name);
+@@ -68,6 +67,10 @@
+ {
+ free(property_info->name);
+ }
++#if SUHOSIN_PATCH
++void *suhosin_zend_destroy_property_info_internal = zend_destroy_property_info_internal;
++void *suhosin_zend_destroy_property_info = zend_destroy_property_info;
++#endif
+
+ static void build_runtime_defined_function_key(zval *result, char *name, int name_length TSRMLS_DC)
+ {
+Index: php5-5.2.4/Zend/zend_compile.h
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_compile.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_compile.h 2007-09-16 14:45:15.000000000 +0200
+@@ -564,6 +564,11 @@
+
+ int zendlex(znode *zendlval TSRMLS_DC);
+
++#if SUHOSIN_PATCH
++extern void *suhosin_zend_destroy_property_info_internal;
++extern void *suhosin_zend_destroy_property_info;
++#endif
++
+ /* BEGIN: OPCODES */
+
+ #include "zend_vm_opcodes.h"
+@@ -686,6 +691,7 @@
+
+ #define ZEND_RETURNS_FUNCTION 1<<0
+
++
+ END_EXTERN_C()
+
+ #define ZEND_CLONE_FUNC_NAME "__clone"
+Index: php5-5.2.4/Zend/zend_constants.c
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_constants.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_constants.c 2007-09-16 14:45:15.000000000 +0200
+@@ -110,6 +110,75 @@
+ REGISTER_MAIN_LONG_CONSTANT("E_USER_NOTICE", E_USER_NOTICE, CONST_PERSISTENT | CONST_CS);
+
+ REGISTER_MAIN_LONG_CONSTANT("E_ALL", E_ALL, CONST_PERSISTENT | CONST_CS);
++#if SUHOSIN_PATCH
++ REGISTER_MAIN_LONG_CONSTANT("S_MEMORY", S_MEMORY, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_VARS", S_VARS, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_FILES", S_FILES, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_INCLUDE", S_INCLUDE, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_SQL", S_SQL, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_EXECUTOR", S_EXECUTOR, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_MAIL", S_MAIL, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_SESSION", S_SESSION, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_MISC", S_MISC, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_INTERNAL", S_INTERNAL, CONST_PERSISTENT | CONST_CS);
++ REGISTER_MAIN_LONG_CONSTANT("S_ALL", S_ALL, CONST_PERSISTENT | CONST_CS);
++
++ /* error levels */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_EMERG", LOG_EMERG, CONST_CS | CONST_PERSISTENT); /* system unusable */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_ALERT", LOG_ALERT, CONST_CS | CONST_PERSISTENT); /* immediate action required */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRIT", LOG_CRIT, CONST_CS | CONST_PERSISTENT); /* critical conditions */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_ERR", LOG_ERR, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_WARNING", LOG_WARNING, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOTICE", LOG_NOTICE, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_INFO", LOG_INFO, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_DEBUG", LOG_DEBUG, CONST_CS | CONST_PERSISTENT);
++ /* facility: type of program logging the message */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_KERN", LOG_KERN, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_USER", LOG_USER, CONST_CS | CONST_PERSISTENT); /* generic user level */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_MAIL", LOG_MAIL, CONST_CS | CONST_PERSISTENT); /* log to email */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_DAEMON", LOG_DAEMON, CONST_CS | CONST_PERSISTENT); /* other system daemons */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTH", LOG_AUTH, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_SYSLOG", LOG_SYSLOG, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LPR", LOG_LPR, CONST_CS | CONST_PERSISTENT);
++#ifdef LOG_NEWS
++ /* No LOG_NEWS on HP-UX */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NEWS", LOG_NEWS, CONST_CS | CONST_PERSISTENT); /* usenet new */
++#endif
++#ifdef LOG_UUCP
++ /* No LOG_UUCP on HP-UX */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_UUCP", LOG_UUCP, CONST_CS | CONST_PERSISTENT);
++#endif
++#ifdef LOG_CRON
++ /* apparently some systems don't have this one */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_CRON", LOG_CRON, CONST_CS | CONST_PERSISTENT);
++#endif
++#ifdef LOG_AUTHPRIV
++ /* AIX doesn't have LOG_AUTHPRIV */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_AUTHPRIV", LOG_AUTHPRIV, CONST_CS | CONST_PERSISTENT);
++#endif
++#if !defined(PHP_WIN32) && !defined(NETWARE)
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL0", LOG_LOCAL0, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL1", LOG_LOCAL1, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL2", LOG_LOCAL2, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL3", LOG_LOCAL3, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL4", LOG_LOCAL4, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL5", LOG_LOCAL5, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL6", LOG_LOCAL6, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_LOCAL7", LOG_LOCAL7, CONST_CS | CONST_PERSISTENT);
++#endif
++ /* options */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_PID", LOG_PID, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_CONS", LOG_CONS, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_ODELAY", LOG_ODELAY, CONST_CS | CONST_PERSISTENT);
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NDELAY", LOG_NDELAY, CONST_CS | CONST_PERSISTENT);
++#ifdef LOG_NOWAIT
++ REGISTER_MAIN_LONG_CONSTANT("LOG_NOWAIT", LOG_NOWAIT, CONST_CS | CONST_PERSISTENT);
++#endif
++#ifdef LOG_PERROR
++ /* AIX doesn't have LOG_PERROR */
++ REGISTER_MAIN_LONG_CONSTANT("LOG_PERROR", LOG_PERROR, CONST_CS | CONST_PERSISTENT); /*log to stderr*/
++#endif
++#endif
+
+ /* true/false constants */
+ {
+Index: php5-5.2.4/Zend/Zend.dsp
+===================================================================
+--- php5-5.2.4.orig/Zend/Zend.dsp 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/Zend.dsp 2007-09-16 14:45:15.000000000 +0200
+@@ -239,6 +239,10 @@
+ # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File
+Index: php5-5.2.4/Zend/zend_errors.h
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_errors.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_errors.h 2007-09-16 14:45:15.000000000 +0200
+@@ -39,6 +39,20 @@
+ #define E_ALL (E_ERROR | E_WARNING | E_PARSE | E_NOTICE | E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_COMPILE_WARNING | E_USER_ERROR | E_USER_WARNING | E_USER_NOTICE | E_RECOVERABLE_ERROR)
+ #define E_CORE (E_CORE_ERROR | E_CORE_WARNING)
+
++#if SUHOSIN_PATCH
++#define S_MEMORY (1<<0L)
++#define S_MISC (1<<1L)
++#define S_VARS (1<<2L)
++#define S_FILES (1<<3L)
++#define S_INCLUDE (1<<4L)
++#define S_SQL (1<<5L)
++#define S_EXECUTOR (1<<6L)
++#define S_MAIL (1<<7L)
++#define S_SESSION (1<<8L)
++#define S_INTERNAL (1<<29L)
++#define S_ALL (S_MEMORY | S_VARS | S_INCLUDE | S_FILES | S_MAIL | S_SESSION | S_MISC | S_SQL | S_EXECUTOR)
++#endif
++
+ #endif /* ZEND_ERRORS_H */
+
+ /*
+Index: php5-5.2.4/Zend/zend.h
+===================================================================
+--- php5-5.2.4.orig/Zend/zend.h 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend.h 2007-09-16 14:45:15.000000000 +0200
+@@ -520,6 +520,9 @@
+ extern ZEND_API int (*zend_stream_open_function)(const char *filename, zend_file_handle *handle TSRMLS_DC);
+ extern int (*zend_vspprintf)(char **pbuf, size_t max_len, const char *format, va_list ap);
+ extern ZEND_API char *(*zend_getenv)(char *name, size_t name_len TSRMLS_DC);
++#if SUHOSIN_PATCH
++extern ZEND_API void (*zend_suhosin_log)(int loglevel, char *fmt, ...);
++#endif
+
+
+ ZEND_API void zend_error(int type, const char *format, ...) ZEND_ATTRIBUTE_FORMAT(printf, 2, 3);
+@@ -651,6 +654,13 @@
+ #include "zend_operators.h"
+ #include "zend_variables.h"
+
++#if SUHOSIN_PATCH
++#include "suhosin_globals.h"
++#include "php_syslog.h"
++
++ZEND_API size_t zend_canary();
++#endif
++
+ #endif /* ZEND_H */
+
+ /*
+Index: php5-5.2.4/Zend/zend_hash.c
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_hash.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_hash.c 2007-09-16 14:45:15.000000000 +0200
+@@ -20,6 +20,7 @@
+ /* $Id: zend_hash.c,v 1.121.2.4.2.8 2007/07/24 18:28:39 dmitry Exp $ */
+
+ #include "zend.h"
++#include "zend_compile.h"
+
+ #define CONNECT_TO_BUCKET_DLLIST(element, list_head) \
+ (element)->pNext = (list_head); \
+@@ -132,7 +133,189 @@
+ (p)->pDataPtr=NULL; \
+ }
+
++#if SUHOSIN_PATCH
++#ifdef ZTS
++MUTEX_T zend_hash_dprot_mx_reader;
++MUTEX_T zend_hash_dprot_mx_writer;
++unsigned int zend_hash_dprot_reader;
++#endif
++unsigned int zend_hash_dprot_counter;
++unsigned int zend_hash_dprot_curmax;
++dtor_func_t *zend_hash_dprot_table = NULL;
++
++static void zend_hash_dprot_begin_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_hash_dprot_mx_reader);
++ if ((++(zend_hash_dprot_reader)) == 1) {
++ tsrm_mutex_lock(zend_hash_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader);
++#endif
++}
++
++static void zend_hash_dprot_end_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_hash_dprot_mx_reader);
++ if ((--(zend_hash_dprot_reader)) == 0) {
++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_hash_dprot_mx_reader);
++#endif
++}
++
++static void zend_hash_dprot_begin_write()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_hash_dprot_mx_writer);
++#endif
++}
++
++static void zend_hash_dprot_end_write()
++{
++#ifdef ZTS
++ tsrm_mutex_unlock(zend_hash_dprot_mx_writer);
++#endif
++}
++
++/*ZEND_API void zend_hash_dprot_dtor()
++{
++#ifdef ZTS
++ tsrm_mutex_free(zend_hash_dprot_mx_reader);
++ tsrm_mutex_free(zend_hash_dprot_mx_writer);
++#endif
++ free(zend_hash_dprot_table);
++}*/
++
++static void zend_hash_add_destructor(dtor_func_t pDestructor)
++{
++ int left, right, mid;
++ zend_bool found = 0;
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR
++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) {
++ return;
++ }
++
++ if (zend_hash_dprot_table == NULL) {
++#ifdef ZTS
++ zend_hash_dprot_mx_reader = tsrm_mutex_alloc();
++ zend_hash_dprot_mx_writer = tsrm_mutex_alloc();
++ zend_hash_dprot_reader = 0;
++#endif
++ zend_hash_dprot_counter = 0;
++ zend_hash_dprot_curmax = 256;
++ zend_hash_dprot_table = (dtor_func_t *) malloc(256 * sizeof(dtor_func_t));
++ }
++
++ zend_hash_dprot_begin_write();
++
++ if (zend_hash_dprot_counter == 0) {
++ zend_hash_dprot_counter++;
++ zend_hash_dprot_table[0] = pDestructor;
++ } else {
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_hash_dprot_counter-1;
++ mid = 0;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_hash_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_hash_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_hash_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++
++ if (zend_hash_dprot_counter >= zend_hash_dprot_curmax) {
++ zend_hash_dprot_curmax += 256;
++ zend_hash_dprot_table = (dtor_func_t *) realloc(zend_hash_dprot_table, zend_hash_dprot_curmax * sizeof(dtor_func_t));
++ }
++
++ if ((unsigned long)zend_hash_dprot_table[left] < value) {
++ memmove(zend_hash_dprot_table+left+2, zend_hash_dprot_table+left+1, (zend_hash_dprot_counter-left-1)*sizeof(dtor_func_t));
++ zend_hash_dprot_table[left+1] = pDestructor;
++ } else {
++ memmove(zend_hash_dprot_table+left+1, zend_hash_dprot_table+left, (zend_hash_dprot_counter-left)*sizeof(dtor_func_t));
++ zend_hash_dprot_table[left] = pDestructor;
++ }
++
++ zend_hash_dprot_counter++;
++ }
++ }
++
++ zend_hash_dprot_end_write();
++}
++
++static void zend_hash_check_destructor(dtor_func_t pDestructor)
++{
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR || pDestructor == ZVAL_INTERNAL_PTR_DTOR
++#ifdef ZEND_ENGINE_2
++ || pDestructor == suhosin_zend_destroy_property_info_internal || pDestructor == suhosin_zend_destroy_property_info
++#endif
++ || pDestructor == ZEND_FUNCTION_DTOR || pDestructor == ZEND_CLASS_DTOR) {
++ return;
++ }
++
++ zend_hash_dprot_begin_read();
++
++ if (zend_hash_dprot_counter > 0) {
++ int left, right, mid;
++ zend_bool found = 0;
++
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_hash_dprot_counter-1;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_hash_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_hash_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_hash_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++ zend_hash_dprot_end_read();
++
++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown Hashtable destructor");
++ exit(1);
++ return;
++ }
++
++ }
++
++ zend_hash_dprot_end_read();
++}
+
++#else
++#define zend_hash_add_destructor(pDestructor) do {} while(0)
++#define zend_hash_check_destructor(pDestructor) do {} while(0)
++#endif
+
+ ZEND_API int _zend_hash_init(HashTable *ht, uint nSize, hash_func_t pHashFunction, dtor_func_t pDestructor, zend_bool persistent ZEND_FILE_LINE_DC)
+ {
+@@ -153,6 +336,7 @@
+
+ ht->nTableMask = ht->nTableSize - 1;
+ ht->pDestructor = pDestructor;
++ zend_hash_add_destructor(pDestructor);
+ ht->arBuckets = NULL;
+ ht->pListHead = NULL;
+ ht->pListTail = NULL;
+@@ -230,6 +414,8 @@
+ return FAILURE;
+ }
+ #endif
++
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -295,6 +481,7 @@
+ return FAILURE;
+ }
+ #endif
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -370,6 +557,7 @@
+ return FAILURE;
+ }
+ #endif
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -493,6 +681,7 @@
+ if (ht->pInternalPointer == p) {
+ ht->pInternalPointer = p->pListNext;
+ }
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+@@ -518,6 +707,8 @@
+
+ SET_INCONSISTENT(HT_IS_DESTROYING);
+
++ zend_hash_check_destructor(ht->pDestructor);
++
+ p = ht->pListHead;
+ while (p != NULL) {
+ q = p;
+@@ -544,6 +735,8 @@
+
+ SET_INCONSISTENT(HT_CLEANING);
+
++ zend_hash_check_destructor(ht->pDestructor);
++
+ p = ht->pListHead;
+ while (p != NULL) {
+ q = p;
+@@ -607,6 +800,7 @@
+ ht->nNumOfElements--;
+ HANDLE_UNBLOCK_INTERRUPTIONS();
+
++ zend_hash_check_destructor(ht->pDestructor);
+ if (ht->pDestructor) {
+ ht->pDestructor(p->pData);
+ }
+Index: php5-5.2.4/Zend/zend_llist.c
+===================================================================
+--- php5-5.2.4.orig/Zend/zend_llist.c 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/zend_llist.c 2007-09-16 14:45:15.000000000 +0200
+@@ -23,6 +23,184 @@
+ #include "zend_llist.h"
+ #include "zend_qsort.h"
+
++#if SUHOSIN_PATCH
++#ifdef ZTS
++MUTEX_T zend_llist_dprot_mx_reader;
++MUTEX_T zend_llist_dprot_mx_writer;
++unsigned int zend_llist_dprot_reader;
++#endif
++unsigned int zend_llist_dprot_counter;
++unsigned int zend_llist_dprot_curmax;
++llist_dtor_func_t *zend_llist_dprot_table = NULL;
++
++static void zend_llist_dprot_begin_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_llist_dprot_mx_reader);
++ if ((++(zend_llist_dprot_reader)) == 1) {
++ tsrm_mutex_lock(zend_llist_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader);
++#endif
++}
++
++static void zend_llist_dprot_end_read()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_llist_dprot_mx_reader);
++ if ((--(zend_llist_dprot_reader)) == 0) {
++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer);
++ }
++ tsrm_mutex_unlock(zend_llist_dprot_mx_reader);
++#endif
++}
++
++static void zend_llist_dprot_begin_write()
++{
++#ifdef ZTS
++ tsrm_mutex_lock(zend_llist_dprot_mx_writer);
++#endif
++}
++
++static void zend_llist_dprot_end_write()
++{
++#ifdef ZTS
++ tsrm_mutex_unlock(zend_llist_dprot_mx_writer);
++#endif
++}
++
++/*ZEND_API void zend_llist_dprot_dtor()
++{
++#ifdef ZTS
++ tsrm_mutex_free(zend_llist_dprot_mx_reader);
++ tsrm_mutex_free(zend_llist_dprot_mx_writer);
++#endif
++ free(zend_llist_dprot_table);
++}*/
++
++static void zend_llist_add_destructor(llist_dtor_func_t pDestructor)
++{
++ int left, right, mid;
++ zend_bool found = 0;
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) {
++ return;
++ }
++
++ if (zend_llist_dprot_table == NULL) {
++#ifdef ZTS
++ zend_llist_dprot_mx_reader = tsrm_mutex_alloc();
++ zend_llist_dprot_mx_writer = tsrm_mutex_alloc();
++ zend_llist_dprot_reader = 0;
++#endif
++ zend_llist_dprot_counter = 0;
++ zend_llist_dprot_curmax = 256;
++ zend_llist_dprot_table = (llist_dtor_func_t *) malloc(256 * sizeof(llist_dtor_func_t));
++ }
++
++ zend_llist_dprot_begin_write();
++
++ if (zend_llist_dprot_counter == 0) {
++ zend_llist_dprot_counter++;
++ zend_llist_dprot_table[0] = pDestructor;
++ } else {
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_llist_dprot_counter-1;
++ mid = 0;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_llist_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_llist_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_llist_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++
++ if (zend_llist_dprot_counter >= zend_llist_dprot_curmax) {
++ zend_llist_dprot_curmax += 256;
++ zend_llist_dprot_table = (llist_dtor_func_t *) realloc(zend_llist_dprot_table, zend_llist_dprot_curmax * sizeof(llist_dtor_func_t));
++ }
++
++ if ((unsigned long)zend_llist_dprot_table[left] < value) {
++ memmove(zend_llist_dprot_table+left+2, zend_llist_dprot_table+left+1, (zend_llist_dprot_counter-left-1)*sizeof(llist_dtor_func_t));
++ zend_llist_dprot_table[left+1] = pDestructor;
++ } else {
++ memmove(zend_llist_dprot_table+left+1, zend_llist_dprot_table+left, (zend_llist_dprot_counter-left)*sizeof(llist_dtor_func_t));
++ zend_llist_dprot_table[left] = pDestructor;
++ }
++
++ zend_llist_dprot_counter++;
++ }
++ }
++
++ zend_llist_dprot_end_write();
++}
++
++static void zend_llist_check_destructor(llist_dtor_func_t pDestructor)
++{
++ unsigned long value;
++
++ if (pDestructor == NULL || pDestructor == ZVAL_PTR_DTOR) {
++ return;
++ }
++
++ zend_llist_dprot_begin_read();
++
++ if (zend_llist_dprot_counter > 0) {
++ int left, right, mid;
++ zend_bool found = 0;
++
++ value = (unsigned long) pDestructor;
++ left = 0;
++ right = zend_llist_dprot_counter-1;
++
++ while (left < right) {
++ mid = (right - left) >> 1;
++ mid += left;
++ if ((unsigned long)zend_llist_dprot_table[mid] == value) {
++ found = 1;
++ break;
++ }
++ if (value < (unsigned long)zend_llist_dprot_table[mid]) {
++ right = mid-1;
++ } else {
++ left = mid+1;
++ }
++ }
++ if ((unsigned long)zend_llist_dprot_table[left] == value) {
++ found = 1;
++ }
++
++ if (!found) {
++ zend_llist_dprot_end_read();
++
++ zend_suhosin_log(S_MEMORY, "possible memory corruption detected - unknown llist destructor");
++ exit(1);
++ return;
++ }
++
++ }
++
++ zend_llist_dprot_end_read();
++}
++#else
++#define zend_llist_add_destructor(pDestructor) do {} while(0)
++#define zend_llist_check_destructor(pDestructor) do {} while(0)
++#endif
++
+ ZEND_API void zend_llist_init(zend_llist *l, size_t size, llist_dtor_func_t dtor, unsigned char persistent)
+ {
+ l->head = NULL;
+@@ -30,6 +208,7 @@
+ l->count = 0;
+ l->size = size;
+ l->dtor = dtor;
++ zend_llist_add_destructor(dtor);
+ l->persistent = persistent;
+ }
+
+@@ -81,6 +260,7 @@
+ } else {\
+ (l)->tail = (current)->prev;\
+ }\
++ zend_llist_check_destructor((l)->dtor); \
+ if ((l)->dtor) {\
+ (l)->dtor((current)->data);\
+ }\
+@@ -108,6 +288,7 @@
+ {
+ zend_llist_element *current=l->head, *next;
+
++ zend_llist_check_destructor(l->dtor);
+ while (current) {
+ next = current->next;
+ if (l->dtor) {
+@@ -133,6 +314,7 @@
+ zend_llist_element *old_tail;
+ void *data;
+
++ zend_llist_check_destructor(l->dtor);
+ if ((old_tail = l->tail)) {
+ if (old_tail->prev) {
+ old_tail->prev->next = NULL;
+Index: php5-5.2.4/Zend/ZendTS.dsp
+===================================================================
+--- php5-5.2.4.orig/Zend/ZendTS.dsp 2007-09-16 14:45:09.000000000 +0200
++++ php5-5.2.4/Zend/ZendTS.dsp 2007-09-16 14:45:15.000000000 +0200
+@@ -273,6 +273,10 @@
+ # End Source File
+ # Begin Source File
+
++SOURCE=.\zend_canary.c
++# End Source File
++# Begin Source File
++
+ SOURCE=.\zend_ts_hash.c
+ # End Source File
+ # Begin Source File

Added: trunk/debs/php5/debian/patches/use-specific-libdb-version.patch
===================================================================
--- trunk/debs/php5/debian/patches/use-specific-libdb-version.patch (rev 0)
+++ trunk/debs/php5/debian/patches/use-specific-libdb-version.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,13 @@
+Index: php5-5.2.4/ext/dba/config.m4
+===================================================================
+--- php5-5.2.4.orig/ext/dba/config.m4 2007-12-19 04:18:56.000000000 +0100
++++ php5-5.2.4/ext/dba/config.m4 2007-12-19 04:19:03.000000000 +0100
+@@ -301,7 +301,7 @@
+ break
+ fi
+ done
+- PHP_DBA_DB_CHECK(4, db-4.5 db-4.4 db-4.3 db-4.2 db-4.1 db-4.0 db-4 db4 db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)])
++ PHP_DBA_DB_CHECK(4, db-4.6 db-4.5 db-4.4 db-4.3 db-4.2 db-4.1 db-4.0 db-4 db4 db, [(void)db_create((DB**)0, (DB_ENV*)0, 0)])
+ fi
+ PHP_DBA_STD_RESULT(db4,Berkeley DB4)
+

Added: trunk/debs/php5/debian/patches/use_embedded_timezonedb.patch
===================================================================
--- trunk/debs/php5/debian/patches/use_embedded_timezonedb.patch (rev 0)
+++ trunk/debs/php5/debian/patches/use_embedded_timezonedb.patch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,655 @@
+diff -Naur php-5.2.4.orig/ext/date/lib/parse_tz.c php-5.2.4/ext/date/lib/parse_tz.c
+--- php-5.2.4.orig/ext/date/lib/parse_tz.c 2007-01-25 14:38:45.000000000 +0000
++++ php-5.2.4/ext/date/lib/parse_tz.c 2008-10-22 13:04:09.000000000 +0000
+@@ -20,6 +20,16 @@
+
+ #include "timelib.h"
+
++#ifdef HAVE_SYSTEM_TZDATA
++#include <sys/mman.h>
++#include <sys/stat.h>
++#include <limits.h>
++#include <fcntl.h>
++#include <unistd.h>
++
++#include "php_scandir.h"
++#endif
++
+ #include <stdio.h>
+
+ #ifdef HAVE_LOCALE_H
+@@ -31,7 +41,10 @@
+ #else
+ #include <strings.h>
+ #endif
++
++#ifndef HAVE_SYSTEM_TZDATA
+ #include "timezonedb.h"
++#endif
+
+ #ifdef WORDS_BIGENDIAN
+ #define timelib_conv_int(l) (l)
+@@ -196,6 +209,195 @@
+ }
+ }
+
++#ifdef HAVE_SYSTEM_TZDATA
++
++#ifdef HAVE_SYSTEM_TZDATA_PREFIX
++#define ZONEINFO_PREFIX HAVE_SYSTEM_TZDATA_PREFIX
++#else
++#define ZONEINFO_PREFIX "/usr/share/zoneinfo"
++#endif
++
++static const timelib_tzdb *timezonedb_system = NULL;
++
++/* Filter out some non-tzdata files and the posix/right databases, if
++ * present. */
++static int index_filter(const struct dirent *ent)
++{
++ return strcmp(ent->d_name, ".") != 0
++ && strcmp(ent->d_name, "..") != 0
++ && strcmp(ent->d_name, "posix") != 0
++ && strcmp(ent->d_name, "posixrules") != 0
++ && strcmp(ent->d_name, "right") != 0
++ && strstr(ent->d_name, ".tab") == NULL;
++}
++
++/* Create the zone identifier index by trawling the filesystem. */
++static void create_zone_index(timelib_tzdb *db)
++{
++ size_t dirstack_size, dirstack_top;
++ size_t index_size, index_next;
++ timelib_tzdb_index_entry *db_index;
++ char **dirstack;
++
++ /* LIFO stack to hold directory entres to scan; each slot is a
++ * directory name relative to the zoneinfo prefix. */
++ dirstack_size = 32;
++ dirstack = malloc(dirstack_size * sizeof *dirstack);
++ dirstack_top = 1;
++ dirstack[0] = strdup("");
++
++ /* Index array. */
++ index_size = 64;
++ db_index = malloc(index_size * sizeof *db_index);
++ index_next = 0;
++
++ do {
++ struct dirent **ents;
++ char name[PATH_MAX], *top;
++ int count;
++
++ /* Pop the top stack entry, and iterate through its contents. */
++ top = dirstack[--dirstack_top];
++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s", top);
++
++ count = php_scandir(name, &ents, index_filter, php_alphasort);
++
++ while (count > 0) {
++ struct stat st;
++ const char *leaf = ents[count - 1]->d_name;
++
++ snprintf(name, sizeof name, ZONEINFO_PREFIX "/%s/%s",
++ top, leaf);
++
++ if (strlen(name) && stat(name, &st) == 0) {
++ /* Name, relative to the zoneinfo prefix. */
++ const char *root = top;
++
++ if (root[0] == '/') root++;
++
++ snprintf(name, sizeof name, "%s%s%s", root,
++ *root ? "/": "", leaf);
++
++ if (S_ISDIR(st.st_mode)) {
++ if (dirstack_top == dirstack_size) {
++ dirstack_size *= 2;
++ dirstack = realloc(dirstack,
++ dirstack_size * sizeof *dirstack);
++ }
++ dirstack[dirstack_top++] = strdup(name);
++ }
++ else {
++ if (index_next == index_size) {
++ index_size *= 2;
++ db_index = realloc(db_index,
++ index_size * sizeof *db_index);
++ }
++
++ db_index[index_next].id = strdup(name);
++ db_index[index_next++].pos = 0;
++ }
++ }
++
++ free(ents[--count]);
++ }
++
++ free(ents);
++ free(top);
++ } while (dirstack_top);
++
++ db->index = db_index;
++ db->index_size = index_next;
++
++ free(dirstack);
++}
++
++/* Return the mmap()ed tzfile if found, else NULL. On success, the
++ * length of the mapped data is placed in *length. */
++static char *map_tzfile(const char *timezone, size_t *length)
++{
++ char fname[PATH_MAX];
++ struct stat st;
++ char *p;
++ int fd;
++
++ if (strstr(timezone, "..") != NULL) {
++ return NULL;
++ }
++
++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
++
++ fd = open(fname, O_RDONLY);
++ if (fd == -1) {
++ return NULL;
++ } else if (fstat(fd, &st) != 0 || st.st_size < 21) {
++ close(fd);
++ return NULL;
++ }
++
++ *length = st.st_size;
++ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
++ close(fd);
++
++ return p != MAP_FAILED ? p : NULL;
++}
++
++const timelib_tzdb *timelib_builtin_db(void)
++{
++ if (timezonedb_system == NULL) {
++ timelib_tzdb *tmp = malloc(sizeof *tmp);
++
++ tmp->version = "0.system";
++ tmp->data = NULL;
++ create_zone_index(tmp);
++ timezonedb_system = tmp;
++ }
++
++ return timezonedb_system;
++}
++
++const timelib_tzdb_index_entry *timelib_timezone_builtin_identifiers_list(int *count)
++{
++ *count = timezonedb_system->index_size;
++ return timezonedb_system->index;
++}
++
++int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb)
++{
++ char fname[PATH_MAX];
++
++ if (strstr(timezone, "..") != NULL) {
++ return 0;
++ }
++
++ snprintf(fname, sizeof fname, ZONEINFO_PREFIX "/%s", timezone);
++
++ return access(fname, R_OK) == 0 ? 1 : 0;
++}
++
++timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb)
++{
++ char *tzf, *orig;
++ timelib_tzinfo *tmp;
++ size_t len;
++
++ orig = map_tzfile(timezone, &len);
++ if (orig == NULL) {
++ return NULL;
++ }
++
++ tmp = timelib_tzinfo_ctor(timezone);
++
++ tzf = orig + 20;
++ read_header(&tzf, tmp);
++ read_transistions(&tzf, tmp);
++ read_types(&tzf, tmp);
++
++ munmap(orig, len);
++
++ return tmp;
++}
++#else /* !HAVE_SYSTEM_TZDATA */
++
+ static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
+ {
+ int left = 0, right = tzdb->index_size - 1;
+@@ -269,6 +471,7 @@
+
+ return tmp;
+ }
++#endif
+
+ static ttinfo* fetch_timezone_offset(timelib_tzinfo *tz, timelib_sll ts, timelib_sll *transition_time)
+ {
+diff -Naur php-5.2.4.orig/ext/date/lib/parse_tz.c.orig php-5.2.4/ext/date/lib/parse_tz.c.orig
+--- php-5.2.4.orig/ext/date/lib/parse_tz.c.orig 1970-01-01 00:00:00.000000000 +0000
++++ php-5.2.4/ext/date/lib/parse_tz.c.orig 2007-01-25 14:38:45.000000000 +0000
+@@ -0,0 +1,395 @@
++/*
++ +----------------------------------------------------------------------+
++ | PHP Version 5 |
++ +----------------------------------------------------------------------+
++ | Copyright (c) 1997-2007 The PHP Group |
++ +----------------------------------------------------------------------+
++ | This source file is subject to version 3.01 of the PHP license, |
++ | that is bundled with this package in the file LICENSE, and is |
++ | available through the world-wide-web at the following url: |
++ | http://www.php.net/license/3_01.txt |
++ | If you did not receive a copy of the PHP license and are unable to |
++ | obtain it through the world-wide-web, please send a note to |
++ | license [at] php so we can mail you a copy immediately. |
++ +----------------------------------------------------------------------+
++ | Authors: Derick Rethans <derick [at] derickrethans> |
++ +----------------------------------------------------------------------+
++ */
++
++/* $Id: parse_tz.c,v 1.20.2.6.2.12 2007/01/25 14:38:45 tony2001 Exp $ */
++
++#include "timelib.h"
++
++#include <stdio.h>
++
++#ifdef HAVE_LOCALE_H
++#include <locale.h>
++#endif
++
++#ifdef HAVE_STRING_H
++#include <string.h>
++#else
++#include <strings.h>
++#endif
++#include "timezonedb.h"
++
++#ifdef WORDS_BIGENDIAN
++#define timelib_conv_int(l) (l)
++#else
++#define timelib_conv_int(l) ((l & 0x000000ff) << 24) + ((l & 0x0000ff00) << 8) + ((l & 0x00ff0000) >> 8) + ((l & 0xff000000) >> 24)
++#endif
++
++static void read_header(char **tzf, timelib_tzinfo *tz)
++{
++ uint32_t buffer[6];
++
++ memcpy(&buffer, *tzf, sizeof(buffer));
++ tz->ttisgmtcnt = timelib_conv_int(buffer[0]);
++ tz->ttisstdcnt = timelib_conv_int(buffer[1]);
++ tz->leapcnt = timelib_conv_int(buffer[2]);
++ tz->timecnt = timelib_conv_int(buffer[3]);
++ tz->typecnt = timelib_conv_int(buffer[4]);
++ tz->charcnt = timelib_conv_int(buffer[5]);
++ *tzf += sizeof(buffer);
++}
++
++static void read_transistions(char **tzf, timelib_tzinfo *tz)
++{
++ int32_t *buffer = NULL;
++ uint32_t i;
++ unsigned char *cbuffer = NULL;
++
++ if (tz->timecnt) {
++ buffer = (int32_t*) malloc(tz->timecnt * sizeof(int32_t));
++ if (!buffer) {
++ return;
++ }
++ memcpy(buffer, *tzf, sizeof(int32_t) * tz->timecnt);
++ *tzf += (sizeof(int32_t) * tz->timecnt);
++ for (i = 0; i < tz->timecnt; i++) {
++ buffer[i] = timelib_conv_int(buffer[i]);
++ }
++
++ cbuffer = (unsigned char*) malloc(tz->timecnt * sizeof(unsigned char));
++ if (!cbuffer) {
++ return;
++ }
++ memcpy(cbuffer, *tzf, sizeof(unsigned char) * tz->timecnt);
++ *tzf += sizeof(unsigned char) * tz->timecnt;
++ }
++
++ tz->trans = buffer;
++ tz->trans_idx = cbuffer;
++}
++
++static void read_types(char **tzf, timelib_tzinfo *tz)
++{
++ unsigned char *buffer;
++ int32_t *leap_buffer;
++ unsigned int i, j;
++
++ buffer = (unsigned char*) malloc(tz->typecnt * sizeof(unsigned char) * 6);
++ if (!buffer) {
++ return;
++ }
++ memcpy(buffer, *tzf, sizeof(unsigned char) * 6 * tz->typecnt);
++ *tzf += sizeof(unsigned char) * 6 * tz->typecnt;
++
++ tz->type = (ttinfo*) malloc(tz->typecnt * sizeof(struct ttinfo));
++ if (!tz->type) {
++ return;
++ }
++
++ for (i = 0; i < tz->typecnt; i++) {
++ j = i * 6;
++ tz->type[i].offset = (buffer[j] * 16777216) + (buffer[j + 1] * 65536) + (buffer[j + 2] * 256) + buffer[j + 3];
++ tz->type[i].isdst = buffer[j + 4];
++ tz->type[i].abbr_idx = buffer[j + 5];
++ }
++ free(buffer);
++
++ tz->timezone_abbr = (char*) malloc(tz->charcnt);
++ if (!tz->timezone_abbr) {
++ return;
++ }
++ memcpy(tz->timezone_abbr, *tzf, sizeof(char) * tz->charcnt);
++ *tzf += sizeof(char) * tz->charcnt;
++
++ leap_buffer = (int32_t *) malloc(tz->leapcnt * 2 * sizeof(int32_t));
++ if (!leap_buffer) {
++ return;
++ }
++ memcpy(leap_buffer, *tzf, sizeof(int32_t) * tz->leapcnt * 2);
++ *tzf += sizeof(int32_t) * tz->leapcnt * 2;
++
++ tz->leap_times = (tlinfo*) malloc(tz->leapcnt * sizeof(tlinfo));
++ if (!tz->leap_times) {
++ return;
++ }
++ for (i = 0; i < tz->leapcnt; i++) {
++ tz->leap_times[i].trans = timelib_conv_int(leap_buffer[i * 2]);
++ tz->leap_times[i].offset = timelib_conv_int(leap_buffer[i * 2 + 1]);
++ }
++ free(leap_buffer);
++
++ buffer = (unsigned char*) malloc(tz->ttisstdcnt * sizeof(unsigned char));
++ if (!buffer) {
++ return;
++ }
++ memcpy(buffer, *tzf, sizeof(unsigned char) * tz->ttisstdcnt);
++ *tzf += sizeof(unsigned char) * tz->ttisstdcnt;
++
++ for (i = 0; i < tz->ttisstdcnt; i++) {
++ tz->type[i].isstdcnt = buffer[i];
++ }
++ free(buffer);
++
++ buffer = (unsigned char*) malloc(tz->ttisgmtcnt * sizeof(unsigned char));
++ if (!buffer) {
++ return;
++ }
++ memcpy(buffer, *tzf, sizeof(unsigned char) * tz->ttisgmtcnt);
++ *tzf += sizeof(unsigned char) * tz->ttisgmtcnt;
++
++ for (i = 0; i < tz->ttisgmtcnt; i++) {
++ tz->type[i].isgmtcnt = buffer[i];
++ }
++ free(buffer);
++}
++
++void timelib_dump_tzinfo(timelib_tzinfo *tz)
++{
++ uint32_t i;
++
++ printf("UTC/Local count: %lu\n", (unsigned long) tz->ttisgmtcnt);
++ printf("Std/Wall count: %lu\n", (unsigned long) tz->ttisstdcnt);
++ printf("Leap.sec. count: %lu\n", (unsigned long) tz->leapcnt);
++ printf("Trans. count: %lu\n", (unsigned long) tz->timecnt);
++ printf("Local types count: %lu\n", (unsigned long) tz->typecnt);
++ printf("Zone Abbr. count: %lu\n", (unsigned long) tz->charcnt);
++
++ printf ("%8s (%12s) = %3d [%5ld %1d %3d '%s' (%d,%d)]\n",
++ "", "", 0,
++ (long int) tz->type[0].offset,
++ tz->type[0].isdst,
++ tz->type[0].abbr_idx,
++ &tz->timezone_abbr[tz->type[0].abbr_idx],
++ tz->type[0].isstdcnt,
++ tz->type[0].isgmtcnt
++ );
++ for (i = 0; i < tz->timecnt; i++) {
++ printf ("%08X (%12d) = %3d [%5ld %1d %3d '%s' (%d,%d)]\n",
++ tz->trans[i], tz->trans[i], tz->trans_idx[i],
++ (long int) tz->type[tz->trans_idx[i]].offset,
++ tz->type[tz->trans_idx[i]].isdst,
++ tz->type[tz->trans_idx[i]].abbr_idx,
++ &tz->timezone_abbr[tz->type[tz->trans_idx[i]].abbr_idx],
++ tz->type[tz->trans_idx[i]].isstdcnt,
++ tz->type[tz->trans_idx[i]].isgmtcnt
++ );
++ }
++ for (i = 0; i < tz->leapcnt; i++) {
++ printf ("%08X (%12ld) = %d\n",
++ tz->leap_times[i].trans,
++ (long) tz->leap_times[i].trans,
++ tz->leap_times[i].offset);
++ }
++}
++
++static int seek_to_tz_position(const unsigned char **tzf, char *timezone, const timelib_tzdb *tzdb)
++{
++ int left = 0, right = tzdb->index_size - 1;
++#ifdef HAVE_SETLOCALE
++ char *cur_locale = NULL, *tmp;
++
++ tmp = setlocale(LC_CTYPE, NULL);
++ if (tmp) {
++ cur_locale = strdup(tmp);
++ }
++ setlocale(LC_CTYPE, "C");
++#endif
++
++ do {
++ int mid = ((unsigned)left + right) >> 1;
++ int cmp = strcasecmp(timezone, tzdb->index[mid].id);
++
++ if (cmp < 0) {
++ right = mid - 1;
++ } else if (cmp > 0) {
++ left = mid + 1;
++ } else { /* (cmp == 0) */
++ (*tzf) = &(tzdb->data[tzdb->index[mid].pos + 20]);
++#ifdef HAVE_SETLOCALE
++ setlocale(LC_CTYPE, cur_locale);
++ if (cur_locale) free(cur_locale);
++#endif
++ return 1;
++ }
++
++ } while (left <= right);
++
++#ifdef HAVE_SETLOCALE
++ setlocale(LC_CTYPE, cur_locale);
++ if (cur_locale) free(cur_locale);
++#endif
++ return 0;
++}
++
++const timelib_tzdb *timelib_builtin_db(void)
++{
++ return &timezonedb_builtin;
++}
++
++const timelib_tzdb_index_entry *timelib_timezone_builtin_identifiers_list(int *count)
++{
++ *count = sizeof(timezonedb_idx_builtin) / sizeof(*timezonedb_idx_builtin);
++ return timezonedb_idx_builtin;
++}
++
++int timelib_timezone_id_is_valid(char *timezone, const timelib_tzdb *tzdb)
++{
++ const unsigned char *tzf;
++ return (seek_to_tz_position(&tzf, timezone, tzdb));
++}
++
++timelib_tzinfo *timelib_parse_tzfile(char *timezone, const timelib_tzdb *tzdb)
++{
++ const unsigned char *tzf;
++ timelib_tzinfo *tmp;
++
++ if (seek_to_tz_position(&tzf, timezone, tzdb)) {
++ tmp = timelib_tzinfo_ctor(timezone);
++
++ read_header((char**) &tzf, tmp);
++ read_transistions((char**) &tzf, tmp);
++ read_types((char**) &tzf, tmp);
++ } else {
++ tmp = NULL;
++ }
++
++ return tmp;
++}
++
++static ttinfo* fetch_timezone_offset(timelib_tzinfo *tz, timelib_sll ts, timelib_sll *transition_time)
++{
++ uint32_t i;
++
++ /* If there is no transistion time, we pick the first one, if that doesn't
++ * exist we return NULL */
++ if (!tz->timecnt || !tz->trans) {
++ *transition_time = 0;
++ if (tz->typecnt == 1) {
++ return &(tz->type[0]);
++ }
++ return NULL;
++ }
++
++ /* If the TS is lower than the first transistion time, then we scan over
++ * all the transistion times to find the first non-DST one, or the first
++ * one in case there are only DST entries. Not sure which smartass came up
++ * with this idea in the first though :) */
++ if (ts < tz->trans[0]) {
++ uint32_t j;
++
++ *transition_time = 0;
++ j = 0;
++ while (j < tz->timecnt && tz->type[j].isdst) {
++ ++j;
++ }
++ if (j == tz->timecnt) {
++ j = 0;
++ }
++ return &(tz->type[j]);
++ }
++
++ /* In all other cases we loop through the available transtion times to find
++ * the correct entry */
++ for (i = 0; i < tz->timecnt; i++) {
++ if (ts < tz->trans[i]) {
++ *transition_time = tz->trans[i - 1];
++ return &(tz->type[tz->trans_idx[i - 1]]);
++ }
++ }
++ *transition_time = tz->trans[tz->timecnt - 1];
++ return &(tz->type[tz->trans_idx[tz->timecnt - 1]]);
++}
++
++static tlinfo* fetch_leaptime_offset(timelib_tzinfo *tz, timelib_sll ts)
++{
++ int i;
++
++ if (!tz->leapcnt || !tz->leap_times) {
++ return NULL;
++ }
++
++ for (i = tz->leapcnt - 1; i > 0; i--) {
++ if (ts > tz->leap_times[i].trans) {
++ return &(tz->leap_times[i]);
++ }
++ }
++ return NULL;
++}
++
++int timelib_timestamp_is_in_dst(timelib_sll ts, timelib_tzinfo *tz)
++{
++ ttinfo *to;
++ timelib_sll dummy;
++
++ if ((to = fetch_timezone_offset(tz, ts, &dummy))) {
++ return to->isdst;
++ }
++ return -1;
++}
++
++timelib_time_offset *timelib_get_time_zone_info(timelib_sll ts, timelib_tzinfo *tz)
++{
++ ttinfo *to;
++ tlinfo *tl;
++ int32_t offset = 0, leap_secs = 0;
++ char *abbr;
++ timelib_time_offset *tmp = timelib_time_offset_ctor();
++ timelib_sll transistion_time;
++
++ if ((to = fetch_timezone_offset(tz, ts, &transistion_time))) {
++ offset = to->offset;
++ abbr = &(tz->timezone_abbr[to->abbr_idx]);
++ tmp->is_dst = to->isdst;
++ tmp->transistion_time = transistion_time;
++ } else {
++ offset = 0;
++ abbr = tz->timezone_abbr;
++ tmp->is_dst = 0;
++ tmp->transistion_time = 0;
++ }
++
++ if ((tl = fetch_leaptime_offset(tz, ts))) {
++ leap_secs = -tl->offset;
++ }
++
++ tmp->offset = offset;
++ tmp->leap_secs = leap_secs;
++ tmp->abbr = abbr ? strdup(abbr) : strdup("GMT");
++
++ return tmp;
++}
++
++timelib_sll timelib_get_current_offset(timelib_time *t)
++{
++ timelib_time_offset *gmt_offset;
++ timelib_sll retval;
++
++ switch (t->zone_type) {
++ case TIMELIB_ZONETYPE_ABBR:
++ case TIMELIB_ZONETYPE_OFFSET:
++ return t->z * 60;
++
++ case TIMELIB_ZONETYPE_ID:
++ gmt_offset = timelib_get_time_zone_info(t->sse, t->tz_info);
++ retval = gmt_offset->offset;
++ timelib_time_offset_dtor(gmt_offset);
++ return retval;
++
++ default:
++ return 0;
++ }
++}
+diff -Naur php-5.2.4.orig/ext/date/lib/timelib.m4 php-5.2.4/ext/date/lib/timelib.m4
+--- php-5.2.4.orig/ext/date/lib/timelib.m4 2005-07-03 23:30:52.000000000 +0000
++++ php-5.2.4/ext/date/lib/timelib.m4 2008-10-22 13:04:09.000000000 +0000
+@@ -78,3 +78,17 @@
+
+ dnl Check for strtoll, atoll
+ AC_CHECK_FUNCS(strtoll atoll strftime)
++
++PHP_ARG_WITH(system-tzdata, for use of system timezone data,
++[ --with-system-tzdata[=DIR] to specify use of system timezone data],
++no, no)
++
++if test "$PHP_SYSTEM_TZDATA" != "no"; then
++ AC_DEFINE(HAVE_SYSTEM_TZDATA, 1, [Define if system timezone data is used])
++
++ if test "$PHP_SYSTEM_TZDATA" != "yes"; then
++ AC_DEFINE_UNQUOTED(HAVE_SYSTEM_TZDATA_PREFIX, "$PHP_SYSTEM_TZDATA",
++ [Define for location of system timezone data])
++ fi
++fi
++

Added: trunk/debs/php5/debian/php5-cgi.dirs
===================================================================
--- trunk/debs/php5/debian/php5-cgi.dirs (rev 0)
+++ trunk/debs/php5/debian/php5-cgi.dirs 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,4 @@
+/etc/php5/cgi
+/usr/lib/cgi-bin
+/usr/bin
+/usr/share/man/man1

Added: trunk/debs/php5/debian/php5-cgi.postinst
===================================================================
--- trunk/debs/php5/debian/php5-cgi.postinst (rev 0)
+++ trunk/debs/php5/debian/php5-cgi.postinst 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/cgi/php.ini"
+# LEGACY SUPPORT
+# previous versions of php did not ship $phpini as a conffile nor did
+# they use anything like ucf. as a result, we need to help transition
+# those files into ucf a little more easily by updating unmodified
+# ini files before registering them
+#
+# if we're upgrading from a pre-ucf version of php:
+if dpkg --compare-versions "$2" le-nl "5.1.6-4"; then
+ # if the SAPI config file already exists and is unmodified
+ if [ -f "$phpini" ]; then
+ oldmd5=`md5sum $phpini | cut -d' ' -f1`
+ if [ "$oldmd5" = "c85605baab79fbcd3c289e442eb3caa2" ]; then
+ # then silently update it before registering via ucf
+ cp /usr/share/php5/php.ini-dist $phpini
+ fi
+ fi
+fi
+# END LEGACY SUPPORT
+
+ucf /usr/share/php5/php.ini-dist $phpini
+
+update-alternatives \
+ --install /usr/bin/php-cgi php-cgi /usr/bin/php5-cgi 50 \
+ --slave /usr/share/man/man1/php-cgi.1.gz php-cgi.1.gz /usr/share/man/man1/php5-cgi.1.gz
+
+update-alternatives \
+ --install /usr/lib/cgi-bin/php php-cgi-bin /usr/lib/cgi-bin/php5 50
+
+exit 0

Added: trunk/debs/php5/debian/php5-cgi.prerm
===================================================================
--- trunk/debs/php5/debian/php5-cgi.prerm (rev 0)
+++ trunk/debs/php5/debian/php5-cgi.prerm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+update-alternatives --remove php-cgi /usr/bin/php5-cgi
+update-alternatives --remove php-cgi-bin /usr/lib/cgi-bin/php5
+
+exit 0

Added: trunk/debs/php5/debian/php5-cli.dirs
===================================================================
--- trunk/debs/php5/debian/php5-cli.dirs (rev 0)
+++ trunk/debs/php5/debian/php5-cli.dirs 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,3 @@
+/etc/php5/cli
+/usr/bin
+/usr/share/man/man1

Added: trunk/debs/php5/debian/php5-cli.postinst
===================================================================
--- trunk/debs/php5/debian/php5-cli.postinst (rev 0)
+++ trunk/debs/php5/debian/php5-cli.postinst 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+phpini="/etc/php5/cli/php.ini"
+# LEGACY SUPPORT
+# previous versions of php did not ship $phpini as a conffile nor did
+# they use anything like ucf. as a result, we need to help transition
+# those files into ucf a little more easily by updating unmodified
+# ini files before registering them
+#
+# if we're upgrading from a pre-ucf version of php:
+if dpkg --compare-versions "$2" le-nl "5.1.6-4"; then
+ # if the SAPI config file already exists and is unmodified
+ if [ -f "$phpini" ]; then
+ oldmd5=`md5sum $phpini | cut -d' ' -f1`
+ if [ "$oldmd5" = "c85605baab79fbcd3c289e442eb3caa2" ]; then
+ # then silently update it before registering via ucf
+ cp /usr/share/php5/php.ini-dist.cli $phpini
+ fi
+ fi
+fi
+# END LEGACY SUPPORT
+
+ucf /usr/share/php5/php.ini-dist.cli $phpini
+
+update-alternatives \
+ --install /usr/bin/php php /usr/bin/php5 50 \
+ --slave /usr/share/man/man1/php.1.gz php.1.gz /usr/share/man/man1/php5.1.gz
+
+exit 0

Added: trunk/debs/php5/debian/php5-cli.prerm
===================================================================
--- trunk/debs/php5/debian/php5-cli.prerm (rev 0)
+++ trunk/debs/php5/debian/php5-cli.prerm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" = "remove" -o "$1" = "deconfigure" ]; then
+ update-alternatives --remove php /usr/bin/php5
+fi
+
+exit 0

Added: trunk/debs/php5/debian/php5-common.README.Debian
===================================================================
--- trunk/debs/php5/debian/php5-common.README.Debian (rev 0)
+++ trunk/debs/php5/debian/php5-common.README.Debian 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,143 @@
+Table of Contents:
+---------------------------------------------------------------------
+* Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium)
+* Problems starting apache2 with php5
+* Session storage
+* Other caveats
+* php5-cgi and apache2
+* Restarting your web server after installing modules
+* Configuration layout
+* Further documentation, errata, etc
+
+
+Using php5 with threaded webservers (eg. apache2-mpm-worker, caudium)
+---------------------------------------------------------------------
+
+ After much back-and-forth with upstream (and even building our
+ packages thread-safe for a while), we're currently admitting defeat
+ on that front, and are NOT building any thread-safe versions of
+ PHP for any webservers. Our recommendation is that, if you need
+ to use a threaded webserver, you should use php5-cgi in either
+ 'normal' CGI mode, or in FastCGI mode.
+
+Adam Conrad <adconrad [at] 0c3> Sun, 06 Feb 2005 08:24:56 -0700
+
+
+Problems starting apache2 with php5
+----------------------------------
+
+ At the time of writing, there are no *known* incompatibilities
+ between any of the php5 modules we ship. However, there have been
+ many bug reports in the past due to dynamically-loaded extensions,
+ and it's possible there are still bugs in the released packages. If
+ Apache fails to start after you install php5, check your list of
+ enabled extensions at the bottom of /etc/php5/apache2/php.ini (and in
+ the per-sapi configuration directory), and try commenting out or
+ reordering the extensions until you find a combination that works.
+
+ For example, in the past the mhash extension was incompatible with
+ some other common extensions. To work around this, you could list
+ the mhash extension first in php.ini.
+
+ If you find an extension-related bug in the Debian packages, and you
+ are willing to help debug the problem, please send us a bug report
+ that lists all enabled PHP5 extensions (extension=), in the order
+ in which they appear in php.ini, as well as all enabled Apache modules
+ (LoadModule), with version numbers where possible.
+
+Steve Langasek <vorlon [at] debian> Fri, 26 Apr 2002 13:39:00 -0500
+
+
+Session storage
+---------------
+
+ Session files are stored in /var/lib/php5. For security purposes, this
+ directory is unreadable by non-root users. This means that php5 running
+ from apache2, for example, will not be able to clean up stale session
+ files. Instead, we have a cron job run every 30 mins that cleans up
+ stale session files; /etc/cron.d/php5. You may need to modify how
+ often this runs, if you've modified session.gc_maxlifetime in your
+ php.ini; otherwise, it may be too lax or overly aggressive in cleaning
+ out stale session files.
+
+Andres Salomon <dilinger [at] debian> Fri, 03 Sep 2004 03:12:54 -0400
+
+
+Other caveats
+-------------
+
+ * extension_dir and include_path should be commented out, if you don't need
+ special settings for them so php will look in compiled-in paths. If you set
+ them, you should also add appropriate php install directories there.
+
+php5-cgi and apache2
+---------------------------
+
+In 99% of cases, what you probably want isn't php5-cgi at all, but rather
+the libapache2-mod-php5 package, which will configure themselves on
+installation and Just Work(tm). If, however, you have a need to use
+the CGI version of php5 with apache2, the following should help
+get you going, though there are dozens of different ways to do this.
+
+Please note that this process will never be made automatic, as php5-cgi
+is meant to be a webserver-agnostic package that can be used with any
+httpd, and we don't want it to conflict with the httpd-specific packages
+such as libapache2-mod-php5. If both were installed side-by-side and both
+were automatically enabled, the results would be a bit confusing, obviously.
+
+To use php5-cgi with apache2
+ 1) activate CGI (it's on by default in default debian setups)
+ a) If using the prefork MPM, use 'a2enmod cgi'
+ b) If using a threaded MPM, use 'a2enmod cgid'
+ 2) activate mod_actions (a2enmod actions)
+ 3) Add the following to a config snippet in /etc/apache2/conf.d
+ <IfModule mod_actions.c>
+ Action application/x-httpd-php /cgi-bin/php5
+ </IfModule>
+
+Adam Conrad <adconrad [at] 0c3> Sat, 04 Sep 2004 23:04:26 -0600
+
+Restarting your web server after installing modules
+---------------------------------------------------------------------
+
+Many of the php modules (php5-mysql, for example) require that you
+restart your webserver after installation. This currently isn't
+done automatically, so changes won't take affect until you run
+/etc/init.d/apache2 reload or your webserver's equivalent (some cases
+may need to use "restart" instead of "reload" too)
+
+sean finney <seanius [at] debian> Sat, 09 Dec 2006 12:42:21 +0100
+
+Configuration Layout
+---------------------------------------------------------------------
+
+Each of the 3 SAPI's (apache2/cgi/cli) have a different
+central configuration file /etc/php5/$SAPI/php.ini.
+
+Additionally, each SAPI is configured with the compile-time option
+
+ --with-config-file-scan-dir=/etc/php5/$SAPI/conf.d
+
+which for all SAPI's is actually a symlink pointing to a central
+directory /etc/php5/conf.d. Any file found in this directory ending
+in .ini will be treated as a configuration file by the php SAPI.
+
+The rationale with this method is that each SAPI can thus be
+identically configured with a minimal amount of conffile handling,
+but at the same time if you want to have SAPI-specific configuration,
+you can just remove the symlink.
+
+sean finney <seanius [at] debian> Thu, 19 Oct 2006 23:33:05 +0200
+
+Further documentation, errata, etc
+---------------------------------------------------------------------
+
+Errata and other general information about PHP in Debian can be found
+in the debian wiki at:
+
+ http://wiki.debian.org/PHP
+
+If after reading the documentation in this file you still have unanswered
+questions, that's a good next place to go.
+
+sean finney <seanius [at] debian> Thu, 19 Oct 2006 22:57:52 +0200

Added: trunk/debs/php5/debian/php5-common.TODO
===================================================================
--- trunk/debs/php5/debian/php5-common.TODO (rev 0)
+++ trunk/debs/php5/debian/php5-common.TODO 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,7 @@
+- Debconf: support removing of extension lines from php.ini on
+ dpkg-reconfigure, not just adding. Adjust wording of debconf template
+ to match.
+- move default config files out of /usr/share/doc/php5/examples, per
+ policy
+- more modules
+- roxen support (oh my)

Added: trunk/debs/php5/debian/php5-common.dirs
===================================================================
--- trunk/debs/php5/debian/php5-common.dirs (rev 0)
+++ trunk/debs/php5/debian/php5-common.dirs 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,8 @@
+/usr/lib/php5/libexec
+/usr/share/lintian/overrides
+/usr/share/doc/php5-common/examples
+/usr/share/doc/php5-common/PEAR
+/usr/share/php5
+/var/lib/php5
+/usr/lib/php5
+/etc/php5/conf.d

Added: trunk/debs/php5/debian/php5-common.docs
===================================================================
--- trunk/debs/php5/debian/php5-common.docs (rev 0)
+++ trunk/debs/php5/debian/php5-common.docs 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,10 @@
+CREDITS
+EXTENSIONS
+TODO
+CODING_STANDARDS
+README.CVS-RULES
+README.EXT_SKEL
+README.SELF-CONTAINED-EXTENSIONS
+README.Zeus
+README.PHP4-TO-PHP5-THIN-CHANGES
+debian/README.Debian.security

Added: trunk/debs/php5/debian/php5-common.php5.cron.d
===================================================================
--- trunk/debs/php5/debian/php5-common.php5.cron.d (rev 0)
+++ trunk/debs/php5/debian/php5-common.php5.cron.d 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,7 @@
+# /etc/cron.d/php5: crontab fragment for php5
+# This purges session files older than X, where X is defined in seconds
+# as the largest value of session.gc_maxlifetime from all your php.ini
+# files, or 24 minutes if not defined. See /usr/lib/php5/maxlifetime
+
+# Look for and purge old sessions every 30 minutes
+09,39 * * * * root [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm

Added: trunk/debs/php5/debian/php5-common.postrm
===================================================================
--- trunk/debs/php5/debian/php5-common.postrm (rev 0)
+++ trunk/debs/php5/debian/php5-common.postrm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,12 @@
+#! /bin/bash
+
+set -e
+
+if [ "$1" = "purge" ]
+then
+ rm -rf /var/lib/php5
+fi
+
+#DEBHELPER#
+
+exit 0

Added: trunk/debs/php5/debian/php5-dev.dirs
===================================================================
--- trunk/debs/php5/debian/php5-dev.dirs (rev 0)
+++ trunk/debs/php5/debian/php5-dev.dirs 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1 @@
+/usr/bin

Added: trunk/debs/php5/debian/php5-dev.files
===================================================================
--- trunk/debs/php5/debian/php5-dev.files (rev 0)
+++ trunk/debs/php5/debian/php5-dev.files 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,6 @@
+usr/bin/php-config
+usr/bin/phpize
+usr/share/man/man1/php-config.1
+usr/share/man/man1/phpize.1
+usr/include
+usr/lib/php5/build

Added: trunk/debs/php5/debian/php5-dev.postinst
===================================================================
--- trunk/debs/php5/debian/php5-dev.postinst (rev 0)
+++ trunk/debs/php5/debian/php5-dev.postinst 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "configure" ]; then
+ exit 0
+fi
+
+for i in php-config phpize; do
+ update-alternatives \
+ --install /usr/bin/"$i" $i /usr/bin/"$i"5 50 \
+ --slave /usr/share/man/man1/"$i".1.gz "$i".1.gz /usr/share/man/man1/"$i"5.1.gz
+done
+
+exit 0

Added: trunk/debs/php5/debian/php5-dev.prerm
===================================================================
--- trunk/debs/php5/debian/php5-dev.prerm (rev 0)
+++ trunk/debs/php5/debian/php5-dev.prerm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+#DEBHELPER#
+
+if [ "$1" != "remove" -a "$1" != "purge" ]; then
+ exit 0
+fi
+
+for i in php-config phpize; do
+ update-alternatives --remove $i /usr/bin/"$i"5
+done
+
+exit 0

Added: trunk/debs/php5/debian/php5-module.ini
===================================================================
--- trunk/debs/php5/debian/php5-module.ini (rev 0)
+++ trunk/debs/php5/debian/php5-module.ini 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,2 @@
+# configuration for php @extname@ module
+extension=@dsoname@.so

Added: trunk/debs/php5/debian/php5-module.postinst
===================================================================
--- trunk/debs/php5/debian/php5-module.postinst (rev 0)
+++ trunk/debs/php5/debian/php5-module.postinst 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+# here we test for upgrades from versions prior to the config-file-scan-dir
+# migration.
+#
+# to avoid lots of scary warnings about duplicate-loaded modules, each
+# module will remove its "extension=" line from each SAPI's php.ini file
+# when upgrading from a "prior version". this will be the last time we
+# ever muck with such files in maintainer scripts. really. promise :)
+
+if [ "$2" ] && dpkg --compare-versions "$2" lt "5.1.6-5"; then
+ extension_re='^[[:space:]]*extension[[:space:]]*=[[:space:]]*@dsoname@\.so$'
+ for SAPI in apache apache2 cgi cli; do
+ ini_file="/etc/php5/$SAPI/php.ini"
+ if [ -f "$ini_file" ]; then
+ if grep -q "$extension_re" $ini_file; then
+ sed -i -e "/$extension_re/d" $ini_file
+ fi
+ fi
+ done
+fi
+
+#EXTRA#
+#DEBHELPER#
+

Added: trunk/debs/php5/debian/php5-sapi.links
===================================================================
--- trunk/debs/php5/debian/php5-sapi.links (rev 0)
+++ trunk/debs/php5/debian/php5-sapi.links 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1 @@
+etc/php5/conf.d etc/php5/@sapi@/conf.d

Added: trunk/debs/php5/debian/php5-sapi.postrm
===================================================================
--- trunk/debs/php5/debian/php5-sapi.postrm (rev 0)
+++ trunk/debs/php5/debian/php5-sapi.postrm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,18 @@
+#! /bin/sh
+
+set -e
+
+phpini=/etc/php5/@sapi@/php.ini
+
+case "$1" in
+purge)
+ if which ucf >/dev/null 2>&1; then
+ ucf --purge $phpini
+ fi
+ rm -f $phpini
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0

Added: trunk/debs/php5/debian/php5-sybase.postinst.extra
===================================================================
--- trunk/debs/php5/debian/php5-sybase.postinst.extra (rev 0)
+++ trunk/debs/php5/debian/php5-sybase.postinst.extra 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,6 @@
+OLD_CONFFILE=/etc/php5/conf.d/sybase_ct.ini
+if [ -e "$OLD_CONFFILE" ] && dpkg --compare-versions "$2" lt-nl 5.2.3-2
+then
+ rm $OLD_CONFFILE
+fi
+

Added: trunk/debs/php5/debian/php5-sybase.postrm
===================================================================
--- trunk/debs/php5/debian/php5-sybase.postrm (rev 0)
+++ trunk/debs/php5/debian/php5-sybase.postrm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+NEW_CONFFILE=/etc/php5/conf.d/mssql.ini
+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 5.2.3-2
+then
+ rm $NEW_CONFFILE
+fi
+
+#DEBHELPER#

Added: trunk/debs/php5/debian/php5-sybase.preinst
===================================================================
--- trunk/debs/php5/debian/php5-sybase.preinst (rev 0)
+++ trunk/debs/php5/debian/php5-sybase.preinst 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+OLD_CONFFILE=/etc/php5/conf.d/sybase_ct.ini
+NEW_CONFFILE=/etc/php5/conf.d/mssql.ini
+if [ -e "$OLD_CONFFILE" ] && dpkg --compare-versions "$2" lt-nl 5.2.3-2
+then
+ sed -e's/\(extension=[[:space:]]*\)sybase_ct\.so/\1mssql.so/' \
+ $OLD_CONFFILE > $NEW_CONFFILE
+fi
+
+#DEBHELPER#

Added: trunk/debs/php5/debian/php5-sybase.prerm
===================================================================
--- trunk/debs/php5/debian/php5-sybase.prerm (rev 0)
+++ trunk/debs/php5/debian/php5-sybase.prerm 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+OLD_CONFFILE=/etc/php5/conf.d/sybase_ct.ini
+NEW_CONFFILE=/etc/php5/conf.d/mssql.ini
+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt 5.2.3-2
+then
+ sed -e's/\(extension=[[:space:]]*\)mssql\.so/\1sybase_ct.so/' \
+ $NEW_CONFFILE > $OLD_CONFFILE
+fi
+
+#DEBHELPER#

Added: trunk/debs/php5/debian/php5.lintian-overrides
===================================================================
--- trunk/debs/php5/debian/php5.lintian-overrides (rev 0)
+++ trunk/debs/php5/debian/php5.lintian-overrides 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1 @@
+php5-common: non-standard-dir-perm var/lib/php5/ 1733 != 0755

Added: trunk/debs/php5/debian/rules
===================================================================
--- trunk/debs/php5/debian/rules (rev 0)
+++ trunk/debs/php5/debian/rules 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,512 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 by Joey Hess.
+#
+# This version is for a hypothetical package that builds an
+# architecture-dependant package, as well as an architecture-independent
+# package.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+# Set this flag to 'yes' if you want to disable all modifications breaking abi
+# compatibility to upstream
+PHP5_COMPAT=no
+
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+DEB_BUILD_ARCH ?= $(shell dpkg-architecture -qDEB_BUILD_ARCH)
+
+PHP5_HOST_GNU_TYPE = $(subst gnulp,gnu,$(DEB_HOST_GNU_TYPE))
+PHP5_BUILD_GNU_TYPE = $(subst gnulp,gnu,$(DEB_BUILD_GNU_TYPE))
+
+PHP5_HOST_GNU_TYPE := $(shell echo $(PHP5_HOST_GNU_TYPE) | sed 's/-gnu$$//')
+PHP5_BUILD_GNU_TYPE := $(shell echo $(PHP5_BUILD_GNU_TYPE) | sed 's/-gnu$$//')
+
+PHP5_SOURCE_VERSION = $(shell dpkg-parsechangelog | grep ^Version | sed "s/Version: //")
+PHP5_UPSTREAM_VERSION = $(shell echo $(PHP5_SOURCE_VERSION) | sed -e "s/-.*//" -e "s/.*://")
+PHP5_DEBIAN_REVISION = $(shell echo $(PHP5_SOURCE_VERSION) | sed "s/.*-//")
+
+
+PROG_SENDMAIL = /usr/sbin/sendmail
+CFLAGS = -O2 -Wall -fsigned-char -fno-strict-aliasing
+# LFS support
+ifneq (yes,$(PHP5_COMPAT))
+ CFLAGS += $(shell getconf LFS_CFLAGS)
+endif
+
+# Enable IEEE-conformant floating point math on alphas (not the default)
+ifeq (alpha-linux,$(PHP5_HOST_GNU_TYPE))
+ CFLAGS += -mieee
+endif
+
+ifeq ($(PHP5_HOST_GNU_TYPE), $(findstring $(PHP5_HOST_GNU_TYPE), ia64-linux powerpc64-linux))
+ CFLAGS += -g
+else
+ CFLAGS += -gstabs
+endif
+
+ifneq (nostrip, $(findstring nostrip, $(DEB_BUILD_OPTIONS)))
+ install_strip = -s
+endif
+
+# Old magic.mime location:
+ifeq ($(wildcard /usr/share/misc/file/magic.mime), /usr/share/misc/file/magic.mime)
+MAGIC_MIME = /usr/share/misc/file/magic.mime
+endif
+# New magic.mime location:
+ifeq ($(wildcard /usr/share/file/magic.mime), /usr/share/file/magic.mime)
+MAGIC_MIME = /usr/share/file/magic.mime
+endif
+
+COMMON_CONFIG=--build=$(PHP5_BUILD_GNU_TYPE)-gnu \
+ --host=$(PHP5_HOST_GNU_TYPE)-gnu \
+ --mandir=/usr/share/man \
+ --enable-memory-limit \
+ --disable-debug \
+ --with-regex=php \
+ --disable-rpath \
+ --disable-static \
+ --with-pic \
+ --with-layout=GNU \
+ --with-pear=/usr/share/php \
+ --enable-calendar \
+ --enable-sysvsem \
+ --enable-sysvshm \
+ --enable-sysvmsg \
+ --enable-track-vars \
+ --enable-trans-sid \
+ --enable-bcmath \
+ --with-bz2 \
+ --enable-ctype \
+ --with-db4 \
+ --without-gdbm \
+ --with-iconv \
+ --enable-exif \
+ --enable-filepro \
+ --enable-ftp \
+ --with-gettext \
+ --enable-mbstring \
+ --with-pcre-regex=/usr \
+ --enable-shmop \
+ --enable-sockets \
+ --enable-wddx \
+ --with-libxml-dir=/usr \
+ --with-zlib \
+ --with-kerberos=/usr \
+ --with-openssl=/usr \
+ --enable-dbx \
+ --enable-soap \
+ --enable-zip \
+ --with-mime-magic=$(MAGIC_MIME) \
+ --with-exec-dir=/usr/lib/php5/libexec \
+ --with-system-tzdata
+
+BUILTIN_EXTENSION_CHECK=$$e=get_loaded_extensions(); natcasesort($$e); \
+ $$s="The following extensions are built in:"; \
+ foreach($$e as $$i) { $$s .= " $$i"; } \
+ echo("php:Extensions=" . wordwrap($$s . ".\n", 75, "\$${Newline} "));
+
+# include the patch/unpatch rules from quilt
+include /usr/share/quilt/quilt.make
+
+prepared: prepared-stamp
+prepared-stamp: $(QUILT_STAMPFN)
+ dh_testdir
+ sed -i -e 's/EXTRA_VERSION=""/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/' configure.in
+ rm -f aclocal.m4 config.sub config.guess ltmain.sh
+ ./buildconf --force
+ touch prepared-stamp
+
+unprepared:
+ dh_testdir
+ sed -i -e 's/EXTRA_VERSION="-$(PHP5_DEBIAN_REVISION)"/EXTRA_VERSION=""/' configure.in
+ rm -f configure aclocal.m4 config.sub config.guess ltmain.sh
+ rm -f build/libtool.m4 main/php_config.h.in
+ rm -f prepared-stamp
+
+test-results.txt:
+ mkdir -p temp_session_store
+ env NO_INTERACTION=1 TEST_PHP_CGI_EXECUTABLE=./cgi-build/sapi/cgi/cgi-bin.php5 TEST_PHP_EXECUTABLE=./apache2-build/sapi/cli/php ./apache2-build/sapi/cli/php run-tests.php > test-results.txt
+ rm -rf temp_session_store
+ cat test-results.txt
+
+build: build-apache2-stamp build-cgi-stamp build-cli-stamp build-pear-stamp test-results.txt
+
+build-apache2-stamp: configure-apache2-stamp
+ dh_testdir
+ cd apache2-build && $(MAKE)
+
+ touch build-apache2-stamp
+
+build-cli-stamp: configure-cli-stamp
+ dh_testdir
+ cd cli-build && $(MAKE)
+
+ touch build-cli-stamp
+
+
+build-cgi-stamp: configure-cgi-stamp
+ dh_testdir
+ cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/cgi-bin.php5
+
+ # Dirty hack to not rebuild everything twice
+ cd cgi-build/main && \
+ sed -i -e 's/FORCE_CGI_REDIRECT 1/FORCE_CGI_REDIRECT 0/' \
+ -e 's/DISCARD_PATH 0/DISCARD_PATH 1/' php_config.h && \
+ sed -i -e 's/--enable-force-cgi-redirect/--enable-discard-path/' build-defs.h && \
+ touch ../../ext/standard/info.c && \
+ touch ../../sapi/cgi/cgi_main.c
+
+ cd cgi-build && $(MAKE) && mv sapi/cgi/php-cgi sapi/cgi/usr.bin.php5-cgi
+
+ touch build-cgi-stamp
+
+build-pear-stamp: build-cgi-stamp
+ dh_testdir
+ -mkdir pear-build
+ cd cgi-build && make install-pear PHP_PEAR_PHP_BIN=/usr/bin/php PHP_PEAR_INSTALL_DIR=/usr/share/php PHP_PEAR_SYSCONF_DIR=/etc/pear PHP_PEAR_SIG_BIN=/usr/bin/gpg INSTALL_ROOT=$(CURDIR)/pear-build
+ sed -i -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \
+ $(CURDIR)/pear-build/usr/bin/pear && \
+ sed -i -e 's/-d output_buffering=1 -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \
+ $(CURDIR)/pear-build/usr/bin/pecl && \
+ sed -i -e 's/-d memory_limit="-1"//' \
+ -e 's/-d output_buffering=1 -d open_basedir="" -d safe_mode=0/-d output_buffering=1 -d open_basedir="" -d safe_mode=0 -d memory_limit="-1"/' \
+ $(CURDIR)/pear-build/usr/bin/peardev
+ touch build-pear-stamp
+
+configure: configure-apache2-stamp configure-cli-stamp configure-cgi-stamp
+
+configure-apache2-stamp: prepared-stamp
+ dh_testdir
+ if [ -d apache2-build ]; then rm -rf apache2-build; fi
+ -mkdir apache2-build
+ cd apache2-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --with-apxs2=/usr/bin/apxs2 \
+ --with-config-file-path=/etc/php5/apache2 \
+ --with-config-file-scan-dir=/etc/php5/apache2/conf.d \
+ $(COMMON_CONFIG) \
+ --without-mm \
+ --with-curl=shared,/usr \
+ --with-zlib-dir=/usr \
+ --with-gd=shared,/usr --enable-gd-native-ttf \
+ --with-gmp=shared,/usr \
+ --with-jpeg-dir=shared,/usr \
+ --with-xpm-dir=shared,/usr/X11R6 \
+ --with-png-dir=shared,/usr \
+ --with-freetype-dir=shared,/usr \
+ --with-ttf=shared,/usr \
+ --with-t1lib=shared,/usr \
+ --with-ldap=shared,/usr \
+ --with-ldap-sasl=/usr \
+ --with-mhash=shared,/usr \
+ --with-mysql=shared,/usr \
+ --with-mysqli=shared,/usr/bin/mysql_config \
+ --with-pspell=shared,/usr \
+ --with-unixODBC=shared,/usr \
+ --with-recode=shared,/usr \
+ --with-xsl=shared,/usr \
+ --with-snmp=shared,/usr \
+ --with-sqlite=shared,/usr \
+ --with-mssql=shared,/usr \
+ --with-tidy=shared,/usr \
+ --with-xmlrpc=shared \
+ --with-pgsql=shared,/usr PGSQL_INCLUDE=`pg_config --includedir` \
+ --enable-pdo=shared \
+ --without-pdo-dblib \
+ --with-pdo-mysql=shared,/usr \
+ --with-pdo-odbc=shared,unixODBC,/usr \
+ --with-pdo-pgsql=shared,/usr/bin/pg_config \
+ --with-pdo-sqlite=shared,/usr \
+ --with-pdo-dblib=shared,/usr
+ cd apache2-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-apache2-stamp
+
+configure-cgi-stamp: prepared-stamp
+ dh_testdir
+ if [ -d cgi-build ]; then rm -rf cgi-build; fi
+ -mkdir cgi-build
+ cd cgi-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --enable-force-cgi-redirect --enable-fastcgi \
+ --with-config-file-path=/etc/php5/cgi \
+ --with-config-file-scan-dir=/etc/php5/cgi/conf.d \
+ $(COMMON_CONFIG) \
+ --without-mm \
+ --disable-pdo \
+ --without-mysql --without-sybase-ct --without-mssql \
+ --without-sqlite
+ cd cgi-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-cgi-stamp
+
+configure-cli-stamp: prepared-stamp
+ dh_testdir
+ if [ -d cli-build ]; then rm -rf cli-build; fi
+ -mkdir cli-build
+ cd cli-build && \
+ CFLAGS="$(CFLAGS)" PROG_SENDMAIL="$(PROG_SENDMAIL)" ../configure \
+ --prefix=/usr --disable-cgi \
+ --with-config-file-path=/etc/php5/cli \
+ --with-config-file-scan-dir=/etc/php5/cli/conf.d \
+ $(COMMON_CONFIG) \
+ --with-libedit \
+ --without-mm \
+ --disable-pdo \
+ --without-mysql --without-sybase-ct --without-sqlite \
+ --without-mssql --enable-pcntl \
+ --with-ncurses=/usr
+ cd cli-build && \
+ cp ../Zend/zend_ini_scanner.c ../Zend/zend_language_scanner.c \
+ ../Zend/zend_ini_parser.h ../Zend/zend_language_parser.h \
+ ../Zend/zend_ini_parser.c ../Zend/zend_language_parser.c \
+ Zend/
+ touch configure-cli-stamp
+
+clean: unprepared unpatch
+ dh_testdir
+ dh_testroot
+
+
+ rm -f configure-apache2-stamp build-apache2-stamp
+ rm -f configure-cgi-stamp build-cgi-stamp
+ rm -f configure-cli-stamp build-cli-stamp
+ rm -f build-pear-stamp
+ rm -f install-stamp
+ rm -rf apache2-build
+ rm -rf cgi-build
+ rm -rf cli-build
+ rm -rf pear-build
+ rm -f debian/copyright
+ rm -f test-results.txt
+ dh_clean
+ # clean up autogenerated cruft
+ cat debian/modulelist | while read package extname dsoname; do \
+ rm -f debian/php5-$$package.postinst; \
+ done
+ for sapi in libapache2-mod-php5 php5-cgi php5-cli; do \
+ for cruft in postrm links; do \
+ rm -f debian/$${sapi}.$${cruft}; \
+ done; \
+ done
+
+install: DH_OPTIONS=
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ chmod 01733 debian/php5-common/var/lib/php5
+
+ # Add here commands to install the package into debian/php5.
+ # install apache2 DSO module
+ cp apache2-build/.libs/libphp5.so \
+ debian/libapache2-mod-php5/`apxs2 -q LIBEXECDIR`/
+ cp debian/libapache2-mod-php5.load \
+ debian/libapache2-mod-php5/etc/apache2/mods-available/php5.load
+ cp debian/libapache2-mod-php5.conf \
+ debian/libapache2-mod-php5/etc/apache2/mods-available/php5.conf
+
+ # sanitize php.ini file
+ # memory_limit: 16M for cgi/apache; 32M for cli
+ cat php.ini-dist | tr "\t" " " | sed -e'/memory_limit =/ s/\b128M/16M/g' > debian/php5-common/usr/share/php5/php.ini-dist
+ cat php.ini-dist | tr "\t" " " | sed -e'/memory_limit =/ s/\b128M/32M/g' > debian/php5-common/usr/share/php5/php.ini-dist.cli
+ cat php.ini-dist | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-dist
+ cat php.ini-recommended | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-recommended
+ cat php.ini-paranoid | tr "\t" " " > debian/php5-common/usr/share/doc/php5-common/examples/php.ini-paranoid
+ cp test-results.txt debian/php5-common/usr/share/doc/php5-common/
+
+ # install the apache modules' files
+ cd apache2-build && make install-headers install-build install-modules install-programs INSTALL_ROOT=$(CURDIR)/debian/libapache2-mod-php5
+ # remove netware and win32 headers that we don't want
+ cd debian/libapache2-mod-php5/usr/include/php5/ && \
+ rm -f TSRM/readdir.h \
+ TSRM/tsrm_config.{nw,w32}.h \
+ TSRM/tsrm_{nw,win32}.h \
+ Zend/zend_config.{nw,w32}.h \
+ main/config.{nw,w32}.h \
+ main/win95nt.h
+
+ # install PEAR
+ cp -r pear-build/* debian/php-pear/
+
+ # install extensions
+ ext=`./debian/libapache2-mod-php5/usr/bin/php-config --extension-dir`;\
+ for i in libapache2-mod-php5 php5-cgi php5-cli; do \
+ mkdir -p debian/$$i/$${ext}; \
+ done; \
+ cat debian/modulelist debian/extramodulelist | while read package extname dsoname; do \
+ if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \
+ mkdir -p debian/php5-$$package$${ext}; \
+ chrpath debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \
+ chrpath -d debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \
+ install ${install_strip} -m 644 -o root -g root \
+ debian/libapache2-mod-php5/$${ext}/$$dsoname.so \
+ debian/php5-$$package$${ext}/$$dsoname.so; \
+ rm debian/libapache2-mod-php5/$${ext}/$$dsoname.so; \
+ done
+
+ # install CGI
+ cp cgi-build/sapi/cgi/cgi-bin.php5 debian/php5-cgi/usr/lib/cgi-bin/php5
+ cp cgi-build/sapi/cgi/usr.bin.php5-cgi debian/php5-cgi/usr/bin/php5-cgi
+ cp cli-build/sapi/cli/php.1 debian/php5-cgi/usr/share/man/man1/php5-cgi.1
+
+ # install CLI
+ cp cli-build/sapi/cli/php debian/php5-cli/usr/bin/php5
+ cp cli-build/sapi/cli/php.1 debian/php5-cli/usr/share/man/man1/php5.1
+
+ # move and install -dev files
+ dh_movefiles --sourcedir=debian/libapache2-mod-php5
+ rm -rf debian/libapache2-mod-php5/usr/lib/php5/build/ \
+ debian/libapache2-mod-php5/usr/include/ \
+ debian/libapache2-mod-php5/usr/bin/
+ for i in Makefile.global acinclude.m4 mkdep.awk phpize.m4 scan_makefile_in.awk; do \
+ chmod 644 debian/php5-dev/usr/lib/php5/build/$$i; \
+ done
+ # shipping duplicate files from other packages is hell for security audits
+ rm debian/php5-dev/usr/lib/php5/build/config.guess && \
+ ln -s ../../../share/misc/config.guess debian/php5-dev/usr/lib/php5/build/config.guess
+ rm debian/php5-dev/usr/lib/php5/build/config.sub && \
+ ln -s ../../../share/misc/config.sub debian/php5-dev/usr/lib/php5/build/config.sub
+ rm debian/php5-dev/usr/lib/php5/build/libtool.m4 && \
+ ln -s ../../../share/libtool/libtool.m4 debian/php5-dev/usr/lib/php5/build/libtool.m4
+ rm debian/php5-dev/usr/lib/php5/build/ltmain.sh && \
+ ln -s ../../../share/libtool/ltmain.sh debian/php5-dev/usr/lib/php5/build/ltmain.sh
+ rm debian/php5-dev/usr/lib/php5/build/shtool && \
+ ln -s ../../../bin/shtool debian/php5-dev/usr/lib/php5/build/shtool
+ # make php-dev stuff versioned
+ for i in php-config phpize; do \
+ mv debian/php5-dev/usr/bin/$$i debian/php5-dev/usr/bin/"$$i"5; \
+ mv debian/php5-dev/usr/share/man/man1/"$$i".1 debian/php5-dev/usr/share/man/man1/"$$i"5.1; \
+ done
+
+ # install common files
+ install -m755 debian/maxlifetime debian/php5-common/usr/lib/php5
+
+ # install lintian overrides
+ cp debian/php5.lintian-overrides $(CURDIR)/debian/php5-common/usr/share/lintian/overrides/php5-common
+
+ touch install-stamp
+
+# Build architecture-independent files here.
+# Pass -i to all debhelper commands in this target to reduce clutter.
+binary-indep: DH_OPTIONS=-i
+binary-indep: build install
+ # Need this version of debhelper for DH_OPTIONS to work.
+ dh_testdir
+ dh_testroot
+ cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright
+
+ dh_installdocs
+
+ for package in php5 php-pear; do \
+ rm -rf debian/$$package/usr/share/doc/$$package; \
+ ln -s php5-common debian/$$package/usr/share/doc/$$package; \
+ done
+
+ dh_link
+ dh_compress -Xphp.ini
+ dh_fixperms
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Build architecture-dependent files here.
+binary-arch: build install
+ # Need this version of debhelper for DH_OPTIONS to work.
+ dh_testdir
+ dh_testroot
+ # Do this first so we don't overwrite any debhelper-generated files
+ #
+ # generate the maintscripts for various php
+ # modules from the templates.
+ cat debian/modulelist | while read package extname dsoname; do \
+ if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \
+ sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g; \
+ /#EXTRA#/ r debian/php5-$${package}.postinst.extra" \
+ < debian/php5-module.postinst \
+ | sed -e'/#EXTRA#/ d' \
+ > debian/php5-$${package}.postinst; \
+ done
+
+ # generate the config snippets for various php
+ # modules from the templates.
+ cat debian/modulelist debian/extramodulelist | while read package extname dsoname; do \
+ if [ -z "$$dsoname" ]; then dsoname=$$package; fi; \
+ mkdir -p debian/php5-$$package/etc/php5/conf.d; \
+ sed -e"s/@extname@/$$extname/g; s/@dsoname@/$$dsoname/g" \
+ < debian/php5-module.ini \
+ > debian/php5-$${package}/etc/php5/conf.d/$${dsoname}.ini; \
+ done
+
+ # likewise, for the different sapi implementations
+ for tmpl in postrm links; do \
+ for sapi in apache2 cgi cli; do \
+ sed -e "s/@sapi@/$$sapi/g" \
+ < debian/php5-sapi.$$tmpl \
+ > debian/php5-$${sapi}.$$tmpl; \
+ done; \
+ mv debian/php5-apache2.$$tmpl debian/libapache2-mod-php5.$$tmpl; \
+ done
+
+ cat debian/copyright.header LICENSE Zend/LICENSE > debian/copyright
+ dh_installdocs -s
+
+ cat debian/modulelist | while read package extname dsoname; do \
+ rm -rf debian/php5-$$package/usr/share/doc/php5-$$package; \
+ ln -s php5-common debian/php5-$$package/usr/share/doc/php5-$$package; \
+ done
+
+ for package in php5-dev php5-cgi php5-cli libapache2-mod-php5; do \
+ rm -rf debian/$$package/usr/share/doc/$$package; \
+ ln -s php5-common debian/$$package/usr/share/doc/$$package; \
+ done
+ dh_installcron -pphp5-common --name=php5
+ dh_installchangelogs -pphp5-common NEWS
+ dh_strip -s
+ dh_link -s
+ dh_compress -s -Xphp.ini
+ dh_fixperms -s -X /var/lib/php5
+ mkdir -p debian/php5-common/usr/share/linda/overrides
+ echo "Tag: non-standard-dir-perm" >> debian/php5-common/usr/share/linda/overrides/php5-common
+ echo "Data: /var/lib/php5.*" >> debian/php5-common/usr/share/linda/overrides/php5-common
+ dh_installdeb -s
+ dh_shlibdeps -s
+
+ phpapi=`./debian/php5-dev/usr/bin/php-config5 --phpapi`; \
+ for i in libapache2-mod-php5 php5-cgi php5-cli; do \
+ echo "php:Provides=phpapi-$${phpapi}" >> debian/$$i.substvars; \
+ done; \
+ cat debian/modulelist | while read package extname dsoname; do \
+ echo "php:Depends=phpapi-$${phpapi}" >> debian/php5-$$package.substvars; \
+ done
+
+ for i in cgi cli; do \
+ "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \
+ >> debian/php5-"$$i".substvars; \
+ done
+ for i in apache2; do \
+ "$$i"-build/sapi/cli/php -n -r '$(BUILTIN_EXTENSION_CHECK)' \
+ >> debian/lib"$$i"-mod-php5.substvars; \
+ done
+
+ echo "apache2:Depends=apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk, apache2.2-common" >>debian/libapache2-mod-php5.substvars
+ dh_gencontrol -s
+ dh_md5sums -s
+ dh_builddeb -s
+
+binary: binary-arch binary-indep
+.PHONY: build clean binary-indep binary-arch binary install configure


Property changes on: trunk/debs/php5/debian/rules
___________________________________________________________________
Added: svn:executable
+ *

Added: trunk/debs/php5/debian/watch
===================================================================
--- trunk/debs/php5/debian/watch (rev 0)
+++ trunk/debs/php5/debian/watch 2009-09-13 12:54:44 UTC (rev 56258)
@@ -0,0 +1,2 @@
+version=2
+http://www.php.net/downloads.php /get/php-(5\.[0-9\.]*)\.tar\.gz/from/a/mirror



_______________________________________________
MediaWiki-CVS mailing list
MediaWiki-CVS [at] lists
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

Wikipedia mediawiki-cvs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.