UPDATE www/php

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

UPDATE www/php

???????? ??????
Hi,

Here is a diff for PHP 5.3.0. This diff just for testing.
Diff without suhosin path.

Removed extensions:
  - ncurses
  - mhash
  - pspell
  - dbase

Moved from core to shared extensions:
  - openssl
  - gettext
  - exif
  - sockets

New extensions:
  - pchar
  - fileinfo
  - enchant
  - sqlite3

Extensions mysql, mysqli and pdo_mysql now use mysqlnd.

Extension 'enchant' is not compile in ports ports/textproc/enchant and
'gmp' ports/devel/gmp too.

Release Announcement: http://php.net/releases/5_3_0.php

Tested on OpenBSD current amd64.

Any comments? :)

diff -uNr --exclude=CVS www/php5/Makefile.inc mystuff/www/php5/Makefile.inc
--- www/php5/Makefile.inc Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/Makefile.inc Wed Jul  8 15:29:59 2009
@@ -4,9 +4,7 @@
 # and has Apache that supports DSO's.
 NOT_FOR_ARCHS= ${NO_SHARED_ARCHS}
 
-V= 5.2.10
-SUHOSIN_V= 0.9.27
-SUHOSIN_P_V= 0.9.7
+V= 5.3.0
 
 DISTNAME?= php-${V}
 CATEGORIES= www lang
@@ -15,14 +13,10 @@
 HOMEPAGE= http://www.php.net/
 
 MASTER_SITES= http://us2.php.net/distributions/ \
- http://se.php.net/distributions/ \
+                        http://se.php.net/distributions/ \
  http://no.php.net/distributions/ \
  http://uk.php.net/distributions/
-MASTER_SITES0= http://blade2k.humppa.hu/ \
- http://download.suhosin.org/
 
-# UPGRADERS: please read BOTH the PHP and Zend licenses
-# and make sure they are safe before an upgrade
 PERMIT_PACKAGE_CDROM=   Yes
 PERMIT_PACKAGE_FTP=     Yes
 PERMIT_DISTFILES_CDROM= Yes
@@ -51,35 +45,18 @@
  EXTENSION_DIR=${MODULES_DIR}
 MAKE_ENV=               ${CONFIGURE_ENV}
 
-CONFIGURE_ARGS+= --enable-shared \
- --disable-static \
- --disable-rpath \
- --with-config-file-path=${PHP_CONFIG_PATH} \
- --enable-inline-optimization \
- --with-pic
+CONFIGURE_ARGS+=--disable-all \
+ --disable-static \
+ --disable-rpath \
+ --enable-shared \
+ --enable-inline-optimization \
+ --with-config-file-path=${PHP_CONFIG_PATH} \
+ --with-pic \
+ --with-apxs=/usr/sbin/apxs
 
-# default included extensions
-CONFIGURE_ARGS+= --with-openssl \
- --with-zlib
-
 REGRESS_TARGET= test
 REGRESS_FLAGS= NO_INTERACTION=1
 
 CHECKSUM_FILE= ${.CURDIR}/../distinfo
 PATCH_LIST= ${.CURDIR}/../patches/patch-* \
  patch-*
-
-PSEUDO_FLAVORS+= no_suhosin
-FLAVOR?=
-.if ${FLAVOR:L:Mno_suhosin}
-SUPDISTFILES= suhosin-${SUHOSIN_V}.tgz:0 \
- suhosin-patch-${V}-${SUHOSIN_P_V}-openbsd.patch.gz:0
-.else
-DISTFILES+= suhosin-${SUHOSIN_V}.tgz:0
-PATCHFILES= suhosin-patch-${V}-${SUHOSIN_P_V}-openbsd.patch.gz:0
-PATCH_DIST_STRIP= -p1
-CONFIGURE_ARGS+= --enable-suhosin
-
-post-patch:
- mv ${WRKDIR}/suhosin-${SUHOSIN_V} ${WRKSRC}/ext/suhosin
-.endif
diff -uNr --exclude=CVS www/php5/core/Makefile mystuff/www/php5/core/Makefile
--- www/php5/core/Makefile Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/core/Makefile Wed Jul  8 17:41:49 2009
@@ -11,31 +11,32 @@
 
 MULTI_PACKAGES= -main -fastcgi
 
-CONFIGURE_ARGS+=--with-apxs=/usr/sbin/apxs \
- --without-mysql \
- --enable-xml \
- --enable-wddx \
- --enable-cli \
+CONFIGURE_ARGS+=--with-config-file-scan-dir=${PHP_CONFIG_PATH}/php5 \
+ --with-pear=${LOCALBASE}/share/php5 \
  --with-iconv=${LOCALBASE} \
- --with-gettext=${LOCALBASE} \
+ --with-zlib \
+ --with-pcre-regex \
+ --with-mysql=shared,mysqlnd \
+ --enable-pdo \
  --enable-bcmath \
  --enable-session \
  --enable-calendar \
  --enable-ctype \
  --enable-ftp \
- --with-pcre-regex \
- --enable-sockets \
+ --enable-xml \
+ --enable-libxml \
+ --enable-wddx \
+ --enable-json \
+ --enable-filter \
+ --enable-hash \
+ --enable-dom \
+ --enable-posix \
+ --enable-xmlreader \
+ --enable-xmlwriter \
+ --enable-simplexml \
+ --enable-tokenizer \
  --enable-sysvsem \
- --enable-sysvshm \
- --enable-exif \
- --without-sqlite \
- --without-pdo-sqlite \
- --with-pear=${LOCALBASE}/share/php5 \
- --enable-fastcgi \
- --enable-force-cgi-redirect \
- --with-config-file-scan-dir=${PHP_CONFIG_PATH}/php5
-
-MODULES= devel/gettext
+ --enable-sysvshm
 
 # some variables to substitute
 SUBST_VARS= PHP_CONFIG_FILE PHP_CONFIG_PATH
@@ -69,7 +70,7 @@
  @perl -pi -e "s,!!PREFIX!!,${TRUEPREFIX},g" \
  ${PREFIX}/share/examples/php5/php5.conf
 
-.for i in dist recommended
+.for i in production development
  @sed -e 's,MODULES_DIR,${MODULES_DIR},' \
      -e 's,OPENBSD_INCLUDE_PATH,/pear/lib:${CHROOT_DIR}/pear/lib,' \
  <${WRKSRC}/php.ini-${i} \
diff -uNr --exclude=CVS www/php5/core/patches/patch-configure mystuff/www/php5/core/patches/patch-configure
--- www/php5/core/patches/patch-configure Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/core/patches/patch-configure Wed Jul  8 18:11:32 2009
@@ -0,0 +1,11 @@
+--- configure.orig Wed Jul  8 18:10:50 2009
++++ configure Wed Jul  8 18:11:09 2009
+@@ -96381,7 +96381,7 @@
+ echo "$ac_t""$ext_output" 1>&6
+
+
+-
++PHP_MYSQLND_ENABLED=yes
+
+ if test "$PHP_MYSQLND_ENABLED" = "yes"; then
+   mysqlnd_sources="mysqlnd.c mysqlnd_charset.c mysqlnd_wireprotocol.c \
diff -uNr --exclude=CVS www/php5/core/patches/patch-ext_spl_php_spl_c mystuff/www/php5/core/patches/patch-ext_spl_php_spl_c
--- www/php5/core/patches/patch-ext_spl_php_spl_c Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/core/patches/patch-ext_spl_php_spl_c Tue Jun 30 14:45:01 2009
@@ -0,0 +1,29 @@
+--- ext/spl/php_spl.c.orig Tue Jun 30 14:41:48 2009
++++ ext/spl/php_spl.c Tue Jun 30 14:42:14 2009
+@@ -708,7 +708,7 @@
+
+ PHPAPI void php_spl_object_hash(zval *obj, char *result TSRMLS_DC) /* {{{*/
+ {
+- intptr_t hash_handle, hash_handlers;
++ zend_intptr_t hash_handle, hash_handlers;
+ char *hex;
+
+ if (!SPL_G(hash_mask_init)) {
+@@ -716,13 +716,13 @@
+ php_mt_srand(GENERATE_SEED() TSRMLS_CC);
+ }
+
+- SPL_G(hash_mask_handle)   = (intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
+- SPL_G(hash_mask_handlers) = (intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
++ SPL_G(hash_mask_handle)   = (zend_intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
++ SPL_G(hash_mask_handlers) = (zend_intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
+ SPL_G(hash_mask_init) = 1;
+ }
+
+- hash_handle   = SPL_G(hash_mask_handle)^(intptr_t)Z_OBJ_HANDLE_P(obj);
+- hash_handlers = SPL_G(hash_mask_handlers)^(intptr_t)Z_OBJ_HT_P(obj);
++ hash_handle   = SPL_G(hash_mask_handle)^(zend_intptr_t)Z_OBJ_HANDLE_P(obj);
++ hash_handlers = SPL_G(hash_mask_handlers)^(zend_intptr_t)Z_OBJ_HT_P(obj);
+
+ spprintf(&hex, 32, "%016x%016x", hash_handle, hash_handlers);
+
diff -uNr --exclude=CVS www/php5/core/patches/patch-ext_spl_php_spl_h mystuff/www/php5/core/patches/patch-ext_spl_php_spl_h
--- www/php5/core/patches/patch-ext_spl_php_spl_h Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/core/patches/patch-ext_spl_php_spl_h Tue Jun 30 14:45:10 2009
@@ -0,0 +1,13 @@
+--- ext/spl/php_spl.h.orig Tue Jun 30 14:40:44 2009
++++ ext/spl/php_spl.h Tue Jun 30 14:41:24 2009
+@@ -65,8 +65,8 @@
+ HashTable *  autoload_functions;
+ int          autoload_running;
+ int          autoload_extensions_len;
+- intptr_t     hash_mask_handle;
+- intptr_t     hash_mask_handlers;
++ zend_intptr_t     hash_mask_handle;
++ zend_intptr_t     hash_mask_handlers;
+ int          hash_mask_init;
+ ZEND_END_MODULE_GLOBALS(spl)
+
diff -uNr --exclude=CVS www/php5/core/patches/patch-sapi_cgi_cgi_main_c mystuff/www/php5/core/patches/patch-sapi_cgi_cgi_main_c
--- www/php5/core/patches/patch-sapi_cgi_cgi_main_c Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/core/patches/patch-sapi_cgi_cgi_main_c Tue Jun 30 13:44:03 2009
@@ -0,0 +1,24 @@
+--- sapi/cgi/cgi_main.c.orig Wed Jun 17 23:28:52 2009
++++ sapi/cgi/cgi_main.c Tue Jun 30 13:43:12 2009
+@@ -1460,6 +1460,7 @@
+ char *orig_optarg = php_optarg;
+ char *script_file = NULL;
+ int ini_entries_len = 0;
++ char *ini;
+ /* end of temporary locals */
+
+ #ifdef ZTS
+@@ -1509,8 +1510,12 @@
+ tsrm_ls = ts_resource(0);
+ #endif
+
++ if ((ini = getenv("PHP_INI_PATH"))) {
++ cgi_sapi_module.php_ini_path_override = ini;
++ } else {
++ cgi_sapi_module.php_ini_path_override = NULL;
++ }
+ sapi_startup(&cgi_sapi_module);
+- cgi_sapi_module.php_ini_path_override = NULL;
+
+ #ifdef PHP_WIN32
+ _fmode = _O_BINARY; /* sets default for file streams to binary */
diff -uNr --exclude=CVS www/php5/core/patches/patch-sapi_cgi_config9_m4 mystuff/www/php5/core/patches/patch-sapi_cgi_config9_m4
--- www/php5/core/patches/patch-sapi_cgi_config9_m4 Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/core/patches/patch-sapi_cgi_config9_m4 Thu Jul  2 16:25:46 2009
@@ -1,7 +1,6 @@
-$OpenBSD: patch-sapi_cgi_config9_m4,v 1.4 2007/09/05 09:11:34 robert Exp $
---- sapi/cgi/config9.m4.orig Thu Jul 12 01:20:36 2007
-+++ sapi/cgi/config9.m4 Fri Aug 31 09:33:21 2007
-@@ -25,7 +25,6 @@ PHP_ARG_ENABLE(path-info-check,,
+--- sapi/cgi/config9.m4.orig Mon Oct  1 16:40:54 2007
++++ sapi/cgi/config9.m4 Thu Jul  2 15:56:41 2009
+@@ -8,7 +8,6 @@
  dnl
  dnl CGI setup
  dnl
@@ -9,17 +8,19 @@
    AC_MSG_CHECKING(whether to build CGI binary)
    if test "$PHP_CGI" != "no"; then
      AC_MSG_RESULT(yes)
-@@ -86,7 +85,8 @@ if test "$PHP_SAPI" = "default"; then
+@@ -54,8 +53,9 @@
 
      dnl Set install target and select SAPI
      INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
--    PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c,, '$(SAPI_CGI_PATH)')
-+    PHP_ADD_SOURCES(sapi/cgi, $PHP_FCGI_FILES cgi_main.c getopt.c,, cgi)
+-    PHP_SELECT_SAPI(cgi, program, cgi_main.c fastcgi.c,, '$(SAPI_CGI_PATH)')
+-
 +    PHP_ADD_SOURCES(/main, internal_functions.c,,cgi)
-
++    PHP_ADD_SOURCES(/sapi/cgi, $PHP_FCGI_FILES cgi_main.c fastcgi.c,, cgi)
++    
      case $host_alias in
        *aix*)
-@@ -96,17 +96,26 @@ if test "$PHP_SAPI" = "default"; then
+         BUILD_CGI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
+@@ -64,17 +64,26 @@
          BUILD_CGI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
        ;;
        *)
diff -uNr --exclude=CVS www/php5/core/patches/patch-sapi_cgi_main_c mystuff/www/php5/core/patches/patch-sapi_cgi_main_c
--- www/php5/core/patches/patch-sapi_cgi_main_c Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/core/patches/patch-sapi_cgi_main_c Thu Jan  1 03:00:00 1970
@@ -1,25 +0,0 @@
---- sapi/cgi/cgi_main.c.orig Tue Mar 10 20:48:33 2009
-+++ sapi/cgi/cgi_main.c Tue Mar 10 21:02:07 2009
-@@ -1323,7 +1323,7 @@ int main(int argc, char *argv[])
- char *orig_optarg = php_optarg;
- char *script_file = NULL;
- int ini_entries_len = 0;
--
-+ char *ini;
- /* end of temporary locals */
- #ifdef ZTS
- void ***tsrm_ls;
-@@ -1375,8 +1375,12 @@ int main(int argc, char *argv[])
- tsrm_ls = ts_resource(0);
- #endif
-
-+ if ((ini = getenv("PHP_INI_PATH"))) {
-+ cgi_sapi_module.php_ini_path_override = ini;
-+ } else {
-+ cgi_sapi_module.php_ini_path_override = NULL;
-+ }
- sapi_startup(&cgi_sapi_module);
-- cgi_sapi_module.php_ini_path_override = NULL;
-
- #ifdef PHP_WIN32
- _fmode = _O_BINARY; /* sets default for file streams to binary */
diff -uNr --exclude=CVS www/php5/core/pkg/DESCR-main mystuff/www/php5/core/pkg/DESCR-main
--- www/php5/core/pkg/DESCR-main Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/core/pkg/DESCR-main Thu Jul  2 17:26:30 2009
@@ -8,11 +8,3 @@
 
 This package installs a stand-alone binary which can be used for
 command-line scripts, as well as an Apache module.
-
-By default this port uses the suhosin patch.
-The suhosin patch adds security hardening features to PHP
-to protect your servers on the one hand against a number of
-well known problems in PHP applications and on the other hand
-against potential unknown vulnerabilities within those
-applications or the PHP core itself.
-http://www.hardened-php.net/suhosin/index.html
diff -uNr --exclude=CVS www/php5/core/pkg/PFRAG.no-no_suhosin-main mystuff/www/php5/core/pkg/PFRAG.no-no_suhosin-main
--- www/php5/core/pkg/PFRAG.no-no_suhosin-main Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/core/pkg/PFRAG.no-no_suhosin-main Thu Jan  1 03:00:00 1970
@@ -1,4 +0,0 @@
-@comment $OpenBSD: PFRAG.no-no_suhosin-main,v 1.1 2007/08/27 09:44:43 robert Exp $
-share/php5/include/main/suhosin_globals.h
-share/php5/include/main/suhosin_logo.h
-share/php5/include/main/suhosin_patch.h
diff -uNr --exclude=CVS www/php5/core/pkg/PLIST-main mystuff/www/php5/core/pkg/PLIST-main
--- www/php5/core/pkg/PLIST-main Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/core/pkg/PLIST-main Wed Jul  8 18:17:34 2009
@@ -11,8 +11,8 @@
 @man man/man1/php.1
 @man man/man1/phpize.1
 share/examples/php5/
-share/examples/php5/php.ini-dist
-share/examples/php5/php.ini-recommended
+share/examples/php5/php.ini-development
+share/examples/php5/php.ini-production
 @sample ${PHP_CONFIG_PATH}/php.ini
 share/examples/php5/php5.conf
 @sample ${PHP_CONFIG_PATH}/modules.sample/php5.conf
@@ -44,12 +44,13 @@
 share/php5/include/TSRM/tsrm_virtual_cwd.h
 share/php5/include/TSRM/tsrm_win32.h
 share/php5/include/Zend/
-share/php5/include/Zend/FlexLexer.h
 share/php5/include/Zend/acconfig.h
 share/php5/include/Zend/zend.h
 share/php5/include/Zend/zend_API.h
 share/php5/include/Zend/zend_alloc.h
+share/php5/include/Zend/zend_build.h
 share/php5/include/Zend/zend_builtin_functions.h
+share/php5/include/Zend/zend_closures.h
 share/php5/include/Zend/zend_compile.h
 share/php5/include/Zend/zend_config.h
 share/php5/include/Zend/zend_config.nw.h
@@ -61,6 +62,8 @@
 share/php5/include/Zend/zend_execute.h
 share/php5/include/Zend/zend_extensions.h
 share/php5/include/Zend/zend_fast_cache.h
+share/php5/include/Zend/zend_float.h
+share/php5/include/Zend/zend_gc.h
 share/php5/include/Zend/zend_globals.h
 share/php5/include/Zend/zend_globals_macros.h
 share/php5/include/Zend/zend_hash.h
@@ -69,11 +72,13 @@
 share/php5/include/Zend/zend_ini.h
 share/php5/include/Zend/zend_ini_parser.h
 share/php5/include/Zend/zend_ini_scanner.h
+share/php5/include/Zend/zend_ini_scanner_defs.h
 share/php5/include/Zend/zend_interfaces.h
 share/php5/include/Zend/zend_istdiostream.h
 share/php5/include/Zend/zend_iterators.h
 share/php5/include/Zend/zend_language_parser.h
 share/php5/include/Zend/zend_language_scanner.h
+share/php5/include/Zend/zend_language_scanner_defs.h
 share/php5/include/Zend/zend_list.h
 share/php5/include/Zend/zend_llist.h
 share/php5/include/Zend/zend_modules.h
@@ -105,6 +110,15 @@
 share/php5/include/ext/date/php_date.h
 share/php5/include/ext/dom/
 share/php5/include/ext/dom/xml_common.h
+share/php5/include/ext/ereg/
+share/php5/include/ext/ereg/php_ereg.h
+share/php5/include/ext/ereg/php_regex.h
+share/php5/include/ext/ereg/regex/
+share/php5/include/ext/ereg/regex/cclass.h
+share/php5/include/ext/ereg/regex/cname.h
+share/php5/include/ext/ereg/regex/regex.h
+share/php5/include/ext/ereg/regex/regex2.h
+share/php5/include/ext/ereg/regex/utils.h
 share/php5/include/ext/filter/
 share/php5/include/ext/filter/php_filter.h
 share/php5/include/ext/hash/
@@ -115,6 +129,7 @@
 share/php5/include/ext/hash/php_hash_haval.h
 share/php5/include/ext/hash/php_hash_md.h
 share/php5/include/ext/hash/php_hash_ripemd.h
+share/php5/include/ext/hash/php_hash_salsa.h
 share/php5/include/ext/hash/php_hash_sha.h
 share/php5/include/ext/hash/php_hash_snefru.h
 share/php5/include/ext/hash/php_hash_tiger.h
@@ -130,8 +145,28 @@
 share/php5/include/ext/iconv/php_iconv_supports_errno.h
 share/php5/include/ext/iconv/php_php_iconv_h_path.h
 share/php5/include/ext/iconv/php_php_iconv_impl.h
+share/php5/include/ext/json/
+share/php5/include/ext/json/php_json.h
 share/php5/include/ext/libxml/
 share/php5/include/ext/libxml/php_libxml.h
+share/php5/include/ext/mysqlnd/
+share/php5/include/ext/mysqlnd/config-win.h
+share/php5/include/ext/mysqlnd/mysqlnd.h
+share/php5/include/ext/mysqlnd/mysqlnd_block_alloc.h
+share/php5/include/ext/mysqlnd/mysqlnd_charset.h
+share/php5/include/ext/mysqlnd/mysqlnd_debug.h
+share/php5/include/ext/mysqlnd/mysqlnd_enum_n_def.h
+share/php5/include/ext/mysqlnd/mysqlnd_libmysql_compat.h
+share/php5/include/ext/mysqlnd/mysqlnd_palloc.h
+share/php5/include/ext/mysqlnd/mysqlnd_portability.h
+share/php5/include/ext/mysqlnd/mysqlnd_priv.h
+share/php5/include/ext/mysqlnd/mysqlnd_result.h
+share/php5/include/ext/mysqlnd/mysqlnd_result_meta.h
+share/php5/include/ext/mysqlnd/mysqlnd_statistics.h
+share/php5/include/ext/mysqlnd/mysqlnd_structs.h
+share/php5/include/ext/mysqlnd/mysqlnd_wireprotocol.h
+share/php5/include/ext/mysqlnd/php_mysqlnd.h
+share/php5/include/ext/mysqlnd/php_mysqlnd_config.h
 share/php5/include/ext/pcre/
 share/php5/include/ext/pcre/pcrelib/
 share/php5/include/ext/pcre/pcrelib/config.h
@@ -151,12 +186,14 @@
 share/php5/include/ext/spl/php_spl.h
 share/php5/include/ext/spl/spl_array.h
 share/php5/include/ext/spl/spl_directory.h
+share/php5/include/ext/spl/spl_dllist.h
 share/php5/include/ext/spl/spl_engine.h
 share/php5/include/ext/spl/spl_exceptions.h
+share/php5/include/ext/spl/spl_fixedarray.h
 share/php5/include/ext/spl/spl_functions.h
+share/php5/include/ext/spl/spl_heap.h
 share/php5/include/ext/spl/spl_iterators.h
 share/php5/include/ext/spl/spl_observer.h
-share/php5/include/ext/spl/spl_sxe.h
 share/php5/include/ext/standard/
 share/php5/include/ext/standard/base64.h
 share/php5/include/ext/standard/basic_functions.h
@@ -164,6 +201,7 @@
 share/php5/include/ext/standard/credits.h
 share/php5/include/ext/standard/credits_ext.h
 share/php5/include/ext/standard/credits_sapi.h
+share/php5/include/ext/standard/crypt_freesec.h
 share/php5/include/ext/standard/css.h
 share/php5/include/ext/standard/cyr_convert.h
 share/php5/include/ext/standard/datetime.h
@@ -184,6 +222,7 @@
 share/php5/include/ext/standard/php_assert.h
 share/php5/include/ext/standard/php_browscap.h
 share/php5/include/ext/standard/php_crypt.h
+share/php5/include/ext/standard/php_crypt_r.h
 share/php5/include/ext/standard/php_dir.h
 share/php5/include/ext/standard/php_ext_syslog.h
 share/php5/include/ext/standard/php_filestat.h
@@ -209,7 +248,6 @@
 share/php5/include/ext/standard/php_versioning.h
 share/php5/include/ext/standard/proc_open.h
 share/php5/include/ext/standard/quot_print.h
-share/php5/include/ext/standard/reg.h
 share/php5/include/ext/standard/scanf.h
 share/php5/include/ext/standard/sha1.h
 share/php5/include/ext/standard/streamsfuncs.h
@@ -217,6 +255,7 @@
 share/php5/include/ext/standard/url.h
 share/php5/include/ext/standard/url_scanner.h
 share/php5/include/ext/standard/url_scanner_ex.h
+share/php5/include/ext/standard/winver.h
 share/php5/include/ext/xml/
 share/php5/include/ext/xml/expat_compat.h
 share/php5/include/ext/xml/php_xml.h
@@ -224,7 +263,6 @@
 share/php5/include/main/
 share/php5/include/main/SAPI.h
 share/php5/include/main/build-defs.h
-share/php5/include/main/config.w32.h
 share/php5/include/main/fopen_wrappers.h
 share/php5/include/main/logos.h
 share/php5/include/main/php.h
@@ -232,6 +270,7 @@
 share/php5/include/main/php_compat.h
 share/php5/include/main/php_config.h
 share/php5/include/main/php_content_types.h
+share/php5/include/main/php_getopt.h
 share/php5/include/main/php_globals.h
 share/php5/include/main/php_ini.h
 share/php5/include/main/php_logos.h
@@ -241,7 +280,6 @@
 share/php5/include/main/php_open_temporary_file.h
 share/php5/include/main/php_output.h
 share/php5/include/main/php_reentrancy.h
-share/php5/include/main/php_regex.h
 share/php5/include/main/php_scandir.h
 share/php5/include/main/php_streams.h
 share/php5/include/main/php_syslog.h
@@ -255,19 +293,13 @@
 share/php5/include/main/streams/
 share/php5/include/main/streams/php_stream_context.h
 share/php5/include/main/streams/php_stream_filter_api.h
+share/php5/include/main/streams/php_stream_glob_wrapper.h
 share/php5/include/main/streams/php_stream_mmap.h
 share/php5/include/main/streams/php_stream_plain_wrapper.h
 share/php5/include/main/streams/php_stream_transport.h
 share/php5/include/main/streams/php_stream_userspace.h
 share/php5/include/main/streams/php_streams_int.h
-!%%no_suhosin%%
+share/php5/include/main/win32_internal_function_disabled.h
 share/php5/include/main/win95nt.h
-share/php5/include/regex/
-share/php5/include/regex/cclass.h
-share/php5/include/regex/cname.h
-share/php5/include/regex/regex.h
-share/php5/include/regex/regex2.h
-share/php5/include/regex/regex_extra.h
-share/php5/include/regex/utils.h
 @extraunexec rm -fr ${PHP_CONFIG_PATH}/php5/
 @unexec-delete rm -fr ${PHP_CONFIG_PATH}/php5.sample/
diff -uNr --exclude=CVS www/php5/core/pkg/PLIST-main.orig mystuff/www/php5/core/pkg/PLIST-main.orig
--- www/php5/core/pkg/PLIST-main.orig Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/core/pkg/PLIST-main.orig Sun Jul  5 15:13:34 2009
@@ -0,0 +1,287 @@
+@comment $OpenBSD: PLIST-main,v 1.10 2009/04/29 11:36:58 sthen Exp $
+@conflict php4-core-*
+@pkgpath www/php5/core
+@pkgpath www/php5/core,hardened
+%%SHARED%%
+@bin bin/php
+bin/php-config
+bin/phpize
+lib/php/
+@man man/man1/php-config.1
+@man man/man1/php.1
+@man man/man1/phpize.1
+share/examples/php5/
+share/examples/php5/php.ini-development
+share/examples/php5/php.ini-production
+@sample ${PHP_CONFIG_PATH}/php.ini
+share/examples/php5/php5.conf
+@sample ${PHP_CONFIG_PATH}/modules.sample/php5.conf
+@exec install -d ${PHP_CONFIG_PATH}/php5/
+@exec install -d ${PHP_CONFIG_PATH}/php5.sample/
+share/php5/
+share/php5/build/
+share/php5/build/Makefile.global
+share/php5/build/acinclude.m4
+share/php5/build/config.guess
+share/php5/build/config.sub
+share/php5/build/libtool.m4
+share/php5/build/ltmain.sh
+share/php5/build/mkdep.awk
+share/php5/build/phpize.m4
+share/php5/build/run-tests.php
+share/php5/build/scan_makefile_in.awk
+share/php5/build/shtool
+share/php5/include/
+share/php5/include/TSRM/
+share/php5/include/TSRM/TSRM.h
+share/php5/include/TSRM/acconfig.h
+share/php5/include/TSRM/readdir.h
+share/php5/include/TSRM/tsrm_config.h
+share/php5/include/TSRM/tsrm_config.w32.h
+share/php5/include/TSRM/tsrm_config_common.h
+share/php5/include/TSRM/tsrm_nw.h
+share/php5/include/TSRM/tsrm_strtok_r.h
+share/php5/include/TSRM/tsrm_virtual_cwd.h
+share/php5/include/TSRM/tsrm_win32.h
+share/php5/include/Zend/
+share/php5/include/Zend/acconfig.h
+share/php5/include/Zend/zend.h
+share/php5/include/Zend/zend_API.h
+share/php5/include/Zend/zend_alloc.h
+share/php5/include/Zend/zend_build.h
+share/php5/include/Zend/zend_builtin_functions.h
+share/php5/include/Zend/zend_closures.h
+share/php5/include/Zend/zend_compile.h
+share/php5/include/Zend/zend_config.h
+share/php5/include/Zend/zend_config.nw.h
+share/php5/include/Zend/zend_config.w32.h
+share/php5/include/Zend/zend_constants.h
+share/php5/include/Zend/zend_dynamic_array.h
+share/php5/include/Zend/zend_errors.h
+share/php5/include/Zend/zend_exceptions.h
+share/php5/include/Zend/zend_execute.h
+share/php5/include/Zend/zend_extensions.h
+share/php5/include/Zend/zend_fast_cache.h
+share/php5/include/Zend/zend_float.h
+share/php5/include/Zend/zend_gc.h
+share/php5/include/Zend/zend_globals.h
+share/php5/include/Zend/zend_globals_macros.h
+share/php5/include/Zend/zend_hash.h
+share/php5/include/Zend/zend_highlight.h
+share/php5/include/Zend/zend_indent.h
+share/php5/include/Zend/zend_ini.h
+share/php5/include/Zend/zend_ini_parser.h
+share/php5/include/Zend/zend_ini_scanner.h
+share/php5/include/Zend/zend_ini_scanner_defs.h
+share/php5/include/Zend/zend_interfaces.h
+share/php5/include/Zend/zend_istdiostream.h
+share/php5/include/Zend/zend_iterators.h
+share/php5/include/Zend/zend_language_parser.h
+share/php5/include/Zend/zend_language_scanner.h
+share/php5/include/Zend/zend_language_scanner_defs.h
+share/php5/include/Zend/zend_list.h
+share/php5/include/Zend/zend_llist.h
+share/php5/include/Zend/zend_modules.h
+share/php5/include/Zend/zend_multibyte.h
+share/php5/include/Zend/zend_multiply.h
+share/php5/include/Zend/zend_object_handlers.h
+share/php5/include/Zend/zend_objects.h
+share/php5/include/Zend/zend_objects_API.h
+share/php5/include/Zend/zend_operators.h
+share/php5/include/Zend/zend_ptr_stack.h
+share/php5/include/Zend/zend_qsort.h
+share/php5/include/Zend/zend_stack.h
+share/php5/include/Zend/zend_static_allocator.h
+share/php5/include/Zend/zend_stream.h
+share/php5/include/Zend/zend_strtod.h
+share/php5/include/Zend/zend_ts_hash.h
+share/php5/include/Zend/zend_types.h
+share/php5/include/Zend/zend_variables.h
+share/php5/include/Zend/zend_vm.h
+share/php5/include/Zend/zend_vm_def.h
+share/php5/include/Zend/zend_vm_execute.h
+share/php5/include/Zend/zend_vm_opcodes.h
+share/php5/include/ext/
+share/php5/include/ext/date/
+share/php5/include/ext/date/lib/
+share/php5/include/ext/date/lib/timelib.h
+share/php5/include/ext/date/lib/timelib_config.h
+share/php5/include/ext/date/lib/timelib_structs.h
+share/php5/include/ext/date/php_date.h
+share/php5/include/ext/dom/
+share/php5/include/ext/dom/xml_common.h
+share/php5/include/ext/ereg/
+share/php5/include/ext/ereg/php_ereg.h
+share/php5/include/ext/ereg/php_regex.h
+share/php5/include/ext/ereg/regex/
+share/php5/include/ext/ereg/regex/cclass.h
+share/php5/include/ext/ereg/regex/cname.h
+share/php5/include/ext/ereg/regex/regex.h
+share/php5/include/ext/ereg/regex/regex2.h
+share/php5/include/ext/ereg/regex/utils.h
+share/php5/include/ext/filter/
+share/php5/include/ext/filter/php_filter.h
+share/php5/include/ext/hash/
+share/php5/include/ext/hash/php_hash.h
+share/php5/include/ext/hash/php_hash_adler32.h
+share/php5/include/ext/hash/php_hash_crc32.h
+share/php5/include/ext/hash/php_hash_gost.h
+share/php5/include/ext/hash/php_hash_haval.h
+share/php5/include/ext/hash/php_hash_md.h
+share/php5/include/ext/hash/php_hash_ripemd.h
+share/php5/include/ext/hash/php_hash_salsa.h
+share/php5/include/ext/hash/php_hash_sha.h
+share/php5/include/ext/hash/php_hash_snefru.h
+share/php5/include/ext/hash/php_hash_tiger.h
+share/php5/include/ext/hash/php_hash_types.h
+share/php5/include/ext/hash/php_hash_whirlpool.h
+share/php5/include/ext/iconv/
+share/php5/include/ext/iconv/php_have_bsd_iconv.h
+share/php5/include/ext/iconv/php_have_glibc_iconv.h
+share/php5/include/ext/iconv/php_have_ibm_iconv.h
+share/php5/include/ext/iconv/php_have_iconv.h
+share/php5/include/ext/iconv/php_have_libiconv.h
+share/php5/include/ext/iconv/php_iconv.h
+share/php5/include/ext/iconv/php_iconv_supports_errno.h
+share/php5/include/ext/iconv/php_php_iconv_h_path.h
+share/php5/include/ext/iconv/php_php_iconv_impl.h
+share/php5/include/ext/json/
+share/php5/include/ext/json/php_json.h
+share/php5/include/ext/libxml/
+share/php5/include/ext/libxml/php_libxml.h
+share/php5/include/ext/pcre/
+share/php5/include/ext/pcre/pcrelib/
+share/php5/include/ext/pcre/pcrelib/config.h
+share/php5/include/ext/pcre/pcrelib/pcre.h
+share/php5/include/ext/pcre/pcrelib/pcre_internal.h
+share/php5/include/ext/pcre/pcrelib/pcreposix.h
+share/php5/include/ext/pcre/pcrelib/ucp.h
+share/php5/include/ext/pcre/php_pcre.h
+share/php5/include/ext/pdo/
+share/php5/include/ext/pdo/php_pdo.h
+share/php5/include/ext/pdo/php_pdo_driver.h
+share/php5/include/ext/session/
+share/php5/include/ext/session/mod_files.h
+share/php5/include/ext/session/mod_user.h
+share/php5/include/ext/session/php_session.h
+share/php5/include/ext/spl/
+share/php5/include/ext/spl/php_spl.h
+share/php5/include/ext/spl/spl_array.h
+share/php5/include/ext/spl/spl_directory.h
+share/php5/include/ext/spl/spl_dllist.h
+share/php5/include/ext/spl/spl_engine.h
+share/php5/include/ext/spl/spl_exceptions.h
+share/php5/include/ext/spl/spl_fixedarray.h
+share/php5/include/ext/spl/spl_functions.h
+share/php5/include/ext/spl/spl_heap.h
+share/php5/include/ext/spl/spl_iterators.h
+share/php5/include/ext/spl/spl_observer.h
+share/php5/include/ext/standard/
+share/php5/include/ext/standard/base64.h
+share/php5/include/ext/standard/basic_functions.h
+share/php5/include/ext/standard/crc32.h
+share/php5/include/ext/standard/credits.h
+share/php5/include/ext/standard/credits_ext.h
+share/php5/include/ext/standard/credits_sapi.h
+share/php5/include/ext/standard/crypt_freesec.h
+share/php5/include/ext/standard/css.h
+share/php5/include/ext/standard/cyr_convert.h
+share/php5/include/ext/standard/datetime.h
+share/php5/include/ext/standard/dl.h
+share/php5/include/ext/standard/dns.h
+share/php5/include/ext/standard/exec.h
+share/php5/include/ext/standard/file.h
+share/php5/include/ext/standard/flock_compat.h
+share/php5/include/ext/standard/fsock.h
+share/php5/include/ext/standard/head.h
+share/php5/include/ext/standard/html.h
+share/php5/include/ext/standard/info.h
+share/php5/include/ext/standard/md5.h
+share/php5/include/ext/standard/microtime.h
+share/php5/include/ext/standard/pack.h
+share/php5/include/ext/standard/pageinfo.h
+share/php5/include/ext/standard/php_array.h
+share/php5/include/ext/standard/php_assert.h
+share/php5/include/ext/standard/php_browscap.h
+share/php5/include/ext/standard/php_crypt.h
+share/php5/include/ext/standard/php_crypt_r.h
+share/php5/include/ext/standard/php_dir.h
+share/php5/include/ext/standard/php_ext_syslog.h
+share/php5/include/ext/standard/php_filestat.h
+share/php5/include/ext/standard/php_fopen_wrappers.h
+share/php5/include/ext/standard/php_ftok.h
+share/php5/include/ext/standard/php_http.h
+share/php5/include/ext/standard/php_image.h
+share/php5/include/ext/standard/php_incomplete_class.h
+share/php5/include/ext/standard/php_iptc.h
+share/php5/include/ext/standard/php_lcg.h
+share/php5/include/ext/standard/php_link.h
+share/php5/include/ext/standard/php_mail.h
+share/php5/include/ext/standard/php_math.h
+share/php5/include/ext/standard/php_metaphone.h
+share/php5/include/ext/standard/php_rand.h
+share/php5/include/ext/standard/php_smart_str.h
+share/php5/include/ext/standard/php_smart_str_public.h
+share/php5/include/ext/standard/php_standard.h
+share/php5/include/ext/standard/php_string.h
+share/php5/include/ext/standard/php_type.h
+share/php5/include/ext/standard/php_uuencode.h
+share/php5/include/ext/standard/php_var.h
+share/php5/include/ext/standard/php_versioning.h
+share/php5/include/ext/standard/proc_open.h
+share/php5/include/ext/standard/quot_print.h
+share/php5/include/ext/standard/scanf.h
+share/php5/include/ext/standard/sha1.h
+share/php5/include/ext/standard/streamsfuncs.h
+share/php5/include/ext/standard/uniqid.h
+share/php5/include/ext/standard/url.h
+share/php5/include/ext/standard/url_scanner.h
+share/php5/include/ext/standard/url_scanner_ex.h
+share/php5/include/ext/standard/winver.h
+share/php5/include/ext/xml/
+share/php5/include/ext/xml/expat_compat.h
+share/php5/include/ext/xml/php_xml.h
+share/php5/include/include/
+share/php5/include/main/
+share/php5/include/main/SAPI.h
+share/php5/include/main/build-defs.h
+share/php5/include/main/fopen_wrappers.h
+share/php5/include/main/logos.h
+share/php5/include/main/php.h
+share/php5/include/main/php3_compat.h
+share/php5/include/main/php_compat.h
+share/php5/include/main/php_config.h
+share/php5/include/main/php_content_types.h
+share/php5/include/main/php_getopt.h
+share/php5/include/main/php_globals.h
+share/php5/include/main/php_ini.h
+share/php5/include/main/php_logos.h
+share/php5/include/main/php_main.h
+share/php5/include/main/php_memory_streams.h
+share/php5/include/main/php_network.h
+share/php5/include/main/php_open_temporary_file.h
+share/php5/include/main/php_output.h
+share/php5/include/main/php_reentrancy.h
+share/php5/include/main/php_scandir.h
+share/php5/include/main/php_streams.h
+share/php5/include/main/php_syslog.h
+share/php5/include/main/php_ticks.h
+share/php5/include/main/php_variables.h
+share/php5/include/main/php_version.h
+share/php5/include/main/rfc1867.h
+share/php5/include/main/safe_mode.h
+share/php5/include/main/snprintf.h
+share/php5/include/main/spprintf.h
+share/php5/include/main/streams/
+share/php5/include/main/streams/php_stream_context.h
+share/php5/include/main/streams/php_stream_filter_api.h
+share/php5/include/main/streams/php_stream_glob_wrapper.h
+share/php5/include/main/streams/php_stream_mmap.h
+share/php5/include/main/streams/php_stream_plain_wrapper.h
+share/php5/include/main/streams/php_stream_transport.h
+share/php5/include/main/streams/php_stream_userspace.h
+share/php5/include/main/streams/php_streams_int.h
+share/php5/include/main/win32_internal_function_disabled.h
+share/php5/include/main/win95nt.h
+@extraunexec rm -fr ${PHP_CONFIG_PATH}/php5/
+@unexec-delete rm -fr ${PHP_CONFIG_PATH}/php5.sample/
diff -uNr --exclude=CVS www/php5/distinfo mystuff/www/php5/distinfo
--- www/php5/distinfo Wed Jul  8 18:38:40 2009
+++ mystuff/www/php5/distinfo Tue Jun 30 22:00:45 2009
@@ -1,15 +1,5 @@
-MD5 (php-5.2.10.tar.gz) = hXU7opCayfrlvKUWrb2p6Q==
-MD5 (suhosin-0.9.27.tgz) = mq4CvC0rz5uL2XzSL1aouA==
-MD5 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = +A280nc6mNodqwxzw2VIlQ==
-RMD160 (php-5.2.10.tar.gz) = 8LIsQojdmEwr6iOH9mYVQFwDpdE=
-RMD160 (suhosin-0.9.27.tgz) = Rr9H2vDasFNZ2mL96Kdrp8Q7Pbw=
-RMD160 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = HS4BqTXEu8noWHlvj2AEtPdZULM=
-SHA1 (php-5.2.10.tar.gz) = DXjPbm3J0IpNOucw7FjXazEZihw=
-SHA1 (suhosin-0.9.27.tgz) = MDO9OEDHV4YXnPgkD2PZe19qzL8=
-SHA1 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = QZdkQzCk8YL03WS+udspQG7TAMo=
-SHA256 (php-5.2.10.tar.gz) = qBr6vu/jcWEimR7n/zRxOiNF1XmO4VtCsnOKWGlU1js=
-SHA256 (suhosin-0.9.27.tgz) = z1TZZY2hM6xS3lkap8KWsbL+KcuP7JR1axFYN13+VUo=
-SHA256 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = b3qGz/HN0QB7okgpL2rf47fAGt/tVsLpN8h8YCELvDg=
-SIZE (php-5.2.10.tar.gz) = 11433921
-SIZE (suhosin-0.9.27.tgz) = 115936
-SIZE (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = 23026
+MD5 (php-5.3.0.tar.gz) = 9JBeykSX2j8L61yWhjGWtA==
+RMD160 (php-5.3.0.tar.gz) = zlq9dRoMv043RTdgU+sgU8S1Yzk=
+SHA1 (php-5.3.0.tar.gz) = pLxfK/nUL1ky2EZ/uksAJNlXrfQ=
+SHA256 (php-5.3.0.tar.gz) = r/IhaVfgzgtnW91mYOe1WZ8a0NLPgOGf851veNIkJ+I=
+SIZE (php-5.3.0.tar.gz) = 13239065
diff -uNr --exclude=CVS www/php5/extensions/Makefile mystuff/www/php5/extensions/Makefile
--- www/php5/extensions/Makefile Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/Makefile Wed Jul  8 15:30:25 2009
@@ -15,20 +15,68 @@
 
 WANTLIB= stdc++ m
 
+CONFIGURE_ARGS+=--disable-cli --disable-cgi
+
+# phar
+PSEUDO_FLAVORS+= no_phar
+.if ${FLAVOR:L:Mno_phar}
+CONFIGURE_ARGS+= --disable-phar
+.else
+MULTI_PACKAGES+= -phar
+COMMENT-phar= phar extensions for php5
+CONFIGURE_ARGS+= --enable-phar=shared
+.endif
+
+# fileinfo
+PSEUDO_FLAVORS+= no_fileinfo
+.if ${FLAVOR:L:Mno_fileinfo}
+CONFIGURE_ARGS+= --disable-fileinfo
+.else
+MULTI_PACKAGES+= -fileinfo
+COMMENT-fileinfo= fileinfo extensions for php5
+CONFIGURE_ARGS+= --enable-fileinfo=shared
+.endif
+
+# gettext
+PSEUDO_FLAVORS+= no_gettext
+.if ${FLAVOR:L:Mno_gettext}
+CONFIGURE_ARGS+= --without-gettext
+.else
+MULTI_PACKAGES+= -gettext
 MODULES= devel/gettext
+COMMENT-gettext= gettext extensions for php5
+CONFIGURE_ARGS+= --with-gettext=shared,${LOCALBASE}
+.endif
 
-CONFIGURE_ARGS+= --with-apxs=/usr/sbin/apxs \
- --with-iconv-dir=${LOCALBASE} \
- --with-iconv=${LOCALBASE} \
- --disable-dom \
- --disable-cgi
+# sockets
+PSEUDO_FLAVORS+= no_sockets
+.if ${FLAVOR:L:Mno_sockets}
+CONFIGURE_ARGS+= --disable-sockets
+.else
+MULTI_PACKAGES+= -sockets
+COMMENT-sockets= Sockets extensions for php5
+CONFIGURE_ARGS+= --enable-sockets=shared
+.endif
 
-GRAPHIC_DEPENDS= jpeg.>=62::graphics/jpeg \
- png.>=3::graphics/png
+# exif
+PSEUDO_FLAVORS+= no_exif
+.if ${FLAVOR:L:Mno_exif}
+CONFIGURE_ARGS+= --disable-exif
+.else
+MULTI_PACKAGES+= -exif
+COMMENT-exif= Exif extensions for php5
+CONFIGURE_ARGS+= --enable-exif=shared
+.endif
 
-GRAPHIC_CONFIG= --with-jpeg-dir=${LOCALBASE} \
- --with-png-dir=${LOCALBASE} \
- --with-zlib-dir=/usr
+# openssl
+PSEUDO_FLAVORS+= no_openssl
+.if ${FLAVOR:L:Mno_openssl}
+CONFIGURE_ARGS+= --without-openssl
+.else
+MULTI_PACKAGES+= -openssl
+COMMENT-openssl= Openssl extensions for php5
+CONFIGURE_ARGS+= --with-openssl=shared
+.endif
 
 # bz2
 PSEUDO_FLAVORS+= no_bz2
@@ -64,23 +112,17 @@
 LIB_DEPENDS-dba= gdbm.>=2::databases/gdbm
 .endif
 
-# dbase
-PSEUDO_FLAVORS+= no_dbase
-.if ${FLAVOR:L:Mno_dbase}
-CONFIGURE_ARGS+= --disable-dbase
-.else
-MULTI_PACKAGES+= -dbase
-COMMENT-dbase= dBase database access extensions for php5
-CONFIGURE_ARGS+= --enable-dbase=shared
-LIB_DEPENDS-dbase=
-.endif
-
 # gd
 PSEUDO_FLAVORS+= no_gd
 .if ${FLAVOR:L:Mno_gd}
 CONFIGURE_ARGS+= --without-gd --without-xpm-dir --without-ttf \
  --without-freetype-dir
 .else
+GRAPHIC_DEPENDS= jpeg.>=62::graphics/jpeg \
+ png.>=3::graphics/png
+GRAPHIC_CONFIG= --with-jpeg-dir=${LOCALBASE} \
+ --with-png-dir=${LOCALBASE} \
+ --with-zlib-dir=/usr
 MULTI_PACKAGES+= -gd
 COMMENT-gd= image manipulation extensions for php5
 LIB_DEPENDS-gd= ${GRAPHIC_DEPENDS} t1.>=5::devel/t1lib
@@ -162,17 +204,6 @@
 LIB_DEPENDS-mcrypt= mcrypt::security/libmcrypt ltdl.>=1::devel/libtool,-ltdl
 .endif
 
-# mhash
-PSEUDO_FLAVORS+= no_mhash
-.if ${FLAVOR:L:Mno_mhash}
-CONFIGURE_ARGS+= --without-mhash
-.else
-MULTI_PACKAGES+= -mhash
-COMMENT-mhash= mhash extensions for php5
-CONFIGURE_ARGS+= --with-mhash=shared,${LOCALBASE}
-LIB_DEPENDS-mhash= mhash.>=2::security/mhash
-.endif
-
 # mysql
 PSEUDO_FLAVORS+= no_mysql
 .if ${FLAVOR:L:Mno_mysql}
@@ -180,8 +211,7 @@
 .else
 MULTI_PACKAGES+= -mysql
 COMMENT-mysql= mysql database access extensions for php5
-CONFIGURE_ARGS+= --with-mysql=shared,${LOCALBASE}
-LIB_DEPENDS-mysql= lib/mysql/mysqlclient.>=10::databases/mysql
+CONFIGURE_ARGS+= --with-mysql=shared,mysqlnd
 .endif
 
 # mysqli
@@ -191,21 +221,18 @@
 .else
 MULTI_PACKAGES+= -mysqli
 COMMENT-mysqli= mysql database access extensions for php5
-CONFIGURE_ARGS+= --with-mysqli=shared,${LOCALBASE}/bin/mysql_config
-LIB_DEPENDS-mysqli= lib/mysql/mysqlclient.>=10::databases/mysql
-WANTLIB-mysqli= ${WANTLIB} crypto ssl z
+CONFIGURE_ARGS+= --with-mysqli=shared,mysqlnd
 .endif
 
-# ncurses
-PSEUDO_FLAVORS+= no_ncurses
-.if ${FLAVOR:L:Mno_ncurses}
-CONFIGURE_ARGS+= --without-ncurses
+
+# pdo-mysql
+PSEUDO_FLAVORS+= no_pdo_mysql
+.if ${FLAVOR:L:Mno_pdo_mysql}
+CONFIGURE_ARGS+= --without-pdo-mysql
 .else
-MULTI_PACKAGES+= -ncurses
-COMMENT-ncurses= ncurses extensions for php5
-CONFIGURE_ARGS+= --with-ncurses=shared,${LOCALBASE}
-LIB_DEPENDS-ncurses=
-WANTLIB-ncurses= ${WANTLIB} ncurses panel
+MULTI_PACKAGES+= -pdo_mysql
+COMMENT-pdo_mysql= PDO mysql database access extensions for php5
+CONFIGURE_ARGS+= --enable-pdo --with-pdo-mysql=shared,mysqlnd
 .endif
 
 # odbc
@@ -219,18 +246,6 @@
 LIB_DEPENDS-odbc= iodbc.>=2::databases/iodbc
 .endif
 
-# pdo-mysql
-PSEUDO_FLAVORS+= no_pdo_mysql
-.if ${FLAVOR:L:Mno_pdo_mysql}
-CONFIGURE_ARGS+= --without-pdo-mysql
-.else
-MULTI_PACKAGES+= -pdo_mysql
-COMMENT-pdo_mysql= PDO mysql database access extensions for php5
-CONFIGURE_ARGS+= --with-pdo-mysql=shared,${LOCALBASE}
-LIB_DEPENDS-pdo_mysql= lib/mysql/mysqlclient.>=10::databases/mysql
-WANTLIB-pdo_mysql= ${WANTLIB} crypto ssl z
-.endif
-
 # pdo-pgsql
 PSEUDO_FLAVORS+= no_pdo_pgsql
 .if ${FLAVOR:L:Mno_pdo_pgsql}
@@ -238,7 +253,7 @@
 .else
 MULTI_PACKAGES+= -pdo_pgsql
 COMMENT-pdo_pgsql= PDO database access extensions for php5
-CONFIGURE_ARGS+=        --with-pdo-pgsql=shared,${LOCALBASE}
+CONFIGURE_ARGS+=        --enable-pdo --with-pdo-pgsql=shared,${LOCALBASE}
 LIB_DEPENDS-pdo_pgsql= pq.>=2:postgresql-client-*:databases/postgresql
 .endif
 
@@ -249,7 +264,7 @@
 .else
 MULTI_PACKAGES+= -pdo_sqlite
 COMMENT-pdo_sqlite= PDO sqlite database access extensions for php5
-CONFIGURE_ARGS+= --with-pdo-sqlite=shared,${LOCALBASE} --enable-sqlite-utf8
+CONFIGURE_ARGS+= --enable-pdo --with-pdo-sqlite=shared,${LOCALBASE} --enable-sqlite-utf8
 LIB_DEPENDS-pdo_sqlite= sqlite3.>=8::databases/sqlite3
 .endif
 
@@ -264,15 +279,15 @@
 LIB_DEPENDS-pgsql= pq.>=2:postgresql-client-*:databases/postgresql
 .endif
 
-# pspell
-PSEUDO_FLAVORS+= no_pspell
-.if ${FLAVOR:L:Mno_pspell}
-CONFIGURE_ARGS+= --without-pspell
+# enchant
+PSEUDO_FLAVORS+= no_enchant
+.if ${FLAVOR:L:Mno_enchant}
+CONFIGURE_ARGS+= --without-enchant
 .else
-MULTI_PACKAGES+= -pspell
-COMMENT-pspell= pspell library extensions for php5
-CONFIGURE_ARGS+= --with-pspell=shared,${LOCALBASE}
-LIB_DEPENDS-pspell= aspell.>=16.0,pspell.>=16.0::textproc/aspell/core
+MULTI_PACKAGES+= -enchant
+COMMENT-enchant= enchant library extensions for php5
+CONFIGURE_ARGS+= --with-enchant=shared,${LOCALBASE}
+LIB_DEPENDS-enchant= enchant.>=1.2.4::textproc/enchant
 .endif
 
 # shmop
@@ -301,7 +316,7 @@
 # snmp
 PSEUDO_FLAVORS+= no_snmp
 .if ${FLAVOR:L:Mno_snmp}
-CONFIGURE_ARGS+= --without-snmp
+CONFIGURE_ARGS+= --with-openssl --without-snmp
 .else
 MULTI_PACKAGES+= -snmp
 COMMENT-snmp= snmp protocol extensions for php5
@@ -320,6 +335,17 @@
 LIB_DEPENDS-sqlite= sqlite.>=8::databases/sqlite
 .endif
 
+# sqlite3
+PSEUDO_FLAVORS+= no_sqlite3
+.if ${FLAVOR:L:Mno_sqlite3}
+CONFIGURE_ARGS+= --without-sqlite3
+.else
+MULTI_PACKAGES+= -sqlite3
+COMMENT-sqlite3= sqlite3 database access extensions for php5
+CONFIGURE_ARGS+= --with-sqlite3=shared,${LOCALBASE}
+LIB_DEPENDS-sqlite3= sqlite.>=6::databases/sqlite3
+.endif
+
 # sybase-ct
 PSEUDO_FLAVORS+= no_sybase_ct
 .if ${FLAVOR:L:Mno_sybase_ct}
@@ -350,7 +376,7 @@
 .else
 MULTI_PACKAGES+= -xsl
 COMMENT-xsl= XSL functions for php5
-CONFIGURE_ARGS+= --with-xsl=shared --enable-dom
+CONFIGURE_ARGS+= --with-xsl=shared --enable-dom --enable-libxml
 LIB_DEPENDS-xsl= xslt.>=3,exslt::textproc/libxslt
 WANTLIB-xsl= ${WANTLIB} iconv xml2 z
 .endif
diff -uNr --exclude=CVS www/php5/extensions/patches/patch-ext_gd_gdttf_c mystuff/www/php5/extensions/patches/patch-ext_gd_gdttf_c
--- www/php5/extensions/patches/patch-ext_gd_gdttf_c Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/patches/patch-ext_gd_gdttf_c Thu Jan  1 03:00:00 1970
@@ -1,12 +0,0 @@
-$OpenBSD: patch-ext_gd_gdttf_c,v 1.2 2007/07/02 08:53:17 robert Exp $
---- ext/gd/gdttf.c.orig Sun Jan  9 22:05:05 2005
-+++ ext/gd/gdttf.c Mon Jul  2 10:38:20 2007
-@@ -712,7 +712,7 @@ gdttfchar(gdImage *im, int fg, font_t *font,
- }
- #if HAVE_LIBGD20
- if (im->trueColor) {
-- pixel = &im->tpixels[y3][x3];
-+ pixel = (unsigned char *)&im->tpixels[y3][x3];
- } else
- #endif
- {
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-dbase mystuff/www/php5/extensions/pkg/DESCR-dbase
--- www/php5/extensions/pkg/DESCR-dbase Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/DESCR-dbase Thu Jan  1 03:00:00 1970
@@ -1,18 +0,0 @@
-These functions allow you to access records stored in dBase-format
-(dbf) databases.
-
-There is no support for indexes or memo fields. There is no support
-for locking, too. Two concurrent webserver processes modifying the
-same dBase file will very likely ruin your database.
-
-dBase files are simple sequential files of fixed length records.
-Records are appended to the end of the file and delete records are
-kept until you call dbase_pack().
-
-We recommend that you do not use dBase files as your production
-database. Choose any real SQL server instead; MySQL or Postgres are
-common choices with PHP. dBase support is here to allow you to
-import and export data to and from your web database, because the
-file format is commonly understood by Windows spreadsheets and
-organizers.
-
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-enchant mystuff/www/php5/extensions/pkg/DESCR-enchant
--- www/php5/extensions/pkg/DESCR-enchant Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-enchant Wed Jul  8 13:08:39 2009
@@ -0,0 +1,4 @@
+Enchant steps in to provide uniformity and conformity on top of all spelling
+libraries, and implement certain features that may be lacking in any individual
+provider library. Everything should "just work" for any and every definition
+of "just working."
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-exif mystuff/www/php5/extensions/pkg/DESCR-exif
--- www/php5/extensions/pkg/DESCR-exif Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-exif Wed Jul  8 18:53:03 2009
@@ -0,0 +1,4 @@
+With the exif extension you are able to work with image meta data.
+For example, you may use exif functions to read meta data of pictures
+taken from digital cameras by working with information stored in the
+headers of the JPEG and TIFF images.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-fileinfo mystuff/www/php5/extensions/pkg/DESCR-fileinfo
--- www/php5/extensions/pkg/DESCR-fileinfo Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-fileinfo Wed Jul  8 14:14:10 2009
@@ -0,0 +1,4 @@
+The functions in this module try to guess the content type and encoding of
+a file by looking for certain magic byte sequences at specific positions
+within the file. While this is not a bullet proof approach the heuristics
+used do a very good job.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-gettext mystuff/www/php5/extensions/pkg/DESCR-gettext
--- www/php5/extensions/pkg/DESCR-gettext Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-gettext Sun Jul  5 14:19:19 2009
@@ -0,0 +1,2 @@
+The gettext functions implement an NLS (Native Language Support)
+API which can be used to internationalize your PHP applications.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-mhash mystuff/www/php5/extensions/pkg/DESCR-mhash
--- www/php5/extensions/pkg/DESCR-mhash Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/DESCR-mhash Thu Jan  1 03:00:00 1970
@@ -1,5 +0,0 @@
-This is an interface to the mhash library. mhash supports a wide
-variety of hash algorithms such as MD5, SHA1, GOST, and many others.
-
-Mhash can be used to create checksums, message digests, message
-authentication codes, and more.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-ncurses mystuff/www/php5/extensions/pkg/DESCR-ncurses
--- www/php5/extensions/pkg/DESCR-ncurses Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/DESCR-ncurses Thu Jan  1 03:00:00 1970
@@ -1,5 +0,0 @@
-ncurses (new curses) is a free software emulation of curses in
-System V Rel 4.0 (and above). It uses terminfo format, supports
-pads, colors, multiple highlights, form characters and function key
-mapping.
-
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-openssl mystuff/www/php5/extensions/pkg/DESCR-openssl
--- www/php5/extensions/pkg/DESCR-openssl Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-openssl Sun Jul  5 14:38:04 2009
@@ -0,0 +1,3 @@
+This module uses the functions of OpenSSL for generation and
+verification of signatures and for sealing (encrypting) and
+opening (decrypting) data.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-phar mystuff/www/php5/extensions/pkg/DESCR-phar
--- www/php5/extensions/pkg/DESCR-phar Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-phar Wed Jul  8 18:53:46 2009
@@ -0,0 +1,2 @@
+The phar extension provides a way to put entire PHP applications into a single
+file called a "phar" (PHP Archive) for easy distribution and installation.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-pspell mystuff/www/php5/extensions/pkg/DESCR-pspell
--- www/php5/extensions/pkg/DESCR-pspell Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/DESCR-pspell Thu Jan  1 03:00:00 1970
@@ -1,2 +0,0 @@
-These functions allow you to check the spelling of a word and offer suggestions.
-More information about Pspell can be found at http://www.php.net/pspell.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-sockets mystuff/www/php5/extensions/pkg/DESCR-sockets
--- www/php5/extensions/pkg/DESCR-sockets Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-sockets Sun Jul  5 14:16:45 2009
@@ -0,0 +1,3 @@
+The socket extension implements a low-level interface to the socket
+communication functions based on the popular BSD sockets,
+providing the possibility to act as a socket server as well as a client.
diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-sqlite3 mystuff/www/php5/extensions/pkg/DESCR-sqlite3
--- www/php5/extensions/pkg/DESCR-sqlite3 Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/DESCR-sqlite3 Wed Jul  8 13:42:54 2009
@@ -0,0 +1,5 @@
+These functions allow you to access SQLite 3.x databases.
+More information about SQLite can be found at http://www.sqlite.org/.
+
+Documentation for SQLite can be found at
+http://www.sqlite.org/docs.html.
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-dbase mystuff/www/php5/extensions/pkg/PLIST-dbase
--- www/php5/extensions/pkg/PLIST-dbase Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/PLIST-dbase Thu Jan  1 03:00:00 1970
@@ -1,5 +0,0 @@
-@comment $OpenBSD: PLIST-dbase,v 1.4 2007/11/05 10:11:10 robert Exp $
-@conflict php4-dbase-*
-@pkgpath www/php5/extensions,-dbase,hardened
-conf/php5.sample/dbase.ini
-lib/php/modules/dbase.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-enchant mystuff/www/php5/extensions/pkg/PLIST-enchant
--- www/php5/extensions/pkg/PLIST-enchant Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-enchant Wed Jul  8 13:09:58 2009
@@ -0,0 +1,3 @@
+@comment $OpenBSD: PLIST-enchant,v 1.0 2009/07/08 11:59:56 robert Exp $
+conf/php5.sample/enchant.ini
+lib/php/modules/enchant.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-exif mystuff/www/php5/extensions/pkg/PLIST-exif
--- www/php5/extensions/pkg/PLIST-exif Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-exif Sun Jul  5 14:30:04 2009
@@ -0,0 +1,3 @@
+@comment $OpenBSD: PLIST-exif,v 1.0 2009/07/05 08:36:49 espie Exp $
+conf/php5.sample/exif.ini
+lib/php/modules/exif.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-fileinfo mystuff/www/php5/extensions/pkg/PLIST-fileinfo
--- www/php5/extensions/pkg/PLIST-fileinfo Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-fileinfo Wed Jul  8 14:15:04 2009
@@ -0,0 +1,4 @@
+@comment $OpenBSD: PLIST-fileinfo,v 1.0 2009/07/08 10:11:10 robert Exp $
+@pkgpath www/php5/extensions,-fileinfo,hardened
+conf/php5.sample/fileinfo.ini
+lib/php/modules/fileinfo.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-gettext mystuff/www/php5/extensions/pkg/PLIST-gettext
--- www/php5/extensions/pkg/PLIST-gettext Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-gettext Sun Jul  5 14:31:13 2009
@@ -0,0 +1,4 @@
+@comment $OpenBSD: PLIST-gettext,v 1.0 2009/07/05 10:11:10 robert Exp $
+@pkgpath www/php5/extensions,gettext,hardened
+conf/php5.sample/gettext.ini
+lib/php/modules/gettext.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-mhash mystuff/www/php5/extensions/pkg/PLIST-mhash
--- www/php5/extensions/pkg/PLIST-mhash Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/PLIST-mhash Thu Jan  1 03:00:00 1970
@@ -1,5 +0,0 @@
-@comment $OpenBSD: PLIST-mhash,v 1.4 2007/11/05 10:11:10 robert Exp $
-@conflict php4-mhash-*
-@pkgpath www/php5/extensions,-mhash,hardened
-conf/php5.sample/mhash.ini
-lib/php/modules/mhash.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-ncurses mystuff/www/php5/extensions/pkg/PLIST-ncurses
--- www/php5/extensions/pkg/PLIST-ncurses Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/PLIST-ncurses Thu Jan  1 03:00:00 1970
@@ -1,5 +0,0 @@
-@comment $OpenBSD: PLIST-ncurses,v 1.4 2007/11/05 10:11:10 robert Exp $
-@conflict php4-ncurses-*
-@pkgpath www/php5/extensions,-ncurses,hardened
-conf/php5.sample/ncurses.ini
-lib/php/modules/ncurses.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-openssl mystuff/www/php5/extensions/pkg/PLIST-openssl
--- www/php5/extensions/pkg/PLIST-openssl Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-openssl Sun Jul  5 14:38:55 2009
@@ -0,0 +1,3 @@
+@comment $OpenBSD: PLIST-openssl,v 1.0 2009/07/05 08:36:49 espie Exp $
+conf/php5.sample/openssl.ini
+lib/php/modules/openssl.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-phar mystuff/www/php5/extensions/pkg/PLIST-phar
--- www/php5/extensions/pkg/PLIST-phar Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-phar Wed Jul  8 13:19:42 2009
@@ -0,0 +1,4 @@
+@comment $OpenBSD: PLIST-phar,v 1.0 2009/07/08 10:11:10 robert Exp $
+@pkgpath www/php5/extensions,-phar,hardened
+conf/php5.sample/phar.ini
+lib/php/modules/phar.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-pspell mystuff/www/php5/extensions/pkg/PLIST-pspell
--- www/php5/extensions/pkg/PLIST-pspell Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/extensions/pkg/PLIST-pspell Thu Jan  1 03:00:00 1970
@@ -1,3 +0,0 @@
-@comment $OpenBSD: PLIST-pspell,v 1.1 2008/03/30 11:59:56 robert Exp $
-conf/php5.sample/pspell.ini
-lib/php/modules/pspell.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-sockets mystuff/www/php5/extensions/pkg/PLIST-sockets
--- www/php5/extensions/pkg/PLIST-sockets Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-sockets Sun Jul  5 14:17:54 2009
@@ -0,0 +1,3 @@
+@comment $OpenBSD: PLIST-sockets,v 1.0 2009/07/05 08:36:49 espie Exp $
+conf/php5.sample/sockets.ini
+lib/php/modules/sockets.so
diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-sqlite3 mystuff/www/php5/extensions/pkg/PLIST-sqlite3
--- www/php5/extensions/pkg/PLIST-sqlite3 Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/extensions/pkg/PLIST-sqlite3 Wed Jul  8 13:43:25 2009
@@ -0,0 +1,4 @@
+@comment $OpenBSD: PLIST-sqlite3,v 1.0 2009/07/08 10:11:10 robert Exp $
+@pkgpath www/php5/extensions,-sqlite,hardened
+conf/php5.sample/sqlite3.ini
+lib/php/modules/sqlite3.so
diff -uNr --exclude=CVS www/php5/patches/patch-configure_in mystuff/www/php5/patches/patch-configure_in
--- www/php5/patches/patch-configure_in Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/patches/patch-configure_in Thu Jul  2 14:13:44 2009
@@ -1,18 +1,7 @@
---- configure.in.orig Tue Dec  9 22:04:42 2008
-+++ configure.in Tue Dec  9 22:07:03 2008
-@@ -354,8 +354,8 @@
+--- configure.in.orig Fri Jun 19 01:01:03 2009
++++ configure.in Tue Jun 30 13:00:08 2009
+@@ -983,7 +983,7 @@
 
- dnl Check for resolver routines.
- dnl Need to check for both res_search and __res_search
--dnl in -lc, -lbind, -lresolv and -lsocket
--PHP_CHECK_FUNC(res_search, resolv, bind, socket)
-+dnl in -lc, -lresolv and -lsocket
-+PHP_CHECK_FUNC(res_search, resolv, socket)
-
- dnl Check for inet_aton and dn_skipname
- dnl in -lc, -lbind and -lresolv
-@@ -931,7 +931,7 @@
-
  case $php_build_target in
    program|static)
 -    standard_libtool_flag='-prefer-non-pic -static'
@@ -20,7 +9,7 @@
      if test -z "$PHP_MODULES" && test -z "$PHP_ZEND_EX"; then
          enable_shared=no
      fi
-@@ -940,10 +940,10 @@
+@@ -992,10 +992,10 @@
      enable_static=no
      case $with_pic in
        yes)
@@ -33,7 +22,7 @@
          ;;
      esac
      EXTRA_LDFLAGS="$EXTRA_LDFLAGS -avoid-version -module"
-@@ -1136,7 +1136,7 @@
+@@ -1184,7 +1184,7 @@
  EXPANDED_DATADIR=$datadir
  EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"`
  EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"`
@@ -42,17 +31,16 @@
 
  exec_prefix=$old_exec_prefix
  libdir=$old_libdir
-@@ -1344,7 +1344,8 @@
- INLINE_CFLAGS="$INLINE_CFLAGS $standard_libtool_flag"
- CXXFLAGS="$CXXFLAGS $standard_libtool_flag"
+@@ -1392,7 +1392,7 @@
+   pharcmd_install=
+ fi;
 
--all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_ZEND_EX) \$(PHP_CLI_TARGET)"
-+all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_CLI_TARGET) \$(PHP_CGI_TARGET)"
-+
- install_targets="$install_modules install-build install-headers install-programs $install_pear"
+-all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_ZEND_EX) \$(PHP_CLI_TARGET) $pharcmd"
++all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_CLI_TARGET) \$(PHP_CGI_TARGET) $pharcmd"
+ install_targets="$install_modules install-build install-headers install-programs $install_pear $pharcmd_install"
 
  case $PHP_SAPI in
-@@ -1388,7 +1389,7 @@
+@@ -1437,7 +1437,7 @@
  PHP_ADD_SOURCES(Zend, \
      zend_language_parser.c zend_language_scanner.c \
      zend_ini_parser.c zend_ini_scanner.c \
@@ -61,11 +49,11 @@
      zend_execute_API.c zend_highlight.c zend_llist.c \
      zend_opcode.c zend_operators.c zend_ptr_stack.c zend_stack.c \
      zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \
-@@ -1409,6 +1410,7 @@
+@@ -1459,6 +1459,7 @@
  fi
 
  PHP_ADD_SOURCES_X(Zend, zend_execute.c,,PHP_GLOBAL_OBJS,,$flag)
 +PHP_ADD_SOURCES_X(Zend, zend_alloc.c,,PHP_GLOBAL_OBJS,,"-O0")
 
  PHP_ADD_BUILD_DIR(main main/streams)
- PHP_ADD_BUILD_DIR(regex)
+ PHP_ADD_BUILD_DIR(sapi/$PHP_SAPI sapi/cli)
diff -uNr --exclude=CVS www/php5/patches/patch-ext_standard_config_m4 mystuff/www/php5/patches/patch-ext_standard_config_m4
--- www/php5/patches/patch-ext_standard_config_m4 Wed Jul  8 18:38:41 2009
+++ mystuff/www/php5/patches/patch-ext_standard_config_m4 Tue Jun 30 14:29:33 2009
@@ -1,16 +1,29 @@
-$OpenBSD: patch-ext_standard_config_m4,v 1.1 2008/04/05 05:45:19 sturm Exp $
---- ext/standard/config.m4.orig Fri Apr  4 22:34:19 2008
-+++ ext/standard/config.m4 Fri Apr  4 22:34:33 2008
-@@ -311,9 +311,9 @@ dnl
+--- ext/standard/config.m4.orig Mon Jan 12 02:37:16 2009
++++ ext/standard/config.m4 Tue Jun 30 13:08:23 2009
+@@ -249,19 +249,19 @@
  dnl Detect library functions needed by php dns_xxx functions
  dnl ext/standard/dns.h will collect these in a single define: HAVE_DNS_FUNCS
  dnl
 -PHP_CHECK_FUNC(res_nmkquery, resolv, bind, socket)
 -PHP_CHECK_FUNC(res_nsend, resolv, bind, socket)
+-PHP_CHECK_FUNC(res_search, resolv, bind, socket)
 -PHP_CHECK_FUNC(dn_expand, resolv, bind, socket)
+-PHP_CHECK_FUNC(dn_skipname, resolv, bind, socket)
 +PHP_CHECK_FUNC(res_nmkquery, resolv, socket)
 +PHP_CHECK_FUNC(res_nsend, resolv, socket)
++PHP_CHECK_FUNC(res_search, resolv, socket)
 +PHP_CHECK_FUNC(dn_expand, resolv, socket)
++PHP_CHECK_FUNC(dn_skipname, resolv, socket)
+
+ dnl
+ dnl These are old deprecated functions, a single define of HAVE_DEPRECATED_DNS_FUNCS
+ dnl will be set in ext/standard/dns.h
+ dnl
+
+-PHP_CHECK_FUNC(res_mkquery, resolv, bind, socket)
+-PHP_CHECK_FUNC(res_send, resolv, bind, socket)
++PHP_CHECK_FUNC(res_mkquery, resolv, socket)
++PHP_CHECK_FUNC(res_send, resolv, socket)
 
  dnl
  dnl Check if atof() accepts NAN
diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-development mystuff/www/php5/patches/patch-php_ini-development
--- www/php5/patches/patch-php_ini-development Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/patches/patch-php_ini-development Tue Jun 30 23:29:36 2009
@@ -0,0 +1,150 @@
+--- php.ini-development.orig Sun Jun 28 21:56:18 2009
++++ php.ini-development Tue Jun 30 23:28:20 2009
+@@ -785,11 +785,8 @@
+ ;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ ; UNIX: "/path1:/path2"
+-;include_path = ".:/php/includes"
++include_path = ".:OPENBSD_INCLUDE_PATH"
+ ;
+-; Windows: "\path1;\path2"
+-;include_path = ".;c:\php\includes"
+-;
+ ; PHP's default setting for include_path is ".;/path/to/php/pear"
+ ; http://php.net/include-path
+
+@@ -808,9 +805,7 @@
+
+ ; Directory in which the loadable extensions (modules) reside.
+ ; http://php.net/extension-dir
+-; extension_dir = "./"
+-; On windows:
+-; extension_dir = "ext"
++extension_dir = "MODULES_DIR"
+
+ ; Whether or not to enable the dl() function.  The dl() function does NOT work
+ ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+@@ -888,7 +883,7 @@
+
+ ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
+ ; http://php.net/allow-url-fopen
+-allow_url_fopen = On
++allow_url_fopen = Off
+
+ ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
+ ; http://php.net/allow-url-include
+@@ -915,78 +910,6 @@
+ ; http://php.net/auto-detect-line-endings
+ ;auto_detect_line_endings = Off
+
+-;;;;;;;;;;;;;;;;;;;;;;
+-; Dynamic Extensions ;
+-;;;;;;;;;;;;;;;;;;;;;;
+-
+-; If you wish to have an extension loaded automatically, use the following
+-; syntax:
+-;
+-;   extension=modulename.extension
+-;
+-; For example, on Windows:
+-;
+-;   extension=msql.dll
+-;
+-; ... or under UNIX:
+-;
+-;   extension=msql.so
+-;
+-; ... or with a path:
+-;
+-;   extension=/path/to/extension/msql.so
+-;
+-; If you only provide the name of the extension, PHP will look for it in its
+-; default extension directory.
+-;
+-; Windows Extensions
+-; Note that ODBC support is built in, so no dll is needed for it.
+-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
+-; extension folders as well as the separate PECL DLL download (PHP 5).
+-; Be sure to appropriately set the extension_dir directive.
+-;
+-;extension=php_bz2.dll
+-;extension=php_curl.dll
+-;extension=php_dba.dll
+-;extension=php_exif.dll
+-;extension=php_fileinfo.dll
+-;extension=php_gd2.dll
+-;extension=php_gettext.dll
+-;extension=php_gmp.dll
+-;extension=php_intl.dll
+-;extension=php_imap.dll
+-;extension=php_interbase.dll
+-;extension=php_ldap.dll
+-;extension=php_mbstring.dll
+-;extension=php_ming.dll
+-;extension=php_mssql.dll
+-;extension=php_mysql.dll
+-;extension=php_mysqli.dll
+-;extension=php_oci8.dll      ; Use with Oracle 10gR2 Instant Client
+-;extension=php_oci8_11g.dll  ; Use with Oracle 11g Instant Client
+-;extension=php_openssl.dll
+-;extension=php_pdo_firebird.dll
+-;extension=php_pdo_mssql.dll
+-;extension=php_pdo_mysql.dll
+-;extension=php_pdo_oci.dll
+-;extension=php_pdo_odbc.dll
+-;extension=php_pdo_pgsql.dll
+-;extension=php_pdo_sqlite.dll
+-;extension=php_pgsql.dll
+-;extension=php_phar.dll
+-;extension=php_pspell.dll
+-;extension=php_shmop.dll
+-;extension=php_snmp.dll
+-;extension=php_soap.dll
+-;extension=php_sockets.dll
+-;extension=php_sqlite.dll
+-;extension=php_sqlite3.dll
+-;extension=php_sybase_ct.dll
+-;extension=php_tidy.dll
+-;extension=php_xmlrpc.dll
+-;extension=php_xsl.dll
+-;extension=php_zip.dll
+-
+ ;;;;;;;;;;;;;;;;;;;
+ ; Module Settings ;
+ ;;;;;;;;;;;;;;;;;;;
+@@ -1076,16 +999,6 @@
+ define_syslog_variables  = Off
+
+ [mail function]
+-; For Win32 only.
+-; http://php.net/smtp
+-SMTP = localhost
+-; http://php.net/smtp-port
+-smtp_port = 25
+-
+-; For Win32 only.
+-; http://php.net/sendmail-from
+-;sendmail_from = [hidden email]
+-
+ ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
+ ; http://php.net/sendmail-path
+ ;sendmail_path =
+@@ -1881,6 +1794,15 @@
+ [dba]
+ ;dba.default_handler=
+
+-; Local Variables:
+-; tab-width: 4
+-; End:
++;;;;;;;;;;;;;;;;;;;;;;
++; Dynamic Extensions ;
++;;;;;;;;;;;;;;;;;;;;;;
++;
++; If you wish to have an extension loaded automatically, use the following
++; syntax:
++;
++;   extension=modulename.so
++;
++; Note that it should be the name of the module only; no directory information
++; needs to go here.  Specify the location of the extension with the
++; extension_dir directive above
diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-dist mystuff/www/php5/patches/patch-php_ini-dist
--- www/php5/patches/patch-php_ini-dist Wed Jul  8 18:38:42 2009
+++ mystuff/www/php5/patches/patch-php_ini-dist Thu Jan  1 03:00:00 1970
@@ -1,569 +0,0 @@
-$OpenBSD: patch-php_ini-dist,v 1.13 2007/11/14 10:53:50 robert Exp $
---- php.ini-dist.orig Wed Aug 22 01:24:18 2007
-+++ php.ini-dist Tue Nov 13 11:53:18 2007
-@@ -466,10 +466,7 @@ default_mimetype = "text/html"
- ;;;;;;;;;;;;;;;;;;;;;;;;;
-
- ; UNIX: "/path1:/path2"
--;include_path = ".:/php/includes"
--;
--; Windows: "\path1;\path2"
--;include_path = ".;c:\php\includes"
-+include_path = ".:OPENBSD_INCLUDE_PATH"
-
- ; The root of the PHP pages, used only if nonempty.
- ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
-@@ -483,7 +480,7 @@ doc_root =
- user_dir =
-
- ; Directory in which the loadable extensions (modules) reside.
--extension_dir = "./"
-+extension_dir = "MODULES_DIR"
-
- ; Whether or not to enable the dl() function.  The dl() function does NOT work
- ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -552,7 +549,7 @@ upload_max_filesize = 2M
- ;;;;;;;;;;;;;;;;;;
-
- ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
--allow_url_fopen = On
-+allow_url_fopen = Off
-
- ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
- allow_url_include = Off
-@@ -573,81 +570,6 @@ default_socket_timeout = 60
- ; fgets() and file() will work regardless of the source of the file.
- ; auto_detect_line_endings = Off
-
--
--;;;;;;;;;;;;;;;;;;;;;;
--; Dynamic Extensions ;
--;;;;;;;;;;;;;;;;;;;;;;
--;
--; If you wish to have an extension loaded automatically, use the following
--; syntax:
--;
--;   extension=modulename.extension
--;
--; For example, on Windows:
--;
--;   extension=msql.dll
--;
--; ... or under UNIX:
--;
--;   extension=msql.so
--;
--; Note that it should be the name of the module only; no directory information
--; needs to go here.  Specify the location of the extension with the
--; extension_dir directive above.
--
--
--; Windows Extensions
--; Note that ODBC support is built in, so no dll is needed for it.
--; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
--; extension folders as well as the separate PECL DLL download (PHP 5).
--; Be sure to appropriately set the extension_dir directive.
--
--;extension=php_bz2.dll
--;extension=php_curl.dll
--;extension=php_dba.dll
--;extension=php_dbase.dll
--;extension=php_exif.dll
--;extension=php_fdf.dll
--;extension=php_gd2.dll
--;extension=php_gettext.dll
--;extension=php_gmp.dll
--;extension=php_ifx.dll
--;extension=php_imap.dll
--;extension=php_interbase.dll
--;extension=php_ldap.dll
--;extension=php_mbstring.dll
--;extension=php_mcrypt.dll
--;extension=php_mhash.dll
--;extension=php_mime_magic.dll
--;extension=php_ming.dll
--;extension=php_msql.dll
--;extension=php_mssql.dll
--;extension=php_mysql.dll
--;extension=php_mysqli.dll
--;extension=php_oci8.dll
--;extension=php_openssl.dll
--;extension=php_pdo.dll
--;extension=php_pdo_firebird.dll
--;extension=php_pdo_mssql.dll
--;extension=php_pdo_mysql.dll
--;extension=php_pdo_oci.dll
--;extension=php_pdo_oci8.dll
--;extension=php_pdo_odbc.dll
--;extension=php_pdo_pgsql.dll
--;extension=php_pdo_sqlite.dll
--;extension=php_pgsql.dll
--;extension=php_pspell.dll
--;extension=php_shmop.dll
--;extension=php_snmp.dll
--;extension=php_soap.dll
--;extension=php_sockets.dll
--;extension=php_sqlite.dll
--;extension=php_sybase_ct.dll
--;extension=php_tidy.dll
--;extension=php_xmlrpc.dll
--;extension=php_xsl.dll
--;extension=php_zip.dll
--
- ;;;;;;;;;;;;;;;;;;;
- ; Module Settings ;
- ;;;;;;;;;;;;;;;;;;;
-@@ -695,13 +617,6 @@ default_socket_timeout = 60
- define_syslog_variables  = Off
-
- [mail function]
--; For Win32 only.
--SMTP = localhost
--smtp_port = 25
--
--; For Win32 only.
--;sendmail_from = [hidden email]
--
- ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
- ;sendmail_path =
-
-@@ -1277,6 +1192,436 @@ soap.wsdl_cache_dir="/tmp"
- ; instead of original one.
- soap.wsdl_cache_ttl=86400
-
--; Local Variables:
--; tab-width: 4
--; End:
-+[suhosin]
-+; Logging Options
-+
-+; Defines what classes of security alerts are logged to the syslog daemon.
-+; Logging of errors of the class S_MEMORY are always logged to syslog, no
-+; matter what this configuration says, because a corrupted heap could mean that
-+; the other logging options will malfunction during the logging process.
-+;suhosin.log.syslog =
-+
-+; Defines the syslog facility that is used when ALERTs are logged to syslog.
-+;suhosin.log.syslog.facility =
-+
-+; Defines the syslog priority that is used when ALERTs are logged to syslog.
-+;suhosin.log.syslog.priority =
-+
-+; Defines what classes of security alerts are logged through the SAPI error log.
-+;suhosin.log.sapi =
-+
-+; Defines what classes of security alerts are logged through the external
-+; logging.
-+;suhosin.log.script =
-+
-+; Defines what classes of security alerts are logged through the defined PHP
-+; script.
-+;suhosin.log.phpscript = 0
-+
-+; Defines the full path to a external logging script. The script is called with
-+; 2 parameters. The first one is the alert class in string notation and the
-+; second parameter is the log message. This can be used for example to mail
-+; failing MySQL queries to your email address, because on a production system
-+; these things should never happen.
-+;suhosin.log.script.name =
-+
-+; Defines the full path to a PHP logging script. The script is called with 2
-+; variables registered in the current scope: SUHOSIN_ERRORCLASS and
-+; SUHOSIN_ERROR. The first one is the alert class and the second variable is
-+; the log message. This can be used for example to mail attempted remote URL
-+; include attacks to your email address.
-+;suhosin.log.phpscript.name =
-+
-+; Undocumented
-+;suhosin.log.phpscript.is_safe = Off
-+
-+; When the Hardening-Patch logs an error the log message also contains the IP
-+; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
-+; environment variable. With this switch it is possible to change this behavior
-+; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
-+; when your PHP server runs behind a reverse proxy.
-+;suhosin.log.use-x-forwarded-for = Off
-+
-+; -----------------------------------------------------------------------------
-+; Executor Options
-+
-+; Defines the maximum stack depth allowed by the executor before it stops the
-+; script. Without this function an endless recursion in a PHP script could
-+; crash the PHP executor or trigger the configured memory_limit. A value of
-+; "0" disables this feature.
-+;suhosin.executor.max_depth = 0
-+
-+; Defines how many "../" an include filename needs to contain to be considered
-+; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
-+; value of "3" will allow it. Most PHP applications should work flawlessly with
-+; values "4" or "5". A value of "0" disables this feature.
-+;suhosin.executor.include.max_traversal = 0
-+
-+; Comma separated whitelist of URL schemes that are allowed to be included from
-+; include or require statements. Additionally to URL schemes it is possible to
-+; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
-+; specified, then the blacklist is evaluated.
-+;suhosin.executor.include.whitelist =
-+
-+; Comma separated blacklist of URL schemes that are not allowed to be included
-+; from include or require statements. Additionally to URL schemes it is
-+; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
-+; blacklist and no whitelist is specified all URL schemes are forbidden.
-+;suhosin.executor.include.blacklist =
-+
-+; Comma separated whitelist of functions that are allowed to be called. If the
-+; whitelist is empty the blacklist is evaluated, otherwise calling a function
-+; not in the whitelist will terminate the script and get logged.
-+;suhosin.executor.func.whitelist =
-+
-+; Comma separated blacklist of functions that are not allowed to be called. If
-+; no whitelist is given, calling a function within the blacklist will terminate
-+; the script and get logged.
-+;suhosin.executor.func.blacklist =
-+
-+; Comma separated whitelist of functions that are allowed to be called from
-+; within eval(). If the whitelist is empty the blacklist is evaluated,
-+; otherwise calling a function not in the whitelist will terminate the script
-+; and get logged.
-+;suhosin.executor.eval.whitelist =
-+
-+; Comma separated blacklist of functions that are not allowed to be called from
-+; within eval(). If no whitelist is given, calling a function within the
-+; blacklist will terminate the script and get logged.
-+;suhosin.executor.eval.blacklist =
-+
-+; eval() is a very dangerous statement and therefore you might want to disable
-+; it completely. Deactivating it will however break lots of scripts. Because
-+; every violation is logged, this allows finding all places where eval() is
-+; used.
-+;suhosin.executor.disable_eval = Off
-+
-+; The /e modifier inside preg_replace() allows code execution. Often it is the
-+; cause for remote code execution exploits. It is wise to deactivate this
-+; feature and test where in the application it is used. The developer using the
-+; /e modifier should be made aware that he should use preg_replace_callback()
-+; instead.
-+;suhosin.executor.disable_emodifier = Off
-+
-+; This flag reactivates symlink() when open_basedir is used, which is disabled
-+; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
-+; is actually a security risk.
-+;suhosin.executor.allow_symlink = Off
-+
-+; -----------------------------------------------------------------------------
-+; Misc Options
-+
-+; If you fear that Suhosin breaks your application, you can activate Suhosin's
-+; simulation mode with this flag. When Suhosin runs in simulation mode,
-+; violations are logged as usual, but nothing is blocked or removed from the
-+; request. (Transparent Encryptions are NOT deactivated in simulation mode.)
-+;suhosin.simulation = Off
-+
-+; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
-+; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
-+; will overwrite the information Suhosin stores in this slot. When this flag is
-+; set Suhosin will request 2 Slots and use the second one. This allows working
-+; correctly with these buggy APC versions.
-+;suhosin.apc_bug_workaround = Off
-+
-+; When a SQL Query fails scripts often spit out a bunch of useful information
-+; for possible attackers. When this configuration directive is turned on, the
-+; script will silently terminate, after the problem has been logged. (This is
-+; not yet supported)
-+;suhosin.sql.bailout_on_error = Off
-+
-+; This is an experimental feature for shared environments. With this
-+; configuration option it is possible to specify a prefix that is automatically
-+; prepended to the database username, whenever a database connection is made.
-+; (Unless the username starts with the prefix)
-+;suhosin.sql.user_prefix =
-+
-+; This is an experimental feature for shared environments. With this
-+; configuration option it is possible to specify a postfix that is
-+; automatically appended to the database username, whenever a database
-+; connection is made. (Unless the username end with the postfix)
-+;
-+; With this feature it is possible for shared hosters to disallow customers to
-+; connect with the usernames of other customers. This feature is experimental,
-+; because support for PDO and PostgreSQL are not yet implemented.
-+;suhosin.sql.user_postfix =
-+
-+; This directive controls if multiple headers are allowed or not in a header()
-+; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
-+; multiple lines are still allowed).
-+;suhosin.multiheader = Off
-+
-+; This directive controls if the mail() header protection is activated or not
-+; and to what degree it is activated. The appended table lists the possible
-+; activation levels.
-+suhosin.mail.protect = 1
-+
-+; As long scripts are not running within safe_mode they are free to change the
-+; memory_limit to whatever value they want. Suhosin changes this fact and
-+; disallows setting the memory_limit to a value greater than the one the script
-+; started with, when this option is left at 0. A value greater than 0 means
-+; that Suhosin will disallows scripts setting the memory_limit to a value above
-+; this configured hard limit. This is for example usefull if you want to run
-+; the script normaly with a limit of 16M but image processing scripts may raise
-+; it to 20M.
-+;suhosin.memory_limit = 0
-+
-+; -----------------------------------------------------------------------------
-+; Transparent Encryption Options
-+
-+; Flag that decides if the transparent session encryption is activated or not.
-+;suhosin.session.encrypt = On
-+
-+; Session data can be encrypted transparently. The encryption key used consists
-+; of this user defined string (which can be altered by a script via ini_set())
-+; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
-+; REMOTE_ADDR.
-+;suhosin.session.cryptkey =
-+
-+; Flag that decides if the transparent session encryption key depends on the
-+; User-Agent field. (When activated this feature transparently adds a little
-+; bit protection against session fixation/hijacking attacks)
-+;suhosin.session.cryptua = On
-+
-+; Flag that decides if the transparent session encryption key depends on the
-+; Documentroot field.
-+;suhosin.session.cryptdocroot = On
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
-+; encryption key depends on. Keep in mind that this should not be used on sites
-+; that have visitors from big ISPs, because their IP address often changes
-+; during a session. But this feature might be interesting for admin interfaces
-+; or intranets. When used wisely this is a transparent protection against
-+; session hijacking/fixation.
-+;suhosin.session.cryptraddr = 0
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
-+; session. The difference to suhosin.session.cryptaddr is, that the IP is not
-+; part of the encryption key, so that the same session can be used for
-+; different areas with different protection levels on the site.
-+;suhosin.session.checkraddr = 0
-+
-+; Flag that decides if the transparent cookie encryption is activated or not.
-+;suhosin.cookie.encrypt = 0
-+
-+; Cookies can be encrypted transparently. The encryption key used consists of
-+; this user defined string and optionally the User-Agent, the Document-Root and
-+; 0-4 Octects of the REMOTE_ADDR.
-+;suhosin.cookie.cryptkey =
-+
-+; Flag that decides if the transparent session encryption key depends on the
-+; User-Agent field. (When activated this feature transparently adds a little
-+; bit protection against session fixation/hijacking attacks (if only session
-+; cookies are allowed))
-+;suhosin.cookie.cryptua = On
-+
-+; Flag that decides if the transparent cookie encryption key depends on the
-+; Documentroot field.
-+;suhosin.cookie.cryptdocroot = On
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
-+; encryption key depends on. Keep in mind that this should not be used on sites
-+; that have visitors from big ISPs, because their IP address often changes
-+; during a session. But this feature might be interesting for admin interfaces
-+; or intranets. When used wisely this is a transparent protection against
-+; session hijacking/fixation.
-+;suhosin.cookie.cryptraddr = 0
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
-+; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
-+; part of the encryption key, so that the same cookie can be used for different
-+; areas with different protection levels on the site.
-+;suhosin.cookie.checkraddr = 0
-+
-+; In case not all cookies are supposed to get encrypted this is a comma
-+; separated list of cookie names that should get encrypted. All other cookies
-+; will not get touched.
-+;suhosin.cookie.cryptlist =
-+
-+; In case some cookies should not be crypted this is a comma separated list of
-+; cookies that do not get encrypted. All other cookies will be encrypted.
-+;suhosin.cookie.plainlist =
-+
-+; -----------------------------------------------------------------------------
-+; Filtering Options
-+
-+; Defines the reaction of Suhosin on a filter violation.
-+;suhosin.filter.action =
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; the COOKIE.
-+;suhosin.cookie.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; the COOKIE.
-+;suhosin.cookie.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; the COOKIE. For array variables this is the name in front of the indices.
-+;suhosin.cookie.max_name_length = 64
-+
-+; Defines the maximum length of the total variable name when registered through
-+; the COOKIE. For array variables this includes all indices.
-+;suhosin.cookie.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through the
-+; COOKIE.
-+;suhosin.cookie.max_value_length = 10000
-+
-+; Defines the maximum number of variables that may be registered through the
-+; COOKIE.
-+;suhosin.cookie.max_vars = 100
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.cookie.disallow_nul = 1
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; the URL
-+;suhosin.get.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; the URL
-+;suhosin.get.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; the URL. For array variables this is the name in front of the indices.
-+;suhosin.get.max_name_length = 64
-+
-+; Defines the maximum length of the total variable name when registered through
-+; the URL. For array variables this includes all indices.
-+;suhosin.get.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through the URL.
-+;suhosin.get.max_value_length = 512
-+
-+; Defines the maximum number of variables that may be registered through the
-+; URL.
-+;suhosin.get.max_vars = 100
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.get.disallow_nul = 1
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; a POST request.
-+;suhosin.post.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; a POST request.
-+;suhosin.post.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; a POST request. For array variables this is the name in front of the indices.
-+;suhosin.post.max_name_length = 64
-+
-+; Defines the maximum length of the total variable name when registered through
-+; a POST request. For array variables this includes all indices.
-+;suhosin.post.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through a POST
-+; request.
-+;suhosin.post.max_value_length = 65000
-+
-+; Defines the maximum number of variables that may be registered through a POST
-+; request.
-+;suhosin.post.max_vars = 200
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.post.disallow_nul = 1
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; GET , POST or COOKIE. This setting is also an upper limit for the separate
-+; GET, POST, COOKIE configuration directives.
-+;suhosin.request.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; GET, POST or COOKIE. This setting is also an upper limit for the separate
-+; GET, POST, COOKIE configuration directives.
-+;suhosin.request.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; the COOKIE, the URL or through a POST request. This is the complete name
-+; string, including all indicies. This setting is also an upper limit for the
-+; separate GET, POST, COOKIE configuration directives.
-+;suhosin.request.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through the
-+; COOKIE, the URL or through a POST request. This setting is also an upper
-+; limit for the variable origin specific configuration directives.
-+;suhosin.request.max_value_length = 65000
-+
-+; Defines the maximum number of variables that may be registered through the
-+; COOKIE, the URL or through a POST request. This setting is also an upper
-+; limit for the variable origin specific configuration directives.
-+;suhosin.request.max_vars = 200
-+
-+; Defines the maximum name length (excluding possible array indicies) of
-+; variables that may be registered through the COOKIE, the URL or through a
-+; POST request. This setting is also an upper limit for the variable origin
-+; specific configuration directives.
-+;suhosin.request.max_varname_length = 64
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.request.disallow_nul = 1
-+
-+; Defines the maximum number of files that may be uploaded with one request.
-+;suhosin.upload.max_uploads = 25
-+
-+; When set to On it is not possible to upload ELF executables.
-+;suhosin.upload.disallow_elf = 1
-+
-+; When set to On it is not possible to upload binary files.
-+;suhosin.upload.disallow_binary = 0
-+
-+; When set to On binary content is removed from the uploaded files.
-+;suhosin.upload.remove_binary = 0
-+
-+; This defines the full path to a verification script for uploaded files. The
-+; script gets the temporary filename supplied and has to decide if the upload
-+; is allowed. A possible application for this is to scan uploaded files for
-+; viruses. The called script has to write a 1 as first line to standard output
-+; to allow the upload. Any other value or no output at all will result in the
-+; file being deleted.
-+;suhosin.upload.verification_script =
-+
-+; Specifies the maximum length of the session identifier that is allowed. When
-+; a longer session identifier is passed a new session identifier will be
-+; created. This feature is important to fight bufferoverflows in 3rd party
-+; session handlers.
-+;suhosin.session.max_id_length = 128
-+
-+; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
-+; detects a bufferoverflow, memory corruption or double free. This is only
-+; for debugging purposes and should not be activated.
-+;suhosin.coredump = Off
-+
-+; Undocumented: Controls if the encryption keys specified by the configuration
-+; are shown in the phpinfo() output or if they are hidden from it
-+;suhosin.protectkey = 1
-+
-+; Controls if suhosin loads in stealth mode when it is not the only
-+; zend_extension (Required for full compatibility with certain encoders
-+;  that consider open source untrusted. e.g. ionCube, Zend)
-+;suhosin.stealth = 1
-+
-+; Controls if suhosin's ini directives are changeable per directory
-+; because the admin might want to allow some features to be controlable
-+; by .htaccess and some not. For example the logging capabilities can
-+; break safemode and open_basedir restrictions when .htaccess support is
-+; allowed and the admin forgot to fix their values in httpd.conf
-+; An empty value or a 0 will result in all directives not allowed in
-+; .htaccess. The string "legcprsum" will allow logging, execution, get,
-+; post, cookie, request, sql, upload, misc features in .htaccess
-+;suhosin.perdir = "0"
-+
-+;;;;;;;;;;;;;;;;;;;;;;
-+; Dynamic Extensions ;
-+;;;;;;;;;;;;;;;;;;;;;;
-+;
-+; If you wish to have an extension loaded automatically, use the following
-+; syntax:
-+;
-+;   extension=modulename.so
-+;
-+; Note that it should be the name of the module only; no directory information
-+; needs to go here.  Specify the location of the extension with the
-+; extension_dir directive above.
diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-production mystuff/www/php5/patches/patch-php_ini-production
--- www/php5/patches/patch-php_ini-production Thu Jan  1 03:00:00 1970
+++ mystuff/www/php5/patches/patch-php_ini-production Tue Jun 30 23:32:03 2009
@@ -0,0 +1,150 @@
+--- php.ini-production.orig Sun Jun 28 21:56:18 2009
++++ php.ini-production Tue Jun 30 23:28:20 2009
+@@ -785,11 +785,8 @@
+ ;;;;;;;;;;;;;;;;;;;;;;;;;
+
+ ; UNIX: "/path1:/path2"
+-;include_path = ".:/php/includes"
++include_path = ".:OPENBSD_INCLUDE_PATH"
+ ;
+-; Windows: "\path1;\path2"
+-;include_path = ".;c:\php\includes"
+-;
+ ; PHP's default setting for include_path is ".;/path/to/php/pear"
+ ; http://php.net/include-path
+
+@@ -808,9 +805,7 @@
+
+ ; Directory in which the loadable extensions (modules) reside.
+ ; http://php.net/extension-dir
+-; extension_dir = "./"
+-; On windows:
+-; extension_dir = "ext"
++extension_dir = "MODULES_DIR"
+
+ ; Whether or not to enable the dl() function.  The dl() function does NOT work
+ ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+@@ -888,7 +883,7 @@
+
+ ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
+ ; http://php.net/allow-url-fopen
+-allow_url_fopen = On
++allow_url_fopen = Off
+
+ ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
+ ; http://php.net/allow-url-include
+@@ -915,78 +910,6 @@
+ ; http://php.net/auto-detect-line-endings
+ ;auto_detect_line_endings = Off
+
+-;;;;;;;;;;;;;;;;;;;;;;
+-; Dynamic Extensions ;
+-;;;;;;;;;;;;;;;;;;;;;;
+-
+-; If you wish to have an extension loaded automatically, use the following
+-; syntax:
+-;
+-;   extension=modulename.extension
+-;
+-; For example, on Windows:
+-;
+-;   extension=msql.dll
+-;
+-; ... or under UNIX:
+-;
+-;   extension=msql.so
+-;
+-; ... or with a path:
+-;
+-;   extension=/path/to/extension/msql.so
+-;
+-; If you only provide the name of the extension, PHP will look for it in its
+-; default extension directory.
+-;
+-; Windows Extensions
+-; Note that ODBC support is built in, so no dll is needed for it.
+-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
+-; extension folders as well as the separate PECL DLL download (PHP 5).
+-; Be sure to appropriately set the extension_dir directive.
+-;
+-;extension=php_bz2.dll
+-;extension=php_curl.dll
+-;extension=php_dba.dll
+-;extension=php_exif.dll
+-;extension=php_fileinfo.dll
+-;extension=php_gd2.dll
+-;extension=php_gettext.dll
+-;extension=php_gmp.dll
+-;extension=php_intl.dll
+-;extension=php_imap.dll
+-;extension=php_interbase.dll
+-;extension=php_ldap.dll
+-;extension=php_mbstring.dll
+-;extension=php_ming.dll
+-;extension=php_mssql.dll
+-;extension=php_mysql.dll
+-;extension=php_mysqli.dll
+-;extension=php_oci8.dll      ; Use with Oracle 10gR2 Instant Client
+-;extension=php_oci8_11g.dll  ; Use with Oracle 11g Instant Client
+-;extension=php_openssl.dll
+-;extension=php_pdo_firebird.dll
+-;extension=php_pdo_mssql.dll
+-;extension=php_pdo_mysql.dll
+-;extension=php_pdo_oci.dll
+-;extension=php_pdo_odbc.dll
+-;extension=php_pdo_pgsql.dll
+-;extension=php_pdo_sqlite.dll
+-;extension=php_pgsql.dll
+-;extension=php_phar.dll
+-;extension=php_pspell.dll
+-;extension=php_shmop.dll
+-;extension=php_snmp.dll
+-;extension=php_soap.dll
+-;extension=php_sockets.dll
+-;extension=php_sqlite.dll
+-;extension=php_sqlite3.dll
+-;extension=php_sybase_ct.dll
+-;extension=php_tidy.dll
+-;extension=php_xmlrpc.dll
+-;extension=php_xsl.dll
+-;extension=php_zip.dll
+-
+ ;;;;;;;;;;;;;;;;;;;
+ ; Module Settings ;
+ ;;;;;;;;;;;;;;;;;;;
+@@ -1076,16 +999,6 @@
+ define_syslog_variables  = Off
+
+ [mail function]
+-; For Win32 only.
+-; http://php.net/smtp
+-SMTP = localhost
+-; http://php.net/smtp-port
+-smtp_port = 25
+-
+-; For Win32 only.
+-; http://php.net/sendmail-from
+-;sendmail_from = [hidden email]
+-
+ ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
+ ; http://php.net/sendmail-path
+ ;sendmail_path =
+@@ -1881,6 +1794,15 @@
+ [dba]
+ ;dba.default_handler=
+
+-; Local Variables:
+-; tab-width: 4
+-; End:
++;;;;;;;;;;;;;;;;;;;;;;
++; Dynamic Extensions ;
++;;;;;;;;;;;;;;;;;;;;;;
++;
++; If you wish to have an extension loaded automatically, use the following
++; syntax:
++;
++;   extension=modulename.so
++;
++; Note that it should be the name of the module only; no directory information
++; needs to go here.  Specify the location of the extension with the
++; extension_dir directive above
diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-recommended mystuff/www/php5/patches/patch-php_ini-recommended
--- www/php5/patches/patch-php_ini-recommended Wed Jul  8 18:38:42 2009
+++ mystuff/www/php5/patches/patch-php_ini-recommended Thu Jan  1 03:00:00 1970
@@ -1,569 +0,0 @@
-$OpenBSD: patch-php_ini-recommended,v 1.13 2007/11/14 10:53:50 robert Exp $
---- php.ini-recommended.orig Wed Aug 22 01:24:18 2007
-+++ php.ini-recommended Tue Nov 13 11:53:39 2007
-@@ -516,10 +516,7 @@ default_mimetype = "text/html"
- ;;;;;;;;;;;;;;;;;;;;;;;;;
-
- ; UNIX: "/path1:/path2"
--;include_path = ".:/php/includes"
--;
--; Windows: "\path1;\path2"
--;include_path = ".;c:\php\includes"
-+include_path = ".:OPENBSD_INCLUDE_PATH"
-
- ; The root of the PHP pages, used only if nonempty.
- ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
-@@ -533,7 +530,7 @@ doc_root =
- user_dir =
-
- ; Directory in which the loadable extensions (modules) reside.
--extension_dir = "./"
-+extension_dir = "MODULES_DIR"
-
- ; Whether or not to enable the dl() function.  The dl() function does NOT work
- ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-@@ -602,7 +599,7 @@ upload_max_filesize = 2M
- ;;;;;;;;;;;;;;;;;;
-
- ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
--allow_url_fopen = On
-+allow_url_fopen = Off
-
- ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
- allow_url_include = Off
-@@ -623,81 +620,6 @@ default_socket_timeout = 60
- ; fgets() and file() will work regardless of the source of the file.
- ; auto_detect_line_endings = Off
-
--
--;;;;;;;;;;;;;;;;;;;;;;
--; Dynamic Extensions ;
--;;;;;;;;;;;;;;;;;;;;;;
--;
--; If you wish to have an extension loaded automatically, use the following
--; syntax:
--;
--;   extension=modulename.extension
--;
--; For example, on Windows:
--;
--;   extension=msql.dll
--;
--; ... or under UNIX:
--;
--;   extension=msql.so
--;
--; Note that it should be the name of the module only; no directory information
--; needs to go here.  Specify the location of the extension with the
--; extension_dir directive above.
--
--
--; Windows Extensions
--; Note that ODBC support is built in, so no dll is needed for it.
--; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
--; extension folders as well as the separate PECL DLL download (PHP 5).
--; Be sure to appropriately set the extension_dir directive.
--
--;extension=php_bz2.dll
--;extension=php_curl.dll
--;extension=php_dba.dll
--;extension=php_dbase.dll
--;extension=php_exif.dll
--;extension=php_fdf.dll
--;extension=php_gd2.dll
--;extension=php_gettext.dll
--;extension=php_gmp.dll
--;extension=php_ifx.dll
--;extension=php_imap.dll
--;extension=php_interbase.dll
--;extension=php_ldap.dll
--;extension=php_mbstring.dll
--;extension=php_mcrypt.dll
--;extension=php_mhash.dll
--;extension=php_mime_magic.dll
--;extension=php_ming.dll
--;extension=php_msql.dll
--;extension=php_mssql.dll
--;extension=php_mysql.dll
--;extension=php_mysqli.dll
--;extension=php_oci8.dll
--;extension=php_openssl.dll
--;extension=php_pdo.dll
--;extension=php_pdo_firebird.dll
--;extension=php_pdo_mssql.dll
--;extension=php_pdo_mysql.dll
--;extension=php_pdo_oci.dll
--;extension=php_pdo_oci8.dll
--;extension=php_pdo_odbc.dll
--;extension=php_pdo_pgsql.dll
--;extension=php_pdo_sqlite.dll
--;extension=php_pgsql.dll
--;extension=php_pspell.dll
--;extension=php_shmop.dll
--;extension=php_snmp.dll
--;extension=php_soap.dll
--;extension=php_sockets.dll
--;extension=php_sqlite.dll
--;extension=php_sybase_ct.dll
--;extension=php_tidy.dll
--;extension=php_xmlrpc.dll
--;extension=php_xsl.dll
--;extension=php_zip.dll
--
- ;;;;;;;;;;;;;;;;;;;
- ; Module Settings ;
- ;;;;;;;;;;;;;;;;;;;
-@@ -745,13 +667,6 @@ default_socket_timeout = 60
- define_syslog_variables  = Off
-
- [mail function]
--; For Win32 only.
--SMTP = localhost
--smtp_port = 25
--
--; For Win32 only.
--;sendmail_from = [hidden email]
--
- ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
- ;sendmail_path =
-
-@@ -1330,6 +1245,436 @@ soap.wsdl_cache_dir="/tmp"
- ; instead of original one.
- soap.wsdl_cache_ttl=86400
-
--; Local Variables:
--; tab-width: 4
--; End:
-+[suhosin]
-+; Logging Options
-+
-+; Defines what classes of security alerts are logged to the syslog daemon.
-+; Logging of errors of the class S_MEMORY are always logged to syslog, no
-+; matter what this configuration says, because a corrupted heap could mean that
-+; the other logging options will malfunction during the logging process.
-+;suhosin.log.syslog =
-+
-+; Defines the syslog facility that is used when ALERTs are logged to syslog.
-+;suhosin.log.syslog.facility =
-+
-+; Defines the syslog priority that is used when ALERTs are logged to syslog.
-+;suhosin.log.syslog.priority =
-+
-+; Defines what classes of security alerts are logged through the SAPI error log.
-+;suhosin.log.sapi =
-+
-+; Defines what classes of security alerts are logged through the external
-+; logging.
-+;suhosin.log.script =
-+
-+; Defines what classes of security alerts are logged through the defined PHP
-+; script.
-+;suhosin.log.phpscript = 0
-+
-+; Defines the full path to a external logging script. The script is called with
-+; 2 parameters. The first one is the alert class in string notation and the
-+; second parameter is the log message. This can be used for example to mail
-+; failing MySQL queries to your email address, because on a production system
-+; these things should never happen.
-+;suhosin.log.script.name =
-+
-+; Defines the full path to a PHP logging script. The script is called with 2
-+; variables registered in the current scope: SUHOSIN_ERRORCLASS and
-+; SUHOSIN_ERROR. The first one is the alert class and the second variable is
-+; the log message. This can be used for example to mail attempted remote URL
-+; include attacks to your email address.
-+;suhosin.log.phpscript.name =
-+
-+; Undocumented
-+;suhosin.log.phpscript.is_safe = Off
-+
-+; When the Hardening-Patch logs an error the log message also contains the IP
-+; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
-+; environment variable. With this switch it is possible to change this behavior
-+; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
-+; when your PHP server runs behind a reverse proxy.
-+;suhosin.log.use-x-forwarded-for = Off
-+
-+; -----------------------------------------------------------------------------
-+; Executor Options
-+
-+; Defines the maximum stack depth allowed by the executor before it stops the
-+; script. Without this function an endless recursion in a PHP script could
-+; crash the PHP executor or trigger the configured memory_limit. A value of
-+; "0" disables this feature.
-+;suhosin.executor.max_depth = 0
-+
-+; Defines how many "../" an include filename needs to contain to be considered
-+; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
-+; value of "3" will allow it. Most PHP applications should work flawlessly with
-+; values "4" or "5". A value of "0" disables this feature.
-+;suhosin.executor.include.max_traversal = 0
-+
-+; Comma separated whitelist of URL schemes that are allowed to be included from
-+; include or require statements. Additionally to URL schemes it is possible to
-+; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
-+; specified, then the blacklist is evaluated.
-+;suhosin.executor.include.whitelist =
-+
-+; Comma separated blacklist of URL schemes that are not allowed to be included
-+; from include or require statements. Additionally to URL schemes it is
-+; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
-+; blacklist and no whitelist is specified all URL schemes are forbidden.
-+;suhosin.executor.include.blacklist =
-+
-+; Comma separated whitelist of functions that are allowed to be called. If the
-+; whitelist is empty the blacklist is evaluated, otherwise calling a function
-+; not in the whitelist will terminate the script and get logged.
-+;suhosin.executor.func.whitelist =
-+
-+; Comma separated blacklist of functions that are not allowed to be called. If
-+; no whitelist is given, calling a function within the blacklist will terminate
-+; the script and get logged.
-+;suhosin.executor.func.blacklist =
-+
-+; Comma separated whitelist of functions that are allowed to be called from
-+; within eval(). If the whitelist is empty the blacklist is evaluated,
-+; otherwise calling a function not in the whitelist will terminate the script
-+; and get logged.
-+;suhosin.executor.eval.whitelist =
-+
-+; Comma separated blacklist of functions that are not allowed to be called from
-+; within eval(). If no whitelist is given, calling a function within the
-+; blacklist will terminate the script and get logged.
-+;suhosin.executor.eval.blacklist =
-+
-+; eval() is a very dangerous statement and therefore you might want to disable
-+; it completely. Deactivating it will however break lots of scripts. Because
-+; every violation is logged, this allows finding all places where eval() is
-+; used.
-+;suhosin.executor.disable_eval = Off
-+
-+; The /e modifier inside preg_replace() allows code execution. Often it is the
-+; cause for remote code execution exploits. It is wise to deactivate this
-+; feature and test where in the application it is used. The developer using the
-+; /e modifier should be made aware that he should use preg_replace_callback()
-+; instead.
-+;suhosin.executor.disable_emodifier = Off
-+
-+; This flag reactivates symlink() when open_basedir is used, which is disabled
-+; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
-+; is actually a security risk.
-+;suhosin.executor.allow_symlink = Off
-+
-+; -----------------------------------------------------------------------------
-+; Misc Options
-+
-+; If you fear that Suhosin breaks your application, you can activate Suhosin's
-+; simulation mode with this flag. When Suhosin runs in simulation mode,
-+; violations are logged as usual, but nothing is blocked or removed from the
-+; request. (Transparent Encryptions are NOT deactivated in simulation mode.)
-+;suhosin.simulation = Off
-+
-+; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
-+; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
-+; will overwrite the information Suhosin stores in this slot. When this flag is
-+; set Suhosin will request 2 Slots and use the second one. This allows working
-+; correctly with these buggy APC versions.
-+;suhosin.apc_bug_workaround = Off
-+
-+; When a SQL Query fails scripts often spit out a bunch of useful information
-+; for possible attackers. When this configuration directive is turned on, the
-+; script will silently terminate, after the problem has been logged. (This is
-+; not yet supported)
-+;suhosin.sql.bailout_on_error = Off
-+
-+; This is an experimental feature for shared environments. With this
-+; configuration option it is possible to specify a prefix that is automatically
-+; prepended to the database username, whenever a database connection is made.
-+; (Unless the username starts with the prefix)
-+;suhosin.sql.user_prefix =
-+
-+; This is an experimental feature for shared environments. With this
-+; configuration option it is possible to specify a postfix that is
-+; automatically appended to the database username, whenever a database
-+; connection is made. (Unless the username end with the postfix)
-+;
-+; With this feature it is possible for shared hosters to disallow customers to
-+; connect with the usernames of other customers. This feature is experimental,
-+; because support for PDO and PostgreSQL are not yet implemented.
-+;suhosin.sql.user_postfix =
-+
-+; This directive controls if multiple headers are allowed or not in a header()
-+; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
-+; multiple lines are still allowed).
-+;suhosin.multiheader = Off
-+
-+; This directive controls if the mail() header protection is activated or not
-+; and to what degree it is activated. The appended table lists the possible
-+; activation levels.
-+suhosin.mail.protect = 1
-+
-+; As long scripts are not running within safe_mode they are free to change the
-+; memory_limit to whatever value they want. Suhosin changes this fact and
-+; disallows setting the memory_limit to a value greater than the one the script
-+; started with, when this option is left at 0. A value greater than 0 means
-+; that Suhosin will disallows scripts setting the memory_limit to a value above
-+; this configured hard limit. This is for example usefull if you want to run
-+; the script normaly with a limit of 16M but image processing scripts may raise
-+; it to 20M.
-+;suhosin.memory_limit = 0
-+
-+; -----------------------------------------------------------------------------
-+; Transparent Encryption Options
-+
-+; Flag that decides if the transparent session encryption is activated or not.
-+;suhosin.session.encrypt = On
-+
-+; Session data can be encrypted transparently. The encryption key used consists
-+; of this user defined string (which can be altered by a script via ini_set())
-+; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
-+; REMOTE_ADDR.
-+;suhosin.session.cryptkey =
-+
-+; Flag that decides if the transparent session encryption key depends on the
-+; User-Agent field. (When activated this feature transparently adds a little
-+; bit protection against session fixation/hijacking attacks)
-+;suhosin.session.cryptua = On
-+
-+; Flag that decides if the transparent session encryption key depends on the
-+; Documentroot field.
-+;suhosin.session.cryptdocroot = On
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
-+; encryption key depends on. Keep in mind that this should not be used on sites
-+; that have visitors from big ISPs, because their IP address often changes
-+; during a session. But this feature might be interesting for admin interfaces
-+; or intranets. When used wisely this is a transparent protection against
-+; session hijacking/fixation.
-+;suhosin.session.cryptraddr = 0
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
-+; session. The difference to suhosin.session.cryptaddr is, that the IP is not
-+; part of the encryption key, so that the same session can be used for
-+; different areas with different protection levels on the site.
-+;suhosin.session.checkraddr = 0
-+
-+; Flag that decides if the transparent cookie encryption is activated or not.
-+;suhosin.cookie.encrypt = 0
-+
-+; Cookies can be encrypted transparently. The encryption key used consists of
-+; this user defined string and optionally the User-Agent, the Document-Root and
-+; 0-4 Octects of the REMOTE_ADDR.
-+;suhosin.cookie.cryptkey =
-+
-+; Flag that decides if the transparent session encryption key depends on the
-+; User-Agent field. (When activated this feature transparently adds a little
-+; bit protection against session fixation/hijacking attacks (if only session
-+; cookies are allowed))
-+;suhosin.cookie.cryptua = On
-+
-+; Flag that decides if the transparent cookie encryption key depends on the
-+; Documentroot field.
-+;suhosin.cookie.cryptdocroot = On
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
-+; encryption key depends on. Keep in mind that this should not be used on sites
-+; that have visitors from big ISPs, because their IP address often changes
-+; during a session. But this feature might be interesting for admin interfaces
-+; or intranets. When used wisely this is a transparent protection against
-+; session hijacking/fixation.
-+;suhosin.cookie.cryptraddr = 0
-+
-+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
-+; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
-+; part of the encryption key, so that the same cookie can be used for different
-+; areas with different protection levels on the site.
-+;suhosin.cookie.checkraddr = 0
-+
-+; In case not all cookies are supposed to get encrypted this is a comma
-+; separated list of cookie names that should get encrypted. All other cookies
-+; will not get touched.
-+;suhosin.cookie.cryptlist =
-+
-+; In case some cookies should not be crypted this is a comma separated list of
-+; cookies that do not get encrypted. All other cookies will be encrypted.
-+;suhosin.cookie.plainlist =
-+
-+; -----------------------------------------------------------------------------
-+; Filtering Options
-+
-+; Defines the reaction of Suhosin on a filter violation.
-+;suhosin.filter.action =
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; the COOKIE.
-+;suhosin.cookie.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; the COOKIE.
-+;suhosin.cookie.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; the COOKIE. For array variables this is the name in front of the indices.
-+;suhosin.cookie.max_name_length = 64
-+
-+; Defines the maximum length of the total variable name when registered through
-+; the COOKIE. For array variables this includes all indices.
-+;suhosin.cookie.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through the
-+; COOKIE.
-+;suhosin.cookie.max_value_length = 10000
-+
-+; Defines the maximum number of variables that may be registered through the
-+; COOKIE.
-+;suhosin.cookie.max_vars = 100
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.cookie.disallow_nul = 1
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; the URL
-+;suhosin.get.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; the URL
-+;suhosin.get.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; the URL. For array variables this is the name in front of the indices.
-+;suhosin.get.max_name_length = 64
-+
-+; Defines the maximum length of the total variable name when registered through
-+; the URL. For array variables this includes all indices.
-+;suhosin.get.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through the URL.
-+;suhosin.get.max_value_length = 512
-+
-+; Defines the maximum number of variables that may be registered through the
-+; URL.
-+;suhosin.get.max_vars = 100
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.get.disallow_nul = 1
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; a POST request.
-+;suhosin.post.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; a POST request.
-+;suhosin.post.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; a POST request. For array variables this is the name in front of the indices.
-+;suhosin.post.max_name_length = 64
-+
-+; Defines the maximum length of the total variable name when registered through
-+; a POST request. For array variables this includes all indices.
-+;suhosin.post.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through a POST
-+; request.
-+;suhosin.post.max_value_length = 65000
-+
-+; Defines the maximum number of variables that may be registered through a POST
-+; request.
-+;suhosin.post.max_vars = 200
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.post.disallow_nul = 1
-+
-+; Defines the maximum depth an array variable may have, when registered through
-+; GET , POST or COOKIE. This setting is also an upper limit for the separate
-+; GET, POST, COOKIE configuration directives.
-+;suhosin.request.max_array_depth = 50
-+
-+; Defines the maximum length of array indices for variables registered through
-+; GET, POST or COOKIE. This setting is also an upper limit for the separate
-+; GET, POST, COOKIE configuration directives.
-+;suhosin.request.max_array_index_length = 64
-+
-+; Defines the maximum length of variable names for variables registered through
-+; the COOKIE, the URL or through a POST request. This is the complete name
-+; string, including all indicies. This setting is also an upper limit for the
-+; separate GET, POST, COOKIE configuration directives.
-+;suhosin.request.max_totalname_length = 256
-+
-+; Defines the maximum length of a variable that is registered through the
-+; COOKIE, the URL or through a POST request. This setting is also an upper
-+; limit for the variable origin specific configuration directives.
-+;suhosin.request.max_value_length = 65000
-+
-+; Defines the maximum number of variables that may be registered through the
-+; COOKIE, the URL or through a POST request. This setting is also an upper
-+; limit for the variable origin specific configuration directives.
-+;suhosin.request.max_vars = 200
-+
-+; Defines the maximum name length (excluding possible array indicies) of
-+; variables that may be registered through the COOKIE, the URL or through a
-+; POST request. This setting is also an upper limit for the variable origin
-+; specific configuration directives.
-+;suhosin.request.max_varname_length = 64
-+
-+; When set to On ASCIIZ chars are not allowed in variables.
-+;suhosin.request.disallow_nul = 1
-+
-+; Defines the maximum number of files that may be uploaded with one request.
-+;suhosin.upload.max_uploads = 25
-+
-+; When set to On it is not possible to upload ELF executables.
-+;suhosin.upload.disallow_elf = 1
-+
-+; When set to On it is not possible to upload binary files.
-+;suhosin.upload.disallow_binary = 0
-+
-+; When set to On binary content is removed from the uploaded files.
-+;suhosin.upload.remove_binary = 0
-+
-+; This defines the full path to a verification script for uploaded files. The
-+; script gets the temporary filename supplied and has to decide if the upload
-+; is allowed. A possible application for this is to scan uploaded files for
-+; viruses. The called script has to write a 1 as first line to standard output
-+; to allow the upload. Any other value or no output at all will result in the
-+; file being deleted.
-+;suhosin.upload.verification_script =
-+
-+; Specifies the maximum length of the session identifier that is allowed. When
-+; a longer session identifier is passed a new session identifier will be
-+; created. This feature is important to fight bufferoverflows in 3rd party
-+; session handlers.
-+;suhosin.session.max_id_length = 128
-+
-+; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
-+; detects a bufferoverflow, memory corruption or double free. This is only
-+; for debugging purposes and should not be activated.
-+;suhosin.coredump = Off
-+
-+; Undocumented: Controls if the encryption keys specified by the configuration
-+; are shown in the phpinfo() output or if they are hidden from it
-+;suhosin.protectkey = 1
-+
-+; Controls if suhosin loads in stealth mode when it is not the only
-+; zend_extension (Required for full compatibility with certain encoders
-+;  that consider open source untrusted. e.g. ionCube, Zend)
-+;suhosin.stealth = 1
-+
-+; Controls if suhosin's ini directives are changeable per directory
-+; because the admin might want to allow some features to be controlable
-+; by .htaccess and some not. For example the logging capabilities can
-+; break safemode and open_basedir restrictions when .htaccess support is
-+; allowed and the admin forgot to fix their values in httpd.conf
-+; An empty value or a 0 will result in all directives not allowed in
-+; .htaccess. The string "legcprsum" will allow logging, execution, get,
-+; post, cookie, request, sql, upload, misc features in .htaccess
-+;suhosin.perdir = "0"
-+
-+;;;;;;;;;;;;;;;;;;;;;;
-+; Dynamic Extensions ;
-+;;;;;;;;;;;;;;;;;;;;;;
-+;
-+; If you wish to have an extension loaded automatically, use the following
-+; syntax:
-+;
-+;   extension=modulename.so
-+;
-+; Note that it should be the name of the module only; no directory information
-+; needs to go here.  Specify the location of the extension with the
-+; extension_dir directive above.
Reply | Threaded
Open this post in threaded view
|

Re: UPDATE www/php

Robert Nagy
I'd rathjer have this as a separete port after unlock. So find me in a couple
of weeks in case i forget.

On (2009-07-08 18:56), Max Varencov wrote:

> Hi,
>
> Here is a diff for PHP 5.3.0. This diff just for testing.
> Diff without suhosin path.
>
> Removed extensions:
>  - ncurses
>  - mhash
>  - pspell
>  - dbase
>
> Moved from core to shared extensions:
>  - openssl
>  - gettext
>  - exif
>  - sockets
>
> New extensions:
>  - pchar
>  - fileinfo
>  - enchant
>  - sqlite3
>
> Extensions mysql, mysqli and pdo_mysql now use mysqlnd.
>
> Extension 'enchant' is not compile in ports ports/textproc/enchant and  
> 'gmp' ports/devel/gmp too.
>
> Release Announcement: http://php.net/releases/5_3_0.php
>
> Tested on OpenBSD current amd64.
>
> Any comments? :)

> diff -uNr --exclude=CVS www/php5/Makefile.inc mystuff/www/php5/Makefile.inc
> --- www/php5/Makefile.inc Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/Makefile.inc Wed Jul  8 15:29:59 2009
> @@ -4,9 +4,7 @@
>  # and has Apache that supports DSO's.
>  NOT_FOR_ARCHS= ${NO_SHARED_ARCHS}
>  
> -V= 5.2.10
> -SUHOSIN_V= 0.9.27
> -SUHOSIN_P_V= 0.9.7
> +V= 5.3.0
>  
>  DISTNAME?= php-${V}
>  CATEGORIES= www lang
> @@ -15,14 +13,10 @@
>  HOMEPAGE= http://www.php.net/
>  
>  MASTER_SITES= http://us2.php.net/distributions/ \
> - http://se.php.net/distributions/ \
> +                        http://se.php.net/distributions/ \
>   http://no.php.net/distributions/ \
>   http://uk.php.net/distributions/
> -MASTER_SITES0= http://blade2k.humppa.hu/ \
> - http://download.suhosin.org/
>  
> -# UPGRADERS: please read BOTH the PHP and Zend licenses
> -# and make sure they are safe before an upgrade
>  PERMIT_PACKAGE_CDROM=   Yes
>  PERMIT_PACKAGE_FTP=     Yes
>  PERMIT_DISTFILES_CDROM= Yes
> @@ -51,35 +45,18 @@
>   EXTENSION_DIR=${MODULES_DIR}
>  MAKE_ENV=               ${CONFIGURE_ENV}
>  
> -CONFIGURE_ARGS+= --enable-shared \
> - --disable-static \
> - --disable-rpath \
> - --with-config-file-path=${PHP_CONFIG_PATH} \
> - --enable-inline-optimization \
> - --with-pic
> +CONFIGURE_ARGS+=--disable-all \
> + --disable-static \
> + --disable-rpath \
> + --enable-shared \
> + --enable-inline-optimization \
> + --with-config-file-path=${PHP_CONFIG_PATH} \
> + --with-pic \
> + --with-apxs=/usr/sbin/apxs
>  
> -# default included extensions
> -CONFIGURE_ARGS+= --with-openssl \
> - --with-zlib
> -
>  REGRESS_TARGET= test
>  REGRESS_FLAGS= NO_INTERACTION=1
>  
>  CHECKSUM_FILE= ${.CURDIR}/../distinfo
>  PATCH_LIST= ${.CURDIR}/../patches/patch-* \
>   patch-*
> -
> -PSEUDO_FLAVORS+= no_suhosin
> -FLAVOR?=
> -.if ${FLAVOR:L:Mno_suhosin}
> -SUPDISTFILES= suhosin-${SUHOSIN_V}.tgz:0 \
> - suhosin-patch-${V}-${SUHOSIN_P_V}-openbsd.patch.gz:0
> -.else
> -DISTFILES+= suhosin-${SUHOSIN_V}.tgz:0
> -PATCHFILES= suhosin-patch-${V}-${SUHOSIN_P_V}-openbsd.patch.gz:0
> -PATCH_DIST_STRIP= -p1
> -CONFIGURE_ARGS+= --enable-suhosin
> -
> -post-patch:
> - mv ${WRKDIR}/suhosin-${SUHOSIN_V} ${WRKSRC}/ext/suhosin
> -.endif
> diff -uNr --exclude=CVS www/php5/core/Makefile mystuff/www/php5/core/Makefile
> --- www/php5/core/Makefile Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/core/Makefile Wed Jul  8 17:41:49 2009
> @@ -11,31 +11,32 @@
>  
>  MULTI_PACKAGES= -main -fastcgi
>  
> -CONFIGURE_ARGS+=--with-apxs=/usr/sbin/apxs \
> - --without-mysql \
> - --enable-xml \
> - --enable-wddx \
> - --enable-cli \
> +CONFIGURE_ARGS+=--with-config-file-scan-dir=${PHP_CONFIG_PATH}/php5 \
> + --with-pear=${LOCALBASE}/share/php5 \
>   --with-iconv=${LOCALBASE} \
> - --with-gettext=${LOCALBASE} \
> + --with-zlib \
> + --with-pcre-regex \
> + --with-mysql=shared,mysqlnd \
> + --enable-pdo \
>   --enable-bcmath \
>   --enable-session \
>   --enable-calendar \
>   --enable-ctype \
>   --enable-ftp \
> - --with-pcre-regex \
> - --enable-sockets \
> + --enable-xml \
> + --enable-libxml \
> + --enable-wddx \
> + --enable-json \
> + --enable-filter \
> + --enable-hash \
> + --enable-dom \
> + --enable-posix \
> + --enable-xmlreader \
> + --enable-xmlwriter \
> + --enable-simplexml \
> + --enable-tokenizer \
>   --enable-sysvsem \
> - --enable-sysvshm \
> - --enable-exif \
> - --without-sqlite \
> - --without-pdo-sqlite \
> - --with-pear=${LOCALBASE}/share/php5 \
> - --enable-fastcgi \
> - --enable-force-cgi-redirect \
> - --with-config-file-scan-dir=${PHP_CONFIG_PATH}/php5
> -
> -MODULES= devel/gettext
> + --enable-sysvshm
>  
>  # some variables to substitute
>  SUBST_VARS= PHP_CONFIG_FILE PHP_CONFIG_PATH
> @@ -69,7 +70,7 @@
>   @perl -pi -e "s,!!PREFIX!!,${TRUEPREFIX},g" \
>   ${PREFIX}/share/examples/php5/php5.conf
>  
> -.for i in dist recommended
> +.for i in production development
>   @sed -e 's,MODULES_DIR,${MODULES_DIR},' \
>       -e 's,OPENBSD_INCLUDE_PATH,/pear/lib:${CHROOT_DIR}/pear/lib,' \
>   <${WRKSRC}/php.ini-${i} \
> diff -uNr --exclude=CVS www/php5/core/patches/patch-configure mystuff/www/php5/core/patches/patch-configure
> --- www/php5/core/patches/patch-configure Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/core/patches/patch-configure Wed Jul  8 18:11:32 2009
> @@ -0,0 +1,11 @@
> +--- configure.orig Wed Jul  8 18:10:50 2009
> ++++ configure Wed Jul  8 18:11:09 2009
> +@@ -96381,7 +96381,7 @@
> + echo "$ac_t""$ext_output" 1>&6
> +
> +
> +-
> ++PHP_MYSQLND_ENABLED=yes
> +
> + if test "$PHP_MYSQLND_ENABLED" = "yes"; then
> +   mysqlnd_sources="mysqlnd.c mysqlnd_charset.c mysqlnd_wireprotocol.c \
> diff -uNr --exclude=CVS www/php5/core/patches/patch-ext_spl_php_spl_c mystuff/www/php5/core/patches/patch-ext_spl_php_spl_c
> --- www/php5/core/patches/patch-ext_spl_php_spl_c Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/core/patches/patch-ext_spl_php_spl_c Tue Jun 30 14:45:01 2009
> @@ -0,0 +1,29 @@
> +--- ext/spl/php_spl.c.orig Tue Jun 30 14:41:48 2009
> ++++ ext/spl/php_spl.c Tue Jun 30 14:42:14 2009
> +@@ -708,7 +708,7 @@
> +
> + PHPAPI void php_spl_object_hash(zval *obj, char *result TSRMLS_DC) /* {{{*/
> + {
> +- intptr_t hash_handle, hash_handlers;
> ++ zend_intptr_t hash_handle, hash_handlers;
> + char *hex;
> +
> + if (!SPL_G(hash_mask_init)) {
> +@@ -716,13 +716,13 @@
> + php_mt_srand(GENERATE_SEED() TSRMLS_CC);
> + }
> +
> +- SPL_G(hash_mask_handle)   = (intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
> +- SPL_G(hash_mask_handlers) = (intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
> ++ SPL_G(hash_mask_handle)   = (zend_intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
> ++ SPL_G(hash_mask_handlers) = (zend_intptr_t)(php_mt_rand(TSRMLS_C) >> 1);
> + SPL_G(hash_mask_init) = 1;
> + }
> +
> +- hash_handle   = SPL_G(hash_mask_handle)^(intptr_t)Z_OBJ_HANDLE_P(obj);
> +- hash_handlers = SPL_G(hash_mask_handlers)^(intptr_t)Z_OBJ_HT_P(obj);
> ++ hash_handle   = SPL_G(hash_mask_handle)^(zend_intptr_t)Z_OBJ_HANDLE_P(obj);
> ++ hash_handlers = SPL_G(hash_mask_handlers)^(zend_intptr_t)Z_OBJ_HT_P(obj);
> +
> + spprintf(&hex, 32, "%016x%016x", hash_handle, hash_handlers);
> +
> diff -uNr --exclude=CVS www/php5/core/patches/patch-ext_spl_php_spl_h mystuff/www/php5/core/patches/patch-ext_spl_php_spl_h
> --- www/php5/core/patches/patch-ext_spl_php_spl_h Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/core/patches/patch-ext_spl_php_spl_h Tue Jun 30 14:45:10 2009
> @@ -0,0 +1,13 @@
> +--- ext/spl/php_spl.h.orig Tue Jun 30 14:40:44 2009
> ++++ ext/spl/php_spl.h Tue Jun 30 14:41:24 2009
> +@@ -65,8 +65,8 @@
> + HashTable *  autoload_functions;
> + int          autoload_running;
> + int          autoload_extensions_len;
> +- intptr_t     hash_mask_handle;
> +- intptr_t     hash_mask_handlers;
> ++ zend_intptr_t     hash_mask_handle;
> ++ zend_intptr_t     hash_mask_handlers;
> + int          hash_mask_init;
> + ZEND_END_MODULE_GLOBALS(spl)
> +
> diff -uNr --exclude=CVS www/php5/core/patches/patch-sapi_cgi_cgi_main_c mystuff/www/php5/core/patches/patch-sapi_cgi_cgi_main_c
> --- www/php5/core/patches/patch-sapi_cgi_cgi_main_c Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/core/patches/patch-sapi_cgi_cgi_main_c Tue Jun 30 13:44:03 2009
> @@ -0,0 +1,24 @@
> +--- sapi/cgi/cgi_main.c.orig Wed Jun 17 23:28:52 2009
> ++++ sapi/cgi/cgi_main.c Tue Jun 30 13:43:12 2009
> +@@ -1460,6 +1460,7 @@
> + char *orig_optarg = php_optarg;
> + char *script_file = NULL;
> + int ini_entries_len = 0;
> ++ char *ini;
> + /* end of temporary locals */
> +
> + #ifdef ZTS
> +@@ -1509,8 +1510,12 @@
> + tsrm_ls = ts_resource(0);
> + #endif
> +
> ++ if ((ini = getenv("PHP_INI_PATH"))) {
> ++ cgi_sapi_module.php_ini_path_override = ini;
> ++ } else {
> ++ cgi_sapi_module.php_ini_path_override = NULL;
> ++ }
> + sapi_startup(&cgi_sapi_module);
> +- cgi_sapi_module.php_ini_path_override = NULL;
> +
> + #ifdef PHP_WIN32
> + _fmode = _O_BINARY; /* sets default for file streams to binary */
> diff -uNr --exclude=CVS www/php5/core/patches/patch-sapi_cgi_config9_m4 mystuff/www/php5/core/patches/patch-sapi_cgi_config9_m4
> --- www/php5/core/patches/patch-sapi_cgi_config9_m4 Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/core/patches/patch-sapi_cgi_config9_m4 Thu Jul  2 16:25:46 2009
> @@ -1,7 +1,6 @@
> -$OpenBSD: patch-sapi_cgi_config9_m4,v 1.4 2007/09/05 09:11:34 robert Exp $
> ---- sapi/cgi/config9.m4.orig Thu Jul 12 01:20:36 2007
> -+++ sapi/cgi/config9.m4 Fri Aug 31 09:33:21 2007
> -@@ -25,7 +25,6 @@ PHP_ARG_ENABLE(path-info-check,,
> +--- sapi/cgi/config9.m4.orig Mon Oct  1 16:40:54 2007
> ++++ sapi/cgi/config9.m4 Thu Jul  2 15:56:41 2009
> +@@ -8,7 +8,6 @@
>   dnl
>   dnl CGI setup
>   dnl
> @@ -9,17 +8,19 @@
>     AC_MSG_CHECKING(whether to build CGI binary)
>     if test "$PHP_CGI" != "no"; then
>       AC_MSG_RESULT(yes)
> -@@ -86,7 +85,8 @@ if test "$PHP_SAPI" = "default"; then
> +@@ -54,8 +53,9 @@
>  
>       dnl Set install target and select SAPI
>       INSTALL_IT="@echo \"Installing PHP CGI binary: \$(INSTALL_ROOT)\$(bindir)/\"; \$(INSTALL) -m 0755 \$(SAPI_CGI_PATH) \$(INSTALL_ROOT)\$(bindir)/\$(program_prefix)php-cgi\$(program_suffix)\$(EXEEXT)"
> --    PHP_SELECT_SAPI(cgi, program, $PHP_FCGI_FILES cgi_main.c getopt.c,, '$(SAPI_CGI_PATH)')
> -+    PHP_ADD_SOURCES(sapi/cgi, $PHP_FCGI_FILES cgi_main.c getopt.c,, cgi)
> +-    PHP_SELECT_SAPI(cgi, program, cgi_main.c fastcgi.c,, '$(SAPI_CGI_PATH)')
> +-
>  +    PHP_ADD_SOURCES(/main, internal_functions.c,,cgi)
> -
> ++    PHP_ADD_SOURCES(/sapi/cgi, $PHP_FCGI_FILES cgi_main.c fastcgi.c,, cgi)
> ++    
>       case $host_alias in
>         *aix*)
> -@@ -96,17 +96,26 @@ if test "$PHP_SAPI" = "default"; then
> +         BUILD_CGI="echo '\#! .' > php.sym && echo >>php.sym && nm -BCpg \`echo \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) | sed 's/\([A-Za-z0-9_]*\)\.lo/\1.o/g'\` | \$(AWK) '{ if (((\$\$2 == \"T\") || (\$\$2 == \"D\") || (\$\$2 == \"B\")) && (substr(\$\$3,1,1) != \".\")) { print \$\$3 } }' | sort -u >> php.sym && \$(LIBTOOL) --mode=link \$(CC) -export-dynamic \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) -Wl,-brtl -Wl,-bE:php.sym \$(PHP_RPATHS) \$(PHP_GLOBAL_OBJS) \$(PHP_SAPI_OBJS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
> +@@ -64,17 +64,26 @@
>           BUILD_CGI="\$(CC) \$(CFLAGS_CLEAN) \$(EXTRA_CFLAGS) \$(EXTRA_LDFLAGS_PROGRAM) \$(LDFLAGS) \$(NATIVE_RPATHS) \$(PHP_GLOBAL_OBJS:.lo=.o) \$(PHP_SAPI_OBJS:.lo=.o) \$(PHP_FRAMEWORKS) \$(EXTRA_LIBS) \$(ZEND_EXTRA_LIBS) -o \$(SAPI_CGI_PATH)"
>         ;;
>         *)
> diff -uNr --exclude=CVS www/php5/core/patches/patch-sapi_cgi_main_c mystuff/www/php5/core/patches/patch-sapi_cgi_main_c
> --- www/php5/core/patches/patch-sapi_cgi_main_c Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/core/patches/patch-sapi_cgi_main_c Thu Jan  1 03:00:00 1970
> @@ -1,25 +0,0 @@
> ---- sapi/cgi/cgi_main.c.orig Tue Mar 10 20:48:33 2009
> -+++ sapi/cgi/cgi_main.c Tue Mar 10 21:02:07 2009
> -@@ -1323,7 +1323,7 @@ int main(int argc, char *argv[])
> - char *orig_optarg = php_optarg;
> - char *script_file = NULL;
> - int ini_entries_len = 0;
> --
> -+ char *ini;
> - /* end of temporary locals */
> - #ifdef ZTS
> - void ***tsrm_ls;
> -@@ -1375,8 +1375,12 @@ int main(int argc, char *argv[])
> - tsrm_ls = ts_resource(0);
> - #endif
> -
> -+ if ((ini = getenv("PHP_INI_PATH"))) {
> -+ cgi_sapi_module.php_ini_path_override = ini;
> -+ } else {
> -+ cgi_sapi_module.php_ini_path_override = NULL;
> -+ }
> - sapi_startup(&cgi_sapi_module);
> -- cgi_sapi_module.php_ini_path_override = NULL;
> -
> - #ifdef PHP_WIN32
> - _fmode = _O_BINARY; /* sets default for file streams to binary */
> diff -uNr --exclude=CVS www/php5/core/pkg/DESCR-main mystuff/www/php5/core/pkg/DESCR-main
> --- www/php5/core/pkg/DESCR-main Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/core/pkg/DESCR-main Thu Jul  2 17:26:30 2009
> @@ -8,11 +8,3 @@
>  
>  This package installs a stand-alone binary which can be used for
>  command-line scripts, as well as an Apache module.
> -
> -By default this port uses the suhosin patch.
> -The suhosin patch adds security hardening features to PHP
> -to protect your servers on the one hand against a number of
> -well known problems in PHP applications and on the other hand
> -against potential unknown vulnerabilities within those
> -applications or the PHP core itself.
> -http://www.hardened-php.net/suhosin/index.html
> diff -uNr --exclude=CVS www/php5/core/pkg/PFRAG.no-no_suhosin-main mystuff/www/php5/core/pkg/PFRAG.no-no_suhosin-main
> --- www/php5/core/pkg/PFRAG.no-no_suhosin-main Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/core/pkg/PFRAG.no-no_suhosin-main Thu Jan  1 03:00:00 1970
> @@ -1,4 +0,0 @@
> -@comment $OpenBSD: PFRAG.no-no_suhosin-main,v 1.1 2007/08/27 09:44:43 robert Exp $
> -share/php5/include/main/suhosin_globals.h
> -share/php5/include/main/suhosin_logo.h
> -share/php5/include/main/suhosin_patch.h
> diff -uNr --exclude=CVS www/php5/core/pkg/PLIST-main mystuff/www/php5/core/pkg/PLIST-main
> --- www/php5/core/pkg/PLIST-main Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/core/pkg/PLIST-main Wed Jul  8 18:17:34 2009
> @@ -11,8 +11,8 @@
>  @man man/man1/php.1
>  @man man/man1/phpize.1
>  share/examples/php5/
> -share/examples/php5/php.ini-dist
> -share/examples/php5/php.ini-recommended
> +share/examples/php5/php.ini-development
> +share/examples/php5/php.ini-production
>  @sample ${PHP_CONFIG_PATH}/php.ini
>  share/examples/php5/php5.conf
>  @sample ${PHP_CONFIG_PATH}/modules.sample/php5.conf
> @@ -44,12 +44,13 @@
>  share/php5/include/TSRM/tsrm_virtual_cwd.h
>  share/php5/include/TSRM/tsrm_win32.h
>  share/php5/include/Zend/
> -share/php5/include/Zend/FlexLexer.h
>  share/php5/include/Zend/acconfig.h
>  share/php5/include/Zend/zend.h
>  share/php5/include/Zend/zend_API.h
>  share/php5/include/Zend/zend_alloc.h
> +share/php5/include/Zend/zend_build.h
>  share/php5/include/Zend/zend_builtin_functions.h
> +share/php5/include/Zend/zend_closures.h
>  share/php5/include/Zend/zend_compile.h
>  share/php5/include/Zend/zend_config.h
>  share/php5/include/Zend/zend_config.nw.h
> @@ -61,6 +62,8 @@
>  share/php5/include/Zend/zend_execute.h
>  share/php5/include/Zend/zend_extensions.h
>  share/php5/include/Zend/zend_fast_cache.h
> +share/php5/include/Zend/zend_float.h
> +share/php5/include/Zend/zend_gc.h
>  share/php5/include/Zend/zend_globals.h
>  share/php5/include/Zend/zend_globals_macros.h
>  share/php5/include/Zend/zend_hash.h
> @@ -69,11 +72,13 @@
>  share/php5/include/Zend/zend_ini.h
>  share/php5/include/Zend/zend_ini_parser.h
>  share/php5/include/Zend/zend_ini_scanner.h
> +share/php5/include/Zend/zend_ini_scanner_defs.h
>  share/php5/include/Zend/zend_interfaces.h
>  share/php5/include/Zend/zend_istdiostream.h
>  share/php5/include/Zend/zend_iterators.h
>  share/php5/include/Zend/zend_language_parser.h
>  share/php5/include/Zend/zend_language_scanner.h
> +share/php5/include/Zend/zend_language_scanner_defs.h
>  share/php5/include/Zend/zend_list.h
>  share/php5/include/Zend/zend_llist.h
>  share/php5/include/Zend/zend_modules.h
> @@ -105,6 +110,15 @@
>  share/php5/include/ext/date/php_date.h
>  share/php5/include/ext/dom/
>  share/php5/include/ext/dom/xml_common.h
> +share/php5/include/ext/ereg/
> +share/php5/include/ext/ereg/php_ereg.h
> +share/php5/include/ext/ereg/php_regex.h
> +share/php5/include/ext/ereg/regex/
> +share/php5/include/ext/ereg/regex/cclass.h
> +share/php5/include/ext/ereg/regex/cname.h
> +share/php5/include/ext/ereg/regex/regex.h
> +share/php5/include/ext/ereg/regex/regex2.h
> +share/php5/include/ext/ereg/regex/utils.h
>  share/php5/include/ext/filter/
>  share/php5/include/ext/filter/php_filter.h
>  share/php5/include/ext/hash/
> @@ -115,6 +129,7 @@
>  share/php5/include/ext/hash/php_hash_haval.h
>  share/php5/include/ext/hash/php_hash_md.h
>  share/php5/include/ext/hash/php_hash_ripemd.h
> +share/php5/include/ext/hash/php_hash_salsa.h
>  share/php5/include/ext/hash/php_hash_sha.h
>  share/php5/include/ext/hash/php_hash_snefru.h
>  share/php5/include/ext/hash/php_hash_tiger.h
> @@ -130,8 +145,28 @@
>  share/php5/include/ext/iconv/php_iconv_supports_errno.h
>  share/php5/include/ext/iconv/php_php_iconv_h_path.h
>  share/php5/include/ext/iconv/php_php_iconv_impl.h
> +share/php5/include/ext/json/
> +share/php5/include/ext/json/php_json.h
>  share/php5/include/ext/libxml/
>  share/php5/include/ext/libxml/php_libxml.h
> +share/php5/include/ext/mysqlnd/
> +share/php5/include/ext/mysqlnd/config-win.h
> +share/php5/include/ext/mysqlnd/mysqlnd.h
> +share/php5/include/ext/mysqlnd/mysqlnd_block_alloc.h
> +share/php5/include/ext/mysqlnd/mysqlnd_charset.h
> +share/php5/include/ext/mysqlnd/mysqlnd_debug.h
> +share/php5/include/ext/mysqlnd/mysqlnd_enum_n_def.h
> +share/php5/include/ext/mysqlnd/mysqlnd_libmysql_compat.h
> +share/php5/include/ext/mysqlnd/mysqlnd_palloc.h
> +share/php5/include/ext/mysqlnd/mysqlnd_portability.h
> +share/php5/include/ext/mysqlnd/mysqlnd_priv.h
> +share/php5/include/ext/mysqlnd/mysqlnd_result.h
> +share/php5/include/ext/mysqlnd/mysqlnd_result_meta.h
> +share/php5/include/ext/mysqlnd/mysqlnd_statistics.h
> +share/php5/include/ext/mysqlnd/mysqlnd_structs.h
> +share/php5/include/ext/mysqlnd/mysqlnd_wireprotocol.h
> +share/php5/include/ext/mysqlnd/php_mysqlnd.h
> +share/php5/include/ext/mysqlnd/php_mysqlnd_config.h
>  share/php5/include/ext/pcre/
>  share/php5/include/ext/pcre/pcrelib/
>  share/php5/include/ext/pcre/pcrelib/config.h
> @@ -151,12 +186,14 @@
>  share/php5/include/ext/spl/php_spl.h
>  share/php5/include/ext/spl/spl_array.h
>  share/php5/include/ext/spl/spl_directory.h
> +share/php5/include/ext/spl/spl_dllist.h
>  share/php5/include/ext/spl/spl_engine.h
>  share/php5/include/ext/spl/spl_exceptions.h
> +share/php5/include/ext/spl/spl_fixedarray.h
>  share/php5/include/ext/spl/spl_functions.h
> +share/php5/include/ext/spl/spl_heap.h
>  share/php5/include/ext/spl/spl_iterators.h
>  share/php5/include/ext/spl/spl_observer.h
> -share/php5/include/ext/spl/spl_sxe.h
>  share/php5/include/ext/standard/
>  share/php5/include/ext/standard/base64.h
>  share/php5/include/ext/standard/basic_functions.h
> @@ -164,6 +201,7 @@
>  share/php5/include/ext/standard/credits.h
>  share/php5/include/ext/standard/credits_ext.h
>  share/php5/include/ext/standard/credits_sapi.h
> +share/php5/include/ext/standard/crypt_freesec.h
>  share/php5/include/ext/standard/css.h
>  share/php5/include/ext/standard/cyr_convert.h
>  share/php5/include/ext/standard/datetime.h
> @@ -184,6 +222,7 @@
>  share/php5/include/ext/standard/php_assert.h
>  share/php5/include/ext/standard/php_browscap.h
>  share/php5/include/ext/standard/php_crypt.h
> +share/php5/include/ext/standard/php_crypt_r.h
>  share/php5/include/ext/standard/php_dir.h
>  share/php5/include/ext/standard/php_ext_syslog.h
>  share/php5/include/ext/standard/php_filestat.h
> @@ -209,7 +248,6 @@
>  share/php5/include/ext/standard/php_versioning.h
>  share/php5/include/ext/standard/proc_open.h
>  share/php5/include/ext/standard/quot_print.h
> -share/php5/include/ext/standard/reg.h
>  share/php5/include/ext/standard/scanf.h
>  share/php5/include/ext/standard/sha1.h
>  share/php5/include/ext/standard/streamsfuncs.h
> @@ -217,6 +255,7 @@
>  share/php5/include/ext/standard/url.h
>  share/php5/include/ext/standard/url_scanner.h
>  share/php5/include/ext/standard/url_scanner_ex.h
> +share/php5/include/ext/standard/winver.h
>  share/php5/include/ext/xml/
>  share/php5/include/ext/xml/expat_compat.h
>  share/php5/include/ext/xml/php_xml.h
> @@ -224,7 +263,6 @@
>  share/php5/include/main/
>  share/php5/include/main/SAPI.h
>  share/php5/include/main/build-defs.h
> -share/php5/include/main/config.w32.h
>  share/php5/include/main/fopen_wrappers.h
>  share/php5/include/main/logos.h
>  share/php5/include/main/php.h
> @@ -232,6 +270,7 @@
>  share/php5/include/main/php_compat.h
>  share/php5/include/main/php_config.h
>  share/php5/include/main/php_content_types.h
> +share/php5/include/main/php_getopt.h
>  share/php5/include/main/php_globals.h
>  share/php5/include/main/php_ini.h
>  share/php5/include/main/php_logos.h
> @@ -241,7 +280,6 @@
>  share/php5/include/main/php_open_temporary_file.h
>  share/php5/include/main/php_output.h
>  share/php5/include/main/php_reentrancy.h
> -share/php5/include/main/php_regex.h
>  share/php5/include/main/php_scandir.h
>  share/php5/include/main/php_streams.h
>  share/php5/include/main/php_syslog.h
> @@ -255,19 +293,13 @@
>  share/php5/include/main/streams/
>  share/php5/include/main/streams/php_stream_context.h
>  share/php5/include/main/streams/php_stream_filter_api.h
> +share/php5/include/main/streams/php_stream_glob_wrapper.h
>  share/php5/include/main/streams/php_stream_mmap.h
>  share/php5/include/main/streams/php_stream_plain_wrapper.h
>  share/php5/include/main/streams/php_stream_transport.h
>  share/php5/include/main/streams/php_stream_userspace.h
>  share/php5/include/main/streams/php_streams_int.h
> -!%%no_suhosin%%
> +share/php5/include/main/win32_internal_function_disabled.h
>  share/php5/include/main/win95nt.h
> -share/php5/include/regex/
> -share/php5/include/regex/cclass.h
> -share/php5/include/regex/cname.h
> -share/php5/include/regex/regex.h
> -share/php5/include/regex/regex2.h
> -share/php5/include/regex/regex_extra.h
> -share/php5/include/regex/utils.h
>  @extraunexec rm -fr ${PHP_CONFIG_PATH}/php5/
>  @unexec-delete rm -fr ${PHP_CONFIG_PATH}/php5.sample/
> diff -uNr --exclude=CVS www/php5/core/pkg/PLIST-main.orig mystuff/www/php5/core/pkg/PLIST-main.orig
> --- www/php5/core/pkg/PLIST-main.orig Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/core/pkg/PLIST-main.orig Sun Jul  5 15:13:34 2009
> @@ -0,0 +1,287 @@
> +@comment $OpenBSD: PLIST-main,v 1.10 2009/04/29 11:36:58 sthen Exp $
> +@conflict php4-core-*
> +@pkgpath www/php5/core
> +@pkgpath www/php5/core,hardened
> +%%SHARED%%
> +@bin bin/php
> +bin/php-config
> +bin/phpize
> +lib/php/
> +@man man/man1/php-config.1
> +@man man/man1/php.1
> +@man man/man1/phpize.1
> +share/examples/php5/
> +share/examples/php5/php.ini-development
> +share/examples/php5/php.ini-production
> +@sample ${PHP_CONFIG_PATH}/php.ini
> +share/examples/php5/php5.conf
> +@sample ${PHP_CONFIG_PATH}/modules.sample/php5.conf
> +@exec install -d ${PHP_CONFIG_PATH}/php5/
> +@exec install -d ${PHP_CONFIG_PATH}/php5.sample/
> +share/php5/
> +share/php5/build/
> +share/php5/build/Makefile.global
> +share/php5/build/acinclude.m4
> +share/php5/build/config.guess
> +share/php5/build/config.sub
> +share/php5/build/libtool.m4
> +share/php5/build/ltmain.sh
> +share/php5/build/mkdep.awk
> +share/php5/build/phpize.m4
> +share/php5/build/run-tests.php
> +share/php5/build/scan_makefile_in.awk
> +share/php5/build/shtool
> +share/php5/include/
> +share/php5/include/TSRM/
> +share/php5/include/TSRM/TSRM.h
> +share/php5/include/TSRM/acconfig.h
> +share/php5/include/TSRM/readdir.h
> +share/php5/include/TSRM/tsrm_config.h
> +share/php5/include/TSRM/tsrm_config.w32.h
> +share/php5/include/TSRM/tsrm_config_common.h
> +share/php5/include/TSRM/tsrm_nw.h
> +share/php5/include/TSRM/tsrm_strtok_r.h
> +share/php5/include/TSRM/tsrm_virtual_cwd.h
> +share/php5/include/TSRM/tsrm_win32.h
> +share/php5/include/Zend/
> +share/php5/include/Zend/acconfig.h
> +share/php5/include/Zend/zend.h
> +share/php5/include/Zend/zend_API.h
> +share/php5/include/Zend/zend_alloc.h
> +share/php5/include/Zend/zend_build.h
> +share/php5/include/Zend/zend_builtin_functions.h
> +share/php5/include/Zend/zend_closures.h
> +share/php5/include/Zend/zend_compile.h
> +share/php5/include/Zend/zend_config.h
> +share/php5/include/Zend/zend_config.nw.h
> +share/php5/include/Zend/zend_config.w32.h
> +share/php5/include/Zend/zend_constants.h
> +share/php5/include/Zend/zend_dynamic_array.h
> +share/php5/include/Zend/zend_errors.h
> +share/php5/include/Zend/zend_exceptions.h
> +share/php5/include/Zend/zend_execute.h
> +share/php5/include/Zend/zend_extensions.h
> +share/php5/include/Zend/zend_fast_cache.h
> +share/php5/include/Zend/zend_float.h
> +share/php5/include/Zend/zend_gc.h
> +share/php5/include/Zend/zend_globals.h
> +share/php5/include/Zend/zend_globals_macros.h
> +share/php5/include/Zend/zend_hash.h
> +share/php5/include/Zend/zend_highlight.h
> +share/php5/include/Zend/zend_indent.h
> +share/php5/include/Zend/zend_ini.h
> +share/php5/include/Zend/zend_ini_parser.h
> +share/php5/include/Zend/zend_ini_scanner.h
> +share/php5/include/Zend/zend_ini_scanner_defs.h
> +share/php5/include/Zend/zend_interfaces.h
> +share/php5/include/Zend/zend_istdiostream.h
> +share/php5/include/Zend/zend_iterators.h
> +share/php5/include/Zend/zend_language_parser.h
> +share/php5/include/Zend/zend_language_scanner.h
> +share/php5/include/Zend/zend_language_scanner_defs.h
> +share/php5/include/Zend/zend_list.h
> +share/php5/include/Zend/zend_llist.h
> +share/php5/include/Zend/zend_modules.h
> +share/php5/include/Zend/zend_multibyte.h
> +share/php5/include/Zend/zend_multiply.h
> +share/php5/include/Zend/zend_object_handlers.h
> +share/php5/include/Zend/zend_objects.h
> +share/php5/include/Zend/zend_objects_API.h
> +share/php5/include/Zend/zend_operators.h
> +share/php5/include/Zend/zend_ptr_stack.h
> +share/php5/include/Zend/zend_qsort.h
> +share/php5/include/Zend/zend_stack.h
> +share/php5/include/Zend/zend_static_allocator.h
> +share/php5/include/Zend/zend_stream.h
> +share/php5/include/Zend/zend_strtod.h
> +share/php5/include/Zend/zend_ts_hash.h
> +share/php5/include/Zend/zend_types.h
> +share/php5/include/Zend/zend_variables.h
> +share/php5/include/Zend/zend_vm.h
> +share/php5/include/Zend/zend_vm_def.h
> +share/php5/include/Zend/zend_vm_execute.h
> +share/php5/include/Zend/zend_vm_opcodes.h
> +share/php5/include/ext/
> +share/php5/include/ext/date/
> +share/php5/include/ext/date/lib/
> +share/php5/include/ext/date/lib/timelib.h
> +share/php5/include/ext/date/lib/timelib_config.h
> +share/php5/include/ext/date/lib/timelib_structs.h
> +share/php5/include/ext/date/php_date.h
> +share/php5/include/ext/dom/
> +share/php5/include/ext/dom/xml_common.h
> +share/php5/include/ext/ereg/
> +share/php5/include/ext/ereg/php_ereg.h
> +share/php5/include/ext/ereg/php_regex.h
> +share/php5/include/ext/ereg/regex/
> +share/php5/include/ext/ereg/regex/cclass.h
> +share/php5/include/ext/ereg/regex/cname.h
> +share/php5/include/ext/ereg/regex/regex.h
> +share/php5/include/ext/ereg/regex/regex2.h
> +share/php5/include/ext/ereg/regex/utils.h
> +share/php5/include/ext/filter/
> +share/php5/include/ext/filter/php_filter.h
> +share/php5/include/ext/hash/
> +share/php5/include/ext/hash/php_hash.h
> +share/php5/include/ext/hash/php_hash_adler32.h
> +share/php5/include/ext/hash/php_hash_crc32.h
> +share/php5/include/ext/hash/php_hash_gost.h
> +share/php5/include/ext/hash/php_hash_haval.h
> +share/php5/include/ext/hash/php_hash_md.h
> +share/php5/include/ext/hash/php_hash_ripemd.h
> +share/php5/include/ext/hash/php_hash_salsa.h
> +share/php5/include/ext/hash/php_hash_sha.h
> +share/php5/include/ext/hash/php_hash_snefru.h
> +share/php5/include/ext/hash/php_hash_tiger.h
> +share/php5/include/ext/hash/php_hash_types.h
> +share/php5/include/ext/hash/php_hash_whirlpool.h
> +share/php5/include/ext/iconv/
> +share/php5/include/ext/iconv/php_have_bsd_iconv.h
> +share/php5/include/ext/iconv/php_have_glibc_iconv.h
> +share/php5/include/ext/iconv/php_have_ibm_iconv.h
> +share/php5/include/ext/iconv/php_have_iconv.h
> +share/php5/include/ext/iconv/php_have_libiconv.h
> +share/php5/include/ext/iconv/php_iconv.h
> +share/php5/include/ext/iconv/php_iconv_supports_errno.h
> +share/php5/include/ext/iconv/php_php_iconv_h_path.h
> +share/php5/include/ext/iconv/php_php_iconv_impl.h
> +share/php5/include/ext/json/
> +share/php5/include/ext/json/php_json.h
> +share/php5/include/ext/libxml/
> +share/php5/include/ext/libxml/php_libxml.h
> +share/php5/include/ext/pcre/
> +share/php5/include/ext/pcre/pcrelib/
> +share/php5/include/ext/pcre/pcrelib/config.h
> +share/php5/include/ext/pcre/pcrelib/pcre.h
> +share/php5/include/ext/pcre/pcrelib/pcre_internal.h
> +share/php5/include/ext/pcre/pcrelib/pcreposix.h
> +share/php5/include/ext/pcre/pcrelib/ucp.h
> +share/php5/include/ext/pcre/php_pcre.h
> +share/php5/include/ext/pdo/
> +share/php5/include/ext/pdo/php_pdo.h
> +share/php5/include/ext/pdo/php_pdo_driver.h
> +share/php5/include/ext/session/
> +share/php5/include/ext/session/mod_files.h
> +share/php5/include/ext/session/mod_user.h
> +share/php5/include/ext/session/php_session.h
> +share/php5/include/ext/spl/
> +share/php5/include/ext/spl/php_spl.h
> +share/php5/include/ext/spl/spl_array.h
> +share/php5/include/ext/spl/spl_directory.h
> +share/php5/include/ext/spl/spl_dllist.h
> +share/php5/include/ext/spl/spl_engine.h
> +share/php5/include/ext/spl/spl_exceptions.h
> +share/php5/include/ext/spl/spl_fixedarray.h
> +share/php5/include/ext/spl/spl_functions.h
> +share/php5/include/ext/spl/spl_heap.h
> +share/php5/include/ext/spl/spl_iterators.h
> +share/php5/include/ext/spl/spl_observer.h
> +share/php5/include/ext/standard/
> +share/php5/include/ext/standard/base64.h
> +share/php5/include/ext/standard/basic_functions.h
> +share/php5/include/ext/standard/crc32.h
> +share/php5/include/ext/standard/credits.h
> +share/php5/include/ext/standard/credits_ext.h
> +share/php5/include/ext/standard/credits_sapi.h
> +share/php5/include/ext/standard/crypt_freesec.h
> +share/php5/include/ext/standard/css.h
> +share/php5/include/ext/standard/cyr_convert.h
> +share/php5/include/ext/standard/datetime.h
> +share/php5/include/ext/standard/dl.h
> +share/php5/include/ext/standard/dns.h
> +share/php5/include/ext/standard/exec.h
> +share/php5/include/ext/standard/file.h
> +share/php5/include/ext/standard/flock_compat.h
> +share/php5/include/ext/standard/fsock.h
> +share/php5/include/ext/standard/head.h
> +share/php5/include/ext/standard/html.h
> +share/php5/include/ext/standard/info.h
> +share/php5/include/ext/standard/md5.h
> +share/php5/include/ext/standard/microtime.h
> +share/php5/include/ext/standard/pack.h
> +share/php5/include/ext/standard/pageinfo.h
> +share/php5/include/ext/standard/php_array.h
> +share/php5/include/ext/standard/php_assert.h
> +share/php5/include/ext/standard/php_browscap.h
> +share/php5/include/ext/standard/php_crypt.h
> +share/php5/include/ext/standard/php_crypt_r.h
> +share/php5/include/ext/standard/php_dir.h
> +share/php5/include/ext/standard/php_ext_syslog.h
> +share/php5/include/ext/standard/php_filestat.h
> +share/php5/include/ext/standard/php_fopen_wrappers.h
> +share/php5/include/ext/standard/php_ftok.h
> +share/php5/include/ext/standard/php_http.h
> +share/php5/include/ext/standard/php_image.h
> +share/php5/include/ext/standard/php_incomplete_class.h
> +share/php5/include/ext/standard/php_iptc.h
> +share/php5/include/ext/standard/php_lcg.h
> +share/php5/include/ext/standard/php_link.h
> +share/php5/include/ext/standard/php_mail.h
> +share/php5/include/ext/standard/php_math.h
> +share/php5/include/ext/standard/php_metaphone.h
> +share/php5/include/ext/standard/php_rand.h
> +share/php5/include/ext/standard/php_smart_str.h
> +share/php5/include/ext/standard/php_smart_str_public.h
> +share/php5/include/ext/standard/php_standard.h
> +share/php5/include/ext/standard/php_string.h
> +share/php5/include/ext/standard/php_type.h
> +share/php5/include/ext/standard/php_uuencode.h
> +share/php5/include/ext/standard/php_var.h
> +share/php5/include/ext/standard/php_versioning.h
> +share/php5/include/ext/standard/proc_open.h
> +share/php5/include/ext/standard/quot_print.h
> +share/php5/include/ext/standard/scanf.h
> +share/php5/include/ext/standard/sha1.h
> +share/php5/include/ext/standard/streamsfuncs.h
> +share/php5/include/ext/standard/uniqid.h
> +share/php5/include/ext/standard/url.h
> +share/php5/include/ext/standard/url_scanner.h
> +share/php5/include/ext/standard/url_scanner_ex.h
> +share/php5/include/ext/standard/winver.h
> +share/php5/include/ext/xml/
> +share/php5/include/ext/xml/expat_compat.h
> +share/php5/include/ext/xml/php_xml.h
> +share/php5/include/include/
> +share/php5/include/main/
> +share/php5/include/main/SAPI.h
> +share/php5/include/main/build-defs.h
> +share/php5/include/main/fopen_wrappers.h
> +share/php5/include/main/logos.h
> +share/php5/include/main/php.h
> +share/php5/include/main/php3_compat.h
> +share/php5/include/main/php_compat.h
> +share/php5/include/main/php_config.h
> +share/php5/include/main/php_content_types.h
> +share/php5/include/main/php_getopt.h
> +share/php5/include/main/php_globals.h
> +share/php5/include/main/php_ini.h
> +share/php5/include/main/php_logos.h
> +share/php5/include/main/php_main.h
> +share/php5/include/main/php_memory_streams.h
> +share/php5/include/main/php_network.h
> +share/php5/include/main/php_open_temporary_file.h
> +share/php5/include/main/php_output.h
> +share/php5/include/main/php_reentrancy.h
> +share/php5/include/main/php_scandir.h
> +share/php5/include/main/php_streams.h
> +share/php5/include/main/php_syslog.h
> +share/php5/include/main/php_ticks.h
> +share/php5/include/main/php_variables.h
> +share/php5/include/main/php_version.h
> +share/php5/include/main/rfc1867.h
> +share/php5/include/main/safe_mode.h
> +share/php5/include/main/snprintf.h
> +share/php5/include/main/spprintf.h
> +share/php5/include/main/streams/
> +share/php5/include/main/streams/php_stream_context.h
> +share/php5/include/main/streams/php_stream_filter_api.h
> +share/php5/include/main/streams/php_stream_glob_wrapper.h
> +share/php5/include/main/streams/php_stream_mmap.h
> +share/php5/include/main/streams/php_stream_plain_wrapper.h
> +share/php5/include/main/streams/php_stream_transport.h
> +share/php5/include/main/streams/php_stream_userspace.h
> +share/php5/include/main/streams/php_streams_int.h
> +share/php5/include/main/win32_internal_function_disabled.h
> +share/php5/include/main/win95nt.h
> +@extraunexec rm -fr ${PHP_CONFIG_PATH}/php5/
> +@unexec-delete rm -fr ${PHP_CONFIG_PATH}/php5.sample/
> diff -uNr --exclude=CVS www/php5/distinfo mystuff/www/php5/distinfo
> --- www/php5/distinfo Wed Jul  8 18:38:40 2009
> +++ mystuff/www/php5/distinfo Tue Jun 30 22:00:45 2009
> @@ -1,15 +1,5 @@
> -MD5 (php-5.2.10.tar.gz) = hXU7opCayfrlvKUWrb2p6Q==
> -MD5 (suhosin-0.9.27.tgz) = mq4CvC0rz5uL2XzSL1aouA==
> -MD5 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = +A280nc6mNodqwxzw2VIlQ==
> -RMD160 (php-5.2.10.tar.gz) = 8LIsQojdmEwr6iOH9mYVQFwDpdE=
> -RMD160 (suhosin-0.9.27.tgz) = Rr9H2vDasFNZ2mL96Kdrp8Q7Pbw=
> -RMD160 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = HS4BqTXEu8noWHlvj2AEtPdZULM=
> -SHA1 (php-5.2.10.tar.gz) = DXjPbm3J0IpNOucw7FjXazEZihw=
> -SHA1 (suhosin-0.9.27.tgz) = MDO9OEDHV4YXnPgkD2PZe19qzL8=
> -SHA1 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = QZdkQzCk8YL03WS+udspQG7TAMo=
> -SHA256 (php-5.2.10.tar.gz) = qBr6vu/jcWEimR7n/zRxOiNF1XmO4VtCsnOKWGlU1js=
> -SHA256 (suhosin-0.9.27.tgz) = z1TZZY2hM6xS3lkap8KWsbL+KcuP7JR1axFYN13+VUo=
> -SHA256 (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = b3qGz/HN0QB7okgpL2rf47fAGt/tVsLpN8h8YCELvDg=
> -SIZE (php-5.2.10.tar.gz) = 11433921
> -SIZE (suhosin-0.9.27.tgz) = 115936
> -SIZE (suhosin-patch-5.2.10-0.9.7-openbsd.patch.gz) = 23026
> +MD5 (php-5.3.0.tar.gz) = 9JBeykSX2j8L61yWhjGWtA==
> +RMD160 (php-5.3.0.tar.gz) = zlq9dRoMv043RTdgU+sgU8S1Yzk=
> +SHA1 (php-5.3.0.tar.gz) = pLxfK/nUL1ky2EZ/uksAJNlXrfQ=
> +SHA256 (php-5.3.0.tar.gz) = r/IhaVfgzgtnW91mYOe1WZ8a0NLPgOGf851veNIkJ+I=
> +SIZE (php-5.3.0.tar.gz) = 13239065
> diff -uNr --exclude=CVS www/php5/extensions/Makefile mystuff/www/php5/extensions/Makefile
> --- www/php5/extensions/Makefile Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/Makefile Wed Jul  8 15:30:25 2009
> @@ -15,20 +15,68 @@
>  
>  WANTLIB= stdc++ m
>  
> +CONFIGURE_ARGS+=--disable-cli --disable-cgi
> +
> +# phar
> +PSEUDO_FLAVORS+= no_phar
> +.if ${FLAVOR:L:Mno_phar}
> +CONFIGURE_ARGS+= --disable-phar
> +.else
> +MULTI_PACKAGES+= -phar
> +COMMENT-phar= phar extensions for php5
> +CONFIGURE_ARGS+= --enable-phar=shared
> +.endif
> +
> +# fileinfo
> +PSEUDO_FLAVORS+= no_fileinfo
> +.if ${FLAVOR:L:Mno_fileinfo}
> +CONFIGURE_ARGS+= --disable-fileinfo
> +.else
> +MULTI_PACKAGES+= -fileinfo
> +COMMENT-fileinfo= fileinfo extensions for php5
> +CONFIGURE_ARGS+= --enable-fileinfo=shared
> +.endif
> +
> +# gettext
> +PSEUDO_FLAVORS+= no_gettext
> +.if ${FLAVOR:L:Mno_gettext}
> +CONFIGURE_ARGS+= --without-gettext
> +.else
> +MULTI_PACKAGES+= -gettext
>  MODULES= devel/gettext
> +COMMENT-gettext= gettext extensions for php5
> +CONFIGURE_ARGS+= --with-gettext=shared,${LOCALBASE}
> +.endif
>  
> -CONFIGURE_ARGS+= --with-apxs=/usr/sbin/apxs \
> - --with-iconv-dir=${LOCALBASE} \
> - --with-iconv=${LOCALBASE} \
> - --disable-dom \
> - --disable-cgi
> +# sockets
> +PSEUDO_FLAVORS+= no_sockets
> +.if ${FLAVOR:L:Mno_sockets}
> +CONFIGURE_ARGS+= --disable-sockets
> +.else
> +MULTI_PACKAGES+= -sockets
> +COMMENT-sockets= Sockets extensions for php5
> +CONFIGURE_ARGS+= --enable-sockets=shared
> +.endif
>  
> -GRAPHIC_DEPENDS= jpeg.>=62::graphics/jpeg \
> - png.>=3::graphics/png
> +# exif
> +PSEUDO_FLAVORS+= no_exif
> +.if ${FLAVOR:L:Mno_exif}
> +CONFIGURE_ARGS+= --disable-exif
> +.else
> +MULTI_PACKAGES+= -exif
> +COMMENT-exif= Exif extensions for php5
> +CONFIGURE_ARGS+= --enable-exif=shared
> +.endif
>  
> -GRAPHIC_CONFIG= --with-jpeg-dir=${LOCALBASE} \
> - --with-png-dir=${LOCALBASE} \
> - --with-zlib-dir=/usr
> +# openssl
> +PSEUDO_FLAVORS+= no_openssl
> +.if ${FLAVOR:L:Mno_openssl}
> +CONFIGURE_ARGS+= --without-openssl
> +.else
> +MULTI_PACKAGES+= -openssl
> +COMMENT-openssl= Openssl extensions for php5
> +CONFIGURE_ARGS+= --with-openssl=shared
> +.endif
>  
>  # bz2
>  PSEUDO_FLAVORS+= no_bz2
> @@ -64,23 +112,17 @@
>  LIB_DEPENDS-dba= gdbm.>=2::databases/gdbm
>  .endif
>  
> -# dbase
> -PSEUDO_FLAVORS+= no_dbase
> -.if ${FLAVOR:L:Mno_dbase}
> -CONFIGURE_ARGS+= --disable-dbase
> -.else
> -MULTI_PACKAGES+= -dbase
> -COMMENT-dbase= dBase database access extensions for php5
> -CONFIGURE_ARGS+= --enable-dbase=shared
> -LIB_DEPENDS-dbase=
> -.endif
> -
>  # gd
>  PSEUDO_FLAVORS+= no_gd
>  .if ${FLAVOR:L:Mno_gd}
>  CONFIGURE_ARGS+= --without-gd --without-xpm-dir --without-ttf \
>   --without-freetype-dir
>  .else
> +GRAPHIC_DEPENDS= jpeg.>=62::graphics/jpeg \
> + png.>=3::graphics/png
> +GRAPHIC_CONFIG= --with-jpeg-dir=${LOCALBASE} \
> + --with-png-dir=${LOCALBASE} \
> + --with-zlib-dir=/usr
>  MULTI_PACKAGES+= -gd
>  COMMENT-gd= image manipulation extensions for php5
>  LIB_DEPENDS-gd= ${GRAPHIC_DEPENDS} t1.>=5::devel/t1lib
> @@ -162,17 +204,6 @@
>  LIB_DEPENDS-mcrypt= mcrypt::security/libmcrypt ltdl.>=1::devel/libtool,-ltdl
>  .endif
>  
> -# mhash
> -PSEUDO_FLAVORS+= no_mhash
> -.if ${FLAVOR:L:Mno_mhash}
> -CONFIGURE_ARGS+= --without-mhash
> -.else
> -MULTI_PACKAGES+= -mhash
> -COMMENT-mhash= mhash extensions for php5
> -CONFIGURE_ARGS+= --with-mhash=shared,${LOCALBASE}
> -LIB_DEPENDS-mhash= mhash.>=2::security/mhash
> -.endif
> -
>  # mysql
>  PSEUDO_FLAVORS+= no_mysql
>  .if ${FLAVOR:L:Mno_mysql}
> @@ -180,8 +211,7 @@
>  .else
>  MULTI_PACKAGES+= -mysql
>  COMMENT-mysql= mysql database access extensions for php5
> -CONFIGURE_ARGS+= --with-mysql=shared,${LOCALBASE}
> -LIB_DEPENDS-mysql= lib/mysql/mysqlclient.>=10::databases/mysql
> +CONFIGURE_ARGS+= --with-mysql=shared,mysqlnd
>  .endif
>  
>  # mysqli
> @@ -191,21 +221,18 @@
>  .else
>  MULTI_PACKAGES+= -mysqli
>  COMMENT-mysqli= mysql database access extensions for php5
> -CONFIGURE_ARGS+= --with-mysqli=shared,${LOCALBASE}/bin/mysql_config
> -LIB_DEPENDS-mysqli= lib/mysql/mysqlclient.>=10::databases/mysql
> -WANTLIB-mysqli= ${WANTLIB} crypto ssl z
> +CONFIGURE_ARGS+= --with-mysqli=shared,mysqlnd
>  .endif
>  
> -# ncurses
> -PSEUDO_FLAVORS+= no_ncurses
> -.if ${FLAVOR:L:Mno_ncurses}
> -CONFIGURE_ARGS+= --without-ncurses
> +
> +# pdo-mysql
> +PSEUDO_FLAVORS+= no_pdo_mysql
> +.if ${FLAVOR:L:Mno_pdo_mysql}
> +CONFIGURE_ARGS+= --without-pdo-mysql
>  .else
> -MULTI_PACKAGES+= -ncurses
> -COMMENT-ncurses= ncurses extensions for php5
> -CONFIGURE_ARGS+= --with-ncurses=shared,${LOCALBASE}
> -LIB_DEPENDS-ncurses=
> -WANTLIB-ncurses= ${WANTLIB} ncurses panel
> +MULTI_PACKAGES+= -pdo_mysql
> +COMMENT-pdo_mysql= PDO mysql database access extensions for php5
> +CONFIGURE_ARGS+= --enable-pdo --with-pdo-mysql=shared,mysqlnd
>  .endif
>  
>  # odbc
> @@ -219,18 +246,6 @@
>  LIB_DEPENDS-odbc= iodbc.>=2::databases/iodbc
>  .endif
>  
> -# pdo-mysql
> -PSEUDO_FLAVORS+= no_pdo_mysql
> -.if ${FLAVOR:L:Mno_pdo_mysql}
> -CONFIGURE_ARGS+= --without-pdo-mysql
> -.else
> -MULTI_PACKAGES+= -pdo_mysql
> -COMMENT-pdo_mysql= PDO mysql database access extensions for php5
> -CONFIGURE_ARGS+= --with-pdo-mysql=shared,${LOCALBASE}
> -LIB_DEPENDS-pdo_mysql= lib/mysql/mysqlclient.>=10::databases/mysql
> -WANTLIB-pdo_mysql= ${WANTLIB} crypto ssl z
> -.endif
> -
>  # pdo-pgsql
>  PSEUDO_FLAVORS+= no_pdo_pgsql
>  .if ${FLAVOR:L:Mno_pdo_pgsql}
> @@ -238,7 +253,7 @@
>  .else
>  MULTI_PACKAGES+= -pdo_pgsql
>  COMMENT-pdo_pgsql= PDO database access extensions for php5
> -CONFIGURE_ARGS+=        --with-pdo-pgsql=shared,${LOCALBASE}
> +CONFIGURE_ARGS+=        --enable-pdo --with-pdo-pgsql=shared,${LOCALBASE}
>  LIB_DEPENDS-pdo_pgsql= pq.>=2:postgresql-client-*:databases/postgresql
>  .endif
>  
> @@ -249,7 +264,7 @@
>  .else
>  MULTI_PACKAGES+= -pdo_sqlite
>  COMMENT-pdo_sqlite= PDO sqlite database access extensions for php5
> -CONFIGURE_ARGS+= --with-pdo-sqlite=shared,${LOCALBASE} --enable-sqlite-utf8
> +CONFIGURE_ARGS+= --enable-pdo --with-pdo-sqlite=shared,${LOCALBASE} --enable-sqlite-utf8
>  LIB_DEPENDS-pdo_sqlite= sqlite3.>=8::databases/sqlite3
>  .endif
>  
> @@ -264,15 +279,15 @@
>  LIB_DEPENDS-pgsql= pq.>=2:postgresql-client-*:databases/postgresql
>  .endif
>  
> -# pspell
> -PSEUDO_FLAVORS+= no_pspell
> -.if ${FLAVOR:L:Mno_pspell}
> -CONFIGURE_ARGS+= --without-pspell
> +# enchant
> +PSEUDO_FLAVORS+= no_enchant
> +.if ${FLAVOR:L:Mno_enchant}
> +CONFIGURE_ARGS+= --without-enchant
>  .else
> -MULTI_PACKAGES+= -pspell
> -COMMENT-pspell= pspell library extensions for php5
> -CONFIGURE_ARGS+= --with-pspell=shared,${LOCALBASE}
> -LIB_DEPENDS-pspell= aspell.>=16.0,pspell.>=16.0::textproc/aspell/core
> +MULTI_PACKAGES+= -enchant
> +COMMENT-enchant= enchant library extensions for php5
> +CONFIGURE_ARGS+= --with-enchant=shared,${LOCALBASE}
> +LIB_DEPENDS-enchant= enchant.>=1.2.4::textproc/enchant
>  .endif
>  
>  # shmop
> @@ -301,7 +316,7 @@
>  # snmp
>  PSEUDO_FLAVORS+= no_snmp
>  .if ${FLAVOR:L:Mno_snmp}
> -CONFIGURE_ARGS+= --without-snmp
> +CONFIGURE_ARGS+= --with-openssl --without-snmp
>  .else
>  MULTI_PACKAGES+= -snmp
>  COMMENT-snmp= snmp protocol extensions for php5
> @@ -320,6 +335,17 @@
>  LIB_DEPENDS-sqlite= sqlite.>=8::databases/sqlite
>  .endif
>  
> +# sqlite3
> +PSEUDO_FLAVORS+= no_sqlite3
> +.if ${FLAVOR:L:Mno_sqlite3}
> +CONFIGURE_ARGS+= --without-sqlite3
> +.else
> +MULTI_PACKAGES+= -sqlite3
> +COMMENT-sqlite3= sqlite3 database access extensions for php5
> +CONFIGURE_ARGS+= --with-sqlite3=shared,${LOCALBASE}
> +LIB_DEPENDS-sqlite3= sqlite.>=6::databases/sqlite3
> +.endif
> +
>  # sybase-ct
>  PSEUDO_FLAVORS+= no_sybase_ct
>  .if ${FLAVOR:L:Mno_sybase_ct}
> @@ -350,7 +376,7 @@
>  .else
>  MULTI_PACKAGES+= -xsl
>  COMMENT-xsl= XSL functions for php5
> -CONFIGURE_ARGS+= --with-xsl=shared --enable-dom
> +CONFIGURE_ARGS+= --with-xsl=shared --enable-dom --enable-libxml
>  LIB_DEPENDS-xsl= xslt.>=3,exslt::textproc/libxslt
>  WANTLIB-xsl= ${WANTLIB} iconv xml2 z
>  .endif
> diff -uNr --exclude=CVS www/php5/extensions/patches/patch-ext_gd_gdttf_c mystuff/www/php5/extensions/patches/patch-ext_gd_gdttf_c
> --- www/php5/extensions/patches/patch-ext_gd_gdttf_c Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/patches/patch-ext_gd_gdttf_c Thu Jan  1 03:00:00 1970
> @@ -1,12 +0,0 @@
> -$OpenBSD: patch-ext_gd_gdttf_c,v 1.2 2007/07/02 08:53:17 robert Exp $
> ---- ext/gd/gdttf.c.orig Sun Jan  9 22:05:05 2005
> -+++ ext/gd/gdttf.c Mon Jul  2 10:38:20 2007
> -@@ -712,7 +712,7 @@ gdttfchar(gdImage *im, int fg, font_t *font,
> - }
> - #if HAVE_LIBGD20
> - if (im->trueColor) {
> -- pixel = &im->tpixels[y3][x3];
> -+ pixel = (unsigned char *)&im->tpixels[y3][x3];
> - } else
> - #endif
> - {
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-dbase mystuff/www/php5/extensions/pkg/DESCR-dbase
> --- www/php5/extensions/pkg/DESCR-dbase Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/DESCR-dbase Thu Jan  1 03:00:00 1970
> @@ -1,18 +0,0 @@
> -These functions allow you to access records stored in dBase-format
> -(dbf) databases.
> -
> -There is no support for indexes or memo fields. There is no support
> -for locking, too. Two concurrent webserver processes modifying the
> -same dBase file will very likely ruin your database.
> -
> -dBase files are simple sequential files of fixed length records.
> -Records are appended to the end of the file and delete records are
> -kept until you call dbase_pack().
> -
> -We recommend that you do not use dBase files as your production
> -database. Choose any real SQL server instead; MySQL or Postgres are
> -common choices with PHP. dBase support is here to allow you to
> -import and export data to and from your web database, because the
> -file format is commonly understood by Windows spreadsheets and
> -organizers.
> -
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-enchant mystuff/www/php5/extensions/pkg/DESCR-enchant
> --- www/php5/extensions/pkg/DESCR-enchant Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-enchant Wed Jul  8 13:08:39 2009
> @@ -0,0 +1,4 @@
> +Enchant steps in to provide uniformity and conformity on top of all spelling
> +libraries, and implement certain features that may be lacking in any individual
> +provider library. Everything should "just work" for any and every definition
> +of "just working."
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-exif mystuff/www/php5/extensions/pkg/DESCR-exif
> --- www/php5/extensions/pkg/DESCR-exif Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-exif Wed Jul  8 18:53:03 2009
> @@ -0,0 +1,4 @@
> +With the exif extension you are able to work with image meta data.
> +For example, you may use exif functions to read meta data of pictures
> +taken from digital cameras by working with information stored in the
> +headers of the JPEG and TIFF images.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-fileinfo mystuff/www/php5/extensions/pkg/DESCR-fileinfo
> --- www/php5/extensions/pkg/DESCR-fileinfo Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-fileinfo Wed Jul  8 14:14:10 2009
> @@ -0,0 +1,4 @@
> +The functions in this module try to guess the content type and encoding of
> +a file by looking for certain magic byte sequences at specific positions
> +within the file. While this is not a bullet proof approach the heuristics
> +used do a very good job.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-gettext mystuff/www/php5/extensions/pkg/DESCR-gettext
> --- www/php5/extensions/pkg/DESCR-gettext Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-gettext Sun Jul  5 14:19:19 2009
> @@ -0,0 +1,2 @@
> +The gettext functions implement an NLS (Native Language Support)
> +API which can be used to internationalize your PHP applications.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-mhash mystuff/www/php5/extensions/pkg/DESCR-mhash
> --- www/php5/extensions/pkg/DESCR-mhash Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/DESCR-mhash Thu Jan  1 03:00:00 1970
> @@ -1,5 +0,0 @@
> -This is an interface to the mhash library. mhash supports a wide
> -variety of hash algorithms such as MD5, SHA1, GOST, and many others.
> -
> -Mhash can be used to create checksums, message digests, message
> -authentication codes, and more.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-ncurses mystuff/www/php5/extensions/pkg/DESCR-ncurses
> --- www/php5/extensions/pkg/DESCR-ncurses Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/DESCR-ncurses Thu Jan  1 03:00:00 1970
> @@ -1,5 +0,0 @@
> -ncurses (new curses) is a free software emulation of curses in
> -System V Rel 4.0 (and above). It uses terminfo format, supports
> -pads, colors, multiple highlights, form characters and function key
> -mapping.
> -
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-openssl mystuff/www/php5/extensions/pkg/DESCR-openssl
> --- www/php5/extensions/pkg/DESCR-openssl Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-openssl Sun Jul  5 14:38:04 2009
> @@ -0,0 +1,3 @@
> +This module uses the functions of OpenSSL for generation and
> +verification of signatures and for sealing (encrypting) and
> +opening (decrypting) data.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-phar mystuff/www/php5/extensions/pkg/DESCR-phar
> --- www/php5/extensions/pkg/DESCR-phar Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-phar Wed Jul  8 18:53:46 2009
> @@ -0,0 +1,2 @@
> +The phar extension provides a way to put entire PHP applications into a single
> +file called a "phar" (PHP Archive) for easy distribution and installation.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-pspell mystuff/www/php5/extensions/pkg/DESCR-pspell
> --- www/php5/extensions/pkg/DESCR-pspell Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/DESCR-pspell Thu Jan  1 03:00:00 1970
> @@ -1,2 +0,0 @@
> -These functions allow you to check the spelling of a word and offer suggestions.
> -More information about Pspell can be found at http://www.php.net/pspell.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-sockets mystuff/www/php5/extensions/pkg/DESCR-sockets
> --- www/php5/extensions/pkg/DESCR-sockets Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-sockets Sun Jul  5 14:16:45 2009
> @@ -0,0 +1,3 @@
> +The socket extension implements a low-level interface to the socket
> +communication functions based on the popular BSD sockets,
> +providing the possibility to act as a socket server as well as a client.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/DESCR-sqlite3 mystuff/www/php5/extensions/pkg/DESCR-sqlite3
> --- www/php5/extensions/pkg/DESCR-sqlite3 Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/DESCR-sqlite3 Wed Jul  8 13:42:54 2009
> @@ -0,0 +1,5 @@
> +These functions allow you to access SQLite 3.x databases.
> +More information about SQLite can be found at http://www.sqlite.org/.
> +
> +Documentation for SQLite can be found at
> +http://www.sqlite.org/docs.html.
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-dbase mystuff/www/php5/extensions/pkg/PLIST-dbase
> --- www/php5/extensions/pkg/PLIST-dbase Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/PLIST-dbase Thu Jan  1 03:00:00 1970
> @@ -1,5 +0,0 @@
> -@comment $OpenBSD: PLIST-dbase,v 1.4 2007/11/05 10:11:10 robert Exp $
> -@conflict php4-dbase-*
> -@pkgpath www/php5/extensions,-dbase,hardened
> -conf/php5.sample/dbase.ini
> -lib/php/modules/dbase.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-enchant mystuff/www/php5/extensions/pkg/PLIST-enchant
> --- www/php5/extensions/pkg/PLIST-enchant Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-enchant Wed Jul  8 13:09:58 2009
> @@ -0,0 +1,3 @@
> +@comment $OpenBSD: PLIST-enchant,v 1.0 2009/07/08 11:59:56 robert Exp $
> +conf/php5.sample/enchant.ini
> +lib/php/modules/enchant.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-exif mystuff/www/php5/extensions/pkg/PLIST-exif
> --- www/php5/extensions/pkg/PLIST-exif Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-exif Sun Jul  5 14:30:04 2009
> @@ -0,0 +1,3 @@
> +@comment $OpenBSD: PLIST-exif,v 1.0 2009/07/05 08:36:49 espie Exp $
> +conf/php5.sample/exif.ini
> +lib/php/modules/exif.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-fileinfo mystuff/www/php5/extensions/pkg/PLIST-fileinfo
> --- www/php5/extensions/pkg/PLIST-fileinfo Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-fileinfo Wed Jul  8 14:15:04 2009
> @@ -0,0 +1,4 @@
> +@comment $OpenBSD: PLIST-fileinfo,v 1.0 2009/07/08 10:11:10 robert Exp $
> +@pkgpath www/php5/extensions,-fileinfo,hardened
> +conf/php5.sample/fileinfo.ini
> +lib/php/modules/fileinfo.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-gettext mystuff/www/php5/extensions/pkg/PLIST-gettext
> --- www/php5/extensions/pkg/PLIST-gettext Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-gettext Sun Jul  5 14:31:13 2009
> @@ -0,0 +1,4 @@
> +@comment $OpenBSD: PLIST-gettext,v 1.0 2009/07/05 10:11:10 robert Exp $
> +@pkgpath www/php5/extensions,gettext,hardened
> +conf/php5.sample/gettext.ini
> +lib/php/modules/gettext.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-mhash mystuff/www/php5/extensions/pkg/PLIST-mhash
> --- www/php5/extensions/pkg/PLIST-mhash Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/PLIST-mhash Thu Jan  1 03:00:00 1970
> @@ -1,5 +0,0 @@
> -@comment $OpenBSD: PLIST-mhash,v 1.4 2007/11/05 10:11:10 robert Exp $
> -@conflict php4-mhash-*
> -@pkgpath www/php5/extensions,-mhash,hardened
> -conf/php5.sample/mhash.ini
> -lib/php/modules/mhash.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-ncurses mystuff/www/php5/extensions/pkg/PLIST-ncurses
> --- www/php5/extensions/pkg/PLIST-ncurses Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/PLIST-ncurses Thu Jan  1 03:00:00 1970
> @@ -1,5 +0,0 @@
> -@comment $OpenBSD: PLIST-ncurses,v 1.4 2007/11/05 10:11:10 robert Exp $
> -@conflict php4-ncurses-*
> -@pkgpath www/php5/extensions,-ncurses,hardened
> -conf/php5.sample/ncurses.ini
> -lib/php/modules/ncurses.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-openssl mystuff/www/php5/extensions/pkg/PLIST-openssl
> --- www/php5/extensions/pkg/PLIST-openssl Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-openssl Sun Jul  5 14:38:55 2009
> @@ -0,0 +1,3 @@
> +@comment $OpenBSD: PLIST-openssl,v 1.0 2009/07/05 08:36:49 espie Exp $
> +conf/php5.sample/openssl.ini
> +lib/php/modules/openssl.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-phar mystuff/www/php5/extensions/pkg/PLIST-phar
> --- www/php5/extensions/pkg/PLIST-phar Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-phar Wed Jul  8 13:19:42 2009
> @@ -0,0 +1,4 @@
> +@comment $OpenBSD: PLIST-phar,v 1.0 2009/07/08 10:11:10 robert Exp $
> +@pkgpath www/php5/extensions,-phar,hardened
> +conf/php5.sample/phar.ini
> +lib/php/modules/phar.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-pspell mystuff/www/php5/extensions/pkg/PLIST-pspell
> --- www/php5/extensions/pkg/PLIST-pspell Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/extensions/pkg/PLIST-pspell Thu Jan  1 03:00:00 1970
> @@ -1,3 +0,0 @@
> -@comment $OpenBSD: PLIST-pspell,v 1.1 2008/03/30 11:59:56 robert Exp $
> -conf/php5.sample/pspell.ini
> -lib/php/modules/pspell.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-sockets mystuff/www/php5/extensions/pkg/PLIST-sockets
> --- www/php5/extensions/pkg/PLIST-sockets Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-sockets Sun Jul  5 14:17:54 2009
> @@ -0,0 +1,3 @@
> +@comment $OpenBSD: PLIST-sockets,v 1.0 2009/07/05 08:36:49 espie Exp $
> +conf/php5.sample/sockets.ini
> +lib/php/modules/sockets.so
> diff -uNr --exclude=CVS www/php5/extensions/pkg/PLIST-sqlite3 mystuff/www/php5/extensions/pkg/PLIST-sqlite3
> --- www/php5/extensions/pkg/PLIST-sqlite3 Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/extensions/pkg/PLIST-sqlite3 Wed Jul  8 13:43:25 2009
> @@ -0,0 +1,4 @@
> +@comment $OpenBSD: PLIST-sqlite3,v 1.0 2009/07/08 10:11:10 robert Exp $
> +@pkgpath www/php5/extensions,-sqlite,hardened
> +conf/php5.sample/sqlite3.ini
> +lib/php/modules/sqlite3.so
> diff -uNr --exclude=CVS www/php5/patches/patch-configure_in mystuff/www/php5/patches/patch-configure_in
> --- www/php5/patches/patch-configure_in Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/patches/patch-configure_in Thu Jul  2 14:13:44 2009
> @@ -1,18 +1,7 @@
> ---- configure.in.orig Tue Dec  9 22:04:42 2008
> -+++ configure.in Tue Dec  9 22:07:03 2008
> -@@ -354,8 +354,8 @@
> +--- configure.in.orig Fri Jun 19 01:01:03 2009
> ++++ configure.in Tue Jun 30 13:00:08 2009
> +@@ -983,7 +983,7 @@
>  
> - dnl Check for resolver routines.
> - dnl Need to check for both res_search and __res_search
> --dnl in -lc, -lbind, -lresolv and -lsocket
> --PHP_CHECK_FUNC(res_search, resolv, bind, socket)
> -+dnl in -lc, -lresolv and -lsocket
> -+PHP_CHECK_FUNC(res_search, resolv, socket)
> -
> - dnl Check for inet_aton and dn_skipname
> - dnl in -lc, -lbind and -lresolv
> -@@ -931,7 +931,7 @@
> -
>   case $php_build_target in
>     program|static)
>  -    standard_libtool_flag='-prefer-non-pic -static'
> @@ -20,7 +9,7 @@
>       if test -z "$PHP_MODULES" && test -z "$PHP_ZEND_EX"; then
>           enable_shared=no
>       fi
> -@@ -940,10 +940,10 @@
> +@@ -992,10 +992,10 @@
>       enable_static=no
>       case $with_pic in
>         yes)
> @@ -33,7 +22,7 @@
>           ;;
>       esac
>       EXTRA_LDFLAGS="$EXTRA_LDFLAGS -avoid-version -module"
> -@@ -1136,7 +1136,7 @@
> +@@ -1184,7 +1184,7 @@
>   EXPANDED_DATADIR=$datadir
>   EXPANDED_PHP_CONFIG_FILE_PATH=`eval echo "$PHP_CONFIG_FILE_PATH"`
>   EXPANDED_PHP_CONFIG_FILE_SCAN_DIR=`eval echo "$PHP_CONFIG_FILE_SCAN_DIR"`
> @@ -42,17 +31,16 @@
>  
>   exec_prefix=$old_exec_prefix
>   libdir=$old_libdir
> -@@ -1344,7 +1344,8 @@
> - INLINE_CFLAGS="$INLINE_CFLAGS $standard_libtool_flag"
> - CXXFLAGS="$CXXFLAGS $standard_libtool_flag"
> +@@ -1392,7 +1392,7 @@
> +   pharcmd_install=
> + fi;
>  
> --all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_ZEND_EX) \$(PHP_CLI_TARGET)"
> -+all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_CLI_TARGET) \$(PHP_CGI_TARGET)"
> -+
> - install_targets="$install_modules install-build install-headers install-programs $install_pear"
> +-all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_ZEND_EX) \$(PHP_CLI_TARGET) $pharcmd"
> ++all_targets="$lcov_target \$(OVERALL_TARGET) \$(PHP_MODULES) \$(PHP_CLI_TARGET) \$(PHP_CGI_TARGET) $pharcmd"
> + install_targets="$install_modules install-build install-headers install-programs $install_pear $pharcmd_install"
>  
>   case $PHP_SAPI in
> -@@ -1388,7 +1389,7 @@
> +@@ -1437,7 +1437,7 @@
>   PHP_ADD_SOURCES(Zend, \
>       zend_language_parser.c zend_language_scanner.c \
>       zend_ini_parser.c zend_ini_scanner.c \
> @@ -61,11 +49,11 @@
>       zend_execute_API.c zend_highlight.c zend_llist.c \
>       zend_opcode.c zend_operators.c zend_ptr_stack.c zend_stack.c \
>       zend_variables.c zend.c zend_API.c zend_extensions.c zend_hash.c \
> -@@ -1409,6 +1410,7 @@
> +@@ -1459,6 +1459,7 @@
>   fi
>  
>   PHP_ADD_SOURCES_X(Zend, zend_execute.c,,PHP_GLOBAL_OBJS,,$flag)
>  +PHP_ADD_SOURCES_X(Zend, zend_alloc.c,,PHP_GLOBAL_OBJS,,"-O0")
>  
>   PHP_ADD_BUILD_DIR(main main/streams)
> - PHP_ADD_BUILD_DIR(regex)
> + PHP_ADD_BUILD_DIR(sapi/$PHP_SAPI sapi/cli)
> diff -uNr --exclude=CVS www/php5/patches/patch-ext_standard_config_m4 mystuff/www/php5/patches/patch-ext_standard_config_m4
> --- www/php5/patches/patch-ext_standard_config_m4 Wed Jul  8 18:38:41 2009
> +++ mystuff/www/php5/patches/patch-ext_standard_config_m4 Tue Jun 30 14:29:33 2009
> @@ -1,16 +1,29 @@
> -$OpenBSD: patch-ext_standard_config_m4,v 1.1 2008/04/05 05:45:19 sturm Exp $
> ---- ext/standard/config.m4.orig Fri Apr  4 22:34:19 2008
> -+++ ext/standard/config.m4 Fri Apr  4 22:34:33 2008
> -@@ -311,9 +311,9 @@ dnl
> +--- ext/standard/config.m4.orig Mon Jan 12 02:37:16 2009
> ++++ ext/standard/config.m4 Tue Jun 30 13:08:23 2009
> +@@ -249,19 +249,19 @@
>   dnl Detect library functions needed by php dns_xxx functions
>   dnl ext/standard/dns.h will collect these in a single define: HAVE_DNS_FUNCS
>   dnl
>  -PHP_CHECK_FUNC(res_nmkquery, resolv, bind, socket)
>  -PHP_CHECK_FUNC(res_nsend, resolv, bind, socket)
> +-PHP_CHECK_FUNC(res_search, resolv, bind, socket)
>  -PHP_CHECK_FUNC(dn_expand, resolv, bind, socket)
> +-PHP_CHECK_FUNC(dn_skipname, resolv, bind, socket)
>  +PHP_CHECK_FUNC(res_nmkquery, resolv, socket)
>  +PHP_CHECK_FUNC(res_nsend, resolv, socket)
> ++PHP_CHECK_FUNC(res_search, resolv, socket)
>  +PHP_CHECK_FUNC(dn_expand, resolv, socket)
> ++PHP_CHECK_FUNC(dn_skipname, resolv, socket)
> +
> + dnl
> + dnl These are old deprecated functions, a single define of HAVE_DEPRECATED_DNS_FUNCS
> + dnl will be set in ext/standard/dns.h
> + dnl
> +
> +-PHP_CHECK_FUNC(res_mkquery, resolv, bind, socket)
> +-PHP_CHECK_FUNC(res_send, resolv, bind, socket)
> ++PHP_CHECK_FUNC(res_mkquery, resolv, socket)
> ++PHP_CHECK_FUNC(res_send, resolv, socket)
>  
>   dnl
>   dnl Check if atof() accepts NAN
> diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-development mystuff/www/php5/patches/patch-php_ini-development
> --- www/php5/patches/patch-php_ini-development Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/patches/patch-php_ini-development Tue Jun 30 23:29:36 2009
> @@ -0,0 +1,150 @@
> +--- php.ini-development.orig Sun Jun 28 21:56:18 2009
> ++++ php.ini-development Tue Jun 30 23:28:20 2009
> +@@ -785,11 +785,8 @@
> + ;;;;;;;;;;;;;;;;;;;;;;;;;
> +
> + ; UNIX: "/path1:/path2"
> +-;include_path = ".:/php/includes"
> ++include_path = ".:OPENBSD_INCLUDE_PATH"
> + ;
> +-; Windows: "\path1;\path2"
> +-;include_path = ".;c:\php\includes"
> +-;
> + ; PHP's default setting for include_path is ".;/path/to/php/pear"
> + ; http://php.net/include-path
> +
> +@@ -808,9 +805,7 @@
> +
> + ; Directory in which the loadable extensions (modules) reside.
> + ; http://php.net/extension-dir
> +-; extension_dir = "./"
> +-; On windows:
> +-; extension_dir = "ext"
> ++extension_dir = "MODULES_DIR"
> +
> + ; Whether or not to enable the dl() function.  The dl() function does NOT work
> + ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
> +@@ -888,7 +883,7 @@
> +
> + ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
> + ; http://php.net/allow-url-fopen
> +-allow_url_fopen = On
> ++allow_url_fopen = Off
> +
> + ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
> + ; http://php.net/allow-url-include
> +@@ -915,78 +910,6 @@
> + ; http://php.net/auto-detect-line-endings
> + ;auto_detect_line_endings = Off
> +
> +-;;;;;;;;;;;;;;;;;;;;;;
> +-; Dynamic Extensions ;
> +-;;;;;;;;;;;;;;;;;;;;;;
> +-
> +-; If you wish to have an extension loaded automatically, use the following
> +-; syntax:
> +-;
> +-;   extension=modulename.extension
> +-;
> +-; For example, on Windows:
> +-;
> +-;   extension=msql.dll
> +-;
> +-; ... or under UNIX:
> +-;
> +-;   extension=msql.so
> +-;
> +-; ... or with a path:
> +-;
> +-;   extension=/path/to/extension/msql.so
> +-;
> +-; If you only provide the name of the extension, PHP will look for it in its
> +-; default extension directory.
> +-;
> +-; Windows Extensions
> +-; Note that ODBC support is built in, so no dll is needed for it.
> +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
> +-; extension folders as well as the separate PECL DLL download (PHP 5).
> +-; Be sure to appropriately set the extension_dir directive.
> +-;
> +-;extension=php_bz2.dll
> +-;extension=php_curl.dll
> +-;extension=php_dba.dll
> +-;extension=php_exif.dll
> +-;extension=php_fileinfo.dll
> +-;extension=php_gd2.dll
> +-;extension=php_gettext.dll
> +-;extension=php_gmp.dll
> +-;extension=php_intl.dll
> +-;extension=php_imap.dll
> +-;extension=php_interbase.dll
> +-;extension=php_ldap.dll
> +-;extension=php_mbstring.dll
> +-;extension=php_ming.dll
> +-;extension=php_mssql.dll
> +-;extension=php_mysql.dll
> +-;extension=php_mysqli.dll
> +-;extension=php_oci8.dll      ; Use with Oracle 10gR2 Instant Client
> +-;extension=php_oci8_11g.dll  ; Use with Oracle 11g Instant Client
> +-;extension=php_openssl.dll
> +-;extension=php_pdo_firebird.dll
> +-;extension=php_pdo_mssql.dll
> +-;extension=php_pdo_mysql.dll
> +-;extension=php_pdo_oci.dll
> +-;extension=php_pdo_odbc.dll
> +-;extension=php_pdo_pgsql.dll
> +-;extension=php_pdo_sqlite.dll
> +-;extension=php_pgsql.dll
> +-;extension=php_phar.dll
> +-;extension=php_pspell.dll
> +-;extension=php_shmop.dll
> +-;extension=php_snmp.dll
> +-;extension=php_soap.dll
> +-;extension=php_sockets.dll
> +-;extension=php_sqlite.dll
> +-;extension=php_sqlite3.dll
> +-;extension=php_sybase_ct.dll
> +-;extension=php_tidy.dll
> +-;extension=php_xmlrpc.dll
> +-;extension=php_xsl.dll
> +-;extension=php_zip.dll
> +-
> + ;;;;;;;;;;;;;;;;;;;
> + ; Module Settings ;
> + ;;;;;;;;;;;;;;;;;;;
> +@@ -1076,16 +999,6 @@
> + define_syslog_variables  = Off
> +
> + [mail function]
> +-; For Win32 only.
> +-; http://php.net/smtp
> +-SMTP = localhost
> +-; http://php.net/smtp-port
> +-smtp_port = 25
> +-
> +-; For Win32 only.
> +-; http://php.net/sendmail-from
> +-;sendmail_from = [hidden email]
> +-
> + ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
> + ; http://php.net/sendmail-path
> + ;sendmail_path =
> +@@ -1881,6 +1794,15 @@
> + [dba]
> + ;dba.default_handler=
> +
> +-; Local Variables:
> +-; tab-width: 4
> +-; End:
> ++;;;;;;;;;;;;;;;;;;;;;;
> ++; Dynamic Extensions ;
> ++;;;;;;;;;;;;;;;;;;;;;;
> ++;
> ++; If you wish to have an extension loaded automatically, use the following
> ++; syntax:
> ++;
> ++;   extension=modulename.so
> ++;
> ++; Note that it should be the name of the module only; no directory information
> ++; needs to go here.  Specify the location of the extension with the
> ++; extension_dir directive above
> diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-dist mystuff/www/php5/patches/patch-php_ini-dist
> --- www/php5/patches/patch-php_ini-dist Wed Jul  8 18:38:42 2009
> +++ mystuff/www/php5/patches/patch-php_ini-dist Thu Jan  1 03:00:00 1970
> @@ -1,569 +0,0 @@
> -$OpenBSD: patch-php_ini-dist,v 1.13 2007/11/14 10:53:50 robert Exp $
> ---- php.ini-dist.orig Wed Aug 22 01:24:18 2007
> -+++ php.ini-dist Tue Nov 13 11:53:18 2007
> -@@ -466,10 +466,7 @@ default_mimetype = "text/html"
> - ;;;;;;;;;;;;;;;;;;;;;;;;;
> -
> - ; UNIX: "/path1:/path2"
> --;include_path = ".:/php/includes"
> --;
> --; Windows: "\path1;\path2"
> --;include_path = ".;c:\php\includes"
> -+include_path = ".:OPENBSD_INCLUDE_PATH"
> -
> - ; The root of the PHP pages, used only if nonempty.
> - ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
> -@@ -483,7 +480,7 @@ doc_root =
> - user_dir =
> -
> - ; Directory in which the loadable extensions (modules) reside.
> --extension_dir = "./"
> -+extension_dir = "MODULES_DIR"
> -
> - ; Whether or not to enable the dl() function.  The dl() function does NOT work
> - ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
> -@@ -552,7 +549,7 @@ upload_max_filesize = 2M
> - ;;;;;;;;;;;;;;;;;;
> -
> - ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
> --allow_url_fopen = On
> -+allow_url_fopen = Off
> -
> - ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
> - allow_url_include = Off
> -@@ -573,81 +570,6 @@ default_socket_timeout = 60
> - ; fgets() and file() will work regardless of the source of the file.
> - ; auto_detect_line_endings = Off
> -
> --
> --;;;;;;;;;;;;;;;;;;;;;;
> --; Dynamic Extensions ;
> --;;;;;;;;;;;;;;;;;;;;;;
> --;
> --; If you wish to have an extension loaded automatically, use the following
> --; syntax:
> --;
> --;   extension=modulename.extension
> --;
> --; For example, on Windows:
> --;
> --;   extension=msql.dll
> --;
> --; ... or under UNIX:
> --;
> --;   extension=msql.so
> --;
> --; Note that it should be the name of the module only; no directory information
> --; needs to go here.  Specify the location of the extension with the
> --; extension_dir directive above.
> --
> --
> --; Windows Extensions
> --; Note that ODBC support is built in, so no dll is needed for it.
> --; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
> --; extension folders as well as the separate PECL DLL download (PHP 5).
> --; Be sure to appropriately set the extension_dir directive.
> --
> --;extension=php_bz2.dll
> --;extension=php_curl.dll
> --;extension=php_dba.dll
> --;extension=php_dbase.dll
> --;extension=php_exif.dll
> --;extension=php_fdf.dll
> --;extension=php_gd2.dll
> --;extension=php_gettext.dll
> --;extension=php_gmp.dll
> --;extension=php_ifx.dll
> --;extension=php_imap.dll
> --;extension=php_interbase.dll
> --;extension=php_ldap.dll
> --;extension=php_mbstring.dll
> --;extension=php_mcrypt.dll
> --;extension=php_mhash.dll
> --;extension=php_mime_magic.dll
> --;extension=php_ming.dll
> --;extension=php_msql.dll
> --;extension=php_mssql.dll
> --;extension=php_mysql.dll
> --;extension=php_mysqli.dll
> --;extension=php_oci8.dll
> --;extension=php_openssl.dll
> --;extension=php_pdo.dll
> --;extension=php_pdo_firebird.dll
> --;extension=php_pdo_mssql.dll
> --;extension=php_pdo_mysql.dll
> --;extension=php_pdo_oci.dll
> --;extension=php_pdo_oci8.dll
> --;extension=php_pdo_odbc.dll
> --;extension=php_pdo_pgsql.dll
> --;extension=php_pdo_sqlite.dll
> --;extension=php_pgsql.dll
> --;extension=php_pspell.dll
> --;extension=php_shmop.dll
> --;extension=php_snmp.dll
> --;extension=php_soap.dll
> --;extension=php_sockets.dll
> --;extension=php_sqlite.dll
> --;extension=php_sybase_ct.dll
> --;extension=php_tidy.dll
> --;extension=php_xmlrpc.dll
> --;extension=php_xsl.dll
> --;extension=php_zip.dll
> --
> - ;;;;;;;;;;;;;;;;;;;
> - ; Module Settings ;
> - ;;;;;;;;;;;;;;;;;;;
> -@@ -695,13 +617,6 @@ default_socket_timeout = 60
> - define_syslog_variables  = Off
> -
> - [mail function]
> --; For Win32 only.
> --SMTP = localhost
> --smtp_port = 25
> --
> --; For Win32 only.
> --;sendmail_from = [hidden email]
> --
> - ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
> - ;sendmail_path =
> -
> -@@ -1277,6 +1192,436 @@ soap.wsdl_cache_dir="/tmp"
> - ; instead of original one.
> - soap.wsdl_cache_ttl=86400
> -
> --; Local Variables:
> --; tab-width: 4
> --; End:
> -+[suhosin]
> -+; Logging Options
> -+
> -+; Defines what classes of security alerts are logged to the syslog daemon.
> -+; Logging of errors of the class S_MEMORY are always logged to syslog, no
> -+; matter what this configuration says, because a corrupted heap could mean that
> -+; the other logging options will malfunction during the logging process.
> -+;suhosin.log.syslog =
> -+
> -+; Defines the syslog facility that is used when ALERTs are logged to syslog.
> -+;suhosin.log.syslog.facility =
> -+
> -+; Defines the syslog priority that is used when ALERTs are logged to syslog.
> -+;suhosin.log.syslog.priority =
> -+
> -+; Defines what classes of security alerts are logged through the SAPI error log.
> -+;suhosin.log.sapi =
> -+
> -+; Defines what classes of security alerts are logged through the external
> -+; logging.
> -+;suhosin.log.script =
> -+
> -+; Defines what classes of security alerts are logged through the defined PHP
> -+; script.
> -+;suhosin.log.phpscript = 0
> -+
> -+; Defines the full path to a external logging script. The script is called with
> -+; 2 parameters. The first one is the alert class in string notation and the
> -+; second parameter is the log message. This can be used for example to mail
> -+; failing MySQL queries to your email address, because on a production system
> -+; these things should never happen.
> -+;suhosin.log.script.name =
> -+
> -+; Defines the full path to a PHP logging script. The script is called with 2
> -+; variables registered in the current scope: SUHOSIN_ERRORCLASS and
> -+; SUHOSIN_ERROR. The first one is the alert class and the second variable is
> -+; the log message. This can be used for example to mail attempted remote URL
> -+; include attacks to your email address.
> -+;suhosin.log.phpscript.name =
> -+
> -+; Undocumented
> -+;suhosin.log.phpscript.is_safe = Off
> -+
> -+; When the Hardening-Patch logs an error the log message also contains the IP
> -+; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
> -+; environment variable. With this switch it is possible to change this behavior
> -+; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
> -+; when your PHP server runs behind a reverse proxy.
> -+;suhosin.log.use-x-forwarded-for = Off
> -+
> -+; -----------------------------------------------------------------------------
> -+; Executor Options
> -+
> -+; Defines the maximum stack depth allowed by the executor before it stops the
> -+; script. Without this function an endless recursion in a PHP script could
> -+; crash the PHP executor or trigger the configured memory_limit. A value of
> -+; "0" disables this feature.
> -+;suhosin.executor.max_depth = 0
> -+
> -+; Defines how many "../" an include filename needs to contain to be considered
> -+; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
> -+; value of "3" will allow it. Most PHP applications should work flawlessly with
> -+; values "4" or "5". A value of "0" disables this feature.
> -+;suhosin.executor.include.max_traversal = 0
> -+
> -+; Comma separated whitelist of URL schemes that are allowed to be included from
> -+; include or require statements. Additionally to URL schemes it is possible to
> -+; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
> -+; specified, then the blacklist is evaluated.
> -+;suhosin.executor.include.whitelist =
> -+
> -+; Comma separated blacklist of URL schemes that are not allowed to be included
> -+; from include or require statements. Additionally to URL schemes it is
> -+; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
> -+; blacklist and no whitelist is specified all URL schemes are forbidden.
> -+;suhosin.executor.include.blacklist =
> -+
> -+; Comma separated whitelist of functions that are allowed to be called. If the
> -+; whitelist is empty the blacklist is evaluated, otherwise calling a function
> -+; not in the whitelist will terminate the script and get logged.
> -+;suhosin.executor.func.whitelist =
> -+
> -+; Comma separated blacklist of functions that are not allowed to be called. If
> -+; no whitelist is given, calling a function within the blacklist will terminate
> -+; the script and get logged.
> -+;suhosin.executor.func.blacklist =
> -+
> -+; Comma separated whitelist of functions that are allowed to be called from
> -+; within eval(). If the whitelist is empty the blacklist is evaluated,
> -+; otherwise calling a function not in the whitelist will terminate the script
> -+; and get logged.
> -+;suhosin.executor.eval.whitelist =
> -+
> -+; Comma separated blacklist of functions that are not allowed to be called from
> -+; within eval(). If no whitelist is given, calling a function within the
> -+; blacklist will terminate the script and get logged.
> -+;suhosin.executor.eval.blacklist =
> -+
> -+; eval() is a very dangerous statement and therefore you might want to disable
> -+; it completely. Deactivating it will however break lots of scripts. Because
> -+; every violation is logged, this allows finding all places where eval() is
> -+; used.
> -+;suhosin.executor.disable_eval = Off
> -+
> -+; The /e modifier inside preg_replace() allows code execution. Often it is the
> -+; cause for remote code execution exploits. It is wise to deactivate this
> -+; feature and test where in the application it is used. The developer using the
> -+; /e modifier should be made aware that he should use preg_replace_callback()
> -+; instead.
> -+;suhosin.executor.disable_emodifier = Off
> -+
> -+; This flag reactivates symlink() when open_basedir is used, which is disabled
> -+; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
> -+; is actually a security risk.
> -+;suhosin.executor.allow_symlink = Off
> -+
> -+; -----------------------------------------------------------------------------
> -+; Misc Options
> -+
> -+; If you fear that Suhosin breaks your application, you can activate Suhosin's
> -+; simulation mode with this flag. When Suhosin runs in simulation mode,
> -+; violations are logged as usual, but nothing is blocked or removed from the
> -+; request. (Transparent Encryptions are NOT deactivated in simulation mode.)
> -+;suhosin.simulation = Off
> -+
> -+; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
> -+; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
> -+; will overwrite the information Suhosin stores in this slot. When this flag is
> -+; set Suhosin will request 2 Slots and use the second one. This allows working
> -+; correctly with these buggy APC versions.
> -+;suhosin.apc_bug_workaround = Off
> -+
> -+; When a SQL Query fails scripts often spit out a bunch of useful information
> -+; for possible attackers. When this configuration directive is turned on, the
> -+; script will silently terminate, after the problem has been logged. (This is
> -+; not yet supported)
> -+;suhosin.sql.bailout_on_error = Off
> -+
> -+; This is an experimental feature for shared environments. With this
> -+; configuration option it is possible to specify a prefix that is automatically
> -+; prepended to the database username, whenever a database connection is made.
> -+; (Unless the username starts with the prefix)
> -+;suhosin.sql.user_prefix =
> -+
> -+; This is an experimental feature for shared environments. With this
> -+; configuration option it is possible to specify a postfix that is
> -+; automatically appended to the database username, whenever a database
> -+; connection is made. (Unless the username end with the postfix)
> -+;
> -+; With this feature it is possible for shared hosters to disallow customers to
> -+; connect with the usernames of other customers. This feature is experimental,
> -+; because support for PDO and PostgreSQL are not yet implemented.
> -+;suhosin.sql.user_postfix =
> -+
> -+; This directive controls if multiple headers are allowed or not in a header()
> -+; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
> -+; multiple lines are still allowed).
> -+;suhosin.multiheader = Off
> -+
> -+; This directive controls if the mail() header protection is activated or not
> -+; and to what degree it is activated. The appended table lists the possible
> -+; activation levels.
> -+suhosin.mail.protect = 1
> -+
> -+; As long scripts are not running within safe_mode they are free to change the
> -+; memory_limit to whatever value they want. Suhosin changes this fact and
> -+; disallows setting the memory_limit to a value greater than the one the script
> -+; started with, when this option is left at 0. A value greater than 0 means
> -+; that Suhosin will disallows scripts setting the memory_limit to a value above
> -+; this configured hard limit. This is for example usefull if you want to run
> -+; the script normaly with a limit of 16M but image processing scripts may raise
> -+; it to 20M.
> -+;suhosin.memory_limit = 0
> -+
> -+; -----------------------------------------------------------------------------
> -+; Transparent Encryption Options
> -+
> -+; Flag that decides if the transparent session encryption is activated or not.
> -+;suhosin.session.encrypt = On
> -+
> -+; Session data can be encrypted transparently. The encryption key used consists
> -+; of this user defined string (which can be altered by a script via ini_set())
> -+; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
> -+; REMOTE_ADDR.
> -+;suhosin.session.cryptkey =
> -+
> -+; Flag that decides if the transparent session encryption key depends on the
> -+; User-Agent field. (When activated this feature transparently adds a little
> -+; bit protection against session fixation/hijacking attacks)
> -+;suhosin.session.cryptua = On
> -+
> -+; Flag that decides if the transparent session encryption key depends on the
> -+; Documentroot field.
> -+;suhosin.session.cryptdocroot = On
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
> -+; encryption key depends on. Keep in mind that this should not be used on sites
> -+; that have visitors from big ISPs, because their IP address often changes
> -+; during a session. But this feature might be interesting for admin interfaces
> -+; or intranets. When used wisely this is a transparent protection against
> -+; session hijacking/fixation.
> -+;suhosin.session.cryptraddr = 0
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
> -+; session. The difference to suhosin.session.cryptaddr is, that the IP is not
> -+; part of the encryption key, so that the same session can be used for
> -+; different areas with different protection levels on the site.
> -+;suhosin.session.checkraddr = 0
> -+
> -+; Flag that decides if the transparent cookie encryption is activated or not.
> -+;suhosin.cookie.encrypt = 0
> -+
> -+; Cookies can be encrypted transparently. The encryption key used consists of
> -+; this user defined string and optionally the User-Agent, the Document-Root and
> -+; 0-4 Octects of the REMOTE_ADDR.
> -+;suhosin.cookie.cryptkey =
> -+
> -+; Flag that decides if the transparent session encryption key depends on the
> -+; User-Agent field. (When activated this feature transparently adds a little
> -+; bit protection against session fixation/hijacking attacks (if only session
> -+; cookies are allowed))
> -+;suhosin.cookie.cryptua = On
> -+
> -+; Flag that decides if the transparent cookie encryption key depends on the
> -+; Documentroot field.
> -+;suhosin.cookie.cryptdocroot = On
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
> -+; encryption key depends on. Keep in mind that this should not be used on sites
> -+; that have visitors from big ISPs, because their IP address often changes
> -+; during a session. But this feature might be interesting for admin interfaces
> -+; or intranets. When used wisely this is a transparent protection against
> -+; session hijacking/fixation.
> -+;suhosin.cookie.cryptraddr = 0
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
> -+; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
> -+; part of the encryption key, so that the same cookie can be used for different
> -+; areas with different protection levels on the site.
> -+;suhosin.cookie.checkraddr = 0
> -+
> -+; In case not all cookies are supposed to get encrypted this is a comma
> -+; separated list of cookie names that should get encrypted. All other cookies
> -+; will not get touched.
> -+;suhosin.cookie.cryptlist =
> -+
> -+; In case some cookies should not be crypted this is a comma separated list of
> -+; cookies that do not get encrypted. All other cookies will be encrypted.
> -+;suhosin.cookie.plainlist =
> -+
> -+; -----------------------------------------------------------------------------
> -+; Filtering Options
> -+
> -+; Defines the reaction of Suhosin on a filter violation.
> -+;suhosin.filter.action =
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; the COOKIE.
> -+;suhosin.cookie.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; the COOKIE.
> -+;suhosin.cookie.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; the COOKIE. For array variables this is the name in front of the indices.
> -+;suhosin.cookie.max_name_length = 64
> -+
> -+; Defines the maximum length of the total variable name when registered through
> -+; the COOKIE. For array variables this includes all indices.
> -+;suhosin.cookie.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through the
> -+; COOKIE.
> -+;suhosin.cookie.max_value_length = 10000
> -+
> -+; Defines the maximum number of variables that may be registered through the
> -+; COOKIE.
> -+;suhosin.cookie.max_vars = 100
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.cookie.disallow_nul = 1
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; the URL
> -+;suhosin.get.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; the URL
> -+;suhosin.get.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; the URL. For array variables this is the name in front of the indices.
> -+;suhosin.get.max_name_length = 64
> -+
> -+; Defines the maximum length of the total variable name when registered through
> -+; the URL. For array variables this includes all indices.
> -+;suhosin.get.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through the URL.
> -+;suhosin.get.max_value_length = 512
> -+
> -+; Defines the maximum number of variables that may be registered through the
> -+; URL.
> -+;suhosin.get.max_vars = 100
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.get.disallow_nul = 1
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; a POST request.
> -+;suhosin.post.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; a POST request.
> -+;suhosin.post.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; a POST request. For array variables this is the name in front of the indices.
> -+;suhosin.post.max_name_length = 64
> -+
> -+; Defines the maximum length of the total variable name when registered through
> -+; a POST request. For array variables this includes all indices.
> -+;suhosin.post.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through a POST
> -+; request.
> -+;suhosin.post.max_value_length = 65000
> -+
> -+; Defines the maximum number of variables that may be registered through a POST
> -+; request.
> -+;suhosin.post.max_vars = 200
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.post.disallow_nul = 1
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; GET , POST or COOKIE. This setting is also an upper limit for the separate
> -+; GET, POST, COOKIE configuration directives.
> -+;suhosin.request.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; GET, POST or COOKIE. This setting is also an upper limit for the separate
> -+; GET, POST, COOKIE configuration directives.
> -+;suhosin.request.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; the COOKIE, the URL or through a POST request. This is the complete name
> -+; string, including all indicies. This setting is also an upper limit for the
> -+; separate GET, POST, COOKIE configuration directives.
> -+;suhosin.request.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through the
> -+; COOKIE, the URL or through a POST request. This setting is also an upper
> -+; limit for the variable origin specific configuration directives.
> -+;suhosin.request.max_value_length = 65000
> -+
> -+; Defines the maximum number of variables that may be registered through the
> -+; COOKIE, the URL or through a POST request. This setting is also an upper
> -+; limit for the variable origin specific configuration directives.
> -+;suhosin.request.max_vars = 200
> -+
> -+; Defines the maximum name length (excluding possible array indicies) of
> -+; variables that may be registered through the COOKIE, the URL or through a
> -+; POST request. This setting is also an upper limit for the variable origin
> -+; specific configuration directives.
> -+;suhosin.request.max_varname_length = 64
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.request.disallow_nul = 1
> -+
> -+; Defines the maximum number of files that may be uploaded with one request.
> -+;suhosin.upload.max_uploads = 25
> -+
> -+; When set to On it is not possible to upload ELF executables.
> -+;suhosin.upload.disallow_elf = 1
> -+
> -+; When set to On it is not possible to upload binary files.
> -+;suhosin.upload.disallow_binary = 0
> -+
> -+; When set to On binary content is removed from the uploaded files.
> -+;suhosin.upload.remove_binary = 0
> -+
> -+; This defines the full path to a verification script for uploaded files. The
> -+; script gets the temporary filename supplied and has to decide if the upload
> -+; is allowed. A possible application for this is to scan uploaded files for
> -+; viruses. The called script has to write a 1 as first line to standard output
> -+; to allow the upload. Any other value or no output at all will result in the
> -+; file being deleted.
> -+;suhosin.upload.verification_script =
> -+
> -+; Specifies the maximum length of the session identifier that is allowed. When
> -+; a longer session identifier is passed a new session identifier will be
> -+; created. This feature is important to fight bufferoverflows in 3rd party
> -+; session handlers.
> -+;suhosin.session.max_id_length = 128
> -+
> -+; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
> -+; detects a bufferoverflow, memory corruption or double free. This is only
> -+; for debugging purposes and should not be activated.
> -+;suhosin.coredump = Off
> -+
> -+; Undocumented: Controls if the encryption keys specified by the configuration
> -+; are shown in the phpinfo() output or if they are hidden from it
> -+;suhosin.protectkey = 1
> -+
> -+; Controls if suhosin loads in stealth mode when it is not the only
> -+; zend_extension (Required for full compatibility with certain encoders
> -+;  that consider open source untrusted. e.g. ionCube, Zend)
> -+;suhosin.stealth = 1
> -+
> -+; Controls if suhosin's ini directives are changeable per directory
> -+; because the admin might want to allow some features to be controlable
> -+; by .htaccess and some not. For example the logging capabilities can
> -+; break safemode and open_basedir restrictions when .htaccess support is
> -+; allowed and the admin forgot to fix their values in httpd.conf
> -+; An empty value or a 0 will result in all directives not allowed in
> -+; .htaccess. The string "legcprsum" will allow logging, execution, get,
> -+; post, cookie, request, sql, upload, misc features in .htaccess
> -+;suhosin.perdir = "0"
> -+
> -+;;;;;;;;;;;;;;;;;;;;;;
> -+; Dynamic Extensions ;
> -+;;;;;;;;;;;;;;;;;;;;;;
> -+;
> -+; If you wish to have an extension loaded automatically, use the following
> -+; syntax:
> -+;
> -+;   extension=modulename.so
> -+;
> -+; Note that it should be the name of the module only; no directory information
> -+; needs to go here.  Specify the location of the extension with the
> -+; extension_dir directive above.
> diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-production mystuff/www/php5/patches/patch-php_ini-production
> --- www/php5/patches/patch-php_ini-production Thu Jan  1 03:00:00 1970
> +++ mystuff/www/php5/patches/patch-php_ini-production Tue Jun 30 23:32:03 2009
> @@ -0,0 +1,150 @@
> +--- php.ini-production.orig Sun Jun 28 21:56:18 2009
> ++++ php.ini-production Tue Jun 30 23:28:20 2009
> +@@ -785,11 +785,8 @@
> + ;;;;;;;;;;;;;;;;;;;;;;;;;
> +
> + ; UNIX: "/path1:/path2"
> +-;include_path = ".:/php/includes"
> ++include_path = ".:OPENBSD_INCLUDE_PATH"
> + ;
> +-; Windows: "\path1;\path2"
> +-;include_path = ".;c:\php\includes"
> +-;
> + ; PHP's default setting for include_path is ".;/path/to/php/pear"
> + ; http://php.net/include-path
> +
> +@@ -808,9 +805,7 @@
> +
> + ; Directory in which the loadable extensions (modules) reside.
> + ; http://php.net/extension-dir
> +-; extension_dir = "./"
> +-; On windows:
> +-; extension_dir = "ext"
> ++extension_dir = "MODULES_DIR"
> +
> + ; Whether or not to enable the dl() function.  The dl() function does NOT work
> + ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
> +@@ -888,7 +883,7 @@
> +
> + ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
> + ; http://php.net/allow-url-fopen
> +-allow_url_fopen = On
> ++allow_url_fopen = Off
> +
> + ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
> + ; http://php.net/allow-url-include
> +@@ -915,78 +910,6 @@
> + ; http://php.net/auto-detect-line-endings
> + ;auto_detect_line_endings = Off
> +
> +-;;;;;;;;;;;;;;;;;;;;;;
> +-; Dynamic Extensions ;
> +-;;;;;;;;;;;;;;;;;;;;;;
> +-
> +-; If you wish to have an extension loaded automatically, use the following
> +-; syntax:
> +-;
> +-;   extension=modulename.extension
> +-;
> +-; For example, on Windows:
> +-;
> +-;   extension=msql.dll
> +-;
> +-; ... or under UNIX:
> +-;
> +-;   extension=msql.so
> +-;
> +-; ... or with a path:
> +-;
> +-;   extension=/path/to/extension/msql.so
> +-;
> +-; If you only provide the name of the extension, PHP will look for it in its
> +-; default extension directory.
> +-;
> +-; Windows Extensions
> +-; Note that ODBC support is built in, so no dll is needed for it.
> +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
> +-; extension folders as well as the separate PECL DLL download (PHP 5).
> +-; Be sure to appropriately set the extension_dir directive.
> +-;
> +-;extension=php_bz2.dll
> +-;extension=php_curl.dll
> +-;extension=php_dba.dll
> +-;extension=php_exif.dll
> +-;extension=php_fileinfo.dll
> +-;extension=php_gd2.dll
> +-;extension=php_gettext.dll
> +-;extension=php_gmp.dll
> +-;extension=php_intl.dll
> +-;extension=php_imap.dll
> +-;extension=php_interbase.dll
> +-;extension=php_ldap.dll
> +-;extension=php_mbstring.dll
> +-;extension=php_ming.dll
> +-;extension=php_mssql.dll
> +-;extension=php_mysql.dll
> +-;extension=php_mysqli.dll
> +-;extension=php_oci8.dll      ; Use with Oracle 10gR2 Instant Client
> +-;extension=php_oci8_11g.dll  ; Use with Oracle 11g Instant Client
> +-;extension=php_openssl.dll
> +-;extension=php_pdo_firebird.dll
> +-;extension=php_pdo_mssql.dll
> +-;extension=php_pdo_mysql.dll
> +-;extension=php_pdo_oci.dll
> +-;extension=php_pdo_odbc.dll
> +-;extension=php_pdo_pgsql.dll
> +-;extension=php_pdo_sqlite.dll
> +-;extension=php_pgsql.dll
> +-;extension=php_phar.dll
> +-;extension=php_pspell.dll
> +-;extension=php_shmop.dll
> +-;extension=php_snmp.dll
> +-;extension=php_soap.dll
> +-;extension=php_sockets.dll
> +-;extension=php_sqlite.dll
> +-;extension=php_sqlite3.dll
> +-;extension=php_sybase_ct.dll
> +-;extension=php_tidy.dll
> +-;extension=php_xmlrpc.dll
> +-;extension=php_xsl.dll
> +-;extension=php_zip.dll
> +-
> + ;;;;;;;;;;;;;;;;;;;
> + ; Module Settings ;
> + ;;;;;;;;;;;;;;;;;;;
> +@@ -1076,16 +999,6 @@
> + define_syslog_variables  = Off
> +
> + [mail function]
> +-; For Win32 only.
> +-; http://php.net/smtp
> +-SMTP = localhost
> +-; http://php.net/smtp-port
> +-smtp_port = 25
> +-
> +-; For Win32 only.
> +-; http://php.net/sendmail-from
> +-;sendmail_from = [hidden email]
> +-
> + ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
> + ; http://php.net/sendmail-path
> + ;sendmail_path =
> +@@ -1881,6 +1794,15 @@
> + [dba]
> + ;dba.default_handler=
> +
> +-; Local Variables:
> +-; tab-width: 4
> +-; End:
> ++;;;;;;;;;;;;;;;;;;;;;;
> ++; Dynamic Extensions ;
> ++;;;;;;;;;;;;;;;;;;;;;;
> ++;
> ++; If you wish to have an extension loaded automatically, use the following
> ++; syntax:
> ++;
> ++;   extension=modulename.so
> ++;
> ++; Note that it should be the name of the module only; no directory information
> ++; needs to go here.  Specify the location of the extension with the
> ++; extension_dir directive above
> diff -uNr --exclude=CVS www/php5/patches/patch-php_ini-recommended mystuff/www/php5/patches/patch-php_ini-recommended
> --- www/php5/patches/patch-php_ini-recommended Wed Jul  8 18:38:42 2009
> +++ mystuff/www/php5/patches/patch-php_ini-recommended Thu Jan  1 03:00:00 1970
> @@ -1,569 +0,0 @@
> -$OpenBSD: patch-php_ini-recommended,v 1.13 2007/11/14 10:53:50 robert Exp $
> ---- php.ini-recommended.orig Wed Aug 22 01:24:18 2007
> -+++ php.ini-recommended Tue Nov 13 11:53:39 2007
> -@@ -516,10 +516,7 @@ default_mimetype = "text/html"
> - ;;;;;;;;;;;;;;;;;;;;;;;;;
> -
> - ; UNIX: "/path1:/path2"
> --;include_path = ".:/php/includes"
> --;
> --; Windows: "\path1;\path2"
> --;include_path = ".;c:\php\includes"
> -+include_path = ".:OPENBSD_INCLUDE_PATH"
> -
> - ; The root of the PHP pages, used only if nonempty.
> - ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
> -@@ -533,7 +530,7 @@ doc_root =
> - user_dir =
> -
> - ; Directory in which the loadable extensions (modules) reside.
> --extension_dir = "./"
> -+extension_dir = "MODULES_DIR"
> -
> - ; Whether or not to enable the dl() function.  The dl() function does NOT work
> - ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
> -@@ -602,7 +599,7 @@ upload_max_filesize = 2M
> - ;;;;;;;;;;;;;;;;;;
> -
> - ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
> --allow_url_fopen = On
> -+allow_url_fopen = Off
> -
> - ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
> - allow_url_include = Off
> -@@ -623,81 +620,6 @@ default_socket_timeout = 60
> - ; fgets() and file() will work regardless of the source of the file.
> - ; auto_detect_line_endings = Off
> -
> --
> --;;;;;;;;;;;;;;;;;;;;;;
> --; Dynamic Extensions ;
> --;;;;;;;;;;;;;;;;;;;;;;
> --;
> --; If you wish to have an extension loaded automatically, use the following
> --; syntax:
> --;
> --;   extension=modulename.extension
> --;
> --; For example, on Windows:
> --;
> --;   extension=msql.dll
> --;
> --; ... or under UNIX:
> --;
> --;   extension=msql.so
> --;
> --; Note that it should be the name of the module only; no directory information
> --; needs to go here.  Specify the location of the extension with the
> --; extension_dir directive above.
> --
> --
> --; Windows Extensions
> --; Note that ODBC support is built in, so no dll is needed for it.
> --; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
> --; extension folders as well as the separate PECL DLL download (PHP 5).
> --; Be sure to appropriately set the extension_dir directive.
> --
> --;extension=php_bz2.dll
> --;extension=php_curl.dll
> --;extension=php_dba.dll
> --;extension=php_dbase.dll
> --;extension=php_exif.dll
> --;extension=php_fdf.dll
> --;extension=php_gd2.dll
> --;extension=php_gettext.dll
> --;extension=php_gmp.dll
> --;extension=php_ifx.dll
> --;extension=php_imap.dll
> --;extension=php_interbase.dll
> --;extension=php_ldap.dll
> --;extension=php_mbstring.dll
> --;extension=php_mcrypt.dll
> --;extension=php_mhash.dll
> --;extension=php_mime_magic.dll
> --;extension=php_ming.dll
> --;extension=php_msql.dll
> --;extension=php_mssql.dll
> --;extension=php_mysql.dll
> --;extension=php_mysqli.dll
> --;extension=php_oci8.dll
> --;extension=php_openssl.dll
> --;extension=php_pdo.dll
> --;extension=php_pdo_firebird.dll
> --;extension=php_pdo_mssql.dll
> --;extension=php_pdo_mysql.dll
> --;extension=php_pdo_oci.dll
> --;extension=php_pdo_oci8.dll
> --;extension=php_pdo_odbc.dll
> --;extension=php_pdo_pgsql.dll
> --;extension=php_pdo_sqlite.dll
> --;extension=php_pgsql.dll
> --;extension=php_pspell.dll
> --;extension=php_shmop.dll
> --;extension=php_snmp.dll
> --;extension=php_soap.dll
> --;extension=php_sockets.dll
> --;extension=php_sqlite.dll
> --;extension=php_sybase_ct.dll
> --;extension=php_tidy.dll
> --;extension=php_xmlrpc.dll
> --;extension=php_xsl.dll
> --;extension=php_zip.dll
> --
> - ;;;;;;;;;;;;;;;;;;;
> - ; Module Settings ;
> - ;;;;;;;;;;;;;;;;;;;
> -@@ -745,13 +667,6 @@ default_socket_timeout = 60
> - define_syslog_variables  = Off
> -
> - [mail function]
> --; For Win32 only.
> --SMTP = localhost
> --smtp_port = 25
> --
> --; For Win32 only.
> --;sendmail_from = [hidden email]
> --
> - ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
> - ;sendmail_path =
> -
> -@@ -1330,6 +1245,436 @@ soap.wsdl_cache_dir="/tmp"
> - ; instead of original one.
> - soap.wsdl_cache_ttl=86400
> -
> --; Local Variables:
> --; tab-width: 4
> --; End:
> -+[suhosin]
> -+; Logging Options
> -+
> -+; Defines what classes of security alerts are logged to the syslog daemon.
> -+; Logging of errors of the class S_MEMORY are always logged to syslog, no
> -+; matter what this configuration says, because a corrupted heap could mean that
> -+; the other logging options will malfunction during the logging process.
> -+;suhosin.log.syslog =
> -+
> -+; Defines the syslog facility that is used when ALERTs are logged to syslog.
> -+;suhosin.log.syslog.facility =
> -+
> -+; Defines the syslog priority that is used when ALERTs are logged to syslog.
> -+;suhosin.log.syslog.priority =
> -+
> -+; Defines what classes of security alerts are logged through the SAPI error log.
> -+;suhosin.log.sapi =
> -+
> -+; Defines what classes of security alerts are logged through the external
> -+; logging.
> -+;suhosin.log.script =
> -+
> -+; Defines what classes of security alerts are logged through the defined PHP
> -+; script.
> -+;suhosin.log.phpscript = 0
> -+
> -+; Defines the full path to a external logging script. The script is called with
> -+; 2 parameters. The first one is the alert class in string notation and the
> -+; second parameter is the log message. This can be used for example to mail
> -+; failing MySQL queries to your email address, because on a production system
> -+; these things should never happen.
> -+;suhosin.log.script.name =
> -+
> -+; Defines the full path to a PHP logging script. The script is called with 2
> -+; variables registered in the current scope: SUHOSIN_ERRORCLASS and
> -+; SUHOSIN_ERROR. The first one is the alert class and the second variable is
> -+; the log message. This can be used for example to mail attempted remote URL
> -+; include attacks to your email address.
> -+;suhosin.log.phpscript.name =
> -+
> -+; Undocumented
> -+;suhosin.log.phpscript.is_safe = Off
> -+
> -+; When the Hardening-Patch logs an error the log message also contains the IP
> -+; of the attacker. Usually this IP is retrieved from the REMOTE_ADDR SAPI
> -+; environment variable. With this switch it is possible to change this behavior
> -+; to read the IP from the X-Forwarded-For HTTP header. This is f.e. necessary
> -+; when your PHP server runs behind a reverse proxy.
> -+;suhosin.log.use-x-forwarded-for = Off
> -+
> -+; -----------------------------------------------------------------------------
> -+; Executor Options
> -+
> -+; Defines the maximum stack depth allowed by the executor before it stops the
> -+; script. Without this function an endless recursion in a PHP script could
> -+; crash the PHP executor or trigger the configured memory_limit. A value of
> -+; "0" disables this feature.
> -+;suhosin.executor.max_depth = 0
> -+
> -+; Defines how many "../" an include filename needs to contain to be considered
> -+; an attack and stopped. A value of "2" will block "../../etc/passwd", while a
> -+; value of "3" will allow it. Most PHP applications should work flawlessly with
> -+; values "4" or "5". A value of "0" disables this feature.
> -+;suhosin.executor.include.max_traversal = 0
> -+
> -+; Comma separated whitelist of URL schemes that are allowed to be included from
> -+; include or require statements. Additionally to URL schemes it is possible to
> -+; specify the beginning of allowed URLs. (f.e.: php://stdin) If no whitelist is
> -+; specified, then the blacklist is evaluated.
> -+;suhosin.executor.include.whitelist =
> -+
> -+; Comma separated blacklist of URL schemes that are not allowed to be included
> -+; from include or require statements. Additionally to URL schemes it is
> -+; possible to specify the beginning of allowed URLs. (f.e.: php://stdin) If no
> -+; blacklist and no whitelist is specified all URL schemes are forbidden.
> -+;suhosin.executor.include.blacklist =
> -+
> -+; Comma separated whitelist of functions that are allowed to be called. If the
> -+; whitelist is empty the blacklist is evaluated, otherwise calling a function
> -+; not in the whitelist will terminate the script and get logged.
> -+;suhosin.executor.func.whitelist =
> -+
> -+; Comma separated blacklist of functions that are not allowed to be called. If
> -+; no whitelist is given, calling a function within the blacklist will terminate
> -+; the script and get logged.
> -+;suhosin.executor.func.blacklist =
> -+
> -+; Comma separated whitelist of functions that are allowed to be called from
> -+; within eval(). If the whitelist is empty the blacklist is evaluated,
> -+; otherwise calling a function not in the whitelist will terminate the script
> -+; and get logged.
> -+;suhosin.executor.eval.whitelist =
> -+
> -+; Comma separated blacklist of functions that are not allowed to be called from
> -+; within eval(). If no whitelist is given, calling a function within the
> -+; blacklist will terminate the script and get logged.
> -+;suhosin.executor.eval.blacklist =
> -+
> -+; eval() is a very dangerous statement and therefore you might want to disable
> -+; it completely. Deactivating it will however break lots of scripts. Because
> -+; every violation is logged, this allows finding all places where eval() is
> -+; used.
> -+;suhosin.executor.disable_eval = Off
> -+
> -+; The /e modifier inside preg_replace() allows code execution. Often it is the
> -+; cause for remote code execution exploits. It is wise to deactivate this
> -+; feature and test where in the application it is used. The developer using the
> -+; /e modifier should be made aware that he should use preg_replace_callback()
> -+; instead.
> -+;suhosin.executor.disable_emodifier = Off
> -+
> -+; This flag reactivates symlink() when open_basedir is used, which is disabled
> -+; by default in Suhosin >= 0.9.6. Allowing symlink() while open_basedir is used
> -+; is actually a security risk.
> -+;suhosin.executor.allow_symlink = Off
> -+
> -+; -----------------------------------------------------------------------------
> -+; Misc Options
> -+
> -+; If you fear that Suhosin breaks your application, you can activate Suhosin's
> -+; simulation mode with this flag. When Suhosin runs in simulation mode,
> -+; violations are logged as usual, but nothing is blocked or removed from the
> -+; request. (Transparent Encryptions are NOT deactivated in simulation mode.)
> -+;suhosin.simulation = Off
> -+
> -+; APC 3.0.12(p1/p2) uses reserved resources without requesting a resource slot
> -+; first. It always uses resource slot 0. If Suhosin got this slot assigned APC
> -+; will overwrite the information Suhosin stores in this slot. When this flag is
> -+; set Suhosin will request 2 Slots and use the second one. This allows working
> -+; correctly with these buggy APC versions.
> -+;suhosin.apc_bug_workaround = Off
> -+
> -+; When a SQL Query fails scripts often spit out a bunch of useful information
> -+; for possible attackers. When this configuration directive is turned on, the
> -+; script will silently terminate, after the problem has been logged. (This is
> -+; not yet supported)
> -+;suhosin.sql.bailout_on_error = Off
> -+
> -+; This is an experimental feature for shared environments. With this
> -+; configuration option it is possible to specify a prefix that is automatically
> -+; prepended to the database username, whenever a database connection is made.
> -+; (Unless the username starts with the prefix)
> -+;suhosin.sql.user_prefix =
> -+
> -+; This is an experimental feature for shared environments. With this
> -+; configuration option it is possible to specify a postfix that is
> -+; automatically appended to the database username, whenever a database
> -+; connection is made. (Unless the username end with the postfix)
> -+;
> -+; With this feature it is possible for shared hosters to disallow customers to
> -+; connect with the usernames of other customers. This feature is experimental,
> -+; because support for PDO and PostgreSQL are not yet implemented.
> -+;suhosin.sql.user_postfix =
> -+
> -+; This directive controls if multiple headers are allowed or not in a header()
> -+; call. By default the Hardening-Patch forbids this. (HTTP headers spanning
> -+; multiple lines are still allowed).
> -+;suhosin.multiheader = Off
> -+
> -+; This directive controls if the mail() header protection is activated or not
> -+; and to what degree it is activated. The appended table lists the possible
> -+; activation levels.
> -+suhosin.mail.protect = 1
> -+
> -+; As long scripts are not running within safe_mode they are free to change the
> -+; memory_limit to whatever value they want. Suhosin changes this fact and
> -+; disallows setting the memory_limit to a value greater than the one the script
> -+; started with, when this option is left at 0. A value greater than 0 means
> -+; that Suhosin will disallows scripts setting the memory_limit to a value above
> -+; this configured hard limit. This is for example usefull if you want to run
> -+; the script normaly with a limit of 16M but image processing scripts may raise
> -+; it to 20M.
> -+;suhosin.memory_limit = 0
> -+
> -+; -----------------------------------------------------------------------------
> -+; Transparent Encryption Options
> -+
> -+; Flag that decides if the transparent session encryption is activated or not.
> -+;suhosin.session.encrypt = On
> -+
> -+; Session data can be encrypted transparently. The encryption key used consists
> -+; of this user defined string (which can be altered by a script via ini_set())
> -+; and optionally the User-Agent, the Document-Root and 0-4 Octects of the
> -+; REMOTE_ADDR.
> -+;suhosin.session.cryptkey =
> -+
> -+; Flag that decides if the transparent session encryption key depends on the
> -+; User-Agent field. (When activated this feature transparently adds a little
> -+; bit protection against session fixation/hijacking attacks)
> -+;suhosin.session.cryptua = On
> -+
> -+; Flag that decides if the transparent session encryption key depends on the
> -+; Documentroot field.
> -+;suhosin.session.cryptdocroot = On
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that the transparent session
> -+; encryption key depends on. Keep in mind that this should not be used on sites
> -+; that have visitors from big ISPs, because their IP address often changes
> -+; during a session. But this feature might be interesting for admin interfaces
> -+; or intranets. When used wisely this is a transparent protection against
> -+; session hijacking/fixation.
> -+;suhosin.session.cryptraddr = 0
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
> -+; session. The difference to suhosin.session.cryptaddr is, that the IP is not
> -+; part of the encryption key, so that the same session can be used for
> -+; different areas with different protection levels on the site.
> -+;suhosin.session.checkraddr = 0
> -+
> -+; Flag that decides if the transparent cookie encryption is activated or not.
> -+;suhosin.cookie.encrypt = 0
> -+
> -+; Cookies can be encrypted transparently. The encryption key used consists of
> -+; this user defined string and optionally the User-Agent, the Document-Root and
> -+; 0-4 Octects of the REMOTE_ADDR.
> -+;suhosin.cookie.cryptkey =
> -+
> -+; Flag that decides if the transparent session encryption key depends on the
> -+; User-Agent field. (When activated this feature transparently adds a little
> -+; bit protection against session fixation/hijacking attacks (if only session
> -+; cookies are allowed))
> -+;suhosin.cookie.cryptua = On
> -+
> -+; Flag that decides if the transparent cookie encryption key depends on the
> -+; Documentroot field.
> -+;suhosin.cookie.cryptdocroot = On
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that the transparent cookie
> -+; encryption key depends on. Keep in mind that this should not be used on sites
> -+; that have visitors from big ISPs, because their IP address often changes
> -+; during a session. But this feature might be interesting for admin interfaces
> -+; or intranets. When used wisely this is a transparent protection against
> -+; session hijacking/fixation.
> -+;suhosin.cookie.cryptraddr = 0
> -+
> -+; Number of octets (0-4) from the REMOTE_ADDR that have to match to decrypt the
> -+; cookie. The difference to suhosin.cookie.cryptaddr is, that the IP is not
> -+; part of the encryption key, so that the same cookie can be used for different
> -+; areas with different protection levels on the site.
> -+;suhosin.cookie.checkraddr = 0
> -+
> -+; In case not all cookies are supposed to get encrypted this is a comma
> -+; separated list of cookie names that should get encrypted. All other cookies
> -+; will not get touched.
> -+;suhosin.cookie.cryptlist =
> -+
> -+; In case some cookies should not be crypted this is a comma separated list of
> -+; cookies that do not get encrypted. All other cookies will be encrypted.
> -+;suhosin.cookie.plainlist =
> -+
> -+; -----------------------------------------------------------------------------
> -+; Filtering Options
> -+
> -+; Defines the reaction of Suhosin on a filter violation.
> -+;suhosin.filter.action =
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; the COOKIE.
> -+;suhosin.cookie.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; the COOKIE.
> -+;suhosin.cookie.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; the COOKIE. For array variables this is the name in front of the indices.
> -+;suhosin.cookie.max_name_length = 64
> -+
> -+; Defines the maximum length of the total variable name when registered through
> -+; the COOKIE. For array variables this includes all indices.
> -+;suhosin.cookie.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through the
> -+; COOKIE.
> -+;suhosin.cookie.max_value_length = 10000
> -+
> -+; Defines the maximum number of variables that may be registered through the
> -+; COOKIE.
> -+;suhosin.cookie.max_vars = 100
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.cookie.disallow_nul = 1
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; the URL
> -+;suhosin.get.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; the URL
> -+;suhosin.get.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; the URL. For array variables this is the name in front of the indices.
> -+;suhosin.get.max_name_length = 64
> -+
> -+; Defines the maximum length of the total variable name when registered through
> -+; the URL. For array variables this includes all indices.
> -+;suhosin.get.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through the URL.
> -+;suhosin.get.max_value_length = 512
> -+
> -+; Defines the maximum number of variables that may be registered through the
> -+; URL.
> -+;suhosin.get.max_vars = 100
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.get.disallow_nul = 1
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; a POST request.
> -+;suhosin.post.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; a POST request.
> -+;suhosin.post.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; a POST request. For array variables this is the name in front of the indices.
> -+;suhosin.post.max_name_length = 64
> -+
> -+; Defines the maximum length of the total variable name when registered through
> -+; a POST request. For array variables this includes all indices.
> -+;suhosin.post.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through a POST
> -+; request.
> -+;suhosin.post.max_value_length = 65000
> -+
> -+; Defines the maximum number of variables that may be registered through a POST
> -+; request.
> -+;suhosin.post.max_vars = 200
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.post.disallow_nul = 1
> -+
> -+; Defines the maximum depth an array variable may have, when registered through
> -+; GET , POST or COOKIE. This setting is also an upper limit for the separate
> -+; GET, POST, COOKIE configuration directives.
> -+;suhosin.request.max_array_depth = 50
> -+
> -+; Defines the maximum length of array indices for variables registered through
> -+; GET, POST or COOKIE. This setting is also an upper limit for the separate
> -+; GET, POST, COOKIE configuration directives.
> -+;suhosin.request.max_array_index_length = 64
> -+
> -+; Defines the maximum length of variable names for variables registered through
> -+; the COOKIE, the URL or through a POST request. This is the complete name
> -+; string, including all indicies. This setting is also an upper limit for the
> -+; separate GET, POST, COOKIE configuration directives.
> -+;suhosin.request.max_totalname_length = 256
> -+
> -+; Defines the maximum length of a variable that is registered through the
> -+; COOKIE, the URL or through a POST request. This setting is also an upper
> -+; limit for the variable origin specific configuration directives.
> -+;suhosin.request.max_value_length = 65000
> -+
> -+; Defines the maximum number of variables that may be registered through the
> -+; COOKIE, the URL or through a POST request. This setting is also an upper
> -+; limit for the variable origin specific configuration directives.
> -+;suhosin.request.max_vars = 200
> -+
> -+; Defines the maximum name length (excluding possible array indicies) of
> -+; variables that may be registered through the COOKIE, the URL or through a
> -+; POST request. This setting is also an upper limit for the variable origin
> -+; specific configuration directives.
> -+;suhosin.request.max_varname_length = 64
> -+
> -+; When set to On ASCIIZ chars are not allowed in variables.
> -+;suhosin.request.disallow_nul = 1
> -+
> -+; Defines the maximum number of files that may be uploaded with one request.
> -+;suhosin.upload.max_uploads = 25
> -+
> -+; When set to On it is not possible to upload ELF executables.
> -+;suhosin.upload.disallow_elf = 1
> -+
> -+; When set to On it is not possible to upload binary files.
> -+;suhosin.upload.disallow_binary = 0
> -+
> -+; When set to On binary content is removed from the uploaded files.
> -+;suhosin.upload.remove_binary = 0
> -+
> -+; This defines the full path to a verification script for uploaded files. The
> -+; script gets the temporary filename supplied and has to decide if the upload
> -+; is allowed. A possible application for this is to scan uploaded files for
> -+; viruses. The called script has to write a 1 as first line to standard output
> -+; to allow the upload. Any other value or no output at all will result in the
> -+; file being deleted.
> -+;suhosin.upload.verification_script =
> -+
> -+; Specifies the maximum length of the session identifier that is allowed. When
> -+; a longer session identifier is passed a new session identifier will be
> -+; created. This feature is important to fight bufferoverflows in 3rd party
> -+; session handlers.
> -+;suhosin.session.max_id_length = 128
> -+
> -+; Undocumented: Controls if suhosin coredumps when the optional suhosin patch
> -+; detects a bufferoverflow, memory corruption or double free. This is only
> -+; for debugging purposes and should not be activated.
> -+;suhosin.coredump = Off
> -+
> -+; Undocumented: Controls if the encryption keys specified by the configuration
> -+; are shown in the phpinfo() output or if they are hidden from it
> -+;suhosin.protectkey = 1
> -+
> -+; Controls if suhosin loads in stealth mode when it is not the only
> -+; zend_extension (Required for full compatibility with certain encoders
> -+;  that consider open source untrusted. e.g. ionCube, Zend)
> -+;suhosin.stealth = 1
> -+
> -+; Controls if suhosin's ini directives are changeable per directory
> -+; because the admin might want to allow some features to be controlable
> -+; by .htaccess and some not. For example the logging capabilities can
> -+; break safemode and open_basedir restrictions when .htaccess support is
> -+; allowed and the admin forgot to fix their values in httpd.conf
> -+; An empty value or a 0 will result in all directives not allowed in
> -+; .htaccess. The string "legcprsum" will allow logging, execution, get,
> -+; post, cookie, request, sql, upload, misc features in .htaccess
> -+;suhosin.perdir = "0"
> -+
> -+;;;;;;;;;;;;;;;;;;;;;;
> -+; Dynamic Extensions ;
> -+;;;;;;;;;;;;;;;;;;;;;;
> -+;
> -+; If you wish to have an extension loaded automatically, use the following
> -+; syntax:
> -+;
> -+;   extension=modulename.so
> -+;
> -+; Note that it should be the name of the module only; no directory information
> -+; needs to go here.  Specify the location of the extension with the
> -+; extension_dir directive above.