On Sun, Nov 27, 2005 at 04:57:08PM +0100, Chris Jones wrote:
> 1.  As discussed in the PHP bug database at
> <http://bugs.php.net/bug.php?id=35096>, and previously on this list,
> there's an outstanding PHP bug that prevents some apps -- notably
> gallery and drupal -- from working correctly with apache.  That page
> mentions what is apparently a commit message from FreeBSD:
>
> - Fix pear pkg-plist
> - Increase pear memory limit (requested by amd64)
> - Revert apache2handler to the latest working version found in
>   PHP 4.4.0, since PHP developers seem not interested in
>   fixing the bug with apache2 and mod_rewrite
> 
> Would it be possible to do a similar fix for pkgsrc?

The fix has been already applied to php4 4.4.1 pkg by Manuel Bowyer.

> 2.  I've temporarily fixed my own server by installing lang/php5 with
> the "hardening" patch from <http://www.hardened-php.net/>.  Applying
> that patch required quite a bit of hacking, and I'm now sure that my
> PLIST files are wrong.  That pkg has had a known vulnerability for a
> while now, which the hardening patch claims to fix.  Would it be
> reasonable to make that patch part of the normal pkgsrc kit?

I'm finalizing build testing updated php5 package (5.1.0 was released
couple days ago), which adresses all the security problems
in php5.

Jaromir
-- 
Jaromir Dolecek <jdolecek@NetBSD.org>            http://www.NetBSD.cz/
-=- We can walk our road together if our goals are all the same;     -=-
-=- We can run alone and free if we pursue a different aim.          -=-