Here is an update to pecl-APC 3.1.7. I don't use this opcode cache so please test.
Index: Makefile =================================================================== RCS file: /home/cvs/ports/www/pecl-APC/Makefile,v retrieving revision 1.15 diff -u -p -r1.15 Makefile --- Makefile 22 Nov 2010 08:36:52 -0000 1.15 +++ Makefile 16 Jan 2011 06:21:55 -0000 @@ -4,7 +4,7 @@ SHARED_ONLY= Yes COMMENT= Alternative PHP Cache -DISTNAME= APC-3.1.2 +DISTNAME= APC-3.1.7 PKGNAME= pecl-${DISTNAME} CATEGORIES= www @@ -12,7 +12,7 @@ HOMEPAGE= http://pecl.php.net/package/AP MAINTAINER= William Yodlowsky <b...@openbsd.rutgers.edu> -# PHP License +# PHP PERMIT_PACKAGE_CDROM= Yes PERMIT_PACKAGE_FTP= Yes PERMIT_DISTFILES_CDROM= Yes Index: distinfo =================================================================== RCS file: /home/cvs/ports/www/pecl-APC/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo 22 Apr 2009 21:24:09 -0000 1.6 +++ distinfo 16 Jan 2011 06:22:01 -0000 @@ -1,5 +1,5 @@ -MD5 (APC-3.1.2.tgz) = ChjPFks+BE4n7dTB2MMUXA== -RMD160 (APC-3.1.2.tgz) = DisETjfhYfpEnV0npyGBIFrffhg= -SHA1 (APC-3.1.2.tgz) = rr2GawZ3mBTpr1rhaUhoc0fFAFQ= -SHA256 (APC-3.1.2.tgz) = B4WUrCCOcfRpUpjDLIrBDP70mwnvCESywkJnag6qVF4= -SIZE (APC-3.1.2.tgz) = 123459 +MD5 (APC-3.1.7.tgz) = lCOYZuXRuQ4CZ16Yily61A== +RMD160 (APC-3.1.7.tgz) = Ujw7auxrcSqJ42JDy3vyoyl656w= +SHA1 (APC-3.1.7.tgz) = /TCqecdjLz2pAZM3apEVLRV/qR8= +SHA256 (APC-3.1.7.tgz) = mlJr2qUeyOhMJBPg+cFQmblRw5yZVDn/L1SjNAqHm3Y= +SIZE (APC-3.1.7.tgz) = 152735 Index: patches/patch-apc_php =================================================================== RCS file: patches/patch-apc_php diff -N patches/patch-apc_php --- patches/patch-apc_php 22 Apr 2009 21:24:09 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,37 +0,0 @@ -$OpenBSD: patch-apc_php,v 1.2 2009/04/22 21:24:09 jasper Exp $ - -"Get rid of very contrived local-user XSS - can't be triggered from external" -from upstream CVS - ---- apc.php.orig Fri Dec 12 12:37:26 2008 -+++ apc.php Wed Apr 22 10:32:53 2009 -@@ -61,7 +61,7 @@ function defaults($d,$v) { - - // rewrite $PHP_SELF to block XSS attacks - // --$PHP_SELF= isset($_SERVER['PHP_SELF']) ? htmlentities(strip_tags($_SERVER['PHP_SELF'],''), ENT_QUOTES) : ''; -+$PHP_SELF= isset($_SERVER['PHP_SELF']) ? htmlentities(strip_tags($_SERVER['PHP_SELF'],''), ENT_QUOTES, 'UTF-8') : ''; - $time = time(); - $host = getenv('HOSTNAME'); - if($host) { $host = '('.$host.')'; } -@@ -1091,7 +1091,7 @@ EOB; - } - if (!$AUTHENTICATED) { - // hide all path entries if not logged in -- $list[$k.$entry[$fieldname]]=preg_replace('/^.*(\\/|\\\\)/','<i><hidden></i>/',$entry); -+ $list[$k.$entry[$fieldname]]=preg_replace('/^.*(\\/|\\\\)/','*hidden*/',$entry); - } else { - $list[$k.$entry[$fieldname]]=$entry; - } -@@ -1110,9 +1110,10 @@ EOB; - $i=0; - foreach($list as $k => $entry) { - if(!$MYREQUEST['SEARCH'] || preg_match($MYREQUEST['SEARCH'], $entry[$fieldname]) != 0) { -+ $field_value = htmlentities(strip_tags($entry[$fieldname],''), ENT_QUOTES, 'UTF-8'); - echo - '<tr class=tr-',$i%2,'>', -- "<td class=td-0><a href=\"$MY_SELF&OB=",$MYREQUEST['OB'],"&SH=",md5($entry[$fieldkey]),"\">",$entry[$fieldname],'</a></td>', -+ "<td class=td-0><a href=\"$MY_SELF&OB=",$MYREQUEST['OB'],"&SH=",md5($entry[$fieldkey]),"\">",$field_value,'</a></td>', - '<td class="td-n center">',$entry['num_hits'],'</td>', - '<td class="td-n right">',$entry['mem_size'],'</td>', - '<td class="td-n center">',date(DATE_FORMAT,$entry['access_time']),'</td>', -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.