Update to 5.2.7.

Security Enhancements and Fixes in PHP 5.2.7:

Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371)
Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz.
Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz.
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660)
Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829)
Key enhancements in PHP 5.2.7 include:

Fixed several memory leaks inside the readline and sqlite extensions
A number of corrections relating to date parsing inside the date extension
Fixed bugs relating to data retrieval in the PDO extension
A series of crashes in various areas of code were resolved
Several corrections were made to the strip_tags() function in terms of < and <?XML handling
A number of bugs were fixed in extract() function when EXTR_REFS flag is being used
Added the ability to log PHP errors to the SAPI (Ex. Apache log) logging facility
Over 170 bug fixes.

5 files changed, 8 insertions, 178 deletions

diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index d5e450d9b73..c5fe536969b 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.66 2008/08/17 18:36:50 adrianp Exp $
+# $NetBSD: Makefile,v 1.67 2008/12/05 13:07:37 adrianp Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
 CATEGORIES=		lang
-PKGREVISION=		2
 HOMEPAGE=		http://www.php.net/
 COMMENT=		PHP Hypertext Preprocessor version 5
 
diff --git a/lang/php5/Makefile.common b/lang/php5/Makefile.common
index e04a744dad1..220defdaf10 100644
--- a/lang/php5/Makefile.common
+++ b/lang/php5/Makefile.common
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.30 2008/07/08 20:28:55 adrianp Exp $
+# $NetBSD: Makefile.common,v 1.31 2008/12/05 13:07:37 adrianp Exp $
 # used by lang/php5/Makefile.php
 
 .if !defined(DISTNAME)
@@ -16,7 +16,7 @@ EXTRACT_SUFX?=		.tar.bz2
 MAINTAINER?=		jdolecek@NetBSD.org
 HOMEPAGE?=		http://www.php.net/
 
-PHP_BASE_VERS=		5.2.6
+PHP_BASE_VERS=		5.2.7
 
 PHP_EXTENSION_DIR=	lib/php/20040412
 PLIST_SUBST+=		PHP_EXTENSION_DIR=${PHP_EXTENSION_DIR:Q}
diff --git a/lang/php5/PLIST b/lang/php5/PLIST
index 195d12745c6..99d67690cf9 100644
--- a/lang/php5/PLIST
+++ b/lang/php5/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.16 2007/09/02 21:12:41 jdolecek Exp $
+@comment $NetBSD: PLIST,v 1.17 2008/12/05 13:07:37 adrianp Exp $
 bin/php
 bin/php-config
 bin/phpize
@@ -87,7 +87,6 @@ include/php/ext/pcre/pcrelib/pcre.h
 include/php/ext/pcre/pcrelib/pcre_internal.h
 include/php/ext/pcre/pcrelib/pcreposix.h
 include/php/ext/pcre/pcrelib/ucp.h
-include/php/ext/pcre/pcrelib/ucpinternal.h
 include/php/ext/pcre/pcrelib/ucptable.h
 include/php/ext/pcre/php_pcre.h
 include/php/ext/session/mod_files.h
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 34967e8efc4..52c5a124271 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,14 +1,13 @@
-$NetBSD: distinfo,v 1.53 2008/10/28 07:07:58 adam Exp $
+$NetBSD: distinfo,v 1.54 2008/12/05 13:07:37 adrianp Exp $
 
-SHA1 (php-5.2.6/php-5.2.6.tar.bz2) = 2a2b1afa657a7739a23784c869d57c3e0a7ad6b4
-RMD160 (php-5.2.6/php-5.2.6.tar.bz2) = 27f730d4b1ceb1c42ff03618dbfa0dc87a00990b
-Size (php-5.2.6/php-5.2.6.tar.bz2) = 9571312 bytes
+SHA1 (php-5.2.7/php-5.2.7.tar.bz2) = ffd64523c140594da7aa45d017c459b59c55d161
+RMD160 (php-5.2.7/php-5.2.7.tar.bz2) = f5f34065436bb91277edde1e2a7d99f4b35ae477
+Size (php-5.2.7/php-5.2.7.tar.bz2) = 9826432 bytes
 SHA1 (patch-aa) = 20bc3831e435182d014b11ae9f1f6c537a21af20
 SHA1 (patch-ad) = b324c33b1e70adee5b89dcecdd7690dcadcc18ec
 SHA1 (patch-ag) = 4ccb67ba6f5370b1d16b087e3e714de3e5ae604e
 SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
-SHA1 (patch-ak) = e3c654de196dc4b693b2d95e3ee131fa147125bc
 SHA1 (patch-al) = 0ee37782cc0d3bf5ede1a583de0589c2c1316b50
 SHA1 (patch-an) = d0578fa2d00932d6b5d97dfff525f4c0f9586bd5
 SHA1 (patch-ap) = 5eb0e0e4244a993da93e36f8fcb5553454207fce
diff --git a/lang/php5/patches/patch-ak b/lang/php5/patches/patch-ak
deleted file mode 100644
index 094544f206c..00000000000
--- a/lang/php5/patches/patch-ak
+++ /dev/null
@@ -1,167 +0,0 @@
-$NetBSD: patch-ak,v 1.4 2008/03/04 17:13:49 sborrill Exp $
-
---- ext/imap/php_imap.c.orig	2007-07-31 01:31:10.000000000 +0100
-+++ ext/imap/php_imap.c	2008-03-04 18:14:19.000000000 +0000
-@@ -70,6 +70,7 @@
- static void _php_imap_add_body(zval *arg, BODY *body TSRMLS_DC);
- static void _php_imap_parse_address(ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC);
- static int _php_imap_address_size(ADDRESS *addresslist);
-+static void _php_rfc822_write_address_len (char *dest, ADDRESS *adr, int len);
- 
- /* the gets we use */
- static char *php_mail_gets(readfn_t f, void *stream, unsigned long size, GETS_DATA *md);
-@@ -452,6 +453,11 @@
- {
- 	unsigned long sa_all =	SA_MESSAGES | SA_RECENT | SA_UNSEEN | SA_UIDNEXT | SA_UIDVALIDITY;
- 
-+/*
-+ * Optionally use the installed c-client linkage.c to determine which drivers
-+ * are authenticators are linked in. Otherwise use this fixed list.
-+ */
-+#ifndef HAVE_IMAP_LINKAGE
- #ifndef PHP_WIN32
- 	mail_link(&unixdriver);		/* link in the unix driver */
- 	mail_link(&mhdriver);		/* link in the mh driver */
-@@ -467,6 +473,10 @@
- 	mail_link(&tenexdriver);	/* link in the tenex driver */
- 	mail_link(&mtxdriver);		/* link in the mtx driver */
- 	mail_link(&dummydriver);	/* link in the dummy driver */
-+#else /* HAVE_IMAP_LINKAGE */
-+        /* link in the c-client mail and auth drivers */
-+#include "linkage.c"
-+#endif /* HAVE_IMAP_LINKAGE */
- 
- #ifndef PHP_WIN32
- 	auth_link(&auth_log);		/* link in the log authenticator */
-@@ -1603,18 +1613,21 @@
- 	}
- 	
- 	PHP_IMAP_CHECK_MSGNO(Z_LVAL_PP(msgno));
--
-+	printf("mail_fetchstructure\n");
- 	if (mail_fetchstructure(imap_le_struct->imap_stream, Z_LVAL_PP(msgno), NIL)) {
- 		cache = mail_elt(imap_le_struct->imap_stream, Z_LVAL_PP(msgno));
- 	} else {
- 		RETURN_FALSE;
- 	}
- 	
-+	printf("mail_fetchenvelope a\n");
- 	en = mail_fetchenvelope(imap_le_struct->imap_stream, Z_LVAL_PP(msgno));
-+	printf("mail_fetchenvelope b\n");
- 
- 	/* call a function to parse all the text, so that we can use the
- 	   same function to parse text from other sources */
- 	_php_make_header_object(return_value, en TSRMLS_CC);
-+	printf("mail_fetchenvelope c\n");
- 	
- 	/* now run through properties that are only going to be returned
- 	   from a server, not text headers */
-@@ -1624,6 +1637,7 @@
- 	add_property_string(return_value, "Answered", cache->answered ? "A" : " ", 1);
- 	add_property_string(return_value, "Deleted", cache->deleted ? "D" : " ", 1);
- 	add_property_string(return_value, "Draft", cache->draft ? "X" : " ", 1);
-+	printf("mail_fetchenvelope d\n");
- 	
- 	snprintf(dummy, sizeof(dummy), "%4ld", cache->msgno);
- 	add_property_string(return_value, "Msgno", dummy, 1);
-@@ -1646,6 +1660,7 @@
- 		mail_fetchsubject(fulladdress, imap_le_struct->imap_stream, Z_LVAL_PP(msgno), Z_LVAL_PP(subjectlength));
- 		add_property_string(return_value, "fetchsubject", fulladdress, 1);
- 	}
-+	printf("mail_fetchenvelope e\n");
- }
- /* }}} */
- 
-@@ -2105,7 +2120,6 @@
- 	zval **mailbox, **host, **personal;
- 	ADDRESS *addr;
- 	char string[MAILTMPLEN];
--
- 	if (ZEND_NUM_ARGS() != 3 || zend_get_parameters_ex(3, &mailbox, &host, &personal) == FAILURE) {
- 		ZEND_WRONG_PARAM_COUNT();
- 	}
-@@ -2137,7 +2151,7 @@
- 	}
- 
- 	string[0]='\0';
--	rfc822_write_address(string, addr);
-+	_php_rfc822_write_address_len(string, addr, sizeof(string));
- 	RETVAL_STRING(string, 1);
- }
- /* }}} */
-@@ -2906,13 +2920,13 @@
- 				if (env->from && _php_imap_address_size(env->from) < MAILTMPLEN) {
- 					env->from->next=NULL;
- 					address[0] = '\0';
--					rfc822_write_address(address, env->from);
-+					_php_rfc822_write_address_len(address, env->from, sizeof(address));
- 					add_property_string(myoverview, "from", address, 1);
- 				}
- 				if (env->to && _php_imap_address_size(env->to) < MAILTMPLEN) {
- 					env->to->next = NULL;
- 					address[0] = '\0';
--					rfc822_write_address(address, env->to);
-+					_php_rfc822_write_address_len(address, env->to, sizeof(address));
- 					add_property_string(myoverview, "to", address, 1);
- 				}
- 				if (env->date) {
-@@ -3868,6 +3882,7 @@
- 		ret += _php_rfc822_len(tmp->mailbox);
- 		ret += _php_rfc822_len(tmp->host);
- 		num_ent++;
-+		printf("%d:%s %s %s %s\n",num_ent,tmp->personal,tmp->adl,tmp->mailbox,tmp->host);
- 	} while ((tmp = tmp->next));
- 
- 	/* 
-@@ -3883,6 +3898,33 @@
- /* }}} */
- 
- 
-+/* {{{ _php_rfc822_soutr
-+ */
-+static long _php_rfc822_soutr (void *stream,char *string)
-+{
-+	return NIL;
-+}
-+
-+/* }}} */
-+
-+
-+/* {{{ _php_rfc822_write_address_len
-+ */
-+static void _php_rfc822_write_address_len ( char *dest, ADDRESS *adr, int len)
-+{
-+	RFC822BUFFER buf;
-+	buf.beg = dest;
-+	buf.cur = buf.beg;
-+	buf.end = buf.beg + len - 1;
-+	buf.s = NIL;
-+	buf.f = _php_rfc822_soutr;
-+	rfc822_output_address_list (&buf, adr, 0, NIL);
-+	*buf.cur = '\0';
-+}
-+	
-+/* }}} */
-+
-+
- /* {{{ _php_imap_parse_address
-  */
- static void _php_imap_parse_address (ADDRESS *addresslist, char **fulladdress, zval *paddress TSRMLS_DC)
-@@ -3891,13 +3933,15 @@
- 	zval *tmpvals;
- 	char *tmpstr;
- 	int len=0;
--		
-+
-+	
- 	addresstmp = addresslist;
- 
- 	if ((len = _php_imap_address_size(addresstmp))) {
- 		tmpstr = (char *) pemalloc(len + 1, 1);
- 		tmpstr[0] = '\0';
--		rfc822_write_address(tmpstr, addresstmp);
-+
-+		_php_rfc822_write_address_len(tmpstr, addresstmp, len);
- 		*fulladdress = tmpstr;
- 	} else {
- 		*fulladdress = NULL;