--- - branch: MAIN date: Fri Dec 5 13:07:37 UTC 2008 files: - new: '1.67' old: '1.66' path: pkgsrc/lang/php5/Makefile pathrev: pkgsrc/lang/php5/Makefile@1.67 type: modified - new: '1.31' old: '1.30' path: pkgsrc/lang/php5/Makefile.common pathrev: pkgsrc/lang/php5/Makefile.common@1.31 type: modified - new: '1.17' old: '1.16' path: pkgsrc/lang/php5/PLIST pathrev: pkgsrc/lang/php5/PLIST@1.17 type: modified - new: '1.54' old: '1.53' path: pkgsrc/lang/php5/distinfo pathrev: pkgsrc/lang/php5/distinfo@1.54 type: modified - new: '0' old: '1.4' path: pkgsrc/lang/php5/patches/patch-ak pathrev: pkgsrc/lang/php5/patches/patch-ak@0 type: deleted id: 20081205T130737Z.06924744b4d7a138d22aa5061696976c02f3fc2e log: | Update to 5.2.7. Security Enhancements and Fixes in PHP 5.2.7: Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) Key enhancements in PHP 5.2.7 include: Fixed several memory leaks inside the readline and sqlite extensions A number of corrections relating to date parsing inside the date extension Fixed bugs relating to data retrieval in the PDO extension A series of crashes in various areas of code were resolved Several corrections were made to the strip_tags() function in terms of < and