pkgsrc-changes: CVS commit: pkgsrc

Subject: CVS commit: pkgsrc
To: None <pkgsrc-changes@NetBSD.org>
From: Quentin Garnier <cube@netbsd.org>
List: pkgsrc-changes
Date: 04/14/2006 13:47:30

Module Name:	pkgsrc
Committed By:	cube
Date:		Fri Apr 14 13:47:30 UTC 2006

Modified Files:
	pkgsrc/lang/php5: Makefile Makefile.php distinfo
	pkgsrc/www/ap-php: Makefile
	pkgsrc/www/php4: Makefile distinfo

Log Message:
PHP4/5 security changes...  They're not critical issues;  secunia classes
them between "not critical" and "less critical".

Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.

See:
    http://secunia.com/advisories/19383/
    http://secunia.com/advisories/19599/

Patches were extracted from CVS.  I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why;  I can confirm it fixes the issue).

While here, add PATCHDIR to the list of variables php5's Makefile.php
defines.  That way, ap-php gets patched too...


To generate a diff of this commit:
cvs rdiff -r1.28 -r1.29 pkgsrc/lang/php5/Makefile
cvs rdiff -r1.17 -r1.18 pkgsrc/lang/php5/Makefile.php
cvs rdiff -r1.14 -r1.15 pkgsrc/lang/php5/distinfo
cvs rdiff -r1.8 -r1.9 pkgsrc/www/ap-php/Makefile
cvs rdiff -r1.62 -r1.63 pkgsrc/www/php4/Makefile
cvs rdiff -r1.51 -r1.52 pkgsrc/www/php4/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.