PHP4/5 security changes... They're not critical issues; secunia classes

them between "not critical" and "less critical".

Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.

See:
    http://secunia.com/advisories/19383/
    http://secunia.com/advisories/19599/

Patches were extracted from CVS.  I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why;  I can confirm it fixes the issue).

While here, add PATCHDIR to the list of variables php5's Makefile.php
defines.  That way, ap-php gets patched too...

6 files changed, 16 insertions, 8 deletions

diff --git a/lang/php5/Makefile b/lang/php5/Makefile
index 1ba0bb7789a..be2ba45423b 100644
--- a/lang/php5/Makefile
+++ b/lang/php5/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.28 2006/02/17 09:48:01 adam Exp $
+# $NetBSD: Makefile,v 1.29 2006/04/14 13:47:29 cube Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
-#PKGREVISION=		1
+PKGREVISION=		1
 CATEGORIES=		lang
 
 HOMEPAGE=		http://www.php.net/
diff --git a/lang/php5/Makefile.php b/lang/php5/Makefile.php
index 4a9323ac1e3..d76537d4344 100644
--- a/lang/php5/Makefile.php
+++ b/lang/php5/Makefile.php
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile.php,v 1.17 2005/12/05 23:55:10 rillig Exp $
+# $NetBSD: Makefile.php,v 1.18 2006/04/14 13:47:29 cube Exp $
 #
 
 .include "../../lang/php5/Makefile.common"
 
 DISTINFO_FILE=	${.CURDIR}/../../lang/php5/distinfo
+PATCHDIR=	${.CURDIR}/../../lang/php5/patches
 
 BUILD_DEFS+=		USE_INET6
 
diff --git a/lang/php5/distinfo b/lang/php5/distinfo
index 3a7b87070d5..cccc3ec08a5 100644
--- a/lang/php5/distinfo
+++ b/lang/php5/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2006/02/06 06:39:59 martti Exp $
+$NetBSD: distinfo,v 1.15 2006/04/14 13:47:29 cube Exp $
 
 SHA1 (php-5.1.2.tar.bz2) = f6acc67c293345ad22065768f3049834cb8a912e
 RMD160 (php-5.1.2.tar.bz2) = 1e21b5ba280b7efc8197802c673bb5d4e9dc9f8e
@@ -8,3 +8,6 @@ SHA1 (patch-ah) = c7cbd4b9ea0796ea3b7491c2cffb6ddddc518587
 SHA1 (patch-aj) = 54812097499c81e5cb0196ab949cc86a4f24a9cc
 SHA1 (patch-ak) = 2d5264d33ebef631d4a2d0cdf8a2ed365bdbeb7e
 SHA1 (patch-ao) = 60fec83647ca5924a38bf4d5e8abb51feba1620e
+SHA1 (patch-ap) = 79bb4da2c98cc5dc43e66d1a7a940b34401b3811
+SHA1 (patch-aq) = 3dede277476e99d927a5333d82ae9096b96e58f7
+SHA1 (patch-ar) = 819b84c4dbb9973159d2c2fe11f77044f6b4d0b9
diff --git a/www/ap-php/Makefile b/www/ap-php/Makefile
index 04183cc3912..35e2e03291c 100644
--- a/www/ap-php/Makefile
+++ b/www/ap-php/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2006/02/05 23:11:17 joerg Exp $
+# $NetBSD: Makefile,v 1.9 2006/04/14 13:47:30 cube Exp $
 #
 
 PKGNAME=		ap-php-${PHP_BASE_VERS}
-PKGREVISION=		5
+PKGREVISION=		6
 COMMENT=		Apache (${PKG_APACHE}) module for ${PKG_PHP}
 
 APACHE_MODULE=		YES
diff --git a/www/php4/Makefile b/www/php4/Makefile
index 43b27618645..d1186b254e2 100644
--- a/www/php4/Makefile
+++ b/www/php4/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.62 2006/03/03 07:11:34 cube Exp $
+# $NetBSD: Makefile,v 1.63 2006/04/14 13:47:30 cube Exp $
 
 PKGNAME=		php-${PHP_BASE_VERS}
+PKGREVISION=		1
 CATEGORIES+=		lang
 COMMENT=		HTML-embedded scripting language
 
diff --git a/www/php4/distinfo b/www/php4/distinfo
index cc1e599a835..d0c3fdb3447 100644
--- a/www/php4/distinfo
+++ b/www/php4/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.51 2006/03/06 15:57:58 cube Exp $
+$NetBSD: distinfo,v 1.52 2006/04/14 13:47:30 cube Exp $
 
 SHA1 (php-4.4.2.tar.bz2) = 88f2e9efff0add8d8e3034d4ce3a948429b88756
 RMD160 (php-4.4.2.tar.bz2) = cbef0fa4e233529422bc0944dcfb79d866013f5e
@@ -13,3 +13,6 @@ SHA1 (patch-ak) = 1f9fbe26c7329e1d18eec053499ee2d574b5b970
 SHA1 (patch-al) = 28ad9006b387e2b9984ad49beea21c9d46e63b46
 SHA1 (patch-ao) = cd30bbff10f1d045c829f72d94304c9dcf202fc6
 SHA1 (patch-ap) = 2f852abd1e9d0f089add18b2eade2831253ad00e
+SHA1 (patch-aq) = 00f410eb61624aee0c68d2fd6802a6be7adb373e
+SHA1 (patch-ar) = 5606c1ec5a7afaeda2e3cc7879cc0caa4f86ca68
+SHA1 (patch-as) = 7987c293d2290aa5e68fba87d0aa759797ace40d