diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 17:55:38 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 17:55:38 +0000 |
commit | 50b2e0711b2a23c94baf03d2b15fb49420a0bceb (patch) | |
tree | dab6c1442be50ff189d326b9daedca7ab45c7f22 | |
parent | 2dba49aaaa40a78b9110a41a5d47fedc4955a158 (diff) | |
download | pkgsrc-50b2e0711b2a23c94baf03d2b15fb49420a0bceb.tar.gz |
Add patch for pear-MDB2 arbitrary file reading vulnerability (CVE-2007-5934).
-rw-r--r-- | databases/pear-MDB2/Makefile | 3 | ||||
-rw-r--r-- | databases/pear-MDB2/distinfo | 4 | ||||
-rw-r--r-- | databases/pear-MDB2/patches/patch-aa | 12 | ||||
-rw-r--r-- | databases/pear-MDB2/patches/patch-ab | 13 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_mysql/Makefile | 3 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_mysql/distinfo | 5 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_mysql/patches/patch-aa | 15 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_mysql/patches/patch-ab | 13 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_pgsql/Makefile | 3 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_pgsql/distinfo | 5 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_pgsql/patches/patch-aa | 15 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_pgsql/patches/patch-ab | 13 |
12 files changed, 90 insertions, 14 deletions
diff --git a/databases/pear-MDB2/Makefile b/databases/pear-MDB2/Makefile index 1f5a434f72e..21c3fe09fa4 100644 --- a/databases/pear-MDB2/Makefile +++ b/databases/pear-MDB2/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $ +# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ DISTNAME= MDB2-2.4.1 +PKGREVISION= 1 CATEGORIES= databases MAINTAINER= adrianp@NetBSD.org diff --git a/databases/pear-MDB2/distinfo b/databases/pear-MDB2/distinfo index 4deacf6e4b0..cd2280e40ef 100644 --- a/databases/pear-MDB2/distinfo +++ b/databases/pear-MDB2/distinfo @@ -1,5 +1,7 @@ -$NetBSD: distinfo,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $ +$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ SHA1 (pear/MDB2-2.4.1.tgz) = 91e12cc3ae6203db6cf5b6bb42c7befa11777800 RMD160 (pear/MDB2-2.4.1.tgz) = 2298a0c5963779f7d42f268d79ed607835413e4b Size (pear/MDB2-2.4.1.tgz) = 119790 bytes +SHA1 (patch-aa) = e1ccd0bef185d66b7bfbe66336d3ae5a5b34d2b3 +SHA1 (patch-ab) = 99b150c34cce6566dbbe9e1e2c4c6a241c1145de diff --git a/databases/pear-MDB2/patches/patch-aa b/databases/pear-MDB2/patches/patch-aa new file mode 100644 index 00000000000..989b2d42ce9 --- /dev/null +++ b/databases/pear-MDB2/patches/patch-aa @@ -0,0 +1,12 @@ +$NetBSD: patch-aa,v 1.1 2008/07/13 17:55:38 tonnerre Exp $ + +--- MDB2.php.orig 2007-05-03 20:58:15.000000000 +0200 ++++ MDB2.php 2008-07-13 18:44:59.000000000 +0200 +@@ -1156,6 +1156,7 @@ + 'datatype_map' => array(), + 'datatype_map_callback' => array(), + 'nativetype_map_callback' => array(), ++ 'lob_allow_url_include' => false, + ); + + /** diff --git a/databases/pear-MDB2/patches/patch-ab b/databases/pear-MDB2/patches/patch-ab new file mode 100644 index 00000000000..cb98842bc00 --- /dev/null +++ b/databases/pear-MDB2/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $ + +--- ../package.xml.orig 2007-05-03 20:58:15.000000000 +0200 ++++ ../package.xml +@@ -241,7 +241,7 @@ open todo items: + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> + <file baseinstalldir="/" md5sum="a5019765abfd14334f25231c61c568ef" name="LICENSE" role="data" /> +- <file baseinstalldir="/" md5sum="0d4093f6d7db5ec64434116b700e9a82" name="MDB2.php" role="php"> ++ <file baseinstalldir="/" md5sum="2d80a7368ca4bd157740d3472cdeab9b" name="MDB2.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> + </dir> diff --git a/databases/pear-MDB2_Driver_mysql/Makefile b/databases/pear-MDB2_Driver_mysql/Makefile index b6c09874c4b..259f2a2e215 100644 --- a/databases/pear-MDB2_Driver_mysql/Makefile +++ b/databases/pear-MDB2_Driver_mysql/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $ +# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ DISTNAME= MDB2_Driver_mysql-1.4.1 +PKGREVISION= 1 CATEGORIES= databases MAINTAINER= adrianp@NetBSD.org diff --git a/databases/pear-MDB2_Driver_mysql/distinfo b/databases/pear-MDB2_Driver_mysql/distinfo index 693be50242e..6f3f37e831f 100644 --- a/databases/pear-MDB2_Driver_mysql/distinfo +++ b/databases/pear-MDB2_Driver_mysql/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $ +$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ SHA1 (pear/MDB2_Driver_mysql-1.4.1.tgz) = edbbc2e5e6074080650c5f6a21b7fe7fb8dededd RMD160 (pear/MDB2_Driver_mysql-1.4.1.tgz) = 872f6d4e9a8ba3be37dcafeaf2e5ae38e772e4e3 Size (pear/MDB2_Driver_mysql-1.4.1.tgz) = 36481 bytes -SHA1 (patch-aa) = 13ad6842a8635350edf4b82d20ee0bf7e3d3f901 +SHA1 (patch-aa) = a364e57d25e8501123df072016f062d444ca2def +SHA1 (patch-ab) = 7d67850a37ccfaaadd4b2c260f5b64f664c8a51d diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-aa b/databases/pear-MDB2_Driver_mysql/patches/patch-aa index 0cf1356da70..ef0e6242e8c 100644 --- a/databases/pear-MDB2_Driver_mysql/patches/patch-aa +++ b/databases/pear-MDB2_Driver_mysql/patches/patch-aa @@ -1,7 +1,16 @@ -$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $ +$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ ---- package.xml.orig 2007-05-03 20:05:23.000000000 +0100 -+++ package.xml +--- ../package.xml.orig 2007-05-03 21:05:23.000000000 +0200 ++++ ../package.xml +@@ -59,7 +59,7 @@ open todo items: + <file baseinstalldir="/" md5sum="33df2e21f7c0e5d764adcf82b6294b38" name="MDB2/Driver/Reverse/mysql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> +- <file baseinstalldir="/" md5sum="de036c07e722213b95a793e2d5db683c" name="MDB2/Driver/mysql.php" role="php"> ++ <file baseinstalldir="/" md5sum="c7c3c8ff80d001c9177920a6ee620b74" name="MDB2/Driver/mysql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> + <file baseinstalldir="/" md5sum="1766c43f50ce08418b524a6047462e4d" name="tests/MDB2_nonstandard_mysql.php" role="test" /> @@ -79,9 +79,6 @@ open todo items: <channel>pear.php.net</channel> <min>2.4.1</min> diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-ab b/databases/pear-MDB2_Driver_mysql/patches/patch-ab new file mode 100644 index 00000000000..d4d29b37dc0 --- /dev/null +++ b/databases/pear-MDB2_Driver_mysql/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $ + +--- MDB2/Driver/mysql.php 2007/05/02 22:00:08 1.182 ++++ MDB2/Driver/mysql.php 2007/05/03 22:20:20 1.183 +@@ -1398,7 +1398,7 @@ + } + $value = $this->values[$parameter]; + $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null; +- if (is_resource($value) || $type == 'clob' || $type == 'blob') { ++ if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->options['lob_allow_url_include']) { + if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) { + if ($match[1] == 'file://') { + $value = $match[2]; diff --git a/databases/pear-MDB2_Driver_pgsql/Makefile b/databases/pear-MDB2_Driver_pgsql/Makefile index 9f73a592967..7fadc5e095d 100644 --- a/databases/pear-MDB2_Driver_pgsql/Makefile +++ b/databases/pear-MDB2_Driver_pgsql/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $ +# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ DISTNAME= MDB2_Driver_pgsql-1.4.1 +PKGREVISION= 1 CATEGORIES= databases MAINTAINER= adrianp@NetBSD.org diff --git a/databases/pear-MDB2_Driver_pgsql/distinfo b/databases/pear-MDB2_Driver_pgsql/distinfo index 75667ad30fa..d7ced35bcf1 100644 --- a/databases/pear-MDB2_Driver_pgsql/distinfo +++ b/databases/pear-MDB2_Driver_pgsql/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $ +$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ SHA1 (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 07a69e5ebd8a0d920ac372f3666b39f2601c2a82 RMD160 (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 0a102683779d3b8ee38ce7716221fec14ab7c25c Size (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 33839 bytes -SHA1 (patch-aa) = 090e9761c9bb3a23d77458f3dcb7c415868b032f +SHA1 (patch-aa) = 6099865afba02de82ad9d00508d67d6800684316 +SHA1 (patch-ab) = a9507bf0adc0d7ab50d0e825e0018d27fbf6ecc4 diff --git a/databases/pear-MDB2_Driver_pgsql/patches/patch-aa b/databases/pear-MDB2_Driver_pgsql/patches/patch-aa index a7346b37770..5c5ddc52ddf 100644 --- a/databases/pear-MDB2_Driver_pgsql/patches/patch-aa +++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-aa @@ -1,7 +1,16 @@ -$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $ +$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ ---- package.xml.orig 2007-05-03 20:07:38.000000000 +0100 -+++ package.xml +--- ../package.xml.orig 2007-05-03 21:07:38.000000000 +0200 ++++ ../package.xml +@@ -63,7 +63,7 @@ open todo items: + <file baseinstalldir="/" md5sum="4d4cf683f8847cede4f8b298a492f777" name="MDB2/Driver/Reverse/pgsql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> +- <file baseinstalldir="/" md5sum="d995b8777e9a44fd123fd97ae32578f7" name="MDB2/Driver/pgsql.php" role="php"> ++ <file baseinstalldir="/" md5sum="818fd28ff1e7dd933eaccd20f0a264ab" name="MDB2/Driver/pgsql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> + <file baseinstalldir="/" md5sum="3e790ed8bf0b3b91ec518cdab9eba271" name="tests/MDB2_nonstandard_pgsql.php" role="test" /> @@ -83,9 +83,6 @@ open todo items: <channel>pear.php.net</channel> <min>2.4.1</min> diff --git a/databases/pear-MDB2_Driver_pgsql/patches/patch-ab b/databases/pear-MDB2_Driver_pgsql/patches/patch-ab new file mode 100644 index 00000000000..9c155b94221 --- /dev/null +++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $ + +--- MDB2/Driver/pgsql.php.orig 2007-05-03 21:07:38.000000000 +0200 ++++ MDB2/Driver/pgsql.php +@@ -1351,7 +1351,7 @@ class MDB2_Statement_pgsql extends MDB2_ + } + $value = $this->values[$parameter]; + $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null; +- if (is_resource($value) || $type == 'clob' || $type == 'blob') { ++ if (is_resource($value) || $type == 'clob' || $type == 'blob' || $this->options['lob_allow_url_include']) { + if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) { + if ($match[1] == 'file://') { + $value = $match[2]; |