summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortonnerre <tonnerre@pkgsrc.org>2008-07-13 17:55:38 +0000
committertonnerre <tonnerre@pkgsrc.org>2008-07-13 17:55:38 +0000
commit50b2e0711b2a23c94baf03d2b15fb49420a0bceb (patch)
treedab6c1442be50ff189d326b9daedca7ab45c7f22
parent2dba49aaaa40a78b9110a41a5d47fedc4955a158 (diff)
downloadpkgsrc-50b2e0711b2a23c94baf03d2b15fb49420a0bceb.tar.gz
Add patch for pear-MDB2 arbitrary file reading vulnerability (CVE-2007-5934).
-rw-r--r--databases/pear-MDB2/Makefile3
-rw-r--r--databases/pear-MDB2/distinfo4
-rw-r--r--databases/pear-MDB2/patches/patch-aa12
-rw-r--r--databases/pear-MDB2/patches/patch-ab13
-rw-r--r--databases/pear-MDB2_Driver_mysql/Makefile3
-rw-r--r--databases/pear-MDB2_Driver_mysql/distinfo5
-rw-r--r--databases/pear-MDB2_Driver_mysql/patches/patch-aa15
-rw-r--r--databases/pear-MDB2_Driver_mysql/patches/patch-ab13
-rw-r--r--databases/pear-MDB2_Driver_pgsql/Makefile3
-rw-r--r--databases/pear-MDB2_Driver_pgsql/distinfo5
-rw-r--r--databases/pear-MDB2_Driver_pgsql/patches/patch-aa15
-rw-r--r--databases/pear-MDB2_Driver_pgsql/patches/patch-ab13
12 files changed, 90 insertions, 14 deletions
diff --git a/databases/pear-MDB2/Makefile b/databases/pear-MDB2/Makefile
index 1f5a434f72e..21c3fe09fa4 100644
--- a/databases/pear-MDB2/Makefile
+++ b/databases/pear-MDB2/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $
+# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
DISTNAME= MDB2-2.4.1
+PKGREVISION= 1
CATEGORIES= databases
MAINTAINER= adrianp@NetBSD.org
diff --git a/databases/pear-MDB2/distinfo b/databases/pear-MDB2/distinfo
index 4deacf6e4b0..cd2280e40ef 100644
--- a/databases/pear-MDB2/distinfo
+++ b/databases/pear-MDB2/distinfo
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $
+$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
SHA1 (pear/MDB2-2.4.1.tgz) = 91e12cc3ae6203db6cf5b6bb42c7befa11777800
RMD160 (pear/MDB2-2.4.1.tgz) = 2298a0c5963779f7d42f268d79ed607835413e4b
Size (pear/MDB2-2.4.1.tgz) = 119790 bytes
+SHA1 (patch-aa) = e1ccd0bef185d66b7bfbe66336d3ae5a5b34d2b3
+SHA1 (patch-ab) = 99b150c34cce6566dbbe9e1e2c4c6a241c1145de
diff --git a/databases/pear-MDB2/patches/patch-aa b/databases/pear-MDB2/patches/patch-aa
new file mode 100644
index 00000000000..989b2d42ce9
--- /dev/null
+++ b/databases/pear-MDB2/patches/patch-aa
@@ -0,0 +1,12 @@
+$NetBSD: patch-aa,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2.php.orig 2007-05-03 20:58:15.000000000 +0200
++++ MDB2.php 2008-07-13 18:44:59.000000000 +0200
+@@ -1156,6 +1156,7 @@
+ 'datatype_map' => array(),
+ 'datatype_map_callback' => array(),
+ 'nativetype_map_callback' => array(),
++ 'lob_allow_url_include' => false,
+ );
+
+ /**
diff --git a/databases/pear-MDB2/patches/patch-ab b/databases/pear-MDB2/patches/patch-ab
new file mode 100644
index 00000000000..cb98842bc00
--- /dev/null
+++ b/databases/pear-MDB2/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- ../package.xml.orig 2007-05-03 20:58:15.000000000 +0200
++++ ../package.xml
+@@ -241,7 +241,7 @@ open todo items:
+ <tasks:replace from="@package_version@" to="version" type="package-info" />
+ </file>
+ <file baseinstalldir="/" md5sum="a5019765abfd14334f25231c61c568ef" name="LICENSE" role="data" />
+- <file baseinstalldir="/" md5sum="0d4093f6d7db5ec64434116b700e9a82" name="MDB2.php" role="php">
++ <file baseinstalldir="/" md5sum="2d80a7368ca4bd157740d3472cdeab9b" name="MDB2.php" role="php">
+ <tasks:replace from="@package_version@" to="version" type="package-info" />
+ </file>
+ </dir>
diff --git a/databases/pear-MDB2_Driver_mysql/Makefile b/databases/pear-MDB2_Driver_mysql/Makefile
index b6c09874c4b..259f2a2e215 100644
--- a/databases/pear-MDB2_Driver_mysql/Makefile
+++ b/databases/pear-MDB2_Driver_mysql/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $
+# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
DISTNAME= MDB2_Driver_mysql-1.4.1
+PKGREVISION= 1
CATEGORIES= databases
MAINTAINER= adrianp@NetBSD.org
diff --git a/databases/pear-MDB2_Driver_mysql/distinfo b/databases/pear-MDB2_Driver_mysql/distinfo
index 693be50242e..6f3f37e831f 100644
--- a/databases/pear-MDB2_Driver_mysql/distinfo
+++ b/databases/pear-MDB2_Driver_mysql/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $
+$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
SHA1 (pear/MDB2_Driver_mysql-1.4.1.tgz) = edbbc2e5e6074080650c5f6a21b7fe7fb8dededd
RMD160 (pear/MDB2_Driver_mysql-1.4.1.tgz) = 872f6d4e9a8ba3be37dcafeaf2e5ae38e772e4e3
Size (pear/MDB2_Driver_mysql-1.4.1.tgz) = 36481 bytes
-SHA1 (patch-aa) = 13ad6842a8635350edf4b82d20ee0bf7e3d3f901
+SHA1 (patch-aa) = a364e57d25e8501123df072016f062d444ca2def
+SHA1 (patch-ab) = 7d67850a37ccfaaadd4b2c260f5b64f664c8a51d
diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-aa b/databases/pear-MDB2_Driver_mysql/patches/patch-aa
index 0cf1356da70..ef0e6242e8c 100644
--- a/databases/pear-MDB2_Driver_mysql/patches/patch-aa
+++ b/databases/pear-MDB2_Driver_mysql/patches/patch-aa
@@ -1,7 +1,16 @@
-$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $
+$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
---- package.xml.orig 2007-05-03 20:05:23.000000000 +0100
-+++ package.xml
+--- ../package.xml.orig 2007-05-03 21:05:23.000000000 +0200
++++ ../package.xml
+@@ -59,7 +59,7 @@ open todo items:
+ <file baseinstalldir="/" md5sum="33df2e21f7c0e5d764adcf82b6294b38" name="MDB2/Driver/Reverse/mysql.php" role="php">
+ <tasks:replace from="@package_version@" to="version" type="package-info" />
+ </file>
+- <file baseinstalldir="/" md5sum="de036c07e722213b95a793e2d5db683c" name="MDB2/Driver/mysql.php" role="php">
++ <file baseinstalldir="/" md5sum="c7c3c8ff80d001c9177920a6ee620b74" name="MDB2/Driver/mysql.php" role="php">
+ <tasks:replace from="@package_version@" to="version" type="package-info" />
+ </file>
+ <file baseinstalldir="/" md5sum="1766c43f50ce08418b524a6047462e4d" name="tests/MDB2_nonstandard_mysql.php" role="test" />
@@ -79,9 +79,6 @@ open todo items:
<channel>pear.php.net</channel>
<min>2.4.1</min>
diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-ab b/databases/pear-MDB2_Driver_mysql/patches/patch-ab
new file mode 100644
index 00000000000..d4d29b37dc0
--- /dev/null
+++ b/databases/pear-MDB2_Driver_mysql/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2/Driver/mysql.php 2007/05/02 22:00:08 1.182
++++ MDB2/Driver/mysql.php 2007/05/03 22:20:20 1.183
+@@ -1398,7 +1398,7 @@
+ }
+ $value = $this->values[$parameter];
+ $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
+- if (is_resource($value) || $type == 'clob' || $type == 'blob') {
++ if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->options['lob_allow_url_include']) {
+ if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) {
+ if ($match[1] == 'file://') {
+ $value = $match[2];
diff --git a/databases/pear-MDB2_Driver_pgsql/Makefile b/databases/pear-MDB2_Driver_pgsql/Makefile
index 9f73a592967..7fadc5e095d 100644
--- a/databases/pear-MDB2_Driver_pgsql/Makefile
+++ b/databases/pear-MDB2_Driver_pgsql/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $
+# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
DISTNAME= MDB2_Driver_pgsql-1.4.1
+PKGREVISION= 1
CATEGORIES= databases
MAINTAINER= adrianp@NetBSD.org
diff --git a/databases/pear-MDB2_Driver_pgsql/distinfo b/databases/pear-MDB2_Driver_pgsql/distinfo
index 75667ad30fa..d7ced35bcf1 100644
--- a/databases/pear-MDB2_Driver_pgsql/distinfo
+++ b/databases/pear-MDB2_Driver_pgsql/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $
+$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
SHA1 (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 07a69e5ebd8a0d920ac372f3666b39f2601c2a82
RMD160 (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 0a102683779d3b8ee38ce7716221fec14ab7c25c
Size (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 33839 bytes
-SHA1 (patch-aa) = 090e9761c9bb3a23d77458f3dcb7c415868b032f
+SHA1 (patch-aa) = 6099865afba02de82ad9d00508d67d6800684316
+SHA1 (patch-ab) = a9507bf0adc0d7ab50d0e825e0018d27fbf6ecc4
diff --git a/databases/pear-MDB2_Driver_pgsql/patches/patch-aa b/databases/pear-MDB2_Driver_pgsql/patches/patch-aa
index a7346b37770..5c5ddc52ddf 100644
--- a/databases/pear-MDB2_Driver_pgsql/patches/patch-aa
+++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-aa
@@ -1,7 +1,16 @@
-$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $
+$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
---- package.xml.orig 2007-05-03 20:07:38.000000000 +0100
-+++ package.xml
+--- ../package.xml.orig 2007-05-03 21:07:38.000000000 +0200
++++ ../package.xml
+@@ -63,7 +63,7 @@ open todo items:
+ <file baseinstalldir="/" md5sum="4d4cf683f8847cede4f8b298a492f777" name="MDB2/Driver/Reverse/pgsql.php" role="php">
+ <tasks:replace from="@package_version@" to="version" type="package-info" />
+ </file>
+- <file baseinstalldir="/" md5sum="d995b8777e9a44fd123fd97ae32578f7" name="MDB2/Driver/pgsql.php" role="php">
++ <file baseinstalldir="/" md5sum="818fd28ff1e7dd933eaccd20f0a264ab" name="MDB2/Driver/pgsql.php" role="php">
+ <tasks:replace from="@package_version@" to="version" type="package-info" />
+ </file>
+ <file baseinstalldir="/" md5sum="3e790ed8bf0b3b91ec518cdab9eba271" name="tests/MDB2_nonstandard_pgsql.php" role="test" />
@@ -83,9 +83,6 @@ open todo items:
<channel>pear.php.net</channel>
<min>2.4.1</min>
diff --git a/databases/pear-MDB2_Driver_pgsql/patches/patch-ab b/databases/pear-MDB2_Driver_pgsql/patches/patch-ab
new file mode 100644
index 00000000000..9c155b94221
--- /dev/null
+++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2/Driver/pgsql.php.orig 2007-05-03 21:07:38.000000000 +0200
++++ MDB2/Driver/pgsql.php
+@@ -1351,7 +1351,7 @@ class MDB2_Statement_pgsql extends MDB2_
+ }
+ $value = $this->values[$parameter];
+ $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
+- if (is_resource($value) || $type == 'clob' || $type == 'blob') {
++ if (is_resource($value) || $type == 'clob' || $type == 'blob' || $this->options['lob_allow_url_include']) {
+ if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) {
+ if ($match[1] == 'file://') {
+ $value = $match[2];