Add patch for pear-MDB2 arbitrary file reading vulnerability (CVE-2007-5934).

author: tonnerre <tonnerre> 2008-07-13 17:55:38 +0000
committer: tonnerre <tonnerre> 2008-07-13 17:55:38 +0000
commit: 9829f2525024ed0fc749e62d3baf0be02e35204c (patch)
tree: dab6c1442be50ff189d326b9daedca7ab45c7f22 /databases/pear-MDB2
parent: 79aca42863076c98c27887c0bf5d6dd876208301 (diff)
download: pkgsrc-9829f2525024ed0fc749e62d3baf0be02e35204c.tar.gz
4 files changed, 30 insertions, 2 deletions
diff --git a/databases/pear-MDB2/Makefile b/databases/pear-MDB2/Makefile
index 1f5a434f72e..21c3fe09fa4 100644
--- a/databases/pear-MDB2/Makefile
+++ b/databases/pear-MDB2/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $
+# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 DISTNAME=	MDB2-2.4.1
+PKGREVISION=	1
 CATEGORIES=	databases
 
 MAINTAINER=	adrianp@NetBSD.org
diff --git a/databases/pear-MDB2/distinfo b/databases/pear-MDB2/distinfo
index 4deacf6e4b0..cd2280e40ef 100644
--- a/databases/pear-MDB2/distinfo
+++ b/databases/pear-MDB2/distinfo
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $
+$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 SHA1 (pear/MDB2-2.4.1.tgz) = 91e12cc3ae6203db6cf5b6bb42c7befa11777800
 RMD160 (pear/MDB2-2.4.1.tgz) = 2298a0c5963779f7d42f268d79ed607835413e4b
 Size (pear/MDB2-2.4.1.tgz) = 119790 bytes
+SHA1 (patch-aa) = e1ccd0bef185d66b7bfbe66336d3ae5a5b34d2b3
+SHA1 (patch-ab) = 99b150c34cce6566dbbe9e1e2c4c6a241c1145de
diff --git a/databases/pear-MDB2/patches/patch-aa b/databases/pear-MDB2/patches/patch-aa
new file mode 100644
index 00000000000..989b2d42ce9
--- /dev/null
+++ b/databases/pear-MDB2/patches/patch-aa
@@ -0,0 +1,12 @@
+$NetBSD: patch-aa,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2.php.orig	2007-05-03 20:58:15.000000000 +0200
++++ MDB2.php	2008-07-13 18:44:59.000000000 +0200
+@@ -1156,6 +1156,7 @@
+         'datatype_map' => array(),
+         'datatype_map_callback' => array(),
+         'nativetype_map_callback' => array(),
++        'lob_allow_url_include' => false,
+     );
+ 
+     /**
diff --git a/databases/pear-MDB2/patches/patch-ab b/databases/pear-MDB2/patches/patch-ab
new file mode 100644
index 00000000000..cb98842bc00
--- /dev/null
+++ b/databases/pear-MDB2/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- ../package.xml.orig	2007-05-03 20:58:15.000000000 +0200
++++ ../package.xml
+@@ -241,7 +241,7 @@ open todo items:
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+    <file baseinstalldir="/" md5sum="a5019765abfd14334f25231c61c568ef" name="LICENSE" role="data" />
+-   <file baseinstalldir="/" md5sum="0d4093f6d7db5ec64434116b700e9a82" name="MDB2.php" role="php">
++   <file baseinstalldir="/" md5sum="2d80a7368ca4bd157740d3472cdeab9b" name="MDB2.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+   </dir>
author	tonnerre <tonnerre>	2008-07-13 17:55:38 +0000
committer	tonnerre <tonnerre>	2008-07-13 17:55:38 +0000
commit	9829f2525024ed0fc749e62d3baf0be02e35204c (patch)
tree	dab6c1442be50ff189d326b9daedca7ab45c7f22 /databases/pear-MDB2
parent	79aca42863076c98c27887c0bf5d6dd876208301 (diff)
download	pkgsrc-9829f2525024ed0fc749e62d3baf0be02e35204c.tar.gz