diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 17:55:38 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-13 17:55:38 +0000 |
commit | 50b2e0711b2a23c94baf03d2b15fb49420a0bceb (patch) | |
tree | dab6c1442be50ff189d326b9daedca7ab45c7f22 /databases/pear-MDB2_Driver_mysql/patches | |
parent | 2dba49aaaa40a78b9110a41a5d47fedc4955a158 (diff) | |
download | pkgsrc-50b2e0711b2a23c94baf03d2b15fb49420a0bceb.tar.gz |
Add patch for pear-MDB2 arbitrary file reading vulnerability (CVE-2007-5934).
Diffstat (limited to 'databases/pear-MDB2_Driver_mysql/patches')
-rw-r--r-- | databases/pear-MDB2_Driver_mysql/patches/patch-aa | 15 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_mysql/patches/patch-ab | 13 |
2 files changed, 25 insertions, 3 deletions
diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-aa b/databases/pear-MDB2_Driver_mysql/patches/patch-aa index 0cf1356da70..ef0e6242e8c 100644 --- a/databases/pear-MDB2_Driver_mysql/patches/patch-aa +++ b/databases/pear-MDB2_Driver_mysql/patches/patch-aa @@ -1,7 +1,16 @@ -$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $ +$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ ---- package.xml.orig 2007-05-03 20:05:23.000000000 +0100 -+++ package.xml +--- ../package.xml.orig 2007-05-03 21:05:23.000000000 +0200 ++++ ../package.xml +@@ -59,7 +59,7 @@ open todo items: + <file baseinstalldir="/" md5sum="33df2e21f7c0e5d764adcf82b6294b38" name="MDB2/Driver/Reverse/mysql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> +- <file baseinstalldir="/" md5sum="de036c07e722213b95a793e2d5db683c" name="MDB2/Driver/mysql.php" role="php"> ++ <file baseinstalldir="/" md5sum="c7c3c8ff80d001c9177920a6ee620b74" name="MDB2/Driver/mysql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> + <file baseinstalldir="/" md5sum="1766c43f50ce08418b524a6047462e4d" name="tests/MDB2_nonstandard_mysql.php" role="test" /> @@ -79,9 +79,6 @@ open todo items: <channel>pear.php.net</channel> <min>2.4.1</min> diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-ab b/databases/pear-MDB2_Driver_mysql/patches/patch-ab new file mode 100644 index 00000000000..d4d29b37dc0 --- /dev/null +++ b/databases/pear-MDB2_Driver_mysql/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $ + +--- MDB2/Driver/mysql.php 2007/05/02 22:00:08 1.182 ++++ MDB2/Driver/mysql.php 2007/05/03 22:20:20 1.183 +@@ -1398,7 +1398,7 @@ + } + $value = $this->values[$parameter]; + $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null; +- if (is_resource($value) || $type == 'clob' || $type == 'blob') { ++ if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->options['lob_allow_url_include']) { + if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) { + if ($match[1] == 'file://') { + $value = $match[2]; |