Add patch for pear-MDB2 arbitrary file reading vulnerability (CVE-2007-5934).

author: tonnerre <tonnerre@pkgsrc.org> 2008-07-13 17:55:38 +0000
committer: tonnerre <tonnerre@pkgsrc.org> 2008-07-13 17:55:38 +0000
commit: 50b2e0711b2a23c94baf03d2b15fb49420a0bceb (patch)
tree: dab6c1442be50ff189d326b9daedca7ab45c7f22 /databases/pear-MDB2_Driver_mysql/patches
parent: 2dba49aaaa40a78b9110a41a5d47fedc4955a158 (diff)
download: pkgsrc-50b2e0711b2a23c94baf03d2b15fb49420a0bceb.tar.gz
2 files changed, 25 insertions, 3 deletions
diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-aa b/databases/pear-MDB2_Driver_mysql/patches/patch-aa
index 0cf1356da70..ef0e6242e8c 100644
--- a/databases/pear-MDB2_Driver_mysql/patches/patch-aa
+++ b/databases/pear-MDB2_Driver_mysql/patches/patch-aa
@@ -1,7 +1,16 @@
-$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $
+$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
---- package.xml.orig	2007-05-03 20:05:23.000000000 +0100
-+++ package.xml
+--- ../package.xml.orig	2007-05-03 21:05:23.000000000 +0200
++++ ../package.xml
+@@ -59,7 +59,7 @@ open todo items:
+    <file baseinstalldir="/" md5sum="33df2e21f7c0e5d764adcf82b6294b38" name="MDB2/Driver/Reverse/mysql.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+-   <file baseinstalldir="/" md5sum="de036c07e722213b95a793e2d5db683c" name="MDB2/Driver/mysql.php" role="php">
++   <file baseinstalldir="/" md5sum="c7c3c8ff80d001c9177920a6ee620b74" name="MDB2/Driver/mysql.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+    <file baseinstalldir="/" md5sum="1766c43f50ce08418b524a6047462e4d" name="tests/MDB2_nonstandard_mysql.php" role="test" />
 @@ -79,9 +79,6 @@ open todo items:
      <channel>pear.php.net</channel>
      <min>2.4.1</min>
diff --git a/databases/pear-MDB2_Driver_mysql/patches/patch-ab b/databases/pear-MDB2_Driver_mysql/patches/patch-ab
new file mode 100644
index 00000000000..d4d29b37dc0
--- /dev/null
+++ b/databases/pear-MDB2_Driver_mysql/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2/Driver/mysql.php	2007/05/02 22:00:08	1.182
++++ MDB2/Driver/mysql.php	2007/05/03 22:20:20	1.183
+@@ -1398,7 +1398,7 @@
+                 }
+                 $value = $this->values[$parameter];
+                 $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
+-                if (is_resource($value) || $type == 'clob' || $type == 'blob') {
++                if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->options['lob_allow_url_include']) {
+                     if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) {
+                         if ($match[1] == 'file://') {
+                             $value = $match[2];
author	tonnerre <tonnerre@pkgsrc.org>	2008-07-13 17:55:38 +0000
committer	tonnerre <tonnerre@pkgsrc.org>	2008-07-13 17:55:38 +0000
commit	50b2e0711b2a23c94baf03d2b15fb49420a0bceb (patch)
tree	dab6c1442be50ff189d326b9daedca7ab45c7f22 /databases/pear-MDB2_Driver_mysql/patches
parent	2dba49aaaa40a78b9110a41a5d47fedc4955a158 (diff)
download	pkgsrc-50b2e0711b2a23c94baf03d2b15fb49420a0bceb.tar.gz