diff options
author | tonnerre <tonnerre> | 2008-07-13 17:55:38 +0000 |
---|---|---|
committer | tonnerre <tonnerre> | 2008-07-13 17:55:38 +0000 |
commit | fa2f8aea0980ef0bdd7c686ae5e7852130121b6b (patch) | |
tree | dab6c1442be50ff189d326b9daedca7ab45c7f22 /databases/pear-MDB2_Driver_pgsql/patches | |
parent | 4a0b02bd0508ca3847232af97654229021bbcc90 (diff) | |
download | pkgsrc-fa2f8aea0980ef0bdd7c686ae5e7852130121b6b.tar.gz |
Add patch for pear-MDB2 arbitrary file reading vulnerability (CVE-2007-5934).
Diffstat (limited to 'databases/pear-MDB2_Driver_pgsql/patches')
-rw-r--r-- | databases/pear-MDB2_Driver_pgsql/patches/patch-aa | 15 | ||||
-rw-r--r-- | databases/pear-MDB2_Driver_pgsql/patches/patch-ab | 13 |
2 files changed, 25 insertions, 3 deletions
diff --git a/databases/pear-MDB2_Driver_pgsql/patches/patch-aa b/databases/pear-MDB2_Driver_pgsql/patches/patch-aa index a7346b37770..5c5ddc52ddf 100644 --- a/databases/pear-MDB2_Driver_pgsql/patches/patch-aa +++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-aa @@ -1,7 +1,16 @@ -$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $ +$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $ ---- package.xml.orig 2007-05-03 20:07:38.000000000 +0100 -+++ package.xml +--- ../package.xml.orig 2007-05-03 21:07:38.000000000 +0200 ++++ ../package.xml +@@ -63,7 +63,7 @@ open todo items: + <file baseinstalldir="/" md5sum="4d4cf683f8847cede4f8b298a492f777" name="MDB2/Driver/Reverse/pgsql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> +- <file baseinstalldir="/" md5sum="d995b8777e9a44fd123fd97ae32578f7" name="MDB2/Driver/pgsql.php" role="php"> ++ <file baseinstalldir="/" md5sum="818fd28ff1e7dd933eaccd20f0a264ab" name="MDB2/Driver/pgsql.php" role="php"> + <tasks:replace from="@package_version@" to="version" type="package-info" /> + </file> + <file baseinstalldir="/" md5sum="3e790ed8bf0b3b91ec518cdab9eba271" name="tests/MDB2_nonstandard_pgsql.php" role="test" /> @@ -83,9 +83,6 @@ open todo items: <channel>pear.php.net</channel> <min>2.4.1</min> diff --git a/databases/pear-MDB2_Driver_pgsql/patches/patch-ab b/databases/pear-MDB2_Driver_pgsql/patches/patch-ab new file mode 100644 index 00000000000..9c155b94221 --- /dev/null +++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $ + +--- MDB2/Driver/pgsql.php.orig 2007-05-03 21:07:38.000000000 +0200 ++++ MDB2/Driver/pgsql.php +@@ -1351,7 +1351,7 @@ class MDB2_Statement_pgsql extends MDB2_ + } + $value = $this->values[$parameter]; + $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null; +- if (is_resource($value) || $type == 'clob' || $type == 'blob') { ++ if (is_resource($value) || $type == 'clob' || $type == 'blob' || $this->options['lob_allow_url_include']) { + if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) { + if ($match[1] == 'file://') { + $value = $match[2]; |