pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/databases Add patch for pear-MDB2 arbitrary file readi...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/88a026ca64fe
branches:  trunk
changeset: 544164:88a026ca64fe
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Sun Jul 13 17:55:38 2008 +0000

description:
Add patch for pear-MDB2 arbitrary file reading vulnerability (CVE-2007-5934).

diffstat:

 databases/pear-MDB2/Makefile                      |   3 ++-
 databases/pear-MDB2/distinfo                      |   4 +++-
 databases/pear-MDB2/patches/patch-aa              |  12 ++++++++++++
 databases/pear-MDB2/patches/patch-ab              |  13 +++++++++++++
 databases/pear-MDB2_Driver_mysql/Makefile         |   3 ++-
 databases/pear-MDB2_Driver_mysql/distinfo         |   5 +++--
 databases/pear-MDB2_Driver_mysql/patches/patch-aa |  15 ++++++++++++---
 databases/pear-MDB2_Driver_mysql/patches/patch-ab |  13 +++++++++++++
 databases/pear-MDB2_Driver_pgsql/Makefile         |   3 ++-
 databases/pear-MDB2_Driver_pgsql/distinfo         |   5 +++--
 databases/pear-MDB2_Driver_pgsql/patches/patch-aa |  15 ++++++++++++---
 databases/pear-MDB2_Driver_pgsql/patches/patch-ab |  13 +++++++++++++
 12 files changed, 90 insertions(+), 14 deletions(-)

diffs (187 lines):

diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2/Makefile
--- a/databases/pear-MDB2/Makefile      Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2/Makefile      Sun Jul 13 17:55:38 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $
+# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 DISTNAME=      MDB2-2.4.1
+PKGREVISION=   1
 CATEGORIES=    databases
 
 MAINTAINER=    adrianp%NetBSD.org@localhost
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2/distinfo
--- a/databases/pear-MDB2/distinfo      Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2/distinfo      Sun Jul 13 17:55:38 2008 +0000
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2008/04/30 19:37:34 adrianp Exp $
+$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 SHA1 (pear/MDB2-2.4.1.tgz) = 91e12cc3ae6203db6cf5b6bb42c7befa11777800
 RMD160 (pear/MDB2-2.4.1.tgz) = 2298a0c5963779f7d42f268d79ed607835413e4b
 Size (pear/MDB2-2.4.1.tgz) = 119790 bytes
+SHA1 (patch-aa) = e1ccd0bef185d66b7bfbe66336d3ae5a5b34d2b3
+SHA1 (patch-ab) = 99b150c34cce6566dbbe9e1e2c4c6a241c1145de
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/pear-MDB2/patches/patch-aa      Sun Jul 13 17:55:38 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-aa,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2.php.orig      2007-05-03 20:58:15.000000000 +0200
++++ MDB2.php   2008-07-13 18:44:59.000000000 +0200
+@@ -1156,6 +1156,7 @@
+         'datatype_map' => array(),
+         'datatype_map_callback' => array(),
+         'nativetype_map_callback' => array(),
++        'lob_allow_url_include' => false,
+     );
+ 
+     /**
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/pear-MDB2/patches/patch-ab      Sun Jul 13 17:55:38 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- ../package.xml.orig        2007-05-03 20:58:15.000000000 +0200
++++ ../package.xml
+@@ -241,7 +241,7 @@ open todo items:
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+    <file baseinstalldir="/" md5sum="a5019765abfd14334f25231c61c568ef" name="LICENSE" role="data" />
+-   <file baseinstalldir="/" md5sum="0d4093f6d7db5ec64434116b700e9a82" name="MDB2.php" role="php">
++   <file baseinstalldir="/" md5sum="2d80a7368ca4bd157740d3472cdeab9b" name="MDB2.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+   </dir>
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_mysql/Makefile
--- a/databases/pear-MDB2_Driver_mysql/Makefile Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2_Driver_mysql/Makefile Sun Jul 13 17:55:38 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $
+# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 DISTNAME=      MDB2_Driver_mysql-1.4.1
+PKGREVISION=   1
 CATEGORIES=    databases
 
 MAINTAINER=    adrianp%NetBSD.org@localhost
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_mysql/distinfo
--- a/databases/pear-MDB2_Driver_mysql/distinfo Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2_Driver_mysql/distinfo Sun Jul 13 17:55:38 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $
+$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 SHA1 (pear/MDB2_Driver_mysql-1.4.1.tgz) = edbbc2e5e6074080650c5f6a21b7fe7fb8dededd
 RMD160 (pear/MDB2_Driver_mysql-1.4.1.tgz) = 872f6d4e9a8ba3be37dcafeaf2e5ae38e772e4e3
 Size (pear/MDB2_Driver_mysql-1.4.1.tgz) = 36481 bytes
-SHA1 (patch-aa) = 13ad6842a8635350edf4b82d20ee0bf7e3d3f901
+SHA1 (patch-aa) = a364e57d25e8501123df072016f062d444ca2def
+SHA1 (patch-ab) = 7d67850a37ccfaaadd4b2c260f5b64f664c8a51d
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_mysql/patches/patch-aa
--- a/databases/pear-MDB2_Driver_mysql/patches/patch-aa Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2_Driver_mysql/patches/patch-aa Sun Jul 13 17:55:38 2008 +0000
@@ -1,7 +1,16 @@
-$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:05:16 adrianp Exp $
+$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
---- package.xml.orig   2007-05-03 20:05:23.000000000 +0100
-+++ package.xml
+--- ../package.xml.orig        2007-05-03 21:05:23.000000000 +0200
++++ ../package.xml
+@@ -59,7 +59,7 @@ open todo items:
+    <file baseinstalldir="/" md5sum="33df2e21f7c0e5d764adcf82b6294b38" name="MDB2/Driver/Reverse/mysql.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+-   <file baseinstalldir="/" md5sum="de036c07e722213b95a793e2d5db683c" name="MDB2/Driver/mysql.php" role="php">
++   <file baseinstalldir="/" md5sum="c7c3c8ff80d001c9177920a6ee620b74" name="MDB2/Driver/mysql.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+    <file baseinstalldir="/" md5sum="1766c43f50ce08418b524a6047462e4d" name="tests/MDB2_nonstandard_mysql.php" role="test" />
 @@ -79,9 +79,6 @@ open todo items:
      <channel>pear.php.net</channel>
      <min>2.4.1</min>
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_mysql/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/pear-MDB2_Driver_mysql/patches/patch-ab Sun Jul 13 17:55:38 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2/Driver/mysql.php      2007/05/02 22:00:08     1.182
++++ MDB2/Driver/mysql.php      2007/05/03 22:20:20     1.183
+@@ -1398,7 +1398,7 @@
+                 }
+                 $value = $this->values[$parameter];
+                 $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
+-                if (is_resource($value) || $type == 'clob' || $type == 'blob') {
++                if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->options['lob_allow_url_include']) {
+                     if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) {
+                         if ($match[1] == 'file://') {
+                             $value = $match[2];
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_pgsql/Makefile
--- a/databases/pear-MDB2_Driver_pgsql/Makefile Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2_Driver_pgsql/Makefile Sun Jul 13 17:55:38 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $
+# $NetBSD: Makefile,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 DISTNAME=      MDB2_Driver_pgsql-1.4.1
+PKGREVISION=   1
 CATEGORIES=    databases
 
 MAINTAINER=    adrianp%NetBSD.org@localhost
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_pgsql/distinfo
--- a/databases/pear-MDB2_Driver_pgsql/distinfo Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2_Driver_pgsql/distinfo Sun Jul 13 17:55:38 2008 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $
+$NetBSD: distinfo,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
 SHA1 (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 07a69e5ebd8a0d920ac372f3666b39f2601c2a82
 RMD160 (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 0a102683779d3b8ee38ce7716221fec14ab7c25c
 Size (pear/MDB2_Driver_pgsql-1.4.1.tgz) = 33839 bytes
-SHA1 (patch-aa) = 090e9761c9bb3a23d77458f3dcb7c415868b032f
+SHA1 (patch-aa) = 6099865afba02de82ad9d00508d67d6800684316
+SHA1 (patch-ab) = a9507bf0adc0d7ab50d0e825e0018d27fbf6ecc4
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_pgsql/patches/patch-aa
--- a/databases/pear-MDB2_Driver_pgsql/patches/patch-aa Sun Jul 13 17:31:14 2008 +0000
+++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-aa Sun Jul 13 17:55:38 2008 +0000
@@ -1,7 +1,16 @@
-$NetBSD: patch-aa,v 1.1.1.1 2008/04/30 21:06:04 adrianp Exp $
+$NetBSD: patch-aa,v 1.2 2008/07/13 17:55:38 tonnerre Exp $
 
---- package.xml.orig   2007-05-03 20:07:38.000000000 +0100
-+++ package.xml
+--- ../package.xml.orig        2007-05-03 21:07:38.000000000 +0200
++++ ../package.xml
+@@ -63,7 +63,7 @@ open todo items:
+    <file baseinstalldir="/" md5sum="4d4cf683f8847cede4f8b298a492f777" name="MDB2/Driver/Reverse/pgsql.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+-   <file baseinstalldir="/" md5sum="d995b8777e9a44fd123fd97ae32578f7" name="MDB2/Driver/pgsql.php" role="php">
++   <file baseinstalldir="/" md5sum="818fd28ff1e7dd933eaccd20f0a264ab" name="MDB2/Driver/pgsql.php" role="php">
+     <tasks:replace from="@package_version@" to="version" type="package-info" />
+    </file>
+    <file baseinstalldir="/" md5sum="3e790ed8bf0b3b91ec518cdab9eba271" name="tests/MDB2_nonstandard_pgsql.php" role="test" />
 @@ -83,9 +83,6 @@ open todo items:
      <channel>pear.php.net</channel>
      <min>2.4.1</min>
diff -r 1ea10fe79d2c -r 88a026ca64fe databases/pear-MDB2_Driver_pgsql/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/pear-MDB2_Driver_pgsql/patches/patch-ab Sun Jul 13 17:55:38 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1 2008/07/13 17:55:38 tonnerre Exp $
+
+--- MDB2/Driver/pgsql.php.orig 2007-05-03 21:07:38.000000000 +0200
++++ MDB2/Driver/pgsql.php
+@@ -1351,7 +1351,7 @@ class MDB2_Statement_pgsql extends MDB2_
+                 }
+                 $value = $this->values[$parameter];
+                 $type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
+-                if (is_resource($value) || $type == 'clob' || $type == 'blob') {
++                if (is_resource($value) || $type == 'clob' || $type == 'blob' || $this->options['lob_allow_url_include']) {
+                     if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) {
+                         if ($match[1] == 'file://') {
+                             $value = $match[2];



Home | Main Index | Thread Index | Old Index