rpms/php-pear-MDB2-Driver-mysqli/F-7 php-pear-MDB2-Driver-mysqli-1.4.1-lob.patch, NONE, 1.1 php-pear-MDB2-Driver-mysqli.spec, 1.1, 1.2
Lubomir Kundrak (lkundrak)
fedora-extras-commits at redhat.com
Wed Nov 14 07:56:13 UTC 2007
Author: lkundrak
Update of /cvs/pkgs/rpms/php-pear-MDB2-Driver-mysqli/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2110/F-7
Modified Files:
php-pear-MDB2-Driver-mysqli.spec
Added Files:
php-pear-MDB2-Driver-mysqli-1.4.1-lob.patch
Log Message:
Add fix for CVE-2007-5934 MDB2 Data injection and disclosure
php-pear-MDB2-Driver-mysqli-1.4.1-lob.patch:
--- NEW FILE php-pear-MDB2-Driver-mysqli-1.4.1-lob.patch ---
Patch for CVE-2007-5934 MDB2 Data injection and disclosure
from http://marc.info/?l=pear-cvs&m=117823082829114&q=raw
--- pear/MDB2/Driver/mysqli.php.lob 2007-11-14 08:01:40.000000000 +0100
+++ pear/MDB2/Driver/mysqli.php 2007-11-14 08:02:12.000000000 +0100
@@ -43,7 +43,7 @@
// | Author: Lukas Smith <smith at pooteeweet.org> |
// +----------------------------------------------------------------------+
//
-// $Id: mysqli.php,v 1.162 2007/05/02 22:00:08 quipo Exp $
+// $Id: mysqli.php,v 1.163 2007/05/03 22:20:20 davidc Exp $
//
/**
@@ -1476,7 +1476,7 @@ class MDB2_Statement_mysqli extends MDB2
$value = $this->values[$parameter];
$type = array_key_exists($parameter, $this->types) ? $this->types[$parameter] : null;
if (!is_object($this->statement)) {
- if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+ if (is_resource($value) || $type == 'clob' || $type == 'blob' && $this->options['lob_allow_url_include']) {
if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', $value, $match)) {
if ($match[1] == 'file://') {
$value = $match[2];
@@ -1628,4 +1628,4 @@ class MDB2_Statement_mysqli extends MDB2
return $result;
}
}
-?>
\ No newline at end of file
+?>
Index: php-pear-MDB2-Driver-mysqli.spec
===================================================================
RCS file: /cvs/pkgs/rpms/php-pear-MDB2-Driver-mysqli/F-7/php-pear-MDB2-Driver-mysqli.spec,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- php-pear-MDB2-Driver-mysqli.spec 25 Sep 2007 04:39:50 -0000 1.1
+++ php-pear-MDB2-Driver-mysqli.spec 14 Nov 2007 07:55:39 -0000 1.2
@@ -3,13 +3,14 @@
Name: php-pear-MDB2-Driver-mysqli
Version: 1.4.1
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: MySQL Improved MDB2 driver
Group: Development/Libraries
License: BSD
URL: http://pear.php.net/package/MDB2_Driver_mysqli
Source0: http://pear.php.net/get/%{pear_name}-%{version}.tgz
+Patch0: php-pear-MDB2-Driver-mysqli-1.4.1-lob.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
@@ -48,6 +49,12 @@
install -d $RPM_BUILD_ROOT%{pear_xmldir}
install -pm 644 %{pear_name}.xml $RPM_BUILD_ROOT%{pear_xmldir}
+# Add LOB security patch (bz #379081)
+# Must be patched manually after install
+pushd $RPM_BUILD_ROOT%{pear_phpdir}
+patch -p1 < %{PATCH0}
+popd
+
%clean
rm -rf $RPM_BUILD_ROOT
@@ -74,7 +81,11 @@
%changelog
+* Wed Nov 14 2007 Lubomir Kundrak <lkundrak at redhat.com> 1.4.1-3
+- Add fix for CVE-2007-5934 MDB2 Data injection and disclosure
+
* Sat Sep 22 2007 Johan Cwiklinski <johan AT x-tnd DOT be> 1.4.1-2
- Requires MDB2 2.4.1 or newer
+
* Sun Sep 02 2007 Johan Cwiklinski <johan AT x-tnd DOT be> 1.4.1-1
- Initial Release
More information about the fedora-extras-commits
mailing list