Security fix for CVE-2015-7695

ok robert@ (MAINTAINER)
2015-10-26 08:32:52 +00:00 · 2015-10-26 08:32:52 +00:00 · 21935802e1
commit 21935802e1
parent e3035fe1db
3 changed files with 39 additions and 2 deletions
--- a/www/zendframework/Makefile
+++ b/www/zendframework/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.22 2015/06/05 06:00:23 robert Exp $
+# $OpenBSD: Makefile,v 1.23 2015/10/26 08:32:52 jasper Exp $

 COMMENT=		framework for developing PHP web applications

 DISTNAME=		ZendFramework-1.12.9
 PKGNAME=		${DISTNAME:L}
-REVISION=		0
+REVISION=		1

 CATEGORIES=		www devel

--- a/www/zendframework/patches/patch-library_Zend_Db_Adapter_Pdo_Abstract_php
+++ b/www/zendframework/patches/patch-library_Zend_Db_Adapter_Pdo_Abstract_php
@ -0,0 +1,21 @@
+$OpenBSD: patch-library_Zend_Db_Adapter_Pdo_Abstract_php,v 1.1 2015/10/26 08:32:52 jasper Exp $
+
+Security fix for CVE-2015-7695
+https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
+
+--- library/Zend/Db/Adapter/Pdo/Abstract.php.orig	Tue Sep 16 22:47:34 2014
+++ library/Zend/Db/Adapter/Pdo/Abstract.php	Fri Oct 23 16:38:00 2015
+@@ -292,6 +292,8 @@ abstract class Zend_Db_Adapter_Pdo_Abstract extends Ze
+         if (is_int($value) || is_float($value)) {
+             return $value;
+         }
+        // Fix for null-byte injection
+        $value = addcslashes($value, "\000\032");
+         $this->_connect();
+         return $this->_connection->quote($value);
+     }
+@@ -398,4 +400,3 @@ abstract class Zend_Db_Adapter_Pdo_Abstract extends Ze
+         }
+     }
+ }
+-
--- a/www/zendframework/patches/patch-library_Zend_Db_Adapter_Pdo_Mssql_php
+++ b/www/zendframework/patches/patch-library_Zend_Db_Adapter_Pdo_Mssql_php
@ -0,0 +1,16 @@
+$OpenBSD: patch-library_Zend_Db_Adapter_Pdo_Mssql_php,v 1.1 2015/10/26 08:32:52 jasper Exp $
+
+Security fix for CVE-2015-7695
+https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
+
+--- library/Zend/Db/Adapter/Pdo/Mssql.php.orig	Tue Sep 16 22:47:34 2014
+++ library/Zend/Db/Adapter/Pdo/Mssql.php	Fri Oct 23 16:38:00 2015
+@@ -410,7 +410,7 @@ class Zend_Db_Adapter_Pdo_Mssql extends Zend_Db_Adapte
+     public function getServerVersion()
+     {
+         try {
+-            $stmt = $this->query("SELECT SERVERPROPERTY('productversion')");
+            $stmt = $this->query("SELECT CAST(SERVERPROPERTY('productversion') AS VARCHAR)");
+             $result = $stmt->fetchAll(Zend_Db::FETCH_NUM);
+             if (count($result)) {
+                 return $result[0][0];