pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/databases/mysql5-server Add patch from <http://lists.m...
details: https://anonhg.NetBSD.org/pkgsrc/rev/f3962c5bf1e0
branches: trunk
changeset: 543994:f3962c5bf1e0
user: tron <tron%pkgsrc.org@localhost>
date: Tue Jul 01 09:22:59 2008 +0000
description:
Add patch from <http://lists.mysql.com/commits/43206> to fix the
security vulnerability reported in CVE-2008-2079.
diffstat:
databases/mysql5-server/Makefile | 3 +-
databases/mysql5-server/distinfo | 6 +-
databases/mysql5-server/patches/patch-ad | 28 ++++++++-
databases/mysql5-server/patches/patch-da | 12 ++++
databases/mysql5-server/patches/patch-db | 85 ++++++++++++++++++++++++++++++++
5 files changed, 126 insertions(+), 8 deletions(-)
diffs (187 lines):
diff -r 0ca762904d97 -r f3962c5bf1e0 databases/mysql5-server/Makefile
--- a/databases/mysql5-server/Makefile Tue Jul 01 08:34:37 2008 +0000
+++ b/databases/mysql5-server/Makefile Tue Jul 01 09:22:59 2008 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.23 2008/06/30 12:01:47 martti Exp $
+# $NetBSD: Makefile,v 1.24 2008/07/01 09:22:59 tron Exp $
PKGNAME= ${DISTNAME:S/-/-server-/}
+PKGREVISION= 1
SVR4_PKGNAME= mysqs
COMMENT= MySQL 5, a free SQL database (server)
diff -r 0ca762904d97 -r f3962c5bf1e0 databases/mysql5-server/distinfo
--- a/databases/mysql5-server/distinfo Tue Jul 01 08:34:37 2008 +0000
+++ b/databases/mysql5-server/distinfo Tue Jul 01 09:22:59 2008 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.19 2008/06/30 12:01:47 martti Exp $
+$NetBSD: distinfo,v 1.20 2008/07/01 09:22:59 tron Exp $
SHA1 (mysql-5.0.51b.tar.gz) = 3884aed8e974fc397d1e86b0609a740a615dfd98
RMD160 (mysql-5.0.51b.tar.gz) = 759682caa7708f400abd4ea980fe7ebb29cfe99a
Size (mysql-5.0.51b.tar.gz) = 27809240 bytes
SHA1 (patch-aa) = 913ffbbd5ce8496f412d30515fb5ecef23854023
SHA1 (patch-ab) = 7d3ff56e929f93b4843d62014a3f5f37cc1e84bc
-SHA1 (patch-ad) = 2956a12d9a5a053fd5dd380f856475242e8c1199
+SHA1 (patch-ad) = 85772311f995590e5202ca80068fee5274128145
SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71
SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec
SHA1 (patch-ag) = 7c12975196f504c76954bfe92ffff0a98ba63019
@@ -20,3 +20,5 @@
SHA1 (patch-ca) = 1548b047c0767bb0f32e3960218150fbc6c739b5
SHA1 (patch-cb) = 282ba93d296927236eaff690201e0139cdc8fbcb
SHA1 (patch-cc) = ae90cc9787b9f29fcba6a1222e2973f296893bd4
+SHA1 (patch-da) = 7da363a87b84f0c2feb3f5f141a54f22a2b6749a
+SHA1 (patch-db) = 6b9a94bd0ba6667a954bd2459b870e63ec72ecd0
diff -r 0ca762904d97 -r f3962c5bf1e0 databases/mysql5-server/patches/patch-ad
--- a/databases/mysql5-server/patches/patch-ad Tue Jul 01 08:34:37 2008 +0000
+++ b/databases/mysql5-server/patches/patch-ad Tue Jul 01 09:22:59 2008 +0000
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.2 2007/03/11 18:42:49 adam Exp $
+$NetBSD: patch-ad,v 1.3 2008/07/01 09:22:59 tron Exp $
---- sql/mysqld.cc.orig 2007-03-05 20:21:11.000000000 +0100
-+++ sql/mysqld.cc
-@@ -171,7 +171,7 @@ static void getvolumeID(BYTE *volumeName
+--- sql/mysqld.cc.orig 2007-11-15 14:06:16.000000000 +0000
++++ sql/mysqld.cc 2008-06-30 15:54:35.000000000 +0100
+@@ -174,7 +174,7 @@
int initgroups(const char *,unsigned int);
#endif
@@ -11,7 +11,15 @@
#include <ieeefp.h>
#ifdef HAVE_FP_EXCEPT // Fix type conflict
typedef fp_except fp_except_t;
-@@ -3431,7 +3431,7 @@ int main(int argc, char **argv)
+@@ -323,6 +323,7 @@
+ static char *default_collation_name;
+ static char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME;
+ static char mysql_data_home_buff[2];
++char mysql_unpacked_real_data_home[FN_REFLEN];
+ static I_List<THD> thread_cache;
+
+ #ifndef EMBEDDED_LIBRARY
+@@ -3543,7 +3544,7 @@
init_ssl();
#ifdef HAVE_LIBWRAP
@@ -20,3 +28,13 @@
openlog(libwrapName, LOG_PID, LOG_AUTH);
#endif
+@@ -7565,6 +7566,9 @@
+ pos[1]= 0;
+ }
+ convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
++ (void) fn_format(buff, mysql_real_data_home, "", "",
++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++ (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
+ convert_dirname(language,language,NullS);
+ (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
+ (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
diff -r 0ca762904d97 -r f3962c5bf1e0 databases/mysql5-server/patches/patch-da
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql5-server/patches/patch-da Tue Jul 01 09:22:59 2008 +0000
@@ -0,0 +1,12 @@
+$NetBSD: patch-da,v 1.1 2008/07/01 09:22:59 tron Exp $
+
+--- sql/mysql_priv.h.orig 2008-06-30 16:02:02.000000000 +0100
++++ sql/mysql_priv.h 2008-06-30 15:30:15.000000000 +0100
+@@ -1255,6 +1255,7 @@
+ extern time_t server_start_time, flush_status_time;
+ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
+ mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
++ mysql_unpacked_real_data_home[],
+ def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+ #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
+ extern MY_TMPDIR mysql_tmpdir_list;
diff -r 0ca762904d97 -r f3962c5bf1e0 databases/mysql5-server/patches/patch-db
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql5-server/patches/patch-db Tue Jul 01 09:22:59 2008 +0000
@@ -0,0 +1,85 @@
+$NetBSD: patch-db,v 1.1 2008/07/01 09:22:59 tron Exp $
+
+--- sql/sql_parse.cc.orig 2008-06-30 16:02:02.000000000 +0100
++++ sql/sql_parse.cc 2008-06-30 15:56:34.000000000 +0100
+@@ -77,6 +77,8 @@
+ const char *table_name);
+ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
+
++static bool test_if_data_home_dir(const char *dir);
++
+ const char *any_db="*any*"; // Special symbol for check_access
+
+ const char *command_name[]={
+@@ -3001,6 +3003,20 @@
+ "INDEX DIRECTORY option ignored");
+ create_info.data_file_name= create_info.index_file_name= NULL;
+ #else
++
++ if (test_if_data_home_dir(lex->create_info.data_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
++ res= -1;
++ break;
++ }
++ if (test_if_data_home_dir(lex->create_info.index_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
++ res= -1;
++ break;
++ }
++
+ /* Fix names if symlinked tables */
+ if (append_file_to_dir(thd, &create_info.data_file_name,
+ create_table->table_name) ||
+@@ -7717,6 +7733,50 @@
+ return new Item_func_not(expr);
+ }
+
++
++/*
++ Check if path does not contain mysql data home directory
++
++ SYNOPSIS
++ test_if_data_home_dir()
++ dir directory
++ conv_home_dir converted data home directory
++ home_dir_len converted data home directory length
++
++ RETURN VALUES
++ 0 ok
++ 1 error
++*/
++
++static bool test_if_data_home_dir(const char *dir)
++{
++ char path[FN_REFLEN], conv_path[FN_REFLEN];
++ uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
++ DBUG_ENTER("test_if_data_home_dir");
++
++ if (!dir)
++ DBUG_RETURN(0);
++
++ (void) fn_format(path, dir, "", "",
++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++ dir_len= unpack_dirname(conv_path, dir);
++
++ if (home_dir_len <= dir_len)
++ {
++ if (lower_case_file_system)
++ {
++ if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
++ home_dir_len,
++ (const uchar*) mysql_unpacked_real_data_home,
++ home_dir_len))
++ DBUG_RETURN(1);
++ }
++ else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
++ DBUG_RETURN(1);
++ }
++ DBUG_RETURN(0);
++}
++
+ /*
+ Set the specified definer to the default value, which is the current user in
+ the thread.
Home |
Main Index |
Thread Index |
Old Index