pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/databases/mysql4-client Apply patch from MySQL BitKeep...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/e56191264fbf
branches:  trunk
changeset: 487796:e56191264fbf
user:      xtraeme <xtraeme%pkgsrc.org@localhost>
date:      Thu Jan 20 13:37:48 2005 +0000

description:
Apply patch from MySQL BitKeeper repository to fix the symlink
vulnerability in the mysqlaccess script.

Bump PKGREVISION and BUILDLINK_RECOMMENDED.

diffstat:

 databases/mysql4-client/Makefile         |   4 +-
 databases/mysql4-client/Makefile.common  |   3 +-
 databases/mysql4-client/buildlink3.mk    |   3 +-
 databases/mysql4-client/distinfo         |   3 +-
 databases/mysql4-client/patches/patch-az |  95 ++++++++++++++++++++++++++++++++
 5 files changed, 102 insertions(+), 6 deletions(-)

diffs (160 lines):

diff -r 76346ec0b88c -r e56191264fbf databases/mysql4-client/Makefile
--- a/databases/mysql4-client/Makefile  Thu Jan 20 12:59:11 2005 +0000
+++ b/databases/mysql4-client/Makefile  Thu Jan 20 13:37:48 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2005/01/10 15:47:18 xtraeme Exp $
+# $NetBSD: Makefile,v 1.20 2005/01/20 13:37:48 xtraeme Exp $
 
 PKGNAME=               ${DISTNAME:S/-/-client-/}
-#PKGREVISION=          1
+PKGREVISION=           1
 SVR4_PKGNAME=          mysqc
 COMMENT=               MySQL 4, a free SQL database (client)
 
diff -r 76346ec0b88c -r e56191264fbf databases/mysql4-client/Makefile.common
--- a/databases/mysql4-client/Makefile.common   Thu Jan 20 12:59:11 2005 +0000
+++ b/databases/mysql4-client/Makefile.common   Thu Jan 20 13:37:48 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.common,v 1.29 2005/01/17 14:42:35 xtraeme Exp $
+# $NetBSD: Makefile.common,v 1.30 2005/01/20 13:37:48 xtraeme Exp $
 
 DISTNAME=              mysql-4.1.9
 CATEGORIES=            databases
@@ -51,7 +51,6 @@
 CONFIGURE_ARGS+=       --with-low-memory
 CONFIGURE_ARGS+=       --with-openssl=${BUILDLINK_PREFIX.openssl}
 CONFIGURE_ARGS+=       --with-vio
-CONFIGURE_ARGS+=       --without-mysqlfs
 
 CONFIGURE_ARGS+=       --with-charset=${MYSQL_CHARSET}
 CONFIGURE_ARGS+=       --with-extra-charsets=${MYSQL_EXTRA_CHARSET}
diff -r 76346ec0b88c -r e56191264fbf databases/mysql4-client/buildlink3.mk
--- a/databases/mysql4-client/buildlink3.mk     Thu Jan 20 12:59:11 2005 +0000
+++ b/databases/mysql4-client/buildlink3.mk     Thu Jan 20 13:37:48 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.8 2004/11/16 21:48:38 tron Exp $
+# $NetBSD: buildlink3.mk,v 1.9 2005/01/20 13:37:48 xtraeme Exp $
 
 BUILDLINK_DEPTH:=              ${BUILDLINK_DEPTH}+
 MYSQL_CLIENT_BUILDLINK3_MK:=   ${MYSQL_CLIENT_BUILDLINK3_MK}+
@@ -12,6 +12,7 @@
 
 .if !empty(MYSQL_CLIENT_BUILDLINK3_MK:M+)
 BUILDLINK_DEPENDS.mysql-client+=       mysql-client>=4.1.7
+BUILDLINK_RECOMMENDED.mysql-client+=   mysql-client>=4.1.9nb1
 BUILDLINK_PKGSRCDIR.mysql-client?=     ../../databases/mysql4-client
 BUILDLINK_LIBDIRS.mysql-client?=       lib/mysql
 .endif # MYSQL_CLIENT_BUILDLINK3_MK
diff -r 76346ec0b88c -r e56191264fbf databases/mysql4-client/distinfo
--- a/databases/mysql4-client/distinfo  Thu Jan 20 12:59:11 2005 +0000
+++ b/databases/mysql4-client/distinfo  Thu Jan 20 13:37:48 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2005/01/17 14:42:35 xtraeme Exp $
+$NetBSD: distinfo,v 1.14 2005/01/20 13:37:48 xtraeme Exp $
 
 SHA1 (mysql-4.1.9.tar.gz) = e526f301704f8fca7c7e9f42d368ffa1fef2a152
 Size (mysql-4.1.9.tar.gz) = 22308321 bytes
@@ -8,3 +8,4 @@
 SHA1 (patch-aw) = cd03eb6c81a932186370e9ed248d0c7886b7286d
 SHA1 (patch-ax) = 9e9176468d6d335617862a4d77a358931d7c8c49
 SHA1 (patch-ay) = 9b1dfa213491d8daf82ff8d5ee293d1279c64ce8
+SHA1 (patch-az) = b4e2059514e479e27675d68af973386ad9ee5f6d
diff -r 76346ec0b88c -r e56191264fbf databases/mysql4-client/patches/patch-az
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql4-client/patches/patch-az  Thu Jan 20 13:37:48 2005 +0000
@@ -0,0 +1,95 @@
+$NetBSD: patch-az,v 1.1 2005/01/20 13:37:48 xtraeme Exp $
+
+mysqlaccess symlink vulnerability
+
+--- scripts/mysqlaccess.sh.orig        2005-01-16 14:28:38 -08:00
++++ scripts/mysqlaccess.sh     2005-01-16 14:28:38 -08:00
+@@ -2,7 +2,7 @@
+ # ****************************
+ package MySQLaccess;
+ #use strict;
+-use POSIX qw(tmpnam);
++use File::Temp qw(tempfile tmpnam);
+ use Fcntl;
+ 
+ BEGIN {
+@@ -32,7 +32,6 @@
+       $ACCESS_U_BCK = 'user_backup';   
+       $ACCESS_D_BCK = 'db_backup';     
+         $DIFF      = '/usr/bin/diff'; 
+-        $TMP_PATH  = '/tmp';             #path to writable tmp-directory
+         $MYSQLDUMP = '@bindir@/mysqldump';
+                                          #path to mysqldump executable
+ 
+@@ -432,7 +431,7 @@
+ # no caching on STDOUT
+       $|=1;
+ 
+-      $MYSQL_CNF = POSIX::tmpnam();
++      $MYSQL_CNF = tmpnam();
+       %MYSQL_CNF = (client    => { },
+                       mysql     => { },
+                       mysqldump => { },
+@@ -577,8 +576,6 @@
+ push(@MySQLaccess::Grant::Error,'not_found_mysql')     if !(-x $MYSQL);
+ push(@MySQLaccess::Grant::Error,'not_found_diff')      if !(-x $DIFF);
+ push(@MySQLaccess::Grant::Error,'not_found_mysqldump') if !(-x $MYSQLDUMP);
+-push(@MySQLaccess::Grant::Error,'not_found_tmp')       if !(-d $TMP_PATH);
+-push(@MySQLaccess::Grant::Error,'write_err_tmp')       if !(-w $TMP_PATH);
+ if (@MySQLaccess::Grant::Error) {
+    MySQLaccess::Report::Print_Error_Messages() ;
+    exit 0;
+@@ -1777,17 +1774,15 @@
+    @before = sort(@before);
+    @after  = sort(@after);
+ 
+-   $before = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.before.$$";
+-   $after  = "$MySQLaccess::TMP_PATH/$MySQLaccess::script.after.$$";
+-   #$after = "/tmp/t0";
+-   open(BEFORE,"> $before") ||
+-    push(@MySQLaccess::Report::Errors,"Can't open temporary file $before for writing");
+-   open(AFTER,"> $after") ||
+-    push(@MySQLaccess::Report::Errors,"Can't open temporary file $after for writing");
+-   print BEFORE join("\n",@before);
+-   print AFTER  join("\n",@after);
+-   close(BEFORE);
+-   close(AFTER);
++   ($hb, $before) = tempfile("$MySQLaccess::script.XXXXXX") or
++    push(@MySQLaccess::Report::Errors,"Can't create temporary file: $!");
++   ($ha, $after)  = tempfile("$MySQLaccess::script.XXXXXX") or
++    push(@MySQLaccess::Report::Errors,"Can't create temporary file: $!");
++
++   print $hb join("\n",@before);
++   print $ha join("\n",@after);
++   close $hb;
++   close $ha;
+ 
+    # ----------------------------------
+    # compute difference
+@@ -1800,8 +1795,8 @@
+ 
+    # ----------------------------------
+    # cleanup temp. files
+-   unlink(BEFORE);
+-   unlink(AFTER);
++   unlink($before);
++   unlink($after);
+ 
+    return \@diffs;
+ }
+@@ -2316,14 +2311,6 @@
+    => "The diff program <$MySQLaccess::DIFF> could not be found.\n"
+      ."+ Check your path, or\n"
+      ."+ edit the source of this script to point \$DIFF to the diff program.\n"
+- ,'not_found_tmp'
+-   => "The temporary directory <$MySQLaccess::TMP_PATH> could not be found.\n"
+-     ."+ create this directory (writeable!), or\n"
+-     ."+ edit the source of this script to point \$TMP_PATH to the right directory.\n"
+- ,'write_err_tmp'
+-   => "The temporary directory <$MySQLaccess::TMP_PATH> is not writable.\n"
+-     ."+ make this directory writeable!, or\n"
+-     ."+ edit the source of this script to point \$TMP_PATH to another directory.\n"
+  ,'Unrecognized_option'
+    => "Sorry,\n"
+      ."You are using an old version of the mysql-program,\n"
+



Home | Main Index | Thread Index | Old Index