pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/databases/mysql5-server Add a patch for CVE-2009-2446 ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/178bd10fb30c
branches:  trunk
changeset: 562031:178bd10fb30c
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun Jul 19 13:50:20 2009 +0000

description:
Add a patch for CVE-2009-2446 based on the description in the report.

diffstat:

 databases/mysql5-server/Makefile         |   4 ++--
 databases/mysql5-server/distinfo         |   3 ++-
 databases/mysql5-server/patches/patch-ac |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)

diffs (57 lines):

diff -r 888a8c14a628 -r 178bd10fb30c databases/mysql5-server/Makefile
--- a/databases/mysql5-server/Makefile  Sun Jul 19 13:17:56 2009 +0000
+++ b/databases/mysql5-server/Makefile  Sun Jul 19 13:50:20 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2009/05/20 00:58:11 wiz Exp $
+# $NetBSD: Makefile,v 1.28 2009/07/19 13:50:20 tron Exp $
 
 PKGNAME=               ${DISTNAME:S/-/-server-/}
-PKGREVISION=           2
+PKGREVISION=           3
 SVR4_PKGNAME=          mysqs
 COMMENT=               MySQL 5, a free SQL database (server)
 
diff -r 888a8c14a628 -r 178bd10fb30c databases/mysql5-server/distinfo
--- a/databases/mysql5-server/distinfo  Sun Jul 19 13:17:56 2009 +0000
+++ b/databases/mysql5-server/distinfo  Sun Jul 19 13:50:20 2009 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.21 2008/09/18 11:51:37 taca Exp $
+$NetBSD: distinfo,v 1.22 2009/07/19 13:50:20 tron Exp $
 
 SHA1 (mysql-5.0.67.tar.gz) = 168090a4698a3a5efa2f2c9380a4352d4433d377
 RMD160 (mysql-5.0.67.tar.gz) = 05d38a5f8d91cb4dac1ee446af96b28163bd3722
 Size (mysql-5.0.67.tar.gz) = 28370810 bytes
 SHA1 (patch-aa) = 913ffbbd5ce8496f412d30515fb5ecef23854023
 SHA1 (patch-ab) = 7d3ff56e929f93b4843d62014a3f5f37cc1e84bc
+SHA1 (patch-ac) = e35a56fd1cae5c471d51b52b2949406be891580c
 SHA1 (patch-ad) = b3246e3b2a666dffb72830c3ca30050a1e1263ca
 SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71
 SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec
diff -r 888a8c14a628 -r 178bd10fb30c databases/mysql5-server/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/databases/mysql5-server/patches/patch-ac  Sun Jul 19 13:50:20 2009 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-ac,v 1.8 2009/07/19 13:50:20 tron Exp $
+
+Patch for CVE-2009-2446.
+
+--- libmysqld/sql_parse.cc.orig        2008-08-04 13:20:10.000000000 +0100
++++ libmysqld/sql_parse.cc     2009-07-19 14:07:08.000000000 +0100
+@@ -2028,7 +2028,7 @@
+       }
+       if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
+       break;
+-      mysql_log.write(thd,command,packet);
++      mysql_log.write(thd,command,"%s",packet);
+       bzero(&create_info, sizeof(create_info));
+       mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
+                       &create_info, 0);
+@@ -2053,7 +2053,7 @@
+                    ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
+       break;
+       }
+-      mysql_log.write(thd,command,db);
++      mysql_log.write(thd,command,"%s",db);
+       mysql_rm_db(thd, db, 0, 0);
+       break;
+     }



Home | Main Index | Thread Index | Old Index