Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=9f934824d6d2e083232aa4733d8be0282de42756
commit 9f934824d6d2e083232aa4733d8be0282de42756
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date: Tue May 20 15:03:09 2008 +0200
mysql-5.0.51-3-i686
- bump to patchlevel 'a'
- add CVE-2008-2079.patch
- removed already in upstream CVE-2007-6303.patch and
CVE-2007-6304.patch
- closes #3075
diff --git a/source/apps-extra/mysql/CVE-2007-6303.patch
b/source/apps-extra/mysql/CVE-2007-6303.patch
deleted file mode 100644
index ddec0e7..0000000
--- a/source/apps-extra/mysql/CVE-2007-6303.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- sql/sql_view.cc 2007-11-15 16:06:16.000000000 +0200
-+++ sql/sql_view.cc 2007-12-11 01:23:11.000000000 +0200
-@@ -223,9 +223,6 @@
- {
- LEX *lex= thd->lex;
- bool link_to_local;
--#ifndef NO_EMBEDDED_ACCESS_CHECKS
-- bool definer_check_is_needed= mode != VIEW_ALTER || lex->definer;
--#endif
- /* first table in list is target VIEW name => cut off it */
- TABLE_LIST *view= lex->unlink_first_table(&link_to_local);
- TABLE_LIST *tables= lex->query_tables;
-@@ -280,7 +277,7 @@
- - same as current user
- - current user has SUPER_ACL
- */
-- if (definer_check_is_needed &&
-+ if (lex->definer &&
- (strcmp(lex->definer->user.str, thd->security_ctx->priv_user) != 0 ||
- my_strcasecmp(system_charset_info,
- lex->definer->host.str,
diff --git a/source/apps-extra/mysql/CVE-2007-6304.patch
b/source/apps-extra/mysql/CVE-2007-6304.patch
deleted file mode 100644
index 3e3a238..0000000
--- a/source/apps-extra/mysql/CVE-2007-6304.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- sql/ha_federated.cc 2007-11-15 16:06:16.000000000 +0200
-+++ sql/ha_federated.cc 2007-12-11 01:24:52.000000000 +0200
-@@ -2528,7 +2528,11 @@
- status_query_string.length(0);
-
- result= mysql_store_result(mysql);
-- if (!result)
-+ /*
-+ We're going to use fields num. 4, 12 and 13 of the resultset,
-+ so make sure we have these fields.
-+ */
-+ if (!result || (mysql_num_fields(result) < 14))
- goto error;
-
- if (!mysql_num_rows(result))
diff --git a/source/apps-extra/mysql/CVE-2008-2079.patch
b/source/apps-extra/mysql/CVE-2008-2079.patch
new file mode 100644
index 0000000..6f36917
--- /dev/null
+++ b/source/apps-extra/mysql/CVE-2008-2079.patch
@@ -0,0 +1,118 @@
+diff -Nur mysql-5.0.51.orig/sql/mysqld.cc mysql-5.0.51/sql/mysqld.cc
+--- mysql-5.0.51.orig/sql/mysqld.cc 2008-05-09 16:56:51.000000000 +0300
++++ mysql-5.0.51/sql/mysqld.cc 2008-05-09 17:00:19.000000000 +0300
+@@ -323,6 +323,7 @@
+ static char *default_collation_name;
+ static char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME;
+ static char mysql_data_home_buff[2];
++char mysql_unpacked_real_data_home[FN_REFLEN];
+ static I_List<THD> thread_cache;
+
+ #ifndef EMBEDDED_LIBRARY
+@@ -7565,6 +7566,11 @@
+ pos[1]= 0;
+ }
+ convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
++
++ (void) fn_format(buff, mysql_real_data_home, "", "",
++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++ (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
++
+ convert_dirname(language,language,NullS);
+ (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
+ (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
+diff -Nur mysql-5.0.51.orig/sql/mysql_priv.h mysql-5.0.51/sql/mysql_priv.h
+--- mysql-5.0.51.orig/sql/mysql_priv.h 2008-05-09 16:56:51.000000000 +0300
++++ mysql-5.0.51/sql/mysql_priv.h 2008-05-09 16:57:15.000000000 +0300
+@@ -1255,6 +1255,7 @@
+ extern time_t server_start_time, flush_status_time;
+ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
+ mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
++ mysql_unpacked_real_data_home[],
+ def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+ #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
+ extern MY_TMPDIR mysql_tmpdir_list;
+diff -Nur mysql-5.0.51.orig/sql/sql_parse.cc mysql-5.0.51/sql/sql_parse.cc
+--- mysql-5.0.51.orig/sql/sql_parse.cc 2008-05-09 16:56:51.000000000 +0300
++++ mysql-5.0.51/sql/sql_parse.cc 2008-05-09 17:07:19.000000000 +0300
+@@ -77,6 +77,8 @@
+ const char *table_name);
+ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
+
++static bool test_if_data_home_dir(const char *dir);
++
+ const char *any_db="*any*"; // Special symbol for check_access
+
+ const char *command_name[]={
+@@ -3001,6 +3003,20 @@
+ "INDEX DIRECTORY option ignored");
+ create_info.data_file_name= create_info.index_file_name= NULL;
+ #else
++
++ if (test_if_data_home_dir(lex->create_info.data_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
++ res= -1;
++ break;
++ }
++ if (test_if_data_home_dir(lex->create_info.index_file_name))
++ {
++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
++ res= -1;
++ break;
++ }
++
+ /* Fix names if symlinked tables */
+ if (append_file_to_dir(thd, &create_info.data_file_name,
+ create_table->table_name) ||
+@@ -7718,6 +7734,49 @@
+ }
+
+ /*
++ Check if path does not contain mysql data home directory
++
++ SYNOPSIS
++ test_if_data_home_dir()
++ dir directory
++ conv_home_dir converted data home directory
++ home_dir_len converted data home directory length
++
+++ RETURN VALUES
++ 0 ok
++ 1 error
++*/
++
++static bool test_if_data_home_dir(const char *dir)
++{
++ char path[FN_REFLEN], conv_path[FN_REFLEN];
++ uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
++ DBUG_ENTER("test_if_data_home_dir");
++
++ if (!dir)
++ DBUG_RETURN(0);
++
++ (void) fn_format(path, dir, "", "",
++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++ dir_len= unpack_dirname(conv_path, dir);
++
++ if (home_dir_len <= dir_len)
++ {
++ if (lower_case_file_system)
++ {
++ if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
++ home_dir_len,
++ (const uchar*) mysql_unpacked_real_data_home,
++ home_dir_len))
++ DBUG_RETURN(1);
++ }
++ else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
++ DBUG_RETURN(1);
++ }
++ DBUG_RETURN(0);
++}
++
++/*
+ Set the specified definer to the default value, which is the current user in
+ the thread.
+
+Files mysql-5.0.51.orig/sql/.sql_parse.cc.swp and
mysql-5.0.51/sql/.sql_parse.cc.swp differ
diff --git a/source/apps-extra/mysql/FrugalBuild
b/source/apps-extra/mysql/FrugalBuild
index ffc7cd4..0099b3e 100644
--- a/source/apps-extra/mysql/FrugalBuild
+++ b/source/apps-extra/mysql/FrugalBuild
@@ -3,8 +3,8 @@
pkgname=mysql
pkgver=5.0.51
-pkgrel=2
-extrapkgver=
+pkgrel=3
+extrapkgver=a
pkgdesc="A fast SQL database server"
url="http://www.mysql.com/";
backup=(etc/my.cnf etc/sysconfig/mysqld)
@@ -16,8 +16,8 @@ archs=('i686' 'x86_64')
up2date="lynx -dump http://dev.mysql.com/|grep 'GA'|sed 's/.*
\([0-9.]*\)/\1/;s/$extrapkgver//;q'"
mirror="http://mysql.mirrors.crysys.hit.bme.hu/";
source=($mirror/Downloads/MySQL-5.0/$pkgname-$pkgver$extrapkgver.tar.gz
rc.mysqld my.cnf mysqld \
- CVE-2007-5925.patch CVE-2007-6303.patch CVE-2007-6304.patch)
-signatures=("${source[0]}.asc" '' '' '' '' '' '')
+ CVE-2007-5925.patch CVE-2008-2079.patch)
+signatures=("${source[0]}.asc" '' '' '' '' '')
subpkgs=('libmysqlclient' 'libmysqld')
subdescs=('MySQL client library.' 'Embedded MySQL Server Library')
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
