mysql-CVE-2012-2122.patch (NEW) - added p...

adwol Mon, 11 Jun 2012 09:37:40 -0700

Author: adwol                        Date: Mon Jun 11 16:37:35 2012 GMT
Module: packages                      Tag: HEAD
---- Log message:
- added patch for CVE-2012-2122
- rel 3; STBR


---- Files affected:
packages/mysql:
   mysql.spec (1.571 -> 1.572) , mysql-CVE-2012-2122.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: packages/mysql/mysql.spec
diff -u packages/mysql/mysql.spec:1.571 packages/mysql/mysql.spec:1.572
--- packages/mysql/mysql.spec:1.571     Fri Apr 27 15:00:48 2012
+++ packages/mysql/mysql.spec   Mon Jun 11 18:37:30 2012
@@ -37,7 +37,7 @@
 Summary(zh_CN.UTF-8):  MySQL数据库服务器
 Name:          mysql
 Version:       5.5.21
-Release:       2
+Release:       3
 License:       GPL + MySQL FLOSS Exception
 Group:         Applications/Databases
 # Source0Download: http://dev.mysql.com/downloads/mysql/5.5.html#downloads
@@ -75,6 +75,7 @@
 Patch19:       %{name}-chain-certs.patch
 # from fedora
 Patch20:       %{name}-dubious-exports.patch
+Patch21:       %{name}-CVE-2012-2122.patch
 # <percona patches, updated with percona.sh>
 Patch100:      bug933969.patch
 Patch101:      microsec_process.patch
@@ -574,6 +575,7 @@
 %patch14 -p0
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 # <percona %patches>
 %patch100 -p1
 %patch101 -p1
@@ -1271,6 +1273,10 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.572  2012/06/11 16:37:30  adwol
+- added patch for CVE-2012-2122
+- rel 3; STBR
+
 Revision 1.571  2012/04/27 13:00:48  arekm
 - rel 2; patches updated
 

================================================================
Index: packages/mysql/mysql-CVE-2012-2122.patch
diff -u /dev/null packages/mysql/mysql-CVE-2012-2122.patch:1.1
--- /dev/null   Mon Jun 11 18:37:35 2012
+++ packages/mysql/mysql-CVE-2012-2122.patch    Mon Jun 11 18:37:30 2012
@@ -0,0 +1,11 @@
+--- mysql-5.5.21.orig/sql/password.c   2012-01-31 12:28:14.000000000 +0100
++++ mysql-5.5.21/sql/password.c        2012-06-11 18:33:31.712820746 +0200
+@@ -531,7 +531,7 @@
+   mysql_sha1_reset(&sha1_context);
+   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
+   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
+-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
++  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
+ }
+ 
+ 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/packages/mysql/mysql.spec?r1=1.571&r2=1.572

_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

packages: mysql/mysql.spec, mysql/mysql-CVE-2012-2122.patch (NEW) - added p...

Reply via email to