diff options
author | spz <spz> | 2010-06-06 11:32:35 +0000 |
---|---|---|
committer | spz <spz> | 2010-06-06 11:32:35 +0000 |
commit | e1e1b94589e0260a131709ecccf6edad0842ab50 (patch) | |
tree | 76f94455b5201be5df725b0f3ad2c80e0dea4a6f | |
parent | 5f2716fb31b7b0934e475b2886bb42201c5db1cf (diff) | |
download | pkgsrc-e1e1b94589e0260a131709ecccf6edad0842ab50.tar.gz |
Pullup ticket 3139 - requested by taca
security update
Revisions pulled up:
- pkgsrc/databases/mysql5-client/Makefile.common 1.39
- pkgsrc/databases/mysql5-client/buildlink3.mk 1.16
- pkgsrc/databases/mysql5-client/distinfo 1.29
- pkgsrc/databases/mysql5-server/distinfo 1.25
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jun 2 13:34:45 UTC 2010
Modified Files:
pkgsrc/databases/mysql5-client: Makefile.common buildlink3.mk distinfo
pkgsrc/databases/mysql5-server: distinfo
Log Message:
Update mysql5-{client,server} package to 5.0.91.
For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html.
Here is security related changes.
* Security Fix: The server failed to check the table name argument of
a COM_FIELD_LIST command packet for validity and compliance to
acceptable table name standards. This could be exploited to bypass
almost all forms of checks for privileges and table-level grants by
providing a specially crafted table name argument to COM_FIELD_LIST.
In MySQL 5.0 and above, this allowed an authenticated user with
SELECT privileges on one table to obtain the field definitions of
any table in all other databases and potentially of other MySQL
instances accessible from the server's file system.
Additionally, for MySQL version 5.1 and above, an authenticated user
with DELETE or SELECT privileges on one table could delete or read
content from any other table in all databases on this server, and
potentially of other MySQL instances accessible from the server's
file system. (Bug#53371, CVE-2010-1848)
* Security Fix: The server was susceptible to a buffer-overflow attack
due to a failure to perform bounds checking on the table name
argument of a COM_FIELD_LIST command packet. By sending long data
for the table name, a buffer is overflown, which could be exploited
by an authenticated user to inject malicious code. (Bug#53237,
CVE-2010-1850)
* Security Fix: The server could be tricked into reading packets
indefinitely if it received a packet larger than the maximum size of
one packet. (Bug#50974, CVE-2010-1849)
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 pkgsrc/databases/mysql5-client/Makefile.common
cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/mysql5-client/buildlink3.mk
cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/mysql5-client/distinfo
cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mysql5-server/distinfo
-rw-r--r-- | databases/mysql5-client/Makefile.common | 7 | ||||
-rw-r--r-- | databases/mysql5-client/buildlink3.mk | 4 | ||||
-rw-r--r-- | databases/mysql5-client/distinfo | 8 | ||||
-rw-r--r-- | databases/mysql5-server/distinfo | 8 |
4 files changed, 14 insertions, 13 deletions
diff --git a/databases/mysql5-client/Makefile.common b/databases/mysql5-client/Makefile.common index b2f0fa89a76..ea9eda17962 100644 --- a/databases/mysql5-client/Makefile.common +++ b/databases/mysql5-client/Makefile.common @@ -1,12 +1,13 @@ -# $NetBSD: Makefile.common,v 1.38 2010/02/18 15:46:10 taca Exp $ +# $NetBSD: Makefile.common,v 1.38.2.1 2010/06/06 11:32:35 spz Exp $ # # used by databases/mysql5-client/Makefile # used by databases/mysql5-server/Makefile # -DISTNAME= mysql-5.0.90 +DISTNAME= mysql-5.0.91 CATEGORIES= databases -MASTER_SITES= ${MASTER_SITE_MYSQL:=MySQL-5.0/} +MASTER_SITES= http://downloads.mysql.com/archives/mysql-5.0/ \ + ${MASTER_SITE_MYSQL:=MySQL-5.0/} MAINTAINER= sketch@NetBSD.org HOMEPAGE= http://www.mysql.com/ diff --git a/databases/mysql5-client/buildlink3.mk b/databases/mysql5-client/buildlink3.mk index 529056e8381..b9a7cceca68 100644 --- a/databases/mysql5-client/buildlink3.mk +++ b/databases/mysql5-client/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.15 2010/02/18 15:46:10 taca Exp $ +# $NetBSD: buildlink3.mk,v 1.15.2.1 2010/06/06 11:32:35 spz Exp $ BUILDLINK_TREE+= mysql-client @@ -6,7 +6,7 @@ BUILDLINK_TREE+= mysql-client MYSQL_CLIENT_BUILDLINK3_MK:= BUILDLINK_API_DEPENDS.mysql-client+= mysql-client>=5.0.15 -BUILDLINK_ABI_DEPENDS.mysql-client+= mysql-client>=5.0.90 +BUILDLINK_ABI_DEPENDS.mysql-client+= mysql-client>=5.0.91 BUILDLINK_PKGSRCDIR.mysql-client?= ../../databases/mysql5-client BUILDLINK_LIBDIRS.mysql-client?= lib/mysql BUILDLINK_INCDIRS.mysql-client?= include/mysql diff --git a/databases/mysql5-client/distinfo b/databases/mysql5-client/distinfo index c0c0a339e8a..a67af40a1ca 100644 --- a/databases/mysql5-client/distinfo +++ b/databases/mysql5-client/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.28 2010/02/18 15:46:10 taca Exp $ +$NetBSD: distinfo,v 1.28.2.1 2010/06/06 11:32:35 spz Exp $ -SHA1 (mysql-5.0.90.tar.gz) = c637d0afed52de1e3326824afa954d1ffbcc7a2f -RMD160 (mysql-5.0.90.tar.gz) = 634655530100e5c00bfab9e2c498efa8c5208baf -Size (mysql-5.0.90.tar.gz) = 22299626 bytes +SHA1 (mysql-5.0.91.tar.gz) = 14a79138a1296ce6ebb681fceba622d870feba3e +RMD160 (mysql-5.0.91.tar.gz) = 3aaa638172f6916d3698c5421b24a01647f7e9db +Size (mysql-5.0.91.tar.gz) = 22340514 bytes SHA1 (patch-aa) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec SHA1 (patch-ab) = ee8103143b47a428319fbc25cf2f9a69828c15f7 SHA1 (patch-ac) = 66b6d0ffd3011df1dcf8f3be7f7300e975635d95 diff --git a/databases/mysql5-server/distinfo b/databases/mysql5-server/distinfo index 94c206d6ef4..7e335155da3 100644 --- a/databases/mysql5-server/distinfo +++ b/databases/mysql5-server/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.24 2010/02/18 15:46:10 taca Exp $ +$NetBSD: distinfo,v 1.24.2.1 2010/06/06 11:32:35 spz Exp $ -SHA1 (mysql-5.0.90.tar.gz) = c637d0afed52de1e3326824afa954d1ffbcc7a2f -RMD160 (mysql-5.0.90.tar.gz) = 634655530100e5c00bfab9e2c498efa8c5208baf -Size (mysql-5.0.90.tar.gz) = 22299626 bytes +SHA1 (mysql-5.0.91.tar.gz) = 14a79138a1296ce6ebb681fceba622d870feba3e +RMD160 (mysql-5.0.91.tar.gz) = 3aaa638172f6916d3698c5421b24a01647f7e9db +Size (mysql-5.0.91.tar.gz) = 22340514 bytes SHA1 (patch-aa) = f52745512abfb2c2d43715975f76c2f454ed93e5 SHA1 (patch-ab) = 7c51a0214c3e6205605047c72b07eac6792600db SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71 |