diff options
| author | tron <tron> | 2009-07-19 13:50:20 +0000 |
|---|---|---|
| committer | tron <tron> | 2009-07-19 13:50:20 +0000 |
| commit | 34cd306e8a58e54f4f615dfe4c7f1a6d86464c87 (patch) | |
| tree | aa0e938ac79035752062b9cc9e849d20a2a5076d | |
| parent | c5494596965e6f5d37f6e2e40a6e062fb15b6791 (diff) | |
| download | pkgsrc-34cd306e8a58e54f4f615dfe4c7f1a6d86464c87.tar.gz | |
Add a patch for CVE-2009-2446 based on the description in the report.
| -rw-r--r-- | databases/mysql5-server/Makefile | 4 | ||||
| -rw-r--r-- | databases/mysql5-server/distinfo | 3 | ||||
| -rw-r--r-- | databases/mysql5-server/patches/patch-ac | 24 |
3 files changed, 28 insertions, 3 deletions
diff --git a/databases/mysql5-server/Makefile b/databases/mysql5-server/Makefile index 9b1ada4e575..911eef9623c 100644 --- a/databases/mysql5-server/Makefile +++ b/databases/mysql5-server/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.27 2009/05/20 00:58:11 wiz Exp $ +# $NetBSD: Makefile,v 1.28 2009/07/19 13:50:20 tron Exp $ PKGNAME= ${DISTNAME:S/-/-server-/} -PKGREVISION= 2 +PKGREVISION= 3 SVR4_PKGNAME= mysqs COMMENT= MySQL 5, a free SQL database (server) diff --git a/databases/mysql5-server/distinfo b/databases/mysql5-server/distinfo index 04add88f36f..47b693fe708 100644 --- a/databases/mysql5-server/distinfo +++ b/databases/mysql5-server/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.21 2008/09/18 11:51:37 taca Exp $ +$NetBSD: distinfo,v 1.22 2009/07/19 13:50:20 tron Exp $ SHA1 (mysql-5.0.67.tar.gz) = 168090a4698a3a5efa2f2c9380a4352d4433d377 RMD160 (mysql-5.0.67.tar.gz) = 05d38a5f8d91cb4dac1ee446af96b28163bd3722 Size (mysql-5.0.67.tar.gz) = 28370810 bytes SHA1 (patch-aa) = 913ffbbd5ce8496f412d30515fb5ecef23854023 SHA1 (patch-ab) = 7d3ff56e929f93b4843d62014a3f5f37cc1e84bc +SHA1 (patch-ac) = e35a56fd1cae5c471d51b52b2949406be891580c SHA1 (patch-ad) = b3246e3b2a666dffb72830c3ca30050a1e1263ca SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71 SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec diff --git a/databases/mysql5-server/patches/patch-ac b/databases/mysql5-server/patches/patch-ac new file mode 100644 index 00000000000..012071f7e21 --- /dev/null +++ b/databases/mysql5-server/patches/patch-ac @@ -0,0 +1,24 @@ +$NetBSD: patch-ac,v 1.8 2009/07/19 13:50:20 tron Exp $ + +Patch for CVE-2009-2446. + +--- libmysqld/sql_parse.cc.orig 2008-08-04 13:20:10.000000000 +0100 ++++ libmysqld/sql_parse.cc 2009-07-19 14:07:08.000000000 +0100 +@@ -2028,7 +2028,7 @@ + } + if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db))) + break; +- mysql_log.write(thd,command,packet); ++ mysql_log.write(thd,command,"%s",packet); + bzero(&create_info, sizeof(create_info)); + mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db), + &create_info, 0); +@@ -2053,7 +2053,7 @@ + ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0)); + break; + } +- mysql_log.write(thd,command,db); ++ mysql_log.write(thd,command,"%s",db); + mysql_rm_db(thd, db, 0, 0); + break; + } |