Add patch from <http://lists.mysql.com/commits/43206> to fix the

security vulnerability reported in CVE-2008-2079.
author: tron <tron> 2008-07-01 09:22:59 +0000
committer: tron <tron> 2008-07-01 09:22:59 +0000
commit: c08a5463123bfdb3f020ca9b38a4fea1456b09cf (patch)
tree: 352d8ed33615b9cc8763f81963bf4c7d62c7aa83
parent: 8f91a5189035f164b4fbde00e46d9e39087910e9 (diff)
download: pkgsrc-c08a5463123bfdb3f020ca9b38a4fea1456b09cf.tar.gz
5 files changed, 126 insertions, 8 deletions
diff --git a/databases/mysql5-server/Makefile b/databases/mysql5-server/Makefile
index ec423fd4519..7736afe5097 100644
--- a/databases/mysql5-server/Makefile
+++ b/databases/mysql5-server/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.23 2008/06/30 12:01:47 martti Exp $
+# $NetBSD: Makefile,v 1.24 2008/07/01 09:22:59 tron Exp $
 
 PKGNAME=		${DISTNAME:S/-/-server-/}
+PKGREVISION=		1
 SVR4_PKGNAME=		mysqs
 COMMENT=		MySQL 5, a free SQL database (server)
 
diff --git a/databases/mysql5-server/distinfo b/databases/mysql5-server/distinfo
index 6e5d9643a79..16d2eb3becc 100644
--- a/databases/mysql5-server/distinfo
+++ b/databases/mysql5-server/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.19 2008/06/30 12:01:47 martti Exp $
+$NetBSD: distinfo,v 1.20 2008/07/01 09:22:59 tron Exp $
 
 SHA1 (mysql-5.0.51b.tar.gz) = 3884aed8e974fc397d1e86b0609a740a615dfd98
 RMD160 (mysql-5.0.51b.tar.gz) = 759682caa7708f400abd4ea980fe7ebb29cfe99a
 Size (mysql-5.0.51b.tar.gz) = 27809240 bytes
 SHA1 (patch-aa) = 913ffbbd5ce8496f412d30515fb5ecef23854023
 SHA1 (patch-ab) = 7d3ff56e929f93b4843d62014a3f5f37cc1e84bc
-SHA1 (patch-ad) = 2956a12d9a5a053fd5dd380f856475242e8c1199
+SHA1 (patch-ad) = 85772311f995590e5202ca80068fee5274128145
 SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71
 SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec
 SHA1 (patch-ag) = 7c12975196f504c76954bfe92ffff0a98ba63019
@@ -20,3 +20,5 @@ SHA1 (patch-bf) = 87be24d45f0d3f48ea2b911025eb41696d088299
 SHA1 (patch-ca) = 1548b047c0767bb0f32e3960218150fbc6c739b5
 SHA1 (patch-cb) = 282ba93d296927236eaff690201e0139cdc8fbcb
 SHA1 (patch-cc) = ae90cc9787b9f29fcba6a1222e2973f296893bd4
+SHA1 (patch-da) = 7da363a87b84f0c2feb3f5f141a54f22a2b6749a
+SHA1 (patch-db) = 6b9a94bd0ba6667a954bd2459b870e63ec72ecd0
diff --git a/databases/mysql5-server/patches/patch-ad b/databases/mysql5-server/patches/patch-ad
index 59a5744ad6d..597f554facb 100644
--- a/databases/mysql5-server/patches/patch-ad
+++ b/databases/mysql5-server/patches/patch-ad
@@ -1,8 +1,8 @@
-$NetBSD: patch-ad,v 1.2 2007/03/11 18:42:49 adam Exp $
+$NetBSD: patch-ad,v 1.3 2008/07/01 09:22:59 tron Exp $
 
---- sql/mysqld.cc.orig	2007-03-05 20:21:11.000000000 +0100
-+++ sql/mysqld.cc
-@@ -171,7 +171,7 @@ static void getvolumeID(BYTE *volumeName
+--- sql/mysqld.cc.orig	2007-11-15 14:06:16.000000000 +0000
++++ sql/mysqld.cc	2008-06-30 15:54:35.000000000 +0100
+@@ -174,7 +174,7 @@
  int initgroups(const char *,unsigned int);
  #endif
  
@@ -11,7 +11,15 @@ $NetBSD: patch-ad,v 1.2 2007/03/11 18:42:49 adam Exp $
  #include <ieeefp.h>
  #ifdef HAVE_FP_EXCEPT				// Fix type conflict
  typedef fp_except fp_except_t;
-@@ -3431,7 +3431,7 @@ int main(int argc, char **argv)
+@@ -323,6 +323,7 @@
+ static char *default_collation_name;
+ static char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME;
+ static char mysql_data_home_buff[2];
++char mysql_unpacked_real_data_home[FN_REFLEN];
+ static I_List<THD> thread_cache;
+ 
+ #ifndef EMBEDDED_LIBRARY
+@@ -3543,7 +3544,7 @@
    init_ssl();
  
  #ifdef HAVE_LIBWRAP
@@ -20,3 +28,13 @@ $NetBSD: patch-ad,v 1.2 2007/03/11 18:42:49 adam Exp $
    openlog(libwrapName, LOG_PID, LOG_AUTH);
  #endif
  
+@@ -7565,6 +7566,9 @@
+     pos[1]= 0;
+   }
+   convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
++  (void) fn_format(buff, mysql_real_data_home, "", "",
++                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++  (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
+   convert_dirname(language,language,NullS);
+   (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
+   (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
diff --git a/databases/mysql5-server/patches/patch-da b/databases/mysql5-server/patches/patch-da
new file mode 100644
index 00000000000..5bf92d88808
--- /dev/null
+++ b/databases/mysql5-server/patches/patch-da
@@ -0,0 +1,12 @@
+$NetBSD: patch-da,v 1.1 2008/07/01 09:22:59 tron Exp $
+
+--- sql/mysql_priv.h.orig	2008-06-30 16:02:02.000000000 +0100
++++ sql/mysql_priv.h	2008-06-30 15:30:15.000000000 +0100
+@@ -1255,6 +1255,7 @@
+ extern time_t server_start_time, flush_status_time;
+ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
+ 	    mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
++	    mysql_unpacked_real_data_home[],
+             def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+ #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
+ extern MY_TMPDIR mysql_tmpdir_list;
diff --git a/databases/mysql5-server/patches/patch-db b/databases/mysql5-server/patches/patch-db
new file mode 100644
index 00000000000..9e5a15f682b
--- /dev/null
+++ b/databases/mysql5-server/patches/patch-db
@@ -0,0 +1,85 @@
+$NetBSD: patch-db,v 1.1 2008/07/01 09:22:59 tron Exp $
+
+--- sql/sql_parse.cc.orig	2008-06-30 16:02:02.000000000 +0100
++++ sql/sql_parse.cc	2008-06-30 15:56:34.000000000 +0100
+@@ -77,6 +77,8 @@
+ 			       const char *table_name);
+ static bool check_show_create_table_access(THD *thd, TABLE_LIST *table);
+ 
++static bool test_if_data_home_dir(const char *dir);
++
+ const char *any_db="*any*";	// Special symbol for check_access
+ 
+ const char *command_name[]={
+@@ -3001,6 +3003,20 @@
+                    "INDEX DIRECTORY option ignored");
+     create_info.data_file_name= create_info.index_file_name= NULL;
+ #else
++
++    if (test_if_data_home_dir(lex->create_info.data_file_name))
++    {
++      my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
++      res= -1;
++      break;
++    }
++    if (test_if_data_home_dir(lex->create_info.index_file_name))
++    {
++      my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
++      res= -1;
++      break;
++    }
++
+     /* Fix names if symlinked tables */
+     if (append_file_to_dir(thd, &create_info.data_file_name,
+ 			   create_table->table_name) ||
+@@ -7717,6 +7733,50 @@
+   return new Item_func_not(expr);
+ }
+ 
++
++/*
++  Check if path does not contain mysql data home directory
++
++  SYNOPSIS
++    test_if_data_home_dir()
++    dir                     directory
++    conv_home_dir           converted data home directory
++    home_dir_len            converted data home directory length
++
++  RETURN VALUES
++    0	ok
++    1	error  
++*/
++
++static bool test_if_data_home_dir(const char *dir)
++{
++  char path[FN_REFLEN], conv_path[FN_REFLEN];
++  uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
++  DBUG_ENTER("test_if_data_home_dir");
++
++  if (!dir)
++    DBUG_RETURN(0);
++
++  (void) fn_format(path, dir, "", "",
++                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
++  dir_len= unpack_dirname(conv_path, dir);
++
++  if (home_dir_len <= dir_len)
++  {
++    if (lower_case_file_system)
++    {
++      if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
++                        home_dir_len,
++                        (const uchar*) mysql_unpacked_real_data_home,
++                        home_dir_len))
++        DBUG_RETURN(1);
++    }
++    else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
++      DBUG_RETURN(1);
++  }
++  DBUG_RETURN(0);
++}
++
+ /*
+   Set the specified definer to the default value, which is the current user in
+   the thread.
author	tron <tron>	2008-07-01 09:22:59 +0000
committer	tron <tron>	2008-07-01 09:22:59 +0000
commit	c08a5463123bfdb3f020ca9b38a4fea1456b09cf (patch)
tree	352d8ed33615b9cc8763f81963bf4c7d62c7aa83
parent	8f91a5189035f164b4fbde00e46d9e39087910e9 (diff)
download	pkgsrc-c08a5463123bfdb3f020ca9b38a4fea1456b09cf.tar.gz