summaryrefslogtreecommitdiff
path: root/databases/mysql-server
diff options
context:
space:
mode:
authortron <tron>2002-12-13 14:19:54 +0000
committertron <tron>2002-12-13 14:19:54 +0000
commit6606e7d5156e06f21268312f320f95f74dafe129 (patch)
tree03a1159924ff437a9100709f6d80fe2c893122a3 /databases/mysql-server
parent1fe6b4bee750baffb097b658134489bd73b53439 (diff)
downloadpkgsrc-6606e7d5156e06f21268312f320f95f74dafe129.tar.gz
Fix security problem in MySQL client library and server which were
recently discovered by e-matters.
Diffstat (limited to 'databases/mysql-server')
-rw-r--r--databases/mysql-server/Makefile8
-rw-r--r--databases/mysql-server/distinfo3
-rw-r--r--databases/mysql-server/patches/patch-ak24
3 files changed, 30 insertions, 5 deletions
diff --git a/databases/mysql-server/Makefile b/databases/mysql-server/Makefile
index e1c75268739..c71845c02a3 100644
--- a/databases/mysql-server/Makefile
+++ b/databases/mysql-server/Makefile
@@ -1,14 +1,12 @@
-# $NetBSD: Makefile,v 1.29 2002/09/20 10:39:07 jlam Exp $
-#
+# $NetBSD: Makefile,v 1.30 2002/12/13 14:19:54 tron Exp $
PKGNAME= ${DISTNAME:S/-/-server-/}
+PKGREVISION= 1
SVR4_PKGNAME= mysqs
COMMENT= MySQL, a free SQL database (server)
.include "../mysql-client/Makefile.common"
-DEPENDS+= ${DISTNAME:S/-/-client>=/}:../../databases/mysql-client
-
# hardwire use of included mit-pthreads on NetBSD
.if (${OPSYS} == "NetBSD")
CONFIGURE_ARGS+= --with-mit-threads
@@ -16,6 +14,7 @@ CONFIGURE_ARGS+= --with-mit-threads
CONFIGURE_ARGS+= --with-libwrap
CONFIGURE_ARGS+= --without-berkeley-db
+USE_BUILDLINK2= YES
# platforms on which included mit-pthreads is usable
ONLY_FOR_PLATFORM= NetBSD-*-alpha NetBSD-*-arm32 NetBSD-*-i386 \
@@ -43,5 +42,6 @@ post-install:
${INSTALL_MAN} ${WRKSRC}/man/safe_mysqld.1 ${PREFIX}/man/man1
PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} POST-INSTALL
+.include "../../databases/mysql-client/buildlink2.mk"
.include "../../security/tcp_wrappers/buildlink2.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/databases/mysql-server/distinfo b/databases/mysql-server/distinfo
index 4394bf153f8..98c6a97efca 100644
--- a/databases/mysql-server/distinfo
+++ b/databases/mysql-server/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2002/06/03 14:08:27 tron Exp $
+$NetBSD: distinfo,v 1.17 2002/12/13 14:19:54 tron Exp $
SHA1 (mysql-3.23.49.tar.gz) = 0256331c7aa9388955148f80cdca382f467ad1be
Size (mysql-3.23.49.tar.gz) = 11844905 bytes
@@ -12,3 +12,4 @@ SHA1 (patch-ag) = 75634ff5c9ee61ff3ef61b1d9a4be4afc65e8754
SHA1 (patch-ah) = 7cd4278c9bdc5220de04f7e6b62bb8d11c892ffb
SHA1 (patch-ai) = 071e34cc9236b08cdc438afbb46801e66efc7e92
SHA1 (patch-aj) = 2e619c6f16a1256174fd3e6e4bca3214679a9347
+SHA1 (patch-ak) = f484f0bd5b77e0475c7b693b51f5f5146795afa0
diff --git a/databases/mysql-server/patches/patch-ak b/databases/mysql-server/patches/patch-ak
new file mode 100644
index 00000000000..05d0975af63
--- /dev/null
+++ b/databases/mysql-server/patches/patch-ak
@@ -0,0 +1,24 @@
+$NetBSD: patch-ak,v 1.5 2002/12/13 14:19:55 tron Exp $
+
+--- sql/sql_parse.cc.orig Thu Feb 14 18:30:14 2002
++++ sql/sql_parse.cc Fri Dec 13 14:46:28 2002
+@@ -105,6 +105,8 @@
+ NET *net= &thd->net;
+ thd->db=0;
+
++ if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
++ return 1;
+ if (!(thd->user = my_strdup(user, MYF(0))))
+ {
+ send_error(net,ER_OUT_OF_RESOURCES);
+@@ -764,8 +766,8 @@
+ thread_safe_increment(com_other,&LOCK_thread_count);
+ slow_command = TRUE;
+ char* data = packet + 1;
+- uint db_len = *data;
+- uint tbl_len = *(data + db_len + 1);
++ uint db_len = *(uchar *)*data;
++ uint tbl_len = *(uchar *)(data + db_len + 1);
+ char* db = sql_alloc(db_len + tbl_len + 2);
+ memcpy(db, data + 1, db_len);
+ char* tbl_name = db + db_len;