diff options
author | tron <tron> | 2002-12-13 14:19:54 +0000 |
---|---|---|
committer | tron <tron> | 2002-12-13 14:19:54 +0000 |
commit | 6606e7d5156e06f21268312f320f95f74dafe129 (patch) | |
tree | 03a1159924ff437a9100709f6d80fe2c893122a3 /databases/mysql-server | |
parent | 1fe6b4bee750baffb097b658134489bd73b53439 (diff) | |
download | pkgsrc-6606e7d5156e06f21268312f320f95f74dafe129.tar.gz |
Fix security problem in MySQL client library and server which were
recently discovered by e-matters.
Diffstat (limited to 'databases/mysql-server')
-rw-r--r-- | databases/mysql-server/Makefile | 8 | ||||
-rw-r--r-- | databases/mysql-server/distinfo | 3 | ||||
-rw-r--r-- | databases/mysql-server/patches/patch-ak | 24 |
3 files changed, 30 insertions, 5 deletions
diff --git a/databases/mysql-server/Makefile b/databases/mysql-server/Makefile index e1c75268739..c71845c02a3 100644 --- a/databases/mysql-server/Makefile +++ b/databases/mysql-server/Makefile @@ -1,14 +1,12 @@ -# $NetBSD: Makefile,v 1.29 2002/09/20 10:39:07 jlam Exp $ -# +# $NetBSD: Makefile,v 1.30 2002/12/13 14:19:54 tron Exp $ PKGNAME= ${DISTNAME:S/-/-server-/} +PKGREVISION= 1 SVR4_PKGNAME= mysqs COMMENT= MySQL, a free SQL database (server) .include "../mysql-client/Makefile.common" -DEPENDS+= ${DISTNAME:S/-/-client>=/}:../../databases/mysql-client - # hardwire use of included mit-pthreads on NetBSD .if (${OPSYS} == "NetBSD") CONFIGURE_ARGS+= --with-mit-threads @@ -16,6 +14,7 @@ CONFIGURE_ARGS+= --with-mit-threads CONFIGURE_ARGS+= --with-libwrap CONFIGURE_ARGS+= --without-berkeley-db +USE_BUILDLINK2= YES # platforms on which included mit-pthreads is usable ONLY_FOR_PLATFORM= NetBSD-*-alpha NetBSD-*-arm32 NetBSD-*-i386 \ @@ -43,5 +42,6 @@ post-install: ${INSTALL_MAN} ${WRKSRC}/man/safe_mysqld.1 ${PREFIX}/man/man1 PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} POST-INSTALL +.include "../../databases/mysql-client/buildlink2.mk" .include "../../security/tcp_wrappers/buildlink2.mk" .include "../../mk/bsd.pkg.mk" diff --git a/databases/mysql-server/distinfo b/databases/mysql-server/distinfo index 4394bf153f8..98c6a97efca 100644 --- a/databases/mysql-server/distinfo +++ b/databases/mysql-server/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2002/06/03 14:08:27 tron Exp $ +$NetBSD: distinfo,v 1.17 2002/12/13 14:19:54 tron Exp $ SHA1 (mysql-3.23.49.tar.gz) = 0256331c7aa9388955148f80cdca382f467ad1be Size (mysql-3.23.49.tar.gz) = 11844905 bytes @@ -12,3 +12,4 @@ SHA1 (patch-ag) = 75634ff5c9ee61ff3ef61b1d9a4be4afc65e8754 SHA1 (patch-ah) = 7cd4278c9bdc5220de04f7e6b62bb8d11c892ffb SHA1 (patch-ai) = 071e34cc9236b08cdc438afbb46801e66efc7e92 SHA1 (patch-aj) = 2e619c6f16a1256174fd3e6e4bca3214679a9347 +SHA1 (patch-ak) = f484f0bd5b77e0475c7b693b51f5f5146795afa0 diff --git a/databases/mysql-server/patches/patch-ak b/databases/mysql-server/patches/patch-ak new file mode 100644 index 00000000000..05d0975af63 --- /dev/null +++ b/databases/mysql-server/patches/patch-ak @@ -0,0 +1,24 @@ +$NetBSD: patch-ak,v 1.5 2002/12/13 14:19:55 tron Exp $ + +--- sql/sql_parse.cc.orig Thu Feb 14 18:30:14 2002 ++++ sql/sql_parse.cc Fri Dec 13 14:46:28 2002 +@@ -105,6 +105,8 @@ + NET *net= &thd->net; + thd->db=0; + ++ if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH) ++ return 1; + if (!(thd->user = my_strdup(user, MYF(0)))) + { + send_error(net,ER_OUT_OF_RESOURCES); +@@ -764,8 +766,8 @@ + thread_safe_increment(com_other,&LOCK_thread_count); + slow_command = TRUE; + char* data = packet + 1; +- uint db_len = *data; +- uint tbl_len = *(data + db_len + 1); ++ uint db_len = *(uchar *)*data; ++ uint tbl_len = *(uchar *)(data + db_len + 1); + char* db = sql_alloc(db_len + tbl_len + 2); + memcpy(db, data + 1, db_len); + char* tbl_name = db + db_len; |