diff options
author | tron <tron> | 2008-07-01 09:22:59 +0000 |
---|---|---|
committer | tron <tron> | 2008-07-01 09:22:59 +0000 |
commit | c08a5463123bfdb3f020ca9b38a4fea1456b09cf (patch) | |
tree | 352d8ed33615b9cc8763f81963bf4c7d62c7aa83 /databases/mysql5-server | |
parent | 8f91a5189035f164b4fbde00e46d9e39087910e9 (diff) | |
download | pkgsrc-c08a5463123bfdb3f020ca9b38a4fea1456b09cf.tar.gz |
Add patch from <http://lists.mysql.com/commits/43206> to fix the
security vulnerability reported in CVE-2008-2079.
Diffstat (limited to 'databases/mysql5-server')
-rw-r--r-- | databases/mysql5-server/Makefile | 3 | ||||
-rw-r--r-- | databases/mysql5-server/distinfo | 6 | ||||
-rw-r--r-- | databases/mysql5-server/patches/patch-ad | 28 | ||||
-rw-r--r-- | databases/mysql5-server/patches/patch-da | 12 | ||||
-rw-r--r-- | databases/mysql5-server/patches/patch-db | 85 |
5 files changed, 126 insertions, 8 deletions
diff --git a/databases/mysql5-server/Makefile b/databases/mysql5-server/Makefile index ec423fd4519..7736afe5097 100644 --- a/databases/mysql5-server/Makefile +++ b/databases/mysql5-server/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.23 2008/06/30 12:01:47 martti Exp $ +# $NetBSD: Makefile,v 1.24 2008/07/01 09:22:59 tron Exp $ PKGNAME= ${DISTNAME:S/-/-server-/} +PKGREVISION= 1 SVR4_PKGNAME= mysqs COMMENT= MySQL 5, a free SQL database (server) diff --git a/databases/mysql5-server/distinfo b/databases/mysql5-server/distinfo index 6e5d9643a79..16d2eb3becc 100644 --- a/databases/mysql5-server/distinfo +++ b/databases/mysql5-server/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.19 2008/06/30 12:01:47 martti Exp $ +$NetBSD: distinfo,v 1.20 2008/07/01 09:22:59 tron Exp $ SHA1 (mysql-5.0.51b.tar.gz) = 3884aed8e974fc397d1e86b0609a740a615dfd98 RMD160 (mysql-5.0.51b.tar.gz) = 759682caa7708f400abd4ea980fe7ebb29cfe99a Size (mysql-5.0.51b.tar.gz) = 27809240 bytes SHA1 (patch-aa) = 913ffbbd5ce8496f412d30515fb5ecef23854023 SHA1 (patch-ab) = 7d3ff56e929f93b4843d62014a3f5f37cc1e84bc -SHA1 (patch-ad) = 2956a12d9a5a053fd5dd380f856475242e8c1199 +SHA1 (patch-ad) = 85772311f995590e5202ca80068fee5274128145 SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71 SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec SHA1 (patch-ag) = 7c12975196f504c76954bfe92ffff0a98ba63019 @@ -20,3 +20,5 @@ SHA1 (patch-bf) = 87be24d45f0d3f48ea2b911025eb41696d088299 SHA1 (patch-ca) = 1548b047c0767bb0f32e3960218150fbc6c739b5 SHA1 (patch-cb) = 282ba93d296927236eaff690201e0139cdc8fbcb SHA1 (patch-cc) = ae90cc9787b9f29fcba6a1222e2973f296893bd4 +SHA1 (patch-da) = 7da363a87b84f0c2feb3f5f141a54f22a2b6749a +SHA1 (patch-db) = 6b9a94bd0ba6667a954bd2459b870e63ec72ecd0 diff --git a/databases/mysql5-server/patches/patch-ad b/databases/mysql5-server/patches/patch-ad index 59a5744ad6d..597f554facb 100644 --- a/databases/mysql5-server/patches/patch-ad +++ b/databases/mysql5-server/patches/patch-ad @@ -1,8 +1,8 @@ -$NetBSD: patch-ad,v 1.2 2007/03/11 18:42:49 adam Exp $ +$NetBSD: patch-ad,v 1.3 2008/07/01 09:22:59 tron Exp $ ---- sql/mysqld.cc.orig 2007-03-05 20:21:11.000000000 +0100 -+++ sql/mysqld.cc -@@ -171,7 +171,7 @@ static void getvolumeID(BYTE *volumeName +--- sql/mysqld.cc.orig 2007-11-15 14:06:16.000000000 +0000 ++++ sql/mysqld.cc 2008-06-30 15:54:35.000000000 +0100 +@@ -174,7 +174,7 @@ int initgroups(const char *,unsigned int); #endif @@ -11,7 +11,15 @@ $NetBSD: patch-ad,v 1.2 2007/03/11 18:42:49 adam Exp $ #include <ieeefp.h> #ifdef HAVE_FP_EXCEPT // Fix type conflict typedef fp_except fp_except_t; -@@ -3431,7 +3431,7 @@ int main(int argc, char **argv) +@@ -323,6 +323,7 @@ + static char *default_collation_name; + static char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME; + static char mysql_data_home_buff[2]; ++char mysql_unpacked_real_data_home[FN_REFLEN]; + static I_List<THD> thread_cache; + + #ifndef EMBEDDED_LIBRARY +@@ -3543,7 +3544,7 @@ init_ssl(); #ifdef HAVE_LIBWRAP @@ -20,3 +28,13 @@ $NetBSD: patch-ad,v 1.2 2007/03/11 18:42:49 adam Exp $ openlog(libwrapName, LOG_PID, LOG_AUTH); #endif +@@ -7565,6 +7566,9 @@ + pos[1]= 0; + } + convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS); ++ (void) fn_format(buff, mysql_real_data_home, "", "", ++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS)); ++ (void) unpack_dirname(mysql_unpacked_real_data_home, buff); + convert_dirname(language,language,NullS); + (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir + (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home); diff --git a/databases/mysql5-server/patches/patch-da b/databases/mysql5-server/patches/patch-da new file mode 100644 index 00000000000..5bf92d88808 --- /dev/null +++ b/databases/mysql5-server/patches/patch-da @@ -0,0 +1,12 @@ +$NetBSD: patch-da,v 1.1 2008/07/01 09:22:59 tron Exp $ + +--- sql/mysql_priv.h.orig 2008-06-30 16:02:02.000000000 +0100 ++++ sql/mysql_priv.h 2008-06-30 15:30:15.000000000 +0100 +@@ -1255,6 +1255,7 @@ + extern time_t server_start_time, flush_status_time; + extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH], + mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[], ++ mysql_unpacked_real_data_home[], + def_ft_boolean_syntax[sizeof(ft_boolean_syntax)]; + #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list)) + extern MY_TMPDIR mysql_tmpdir_list; diff --git a/databases/mysql5-server/patches/patch-db b/databases/mysql5-server/patches/patch-db new file mode 100644 index 00000000000..9e5a15f682b --- /dev/null +++ b/databases/mysql5-server/patches/patch-db @@ -0,0 +1,85 @@ +$NetBSD: patch-db,v 1.1 2008/07/01 09:22:59 tron Exp $ + +--- sql/sql_parse.cc.orig 2008-06-30 16:02:02.000000000 +0100 ++++ sql/sql_parse.cc 2008-06-30 15:56:34.000000000 +0100 +@@ -77,6 +77,8 @@ + const char *table_name); + static bool check_show_create_table_access(THD *thd, TABLE_LIST *table); + ++static bool test_if_data_home_dir(const char *dir); ++ + const char *any_db="*any*"; // Special symbol for check_access + + const char *command_name[]={ +@@ -3001,6 +3003,20 @@ + "INDEX DIRECTORY option ignored"); + create_info.data_file_name= create_info.index_file_name= NULL; + #else ++ ++ if (test_if_data_home_dir(lex->create_info.data_file_name)) ++ { ++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY"); ++ res= -1; ++ break; ++ } ++ if (test_if_data_home_dir(lex->create_info.index_file_name)) ++ { ++ my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY"); ++ res= -1; ++ break; ++ } ++ + /* Fix names if symlinked tables */ + if (append_file_to_dir(thd, &create_info.data_file_name, + create_table->table_name) || +@@ -7717,6 +7733,50 @@ + return new Item_func_not(expr); + } + ++ ++/* ++ Check if path does not contain mysql data home directory ++ ++ SYNOPSIS ++ test_if_data_home_dir() ++ dir directory ++ conv_home_dir converted data home directory ++ home_dir_len converted data home directory length ++ ++ RETURN VALUES ++ 0 ok ++ 1 error ++*/ ++ ++static bool test_if_data_home_dir(const char *dir) ++{ ++ char path[FN_REFLEN], conv_path[FN_REFLEN]; ++ uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home); ++ DBUG_ENTER("test_if_data_home_dir"); ++ ++ if (!dir) ++ DBUG_RETURN(0); ++ ++ (void) fn_format(path, dir, "", "", ++ (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS)); ++ dir_len= unpack_dirname(conv_path, dir); ++ ++ if (home_dir_len <= dir_len) ++ { ++ if (lower_case_file_system) ++ { ++ if (!my_strnncoll(default_charset_info, (const uchar*) conv_path, ++ home_dir_len, ++ (const uchar*) mysql_unpacked_real_data_home, ++ home_dir_len)) ++ DBUG_RETURN(1); ++ } ++ else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len)) ++ DBUG_RETURN(1); ++ } ++ DBUG_RETURN(0); ++} ++ + /* + Set the specified definer to the default value, which is the current user in + the thread. |