summaryrefslogtreecommitdiff
path: root/databases/mysql5-server
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2009-07-19 13:50:20 +0000
committertron <tron@pkgsrc.org>2009-07-19 13:50:20 +0000
commitb77629c0ea33cd393d2d60d427f4dd0257179418 (patch)
treeaa0e938ac79035752062b9cc9e849d20a2a5076d /databases/mysql5-server
parente5c0911e7623d037423c58a516390cd3ecc7d94f (diff)
downloadpkgsrc-b77629c0ea33cd393d2d60d427f4dd0257179418.tar.gz
Add a patch for CVE-2009-2446 based on the description in the report.
Diffstat (limited to 'databases/mysql5-server')
-rw-r--r--databases/mysql5-server/Makefile4
-rw-r--r--databases/mysql5-server/distinfo3
-rw-r--r--databases/mysql5-server/patches/patch-ac24
3 files changed, 28 insertions, 3 deletions
diff --git a/databases/mysql5-server/Makefile b/databases/mysql5-server/Makefile
index 9b1ada4e575..911eef9623c 100644
--- a/databases/mysql5-server/Makefile
+++ b/databases/mysql5-server/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2009/05/20 00:58:11 wiz Exp $
+# $NetBSD: Makefile,v 1.28 2009/07/19 13:50:20 tron Exp $
PKGNAME= ${DISTNAME:S/-/-server-/}
-PKGREVISION= 2
+PKGREVISION= 3
SVR4_PKGNAME= mysqs
COMMENT= MySQL 5, a free SQL database (server)
diff --git a/databases/mysql5-server/distinfo b/databases/mysql5-server/distinfo
index 04add88f36f..47b693fe708 100644
--- a/databases/mysql5-server/distinfo
+++ b/databases/mysql5-server/distinfo
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.21 2008/09/18 11:51:37 taca Exp $
+$NetBSD: distinfo,v 1.22 2009/07/19 13:50:20 tron Exp $
SHA1 (mysql-5.0.67.tar.gz) = 168090a4698a3a5efa2f2c9380a4352d4433d377
RMD160 (mysql-5.0.67.tar.gz) = 05d38a5f8d91cb4dac1ee446af96b28163bd3722
Size (mysql-5.0.67.tar.gz) = 28370810 bytes
SHA1 (patch-aa) = 913ffbbd5ce8496f412d30515fb5ecef23854023
SHA1 (patch-ab) = 7d3ff56e929f93b4843d62014a3f5f37cc1e84bc
+SHA1 (patch-ac) = e35a56fd1cae5c471d51b52b2949406be891580c
SHA1 (patch-ad) = b3246e3b2a666dffb72830c3ca30050a1e1263ca
SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71
SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec
diff --git a/databases/mysql5-server/patches/patch-ac b/databases/mysql5-server/patches/patch-ac
new file mode 100644
index 00000000000..012071f7e21
--- /dev/null
+++ b/databases/mysql5-server/patches/patch-ac
@@ -0,0 +1,24 @@
+$NetBSD: patch-ac,v 1.8 2009/07/19 13:50:20 tron Exp $
+
+Patch for CVE-2009-2446.
+
+--- libmysqld/sql_parse.cc.orig 2008-08-04 13:20:10.000000000 +0100
++++ libmysqld/sql_parse.cc 2009-07-19 14:07:08.000000000 +0100
+@@ -2028,7 +2028,7 @@
+ }
+ if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
+ break;
+- mysql_log.write(thd,command,packet);
++ mysql_log.write(thd,command,"%s",packet);
+ bzero(&create_info, sizeof(create_info));
+ mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
+ &create_info, 0);
+@@ -2053,7 +2053,7 @@
+ ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
+ break;
+ }
+- mysql_log.write(thd,command,db);
++ mysql_log.write(thd,command,"%s",db);
+ mysql_rm_db(thd, db, 0, 0);
+ break;
+ }
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-11 20:30:54 +0000