From 31ce0dd55d989a737c16172d1ddb6c49507ae7d5 Mon Sep 17 00:00:00 2001 From: tron Date: Mon, 17 Apr 2006 11:21:41 +0000 Subject: Add fix for CAN-2006-0903 taken from MySQL bug #17667. Bump package revision because of this security fix. --- databases/mysql5-server/Makefile | 4 ++-- databases/mysql5-server/distinfo | 3 ++- databases/mysql5-server/patches/patch-ao | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 databases/mysql5-server/patches/patch-ao diff --git a/databases/mysql5-server/Makefile b/databases/mysql5-server/Makefile index f3a3db35964..f39ee2b601d 100644 --- a/databases/mysql5-server/Makefile +++ b/databases/mysql5-server/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.10 2006/04/13 11:19:25 xtraeme Exp $ +# $NetBSD: Makefile,v 1.11 2006/04/17 11:21:41 tron Exp $ PKGNAME= ${DISTNAME:S/-/-server-/} -#PKGREVISION= 1 +PKGREVISION= 1 SVR4_PKGNAME= mysqs COMMENT= MySQL 5, a free SQL database (server) diff --git a/databases/mysql5-server/distinfo b/databases/mysql5-server/distinfo index 3cacbfa3e6e..9a090314b2b 100644 --- a/databases/mysql5-server/distinfo +++ b/databases/mysql5-server/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.5 2006/04/13 11:19:25 xtraeme Exp $ +$NetBSD: distinfo,v 1.6 2006/04/17 11:21:41 tron Exp $ SHA1 (mysql-5.0.20.tar.gz) = b66fd7821d6cb5f3150f703e90d64697a770a165 RMD160 (mysql-5.0.20.tar.gz) = f7daabd98124b88c021b314ac23c25d09597e573 @@ -16,3 +16,4 @@ SHA1 (patch-aj) = 07e4016a0629b7737ad4956962c15e97ddcc6f5d SHA1 (patch-ak) = 516460b0aa9f641d74f83c5514f258a980033e41 SHA1 (patch-al) = b2f76b2d4e6aca649f975eba0f9c18316d4d4c17 SHA1 (patch-am) = 999bb2dbca518a7e19a96b53678de35c0b227434 +SHA1 (patch-ao) = c6c56cbff6fbb7ff809b9b544c28ea28fcd18517 diff --git a/databases/mysql5-server/patches/patch-ao b/databases/mysql5-server/patches/patch-ao new file mode 100644 index 00000000000..ce93f87d60d --- /dev/null +++ b/databases/mysql5-server/patches/patch-ao @@ -0,0 +1,14 @@ +$NetBSD: patch-ao,v 1.1 2006/04/17 11:21:41 tron Exp $ + +--- sql/sql_lex.cc.orig 2006-03-31 18:10:45.000000000 +0100 ++++ sql/sql_lex.cc 2006-04-17 12:09:26.000000000 +0100 +@@ -960,6 +960,9 @@ + while (lex->ptr != lex->end_of_query && + ((c=yyGet()) != '*' || yyPeek() != '/')) + { ++ if (c == '\0') ++ return(ABORT_SYM); // NULLs illegal even in comments ++ + if (c == '\n') + lex->yylineno++; + } -- cgit v1.2.3