Pullup ticket 3139 - requested by taca security update Revisions pulled up: - pkgsrc/databases/mysql5-client/Makefile.common 1.39 - pkgsrc/databases/mysql5-client/buildlink3.mk 1.16 - pkgsrc/databases/mysql5-client/distinfo 1.29 - pkgsrc/databases/mysql5-server/distinfo 1.25 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: taca Date: Wed Jun 2 13:34:45 UTC 2010 Modified Files: pkgsrc/databases/mysql5-client: Makefile.common buildlink3.mk distinfo pkgsrc/databases/mysql5-server: distinfo Log Message: Update mysql5-{client,server} package to 5.0.91. For full changes, refer http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html. Here is security related changes. * Security Fix: The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST. In MySQL 5.0 and above, this allowed an authenticated user with SELECT privileges on one table to obtain the field definitions of any table in all other databases and potentially of other MySQL instances accessible from the server's file system. Additionally, for MySQL version 5.1 and above, an authenticated user with DELETE or SELECT privileges on one table could delete or read content from any other table in all databases on this server, and potentially of other MySQL instances accessible from the server's file system. (Bug#53371, CVE-2010-1848) * Security Fix: The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. (Bug#53237, CVE-2010-1850) * Security Fix: The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet. (Bug#50974, CVE-2010-1849) To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 pkgsrc/databases/mysql5-client/Makefile.common cvs rdiff -u -r1.15 -r1.16 pkgsrc/databases/mysql5-client/buildlink3.mk cvs rdiff -u -r1.28 -r1.29 pkgsrc/databases/mysql5-client/distinfo cvs rdiff -u -r1.24 -r1.25 pkgsrc/databases/mysql5-server/distinfodiff -r1.38 -r1.38.2.1 pkgsrc/databases/mysql5-client/Makefile.common
(spz)
@@ -1,22 +1,23 @@ | @@ -1,22 +1,23 @@ | |||
1 | # $NetBSD: Makefile.common,v 1.38 2010/02/18 15:46:10 taca Exp $ | 1 | # $NetBSD: Makefile.common,v 1.38.2.1 2010/06/06 11:32:35 spz Exp $ | |
2 | # | 2 | # | |
3 | # used by databases/mysql5-client/Makefile | 3 | # used by databases/mysql5-client/Makefile | |
4 | # used by databases/mysql5-server/Makefile | 4 | # used by databases/mysql5-server/Makefile | |
5 | # | 5 | # | |
6 | 6 | |||
7 | DISTNAME= mysql-5.0.90 | 7 | DISTNAME= mysql-5.0.91 | |
8 | CATEGORIES= databases | 8 | CATEGORIES= databases | |
9 | MASTER_SITES= ${MASTER_SITE_MYSQL:=MySQL-5.0/} | 9 | MASTER_SITES= http://downloads.mysql.com/archives/mysql-5.0/ \ | |
10 | ${MASTER_SITE_MYSQL:=MySQL-5.0/} | |||
10 | 11 | |||
11 | MAINTAINER= sketch@NetBSD.org | 12 | MAINTAINER= sketch@NetBSD.org | |
12 | HOMEPAGE= http://www.mysql.com/ | 13 | HOMEPAGE= http://www.mysql.com/ | |
13 | LICENSE= gnu-gpl-v2 | 14 | LICENSE= gnu-gpl-v2 | |
14 | 15 | |||
15 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes | |
16 | GNU_CONFIGURE= yes | 17 | GNU_CONFIGURE= yes | |
17 | 18 | |||
18 | .include "../../mk/bsd.prefs.mk" | 19 | .include "../../mk/bsd.prefs.mk" | |
19 | .include "options.mk" | 20 | .include "options.mk" | |
20 | 21 | |||
21 | EXTRACT_USING= bsdtar | 22 | EXTRACT_USING= bsdtar | |
22 | 23 |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: buildlink3.mk,v 1.15 2010/02/18 15:46:10 taca Exp $ | 1 | # $NetBSD: buildlink3.mk,v 1.15.2.1 2010/06/06 11:32:35 spz Exp $ | |
2 | 2 | |||
3 | BUILDLINK_TREE+= mysql-client | 3 | BUILDLINK_TREE+= mysql-client | |
4 | 4 | |||
5 | .if !defined(MYSQL_CLIENT_BUILDLINK3_MK) | 5 | .if !defined(MYSQL_CLIENT_BUILDLINK3_MK) | |
6 | MYSQL_CLIENT_BUILDLINK3_MK:= | 6 | MYSQL_CLIENT_BUILDLINK3_MK:= | |
7 | 7 | |||
8 | BUILDLINK_API_DEPENDS.mysql-client+= mysql-client>=5.0.15 | 8 | BUILDLINK_API_DEPENDS.mysql-client+= mysql-client>=5.0.15 | |
9 | BUILDLINK_ABI_DEPENDS.mysql-client+= mysql-client>=5.0.90 | 9 | BUILDLINK_ABI_DEPENDS.mysql-client+= mysql-client>=5.0.91 | |
10 | BUILDLINK_PKGSRCDIR.mysql-client?= ../../databases/mysql5-client | 10 | BUILDLINK_PKGSRCDIR.mysql-client?= ../../databases/mysql5-client | |
11 | BUILDLINK_LIBDIRS.mysql-client?= lib/mysql | 11 | BUILDLINK_LIBDIRS.mysql-client?= lib/mysql | |
12 | BUILDLINK_INCDIRS.mysql-client?= include/mysql | 12 | BUILDLINK_INCDIRS.mysql-client?= include/mysql | |
13 | 13 | |||
14 | .include "../../security/openssl/buildlink3.mk" | 14 | .include "../../security/openssl/buildlink3.mk" | |
15 | .include "../../devel/zlib/buildlink3.mk" | 15 | .include "../../devel/zlib/buildlink3.mk" | |
16 | .endif # MYSQL_CLIENT_BUILDLINK3_MK | 16 | .endif # MYSQL_CLIENT_BUILDLINK3_MK | |
17 | 17 | |||
18 | BUILDLINK_TREE+= -mysql-client | 18 | BUILDLINK_TREE+= -mysql-client |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.28 2010/02/18 15:46:10 taca Exp $ | 1 | $NetBSD: distinfo,v 1.28.2.1 2010/06/06 11:32:35 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (mysql-5.0.90.tar.gz) = c637d0afed52de1e3326824afa954d1ffbcc7a2f | 3 | SHA1 (mysql-5.0.91.tar.gz) = 14a79138a1296ce6ebb681fceba622d870feba3e | |
4 | RMD160 (mysql-5.0.90.tar.gz) = 634655530100e5c00bfab9e2c498efa8c5208baf | 4 | RMD160 (mysql-5.0.91.tar.gz) = 3aaa638172f6916d3698c5421b24a01647f7e9db | |
5 | Size (mysql-5.0.90.tar.gz) = 22299626 bytes | 5 | Size (mysql-5.0.91.tar.gz) = 22340514 bytes | |
6 | SHA1 (patch-aa) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec | 6 | SHA1 (patch-aa) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec | |
7 | SHA1 (patch-ab) = ee8103143b47a428319fbc25cf2f9a69828c15f7 | 7 | SHA1 (patch-ab) = ee8103143b47a428319fbc25cf2f9a69828c15f7 | |
8 | SHA1 (patch-ac) = 66b6d0ffd3011df1dcf8f3be7f7300e975635d95 | 8 | SHA1 (patch-ac) = 66b6d0ffd3011df1dcf8f3be7f7300e975635d95 | |
9 | SHA1 (patch-ad) = 430b8ae2d13598eec90cfdc73d37d932dd97f217 | 9 | SHA1 (patch-ad) = 430b8ae2d13598eec90cfdc73d37d932dd97f217 | |
10 | SHA1 (patch-ae) = f19a31c810bbccdda48c647743a819fdf58b195f | 10 | SHA1 (patch-ae) = f19a31c810bbccdda48c647743a819fdf58b195f | |
11 | SHA1 (patch-af) = 9e3ebe7eb161c7ed27bf13f1fb4969ac923ae859 | 11 | SHA1 (patch-af) = 9e3ebe7eb161c7ed27bf13f1fb4969ac923ae859 | |
12 | SHA1 (patch-ag) = dea43cde5695c04b1b9a9e919828d97d3e049c08 | 12 | SHA1 (patch-ag) = dea43cde5695c04b1b9a9e919828d97d3e049c08 | |
13 | SHA1 (patch-ah) = 18f9bb2c6d9b88d04b9ade6177212ab2ed21b4d7 | 13 | SHA1 (patch-ah) = 18f9bb2c6d9b88d04b9ade6177212ab2ed21b4d7 | |
14 | SHA1 (patch-ai) = 317c20011478c631b7d150bf84e82c9c5fbb0a76 | 14 | SHA1 (patch-ai) = 317c20011478c631b7d150bf84e82c9c5fbb0a76 | |
15 | SHA1 (patch-aj) = d3618dba74d97223e108b8b4a4ef2b5498d1c9b5 | 15 | SHA1 (patch-aj) = d3618dba74d97223e108b8b4a4ef2b5498d1c9b5 | |
16 | SHA1 (patch-al) = e028251a147246a2aa18ec6185bb2b160727a7f0 | 16 | SHA1 (patch-al) = e028251a147246a2aa18ec6185bb2b160727a7f0 | |
17 | SHA1 (patch-am) = 7fc6533477e6a0e826765106dd8d1b27cbc5695e | 17 | SHA1 (patch-am) = 7fc6533477e6a0e826765106dd8d1b27cbc5695e | |
18 | SHA1 (patch-an) = 49d1c45e549c7f39a2830401621458f9a5eb46bc | 18 | SHA1 (patch-an) = 49d1c45e549c7f39a2830401621458f9a5eb46bc |
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | $NetBSD: distinfo,v 1.24 2010/02/18 15:46:10 taca Exp $ | 1 | $NetBSD: distinfo,v 1.24.2.1 2010/06/06 11:32:35 spz Exp $ | |
2 | 2 | |||
3 | SHA1 (mysql-5.0.90.tar.gz) = c637d0afed52de1e3326824afa954d1ffbcc7a2f | 3 | SHA1 (mysql-5.0.91.tar.gz) = 14a79138a1296ce6ebb681fceba622d870feba3e | |
4 | RMD160 (mysql-5.0.90.tar.gz) = 634655530100e5c00bfab9e2c498efa8c5208baf | 4 | RMD160 (mysql-5.0.91.tar.gz) = 3aaa638172f6916d3698c5421b24a01647f7e9db | |
5 | Size (mysql-5.0.90.tar.gz) = 22299626 bytes | 5 | Size (mysql-5.0.91.tar.gz) = 22340514 bytes | |
6 | SHA1 (patch-aa) = f52745512abfb2c2d43715975f76c2f454ed93e5 | 6 | SHA1 (patch-aa) = f52745512abfb2c2d43715975f76c2f454ed93e5 | |
7 | SHA1 (patch-ab) = 7c51a0214c3e6205605047c72b07eac6792600db | 7 | SHA1 (patch-ab) = 7c51a0214c3e6205605047c72b07eac6792600db | |
8 | SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71 | 8 | SHA1 (patch-ae) = dc67ad03f9ea370b17a45f73e974013e0ac48d71 | |
9 | SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec | 9 | SHA1 (patch-af) = 256de04aefd067ac7bdf8a6d1d817723efa6c6ec | |
10 | SHA1 (patch-ag) = abc6b85dd7d72b980f0768166eb77618d50e5102 | 10 | SHA1 (patch-ag) = abc6b85dd7d72b980f0768166eb77618d50e5102 | |
11 | SHA1 (patch-ah) = 822f1f0eace49ff44f03e708056b88e480443c15 | 11 | SHA1 (patch-ah) = 822f1f0eace49ff44f03e708056b88e480443c15 | |
12 | SHA1 (patch-ai) = 56d3f66a903224b8d27213480e7ea3e485e52f1d | 12 | SHA1 (patch-ai) = 56d3f66a903224b8d27213480e7ea3e485e52f1d | |
13 | SHA1 (patch-aj) = b8516c18b1c2be5b3492ece583e9b8a85b89331a | 13 | SHA1 (patch-aj) = b8516c18b1c2be5b3492ece583e9b8a85b89331a | |
14 | SHA1 (patch-ak) = 27698a132b42519e267dda0584a75eae1b74edea | 14 | SHA1 (patch-ak) = 27698a132b42519e267dda0584a75eae1b74edea | |
15 | SHA1 (patch-al) = a8232565e70d199b77e044152dee3df52564724b | 15 | SHA1 (patch-al) = a8232565e70d199b77e044152dee3df52564724b | |
16 | SHA1 (patch-am) = cc551d150c5b0adee8906d428b87bdc88ea47a05 | 16 | SHA1 (patch-am) = cc551d150c5b0adee8906d428b87bdc88ea47a05 | |
17 | SHA1 (patch-an) = 1f7ede981f2e7a846f49a5cfd443051acf9f3a02 | 17 | SHA1 (patch-an) = 1f7ede981f2e7a846f49a5cfd443051acf9f3a02 | |
18 | SHA1 (patch-ap) = 70049d00e30d89201dd8d9fc0ace4e6edfcffae7 | 18 | SHA1 (patch-ap) = 70049d00e30d89201dd8d9fc0ace4e6edfcffae7 |