SECURITY patches for bugs #64884 and #59387.

-> fixes a nasty issue where one could get access using any password by repeating connection attempts from Brad (maintainer)
2012-05-04 07:57:17 +00:00 · 2012-05-04 07:57:17 +00:00 · 15d74a765d
commit 15d74a765d
parent c2fc70e565
3 changed files with 42 additions and 3 deletions
--- a/databases/mysql/Makefile
+++ b/databases/mysql/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.204 2012/04/28 11:06:12 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.205 2012/05/04 07:57:17 ajacoutot Exp $

 SHARED_ONLY=	Yes

@ -15,8 +15,8 @@ CATEGORIES=	databases
 V=		MySQL-5.1
 MASTER_SITES=	${MASTER_SITE_MYSQL:=Downloads/$V/}

-REVISION-main=	0
-REVISION-server=0
+REVISION-main=	1
+REVISION-server=1

 SHARED_LIBS=	mysqlclient_r	21.0 \
 		mysqlclient	21.0
--- a/databases/mysql/patches/patch-sql_password_c
+++ b/databases/mysql/patches/patch-sql_password_c
@ -0,0 +1,15 @@
+$OpenBSD: patch-sql_password_c,v 1.1 2012/05/04 07:57:18 ajacoutot Exp $
+
+Fix for security issue. Bug #64884.
+
+--- sql/password.c.orig	Thu May  3 16:26:33 2012
+++ sql/password.c	Thu May  3 16:27:59 2012
+@@ -531,7 +531,7 @@ check_scramble(const char *scramble_arg, const char *m
+   mysql_sha1_reset(&sha1_context);
+   mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
+   mysql_sha1_result(&sha1_context, hash_stage2_reassured);
+-  return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE);
+  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
+ }
+ 
+ 
--- a/databases/mysql/patches/patch-sql_sql_select_cc
+++ b/databases/mysql/patches/patch-sql_sql_select_cc
@ -0,0 +1,24 @@
+$OpenBSD: patch-sql_sql_select_cc,v 1.1 2012/05/04 07:57:18 ajacoutot Exp $
+
+Fix for security issue. Bug #59387.
+
+--- sql/sql_select.cc.orig	Thu May  3 16:30:53 2012
+++ sql/sql_select.cc	Thu May  3 16:32:26 2012
+@@ -5781,7 +5781,7 @@ static bool create_ref_for_key(JOIN *join, JOIN_TAB *j
+     */
+     do
+     {
+-      if (!(~used_tables & keyuse->used_tables))
+      if (!(~used_tables & (keyuse->used_tables & ~OUTER_REF_TABLE_BIT)))
+       {
+ 	if (keyparts == keyuse->keypart &&
+ 	    !(found_part_ref_or_null & keyuse->optimize))
+@@ -5834,7 +5834,7 @@ static bool create_ref_for_key(JOIN *join, JOIN_TAB *j
+     for (i=0 ; i < keyparts ; keyuse++,i++)
+     {
+       while (keyuse->keypart != i ||
+-	     ((~used_tables) & keyuse->used_tables))
+	     ((~used_tables) & (keyuse->used_tables & ~OUTER_REF_TABLE_BIT)))
+ 	keyuse++;				/* Skip other parts */
+ 
+       uint maybe_null= test(keyinfo->key_part[i].null_bit);