From 3449d849a6c955aa7a08d609688faa21e1756422 Mon Sep 17 00:00:00 2001 From: sthen Date: Sun, 28 Dec 2008 19:45:17 +0000 Subject: [PATCH] SECURITY (CVE-2008-2079) and bug fix update to 5.0.75. http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html from Brad (maintainer). --- databases/mysql/Makefile | 4 +- databases/mysql/distinfo | 10 ++-- databases/mysql/patches/patch-configure_in | 49 +++++++++---------- .../patches/patch-mysql-test_Makefile_in | 8 +-- .../mysql/patches/patch-scripts_Makefile_in | 8 +-- databases/mysql/patches/patch-sql_mysqld_cc | 8 +-- databases/mysql/pkg/PLIST-main | 4 +- databases/mysql/pkg/PLIST-tests | 19 ++++++- 8 files changed, 59 insertions(+), 51 deletions(-) diff --git a/databases/mysql/Makefile b/databases/mysql/Makefile index 1da4d6f3aaa..cfc8c4713ee 100644 --- a/databases/mysql/Makefile +++ b/databases/mysql/Makefile @@ -1,10 +1,10 @@ -# $OpenBSD: Makefile,v 1.144 2008/09/17 13:54:54 ajacoutot Exp $ +# $OpenBSD: Makefile,v 1.145 2008/12/28 19:45:17 sthen Exp $ COMMENT-main= multithreaded SQL database (client) COMMENT-server= multithreaded SQL database (server) COMMENT-tests= multithreaded SQL database (regression test suite) -VERSION= 5.0.67 +VERSION= 5.0.75 DISTNAME= mysql-${VERSION} PKGNAME-main= mysql-client-${VERSION} PKGNAME-server= mysql-server-${VERSION} diff --git a/databases/mysql/distinfo b/databases/mysql/distinfo index 147091c79bf..ecd5e1144df 100644 --- a/databases/mysql/distinfo +++ b/databases/mysql/distinfo @@ -1,5 +1,5 @@ -MD5 (mysql-5.0.67.tar.gz) = cWRIOl/7j3qlm3YcE829bg== -RMD160 (mysql-5.0.67.tar.gz) = BdOKX42Ry02sHuRGr5aygWO9NyI= -SHA1 (mysql-5.0.67.tar.gz) = FoCQpGmKOl76LyyTgKQ1LUQz03c= -SHA256 (mysql-5.0.67.tar.gz) = e2TmCYSf9k8vy4KityiD95rciT6fb8DTVGXvfZdUIFg= -SIZE (mysql-5.0.67.tar.gz) = 28370810 +MD5 (mysql-5.0.75.tar.gz) = ojTwpgp/jCkNmHXLo6LFog== +RMD160 (mysql-5.0.75.tar.gz) = swRLfxjyeitVkz9/wILentlNC7k= +SHA1 (mysql-5.0.75.tar.gz) = neroWmq/eRPwXYnbS3RayyUSv3g= +SHA256 (mysql-5.0.75.tar.gz) = wJhdqYghfohFbDnSqy8k2AL16l8qMZDcABFEdVC9wrk= +SIZE (mysql-5.0.75.tar.gz) = 32514150 diff --git a/databases/mysql/patches/patch-configure_in b/databases/mysql/patches/patch-configure_in index 1bb365c9a01..2e9edfd7e20 100644 --- a/databases/mysql/patches/patch-configure_in +++ b/databases/mysql/patches/patch-configure_in @@ -1,58 +1,53 @@ -$OpenBSD: patch-configure_in,v 1.24 2008/08/24 08:40:03 brad Exp $ ---- configure.in.orig Mon Aug 4 08:19:07 2008 -+++ configure.in Fri Aug 8 17:21:01 2008 -@@ -504,48 +504,11 @@ then - fi - AC_SUBST(ICHECK) - --# Lock for PS -+# Look for PS +$OpenBSD: patch-configure_in,v 1.25 2008/12/28 19:45:17 sthen Exp $ +--- configure.in.orig Thu Dec 18 12:19:33 2008 ++++ configure.in Mon Dec 22 02:30:13 2008 +@@ -514,44 +514,7 @@ AC_SUBST(ICHECK) AC_PATH_PROG(PS, ps, ps) AC_MSG_CHECKING("how to check if pid exists") PS=$ac_cv_path_PS -# Linux style --if $PS p $$ 2> /dev/null | grep `echo $0 | sed s/\-//` > /dev/null +-if $PS wwwp $$ 2> /dev/null | grep -- "$0" > /dev/null -then -- FIND_PROC="$PS p \$\$PID | grep -v grep | grep \$\$MYSQLD > /dev/null" +- FIND_PROC="$PS wwwp \$\$PID | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" > /dev/null" -# Solaris --elif $PS -fp $$ 2> /dev/null | grep $0 > /dev/null +-elif $PS -fp $$ 2> /dev/null | grep -- $0 > /dev/null -then -- FIND_PROC="$PS -p \$\$PID | grep -v grep | grep \$\$MYSQLD > /dev/null" +- FIND_PROC="$PS -p \$\$PID | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" > /dev/null" -# BSD style --elif $PS -uaxww 2> /dev/null | grep $0 > /dev/null +-elif $PS -uaxww 2> /dev/null | grep -- $0 > /dev/null -then -- FIND_PROC="$PS -uaxww | grep -v grep | grep \$\$MYSQLD | grep \" \$\$PID \" > /dev/null" +- FIND_PROC="$PS -uaxww | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" | grep \" \$\$PID \" > /dev/null" -# SysV style --elif $PS -ef 2> /dev/null | grep $0 > /dev/null +-elif $PS -ef 2> /dev/null | grep -- $0 > /dev/null -then -- FIND_PROC="$PS -ef | grep -v grep | grep \$\$MYSQLD | grep \" \$\$PID \" > /dev/null" +- FIND_PROC="$PS -ef | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" | grep \" \$\$PID \" > /dev/null" -# Do anybody use this? --elif $PS $$ 2> /dev/null | grep $0 > /dev/null +-elif $PS $$ 2> /dev/null | grep -- $0 > /dev/null -then -- FIND_PROC="$PS \$\$PID | grep -v grep | grep \$\$MYSQLD > /dev/null" +- FIND_PROC="$PS \$\$PID | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" > /dev/null" -else - case $SYSTEM_TYPE in - *freebsd*|*dragonfly*) -- FIND_PROC="$PS p \$\$PID | grep -v grep | grep \$\$MYSQLD > /dev/null" +- FIND_PROC="$PS p \$\$PID | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" > /dev/null" - ;; - *darwin*) -- FIND_PROC="$PS -uaxww | grep -v grep | grep \$\$MYSQLD | grep \" \$\$PID \" > /dev/null" +- FIND_PROC="$PS -uaxww | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" | grep \" \$\$PID \" > /dev/null" - ;; - *cygwin*) -- FIND_PROC="$PS -e | grep -v grep | grep \$\$MYSQLD | grep \" \$\$PID \" > /dev/null" +- FIND_PROC="$PS -e | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" | grep \" \$\$PID \" > /dev/null" - ;; - *netware*) - FIND_PROC= - ;; - *) -- AC_MSG_ERROR([Could not find the right ps switches. Which OS is this ?. See the Installation chapter in the Reference Manual.]) +- AC_MSG_ERROR([Could not find the right ps and/or grep switches. Which OS is this? See the Installation chapter in the Reference Manual.]) - esac -fi -+FIND_PROC="$PS -uaxww | grep -v grep | grep \$\$MYSQLD | grep \" \$\$PID \" > /dev/null" ++FIND_PROC="$PS -uaxww | grep -v \" grep\" | grep -v mysqld_safe | grep -- \"\$\$MYSQLD\" | grep \" \$\$PID \" > /dev/null" AC_SUBST(FIND_PROC) AC_MSG_RESULT("$FIND_PROC") -@@ -907,7 +870,8 @@ AC_ARG_WITH(libwrap, +@@ -913,7 +876,8 @@ AC_ARG_WITH(libwrap, AC_CHECK_HEADER(tcpd.h, LIBS="-lwrap $LIBS" AC_MSG_CHECKING(for TCP wrappers library -lwrap) @@ -62,7 +57,7 @@ $OpenBSD: patch-configure_in,v 1.24 2008/08/24 08:40:03 brad Exp $ int allow_severity = 0; int deny_severity = 0; -@@ -1675,7 +1639,7 @@ then +@@ -1681,7 +1645,7 @@ then AC_CHECK_LIB(c_r,strtok_r) case "$with_osf32_threads---$target_os" in # Don't keep -lc_r in LIBS; -pthread handles it magically @@ -71,7 +66,7 @@ $OpenBSD: patch-configure_in,v 1.24 2008/08/24 08:40:03 brad Exp $ esac AC_CHECK_FUNCS(strtok_r pthread_init) -@@ -1723,29 +1687,6 @@ case $SYSTEM_TYPE in +@@ -1729,29 +1693,6 @@ case $SYSTEM_TYPE in AC_SYS_RESTARTABLE_SYSCALLS ;; esac diff --git a/databases/mysql/patches/patch-mysql-test_Makefile_in b/databases/mysql/patches/patch-mysql-test_Makefile_in index 3ddcdf3ffe2..ac9da880854 100644 --- a/databases/mysql/patches/patch-mysql-test_Makefile_in +++ b/databases/mysql/patches/patch-mysql-test_Makefile_in @@ -1,7 +1,7 @@ -$OpenBSD: patch-mysql-test_Makefile_in,v 1.17 2008/08/24 08:40:03 brad Exp $ ---- mysql-test/Makefile.in.orig Mon Aug 4 08:22:09 2008 -+++ mysql-test/Makefile.in Fri Aug 8 17:21:01 2008 -@@ -370,7 +370,7 @@ zlib_dir = @zlib_dir@ +$OpenBSD: patch-mysql-test_Makefile_in,v 1.18 2008/12/28 19:45:17 sthen Exp $ +--- mysql-test/Makefile.in.orig Thu Dec 18 12:22:14 2008 ++++ mysql-test/Makefile.in Mon Dec 22 02:18:45 2008 +@@ -372,7 +372,7 @@ zlib_dir = @zlib_dir@ @HAVE_NDBCLUSTER_DB_TRUE@DIST_SUBDIRS = ndb @HAVE_NDBCLUSTER_DB_FALSE@USE_NDBCLUSTER = \"\" @HAVE_NDBCLUSTER_DB_TRUE@USE_NDBCLUSTER = \"--ndbcluster\" diff --git a/databases/mysql/patches/patch-scripts_Makefile_in b/databases/mysql/patches/patch-scripts_Makefile_in index 5a63c2a1739..45f4afe0fae 100644 --- a/databases/mysql/patches/patch-scripts_Makefile_in +++ b/databases/mysql/patches/patch-scripts_Makefile_in @@ -1,7 +1,7 @@ -$OpenBSD: patch-scripts_Makefile_in,v 1.10 2008/08/24 08:40:03 brad Exp $ ---- scripts/Makefile.in.orig Mon Aug 4 08:22:27 2008 -+++ scripts/Makefile.in Fri Aug 8 17:21:01 2008 -@@ -793,6 +793,7 @@ mysql_fix_privilege_tables_sql.c: comp_sql.c mysql_fix +$OpenBSD: patch-scripts_Makefile_in,v 1.11 2008/12/28 19:45:17 sthen Exp $ +--- scripts/Makefile.in.orig Thu Dec 18 12:22:32 2008 ++++ scripts/Makefile.in Mon Dec 22 02:18:46 2008 +@@ -795,6 +795,7 @@ mysql_fix_privilege_tables_sql.c: comp_sql.c mysql_fix -e 's!@''datadir''@!$(datadir)!g' \ -e 's!@''localstatedir''@!$(localstatedir)!g' \ -e 's!@''libexecdir''@!$(libexecdir)!g' \ diff --git a/databases/mysql/patches/patch-sql_mysqld_cc b/databases/mysql/patches/patch-sql_mysqld_cc index 20645c55e90..09c24333413 100644 --- a/databases/mysql/patches/patch-sql_mysqld_cc +++ b/databases/mysql/patches/patch-sql_mysqld_cc @@ -1,7 +1,7 @@ -$OpenBSD: patch-sql_mysqld_cc,v 1.11 2008/08/24 08:40:03 brad Exp $ ---- sql/mysqld.cc.orig Mon Aug 4 08:20:07 2008 -+++ sql/mysqld.cc Fri Aug 8 17:21:02 2008 -@@ -3705,7 +3705,7 @@ int main(int argc, char **argv) +$OpenBSD: patch-sql_mysqld_cc,v 1.12 2008/12/28 19:45:17 sthen Exp $ +--- sql/mysqld.cc.orig Thu Dec 18 12:20:14 2008 ++++ sql/mysqld.cc Mon Dec 22 02:18:46 2008 +@@ -3708,7 +3708,7 @@ int main(int argc, char **argv) init_ssl(); #ifdef HAVE_LIBWRAP diff --git a/databases/mysql/pkg/PLIST-main b/databases/mysql/pkg/PLIST-main index 9b0d207ee8e..929152fa564 100644 --- a/databases/mysql/pkg/PLIST-main +++ b/databases/mysql/pkg/PLIST-main @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST-main,v 1.6 2008/08/24 08:40:03 brad Exp $ +@comment $OpenBSD: PLIST-main,v 1.7 2008/12/28 19:45:17 sthen Exp $ @pkgpath databases/mysql @bin bin/mysql @bin bin/mysql_client_test @@ -63,7 +63,5 @@ lib/mysql/libmysqlclient_r.la @man man/man1/mysqldump.1 @man man/man1/mysqlimport.1 @man man/man1/mysqlman.1 -@man man/man1/mysqlmanager-pwgen.1 -@man man/man1/mysqlmanagerc.1 @man man/man1/mysqlshow.1 @man man/man1/mysqltest.1 diff --git a/databases/mysql/pkg/PLIST-tests b/databases/mysql/pkg/PLIST-tests index 7b805e883fb..dbcbc49be07 100644 --- a/databases/mysql/pkg/PLIST-tests +++ b/databases/mysql/pkg/PLIST-tests @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST-tests,v 1.27 2008/08/24 08:40:03 brad Exp $ +@comment $OpenBSD: PLIST-tests,v 1.28 2008/12/28 19:45:17 sthen Exp $ @man man/man1/mysql-stress-test.pl.1 @man man/man1/mysql-test-run.pl.1 @man man/man1/mysql_client_test.1 @@ -186,6 +186,7 @@ share/mysql-test/r/ctype_cp932_binlog.result share/mysql-test/r/ctype_create.result share/mysql-test/r/ctype_eucjpms.result share/mysql-test/r/ctype_euckr.result +share/mysql-test/r/ctype_filesystem.result share/mysql-test/r/ctype_gb2312.result share/mysql-test/r/ctype_gbk.result share/mysql-test/r/ctype_hebrew.result @@ -344,12 +345,14 @@ share/mysql-test/r/information_schema_db.result share/mysql-test/r/information_schema_inno.result share/mysql-test/r/init_connect.result share/mysql-test/r/init_file.result +share/mysql-test/r/innodb-autoinc-optimize.result share/mysql-test/r/innodb-big.result share/mysql-test/r/innodb-deadlock.result share/mysql-test/r/innodb-lock.result share/mysql-test/r/innodb-replace.result share/mysql-test/r/innodb-ucs2.result share/mysql-test/r/innodb.result +share/mysql-test/r/innodb_bug35220.result share/mysql-test/r/innodb_cache.result share/mysql-test/r/innodb_gis.result share/mysql-test/r/innodb_handler.result @@ -398,6 +401,7 @@ share/mysql-test/r/metadata.result share/mysql-test/r/mix_innodb_myisam_binlog.result share/mysql-test/r/multi_statement.result share/mysql-test/r/multi_update.result +share/mysql-test/r/multi_update2.result share/mysql-test/r/multi_update_tiny_hash.result share/mysql-test/r/myisam-blob.result share/mysql-test/r/myisam.result @@ -484,6 +488,8 @@ share/mysql-test/r/overflow.result share/mysql-test/r/packet.result share/mysql-test/r/parser.result share/mysql-test/r/parser_precedence.result +share/mysql-test/r/parser_stack.result +share/mysql-test/r/perror-win.result share/mysql-test/r/perror.result share/mysql-test/r/preload.result share/mysql-test/r/profiling.result @@ -659,6 +665,7 @@ share/mysql-test/r/ssl_8k_key.result share/mysql-test/r/ssl_compress.result share/mysql-test/r/ssl_connect.result share/mysql-test/r/status.result +share/mysql-test/r/status2.result share/mysql-test/r/strict.result share/mysql-test/r/strict_autoinc_1myisam.result share/mysql-test/r/strict_autoinc_2innodb.result @@ -1452,6 +1459,8 @@ share/mysql-test/t/ctype_cp932_binlog.test share/mysql-test/t/ctype_create.test share/mysql-test/t/ctype_eucjpms.test share/mysql-test/t/ctype_euckr.test +share/mysql-test/t/ctype_filesystem-master.opt +share/mysql-test/t/ctype_filesystem.test share/mysql-test/t/ctype_gb2312.test share/mysql-test/t/ctype_gbk.test share/mysql-test/t/ctype_hebrew.test @@ -1588,6 +1597,7 @@ share/mysql-test/t/init_connect-master.opt share/mysql-test/t/init_connect.test share/mysql-test/t/init_file-master.opt share/mysql-test/t/init_file.test +share/mysql-test/t/innodb-autoinc-optimize.test share/mysql-test/t/innodb-big.test share/mysql-test/t/innodb-deadlock.test share/mysql-test/t/innodb-lock.test @@ -1595,6 +1605,7 @@ share/mysql-test/t/innodb-master.opt share/mysql-test/t/innodb-replace.test share/mysql-test/t/innodb-ucs2.test share/mysql-test/t/innodb.test +share/mysql-test/t/innodb_bug35220.test share/mysql-test/t/innodb_cache-master.opt share/mysql-test/t/innodb_cache.test share/mysql-test/t/innodb_gis.test @@ -1658,6 +1669,8 @@ share/mysql-test/t/multi_statement-master.opt share/mysql-test/t/multi_statement.test share/mysql-test/t/multi_update-master.opt share/mysql-test/t/multi_update.test +share/mysql-test/t/multi_update2-master.opt +share/mysql-test/t/multi_update2.test share/mysql-test/t/multi_update_tiny_hash-master.opt share/mysql-test/t/multi_update_tiny_hash.test share/mysql-test/t/myisam-blob-master.opt @@ -1753,6 +1766,8 @@ share/mysql-test/t/overflow.test share/mysql-test/t/packet.test share/mysql-test/t/parser.test share/mysql-test/t/parser_precedence.test +share/mysql-test/t/parser_stack.test +share/mysql-test/t/perror-win.test share/mysql-test/t/perror.test share/mysql-test/t/preload.test share/mysql-test/t/profiling.test @@ -1958,7 +1973,6 @@ share/mysql-test/t/rpl_user.test share/mysql-test/t/rpl_user_variables.test share/mysql-test/t/rpl_variables-master.opt share/mysql-test/t/rpl_variables.test -share/mysql-test/t/rpl_view-slave.opt share/mysql-test/t/rpl_view.test share/mysql-test/t/schema.test share/mysql-test/t/select.test @@ -1994,6 +2008,7 @@ share/mysql-test/t/ssl_8k_key.test share/mysql-test/t/ssl_compress.test share/mysql-test/t/ssl_connect.test share/mysql-test/t/status.test +share/mysql-test/t/status2.test share/mysql-test/t/strict.test share/mysql-test/t/strict_autoinc_1myisam.test share/mysql-test/t/strict_autoinc_2innodb.test