patch to fix a security hole that was posted to BugTraq in an advisory

databases/mysql/patches/patch-ad

@@ -0,0 +1,31 @@
+--- sql/sql_parse.cc.orig	Fri Feb 11 01:48:52 2000
++++ sql/sql_parse.cc	Fri Feb 11 01:53:47 2000
+@@ -17,6 +17,8 @@
+ #include <m_ctype.h>
+ #include <thr_alarm.h>
+ 
++#define SCRAMBLE_LENGTH 8
++
+ extern int yyparse(void);
+ extern "C" pthread_mutex_t THR_LOCK_keycache;
+ 
+@@ -127,8 +129,8 @@
+     end=strmov(buff,server_version)+1;
+     int4store((uchar*) end,thd->thread_id);
+     end+=4;
+-    memcpy(end,thd->scramble,9);
+-    end+=9;
++    memcpy(end,thd->scramble,SCRAMBLE_LENGTH+1);
++    end+=SCRAMBLE_LENGTH+1;
+ #ifdef HAVE_COMPRESS
+     int2store(end,CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB | CLIENT_COMPRESS);
+ #else
+@@ -153,6 +155,8 @@
+   if (!(thd->user = my_strdup((char*) net->read_pos+5, MYF(MY_FAE))))
+     return(ER_OUT_OF_RESOURCES);
+   char *passwd= strend((char*) net->read_pos+5)+1;
++  if (passwd[0] && strlen(passwd) != SCRAMBLE_LENGTH)
++    return ER_HANDSHAKE_ERROR;
+   thd->master_access=acl_getroot(thd->host, thd->ip, thd->user,
+ 				 passwd, thd->scramble, &thd->priv_user,
+ 				 protocol_version == 9 ||