mysql.patch mysql...

Thomas Lotterer Mon, 15 Sep 2003 03:59:45 -0700

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________


  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src openpkg-web          Date:   15-Sep-2003 12:59:37
  Branch: OPENPKG_1_3_SOLID HEAD           Handle: 2003091511593502

  Modified files:
    openpkg-web             news.txt
  Modified files:           (Branch: OPENPKG_1_3_SOLID)
    openpkg-src/mysql       mysql.patch mysql.spec

  Log:
    SA-2003.038-mysql; CAN-2003-0780

  Summary:
    Revision    Changes     Path
    1.3.2.4.2.1 +18 -0      openpkg-src/mysql/mysql.patch
    1.49.2.5.2.4+1  -1      openpkg-src/mysql/mysql.spec
    1.6562      +1  -0      openpkg-web/news.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/mysql/mysql.patch
  ============================================================================
  $ cvs diff -u -r1.3.2.4 -r1.3.2.4.2.1 mysql.patch
  --- openpkg-src/mysql/mysql.patch     24 Jul 2003 20:44:33 -0000      1.3.2.4
  +++ openpkg-src/mysql/mysql.patch     15 Sep 2003 10:59:37 -0000      1.3.2.4.2.1
  @@ -63,3 +63,21 @@
    #endif
    #ifdef DATADIR
    DATADIR,
  +
  +http://marc.theaimsgroup.com/?l=bugtraq&m=106323221912927&w=4
  +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0780
  +    Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL
  +    4.0.14 and earlier, and 3.23.x, allows attackers to execute
  +    arbitrary code via a long Password field
  +
  +--- sql/sql_acl.cc.orig      Fri Jul 18 16:57:47 2003
  ++++ sql/sql_acl.cc   Mon Sep 15 11:58:13 2003
  +@@ -233,7 +233,7 @@
  +                   "Found old style password for user '%s'. Ignoring user. (You may 
want to restart mysqld using --old-protocol)",
  +                   user.user ? user.user : ""); /* purecov: tested */
  +     }
  +-    else if (length % 8)            // This holds true for passwords
  ++    else if (length % 8 || length > 16)             // This holds true for 
passwords
  +     {
  +       sql_print_error(
  +                   "Found invalid password for user: '[EMAIL PROTECTED]'; Ignoring 
user",
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/mysql/mysql.spec
  ============================================================================
  $ cvs diff -u -r1.49.2.5.2.3 -r1.49.2.5.2.4 mysql.spec
  --- openpkg-src/mysql/mysql.spec      5 Aug 2003 13:43:16 -0000       1.49.2.5.2.3
  +++ openpkg-src/mysql/mysql.spec      15 Sep 2003 10:59:37 -0000      1.49.2.5.2.4
  @@ -39,7 +39,7 @@
   Group:        Database
   License:      GPL
   Version:      %{V_opkg}
  -Release:      1.3.1
  +Release:      1.3.2
   
   #   package options
   %option       with_berkeleydb  yes
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-web/news.txt
  ============================================================================
  $ cvs diff -u -r1.6561 -r1.6562 news.txt
  --- openpkg-web/news.txt      15 Sep 2003 10:55:54 -0000      1.6561
  +++ openpkg-web/news.txt      15 Sep 2003 10:59:35 -0000      1.6562
  @@ -1,3 +1,4 @@
  +15-Sep-2003: Upgraded package: P<mysql-4.0.14-1.3.2>
   15-Sep-2003: New package: P<jam-2.5-20030915>
   15-Sep-2003: Upgraded package: P<qt-3.2.1-20030915>
   15-Sep-2003: Upgraded package: P<apt-0.5.5cnc6-20030915>
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

[CVS] OpenPKG: OPENPKG_1_3_SOLID: openpkg-src/mysql/ mysql.patch mysql...

Reply via email to