rpms/mysql/devel mysql-buffer-nazi.patch, NONE, 1.1 mysql.spec, 1.54, 1.55

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Jul 12 18:37:13 UTC 2005


Author: tgl

Update of /cvs/dist/rpms/mysql/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv22364

Modified Files:
	mysql.spec 
Added Files:
	mysql-buffer-nazi.patch 
Log Message:
Fix another instance of not-very-exciting buffer overflow.

mysql-buffer-nazi.patch:
 test3.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE mysql-buffer-nazi.patch ---
This patch is fairly pointless since it fixes a one-byte overflow in test code
that no one will care about or execute in the real world ... but it shuts up a
build warning from our security checker.  Patch based on MySQL AB's fix to
the same issue in myisam/mi_test3.c; we hadn't seen this case before
mysql-4.1.12-1, because we weren't building the isam code.

Reported upstream as http://bugs.mysql.com/bug.php?id=11891


diff -Naur mysql-4.1.12.orig/isam/test3.c mysql-4.1.12/isam/test3.c
--- mysql-4.1.12.orig/isam/test3.c	2005-05-13 07:32:18.000000000 -0400
+++ mysql-4.1.12/isam/test3.c	2005-07-12 14:10:01.000000000 -0400
@@ -360,7 +360,7 @@
   }
 
   sprintf(record.id,"%7d",(int) getpid());
-  strmov(record.text,"Testing...");
+  strnmov(record.text,"Testing...", sizeof(record.text));
 
   tries=(uint) rnd(100)+10;
   for (i=count=0 ; i < tries ; i++)


Index: mysql.spec
===================================================================
RCS file: /cvs/dist/rpms/mysql/devel/mysql.spec,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- mysql.spec	12 Jul 2005 02:22:11 -0000	1.54
+++ mysql.spec	12 Jul 2005 18:37:08 -0000	1.55
@@ -1,6 +1,6 @@
 Name: mysql
 Version: 4.1.12
-Release: 1
+Release: 2
 Source0: http://dev.mysql.com/get/Downloads/MySQL-4.1/mysql-%{version}.tar.gz
 Source1: mysql.init
 Source2: mysql.logrotate
@@ -15,6 +15,7 @@
 Patch5: mysql-no-atomic.patch
 Patch6: mysql-lock-ssl.patch
 Patch7: mysql-test-ssl.patch
+Patch8: mysql-buffer-nazi.patch
 URL: http://www.mysql.com
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 Summary: MySQL client programs and shared libraries.
@@ -95,6 +96,7 @@
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
 
 libtoolize --force
 aclocal
@@ -363,6 +365,11 @@
 %{_datadir}/sql-bench
 
 %changelog
+* Tue Jul 12 2005 Tom Lane <tgl at redhat.com> 4.1.12-2
+- Fix buffer overflow newly exposed in isam code; it's the same issue
+  previously found in myisam, and not very exciting, but I'm tired of
+  seeing build warnings.
+
 * Mon Jul 11 2005 Tom Lane <tgl at redhat.com> 4.1.12-1
 - Update to MySQL 4.1.12 (includes a fix for bz#158688, bz#158689)
 - Extend mysql-test-ssl.patch to solve rpl_openssl test failure (bz#155850)




More information about the fedora-cvs-commits mailing list