rpms/mysql/F-10 mysql-format-string.patch, NONE, 1.1 mysql.spec, 1.112, 1.113
Tom Lane
tgl at fedoraproject.org
Thu Jul 16 22:44:48 UTC 2009
Author: tgl
Update of /cvs/pkgs/rpms/mysql/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25840
Modified Files:
mysql.spec
Added Files:
mysql-format-string.patch
Log Message:
Add fix for CVE-2009-2446
mysql-format-string.patch:
--- NEW FILE mysql-format-string.patch ---
Fix for CVE-2009-2446: a user-supplied string was being passed as the format
string to mysql_log.write(), resulting in a crash (or perhaps worse things)
if the string contained any % characters.
diff -Naur mysql-5.0.77.orig/libmysqld/sql_parse.cc mysql-5.0.77/libmysqld/sql_parse.cc
--- mysql-5.0.77.orig/libmysqld/sql_parse.cc 2009-01-29 16:45:33.000000000 -0500
+++ mysql-5.0.77/libmysqld/sql_parse.cc 2009-07-16 17:29:36.000000000 -0400
@@ -2096,7 +2096,7 @@
}
if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
break;
- mysql_log.write(thd,command,packet);
+ mysql_log.write(thd,command,"%s",packet);
bzero(&create_info, sizeof(create_info));
mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
&create_info, 0);
@@ -2121,7 +2121,7 @@
ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
break;
}
- mysql_log.write(thd,command,db);
+ mysql_log.write(thd,command,"%s",db);
mysql_rm_db(thd, db, 0, 0);
break;
}
diff -Naur mysql-5.0.77.orig/sql/sql_parse.cc mysql-5.0.77/sql/sql_parse.cc
--- mysql-5.0.77.orig/sql/sql_parse.cc 2009-01-29 16:45:33.000000000 -0500
+++ mysql-5.0.77/sql/sql_parse.cc 2009-07-16 17:27:49.000000000 -0400
@@ -2096,7 +2096,7 @@
}
if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
break;
- mysql_log.write(thd,command,packet);
+ mysql_log.write(thd,command,"%s",packet);
bzero(&create_info, sizeof(create_info));
mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
&create_info, 0);
@@ -2121,7 +2121,7 @@
ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
break;
}
- mysql_log.write(thd,command,db);
+ mysql_log.write(thd,command,"%s",db);
mysql_rm_db(thd, db, 0, 0);
break;
}
Index: mysql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mysql/F-10/mysql.spec,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -p -r1.112 -r1.113
--- mysql.spec 11 Jul 2009 20:38:42 -0000 1.112
+++ mysql.spec 16 Jul 2009 22:44:18 -0000 1.113
@@ -1,6 +1,6 @@
Name: mysql
Version: 5.0.83
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: MySQL client programs and shared libraries
Group: Applications/Databases
URL: http://www.mysql.com
@@ -34,6 +34,7 @@ Patch10: mysql-bdb-open.patch
Patch13: mysql-no-dbug.patch
Patch15: mysql-stack-guard.patch
Patch17: mysql-bug-44348.patch
+Patch18: mysql-format-string.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: gperf, perl, readline-devel, openssl-devel
@@ -180,6 +181,7 @@ the MySQL sources.
%patch13 -p1
%patch15 -p1
%patch17 -p1
+%patch18 -p1
libtoolize --force
aclocal
@@ -628,6 +630,11 @@ fi
%{_mandir}/man1/mysql_client_test.1*
%changelog
+* Thu Jul 16 2009 Tom Lane <tgl at redhat.com> 5.0.83-3
+- Add fix for CVE-2009-2446 (format string vulnerability in COM_CREATE_DB and
+ COM_DROP_DB processing)
+Related: #511020
+
* Sat Jul 11 2009 Tom Lane <tgl at redhat.com> 5.0.83-2
- Work around upstream bug 44348
More information about the fedora-extras-commits
mailing list