Bug 129979 - security/vuxml: [patch] document CVE-2008-4097, CVE-2008-4098 and update databases/mysql50-* to 5.0.75
Summary: security/vuxml: [patch] document CVE-2008-4097, CVE-2008-4098 and update data...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-27 18:10 UTC by Eygene Ryabinkin
Modified: 2008-12-30 11:12 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Eygene Ryabinkin 2008-12-27 18:10:05 UTC 
http://www.vuxml.org/freebsd/388d9ee4-7f22-11dd-a66a-0019666436c2.html
describes the first attempt to fix the symlink-related vulnerability
with MyISAM tables, but the fix is incomplete.

Fix: The following patch upgrades mysql50-* to 5.0.75, because 5.0.67
contains only the partial fix.



I had tested the basic compilability and good packaging for the
databases/mysql50-*, but was not able to test the server in production:
have no 5.0 databases at hand.

I was not able to extract the fix for 5.0.67, because launchpad.net
Bazaar interface isn't working properly.  The fix was committed in
the patch
  http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0-community/revision/2579.1.5
but there were another symlink-related cleanups in
  http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0-community/changes/2579.1.9

I feel that update to 5.0.75 is the best way to handle this problem.


I will try to extract the fixes for 4.1 and will post the follow-up.


The following VuXML entry should be evaluated and added:
  <vuln vid="6b535a9a-d412-11dd-9f32-001fc66e7203">
    <topic>mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths</topic>
    <affects>
      <package>
        <name>mysql-server</name>
        <range><ge>4.1</ge><lt>4.1.25</lt></range>
        <range><ge>5.0</ge><lt>5.0.75</lt></range>
        <range><ge>5.1</ge><lt>5.1.28</lt></range>
        <range><ge>6.0</ge><lt>6.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>Paul DuBois from MySQL reports:</p>
        <blockquote
          cite="http://bugs.mysql.com/bug.php?id=32167">
          <p>Additional corrections were made for the symlink-related
          privilege problem originally addressed.  The original fix did
          not correctly handle the data directory pathname if it
          contained symlinked directories in its path, and the check was
          made only at table-creation time, not at table-opening time
          later.</p>
        </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2008-4097</cvename>
      <cvename>CVE-2008-4098</cvename>
      <url>http://bugs.mysql.com/bug.php?id=32167</url>
      <url>http://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.html</url>
      <url>http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-75.html</url>
      <url>http://dev.mysql.com/doc/refman/5.1/en/news-5-1-28.html</url>
      <url>http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html</url>
      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25</url>
    </references>
    <dates>
      <discovery>03-07-2008</discovery>
      <entry>TODAY</entry>
    </dates>
  </vuln>
--- vuln.xml ends here -----5hLFWzjUuQJV35EtbmESWPFLhEs05fVeMUq3UO9WS9Lw5s5N
Content-Type: text/plain; name="mysql50-server-upgrade-to-5.0.75.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="mysql50-server-upgrade-to-5.0.75.diff"

From 0f7073f615a88b2d2f240ab0067c3a2f2d109644 Mon Sep 17 00:00:00 2001
From: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Date: Sat, 27 Dec 2008 18:06:52 +0300

Eventually fix CVE-2008-4097 and CVE-2008-4098.

I had tested only compilability and proper FreeBSD packaging
for mysql50-{server,client,scripts).

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
---
 databases/mysql50-server/Makefile                  |    3 +--
 databases/mysql50-server/distinfo                  |    6 +++---
 .../files/patch-client_mysql_upgrade.c             |   13 -------------
 3 files changed, 4 insertions(+), 18 deletions(-)
 delete mode 100644 databases/mysql50-server/files/patch-client_mysql_upgrade.c

diff --git a/databases/mysql50-server/Makefile b/databases/mysql50-server/Makefile
index f767eda..24c7650 100644
--- a/databases/mysql50-server/Makefile
+++ b/databases/mysql50-server/Makefile
@@ -6,8 +6,7 @@
 #
 
 PORTNAME?=	mysql
-PORTVERSION=	5.0.67
-PORTREVISION?=	1
+PORTVERSION=	5.0.75
 CATEGORIES=	databases
 MASTER_SITES=	${MASTER_SITE_MYSQL}
 MASTER_SITE_SUBDIR=	MySQL-5.0
diff --git a/databases/mysql50-server/distinfo b/databases/mysql50-server/distinfo
index 0d84b3c..416a630 100644
--- a/databases/mysql50-server/distinfo
+++ b/databases/mysql50-server/distinfo
@@ -1,3 +1,3 @@
-MD5 (mysql-5.0.67.tar.gz) = 7164483a5ffb8f7aa59b761c13cdbd6e
-SHA256 (mysql-5.0.67.tar.gz) = 7b64e609849ff64f2fcb82a2b72883f79adc893e9f6fc0d35465ef7d97542058
-SIZE (mysql-5.0.67.tar.gz) = 28370810
+MD5 (mysql-5.0.75.tar.gz) = a234f0a60a7f8c290d9875cba3a2c5a2
+SHA256 (mysql-5.0.75.tar.gz) = c0985da988217e88456c39d2ab2f24d802f5ea5f2a3190dc0011447550bdc2b9
+SIZE (mysql-5.0.75.tar.gz) = 32514150
diff --git a/databases/mysql50-server/files/patch-client_mysql_upgrade.c b/databases/mysql50-server/files/patch-client_mysql_upgrade.c
deleted file mode 100644
index 36cdf88..0000000
--- a/databases/mysql50-server/files/patch-client_mysql_upgrade.c
+++ /dev/null
@@ -1,13 +0,0 @@
---- client/mysql_upgrade.c.orig	2007-11-15 15:06:52.000000000 +0100
-+++ client/mysql_upgrade.c	2007-12-12 10:07:23.000000000 +0100
-@@ -411,10 +411,6 @@
- 
-   verbose("Looking for '%s' in: %s", tool_name, tool_path);
- 
--  /* Make sure the tool exists */
--  if (my_access(tool_path, F_OK) != 0)
--    die("Can't find '%s'", tool_path);
--
-   /*
-     Make sure it can be executed
-   */
-- 
1.6.0.5
How-To-Repeat: 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25
http://bugs.mysql.com/bug.php?id=32167
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-12-27 21:43:57 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->secteam

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Martin Wilke freebsd_committer freebsd_triage 2008-12-27 21:45:12 UTC 
Responsible Changed
From-To: secteam->miwi

i will handle both pr's.
Comment 3 Martin Wilke freebsd_committer freebsd_triage 2008-12-27 23:02:48 UTC 
Responsible Changed
From-To: miwi->ale

please put back when you have done this  update.
Comment 4 dfilter service freebsd_committer freebsd_triage 2008-12-29 10:22:13 UTC 
ale         2008-12-29 10:22:05 UTC

  FreeBSD ports repository

  Modified files:
    databases/mysql50-server Makefile distinfo 
  Removed files:
    databases/mysql50-server/files patch-client_mysql_upgrade.c 
  Log:
  Update to 5.0.75 release.
  
  PR:             ports/129979
  Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  
  Revision  Changes    Path
  1.235     +2 -2      ports/databases/mysql50-server/Makefile
  1.101     +3 -3      ports/databases/mysql50-server/distinfo
  1.2       +0 -13     ports/databases/mysql50-server/files/patch-client_mysql_upgrade.c (dead)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 5 Alex Dupre freebsd_committer freebsd_triage 2008-12-29 10:22:56 UTC 
Responsible Changed
From-To: ale->miwi

Updated.
Comment 6 Martin Wilke freebsd_committer freebsd_triage 2008-12-30 11:12:53 UTC 
State Changed
From-To: open->closed

documented and updated. thanks for your submission.