56703 – [Maintainer Update] Port: MySQL 4.0.15 (Security Fix)

Bug 56703 - [Maintainer Update] Port: MySQL 4.0.15 (Security Fix)

Summary: [Maintainer Update] Port: MySQL 4.0.15 (Security Fix)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Peter Pentchev

URL:
Keywords:

Depends on:
Blocks:

Reported:	2003-09-11 15:20 UTC by Alex Dupre
Modified:	2003-09-23 15:38 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
mysql40.diff (2.36 KB, patch) 2003-09-11 15:20 UTC, Alex Dupre	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Dupre 2003-09-11 15:20:10 UTC

Update to 4.0.15 release.
Fix exploitable buffer overflow (maybe we can ignore the port freeze (?)).
Whitespace fix.
Check OVERWRITE_DB is not set to "no", when defined.

Comment 1 Peter Pentchev 2003-09-11 15:38:03 UTC

On Thu, Sep 11, 2003 at 04:11:38PM +0200, Alex Dupre wrote:
[snip]
> Check OVERWRITE_DB is not set to "no", when defined.
[snip]
>  post-install:
>  .if !defined(PACKAGE_BUILDING)
> -.if exists(${DB_DIR}) && defined(OVERWRITE_DB)
> +.if exists(${DB_DIR}) && defined(OVERWRITE_DB) && ${OVERWRITE_DB} != "no"
>  	@${RM} -r ${DB_DIR}/mysql ${DB_DIR}/test 2>/dev/null || true
>  .endif
> -.if !exists(${DB_DIR}) || defined(OVERWRITE_DB)
> +.if !exists(${DB_DIR}) || (defined(OVERWRITE_DB) && ${OVERWRITE_DB} != "no")

Do you think we should change those to ${OVERWRITE_DB:L} to also catch
the OVERWRITE_DB=NO case?

G'luck,
Peter

-- 
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
This sentence every third, but it still comprehensible.

Comment 2 Peter Pentchev freebsd_committer

2003-09-11 15:51:34 UTC

State Changed
From-To: open->analyzed

I'll try to sneak this in during the freeze. 
Thanks for the quick reaction - I was actually about to send you 
an email with pretty much the same patch, when I saw your PR :)

Comment 3 Peter Pentchev freebsd_committer

2003-09-11 15:51:34 UTC

Responsible Changed
From-To: freebsd-ports-bugs->roam

I'll take care of this and request portmgr's approval.

Comment 4 Alex Dupre 2003-09-11 16:09:29 UTC

Thursday, September 11, 2003, 4:38:03 PM, you wrote:

PP> Do you think we should change those to ${OVERWRITE_DB:L} to also catch
PP> the OVERWRITE_DB=NO case?

Yes, good catch.

-- 
Alex Dupre                             sysadmin@alexdupre.com
http://www.alexdupre.com/              alex@sm.FreeBSD.org

Today's excuse: Only people with names beginning with 'A' are getting mail this week (a la Microsoft)

Comment 5 Alex Dupre 2003-09-20 10:43:52 UTC

Since mysql 3.23 has been committed and approved by portsmgr, I cannot
see a reason to delay the commit of mysql 4.0 :-)

-- 
Alex Dupre                             sysadmin@alexdupre.com
http://www.alexdupre.com/              alex@sm.FreeBSD.org

Today's excuse: We need a licensed electrician to replace the light bulbs in the computer room.

Comment 6 Alex Dupre 2003-09-22 09:12:01 UTC

Monday, September 22, 2003, 5:42:59 AM, you wrote:

EG> On MySQL home page, current production release shown as 4.0.15a, is it possible to update to that before committing?

No relevant changes for FreeBSD in that sub-release.

-- 
Alex Dupre                             sysadmin@alexdupre.com
http://www.alexdupre.com/              alex@sm.FreeBSD.org

Today's excuse: Failure to adjust for daylight savings time.

Comment 7 Peter Pentchev freebsd_committer

2003-09-23 15:38:20 UTC

State Changed
From-To: analyzed->closed

Update to 4.0.15 committed, thanks!